if (isset($_REQUEST['emailaddress'])) {
$bEmailaddress = $_REQUEST['emailaddress'] == 1;
} else {
$own_user = new user($login->userid);
$bEmailaddress = $own_user->getUsermailSendAddress();
}
if (isset($_REQUEST['ok'])) {
$bError = false;
if ($subject == '') {
$bError = true;
$tpl->assign('errorSubjectEmpty', true);
}
if ($text == '') {
$bError = true;
$tpl->assign('errorBodyEmpty', true);
}
if ($bError == false) {
if ($user->sendEMail($login->userid, $subject, $text, $bEmailaddress)) {
$tpl->assign('success', true);
} else {
$tpl->assign('errorUnkown', true);
}
}
}
$tpl->assign('subject', $subject);
$tpl->assign('text', $text);
$tpl->assign('emailaddress', $bEmailaddress);
$tpl->assign('email_problems', $user->getEmailProblems());
$tpl->assign('userid', $user->getUserId());
$tpl->assign('username', $user->getUsername());
$tpl->display();
function sendEMail($nFromUserId, $sSubject, $sText, $bSendEMailAddress)
{
global $opt, $translate;
if ($this->exist() == false) {
return false;
}
if ($this->getIsActive() == false) {
return false;
}
if ($this->getEMail() === null || $this->getEMail() == '') {
return false;
}
if ($sSubject == '') {
return false;
}
if ($sText == '') {
return false;
}
if (mb_strpos($sSubject, "\n") !== false) {
$sSubject = mb_substr($sSubject, 0, mb_strpos($sSubject, "\n"));
}
$sSubject = mb_trim($sSubject);
$fromUser = new user($nFromUserId);
if ($fromUser->exist() == false) {
return false;
}
if ($fromUser->getIsActive() == false) {
return false;
}
if ($fromUser->getEMail() === null || $fromUser->getEMail() == '') {
return false;
}
$language = $this->getLanguageCode();
if (!$language) {
$language = $opt['template']['locale'];
}
// ok, we can send ...
$mail = new mail();
$mail->name = 'usercontactmail';
$mail->to = $this->getEMail();
$mail->recipient_locale = $this->getLanguageCode();
$mail->from = $opt['mail']['usermail'];
if ($bSendEMailAddress == true) {
$mail->replyTo = $fromUser->getEMail();
$mail->returnPath = $fromUser->getEMail();
}
$mail->subject = $translate->t('E-Mail from', '', basename(__FILE__), __LINE__, '', 1, $language) . ' ' . $fromUser->getUsername() . ': ' . $sSubject;
$mail->assign('usersubject', $sSubject);
$mail->assign('text', $sText);
$mail->assign('username', $this->getUsername());
$mail->assign('sendemailaddress', $bSendEMailAddress);
$mail->assign('fromusername', $fromUser->getUsername());
$mail->assign('fromuserid', $fromUser->getUserId());
$mail->assign('fromuseremail', $fromUser->getEMail());
if ($mail->send()) {
// send copy to fromUser
$mail->assign('copy', true);
$mail->to = $fromUser->getEMail();
$mail->send();
// log
sql("INSERT INTO `email_user` (`ipaddress`, \n\t\t\t `from_user_id`, \n\t\t\t `from_email`, \n\t\t\t `to_user_id`, \n\t\t\t `to_email`)\n\t\t\t VALUES ('&1', '&2', '&3', '&4', '&5')", $_SERVER["REMOTE_ADDR"], $fromUser->getUserId(), $fromUser->getEMail(), $this->getUserId(), $this->getEMail());
return true;
} else {
return false;
}
}
// prepare array to indicate errors in template
$validate = array();
// log and cache type which can be combined with maintenance state flags
$rs = sql("SELECT `id` FROM `log_types` WHERE `maintenance_logs`");
$logtype_allows_nm = sql_fetch_column($rs);
// proceed loggable, if valid cache_id
$validate['logAllowed'] = true;
if ($cacheId != 0) {
// get cache object
$cache = new cache($cacheId);
// check log allowed, depending on cache state and logged in user
$validate['logAllowed'] = $cache->allowLog();
// get user object
$user = new user($login->userid);
// is user cache owner
$isOwner = $user->getUserId() == $cache->getUserId();
// assing ratings to template
$tpl->assign('ratingallowed', $user->allowRatings());
