echo "\t\tif (f.decision.value=='') {\n";
echo "\t\t\talert('You must supply a reason !!!');\n";
echo "\t\t\treturn(false);\n";
echo "\t\t}\n";
echo "\t\treturn(true);\n";
echo "\t}\n";
$amc = "";
$aml = "";
$arm = pg_safe_exec("SELECT * FROM default_msgs WHERE type=1");
$yy = 0;
$opt = "";
while ($armo = pg_fetch_object($arm)) {
$yy++;
$opt .= "<option value=\"" . $yy . "\">" . $armo->label . "</option>\n";
$aml .= ",'" . post2db($armo->label) . "'";
$amc .= ",'" . post2db($armo->content) . "'";
}
echo "\tvar acc_msgs_c = [''" . $amc . "];\n";
echo "\tvar acc_msgs_l = [''" . $aml . "];\n";
echo "\tfunction upd_acc_r(opt) {\n";
echo "\t\tdocument.forms['accept'].decision.value = acc_msgs_c[parseInt(opt.options[opt.selectedIndex].value)];\n";
echo "\t}\n";
echo "//-->\n";
echo "</script>\n";
if ($opt != "") {
echo "<select name=dmsgA onChange=\"upd_acc_r(this)\"><option value=0>-- pick a reason --</option>" . $opt . "</select><br>\n";
}
echo "<textarea name=decision cols=40 rows=7></textarea><br><input type=submit value=\" REGISTER THIS CHANNEL \">\n";
echo "</form>\n";
echo "</td>";
}
}
echo "<br><br>";
}
make_secure_form("do_reply_admin" . $_GET["ID"] . $_GET["RT"]);
echo "<script language=\"JavaScript\">\n";
echo "<!--\n";
$comc = "";
$coml = "";
$rcom = pg_safe_exec("SELECT * FROM default_msgs WHERE type=3");
$yy = 0;
$opt = "";
while ($rcomo = pg_fetch_object($rcom)) {
$yy++;
$opt .= "<option value=\"" . $yy . "\">" . $rcomo->label . "</option>\n";
$coml .= ",'" . post2db($rcomo->label) . "'";
$comc .= ",'" . post2db($rcomo->content) . "'";
}
echo "\tvar com_msgs_c = [''" . $comc . "];\n";
echo "\tvar com_msgs_l = [''" . $coml . "];\n";
echo "\tfunction upd_com_r(opt) {\n";
echo "\t\tdocument.forms['do_reply'].areply.value = com_msgs_c[parseInt(opt.options[opt.selectedIndex].value)];\n";
echo "\t}\n";
echo "//-->\n";
echo "</script>\n";
echo "Your reply :";
if ($opt != "") {
echo " ";
echo "<select name=dmsgC onChange=\"upd_com_r(this)\"><option value=0>-- pick a common reply --</option>" . $opt . "</select><br>\n";
} else {
echo "<br>\n";
}
echo "<br>";
}
if ($_POST["ochan"] == 1) {
echo "Offending/Purged channel(s). ";
}
if ($_POST["ouser"] == 1) {
echo "Authenticated/Suspended username(s). ";
}
if ($_POST["qt"] > 0) {
echo "<br>Specific complaint type (" . $cpt_name[$_POST["qt"]] . "). ";
}
echo "</h4>";
echo "</h2>\n";
echo "<hr width=100% size=1 noshade>";
echo "<a href=\"javascript:history.go(-1);\"><b>< back</b></a><br>\n";
$matchstring = post2db(strtolower(str_replace("*", "%", str_replace("?", "_", str_replace("%", "\\%", str_replace("_", "\\_", N_get_pure_string($_POST["q"])))))));
unset($cidz);
$cidz = array();
if (ereg("\\*", N_get_pure_string($_POST["q"])) || ereg("\\?", N_get_pure_string($_POST["q"]))) {
$cmp_oper = "LIKE";
} else {
$cmp_oper = " = ";
}
unset($rQT);
$rQT = "";
if ((int) $_POST["qt"] > 0) {
$rQT = "complaints.complaint_type='" . (int) $_POST["qt"] . "' AND ";
}
if ($_POST["thread"] == 1) {
// ticket events (must be separately) [forced auto %wild%]
