function iUsers($iname, $ipass, $imail)
{
global $admin_file, $CURUSER;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
list($iclass) = mysql_fetch_row(sql_query('SELECT class FROM users WHERE username = '******'Администратор ' . $CURUSER['username'] . ' пробовал изменить учетные данные пользователя ' . $iname . ' классом выше!', 'red', 'error');
} else {
$updateset = array();
if (!empty($ipass)) {
$secret = mksecret();
$hash = md5($secret . $ipass . $secret);
$updateset[] = "secret = " . sqlesc($secret);
$updateset[] = "passhash = " . sqlesc($hash);
}
if (!empty($imail) && validemail($imail)) {
$updateset[] = "email = " . sqlesc($imail);
}
if (count($updateset)) {
$res = sql_query("UPDATE users SET " . implode(", ", $updateset) . " WHERE username = "******"Ошибка", "Смена пароля завершилась неудачей! Возможно указано несуществующее имя пользователя.", "error");
} else {
stdmsg("Изменения пользователя прошло успешно", "Имя пользователя: " . $iname . (!empty($hash) ? "<br />Новый пароль: " . $ipass : "") . (!empty($imail) ? "<br />Новая почта: " . $imail : ""));
}
}
} else {
echo "<form method=\"post\" action=\"" . $admin_file . ".php?op=iUsers\">" . "<table border=\"0\" cellspacing=\"0\" cellpadding=\"3\">" . "<tr><td class=\"colhead\" colspan=\"2\">Смена пароля</td></tr>" . "<tr>" . "<td><b>Пользователь</b></td>" . "<td><input name=\"iname\" type=\"text\"></td>" . "</tr>" . "<tr>" . "<td><b>Новый пароль</b></td>" . "<td><input name=\"ipass\" type=\"password\"></td>" . "</tr>" . "<tr>" . "<td><b>Новая почта</b></td>" . "<td><input name=\"imail\" type=\"text\"></td>" . "</tr>" . "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"isub\" value=\"Сделать\"></td></tr>" . "</table>" . "<input type=\"hidden\" name=\"op\" value=\"iUsers\" />" . "</form>";
}
}
}
}
}
}
}
}
}
}
if ($isValid && !(checkdnsrr($domain, "MX") || checkdnsrr($domain, "A"))) {
// domain not found in DNS
$isValid = false;
}
}
return $isValid;
}
if (!validemail($_POST['email'])) {
// Check email address
echo "At least try to put in a real email address... not {$_POST['email']}";
} else {
if (isset($_POST['username']) ? Strlen($_POST['username']) < 2 : false) {
// Check username if posted
echo "At least try to put in a name for your account...";
} else {
if (isset($_POST['username']) ? Strlen($_POST['username']) > 25 : false) {
// Check small enough
echo "At least try to put in a reasonable name for your account...";
} else {
if ($_POST['f'] == 'sign') {
$username = $_POST['username'];
$email = $_POST['email'];
// Get database connection
public function update_group($group = array())
{
LOGGER("update user: "******", id=" . (int) $group['id']);
$query = $this->db->query("UPDATE `" . TABLE_GROUP . "` SET `groupname`=? WHERE id=?", array($group['groupname'], (int) $group['id']));
$query = $this->db->query("DELETE FROM `" . TABLE_GROUP_USER . "` WHERE id=?", array($group['id']));
$emails = explode("\n", $group['email']);
foreach ($emails as $email) {
$email = rtrim($email);
if (validemail($email)) {
$query = $this->db->query("INSERT INTO `" . TABLE_GROUP_USER . "` (id, email) VALUES(?,?)", array($group['id'], $email));
}
}
$query = $this->db->query("DELETE FROM `" . TABLE_GROUP_EMAIL . "` WHERE id=?", array($group['id']));
$emails = explode("\n", $group['assigned_email']);
foreach ($emails as $email) {
$email = rtrim($email);
if (validemail($email)) {
$query = $this->db->query("INSERT INTO `" . TABLE_GROUP_EMAIL . "` (id, email) VALUES(?,?)", array($group['id'], $email));
}
}
return $this->db->countAffected();