$tpl->assign('givenratings', $user->getGivenRatings());
$tpl->assign('maxratings', $user->getMaxRatings());
$tpl->assign('israted', $cache->isRecommendedByUser($user->getUserId()));
$tpl->assign('foundsuntilnextrating', $user->foundsUntilNextRating());
$tpl->assign('isowner', $isOwner);
// check and prepare form values
$datesaved = isset($_COOKIE['oclogdate1']) && isset($_COOKIE['oclogdate2']);
if ($datesaved) {
$defaultLogYear = substr($_COOKIE['oclogdate1'], 0, 4);
$defaultLogMonth = substr($_COOKIE['oclogdate1'], 4, 2);
$defaultLogDay = substr($_COOKIE['oclogdate1'], 6, 2);
}
// check if masslog warning is accepted (in cookie)
<?php
session_start();
include "../classes/user.php";
$user = new user();
$user->setUserName($_SESSION['username']);
$user->setUserPassword($_SESSION['userpassword']);
//echo $_SESSION['username'];
//echo $_SESSION['userpassword'];
if ($user->UserLogin() == true) {
// echo "andar";
$_SESSION['UserId'] = $user->getUserId();
$_SESSION['UserName'] = $_SESSION['username'];
$_SESSION['GameId'] = $user->getUserGameId();
$_SESSION['Opponent'] = $user->getUserGameOpponent();
//echo $_SESSION['Opponent'];
//$_SESSION['Color']=$user->getGameColor();
}
if (!empty($_SESSION['Opponent'])) {
echo $_SESSION['Opponent'];
}
<?php
require "../content/db.php";
require "../content/user.class.php";
$user = new user($db);
$username = $_POST["username"];
$password = $_POST["password"];
if ($user->checkLogin($user->getUserId($username), $password)) {
$token = $user->setgetRandomToken($user->getUserId($username));
session_start();
$_SESSION["uid"] = $user->getUserId($username);
$_SESSION["token"] = $token;
$_SESSION["checked"] = true;
if ($_POST["cookies"]) {
setcookie("uid", $user->getUserId($username), time() + 31536000);
setcookie("token", $token, time() + 31536000);
}
echo "true";
} else {
echo "false";
}
<?php
require 'includes/config.php';
require 'structure/database.php';
require 'structure/base.php';
require 'structure/user.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
if (!$user->isLoggedIn()) {
$content = '<center>You need to be logged in to access this page. <a href="index.php">Home</a></center>';
} else {
if (isset($_POST['old_password']) && isset($_POST['password']) && isset($_POST['confirm_password'])) {
//get the users current (referred to as "old") password
$query = $database->processQuery("SELECT `password` FROM `users` WHERE `id` = ? LIMIT 1", array($user->getUserId($_COOKIE['user'])), true);
$old_password = substr(substr($query[0]['password'], 54), 0, -3);
$entered_password = hash(sha256, md5(sha1($_POST['old_password'])));
$confirm_password = hash(sha256, md5(sha1($_POST['confirm_password'])));
$password = hash(sha256, md5(sha1($_POST['password'])));
if ($confirm_password != $password) {
$content = '<center>The two passwords didn\'t match!</center>';
} elseif ($entered_password != $old_password) {
$content = '<center>The password you entered doesn\'t match your current password.</center>';
} elseif (strlen($_POST['password']) > 20 || strlen($_POST['password']) < 5) {
$content = '<center>You\'re password cannot be greater than twenty characters; you\'re password also cannot be smaller than five characters.</center>';
} else {
//add salt
$salt = substr(hash(sha256, sha1(time())), 10);
$password = $salt . hash(sha256, md5(sha1($_POST['password']))) . substr($salt, 0, -51);
//update their password
$database->processQuery("UPDATE `users` SET `password` = ? WHERE `id` = ? LIMIT 1", array($password, $user->getUserId($_COOKIE['user'])), false);
<?php
session_start();
session_regenerate_id(true);
include 'content/user.class.php';
include 'content/db.php';
$user = new user($db);
if (isset($_POST['username']) and isset($_POST['password'])) {