$q = "SELECT complaints_threads.complaint_ref FROM complaints_threads,complaints WHERE (lower(reply_text) LIKE '%" . $matchstring . "%' OR lower(actions_text) LIKE '%" . $matchstring . "%') AND " . $rQT . "complaints.id=complaints_threads.complaint_ref AND complaints.status!=99 ORDER BY created_ts DESC";
<?php
/* $Id: cfp.php,v 1.1 2005/11/18 04:19:33 nighty Exp $ */
require "../../php_includes/cmaster.inc";
$cTheme = get_theme_info();
std_theme_styles(1);
std_theme_body();
$iid = (int) $_GET["id"];
$ccrc = $_GET["crc"];
$r1 = pg_safe_exec("SELECT * FROM pending_passwordchanges WHERE cookie='" . post2db($ccrc) . "' AND user_id='" . $iid . "'");
if ($o1 = @pg_fetch_object($r1, 0)) {
if ($ccrc == md5($iid . "modFP" . CRC_SALT_0015 . $o1->new_crypt)) {
// confirmation of password change
$rez = @pg_safe_exec("UPDATE users SET password='******',last_updated=now()::abstime::int4,last_updated_by='forgotten password (" . cl_ip() . ")' WHERE id='" . $iid . "'");
if ($rez) {
$ru = pg_safe_exec("SELECT * FROM users WHERE id='" . $iid . "'");
$user = pg_fetch_object($ru, 0);
mail($user->email, $mail_subject_pass . $user->user_name, "Your Cservice password is: " . $o1->new_clrpass . "\nRemember it!", "From: " . $mail_from_pass . "\nReply-To: " . $mail_from_pass . "\nX-Mailer: " . NETWORK_NAME . " Channel Service");
log_user($user->id, 9, " [manual confirmation]");
pg_safe_exec("DELETE FROM pending_passwordchanges WHERE user_id='" . $user->id . "'");
echo "<h1>Success !<br><br>\n";
echo "Password change has been approved successfully for user '" . $user->user_name . "'</h1>\n";
echo "</body></html>\n\n";
die;
} else {
echo "<h1>Error<br><br>\n";
echo "Unknown SQL Error !</h1>\n";
echo "</body></html>\n\n";
die;
}
} else {
std_theme_body("../");
echo "<h1>Error</h1> The URL entered is not valid. Please check it ";
echo "and make sure it is correct</h1><a href=\"confirm_pwreset.php\">Try again.</a>";
echo "</body></html>";
exit;
} else {
pg_safe_exec("delete from pending_pwreset where expiration<now()::abstime::int4");
$pwreset = pg_fetch_object($res, 0);
$userid = $pwreset->user_id;
$qid = $pwreset->question_id;
$vdata = $pwreset->verificationdata;
}
// change verifdata
$gor = pg_safe_exec("SELECT verificationdata FROM users WHERE id='" . (int) $userid . "'");
$goro = pg_fetch_object($gor);
$res = pg_safe_exec("UPDATE users SET question_id='" . (int) $qid . "',verificationdata='" . post2db($vdata) . "',post_forms=(now()::abstime::int4+86400*10),last_updated=now()::abstime::int4,last_updated_by='Verif Q/A Reset' WHERE id='" . (int) $userid . "'");
$user_id = $userid;
log_user($userid, 8, "Cookie was: " . $ID . ", Old V/A was: " . $goro->verificationdata);
$user_id = 0;
if ($res) {
$res = pg_safe_exec("delete from pending_pwreset where cookie='" . $ID . "'");
echo "<html><head><title>Successful Verificiation Question/Answer Reset</title>";
std_theme_styles();
echo "</head>";
std_theme_body("../");
echo "<h1>Success!</h1>";
echo "Your account verification question/answer has been changed !<br>\n";
echo "<br><br>";