}
} else {
$name = str_replace(array('?', '*'), array('_', '%'), $name);
$name_is .= (isset($name_is) ? " OR " : "") . "u.username LIKE " . sqlesc($name);
}
}
$where_is .= $name_is . ")";
}
$q .= ($q ? "&" : "") . "n=" . urlencode(trim($_GET['n']));
}
// email
$emaila = explode(' ', trim($_GET['em']));
if ($emaila[0] !== "") {
$where_is .= isset($where_is) ? " AND (" : "(";
foreach ($emaila as $email) {
if (strpos($email, '*') === false && strpos($email, '?') === false && strpos($email, '%') === false) {
if (validemail($email) !== 1) {
stdmsg("Error", "Bad email.");
stdfoot();
die;
}
$email_is .= (isset($email_is) ? " OR " : "") . "u.email =" . sqlesc($email);
} else {
$sql_email = str_replace(array('?', '*'), array('_', '%'), $email);
$email_is .= (isset($email_is) ? " OR " : "") . "u.email LIKE " . sqlesc($sql_email);
}
}
$where_is .= $email_is . ")";
$q .= ($q ? "&" : "") . "em=" . urlencode(trim($_GET['em']));
}
// class
// NB: the c parameter is passed as two units above the real one
function checkemail($email, $domains)
{
if (validemail($email) == 0) {
return 0;
}
if ($email == 'admin@local') {
return 1;
}
list($u, $d) = explode('@', $email);
foreach ($domains as $domain) {
if ($domain == $d) {
return 1;
}
}
return -1;
}
$age = (int) $_POST["age"];
if (empty($wantpassword) || empty($email) && !$invite_row || empty($wantusername)) {
$message = T_("DONT_LEAVE_ANY_FIELD_BLANK");
} elseif (strlen($wantusername) > $username_length) {
$message = sprintf(T_("USERNAME_TOO_LONG"), $username_length);
} elseif ($wantpassword != $passagain) {
$message = T_("PASSWORDS_NOT_MATCH");
} elseif (strlen($wantpassword) < $password_minlength) {
$message = sprintf(T_("PASS_TOO_SHORT_2"), $password_minlength);
} elseif (strlen($wantpassword) > $password_maxlength) {
$message = sprintf(T_("PASS_TOO_LONG_2"), $password_maxlength);
} elseif ($wantpassword == $wantusername) {
$message = T_("PASS_CANT_MATCH_USERNAME");
} elseif (!validusername($wantusername)) {
$message = "Invalid username.";
} elseif (!$invite_row && !validemail($email)) {
$message = "That doesn't look like a valid email address.";
}
if ($message == "") {
// Certain checks must be skipped for invites
if (!$invite_row) {
//check email isnt banned
$maildomain = substr($email, strpos($email, "@") + 1);
$a = @mysql_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain='{$email}'"));
if ($a[0] != 0) {
$message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email);
}
$a = @mysql_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain LIKE '%{$maildomain}%'"));
if ($a[0] != 0) {
$message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email);
}
public function update_user($user)
{
LOGGER("update user: "******", uid=" . (int) $user['uid']);
$emails = explode("\n", $user['email']);
foreach ($emails as $email) {
$email = rtrim($email);
if (validemail($email) == 0) {
continue;
}
$query = $this->db->query("SELECT COUNT(*) AS count FROM " . TABLE_EMAIL . " WHERE uid!=? AND email=?", array((int) $user['uid'], $email));
if ($query->row['count'] > 0) {
return $email;
}
}
/* update password field if we have to */
if (strlen($user['password']) >= MIN_PASSWORD_LENGTH) {
$query = $this->db->query("UPDATE " . TABLE_USER . " SET password=? WHERE uid=?", array(crypt($user['password']), (int) $user['uid']));
if ($this->db->countAffected() != 1) {
return 0;
}
}
$query = $this->db->query("UPDATE " . TABLE_USER . " SET username=?, realname=?, domain=?, dn=?, isadmin=? WHERE uid=?", array($user['username'], $user['realname'], $user['domain'], @$user['dn'], $user['isadmin'], (int) $user['uid']));
