Exemple #1
0
     $da_rt = 0;
 }
 if ($da_rt > 0) {
     if ($do_notify_user) {
         $mm = "";
         $mm .= "Your complaint has received a reply from a CService Admin,\n";
         $mm .= "you will find the reply below :\n\n";
         $mm .= "============================================================================\n";
         $mm .= N_get_pure_string($_POST["areply"]) . "\n\n";
         $mm .= "============================================================================\n";
         if ($_POST["newstatus"] > 0) {
             $mm .= "Thanks for using our Complaint system, this is the last event of this ticket.\n";
             $mm .= "You'll receive a confirmation right after this message.\n\n";
         } else {
             $mm .= "You can reply to this message by following the next link :\n";
             $da_url = gen_server_url() . substr($REQUEST_URI, 0, strrpos($REQUEST_URI, "/")) . "/ticket.php?A=reply&ID=" . $_GET["ID"] . "&C=" . md5(CRC_SALT_0005 . $_GET["ID"] . $da_rt . "reply-user") . "&RT=" . $da_rt;
             $mm .= $da_url . "\n\n";
         }
         mail($daobj->from_email, "[" . NETWORK_NAME . " CService Complaints] " . $_GET["ID"] . " - Admin Reply", $mm, "From: " . NETWORK_NAME . " Channel Service <" . OBJECT_EMAIL . ">\nReply-to: DO.NOT@REPLY.THANKS\nX-Mailer: " . NETWORK_NAME . " CService Complaint Module\n\n");
         echo "<br><br><b>Your reply has been recorded, The user is being notified by e-mail.</b><br><br>";
     } else {
         echo "<br><br><b>Your reply has been recorded (admin only), The user is NOT being notified.</b><br><br>";
     }
     if ($_POST["newstatus"] > 0) {
         // status also changed ... (notify user anyway of this state)
         $mm = "";
         $mm .= "Your complaint ticket number " . $_GET["ID"] . " has been marked as " . strtoupper($cmp_status[$_POST["newstatus"]]) . " by a CService Admin\n\n";
         $mm .= "Thanks for using our Complaint System.\n\n";
         mail($daobj->from_email, "[" . NETWORK_NAME . " CService Complaints] " . $_GET["ID"] . " - " . ucfirst($cmp_status[$_POST["newstatus"]]) . " by admin", $mm, "From: " . NETWORK_NAME . " Channel Service <" . OBJECT_EMAIL . ">\nReply-to: DO.NOT@REPLY.THANKS\nX-Mailer: " . NETWORK_NAME . " CService Complaint Module\n\n");
         echo "<br><br><b>Additionally the complaint ticket is now '" . strtoupper($cmp_status[$_POST["newstatus"]]) . "', The user is being notified by e-mail.</b><br><br>";
     }
$r = @pg_safe_exec("SELECT id,from_email FROM complaints WHERE created_crc='" . $_GET["ID"] . "' AND status=0 AND crc_expiration>=now()::abstime::int4");
if (!$r) {
    echo "<h2>Invalid ID</h2>";
} else {
    if ($o = pg_fetch_object($r)) {
        $ticket_number = strtoupper($o->id . "-" . substr(md5($o->id . CRC_SALT_0007 . "ticket"), 0, 10));
        pg_safe_exec("UPDATE complaints SET status=1,nicelevel=1,ticket_number='" . $ticket_number . "' WHERE id='" . (int) $o->id . "'");
        echo "<h2>That's it !</h2><br><h3><br>";
        echo "Your complaint has been placed in the work queue and will be processed as soon as possible.<br><br>\n";
        echo "Please allow 3-5 days for processing, You will be re-contacted by e-mail.<br></h3><br><h4><br>\n";
