public static function generate_config_file($db_type, $db_host, $db_name, $db_username, $db_password, $db_prefix = '', $cookie_name = false, $cookie_seed = false)
{
if ($cookie_name === false) {
$cookie_name = 'luna_cookie_' . random_key(6, false, true);
}
if ($cookie_seed === false) {
$cookie_seed = random_key(16, false, true);
}
return '<?php' . "\n\n" . '$db_type = \'' . $db_type . "';\n" . '$db_host = \'' . $db_host . "';\n" . '$db_name = \'' . addslashes($db_name) . "';\n" . '$db_username = \'' . addslashes($db_username) . "';\n" . '$db_password = \'' . addslashes($db_password) . "';\n" . '$db_prefix = \'' . addslashes($db_prefix) . "';\n" . '$p_connect = false;' . "\n\n" . '$cookie_name = ' . "'" . $cookie_name . "';\n" . '$cookie_domain = ' . "'';\n" . '$cookie_path = ' . "'/';\n" . '$cookie_secure = 0;' . "\n" . '$cookie_seed = \'' . $cookie_seed . "';\n\ndefine('PUN', 1);\n";
}
function hash_password($password, $salt = null)
{
$rice = "";
if (trim($salt) != "") {
$rice = trim($salt);
} else {
$rice = random_key(SALT_LEN);
}
$hash = hash("sha256", $password . $rice);
$hash .= $rice;
return $hash;
}
public function set_new_key()
{
//now we're going to set the random key
$this->random_key = random_key(20);
//before we can set that random key to the object
//we NEED to make sure it doesn't exist
while (Reset_Password::is_random_key_being_used($this->random_key)) {
//while this key does it exist, keep looping through and generating new
//random keys until it already exists
$this->random_key = random_key(20);
}
}
function get_new_password()
{
global $settings;
if ($settings['admin_username'] == $_REQUEST['user'] && $settings['admin_password'] == $_REQUEST['old_pw']) {
$new_password = random_key(8, true);
$query = array('UPDATE' => 'settings', 'SET' => 'value="' . openld_hash($new_password) . '"', 'WHERE' => 'title="admin_password"');
($hook = get_hook('admin_login_get_password_settings_sql')) ? eval($hook) : null;
$db->query_build($query);
generate_settings_cache();
echo NEW_PASSWORD . ":" . $new_password;
} else {
error("Invalid password request");
}
}
private function send($send_parameters)
{
global $con;
$to = $send_parameters["to"];
$from = $_SESSION["userid"];
$msg = $send_parameters["msg"];
$subj = $send_parameters["subject"];
$convoid = $send_parameters["thread"];
if (isset($to) && isset($msg) && isset($subj)) {
if (!isset($convoid)) {
$convoid = random_key(256);
}
$send_array = array("thread" => $convoid, "sender" => $from, "receiver" => $to, "subject" => $subj, "msg" => $msg, "date" => date("Y-m-d H:i:s"));
addRow($con, "msg", $send_array);
return 200;
} else {
return 401;
}
}
gid: <?php
echo $game_id;
?>
},
beforeSend: beforeSend || function(){}
}).done(function(res){
if (callback) {
callback(res);
}
});
}
var cipheredTerms = <?php
$output = "[";
foreach ($terms_res as $i) {
$key = random_key(max(strlen($i["term"]), strlen($i["def"])));
$term = encode($i["term"], $key);
$def = encode($i["def"], $key);
$output .= "['{$term}','{$def}','{$i['id']}','{$key}'],";
}
$output = substr($output, 0, -1);
$output .= "]";
echo $output;
?>
;
</script>
</head>
function random_pass($len)
{
return random_key($len, true);
}
?>
<span class="help-block"><?php
_e('Password and confirmation for SMTP server, only when required', 'luna');
?>
</span></label>
<div class="col-sm-9">
<div class="checkbox">
<label>
<input type="checkbox" name="form[smtp_change_pass]" id="form_smtp_change_pass" value="1" />
<?php
_e('Check this if you want to change or delete the currently stored password.', 'luna');
?>
</label>
</div>
<?php
$smtp_pass = !empty($luna_config['o_smtp_pass']) ? random_key(luna_strlen($luna_config['o_smtp_pass']), true) : '';
?>
<div class="row">
<div class="col-sm-6">
<input class="form-control" type="password" name="form[smtp_pass1]" maxlength="50" value="<?php
echo $smtp_pass;
?>
" />
</div>
<div class="col-sm-6">
<input class="form-control" type="password" name="form[smtp_pass2]" maxlength="50" value="<?php
echo $smtp_pass;
?>
" />
</div>
</div>
$mail_message = 'User \'' . $forum_user['username'] . '\' changed to an e-mail address that also belongs to: ' . implode(', ', $dupe_list) . "\n\n" . 'User profile: ' . forum_link($forum_url['user'], $id) . "\n\n" . '-- ' . "\n" . 'Forum Mailer' . "\n" . '(Do not reply to this message)';
forum_mail($forum_config['o_mailing_list'], $mail_subject, $mail_message);
}
}
}
// Did everything go according to plan?
