$name = '';
$email = '';
if (!empty($_POST['nutz'])) {
$name = escape($_POST['nutz'], 'string');
}
if (!empty($_POST['email'])) {
$email = escape($_POST['email'], 'string');
}
$ch_name = false;
$xname = escape_nickname($name);
if (!empty($name) and $xname == $name and 0 == db_result(db_query("SELECT COUNT(*) FROM `prefix_user` WHERE `name_clean` = BINARY '" . get_lower($name) . "'"), 0)) {
$ch_name = true;
}
$ch_email = false;
$xemail = escape_for_email($email);
if (!empty($email) and $xemail == $email and 0 == db_result(db_query("SELECT COUNT(*) FROM `prefix_user` WHERE `email` = BINARY '" . get_lower($email) . "'"), 0)) {
$ch_email = true;
}
if (empty($name) or empty($email) or $name != $xname or $ch_name == false or $email != $xemail or $ch_email == false) {
$title = $allgAr['title'] . ' :: Users :: Registrieren :: Step 2 von 3';
$hmenu = $extented_forum_menu . '<a class="smalfont" href="?user">User</a><b> » </b><a class="smalfont" href="?user-regist">Registrieren</a><b> » </b>Step 2 von 3' . $extented_forum_menu_sufix;
$header = array('jquery/pstrength-min.1.2.js', 'jquery/pstrength.css', 'jquery/jquery.validate.js', 'forms/regist.js');
$design = new design($title, $hmenu, 1);
$design->header($header);
if (empty($name) or empty($email)) {
$fehler = $lang['yourdata'];
} elseif ($name != $xname) {
$fehler = $lang['wrongnickname'];
} elseif ($ch_name == false) {
$fehler = $lang['namealreadyinuse'];
} elseif ($email != $xemail) {
<?php
/**
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL)
* @copyright (C) 2000-2010 ilch.de
* @version $Id$
*/
defined('main') or die('no direct access');
$title = $allgAr['title'] . ' :: Users :: Password Reminder';
$hmenu = $extented_forum_menu . '<a class="smalfont" href="?user">Users</a><b> » </b> Password Reminder' . $extented_forum_menu_sufix;
$design = new design($title, $hmenu, 1);
$design->header();
$show = true;
if (isset($_POST['email'])) {
$email = get_lower(escape($_POST['email'], 'string'));
$erg = db_query("SELECT `name` FROM `prefix_user` WHERE `email` = BINARY '" . $email . "'");
if (db_num_rows($erg) == 1) {
$row = db_fetch_assoc($erg);
$new_pass = genkey(8);
$md5_pass = md5($new_pass);
$id = md5(uniqid(rand()));
db_query("INSERT INTO `prefix_usercheck` (`check`,`name`,`email`,`pass`,`datime`,`ak`)\n\t\tVALUES ('" . $id . "','" . $row['name'] . "','" . $email . "','" . $md5_pass . "',NOW(),2)");
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
$confirmlinktext = "\n" . $lang['registconfirm'] . "\n\n" . sprintf($lang['registconfirmlink'], $page, $id);
$regmail = sprintf($lang['newpasswordmail'], $row['name'], $confirmlinktext, $new_pass);
icmail($email, 'Password Reminder', $regmail);
// email an user
echo $lang['youhavereceivedaemail'];
$show = false;
} else {
echo $lang['namenotfound'];
$far = array('name', 'skill', 'icqnumber', 'favmap', 'mail', 'age', 'hometown', 'squad', 'ground', 'rules');
$x = 0;
foreach ($far as $v) {
if (!empty($_POST[$v])) {
${$v} = escape($_POST[$v], 'string');
$x++;
} else {
${$v} = '';
}
}
$xname = escape_nickname($name);
$ch_name = false;
$joinusspam = true;
if (loggedin()) {
$ch_name = true;
} elseif (isset($_POST['sub']) and $name == $xname and !empty($name) and 0 == db_result(db_query("SELECT COUNT(*) FROM `prefix_user` WHERE `name_clean` = BINARY '" . get_lower($name) . "'"), 0)) {
$ch_name = true;
}
if (isset($_POST['sub'])) {
if (chk_antispam('joinus') != true) {
$fehler .= '· ' . $lang['incorrectspam'] . '<br/>';
$joinusspam = false;
}
}
if (count($far) != $x or $ch_name == false or $joinusspam == false) {
$tpl = new tpl('joinus.htm');
$skill = '<option></option>';
$skill .= arlistee($skill, $skill_ar);
$squad = '<option></option>';
$squad .= dblistee($squad, "SELECT `id`,`name` FROM `prefix_groups` WHERE `show_joinus` = 1 ORDER BY `pos`");
if (loggedin()) {
function user_regist($name, $mail, $pass)
{
global $allgAr, $lang;
$name_clean = get_lower($name);
$erg = db_query("SELECT `id` FROM `prefix_user` WHERE `name_clean` = BINARY '" . $name_clean . "'");
if (db_num_rows($erg) > 0) {
return false;
}
$mail = get_lower($mail);
$erg = db_query("SELECT `id` FROM `prefix_user` WHERE `email` = BINARY '" . $mail . "'");
if (db_num_rows($erg) > 0) {
return false;
}
if ($allgAr['forum_regist_user_pass'] == 0) {
$new_pass = genkey(8);
} else {
$new_pass = $pass;
}
$md5_pass = md5($new_pass);
$confirmlinktext = '';
// confirm insert in confirm tb not confirm insert in user tb