        echo "Your ticket number is <b>" . $ticket_number . "</b>, you can see the status of your complaint by going to :<br>\n";
        $status_url = gen_server_url() . substr($REQUEST_URI, 0, strrpos($REQUEST_URI, "/")) . "/status.php";
        $added_url_s = "?ID=" . $ticket_number;
        echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"status.php" . $added_url_s . "\">" . $status_url . $added_url_s . "</a><br><br>\n";
        echo "You can ABANDON / CLOSE your complaint by going to :<br>\n";
        $close_url = gen_server_url() . substr($REQUEST_URI, 0, strrpos($REQUEST_URI, "/")) . "/ticket.php";
        $added_url_c = "?A=close&ID=" . $ticket_number . "&C=" . md5(CRC_SALT_0005 . $ticket_number . "close");
        echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"ticket.php" . $added_url_c . "\">" . $close_url . $added_url_c . "</a><br><br>\n";
        echo "The " . NETWORK_NAME . " Channel Service Complaint Department Team.<br><br></h4>\n";
        echo "<br><br>";
        $mmsg = "Your complaint has been recorded in our system under the ticket number :\n\n";
        $mmsg .= "\t\t\t" . $ticket_number . "\n\n";
        $mmsg .= "You will be contacted back via e-mail about your problem, however if you want\n";
        $mmsg .= "you can check the 'status' of your complaint and or cancel it by following the links below :\n\n";
        $mmsg .= "\tView ticket status:\n\t" . $status_url . $added_url_s . "\n\n";
        $mmsg .= "\tClose ticket (CANCEL):\n\t" . $close_url . $added_url_c . "\n\n";
        $mmsg .= "\n\n";
        $mmsg .= "The " . NETWORK_NAME . " Channel Service Complaint Department Team.\n\n\n";
        mail($o->from_email, "[" . NETWORK_NAME . " CService Complaints] " . $ticket_number . " - Opened", $mmsg, "From: " . NETWORK_NAME . " Channel Service <" . OBJECT_EMAIL . ">\nReply-to: DO.NOT@REPLY.THANKS\nX-Mailer: " . NETWORK_NAME . " CService Complaint Module\n\n");
        echo "<a href=\"../\" target=_top><b>Go back</b></a>\n";
    } else {
<?php

/* <!-- $Id: cr_newuser.php,v 1.4 2003/08/17 05:47:55 nighty Exp $ //--> */
require "../../php_includes/cmaster.inc";
std_init();
$cTheme = get_theme_info();
if ($admin < 800) {
    die("Wrong way, sorry!");
}
$confirm_url = gen_server_url() . substr($REQUEST_URI, 0, strrpos($REQUEST_URI, "/")) . "/confirm.php";
//
$lowusername = strtolower($username);
// lower case pgsql cares
$lowemail = strtolower($email);
// lower case pgsql cares
$failed = 0;
// assume success!
$headerz = "<h1>Admin User Registration Page</h1><hr>";
$first_error = 1;
// TODO: Also, regex match obscenities, CService CServe, IRCOp, Oper, etc in username -- lgm
// TODO: Minumum length
if ($username != "") {
    if (strlen($username) > 12 || strlen($username) < 2) {
        $failed = 1;
        if ($first_error) {
            std_theme_styles(1);
            std_theme_body();
            echo $headerz;
            $first_error = 0;
        }
        echo "<p><font color=\"#" . $cTheme->main_warnmsg . "\">That username is not valid, the username must be between 2 and 12 characters in length.</font>  The current username ";
    if (pg_numrows($check1) > 0) {
        $tmp = pg_fetch_object($check1, 0);