if (empty($errors)) {
if ($forum_config['o_regs_verify'] != '1') {
// We have no confirmed e-mail so we change e-mail right now
$query = array('UPDATE' => 'users', 'SET' => 'email=\'' . $forum_db->escape($new_email) . '\'', 'WHERE' => 'id=' . $id);
($hook = get_hook('pf_change_email_key_qr_update_email')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
redirect(forum_link($forum_url['profile_about'], $id), $lang_profile['E-mail updated redirect']);
}
// We have a confirmed e-mail so we going to send an activation link
$new_email_key = random_key(8, true);
// Save new e-mail and activation key
$query = array('UPDATE' => 'users', 'SET' => 'activate_string=\'' . $forum_db->escape($new_email) . '\', activate_key=\'' . $new_email_key . '\'', 'WHERE' => 'id=' . $id);
($hook = get_hook('pf_change_email_normal_qr_update_email_activation')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
// Load the "activate e-mail" template
$mail_tpl = forum_trim(file_get_contents(FORUM_ROOT . 'lang/' . $forum_user['language'] . '/mail_templates/activate_email.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = forum_trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = forum_trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $forum_user['username'], $mail_message);
$mail_message = str_replace('<base_url>', $base_url . '/', $mail_message);
$mail_message = str_replace('<activation_url>', str_replace('&', '&', forum_link($forum_url['change_email_key'], array($id, $new_email_key))), $mail_message);
$mail_message = str_replace('<board_mailer>', sprintf($lang_common['Forum mailer'], $forum_config['o_board_title']), $mail_message);
($hook = get_hook('pf_change_email_normal_pre_activation_email_sent')) ? eval($hook) : null;
private function user_register($profile, $prev_url)
{
global $forum_config, $lang_fancy_login_loginza, $forum_user, $forum_db, $forum_url;
// Load the profile language file
if (!isset($lang_profile)) {
require FORUM_ROOT . 'lang/' . $forum_user['language'] . '/profile.php';
}
// We allowed register new users?
if ($forum_config['o_regs_allow'] == '0') {
message($lang_profile['No new regs']);
}
// Check that someone from this IP didn't register a user within the last hour (DoS prevention)
$query = array('SELECT' => 'COUNT(u.id)', 'FROM' => 'users AS u', 'WHERE' => 'u.registration_ip=\'' . $forum_db->escape(get_remote_address()) . '\' AND u.registered>' . (time() - 3600));
($hook = get_hook('rg_register_qr_check_register_flood')) ? eval($hook) : null;
$result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
if ($forum_db->result($result) > 0) {
message($lang_profile['Registration flood']);
}
// Get user info from Loginza Profile
$username = $this->get_username_for_new_user($profile);
$loginza_identity = isset($profile->identity) ? forum_trim($profile->identity) : FALSE;
$lup = new LoginzaUserProfile($profile);
$email = $lup->get_email();
if (!$username) {
message($lang_fancy_login_loginza['Error empty username']);
}
if (!$loginza_identity) {
message($lang_fancy_login_loginza['Error empty identity']);
}
// Check e-mail address
$banned_email = FALSE;
$dupe_list = array();
if ($email) {
$error = $this->check_email($email, $banned_email, $dupe_list);
if (TRUE !== $error) {
message($error);
}
}
// Clean old unverified registrators - delete older than 72 hours
$query = array('DELETE' => 'users', 'WHERE' => 'group_id=' . FORUM_UNVERIFIED . ' AND activate_key IS NOT NULL AND registered < ' . (time() - 259200));
($hook = get_hook('rg_register_qr_delete_unverified')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
($hook = get_hook('rg_register_end_validation')) ? eval($hook) : null;
// User default info
$language = $forum_config['o_default_lang'];
$password = random_key(12, TRUE);
$salt = random_key(12);
$password_hash = forum_hash($password, $salt);
$initial_group_id = $forum_config['o_regs_verify'] == '0' ? $forum_config['o_default_user_group'] : FORUM_UNVERIFIED;
// Timezone & DST
$this->get_timezone_and_dst($timezone, $dst);
// Insert the new user into the database.
// We do this now to get the last inserted id for later use.
$user_info = array('username' => $username, 'group_id' => $initial_group_id, 'salt' => $salt, 'password' => $password, 'password_hash' => $password_hash, 'email' => $email, 'email_setting' => $forum_config['o_default_email_setting'], 'timezone' => $timezone, 'dst' => $dst, 'language' => $forum_config['o_default_lang'], 'style' => $forum_config['o_default_style'], 'registered' => time(), 'registration_ip' => get_remote_address(), 'activate_key' => $forum_config['o_regs_verify'] == '1' ? '\'' . random_key(8, TRUE) . '\'' : 'NULL', 'require_verification' => $forum_config['o_regs_verify'] == '1', 'notify_admins' => $forum_config['o_regs_report'] == '1', 'loginza_profile' => $profile, 'loginza_return_url' => $prev_url, 'loginza_banned_email' => $banned_email, 'loginza_dupe_list' => $dupe_list);
($hook = get_hook('rg_register_pre_add_user')) ? eval($hook) : null;
// If we dont have email — save userdata to session and show form
if (!$email) {
if (!isset($_SESSION)) {
session_start();
}
$session_id = 'fancy_login_loginza_' . random_key(12, TRUE, TRUE);
$_SESSION[$session_id] = $user_info;
$this->form_end_reg($session_id);
} else {
if ($forum_config['o_regs_verify'] == '1' && $forum_config['o_fancy_login_loginza_trust_openid_emails'] == '1') {
// Skip activate email from OpenID
$user_info['activate_key'] = 'NULL';
$user_info['require_verification'] = FALSE;
$user_info['group_id'] = $forum_config['o_default_user_group'];
}
$this->register($user_info);
}
}
function send_password()
{
// Variable errors
