$nickname = ""; } if (!isset($email)) { $email = ""; } echo "<tr BGCOLOR=\"{$farbe_tabelle_kopf}\"><td>" . $t['pwneu2'] . "</td><td><input name=\"nickname\" width=50 value=\"{$nickname}\"></td></tr>\n" . "<tr BGCOLOR=\"{$farbe_tabelle_kopf}\"><td>" . $t['pwneu3'] . "</td><td><input name=\"email\" width=50 value=\"{$email}\"></td></tr>\n"; } echo "<input type=hidden name=\"http_host\" value=\"{$http_host}\">\n" . "<input type=hidden name=\"aktion\" value=\"passwort_neu\">\n" . "<tr BGCOLOR=\"{$farbe_tabelle_kopf}\"><td colspan=2><input type=submit value=\"Absenden\"></td></tr>\n" . "</form></table>"; } else { if ($richtig && $u_id) { $query = "SELECT u_adminemail, u_nick FROM user WHERE u_id = '{$u_id}' AND u_level = 'U' LIMIT 2"; $result = mysql_query($query); if ($result && mysql_numrows($result) == 1) { unset($f); $a = mysql_fetch_array($result); $pwdneu = genpassword(8); $f['u_passwort'] = $pwdneu; $f['u_id'] = $u_id; $text = str_replace("%passwort%", $f['u_passwort'], $t['pwneu15']); $text = str_replace("%nickname%", $a['u_nick'], $text); $ok = mail($a['u_adminemail'], $t['pwneu14'], $text, "From: {$webmaster} ({$chat})"); if ($ok) { echo $t['pwneu12']; schreibe_db("user", $f, $f['u_id'], "u_id"); } else { echo $t['pwneu13']; } } } } zeige_fuss();
/** * send_remindpass * * sends an e-mail to the user with new generated password or * if errors occurred then saves errors to the $site->fdat['form_error'] array. * Requires: GET/POST parameter "op2" must be "send", is step 2 after #remind password# form * * @package CMS * * usage: include_once($class_path."login_html.inc.php"); * send_remindpass(array("site" => $this)); */ function send_remindpass() { $args = func_get_arg(0); $site = &$args['site']; # pointer to site instance # check if feature is allowed: if(!$site->CONF['allow_forgot_password']){ return; } ######################### # STEP 2 => SEND E-MAIL if($site->fdat['op2'] == 'send') { ##### emaili formaadi kontroll if (!preg_match("/^[\w\-\&\.\d]+\@[\w\-\&\.\d]+$/", $site->fdat['email'])) { $op2_status = "error"; $site->fdat['form_error']['email'] = $site->sys_sona(array(sona => "wrong email format", tyyp=>"kasutaja")); } #### if no errors if ($op2_status != "error") { ###### check if user exists $sql = $site->db->prepare("SELECT user_id, firstname,lastname,username,email,is_readonly FROM users WHERE email LIKE ? ", $site->fdat['email']); # print $sql; $sth = new SQL($sql); $site->debug->msg($sth->debug->get_msgs()); $user = $sth->fetch(); # printr($user); # exit; ##### exactly 1 user found => OK if ($sth->rows == 1 && $user['is_readonly']!=1) { # data sanity: if account info exists => OK if($user['username']){ ######## always GENERATE NEW PASSWORD $new_pass = genpassword(8); # length 8 char # then encrypt password $enc_new_pass = crypt($new_pass, Chr(rand(65,91)).Chr(rand(65,91))); ########## CHANGE password $sql = $site->db->prepare("UPDATE users SET password=? WHERE user_id=? ", $enc_new_pass, $user['user_id']); # print $sql; $sth = new SQL($sql); ########## SEND email $header = "<br>"; $footer = "<br>____________________________________<br> ".$site->CONF["site_name"]."<br> ".(empty($_SERVER['HTTPS']) ? 'http://' : 'https://').$site->CONF["hostname"].$site->CONF["wwwroot"]."/"; /* $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=".$site->encoding."\r\n"; $headers .= "From: ".$site->CONF["from_email"]."\r\n"; */ $message .= " ".$site->sys_sona(array(sona => "Name", tyyp=>"Admin")).": ".$user['firstname']." ".$user['lastname']."<br> ".