        echo "<h2>\n";
        if ($tmp->user_name == $user->user_name) {
            echo "Hum?! You are not changing your e-mail adress here ;P, you put the same one !<br>\n";
        } else {
            echo "This new e-mail address is already used by another CService username.<br>\n";
        }
        echo "<a href=\"javascript:history.go(-1);\">Try Again</a><br>\n";
        echo "</h2>\n";
        echo "</body>\n</html>\n\n";
        die;
    }
    $cookieval = md5(CRC_SALT_0020 . uniqid("", 1) . time() . $da_newmail);
    pg_safe_exec("INSERT INTO pending_emailchanges (cookie,user_id,old_email,new_email,expiration) VALUES ('{$cookieval}',{$user_id},'{$da_emailaddy}','{$da_newmail}',now()::abstime::int4+21600)");
    $confirm_url = gen_server_url() . substr($REQUEST_URI, 0, strrpos($REQUEST_URI, "/")) . "/confirm_emailchange.php?ID={$cookieval}";
    $the_msg = "If you would like to confirm that the new email-in-record for '{$da_username}' should be '{$da_newmail}',\n";
    $the_msg .= "then click on the link below within 6 hours :\n\n";
    $the_msg .= "\t{$confirm_url}\n\n\nThank you\n" . NETWORK_NAME . " Channel Service\n\n\nPS- Please do *NOT* reply to this mail.";
    mail($da_emailaddy, "E-Mail change request", $the_msg, "From: " . NETWORK_NAME . " E-Mail Change Request <" . OBJECT_EMAIL . ">\nReply-To: no.reply@thank.you\nX-Mailer: " . NETWORK_NAME . " Channel Service");
    /* make the user can re-port in 10 days. */
    pg_safe_exec("UPDATE users SET post_forms=(now()::abstime::int4+86400*10) WHERE id=" . $user_id);
    echo "<h2>";
    echo "Please check your e-mail at '{$da_emailaddy}',<br>then click on the URL to confirm the email change.<br><br>\n";
    echo "Note: *nothing* will be changed if you don't click that URL.\n";
    echo "</h2>\n";
    echo "</body></html>\n\n";
    die;
}
?>
<form method=POST>
Exemple #5
0
<?php 
    if ($sba) {
        // the user prolly have a cookie problem
        ?>
<br>
<table width=500 border=1 cellspacing=0 cellpadding=10 bgcolor=#<?php 
        echo $cTheme->table_bgcolor;
        ?>
>
<tr><td valign=top>
It seems that your web browser is not properly accepting the cookie we sent in order to authenticate you.<br>
Please check the following possible cause of this problem in order to be able to log in :<br>
<ul>
<li><u>Your web browser uses an HTTP proxy that filters out 'cookies' :</u><br>
<i>try to exclude <b><?php 
        echo gen_server_url();
        ?>
</b> from it</i><br><br>
<li><u>Your web browser has a restrictive 'cookie' policy :</u><br>
<i>lower the security level about (or against) cookies; accepting cookie <b>only sent back to originating server</b> should do it for that website</i><br><br>
<li><u>You time and date is set incorrectly on your local machine :</u><br>
<i>This would make the cookie expire immediately if your unix timestamp is more than one hour
above the cookie default initial expiration, correct your date and time on your system if needed</i>
<br><br>
</ul><br>
If none of this solves your problem, try re-installing your web browser or picking another one ;P<br>
</td></tr></table>
<?php 
    }
    ?>
If you do not have an account, <a href="newuser.php">create one</a> now!