/* first, remove all his email addresses */
$query = $this->db->query("DELETE FROM " . TABLE_EMAIL . " WHERE uid=?", array((int) $user['uid']));
/* then add all the emails we have from the CGI post input */
foreach ($emails as $email) {
$email = rtrim($email);
if (validemail($email) == 0) {
continue;
}
$query = $this->db->query("INSERT INTO " . TABLE_EMAIL . " (uid, email) VALUES(?,?)", array((int) $user['uid'], $email));
/* remove from memcached */
if (MEMCACHED_ENABLED) {
$memcache = Registry::get('memcache');
$memcache->delete(MEMCACHED_PREFIX . $email);
}
}
$this->update_domains_settings((int) $user['uid'], $user['domains']);
$this->update_group_settings($emails[0], $user['group']);
$this->update_folder_settings((int) $user['uid'], $user['folder']);
return 1;
}
$response->error = "Can not download cert_mail_file";
result($response);
}
$check = @file_get_contents($to_db['reg_mail_file']);
if (!$check) {
$response->error = "Can not download reg_mail_file";
result($response);
}
$check = @file_get_contents($to_db['failed_mail_file']);
if (!$check) {
$response->error = "Can not download failed_mail_file";
result($response);
}
if ($data['bcc_email']) {
$to_db['bcc_email'] = (string) $data['bcc_email'];
if (!validemail($to_db['bcc_email'])) {
$response->error = "Invalid email format in bcc_email";
result($response);
}
}
if ($data['api_password']) {
$to_db['api_password'] = (string) $data['api_password'];
}
$DB->query("UPDATE clients SET {$DB->build_update_query($to_db)} WHERE id={$client_id}");
$response->data = array('success' => true, 'message' => 'API data has been updated');
result($response);
} elseif ($mode == 'api_info') {
$result = array('client_id' => $client['id'], 'api_password' => $client['api_password'], 'from_name' => $client['from_name'], 'from_email' => $client['from_email'], 'support_name' => $client['support_name'], 'support_email' => $client['support_email'], 'bcc_email' => $client['bcc_email'], 'cert_mail_file' => $client['cert_mail_file'], 'reg_mail_file' => $client['reg_mail_file'], 'failed_mail_file' => $client['failed_mail_file'], 'provision_filename' => $client['provision_filename']);
$response->data = $result;
result($response);
} elseif ($mode == 'delete') {
public function get_email_array_from_ldap_attr($e = array())
{
$data = array();
foreach ($e as $a) {
syslog(LOG_INFO, "checking ldap entry dn: " . $a['dn'] . ", cn: " . $a['cn']);
foreach (array("mail", "mailalternateaddress", "proxyaddresses", "zimbraMailForwardingAddress", "member", "memberOfGroup") as $mailattr) {
if (isset($a[$mailattr])) {
if (is_array($a[$mailattr])) {
for ($i = 0; $i < $a[$mailattr]['count']; $i++) {
syslog(LOG_INFO, "checking entry: " . $a[$mailattr][$i]);
$a[$mailattr][$i] = strtolower($a[$mailattr][$i]);
if (strchr($a[$mailattr][$i], '@')) {
if (preg_match("/^([\\w]+)\\:/i", $a[$mailattr][$i], $p)) {
if (isset($p[0]) && $p[0] != "smtp:") {
continue;
}
}
$email = preg_replace("/^([\\w]+)\\:/i", "", $a[$mailattr][$i]);
if (validemail($email) && !in_array($email, $data)) {
array_push($data, $email);
}
}
}
} else {
syslog(LOG_INFO, "checking entry #2: " . $a[$mailattr]);
$email = strtolower(preg_replace("/^([\\w]+)\\:/i", "", $a[$mailattr]));
if (validemail($email) && !in_array($email, $data)) {
array_push($data, $email);
}
}
}
}
}
return $data;
}
echo "" . CON_SECS . "";
?>
</div>
<?php
$type = $_GET["type"];
$email = $_GET["email"];
if (!$type) {
die;
}
if ($type == "noconf") {
//email conf is disabled?