if ($user->userExists($user->getUserId($_POST['username']))) {
if ($user->checkLogin($user->getUserId($_POST['username']), $_POST['password'])) {
$error = "Login erfolgreich. Wenn Sandy hier war, solltte hier eine Weiterleitung sein.";
} else {
$error = "MÖP MÖP MÖP... EY DA ISCH WASCH FALSCH!";
}
} elseif (isset($_POST['firstn']) and isset($_POST['lastn']) and isset($_POST['loc']) and isset($_POST['pcode']) and isset($_POST['street']) and isset($_POST['house']) and isset($_POST['c_id']) and isset($_POST['email']) and isset($_POST['birth']) and isset($_POST['pw1']) and isset($_POST['pw2'])) {
if ($_POST['pw1'] == $_POST['pw2']) {
$user->newUser($_POST['firstn'], $_POST['lastn'], $_POST['username'], $_POST['loc'], $_POST['pcode'], $_POST['street'], $_POST['house'], $_POST['c_id'], $_POST['email'], $_POST['birth'], 0, $_POST['pw1']);
} else {
$error = "Ey du, gugst du! Die Passwörter sind nischt gleich, alter!";
}
}
}
?>
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<div class="widescroll-content">
<?php
//all the recovery questions we're working with
$questions[] = array();
$questions[0] = 'What was your first pet\'s name?';
$questions[1] = 'Type in a code you can remember.';
$questions[2] = 'Where is your favorite vacation spot?';
$questions[3] = 'Who is your favorite author?';
$questions[4] = 'What color was your first bedroom?';
$questions[5] = 'What was your first car?';
if (!$user->isLoggedIn()) {
echo 'You must be logged in to access this content.';
} else {
//check if they have recoveries set
//variable is set to x to save time typing
$x = $database->processQuery("SELECT `cancel`,`a1`,`a2`,`a3`,`a4`,`a5` FROM `recoveries` WHERE `userid` = ?", array($user->getUserId($_COOKIE['user'])), true);
if (isset($_POST['answer'])) {
if ($database->getRowCount() == 0) {
//validate answers
$errors = array();
$answers = $_POST['answer'];
$i = 0;
foreach ($answers as $answer) {
$i++;
if (strlen($answer) < 3 || strlen($answer) > 35) {
$errors[] = 'Question #' . $i . ' must be at least three characters and no more than 26 characters.';
}
if (preg_match('#[^a-zA-Z0-9$ ]#', $answer)) {
$errors[] = 'Question #' . $i . ' contains illegal characters.';
}
}
<div id="blackfields">
<form action="change_username.php" method="POST">
<table>
<tr><td><b><font size="1">Abuse of this system will result in a demotion.</font></b></td></tr>
<tr><td>Username</td><td><input type="text" class="button" name="old" maxlength="12"></td></tr>
<tr><td>New Username</td><td><input type="text" class="button" name="new" maxlength="12"></td></tr>
<tr><td>Done?</td><td><input type="submit" value="Change Username"></td></tr>
</table>
</form>
</div>
<?php
} elseif (!$user->doesExist($_POST['old'])) {
echo 'You can\'t change the name of a non-existent user. <input type="button" value="Back" onclick="goBack()" />';
} elseif ($user->getRank($_POST['old']) > 1 && $user->getUserId($_COOKIE['user']) != 1) {
echo 'You can\'t change the name of a staff member. <input type="button" value="Back" onclick="goBack()" />';
} elseif (!$register->validateUsername($_POST['new'])) {
echo 'The newly created username cannot be used. <input type="button" value="Back" onclick="goBack()" />';
} else {
//replace all their content with new username
$database->processQuery("UPDATE `users` SET `username` = ? WHERE `username` = ? LIMIT 1", array($_POST['new'], $_POST['old']), false);
$database->processQuery("UPDATE `posts` SET `username` = ? WHERE `username` = ?", array($_POST['new'], $_POST['old']), false);
$database->processQuery("UPDATE `threads` SET `username` = ? WHERE `username` = ?", array($_POST['new'], $_POST['old']), false);