} else {
    echo "<b>{$posted_by}</b>";
}
echo "</font></td></tr>\n";
if ($nrw_lvl > 0 && $status == 3) {
    if ($ackd) {
        $ackd_txt = "YES";
    } else {
        $ackd_txt = "NO";
    }
    echo "<tr><td valign=center align=right><u>Acknowledged :</u>&nbsp;</td><td valign=center><font size=+1><b>{$ackd_txt}</b></font></td></tr>\n";
}
echo "<tr><td valign=center align=right><u>Current status :</u>&nbsp;</td><td valign=center><font size=+2><b><font color=" . $status_color . ">" . $status_msg . "</font></b></font></td></tr>\n";
$backlink2 = $backlink;
if ($backlink2 == "list_app.php") {
    $backlink2 = gen_server_url() . $REQUEST_URI;
}
if (REQUIRED_SUPPORTERS > 0 && $nrw_lvl > 0) {
    echo "<tr><td valign=center align=right><font color=#ff0000><b>*</b></font>&nbsp;<u>Review :</u>&nbsp;</td><td valign=center><font size=+1><b>";
    if ($ptable->reviewed == "Y") {
        $rrev = pg_safe_exec("SELECT user_name FROM users WHERE id='" . $ptable->reviewed_by_id . "'");
        $rev = pg_fetch_object($rrev, 0);
        echo "</b><font color=#ffffff>Reviewed by " . $rev->user_name . "</font><b>&nbsp;&nbsp;&nbsp;";
        if ($admin >= 800) {
            // || $status==2 || $status==3 || $status==8) {
            echo "<a href=\"clear_review.php?id={$id}&retret=" . urlencode($backlink2) . "\">Clear</a>";
        }
    } else {
        if ($status == 2 || $status == 3 || $status == 8) {
            echo "<a href=\"review_app.php?id={$id}&retret=" . urlencode($backlink2) . "\">Mark as reviewed now</a>";
        } else {
        echo "</h2>\n";
        echo "</body>\n</html>\n\n";
        die;
    }
    if (is_locked_va($verifdata)) {
        // verif must not match an entry in the VA locklist (noreg type 5 - stored in 'user_name')
        echo "<h2>\n";
        echo "The verification answer you have chosen is too common. Please pick an answer that is unique and that you will remember.<br>\n";
        echo "<a href=\"javascript:history.go(-1);\">Go Back</a><br>\n";
        echo "</h2>\n";
        echo "</body>\n</html>\n\n";
        die;
    }
    $cookieval = md5(CRC_SALT_0015 . uniqid("", 1) . time() . $da_emailaddy . $verifdata);
    pg_safe_exec("INSERT INTO pending_pwreset (cookie,user_id,question_id,verificationdata,expiration) VALUES ('{$cookieval}',{$uid},'{$verifq}','{$verifdata}',now()::abstime::int4+21600)");
    $confirm_url = gen_server_url() . substr($REQUEST_URI, 0, strrpos($REQUEST_URI, "/")) . "/confirm_pwreset.php?ID={$cookieval}";
    $the_msg = "If you would like to confirm that the new verification question/answer for '{$da_username}' should be changed as requested,\n";
    $the_msg .= "then click on the link below within 6 hours :\n\n";
    $the_msg .= "\t{$confirm_url}\n\n\nThank you\n" . NETWORK_NAME . " Channel Service\n\n\nPS- Please do *NOT* reply to this mail.";
    mail($da_emailaddy, "Verification Question/Answer Reset", $the_msg, "From: " . NETWORK_NAME . " Verification answer reset <" . OBJECT_EMAIL . ">\nReply-To: no.reply@thank.you\nX-Mailer: " . NETWORK_NAME . " Channel Service");
    echo "<h2>";
    echo "Please check your e-mail at '{$da_emailaddy}',<br>then click on the URL to confirm the verification question/answer reset.<br><br>\n";
    echo "Note: *nothing* will be changed if you don't click that URL.\n";
    echo "</h2>\n";
    echo "</body></html>\n\n";
    die;
}
?>
<form method=POST>
<ol>
 <li>Your username: <b><?php 
    //	echo $query;
    $mmsg = "";
    $mmsg .= "Hello,\n\nIf you would like to confirm the \"Manager Change\" request for channel '" . str_replace("\\'", "'", $channel) . "',\n";