echo "You may now proceed to the <a href=\"../index.php\" target=_top>Main page</a>.<br>";
echo "</body></html>";
exit;
$q = "SELECT * FROM channels,levels WHERE channels.registered_ts>0 AND lower(channels.name)='" . strtolower(trim(post2db($_GET["cname"]))) . "' AND levels.channel_id=channels.id AND levels.access>0 ORDER BY access DESC";
$r = pg_safe_exec($q);
while ($o = pg_fetch_object($r)) {
$da_id_list[] = $o->user_id;
}
show_fraud_list($da_id_list, 1);
}
if ($listtype == 2) {
//$slock = "";
$slock = " AND pending.status!=3";
$qchk = "SELECT channels.id FROM channels,pending WHERE lower(channels.name)='" . strtolower(trim(post2db($_GET["cname"]))) . "' AND pending.channel_id=channels.id" . $slock;
$rchk = pg_safe_exec($qchk);
if ($ochk = pg_fetch_object($rchk)) {
$chan_id = $ochk->id;
} else {
echo "<br><br><b>ERROR</b> - The channel '" . db2disp(post2db($_GET["cname"])) . "' is NOT a valid incoming/pending application.<br>\n";
echo "<a href=\"javascript:history.go(-1);\">Back</a>\n";
echo "<br><br>For CService Admins use <b>ONLY</b>.";
echo "</body></html>\n\n";
die;
}
$q = "SELECT * FROM objections WHERE channel_id='" . $chan_id . "' AND admin_only='N'";
$r = pg_safe_exec($q);
while ($o = pg_fetch_object($r)) {
$da_id_list[] = $o->user_id;
}
show_fraud_list($da_id_list, 1);
}
}
echo "<br><br><a href=\"./index.php\">New search</a>\n";
echo "<br><br>\n";
}
std_connect();
/*
$res=pg_safe_exec("select * from noreg where lower(user_name)='$username' AND type=4");
if (pg_numrows($res)>0)
{
echo "<h1>Error<br>\n";
echo "The USERNAME entered is fraudulous.</h1><br><h2>This username cannot be used (FRAUD USERNAME)</h2><br><br>\n";
echo "<a href=\"forgotten_pass.php\">Try again.</a>\n";
echo "</body>\n";
echo "</html>\n\n";
die;
}
unset($res);
*/
$res = pg_safe_exec("select * from users where lower(user_name)='" . post2db($username) . "'");
if (pg_numrows($res) == 0) {
echo "<h1>Error<br>\n";
echo "The USERNAME entered is not valid.</h1><br><h2>Please check it and make sure it is correct</h2><br><br>\n";
echo "<a href=\"forgotten_pass.php\">Try again.</a>\n";
echo "</body>\n";
echo "</html>\n\n";
die;
}
$user = pg_fetch_object($res, 0);
if ((int) $user->question_id == 0 || $user->verificationdata == "") {
echo "<h1>Error</h1><br><h3>\n";
echo "You must have the other authentication method enabled (PASSPHRASE)</h3><br>\n";
echo "If you really don't have your password anymore. then ask " . SERVICE_CHANNEL . ".<br><br>\n";
echo "If you are just testing this feature and you read that page, that means you<br>\n";
echo "will need to <b>log in</b> then go to <b>modify</b> your account and put something<br>\n";
if ($_GET["posted"] != 1 || trim($_GET["rlabel"]) == "" || trim($_GET["rcontent"]) == "") {
$umr = pg_safe_exec("SELECT * FROM default_msgs WHERE id='" . (int) $_GET["id"] . "'");
$umo = pg_fetch_object($umr);
echo "<h3>Edit the reply</h3><a href=\"javascript:history.go(-1);\">Go Back</a><hr width=100% noshade size=1><br>\n";
echo "Label :<br>\n";
echo "<input type=text name=rlabel size=60 maxlength=255 value=\"" . post2input($umo->label) . "\"><br>\n";