print "<div class='confirmb'><div class='success-box'>" . PLEASE_NOW_LOGIN_REST . "</div></div>";
die;
}
if ($type == "signup" && validemail($email)) {
if (!$site_config["ACONFIRM"]) {
print "<div class='confirmb'><div class='success-box'>" . EMAIL_CHANGE_SEND . "" . " (" . htmlspecialchars($email) . "). " . "" . ACCOUNT_CONFIRM_SENT_TO_ADDY_REST . "" . "</div></div>";
} else {
print "<div class='confirmb'><div class='success-box'>" . EMAIL_CHANGE_SEND . "" . " (" . htmlspecialchars($email) . "). " . "" . ACCOUNT_CONFIRM_SENT_TO_ADDY_ADMIN . "" . "</div></div>";
}
} elseif ($type == "confirmed") {
print "<div class='confirmb'><div class='success-box'>" . ACCOUNT_ALREADY_CONFIRMED . "</div></div>";
} elseif ($type == "invite" && $_GET["email"]) {
print "<div class='confirmb'><div class='success-box'>" . "" . INVITE_SUCCESSFUL . "" . "<br /><br />" . "" . A_CONFIRMATION_EMAIL_HAS_BEEN_SENT . "" . " (" . htmlspecialchars($email) . "). " . "" . THEY_NEED_TO_READ_AND_RESPOND_TO_THIS_EMAIL . "" . "</div></div>";
} elseif ($type == "confirm") {
if (isset($CURUSER)) {
print "<div class='confirmb'><div class='success-box'>" . ACCOUNT_ACTIVATED . " <a href='" . $site_config["SITEURL"] . "/index.php'> " . ACCOUNT_ACTIVATED_REST . "</div></div>";
print "<div class='confirmb'><div class='success-box'>" . ACCOUNT_BEFOR_USING . " " . $site_config["SITENAME"] . " " . ACCOUNT_BEFOR_USING_REST . "</div></div>";
} else {
print "<div class='confirmb'><div class='success-box'>" . ACCOUNT_ACTIVATED . "</div></div>";
// +--------------------------------------------------------------------------+
*/
require_once 'include/bittorrent.php';
dbconn();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($use_captcha) {
$b = get_row_count('captcha', 'WHERE imagehash = ' . sqlesc($_POST['imagehash']) . ' AND imagestring = ' . sqlesc($_POST['imagestring']));
sql_query('DELETE FROM captcha WHERE imagehash = ' . sqlesc($_POST['imagehash'])) or die(mysql_error());
if ($b == 0) {
stderr($tracker_lang['error'], 'Вы ввели неправильный код подтверждения.');
}
}
if (!mkglobal('useremail:subject:message')) {
stderr($tracker_lang['error'], 'Вы не заполнили все поля формы! Вернитесь назад и попробуйте еще раз.');
}
if (!validemail($useremail)) {
stderr($tracker_lang['error'], 'Это не похоже на реальный email адрес.');
}
$ip = getip();
$username = $CURUSER['username'] ? $CURUSER['username'] : '******';
if ($CURUSER) {
$userid = $CURUSER['id'];
} else {
$userid = 0;
}
$body = <<<EOD
Сообщение через обратную связь на {$website_name}:
--------------------------------
{$message}
public function check_your_permission_by_id_list($id = array())
{
$q = $q2 = '';
$arr = $a = $result = array();
if (count($id) < 1) {
return $result;
}
$session = Registry::get('session');
$arr = $id;
for ($i = 0; $i < count($id); $i++) {
$q2 .= ",?";
}
$q2 = preg_replace("/^\\,/", "", $q2);
if (Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) {
if (validdomain($session->get("domain")) == 1) {
$q .= ",?";
array_push($a, $session->get("domain"));
}
$auditdomains = $session->get("auditdomains");
while (list($k, $v) = each($auditdomains)) {
if (validdomain($v) == 1 && !in_array($v, $a)) {
$q .= ",?";
array_push($a, $v);
}
}
} else {
if (Registry::get('auditor_user') == 0) {