if ($allgAr['forum_regist_confirm_link'] == 1) {
// confirm link + text ... bit of shit put it in languages file
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
$id = md5(uniqid(rand()));
$confirmlinktext = "\n" . $lang['registconfirm'] . "\n\n" . sprintf($lang['registconfirmlink'], $page, $id);
db_query("INSERT INTO `prefix_usercheck` (`check`,`name`,`email`,`pass`,`datime`,`ak`)\r\n\t\tVALUES ('" . $id . "','" . $name . "','" . $mail . "','" . $md5_pass . "',NOW(),1)");
} else {
db_query("INSERT INTO `prefix_user` (`name`,`name_clean`,`pass`,`recht`,`regist`,`llogin`,`email`,`status`,`opt_mail`,`opt_pm`)\r\n\t\tVALUES('" . $name . "','" . $name_clean . "','" . $md5_pass . "',-1,'" . time() . "','" . time() . "','" . $mail . "',1,1,1)");
$userid = db_last_id();
}
$regmail = sprintf($lang['registemail'], $name, $confirmlinktext, $mail, $new_pass);
icmail($mail, 'Anmeldung', $regmail);
// email an user
return true;
}
function get_lower($value)
{
if (is_array($value)) {
foreach ($value as $key => $wert) {
$array[$key] = get_lower($wert);
}
return $array;
} else {
return strtolower($value);
}
}
echo $lang['confirmregist'];
} else {
echo $lang['confirmregistfailed'];
}
break;
// confirm new pass
// confirm new pass
case 2:
db_query("UPDATE `prefix_user` SET `pass` = '" . $row['pass'] . "' WHERE `name` = BINARY '" . $row['name'] . "'");
echo $lang['confirmpassword'];
break;
// confirm new email
// confirm new email
case 3:
list($id, $muell) = explode('||', $row['check']);
db_query("UPDATE `prefix_user` SET `email` = '" . get_lower($row['email']) . "' WHERE `id` = " . escape($id, 'integer'));
echo $lang['confirmemail'];
break;
// ak 4 wurde besetzt fuer joinus anfragen...
// ak 4 wurde besetzt fuer joinus anfragen...
case 4:
break;
// ak 5 remove account
// ak 5 remove account
case 5:
list($id, $muell) = explode('-remove-', $row['check']);
if ($id != $_SESSION['authid']) {
break;
}
user_remove($id);
wd('index.php', 'Dein Account wurde gelöscht. Du wirst nun auf die Startseite geleitet.', 7);
break;
// mal kurz nen neuen user anlegen
// mal kurz nen neuen user anlegen
case 'createNewUser':
$msg = '';
if (!empty($_POST['name']) and !empty($_POST['pass']) and !empty($_POST['email']) and chk_antispam('adminuser_action', true)) {
$_POST['name'] = escape($_POST['name'], 'string');
$_POST['recht'] = escape($_POST['recht'], 'integer');
$_POST['email'] = escape($_POST['email'], 'string');
$erg = db_query("SELECT `id` FROM `prefix_user` WHERE `name_clean` = BINARY '" . get_lower($_POST['name']) . "'");
if (db_num_rows($erg) > 0) {
$msg = 'Der Name ist leider schon vorhanden!';
} else {
$new_pass = $_POST['pass'];
$md5_pass = md5($new_pass);
db_query("INSERT INTO `prefix_user` (`name`,`name_clean`,`pass`,`recht`,`regist`,`llogin`,`email`)\r\n\t\t VALUES('" . $_POST['name'] . "','" . get_lower($_POST['name']) . "','" . $md5_pass . "'," . $_POST['recht'] . ",'" . time() . "','" . time() . "','" . $_POST['email'] . "')");
$userid = db_last_id();
db_query("INSERT INTO `prefix_userfields` (`uid`,`fid`,`val`) VALUES (" . $userid . ",2,'1')");
db_query("INSERT INTO `prefix_userfields` (`uid`,`fid`,`val`) VALUES (" . $userid . ",3,'1')");
if (isset($_POST['info'])) {
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
$page = str_replace('admin.php', 'index.php', $page);
$tpl = new tpl('user/new_user_email', 1);
$tpl->set('name', $_POST['name']);
$tpl->set('pass', $_POST['pass']);
$tpl->set('page', $page);
$txt = $tpl->get(0);
unset($tpl);
icmail($_POST['email'], 'Admin hat dich angelegt', $txt);
}
$msg = 'Benutzer angelegt <a href="javascript:self.parent.ic.modalDialogClose();">Fenster schließen</a>';
<?php
/**
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL)
* @copyright (C) 2000-2010 ilch.de
* @version $Id$
* @author Florian Koerner
*/
defined('main') or die('no direct access');
// Wert escapen und umwandeln
$_POST = get_lower($_POST);
$name_clean = escape($_POST['value'], 'string');
// Abbrechen, wenn keine Übergabe stattgefunden hat
if (!isset($name_clean) || $name_clean == '') {
exit;
}
// Datenbank nach Nutzer durchsuchen
$found = array();
$erg = db_query("SELECT `name` FROM `prefix_user` WHERE `name_clean` LIKE '" . $name_clean . "%' ORDER BY `name` ASC LIMIT 10");
while ($row = db_fetch_assoc($erg)) {
$found[] = array("value" => $row['name']);
}
// JSON encode the array for return
echo json_encode($found);