echo "Content :<br>\n";
echo "<textarea name=rcontent cols=60 rows=10 wrap>" . post2textarea($umo->content) . "</textarea><br>\n";
echo "<br>\n";
echo "<input type=hidden name=posted value=1>\n";
echo "<input type=hidden name=type value=\"modify\">\n";
echo "<input type=hidden name=type2 value=\"" . $_GET["type2"] . "\">\n";
echo "<input type=hidden name=id value=\"" . $_GET["id"] . "\">\n";
echo "<input type=submit value=\"Save changes\">\n";
} else {
$rq = pg_safe_exec("UPDATE default_msgs SET label='" . post2db($_GET["rlabel"]) . "', content='" . post2db($_GET["rcontent"]) . "' WHERE id='" . (int) $_GET["id"] . "'");
if (!$rq) {
die(pg_errormessage());
} else {
if ($_GET["type2"] == 1) {
js_redir("default_msgs.php?type=review");
} else {
js_redir("default_msgs.php?type=complaints");
}
}
}
}
if ($_GET["type"] == "complaints") {
echo "<h3>Edit default complaint replies</h3><a href=\"complaints/admin.php\"><b>Complaints Manager Home</b></a><hr width=100% noshade size=1><br>\n";
$crm = pg_safe_exec("SELECT * FROM default_msgs WHERE type=3");
echo "<b>COMPLAINT REPLIES</b> <input type=button value=\"Add\" onClick=\"location.href='default_msgs.php?type=addcom'\"><br>\n";
$ra = pg_safe_exec("SELECT access FROM levels WHERE channel_id=1 AND user_id='" . $user->id . "'");
if ($oa = @pg_fetch_object($ra, 0)) {
if (LOCK_PWCHG_LEVEL > 0 && LOCK_PWCHG_LEVEL <= $oa->access) {
// lock prevails...
echo "<h1>Error</h1><h3><br>\nFor security reasons, this option has been disabled for you.</h3>\n";
echo "</body></html>\n\n";
die;
} elseif (CONFIRM_STAR_PWRESET && is_email_valid(CONFIRM_STAR_PWRESET_MAIL) && $oa->access > 0) {
$rp = pg_safe_exec("SELECT * FROM pending_passwordchanges WHERE user_id='" . $user->id . "'");
if ($op = @pg_fetch_object($rp, 0)) {
echo "<h1>Error</h1><h3><br>\nA pending password change is already in progress for you.</h3>\n";
echo "</body></html>\n\n";
die;
} else {
$Xcrc = md5($user->id . "modFP" . CRC_SALT_0015 . $crypt);
pg_safe_exec("INSERT INTO pending_passwordchanges VALUES ('" . post2db($Xcrc) . "','" . $user->id . "','" . $user->password . "','" . $crypt . "','" . post2db($password) . "',now()::abstime::int4)");
if (LOCK_ON_PWCHG) {
$crypt = "*";
} else {
$crypt = $user->password;
}
$ss = "[Forgotten Password] Confirmation request for '" . $user->username . "'";
$mm = "";
$mm .= "------- SECURITY -------\n\n";
$mm .= "Forgotten password request for * account:\n";
$mm .= "USER_ID = " . $user->id . "\n";
$mm .= "USER_LEVEL = *" . $oa->access . "\n";
$mm .= "USERNAME = "******"\n";
$mm .= "USER_EMAIL = " . $user->email . "\n";
$mm .= "REQUEST_IP = " . cl_ip() . "\n";
$mm .= "REQUEST_HOST = " . cl_host() . "\n";
if ($to = pg_fetch_object($tq)) {
$da_c_id = $to->id;
$ticket_number = strtoupper($da_c_id . "-" . substr(md5($da_c_id . CRC_SALT_0007 . "ticket"), 0, 10));
if ($_POST["ct"] == 3) {
// if 'pending application anonymous objection', insert an ADMIN comment in the given application to notify
// that the complaint has been recorded...
