function Password($nick, $passw)
{
if (PasswordCheck($nick, $passw)) {
return true;
} else {
exit("pasword doest not match");
}
}
if (strlen($value) < 4) {
$error_detected[] = _T("- The username must be composed of at least 4 characters!");
} else {
//check if login is already taken
$requete = "SELECT id_adh FROM " . PREFIX_DB . "adherents WHERE login_adh=" . $DB->qstr($value, get_magic_quotes_gpc());
if (isset($adherent['id_adh']) && $adherent['id_adh'] != '') {
$requete .= " AND id_adh!=" . $DB->qstr($adherent['id_adh'], get_magic_quotes_gpc());
}
$result =& $DB->Execute($requete);
if (!$result->EOF || $value == PREF_ADMIN_LOGIN) {
$error_detected[] = _T("- This username is already used by another member !");
}
}
break;
case 'mdp_adh':
if (!PasswordCheck($_POST["mdp_adh"], $_POST["mdp_crypt"])) {
$error_detected[] = _T("Password misrepeated: ");
} elseif (strlen($value) < 4) {
$error_detected[] = _T("- The password must be of at least 4 characters!");
} else {
// md5sum du mot de passe
// On garde le mot en clair pour le mail et le template
$adherent['mdp_adh_plain'] = $adherent['mdp_adh'];
$adherent['mdp_adh'] = md5($adherent['mdp_adh']);
$value = $adherent["mdp_adh"];
break;
}
// dates already quoted
if ($key == 'date_crea_adh' || $key == 'ddn_adh') {
if ($value == '') {
$value = 'null';
</div>
<div id="slideshow">
<div id="container" style="color:#ccc;background-image: url(/image/1.jpg);background-size:100%;">
<center><h1 style="color:#ccc;">Change Password</h1>
<form action="" method="POST">
<input type="password" name="old" placeholder="Old password">
<input type="password" name="new" placeholder="New password">
<input type="password" name="confnew" placeholder="Confirm new password">
<p></p>
<center><input type="submit" value="Change Password" name="submit" id="Button" /></center>
</form></center>
<?php
if (isset($_POST["submit"])) {
$oldpassword = PasswordCheck($_POST['old']);
$newpassword = PasswordCheck($_POST['new']);
$confirmpassword = PasswordCheck($_POST['confnew']);
if (!empty($oldpassword) && !empty($newpassword) && !empty($confirmpassword)) {
$result = mysql_query("SELECT *from members WHERE user='******'");
$name = $row = mysql_fetch_array($result);
$ramdom = $name['nitid'];
$email = $name['email'];
$oldpass = md5(md5(md5($oldpassword . $PasswordEncryptText1 . $ramdom) . $PasswordEncryptText2) . $PasswordEncryptText3);
$new = md5(md5(md5($newpassword . $PasswordEncryptText1 . $ramdom) . $PasswordEncryptText2) . $PasswordEncryptText3);
if ($name['pass'] == $oldpass) {
if ($newpassword == $confirmpassword) {
mysql_query("UPDATE members set pass='******' WHERE user='******'");
if (mail($email, $websitename . " - Password Changed", "Your password has been changed.\n \n New password: "******"\n \n If wasn't you please contact the administrator.")) {
echo '<h3>Password changed</h3>';
unset($_SESSION['sess_user']);
unset($_SESSION["pages"]);
unset($_SESSION["number"]);
<form action="" method="POST">
<h1>Login</h1>
<input type="text" name="user" placeholder="Username">
<input type="password" name="pass" placeholder="•••••••">
<p></p>
<center><input type="submit" value="Login" name="submit" id="Button" /></center>
</form>
</center>
</div>
</div>
</body>
</html>
<?php
if (isset($_POST["submit"])) {
$user = SecurityCheck($_POST['user']);
$password = PasswordCheck($_POST['pass']);
$query = mysql_query("SELECT * FROM members WHERE user='******'");
$numrows = mysql_num_rows($query);
if ($user == "fd87yr6t3rwhuifsdho8yu3r" || $password == "fd87yr6t3rwhuifsdho8yu3r") {
$SQLinjectDetection = 1;
} else {
$SQLinjectDetection = 0;
}
if ($SQLinjectDetection == 0) {
if ($numrows != 0) {
$name = $row = mysql_fetch_array($query);
$ramdom = $name['nitid'];
$md5pass = md5(md5(md5($password . $PasswordEncryptText1 . $ramdom) . $PasswordEncryptText2) . $PasswordEncryptText3);
$removeme = $password + $ramdom;
if (!empty($user) && !empty($password)) {
$query = mysql_query("SELECT * FROM members WHERE user='******' AND pass='******' AND nitid='" . $ramdom . "'");
<?php
include 'common.php';
$path = "users/{$nick}.txt";
if (!$nick) {
exit("wrong params");
}
if ($login) {
Password($nick, $passw);
exit(Success);
}
if ($registr) {
if (!$nick || !$passw || !$xml) {
exit("wrong params");
}
if (PasswordCheck($nick, $passw)) {
exit(Success);
}
$filetext = file_get_contents("users.txt");
if ($filetext) {
$stringArray = explode("\r\n", $filetext);
for ($i = 0; $i < count($stringArray); $i++) {
$row = explode("\t", $stringArray[$i]);
if ($row[0] == $nick) {
exit("User Already Exists");
}
}
}
// if(file_exists("ips.txt"))
// {
// $d = date("d", filemtime("ips.txt"));
function AttemptLogin($username, $password)
{
$found_admin = FindAdminByUsername($username);
if ($found_admin) {
if (PasswordCheck($password, $found_admin["hashed_password"])) {
return $found_admin;
} else {
return false;
}
} else {
return false;
}
}
$isCreator = false;
//Get even data
$EventData = GetEventData($conn, $event);
$eventName = $EventData["Name"];
$eventTracks = $EventData["Tracks"];
$creatorID = $EventData["CreatorUserID"];
//Load "creator options" if userID matches
if ($userID === $creatorID) {
$isCreator = true;
}
//Die if eventname and tracks don't exist
if ($eventName == '' && $eventTracks == 0) {
die(include 'php/views/notfound.php');
}
//Check for password
PasswordCheck($conn, $event, $pwd, "event");
//////////////////////////////////////////////////
// Get tracks and runners with specified format //
//////////////////////////////////////////////////
$runnerDataHTML = "";
$Tracks = [];
foreach (GetTrackData($conn, $event) as $track) {
if ($track["Name"] != "notracks") {
$Anmalda = "<div id='Track-" . $track["TrackID"] . "'><h3>" . $track["Name"] . "</h3><ul class='list-group'>";
} else {
$Anmalda = "<div id='Track-" . $track["TrackID"] . "'><ul class='list-group'>";
}
//Get all runners for specified track
$getRunners = GetRunnerData($conn, $event, $track["TrackID"]);
$runnerCount = 0;
foreach ($getRunners as $key => $runner) {