$errors = array();
$sended = false;
// Load the modules
$this->load->library('email');
$this->load->helper('email');
// Type text or html emails
$config['mailtype'] = 'html';
$this->email->initialize($config);
if (!isset($_POST['universe'])) {
$errors[] = $this->lang->line('error_universe');
}
if (!isset($_POST['email']) or !valid_email($_POST['email'])) {
$errors[] = $this->lang->line('error_email2');
}
if (!in_array($_POST['universe'], $this->config->item('uni_array'))) {
$errors[] = $this->lang->line('error_world');
}
if (count($errors) == 0) {
$user_query = $this->db->get_where($_POST['universe'] . '_users', array('email' => $_POST['email']));
if ($user_query->num_rows == 0) {
$errors[] = $this->lang->line('error_email3');
} else {
$user = $user_query->row();
$password = $key = random_key(8);
$this->db->set('password', md5($password));
$this->db->where(array('id' => $user->id));
$this->db->update($_POST['universe'] . '_users');
// Send an email
$message = '
<html>
<body>
<p>' . $this->lang->line('register_email_text_1') . ' ' . $user->login . ',<br>
<br>' . $this->lang->line('password_email_text_1') . ' (' . $_POST['universe'] . '):<br>
<br>' . $password . '<br>
<br>' . $this->lang->line('password_email_text_2') . ' <a href="' . $this->config->item('base_url') . '" target="_blank">' . $this->config->item('base_url') . '</a><br>
<br>' . $this->lang->line('register_email_text_6') . ',<br>' . $this->lang->line('register_email_text_7') . '</p>
</body>
</html>';
$this->email->from($this->config->item('email_from'), 'ZZJHONS');
$this->email->to($_POST['email']);
$this->email->subject($this->lang->line('password_email_text_1') . '!');
$this->email->message($message);
$this->email->send();
$sended = true;
}
}
$this->session->set_flashdata(array('errors' => $errors));
$this->session->set_flashdata(array('sended' => $sended));
$this->load->view('main_index_4', array('page' => 'password', 'errors' => $errors, 'sended' => $sended));
}
}
</script>
<?php
include "../../include/config.php";
include "../../include/db.php";
include "../../include/poa_rca.php";
include "../../include/mail_helper.php";
include "../../include/mail.php";
include "../../include/css/default.css";
$authenticated = $_REQUEST['authenticated'];
$ticket_id = $_REQUEST['ticket_id'];
$request_date = mktime();
$requested_by = $_REQUEST['requested_by'];
$approval_by = $_REQUEST["approver"];
$approval_key = random_key();
$base_url = "http://";
if ($HTTPS == 1) {
$base_url = "https://";
}
$base_url .= $_SERVER["SERVER_NAME"] . "/" . $INSTALL_HOME . "eztickets/scp";
if ($authenticated == 1) {
$sql = "insert into isost_ticket_approval (ticket_id,request_date,requested_by,approval_status,approval_by,approval_date,approval_comments,approval_key)";
$sql .= " values('{$ticket_id}','{$request_date}','{$requested_by}','PENDING','{$approval_by}','','','{$approval_key}')";
$result = mysql_query($sql);
$sql = "update isost_ticket set pending_approval=1 where ticket_id='{$ticket_id}'";
$result = mysql_query($sql);
$title = "Ticket Pending Approval";
$note = "Ticket is pending external approval from " . $approval_name . " requested by " . $requested_by;
$sql = "insert into isost_ticket_note(ticket_id,staff_id,source,title,note,created)";
$sql .= " values('{$ticket_id}','0','system','{$title}','{$note}',NOW())";
public function save()
{
// Security stuffs
$this->Security_model->log('election creation', 3);
// None of these fields must be empty. If it occurs, there is an IHM problem and the procedure
// should be aborted.
$profile = array('election' => array('admin_name' => '', 'admin_surname' => '', 'admin_email' => '', 'admin_password' => '', 'business' => '', 'winners' => '', 'title' => '', 'page' => '', 'start' => '', 'end' => ''), 'candidates' => array(), 'electors' => array());
// No need to specify 'true' in the second argument as it is also configured in the config file,
// but as it is a very important verification, it's better to force it here...
$data = $this->input->post(null, true);
$keys = array_keys($profile['election']);
foreach ($data as $key => $value) {
if ($key == 'start' or $key == 'end') {
//$dt = DateTime::createFromFormat( 'd/m/Y', $value );
$dt = DateTime::createFromFormat('Y/m/d H:i', $value);
if ($dt) {
$profile['election'][$key] = $dt->format(DateTime::ISO8601);
} else {
die('Date error.');
}
} elseif ($key == 'page') {
$profile['election']['page'] = $value;
// the same as below, without strip_tags()
} elseif (in_array($key, $keys)) {
$profile['election'][$key] = strip_tags($value);
} elseif (substr($key, 0, 9) == 'candidate') {
$profile['candidates'][] = strip_tags($value);
} elseif (in_array(substr($key, 0, 4), array('name', 'surn', 'emai'))) {
$col = preg_replace('/[0-9]/s', '', $key);
$row = preg_replace('/[^0-9]/s', '', $key);
$profile['electors'][$row][$col] = strip_tags($value);
} elseif (substr($key, 0, 5) == 'valid') {
// We have to ignore explicitly this field, otherwise we trigger
// an 'unexpected data' error (see bellow)
} else {
die_error('unexpected data.');
}
}
// Adding public user ID
//
// $key_list is used to prevent the generation of two identical keys.
//
$key_list = array();
foreach ($profile['electors'] as &$e) {
$key = random_key();
while (in_array($key, $key_list)) {
$key = random_key();
}
$key_list[] = $key;
$e['public_id'] = $key;
}
// post treatment validation
foreach ($profile as $value) {
if ($value == '' or is_array($value) && count($value) == 0) {
die_error('missing data.');
}
}
// generate a password for the admin
// It will be sent to the admin with its confirmation mail.
// In the database, only the md5 is saved for security reasons.