unset($issuer_id);
unset($da_cmt);
unset($notif_q);
$issuer_id = COMPLAINTS_ADMINCOMMENT_ID;
// this ID needs to be a permanently valid user !!!!! (see config.inc)
$da_cmt = "";
$da_cmt .= "**** AUTOMATIC ****<br><br>";
$da_cmt .= "<b>An anonymous objection has been posted through the Complaints System.</b><br>";
$da_cmt .= "<a href=\"complaints/admin.php?view=" . $ticket_number . "\">click here</a> to go to that complaint.<br><br>";
$notif_q = "INSERT INTO objections (channel_id,user_id,comment,created_ts,admin_only) VALUES ('" . (int) $da_channel1_id . "','" . (int) $issuer_id . "','" . post2db($da_cmt) . "',now()::abstime::int4,'Y')";
pg_safe_exec($notif_q);
}
} else {
$ticket_number = "N/A";
}
if (!$res) {
die($back_lnk . "<b>SQL ERROR</b><br><br></td></tr></table></body></html>");
} else {
if ($da_users_id > 0) {
log_user($da_users_id, 11, "Type: " . $cpt_name[$_POST["ct"]] . ", Ticket-Number: " . $ticket_number);
}
$mmsg = "";
$mmsg .= "\n\n";
$mmsg .= "We recently received a complaint to CService using this e-mail address (" . $_POST["from_mail"] . ") for the reply.\n";
$mmsg .= "If you haven't sent any complaint and don't know what this is all about, then just delete this message and DO NOT CLICK below.\n\n";
// checks if cookie disallowing new username is present.
if ($_COOKIE["UNETUB"] != "" && UNETUB_TIME > 0) {
err_newuser("Your IP has already registered a username, you can only signup for ONE username.");
$err = 1;
} elseif (NEWUSERS_IPCHECK && !newu_ipcheck(1)) {
err_newuser("Your IP has already registered a username, you can only signup for ONE username.");
$err = 1;
} else {
$cookie = md5(microtime() . time() . CRC_SALT_0003 . $_POST["username"] . $_POST["email"]);
$expire = time() + 86400;
// 1 day
$language = (int) $_POST["language"];
// Run any user typed field that hasn't already been sanity checked through the prepare_dbtext() function.
$verificationdata = post2db($_POST["verificationdata"]);
//local_seclog("New user request for `" . N_get_pure_string($_POST["username"]) . "`");
pg_safe_exec("insert into pendingusers (user_name,cookie,expire,email,language,question_id,verificationdata,poster_ip) values ('" . post2db($_POST["username"]) . "','" . post2db($cookie) . "'," . (int) $expire . ",'" . post2db(strtolower($_POST["email"])) . "'," . $language . "," . (int) $question_id . ",'" . $verificationdata . "','" . cl_ip() . "')");
$boundary = md5(time());
mail($_POST["email"], $mail_subject_new, "To continue the registration process go to " . $confirm_url . "?cookie=" . $cookie, "From: " . $mail_from_new . "\nReply-To: " . $mail_from_new . "\nX-Mailer: " . NETWORK_NAME . " Channel Service");
echo "<p>Your registration email has been sent. Please wait to receive it, and then follow the instructions it contains to continue</p>";
}
} else {
err_newuser($err);
$err = 1;
}
break;
}
if ((int) $curr_step != 8) {
if ($err == "") {
if ((int) $curr_step < 7) {
echo "<p align=right><input type=submit value=\"NEXT >>\"></p>\n";
} else {