$emails = $session->get("emails");
while (list($k, $v) = each($emails)) {
if (validemail($v) == 1) {
$q .= ",?";
array_push($a, $v);
}
}
}
}
$q = preg_replace("/^\\,/", "", $q);
if (Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 0) {
$query = $this->db->query("SELECT id FROM `" . TABLE_META . "` WHERE `id` IN ({$q2})", $arr);
} else {
if (ENABLE_FOLDER_RESTRICTIONS == 1) {
$query = $this->sphx->query("SELECT id, folder FROM " . SPHINX_MAIN_INDEX . " WHERE id IN (" . implode(",", $id) . ")");
} else {
$arr = array_merge($arr, $a, $a);
if (Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) {
$query = $this->db->query("SELECT id FROM `" . VIEW_MESSAGES . "` WHERE `id` IN ({$q2}) AND ( `fromdomain` IN ({$q}) OR `todomain` IN ({$q}) )", $arr);
} else {
$query = $this->db->query("SELECT id FROM `" . VIEW_MESSAGES . "` WHERE `id` IN ({$q2}) AND ( `from` IN ({$q}) OR `to` IN ({$q}) )", $arr);
}
}
}
if ($query->num_rows > 0) {
foreach ($query->rows as $q) {
if (ENABLE_FOLDER_RESTRICTIONS == 1) {
if (in_array($q['folder'], $session->get("folders"))) {
array_push($result, $q['id']);
}
} else {
array_push($result, $q['id']);
}
}
}
return $result;
}
public function process_users($users = array(), $globals = array())
{
$late_add = array();
$uids = array();
$exclude = array();
$newuser = 0;
$deleteduser = 0;
$n = 0;
LOGGER("running process_users() ...");
/* build a list of DNs to exclude from the import */
while (list($k, $v) = each($globals)) {
if (preg_match("/^reject_/", $k)) {
$exclude[$v] = $v;
}
}
foreach ($users as $_user) {
if (strlen($_user['dn']) > DN_MAX_LEN) {
LOGGER("ERR: too long entry: " . $_user['dn']);
}
if (in_array($_user['dn'], $exclude)) {
LOGGER("excluding from import:" . $_user['dn']);
continue;
}
/* Does this DN exist in the user table ? */
$__user = $this->model_user_user->get_user_by_dn($_user['dn']);
if (isset($__user['uid'])) {
array_push($uids, $__user['uid']);
/* if so, then verify the email addresses */
$changed = 0;
$emails = $this->model_user_user->get_emails_by_uid($__user['uid']);
/* first let's add the new email addresses */
$ldap_emails = explode("\n", $_user['emails']);
$sql_emails = explode("\n", $emails);
foreach ($ldap_emails as $email) {
if (!in_array($email, $sql_emails)) {
$rc = $this->model_user_user->add_email($__user['uid'], $email);
$changed++;
/* in case of an error add it to the $late_add array() */
if ($rc == 0) {
$late_add[] = array('uid' => $__user['uid'], 'email' => $email);
}
}
}
/* delete emails not present in the user's LDAP entry */
foreach ($sql_emails as $email) {
if (!in_array($email, $ldap_emails)) {
$rc = $this->model_user_user->remove_email($__user['uid'], $email);
$changed++;
}
}
LOGGER($_user['dn'] . ": exists, changed={$changed}");
if ($changed > 0) {
$n++;
}
} else {
/* update DN field if it's an existing user */
if (($cuid = $this->model_user_user->get_uid_by_name($_user['username'])) > 0) {
$this->model_user_user->update_dn_by_uid($cuid, $_user['dn']);
continue;
}
/* or add the new user */
$user = $this->createNewUserArray($_user['dn'], $_user['username'], $_user['realname'], $_user['emails'], $_user['samaccountname'], $globals);
$user['folder'] = '';
array_push($uids, $user['uid']);
$rc = $this->model_user_user->add_user($user);
if ($rc == 1) {
$newuser++;
}
}
}