$password = random_key();
$profile['election']['admin_password'] = md5($password);
// Ok, so let's record it
$this->load->model('Election_model');
$this->load->model('Candidate_model');
$this->load->model('Elector_model');
$fk = $this->Election_model->save($profile['election']);
$this->Candidate_model->save($profile['candidates'], $fk);
$this->Elector_model->save($profile['electors'], $fk);
// warn the admin
$this->lang->load('el_mail');
$response = sendmail(array('subject' => 'Congratulations ! Elections are on rails now', 'message' => $this->load->view('email/creation', array('data' => $profile['election'], 'password' => $password), true), 'toName' => $profile['election']['admin_name'] . ' ' . $profile['election']['admin_surname'], 'toEmail' => $profile['election']['admin_email']));
if ($response !== true) {
die_error($response);
}
// warn the electors
foreach ($profile['electors'] as $elector) {
$mail = array('subject' => $profile['election']['title'], 'message' => $this->load->view('email/invitation', array('message' => $profile['election']['page'], 'public_id' => $elector['public_id'], 'start' => $profile['election']['start'], 'end' => $profile['election']['end']), true), 'fromName' => 'Election Libre', 'fromEmail' => $profile['election']['admin_email'], 'fromBusiness' => $profile['election']['business'], 'toName' => $elector['name'] . ' ' . $elector['surname'], 'toEmail' => $elector['email']);
$response = sendmail($mail);
if ($response !== true) {
die_error($response);
}
}
die(lang('manage_success'));
}
?> </span> </td> </tr> <tr> <th scope="row"><?php echo $lang_admin_options['SMTP password label']; ?> </th> <td> <label><input type="checkbox" name="form_smtp_change_pass" value="1" /> <?php echo $lang_admin_options['SMTP change password help']; ?> </label> <?php $smtp_pass = !empty($feather_config['o_smtp_pass']) ? random_key(feather_strlen($feather_config['o_smtp_pass']), true) : ''; ?> <input type="password" name="form_smtp_pass1" size="25" maxlength="50" value="<?php echo $smtp_pass; ?> " /> <input type="password" name="form_smtp_pass2" size="25" maxlength="50" value="<?php echo $smtp_pass; ?> " /> <span><?php echo $lang_admin_options['SMTP password help']; ?> </span> </td> </tr>
* Last Updated: 6/5/2014
* Signature: Tyler Nickerson
* Copyright 2014 eDart
*
* [Do not remove this header. One MUST be included at the start of every page/script]
*
*/
include_once $_SERVER["DOC_ROOT"] . "/scripts/php/core.php";
//Include core functionality
$complete = false;
//Boolean denoting whether the form has been submitted
//If the form has been submitted...
if (isset($_POST["forgotbox"])) {
$to = trim($_POST["forgotbox"]);
//Get the email address to send it to
$rand = random_key(64);
//Get a random password to reset to
$fname = "eDart";
//Default user first name
$lname = "User";
//Default user last name
$found = false;
//Boolean as to whether this user exists
//Connect to MySQL
$con = mysqli_connect(host(), username(), password(), mainDb());
//Try to find the user by email (not possible via the API)
$que = mysqli_query($con, "SELECT * FROM `usr` WHERE `email`='" . mysqli_real_escape_string($con, $to) . "'");
//Loop through the results
while ($row = mysqli_fetch_array($que)) {
//If we found them...
$fname = $row["fname"];
//If the user is not logged in...
if (!isset($_SESSION["userid"])) {
header("Location: /");
//Send them home
exit;
//Exit
}
HTML::begin();
Head::make("Validate Email");
Body::begin();
//Connect to MySQL
$con = mysqli_connect(host(), username(), password(), mainDb());
//Delete any previous validation keys from the server
mysqli_query($con, "DELETE FROM validate WHERE `id`='" . mysqli_real_escape_string($con, $_SESSION["userid"]) . "'");
//Generate a 256 character validation key
$ukey = random_key(256);
//Put the key in the table with the user ID attached
$set_key = "INSERT INTO validate(`id`, `key`) VALUES ('" . mysqli_real_escape_string($con, $_SESSION["userid"]) . "', '" . mysqli_real_escape_string($con, $ukey) . "')";
mysqli_query($con, $set_key);
//Close the connection
mysqli_close($con);
//Get info about the current user
$curuser = new User(array("action" => "get", "id" => $_SESSION["userid"]));
$uinfo = $curuser->run(true);
$uinfo = $uinfo[0];
//Send an email to the user
sendMail($uinfo["email"], $uinfo["fname"], $uinfo["lname"], "Validate Your Email", "Click the button below to validate your email.", "signup/continue.php?auth=" . urlencode($ukey), "Validate Email");
?>
<div class="layout-1200 uk-container-center">
<div class="uk-width-1-3 uk-align-center">
function send_password()
{
// Переменная ошибок
$errors = array();
$sended = false;
// Загружаем модули
$this->load->library('email');
$this->load->helper('email');
// Тип письма text или html
$config['mailtype'] = 'html';
$this->email->initialize($config);
if (!isset($_POST['universe'])) {
$errors[] = $this->lang->line('error_universe');
}
