require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\User; use NERDZ\Core\Db; $user = new User(); if (!NERDZ\Core\Security::refererControl()) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer')); } if (!NERDZ\Core\Security::csrfControl(isset($_POST['tok']) ? $_POST['tok'] : 0, 'edit')) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': token')); } if (!$user->isLogged()) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER'))); } require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/validateuser.php'; //include $updatedPassword $params = [':timezone' => $userData['timezone'], ':name' => $userData['name'], ':surname' => $userData['surname'], ':email' => $userData['email'], ':gender' => $userData['gender'], ':date' => $birth['date'], ':id' => $_SESSION['id']]; if ($updatedPassword) { $params[':password'] = $userData['password']; } $ret = Db::query(['UPDATE users SET "timezone" = :timezone, "name" = :name, "surname" = :surname,"email" = :email,"gender" = :gender, "birth_date" = :date ' . ($updatedPassword ? ', "password" = crypt(:password, gen_salt(\'bf\', 7))' : '') . ' WHERE counter = :id', $params], Db::FETCH_ERRSTR); if ($ret != Db::NO_ERRSTR) { die(NERDZ\Core\Utils::jsonDbResponse($ret)); } if ($updatedPassword && ($cookie = isset($_COOKIE['nerdz_u']))) { if (!$user->login(User::getUsername(), $userData['password'], $cookie, $_SESSION['mark_offline'])) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Login')); } } die(NERDZ\Core\Utils::jsonResponse('error', 'OK'));
<?php ob_start('ob_gzhandler'); require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php'; use NERDZ\Core\Db; use NERDZ\Core\User; use NERDZ\Core\Captcha; $user = new User(); $cptcka = new Captcha(); $captcha = isset($_POST['captcha']) ? $_POST['captcha'] : false; if (!$captcha) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MISSING') . ': ' . $user->lang('CAPTCHA'))); } if (!$cptcka->check($captcha)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA'))); } if ($user->isLogged()) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ALREADY_LOGGED'))); } require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/validateuser.php'; $ret = Db::query(['INSERT INTO users ("username","password","name","surname","email","gender","birth_date","lang","board_lang","timezone","remote_addr", "http_user_agent") VALUES (:username, crypt(:password, gen_salt(\'bf\', 7)) , :name, :surname, :email, :gender, :date, :lang, :lang, :timezone, :remote_addr, :http_user_agent)', [':username' => $userData['username'], ':password' => $userData['password'], ':name' => $userData['name'], ':surname' => $userData['surname'], ':email' => $userData['email'], ':gender' => $userData['gender'], ':timezone' => $userData['timezone'], ':date' => $birth['date'], ':lang' => $user->getLanguage(), ':remote_addr' => $_SERVER['REMOTE_ADDR'], ':http_user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? htmlspecialchars($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, 'UTF-8') : '']], Db::FETCH_ERRSTR); if ($ret != Db::NO_ERRSTR) { die(NERDZ\Core\Utils::jsonDbResponse($ret)); } if (!$user->login($userData['username'], $userData['password'], $setCookie = true)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Login')); } die(NERDZ\Core\Utils::jsonResponse('ok', $user->lang('LOGIN_OK')));
} catch (phpmailerException $e) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': ' . $e->errorMessage() . "\n contact support@nerdz.eu or retry")); } die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': contact support@nerdz.eu or retry')); } else { if ($password !== false && $token !== false && $key !== false) { //3rd step switch (Security::passwordControl($password)) { case 'PASSWORD_SHORT': die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PASSWORD_SHORT') . "\n" . $user->lang('MIN_LENGTH') . ': ' . Config\MIN_LENGTH_PASS)); case 'PASSWORD_LONG': die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PASSWORD_LONG'))); } if (!($obj = Db::query(['SELECT r.*, u.username FROM reset_requests r JOIN users u ON r.to = u.counter WHERE r.counter = :key', [':key' => $key]], Db::FETCH_OBJ))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '(2): ' . $user->lang('TRY_LATER'))); } if ($obj->token !== $token) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Token')); } if (Db::NO_ERRNO != Db::query(['DELETE FROM reset_requests WHERE "to" = :to AND counter <= :key', [':to' => $obj->to, ':key' => $key]], Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '(3): ' . $user->lang('TRY_LATER'))); } if (Db::NO_ERRNO != Db::query(['UPDATE "users" SET "password" = crypt(:pass, gen_salt(\'bf\', 7)) WHERE "counter" = :id', [':pass' => $password, ':id' => $obj->to]], Db::FETCH_ERRNO)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': retry')); } if (!$user->login($obj->username, $password, $setCookie = true)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Login')); } die(NERDZ\Core\Utils::jsonResponse('ok', 'OK')); } }