/* add the rest to the email table */
foreach ($late_add as $new) {
$rc = $this->model_user_user->add_email($new['uid'], $new['email']);
if ($rc == 1) {
$newuser++;
}
}
/* delete accounts not present in the LDAP directory */
if (count($uids) > 0) {
$uidlist = implode("','", $uids);
$query = $this->db->query("SELECT uid, username FROM " . TABLE_USER . " WHERE domain=? AND dn != '*' AND dn LIKE '%" . $globals['ldap_basedn'] . "' AND dn is NOT NULL AND uid NOT IN ('{$uidlist}')", array($globals['domain']));
foreach ($query->rows as $deleted) {
$deleteduser++;
$this->model_user_user->delete_user($deleted['uid']);
}
}
/* try to add new membership entries */
reset($users);
foreach ($users as $user) {
if ($user['members']) {
$group = $this->model_user_user->get_user_by_dn($user['dn']);
$members = explode("\n", $user['members']);
if (count($members) > 0) {
if (isset($group['uid'])) {
$query = $this->db->query("DELETE FROM " . TABLE_EMAIL_LIST . " WHERE gid=?", array($group['uid']));
}
foreach ($members as $member) {
if (validemail($member)) {
$__user = $this->model_user_user->get_user_by_email($member);
} else {
$__user = $this->model_user_user->get_user_by_dn($member);
}
if (isset($group['uid']) && isset($__user['uid'])) {
$query = $this->db->query("INSERT INTO " . TABLE_EMAIL_LIST . " (uid, gid) VALUES(?,?)", array((int) $__user['uid'], $group['uid']));
}
}
}
}
}
return array($newuser, $deleteduser);
}
class_check(UC_ADMINISTRATOR);
$lang = array_merge($lang, load_language('ad_adduser'));
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$insert = array('username' => '', 'email' => '', 'secret' => '', 'passhash' => '', 'status' => 'confirmed', 'added' => TIME_NOW, 'last_access' => TIME_NOW);
if (isset($_POST['username']) && strlen($_POST['username']) >= 5) {
$insert['username'] = $_POST['username'];
} else {
stderr($lang['std_err'], $lang['err_username']);
}
if (isset($_POST['password']) && isset($_POST['password2']) && strlen($_POST['password']) > 6 && $_POST['password'] == $_POST['password2']) {
$insert['secret'] = mksecret();
$insert['passhash'] = make_passhash($insert['secret'], md5($_POST['password']));
} else {
stderr($lang['std_err'], $lang['err_password']);
}
if (isset($_POST['email']) && validemail($_POST['email'])) {
$insert['email'] = $_POST['email'];
} else {
stderr($lang['std_err'], $lang['err_email']);
}
if (sql_query(sprintf('INSERT INTO users (username, email, secret, passhash, status, added, last_access) VALUES (%s)', join(', ', array_map('sqlesc', $insert))))) {
$user_id = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
stderr($lang['std_success'], sprintf($lang['text_user_added'], $user_id));
} else {
if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 1062) {
$res = sql_query(sprintf('SELECT id FROM users WHERE username = %s', sqlesc($insert['username']))) or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($res)) {
$arr = mysqli_fetch_assoc($res);
header(sprintf('refresh:3; url=userdetails.php?id=%d', $arr['id']));
}
stderr($lang['std_err'], $lang['err_already_exists']);
if ($islogin) {
header("Location: ?page=private");
exit;
} elseif (isset($_POST['register'])) {
if (!$_POST['username']) {
$errormessage = $localize->Translate('error_empty_login');
} elseif (!$_POST['password']) {