if (!isset($_POST['email']) or !valid_email($_POST['email'])) {
$errors[] = $this->lang->line('error_email2');
}
if (count($errors) == 0) {
$user_query = $this->db->get_where($_POST['universe'] . '_users', array('email' => $_POST['email']));
if ($user_query->num_rows == 0) {
$errors[] = $this->lang->line('error_email3');
} else {
$user = $user_query->row();
$password = $key = random_key(8);
$this->db->set('password', md5($password));
$this->db->where(array('id' => $user->id));
$this->db->update($_POST['universe'] . '_users');
//Отправляем письмо
$message = '<html><body><p>' . $this->lang->line('register_email_text_1') . ' ' . $user->login . ',<br><br>' . $this->lang->line('password_email_text_1') . ' (' . $_POST['universe'] . '):<br><br>' . $password . '<br><br>' . $this->lang->line('password_email_text_2') . ' <a href="' . $this->config->item('base_url') . '" target="_blank">' . $this->config->item('base_url') . '</a><br><br>' . $this->lang->line('register_email_text_6') . ',<br>' . $this->lang->line('register_email_text_7') . '</p></body></html>';
$this->email->from($this->config->item('email_from'), $this->lang->line('register_email_from'));
$this->email->to($_POST['email']);
$this->email->subject($this->lang->line('password_email_text_1') . '!');
$this->email->message($message);
$this->email->send();
$sended = true;
}
}
$this->session->set_flashdata(array('errors' => $errors));
$this->session->set_flashdata(array('sended' => $sended));
$this->load->view('main_index', array('page' => 'password', 'errors' => $errors));
}
</span></span>
<input type="text" name="cookie_name" value="<?php
echo panther_htmlspecialchars('panther_cookie_' . random_key(6, false, true));
?>
" maxlength="25" /></label>
</div>
<div class="row">
<label class="req"><span class="title"><?php
echo $lang_install['Cookie seed'];
?>
<span class="required"><?php
echo $lang_install['Required'];
?>
</span></span>
<input type="text" name="cookie_seed" value="<?php
echo panther_htmlspecialchars(random_key(16, false, true));
?>
" maxlength="25" /></label>
</div>
</div>
</div>
<div class="box">
<p class="boxtitle"><?php
echo $lang_install['Appearance'];
?>
</p>
<p class="boxinfo"><?php
echo $lang_install['Info 15'];
$approver_key = $check_key;
$action_date = mktime();
$sql = "update poa_approval_history set action='{$action}', action_date='{$action_date}', action_by='{$action_by}',comments='{$comments}' where activity_id='{$activity_id}' and action='PENDING APPROVAL'";
$result = mysql_query($sql);
echo "<h2>You have submitted your approval. You can close this browser window.</h2>";
if ($action == "APPROVED") {
// Check if additional approvals are required and if yes, notify the next user in the approval chain
$sql = "select record_index,approver_name,approver_email,approver_key";
$sql .= " from poa_approval_history where activity_id='{$activity_id}' and action in ('ADDED') order by item_order asc limit 1";
$result = mysql_query($sql);
if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_row($result);
$record_index = $row[0];
$next_approver_name = $row[1];
$next_approver_email = $row[2];
$next_approver_key = random_key();
$sql = "update poa_approval_history set approver_key='{$next_approver_key}',action='PENDING APPROVAL' where record_index='{$record_index}'";
$result = mysql_query($sql);
$subject = "PLANNED ACTIVITY APPROVAL REQUEST : {$poa_display}";
$url = $base_url . "/pa_view.php" . "?check_email=" . $next_approver_email . "&check_key=" . "{$next_approver_key}";
$body = "\nA Planned Activity is pending your approval. Kindly click on the URL : {$url} to view and approve the request.\n\n\n";
$body .= "PLEASE NOTE THAT THE ABOVE URL IS FOR ONE TIME USE ONLY.\nPLEASE DO NOT REPLY TO THIS E-MAIL";
ezmail($next_approver_email, $next_approver_name, $subject, $body, "");
$i++;
} else {
// set flag for completed approvals
$approvals_completed = 1;
}
// Notify the owner of the POA
$subject = "PLANNED ACTIVITY : {$approver_name} {$action}";
$body = "\nThis is to inform you that, {$approver_name} has {$action} the Planned Activity with ID : {$poa_display} submitted by you.\n\nThe Planned Activity may require further approvals and you shall be notified accordingly.\n\n\n";
$initial_group_id = 9;
} else {
$initial_group_id = $forum_config['o_regs_verify'] == '0' ? $forum_config['o_default_user_group'] : FORUM_UNVERIFIED;
}
$salt = random_key(12);
$password_hash = forum_hash($password1, $salt);
// Validate timezone and DST
$timezone = isset($_POST['timezone']) ? floatval($_POST['timezone']) : $forum_config['o_default_timezone'];
// Validate timezone — on error use default value
if ($timezone > 14.0 || $timezone < -12.0) {
$timezone = $forum_config['o_default_timezone'];
}
// DST
$dst = isset($_POST['dst']) && intval($_POST['dst']) === 1 ? 1 : $forum_config['o_default_dst'];
// Insert the new user into the database. We do this now to get the last inserted id for later use.