    $mmsg .= "thus giving it ";
    if ($mctype == 1) {
        $mmsg .= "TEMPORARILY for {$nbretOK} ";
        //		if ($nbtype==1) { $mmsg .= "day(s) "; }
        //		if ($nbtype==2) { $mmsg .= "week(s) "; }
        $mmsg .= "week(s) ";
        //		if ($nbtype==3) { $mmsg .= "month(s) "; }
    } else {
        $mmsg .= "PERMANENTLY ";
    }
    $mmsg .= "to user '{$newmgr->user_name}' who is a level 499 on " . str_replace("\\'", "'", $channel) . ",\n\n";
    $mmsg .= "then click on the following link to confirm (say YES) within SIX HOURS, after that it will be too late :\n\n";
    $mmsg .= "\t" . gen_server_url() . substr($REQUEST_URI, 0, strrpos($REQUEST_URI, "/")) . "/confirm_mgrchange.php?ID={$crc_cookie}\n\n";
    $mmsg .= "if you dont want this request to be processed, just IGNORE this mail and DO NOT click on the above URL.\n\n\n";
    $mmsg .= "The " . NETWORK_NAME . " Channel Service.\n\n";
    mail($user->email, "Manager Change Request via WEB", $mmsg, "From: {$x_at_email}\nReply-To: Dont.Reply@Thank.You\nX-Mailer: " . NETWORK_NAME . " Channel Service");
    //	echo "<pre>$mmsg</pre>\n";
    /* make the user can re-post in 10 days. */
    pg_safe_exec("UPDATE users SET post_forms=(now()::abstime::int4+86400*10) WHERE id='" . $user_id . "'");
    echo "<h2>";
    echo "Please read your email at '{$user->email}'<br>and click on the link to CONFIRM your request<br>within <b>6 hours</b>\n";
    echo "</h2>\n";
    echo "</body></html>\n\n";
    die;
}
$res = pg_safe_exec("SELECT * FROM users WHERE id=" . $user_id);
$user = pg_fetch_object($res, 0);
$res2 = pg_safe_exec("SELECT channels.name,channels.id FROM channels,levels WHERE levels.channel_id=channels.id and levels.user_id=" . $user_id . " and levels.access=500 and channels.id>1 and channels.registered_ts>0");
                     $crypt = $user->password;
                 }
                 $ss = "[Forgotten Password] Confirmation request for '" . $user->username . "'";
                 $mm = "";
                 $mm .= "------- SECURITY -------\n\n";
                 $mm .= "Forgotten password request for * account:\n";
                 $mm .= "USER_ID = " . $user->id . "\n";
                 $mm .= "USER_LEVEL = *" . $oa->access . "\n";
                 $mm .= "USERNAME = "******"\n";
                 $mm .= "USER_EMAIL = " . $user->email . "\n";
                 $mm .= "REQUEST_IP = " . cl_ip() . "\n";
                 $mm .= "REQUEST_HOST = " . cl_host() . "\n";
                 $ts = time();
                 $mm .= "REQUEST_TIME = " . cs_time($ts) . " (" . $ts . ")\n";
                 $c_URL = gen_server_url() . LIVE_LOCATION . "/cfp.php?id=" . $user->id . "&crc=" . $Xcrc;
                 $a_URL = gen_server_url() . LIVE_LOCATION . "/dfp.php?id=" . $user->id . "&crc=" . $Xcrc;
                 $mm .= "\n";
                 $mm .= "CONFIRMATION_URL = " . $c_URL . "\n";
                 $mm .= "\n";
                 $mm .= "CANCEL_URL = " . $a_URL . "\n";
                 $mm .= "\n";
                 $mm .= "-------------------------\n\n";
                 $doconf = 1;
                 mail(CONFIRM_STAR_PWRESET_MAIL, $ss, $mm, "From: Channel Service <*****@*****.**>\nX-Mailer: CSC-1.1\n\n");
             }
         }
     }
 }
 if (!$doconf || LOCK_ON_PWCHG) {
     $res = pg_safe_exec("update users set password='******', " . " last_updated = now()::abstime::int4, " . " last_updated_by = 'forgotten password (" . cl_ip() . ")' " . " where " . "  id='" . $user->id . "'");
 }