$site->sys_sona(array(sona => "Username", tyyp=>"Admin")).": ".$user['username']."<br> ".$site->sys_sona(array(sona => "Password", tyyp=>"Admin")).": ".$new_pass."<br> "; $message .= '<br>'.$site->sys_sona(array(sona => "forgotten password: mail body", tyyp=>"kasutaja")).'<br>'; global $class_path; include_once($class_path.'mail.class.php'); $mail = new email(array( 'subject' => $site->sys_sona(array('sona' => 'unustatud parool: subject', 'tyyp' => 'kasutaja')), 'message' => strip_tags($header.$message.$footer), 'html' => $header.$message.$footer, 'charset' => $site->encoding, )); $send_status = $mail->send_mail(array( 'to' => $user['email'], 'from' => $site->CONF['from_email'], )); //$send_status = mail ($user['email'],$site->sys_sona(array(sona => "unustatud parool: subject", tyyp=>"kasutaja")), $header.$message.$footer, $headers); ######## MAIL OK if ($send_status) { new Log(array( 'action' => 'send', 'component' => 'Users', 'message' => "Password reminder: e-mail sent to '".$user['email']."'.", )); $op2_status = "ok"; } ######## MAIL ERROR else { new Log(array( 'action' => 'send', 'component' => 'Users', 'type' => 'ERROR', 'message' => "Password reminder error: can't send e-mail to '".$user['email']."'.", )); $op2_status = "error"; $site->fdat['form_error']['email'] = $site->sys_sona(array(sona => "viga", tyyp=>"kujundus")); } } # if account info exists # if no username found => error else { new Log(array( 'action' => 'send', 'component' => 'Users', 'type' => 'ERROR', 'message' => "Password reminder error: user with e-mail '".$site->fdat['email']."' doesn't have username.", )); $op2_status = "error"; $site->fdat['form_error']['email'] = $site->sys_sona(array(sona => "email not found", tyyp=>"kasutaja")); } } # exactly 1 user found else { # 0) the User is flagged is_readonly => write log message if($user['is_readonly']==1){ new Log(array( 'action' => 'send', 'component' => 'Users', 'type' => 'ERROR', 'message' => "Password reminder error: the email '".$site->fdat['email']."' belongs to a is_readonly flagged user, so no password was sent.", )); }else{ # 1) if more than 1 users found => write log message if($sth->rows > 1) { new Log(array( 'action' => 'send', 'component' => 'Users', 'type' => 'ERROR', 'message' => "Password reminder error: more than 1 user found with e-mail '".$site->fdat['email']."'.", )); } # 2) if no users found => write log message and give error message else { new Log(array( 'action' => 'send', 'component' => 'Users', 'type' => 'ERROR', 'message' => "Password reminder error: no user found with e-mail '".$site->fdat['email']."'.", )); } } $op2_status = "error"; $site->fdat['form_error']['email'] = $site->sys_sona(array(sona => "email not found", tyyp=>"kasutaja")); } # how many users found } # email is ok } # op2 # / STEP 2 => SEND ######################### return $site->fdat['form_error']; }
if ($rs === false) { echo "<tr>\n<td colspan='9'>Data not added - a database error occured while saving your data</td>\n<tr>"; } else { if ($rs->RecordCount() > 0) { echo "<tr>\n<td colspan='9'>Data not added - UserID-Expression already exists</td>\n<tr>"; } else { if ($userid == 'public') { echo "<tr>\n<td colspan='9'>Data not added - you cannot use 'public' as UserID</td>\n<tr>"; } else { $sql = "INSERT INTO " . $db_prefix . "user_auth VALUES(" . $db->qstr($userid) . "," . $db->qstr($authtype) . "," . $db->qstr($admin) . "," . $db->qstr($editor) . "," . $db->qstr($addimages) . "," . $db->qstr($usegroups) . "," . $db->qstr($editgroups) . "," . $db->qstr($active) . ")"; $rs = $db->Execute($sql); if ($rs === false) { echo "<tr>\n<td colspan='9'>Data not added - a database error occured while saving your data</td>\n<tr>"; } if ($authtype == 'static') { $randompassword = genpassword(8); $pwd_hash = md5($randompassword); $sql = "INSERT INTO " . $db_prefix . "user_passwd VALUES(" . $db->qstr($userid) . "," . $db->qstr($pwd_hash) . ")"; $rs = $db->Execute($sql); if ($rs === false) { echo "<tr>\n<td colspan='9'>Data not added - a database error occured while setting the new password</td>\n<tr>"; } echo "<tr>\n<td colspan='9'>A new static user has been created with the password '" . $randompassword . "'. You can change it with the link in the list.</td>\n<tr>"; } } } } } } } if ($action == "delete" && $userid > -1) {
// echo "Logout complete.\n"; debug("Logout complete.\n"); $logged_in = false; break; case 'newform': // Someone clicked "Create a new account", so ask them for an email address. // Reqtype in the form is set to 'newsubmit'. luser_newform(); exit; break; case 'newsubmit': // $reqtype == 'newsubmit'... // We got an email address to create an account for - create the account // and tell the user to check his email. $user = sanitizeInput($_REQUEST['luser']); if (!luser_create($user, genpassword())) { echo "Error: Unable to create user account.\n"; exit; } luser_checkyourmail(); exit; break; default: // Unrecognized reqtype. echo "Error: Unrecognized request type (" . $reqtype . ")\n<br>\n"; luser_loginfailed(); exit; } // echo "Reqtype: $reqtype\n<br>\n"; // echo "Luser: $user\n<br>\n"; // echo "Pass: $pass\n<br>\n";
echo 'You do not have the permission to access this script.'; exit; } ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> </head> <body> <?php if (!isset($_GET['genpassword'])) { listuser(); } else { if (!isset($_SESSION['genkey']) || !isset($_GET['genpassword']) || $_SESSION['genkey'] != $_GET['genpassword']) { echo 'cannot refress on this page<br>'; listuser(); } else { unset($_SESSION['genkey']); genpassword(); } } ?> <br><br><b>Back to <a href="../main.php">main.</a></b> </body> </html>
$errormessage = 'Passwords do not match or are below the minimum required length.'; } } else { $errormessage = 'Username already exists. Please try another.'; } } if ($function == 'Reset Password') { ## Get their email address and username $email = mysql_real_escape_string($email); $query = "SELECT emailaddress, username, id FROM users WHERE emailaddress='{$email}'"; $result = mysql_query($query) or die('Query failed: ' . mysql_error()); $db = mysql_fetch_object($result); ## If we found a match if ($db->id) { ## Generate a random password $newpass = genpassword(8); ## Set it in the database $newpass = mysql_real_escape_string($newpass); $query = "UPDATE users SET userpass=PASSWORD('{$newpass}') WHERE id='{$db->id}'"; $result = mysql_query($query) or die('Query failed: ' . mysql_error()); ## Email it to the user $from = "TheGamesDB <{$mail_username}>"; $host = $mail_server; $to = $db->username . '<' . $db->emailaddress . '>'; $subject = "Your account information"; $message = "This is an automated message.\n\nYour GamesDB password has been reset.\n\nHere is your new login information:\nusername: {$db->username}\npassword: {$newpass}\n\nIf you have any questions, please let us know.\n\nTheGamesDB Crew\n"; $headers = 'From: ' . $from; mail($to, $subject, wordwrap($message, 70), $headers); $message = 'Login information has been sent.'; } else { $errormessage = 'That address cannot be found.';
function gensalt($length) { return genpassword($length); }