$user_info = array('username' => $username, 'pubkey' => $pubkey, 'btcaddress' => $btcaddress, 'invitedBy' => $username2, 'group_id' => $initial_group_id, 'salt' => $salt, 'password' => $password1, 'password_hash' => $password_hash, 'email' => $email1, 'email_setting' => $forum_config['o_default_email_setting'], 'timezone' => $timezone, 'dst' => $dst, 'language' => $language, 'style' => $forum_config['o_default_style'], 'registered' => time(), 'registration_ip' => get_remote_address(), 'activate_key' => $forum_config['o_regs_verify'] == '1' ? '\'' . random_key(8, true) . '\'' : 'NULL', 'require_verification' => $forum_config['o_regs_verify'] == '1', 'notify_admins' => $forum_config['o_regs_report'] == '1');
($hook = get_hook('rg_register_pre_add_user')) ? eval($hook) : null;
add_user($user_info, $new_uid);
// If we previously found out that the e-mail was banned
if ($banned_email && $forum_config['o_mailing_list'] != '') {
$mail_subject = 'Alert - Banned e-mail detected';
$mail_message = 'User \'' . $username . '\' registered with banned e-mail address: ' . $email1 . "\n\n" . 'User profile: ' . forum_link($forum_url['user'], $new_uid) . "\n\n" . '-- ' . "\n" . 'Forum Mailer' . "\n" . '(Do not reply to this message)';
($hook = get_hook('rg_register_banned_email')) ? eval($hook) : null;
forum_mail($forum_config['o_mailing_list'], $mail_subject, $mail_message);
}
// If we previously found out that the e-mail was a dupe
if (!empty($dupe_list) && $forum_config['o_mailing_list'] != '') {
$mail_subject = 'Alert - Duplicate e-mail detected';
$mail_message = 'User \'' . $username . '\' registered with an e-mail address that also belongs to: ' . implode(', ', $dupe_list) . "\n\n" . 'User profile: ' . forum_link($forum_url['user'], $new_uid) . "\n\n" . '-- ' . "\n" . 'Forum Mailer' . "\n" . '(Do not reply to this message)';
($hook = get_hook('rg_register_dupe_email')) ? eval($hook) : null;
forum_mail($forum_config['o_mailing_list'], $mail_subject, $mail_message);
function set_default_user()
{
global $forum_db, $db_type, $forum_user, $forum_config;
$remote_addr = get_remote_address();
$return = ($hook = get_hook('fn_set_default_user_start')) ? eval($hook) : null;
if ($return != null) {
return;
}
// Fetch guest user
$query = array('SELECT' => 'u.*, g.*, o.logged, o.csrf_token, o.prev_url, o.last_post, o.last_search', 'FROM' => 'users AS u', 'JOINS' => array(array('INNER JOIN' => 'groups AS g', 'ON' => 'g.g_id=u.group_id'), array('LEFT JOIN' => 'online AS o', 'ON' => 'o.ident=\'' . $forum_db->escape($remote_addr) . '\'')), 'WHERE' => 'u.id=1');
($hook = get_hook('fn_set_default_user_qr_get_default_user')) ? eval($hook) : null;
$result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
$forum_user = $forum_db->fetch_assoc($result);
if (!$forum_user) {
exit('Unable to fetch guest information. The table \'' . $forum_db->prefix . 'users\' must contain an entry with id = 1 that represents anonymous users.');
}
if (!defined('FORUM_QUIET_VISIT')) {
// Update online list
if (!$forum_user['logged']) {
$forum_user['logged'] = time();
$forum_user['csrf_token'] = random_key(40, false, true);
$forum_user['prev_url'] = get_current_url(255);
// REPLACE INTO avoids a user having two rows in the online table
$query = array('REPLACE' => 'user_id, ident, logged, csrf_token', 'INTO' => 'online', 'VALUES' => '1, \'' . $forum_db->escape($remote_addr) . '\', ' . $forum_user['logged'] . ', \'' . $forum_user['csrf_token'] . '\'', 'UNIQUE' => 'user_id=1 AND ident=\'' . $forum_db->escape($remote_addr) . '\'');
if ($forum_user['prev_url'] != null) {
$query['REPLACE'] .= ', prev_url';
$query['VALUES'] .= ', \'' . $forum_db->escape($forum_user['prev_url']) . '\'';
}
($hook = get_hook('fn_set_default_user_qr_add_online_guest_user')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
} else {
$query = array('UPDATE' => 'online', 'SET' => 'logged=' . time(), 'WHERE' => 'ident=\'' . $forum_db->escape($remote_addr) . '\'');
$current_url = get_current_url(255);
if ($current_url != null) {
$query['SET'] .= ', prev_url=\'' . $forum_db->escape($current_url) . '\'';
}
($hook = get_hook('fn_set_default_user_qr_update_online_guest_user')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
}
}
$forum_user['disp_topics'] = $forum_config['o_disp_topics_default'];
$forum_user['disp_posts'] = $forum_config['o_disp_posts_default'];
$forum_user['timezone'] = $forum_config['o_default_timezone'];
$forum_user['dst'] = $forum_config['o_default_dst'];
$forum_user['language'] = $forum_config['o_default_lang'];
$forum_user['style'] = $forum_config['o_default_style'];
$forum_user['is_guest'] = true;
$forum_user['is_admmod'] = false;
($hook = get_hook('fn_set_default_user_end')) ? eval($hook) : null;
}
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = forum_trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = forum_trim(substr($mail_tpl, $first_crlf));
// Do the generic replacements first (they apply to all e-mails sent out here)
$mail_message = str_replace('<base_url>', $base_url . '/', $mail_message);
$mail_message = str_replace('<board_mailer>', sprintf($lang_common['Forum mailer'], $forum_config['o_board_title']), $mail_message);
($hook = get_hook('li_forgot_pass_new_general_replace_data')) ? eval($hook) : null;
// Loop through users we found
foreach ($users_with_email as $cur_hit) {
$forgot_pass_timeout = 3600;
($hook = get_hook('li_forgot_pass_pre_flood_check')) ? eval($hook) : null;