$errormessage = $localize->Translate('error_empty_password');
} elseif (!$_POST['email']) {
$errormessage = $localize->Translate('error_empty_email');
} else {
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
if ($_POST['password'] == $username) {
$errormessage = $localize->Translate('error_invalid_passwor');
} elseif (!validemail($email)) {
$errormessage = $localize->Translate('error_invalid_email');
} elseif (!validusername($username)) {
$errormessage = $localize->Translate('error_invalid_login');
} else {
$result = $db->query("SELECT email FROM users WHERE (email='{$email}')");
if ($db->num_rows($result) > 0) {
$errormessage = $localize->Translate('error_registered_email') . $email . $localize->Translate('error_registered');
} else {
$result = $db->query("SELECT username FROM users WHERE (username='******')");
if ($db->num_rows($result) > 0) {
$errormessage = $username . $localize->Translate('error_registered');
} else {
$secret = generateCode();
$passhash = md5($secret . $_POST['password'] . $secret);
$last_login = time();
$ssl = true;
} else {
$ssl = false;
}
logincookie($CURUSER["id"], $passh, 1, 0x7fffffff, $securelogin_indentity_cookie, $ssl);
//sessioncookie($CURUSER["id"], $passh);
$passupdated = 1;
}
if ($disableemailchange != 'no' && $smtptype != 'none' && $email != $CURUSER["email"]) {
if (EmailBanned($email)) {
bark($lang_usercp['std_email_address_banned']);
}
if (!EmailAllowed($email)) {
bark($lang_usercp['std_wrong_email_address_domains'] . allowedemails());
}
if (!validemail($email)) {
stderr($lang_usercp['std_error'], $lang_usercp['std_wrong_email_address_format'] . goback("-2"), 0);
die;
}
$r = sql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr();
if (mysql_num_rows($r) > 0) {
stderr($lang_usercp['std_error'], $lang_usercp['std_email_in_use'] . goback("-2"), 0);
die;
}
$changedemail = 1;
}
if ($resetpasskey == 1) {
$passkey = md5($CURUSER['username'] . date("Y-m-d H:i:s") . $CURUSER['passhash']);
$updateset[] = "passkey = " . sqlesc($passkey);
}
if ($changedemail == 1) {
$message .= "Username already in use!<br/>";
} else {
$result1a = $mysqli->query("Update sp_users set username = '******' Where userno={$userno};");
$message .= "Username updated successfully.<br/>";
$_SESSION['sp_username'] = $username;
$current_username = $username;
}
}
// Email address 1 changed
if ($ed_email1 != $current_email1 and $ed_email1 != '' and validemail($ed_email1)) {
$mysqli->query("Update sp_users Set email1='{$ed_email1}' Where userno={$userno}");
$current_email1 = $ed_email1;
$message .= "Email updated successfully.<BR/>";
}
// Email address 2 changed
if ($ed_email2 != $current_email2 and $ed_email2 != '' and ($ed_mail == ' ' or validemail($ed_email2))) {
$mysqli->query("Update sp_users Set email2='{$ed_email2}' Where userno={$userno};");
$current_email2 = $ed_email2;
$message .= "Alternative Email updated successfully.<BR/>";
}
// Change password
if ($newpass == $confirm and $newpass != '') {
$mysqli->query("Update sp_users Set pass='******' Where userno={$userno};");
$message .= "Your password has been successfully changed.<BR/>";
} else {
if ($newpass != $confirm and $newpass != '') {
$message .= "Password and confirmation did not match.<BR/>";
}
}
// Change map type
if ($map_type != $current_map_type and $map_type != '') {