$database->processQuery("UPDATE `messages` SET `creator` = ? WHERE `creator` = ?", array($_POST['new'], $_POST['old']), false);
$database->processQuery("UPDATE `messages` SET `receiver` = ? WHERE `receiver` = ?", array($_POST['new'], $_POST['old']), false);
$database->processQuery("UPDATE `replies` SET `username` = ? WHERE `username` = ?", array($_POST['new'], $_POST['old']), false);
$base->appendToFile('../forums/logs.txt', array($username . ' changed ' . $_POST['old'] . '\'s username to ' . $_POST['new']));
echo 'The user\'s username has successfully been changed. (<b>' . $_POST['old'] . ' -> ' . $_POST['new'] . ')';
}
?>
if ($login->userid == 0) {
$tpl->redirect_login();
}
// get user object
$user = new user($login->userid);
// get cache_id if not given
$cacheId = 0;
if (isset($_REQUEST['wp'])) {
$cacheId = cache::cacheIdFromWP($_REQUEST['wp']);
} elseif (isset($_REQUEST['cacheid'])) {
// Ocprop
$cacheId = $_REQUEST['cacheid'];
}
$fieldNote = [];
if (isset($_GET['fieldnoteid']) && !isset($_POST['submitform'])) {
$rs = sql('SELECT * FROM field_note WHERE `id` = &1 AND `user_id` = &2', (int) $_GET['fieldnoteid'], (int) $user->getUserId());
$fieldNote = sql_fetch_assoc($rs);
if (!empty($fieldNote)) {
$cacheId = $fieldNote['geocache_id'];
}
}
// check adminstatus of user
$useradmin = $login->hasAdminPriv() ? 1 : 0;
// prepare array to indicate errors in template
$validate = array();
// log and cache type which can be combined with maintenance state flags
$rs = sql("SELECT `id` FROM `log_types` WHERE `maintenance_logs`");
$logtype_allows_nm = sql_fetch_column($rs);
// proceed loggable, if valid cache_id
$validate['logAllowed'] = true;
if ($cacheId != 0) {
<div class="titleframe e">
<b>Set new recovery questions</b><br />
<a href="../index.php">Main Menu</a>
</div>
</div>
<img class="widescroll-top" src="../img/scroll/backdrop_765_top.gif" alt="" width="765" height="50" />
<div class="widescroll">
<div class="widescroll-bgimg">
<div class="widescroll-content">
<?php
if (!$user->isLoggedIn()) {
echo 'You must be logged in to access this content.';
} else {
$info = $database->processQuery("SELECT `cancel` FROM `recoveries` WHERE `userid` = ?", array($user->getUserId($_COOKIE['user'])), true);
if ($database->getRowCount() == 0) {
echo 'You need to have recovery questions in order to cancel them. You can <a href="set_recov.php">set them</a> or <a href="../index.php">go home</a>.';
} elseif ($info[0]['cancel'] >= 1) {
echo 'Your questions have already been set to cancel.';
} elseif (isset($_GET['confirm'])) {
//cancel the recovery questions
$database->processQuery("UPDATE `recoveries` SET `cancel` = ? WHERE `userid` = ?", array(time(), $user->getUserId($_COOKIE['user'])), false);
echo 'Your recovery questions have successfully been set to cancel. <a href="set_recov.php">Return</a>';
} else {
?>
Are you sure you wish to cancel your recovery questions? Once you confirm this action, you're recovery questions will be set for two more weeks. After that, they'll be
deleted. This action can be canceled by clicking "Set recovery questions" on the website homepage.
<br/><br/>
<?php
session_start();
// ini_set('session_cookie_httponly', true);
if (isset($_SESSION[last_ip]) === false) {
$_SESSION['last_ip'] = $_SERVER['REMOTE_ADDR'];
}
if ($_SESSION['last_ip'] !== $_SERVER['REMOTE_ADDR']) {
session_unset();
session_destroy();
}
include "classes.php";
$user = new user();
$user->setUserMail($_POST['UserMailLogin']);
$user->setUserPassword(sha1($_POST['UserPasswordLogin']));
echo session_id();
$user->setSessionId(session_id());
if ($user->UserLogin() == true) {
$_SESSION["userId"] = $user->getUserId();
$_SESSION["userName"] = $user->getUserName();
$_SESSION["userMail"] = $user->getUserMail();
}