if ($cur_hit['last_email_sent'] != '' && time() - $cur_hit['last_email_sent'] < $forgot_pass_timeout && time() - $cur_hit['last_email_sent'] >= 0) {
message(sprintf($lang_login['Email flood'], $forgot_pass_timeout));
}
// Generate a new password activation key
$new_password_key = random_key(8, true);
$query = array('UPDATE' => 'users', 'SET' => 'activate_key=\'' . $new_password_key . '\', last_email_sent = ' . time(), 'WHERE' => 'id=' . $cur_hit['id']);
($hook = get_hook('li_forgot_pass_qr_set_activate_key')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
// Do the user specific replacements to the template
$cur_mail_message = str_replace('<username>', $cur_hit['username'], $mail_message);
$cur_mail_message = str_replace('<activation_url>', str_replace('&', '&', forum_link($forum_url['change_password_key'], array($cur_hit['id'], $new_password_key))), $cur_mail_message);
($hook = get_hook('li_forgot_pass_new_user_replace_data')) ? eval($hook) : null;
forum_mail($email, $mail_subject, $cur_mail_message);
}
message(sprintf($lang_login['Forget mail'], '<a href="mailto:' . forum_htmlencode($forum_config['o_admin_email']) . '">' . forum_htmlencode($forum_config['o_admin_email']) . '</a>'));
} else {
$errors[] = sprintf($lang_login['No e-mail match'], forum_htmlencode($email));
}
}
}
?>
</span>
</td>
</tr>
<tr>
<th scope="row"><?php
echo $lang->t('SMTP password label');
?>
</th>
<td>
<span><input type="checkbox" name="form[smtp_change_pass]" value="1" />  <?php
echo $lang->t('SMTP change password help');
?>
</span>
<?php
$smtp_pass = !empty($pun_config['o_smtp_pass']) ? random_key(pun_strlen($pun_config['o_smtp_pass']), true) : '';
?>
<input type="password" name="form[smtp_pass1]" size="25" maxlength="50" value="<?php
echo $smtp_pass;
?>
" />
<input type="password" name="form[smtp_pass2]" size="25" maxlength="50" value="<?php
echo $smtp_pass;
?>
" />
<span><?php
echo $lang->t('SMTP password help');
?>
</span>
</td>
</tr>
// Regenerate the config cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PANTHER_ROOT . 'include/cache.php';
}
generate_config_cache();
clear_feed_cache();
if ($form['url_type'] != $panther_config['o_url_type']) {
//Load new URL pack to avoid 404 error after redirecting
if (file_exists(PANTHER_ROOT . 'include/url/' . $form['url_type'] . '.php')) {
require PANTHER_ROOT . 'include/url/' . $form['url_type'] . '.php';
} else {
require PANTHER_ROOT . 'include/url/default.php';
}
generate_quickjump_cache();
}
redirect(panther_link($panther_url['admin_options']), $lang_admin_options['Options updated redirect']);
}
$page_title = array($panther_config['o_board_title'], $lang_admin_common['Admin'], $lang_admin_common['Options']);
define('PANTHER_ACTIVE_PAGE', 'admin');
require PANTHER_ROOT . 'header.php';
generate_admin_menu('options');
$diff = ($panther_user['timezone'] + $panther_user['dst']) * 3600;
$timestamp = time() + $diff;
$schemes = get_url_schemes();
$scheme_options = array();
foreach ($schemes as $scheme) {
$scheme_options[] = array('file' => $scheme, 'title' => substr(ucwords(str_replace('_', ' ', $scheme)), 0, -4));
}
$tpl = load_template('admin_options.tpl');
echo $tpl->render(array('lang_admin_options' => $lang_admin_options, 'lang_admin_common' => $lang_admin_common, 'panther_config' => $panther_config, 'form_action' => panther_link($panther_url['admin_options']), 'csrf_token' => generate_csrf_token(PANTHER_ADMIN_DIR . '/options.php'), 'max_file_size' => $max_file_size, 'types' => $scheme_options, 'languages' => forum_list_langs(), 'styles' => forum_list_styles(), 'time_format' => gmdate($panther_config['o_time_format'], $timestamp), 'date_format' => gmdate($panther_config['o_date_format'], $timestamp), 'censoring_link' => panther_link($panther_url['admin_censoring']), 'archive_link' => panther_link($panther_url['admin_archive']), 'ranks_link' => panther_link($panther_url['admin_ranks']), 'tasks_link' => panther_link($panther_url['admin_tasks']), 'feeds' => array(5, 15, 30, 60), 'smtp_pass' => !empty($panther_config['o_smtp_pass']) ? random_key(panther_strlen($panther_config['o_smtp_pass']), true) : '', 'themes' => forum_list_themes()));
require PANTHER_ROOT . 'footer.php';
}
$cache_dir->close();
}
} else {
$alerts[] = '<li><span>' . $lang_install['No cache write'] . '</span></li>';
}
// Check if default avatar directory is writable
if (!is_writable(FORUM_ROOT . 'img/avatars/')) {
$alerts[] = '<li><span>' . $lang_install['No avatar write'] . '</span></li>';
}
// Check if we disabled uploading avatars because file_uploads was disabled
if ($avatars == '0') {
$alerts[] = '<li><span>' . $lang_install['File upload alert'] . '</span></li>';
}
// Add some random bytes at the end of the cookie name to prevent collisions
$cookie_name = 'forum_cookie_' . random_key(6, false, true);
/// Generate the config.php file data
$config = generate_config_file();
// Attempt to write config.php and serve it up for download if writing fails
$written = false;
if (is_writable(FORUM_ROOT)) {
$fh = @fopen(FORUM_ROOT . 'config.php', 'wb');
if ($fh) {
fwrite($fh, $config);
fclose($fh);
$written = true;
}
}
if ($install_pun_repository && is_readable(FORUM_ROOT . 'extensions/pun_repository/manifest.xml')) {
require FORUM_ROOT . 'include/xml.php';
$ext_data = xml_to_array(file_get_contents(FORUM_ROOT . 'extensions/pun_repository/manifest.xml'));
function attach_generate_filename($storagepath, $messagelength = 0, $size = 0)
{
// Login keys are one time use only. Use this as salt too.
global $panther_user;
$newfile = md5($messagelength . $size . $panther_user['login_key'] . random_key(18)) . '.attach';
if (!is_file($storagepath . $newfile)) {
return $newfile;
} else {
return attach_generate_filename($storagepath, $messagelength, $size);
}
}
private function create($parameters)
{
global $con;
if (!isset($parameters["item1"]) || !isset($parameters["item2"])) {
return 401;
} elseif (!isset($_SESSION["userid"])) {
return 403;
} else {
$offerid = random_key(256);
$offer_fields = array("id" => $offerid, "item1" => $parameters["item1"], "item2" => $parameters["item2"]);
addRow($con, "exchange", $offer_fields);
$originItem = new Item(array("action" => "get", "filter" => array("id" => $parameters["item1"])));
$originInfo = $originItem->run();
if ($originInfo[0]["usr"] != $_SESSION["userid"]) {
return 403;
exit;
}
$itemAuth = new User(array("action" => "get", "id" => $originInfo[0]["usr"]));
$userGet = $itemAuth->run();
$afname = $userGet[0]["fname"];
$acceptItem = new Item(array("action" => "get", "filter" => array("id" => $parameters["item2"])));
$acceptInfo = $acceptItem->run();
$ai_name = $acceptInfo[0]["name"];
$ai_usr = $acceptInfo[0]["usr"];
$pronoun = "their";
switch (trim($userGet[0]["gender"])) {
case "0":
$pronoun = "his";
break;
case "1":
$pronoun = "her";
break;
}
$offermsg = $afname . " has decided to trade {$pronoun} " . $originInfo[0]["name"] . " for your " . $ai_name;
$link = "exchange.php?offerid=" . trim($offerid);
sendNotify($acceptInfo[0]["usr"], $offermsg, $link);
return 200;
}
}
function generate_config_file()
{
global $db_type, $db_host, $db_name, $db_username, $db_password, $db_prefix, $cookie_name, $cookie_seed;
return '<?php' . "\n\n" . '$db_type = \'' . $db_type . "';\n" . '$db_host = \'' . $db_host . "';\n" . '$db_name = \'' . addslashes($db_name) . "';\n" . '$db_username = \'' . addslashes($db_username) . "';\n" . '$db_password = \'' . addslashes($db_password) . "';\n" . '$db_prefix = \'' . addslashes($db_prefix) . "';\n" . '$p_connect = false;' . "\n\n" . '$cookie_name = ' . "'" . $cookie_name . "';\n" . '$cookie_domain = ' . "'';\n" . '$cookie_path = ' . "'/';\n" . '$cookie_secure = 0;' . "\n" . '$cookie_seed = \'' . random_key(16, false, true) . "';\n\ndefine('PUN', 1);\n";
}
$base_url = "http://";
if ($HTTPS == 1) {
$base_url = "https://";
}
$base_url .= $_SERVER["SERVER_NAME"] . "/" . $INSTALL_HOME . "rca";
$activity_id = $_REQUEST["activity_id"];
$action = "PENDING APPROVAL";
$action_by = $username;
$action_date = mktime();
$email = $_REQUEST["email"];
$sql = "select record_index,approver_name,approver_email,approver_key,item_order";
$sql .= " from rca_approval_history where activity_id='{$activity_id}' and approver_email='{$email}' order by record_index asc limit 1";
$result = mysql_query($sql);
while ($row = mysql_fetch_row($result)) {
$record_index = $row[0];
$approver_name = $row[1];
$approver_email = $row[2];
$approver_key = random_key();
$sql = "update rca_approval_history set approver_key='{$approver_key}' where record_index='{$record_index}'";
$result = mysql_query($sql);
$item_order = $row[4];
$subject = "RCA APPROVAL REQUEST : {$activity_id}";
$url = $base_url . "/rca_view.php" . "?check_email=" . $approver_email . "&check_key=" . "{$approver_key}";
$body = "\nA Root Cause Analysis (RCA) is pending your approval. Kindly click on the URL : {$url} to view and approve the request.\n\n\n";
$body .= "PLEASE NOTE THAT THE ABOVE URL IS FOR ONE TIME USE ONLY. \nPLEASE DO NOT REPLY TO THIS E-MAIL";
ezmail($approver_email, $approver_name, $subject, $body, "");
}
?>
<meta http-equiv="REFRESH" content="0;URL=index.php">
} else {
$query['WHERE'] = 'LOWER(username)=LOWER(\'' . $forum_db->escape($form_username) . '\')';
}
($hook = get_hook('li_login_qr_get_login_data')) ? eval($hook) : null;
$result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
list($user_id, $group_id, $db_password_hash, $salt) = $forum_db->fetch_row($result);
$authorized = false;
if (!empty($db_password_hash)) {
$sha1_in_db = strlen($db_password_hash) == 40 ? true : false;
$form_password_hash = forum_hash($form_password, $salt);
if ($sha1_in_db && $db_password_hash == $form_password_hash) {
$authorized = true;
} else {
if (!$sha1_in_db && $db_password_hash == md5($form_password) || $sha1_in_db && $db_password_hash == sha1($form_password)) {
$authorized = true;
$salt = random_key(12);
$form_password_hash = forum_hash($form_password, $salt);
// There's an old MD5 hash or an unsalted SHA1 hash in the database, so we replace it
// with a randomly generated salt and a new, salted SHA1 hash
$query = array('UPDATE' => 'users', 'SET' => 'password=\'' . $form_password_hash . '\', salt=\'' . $forum_db->escape($salt) . '\'', 'WHERE' => 'id=' . $user_id);
($hook = get_hook('li_login_qr_update_user_hash')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
}
}
}
($hook = get_hook('li_login_pre_auth_message')) ? eval($hook) : null;
if (!$authorized) {
$errors[] = sprintf($lang_login['Wrong user/pass']);
echo 'ERROR: ' . sprintf($lang_login['Wrong user/pass']);
echo '<br /><a href="board/">Back to Board Index</a>';
}
