Exemple #1
0
             $Error->set('email', $tpl->assign('error_email_exist', 'true'));
         }
         if ($Error->ErrorPresent()) {
             $tpl->assign('error', 'true');
         } else {
             if ($user_profile['gender'] == 'male') {
                 $gender = 'M';
             }
             if ($user_profile['gender'] == 'female') {
                 $gender = 'F';
             }
             $UserDB = new Db('users');
             $data = array('username' => safe($_POST['pseudo'], 'SQL'), 'password' => 'FB_' . hashMe(uniqid()), 'mail' => safe($_POST['email'], 'SQL'), 'rank' => $config->rank_default, 'look' => safe($_POST['figure'], 'SQL'), 'gender' => safe($gender['gender'], 'SQL'), 'motto' => $config->motto_default, 'credits' => $config->credit_default, 'activity_points' => $config->activitypoints_default, 'account_created' => FullDate('hc'), 'ip_reg' => safe($_SERVER['REMOTE_ADDR'], 'SQL'), 'last_online' => time());
             $UserDB->save($data);
             $uid = $db->getLastID();
             $salt = hashMe(uniqid());
             $req = $db->query('INSERT INTO habbophp_users_facebook VALUES ("","' . safe($uid, 'SQL') . '","' . safe($user_profile['id'], 'SQL') . '")');
             $Auth->setSaltUsers($uid);
             $d = date('Y-m-d');
             $db->query('UPDATE habbophp_stats SET inscrits=inscrits+1 WHERE date="' . $d . '"');
             $fid = $user_profile['id'];
             if ($Auth->connexionFB($fid) == true) {
                 redirection($config->url_site . '/me.php');
             }
         }
     }
     $tpl->display('header-lite.tpl');
     $tpl->display('register-fb.tpl');
 } else {
     $fid = $user_profile['id'];
     if ($Auth->connexionFB($fid) == true) {
Exemple #2
0
            $lastPassword = hashMe($_POST['lastPassword']);
            $req = $db->query('SELECT password FROM users WHERE password="******"');
            if (isset($_POST['lastPassword']) && empty($_POST['lastPassword'])) {
                $Error->set('lastPassword', $tpl->assign('error_last_password', 'true'));
            } elseif ($db->NumRowsC() == 0) {
                $Error->set('lastPassword', $tpl->assign('profile_error_last_password_correct', 'true'));
            }
        }
        if (isset($_POST['newPassword']) && empty($_POST['newPassword'])) {
            $Error->set('newPassword', $tpl->assign('profile_error_new_password_empty', 'true'));
        } elseif (strlen($_POST['newPassword']) <= 5) {
            $Error->set('password', $tpl->assign('profile_error_new_password_strlen', 'true'));
        }
        if (isset($_POST['newPasswordConfirm']) && empty($_POST['newPasswordConfirm'])) {
            $Error->set('password', $tpl->assign('profile_error_new_passwordConfirm_empty', 'true'));
        }
        if (trim($_POST['newPasswordConfirm']) != trim($_POST['newPassword'])) {
            $Error->set('password', $tpl->assign('profile_error_not_egale', 'true'));
        }
        if ($Error->ErrorPresent()) {
            $tpl->assign('error', 'true');
        } else {
            $req = $db->query('UPDATE users SET password="******" WHERE id="' . $user->id . '"');
            if ($req) {
                $tpl->assign('success', 'true');
            }
        }
    }
    $tpl->display('profile-password.tpl');
}
$tpl->display('footer.tpl');
Exemple #3
0
 public function setSaltUsers($id)
 {
     $dataSalt = $this->_db->query('SELECT * FROM habbophp_users_security WHERE uid="' . safe($id, 'SQL') . '"', true, false);
     $this->_db_security = new Db('habbophp_users_security');
     if ($this->_db->NumRowsC() == 0) {
         $data = array('salt' => hashMe(uniqid()), 'uid' => $id, 'expire' => time() + 12 * 3600);
         $this->_db_security->save($data);
     } else {
         if (time() > $dataSalt['expire']) {
             $data = array('salt' => hashMe(uniqid()), 'uid' => $id, 'expire' => time() + 12 * 3600, 'id' => $dataSalt['id']);
             $this->_db_security->save($data);
         }
     }
 }
Exemple #4
0
<?php

include "../../includes/settings.inc.php";
include "../../includes/functions.php";
mysql_connect(HOST, USER_DB, PASSWORD_DB);
mysql_select_db(NAME_DB);
if (empty($_POST['login'])) {
    die('Login ?');
}
if (empty($_POST['pwd'])) {
    die('Un mot de passe ?');
}
if (empty($_POST['nom_retro'])) {
    die('Un nom pour ton beau rétro ?');
}
mysql_query('INSERT INTO users (username,password,rank) VALUES ("' . safe($_POST['login'], 'SQL') . '","' . hashMe($_POST['pwd']) . '"
	,7)') or die('Error mysql');
mysql_query("UPDATE habbophp_config SET value='" . $_POST['url'] . "' WHERE name='url_site'") or die('Error mysql (url)');
mysql_query("UPDATE habbophp_config SET value='" . $_POST['nom_retro'] . "' WHERE name='name'") or die('Error mysql (nom rétro)');
echo 'true';
<?php

define('AUTH', 'AUTH');
require '../init.php';
if (!isset($_GET['mail']) or empty($_GET['mail']) or !Validate::ValideInput(array('mail' => 'isEmail'))) {
    echo 'no';
    exit;
}
$p = safe($_GET['mail'], 'SQL');
if (isset($p) && !empty($p) && $_SERVER['REQUEST_METHOD'] == "GET") {
    $db->query('SELECT id,username,mail FROM users WHERE mail="' . $p . '"');
    if ($db->NumRowsC() == 1) {
        $data = $db->getQuery();
        $new_password = hashMe(uniqid()) . hashMe(uniqid());
        $expire = time() + 3600 * 24;
        $req = $db->query('SELECT id,uid FROM habbophp_password_forgotten WHERE uid="' . $data['id'] . '"', true);
        if ($db->NumRowsC() == 0) {
            $db->query('INSERT INTO habbophp_password_forgotten VALUES ("","' . $data['id'] . '","' . $new_password . '","' . $expire . '")');
        } else {
            $db->query("UPDATE habbophp_password_forgotten SET keysecret='" . safe($new_password, 'SQL') . "' WHERE uid='" . safe($data['id'], 'SQL') . "'");
        }
        $link = $config->url_site . '/mot_de_passe_oublier.php?key=' . $new_password;
        $body = file_get_contents('../modules/mail/password_forgotten.html');
        $body = str_replace('{$url_site}', $config->url_site, $body);
        $body = str_replace('{$pseudo}', $data['username'], $body);
        $body = str_replace('{$link}', $link, $body);
        $mail = new PHPMailer();
        // defaults to using php "mail()"
        if (!empty($config->smtp_username) && !empty($config->smtp_password)) {
            $mail->IsSMTP();
            // telling the class to use SMTP
Exemple #6
0
<?php

define('RANK', '7');
require '../includes/init.php';
$usersManage = new Db('users');
if ($_GET['password'] == '') {
    unset($_GET['password']);
} else {
    $_GET['password'] = hashMe($_GET['password']);
}
$_GET['username'] = safe($_GET['username'], 'SQL');
if (EMULATOR == 'phoenix') {
    if ($_GET['rank'] == 2) {
        $_GET['vip'] = 1;
    }
}
unset($_GET['token']);
$jetons = $_GET['jetons'];
unset($_GET['jetons']);
if ($usersManage->save($_GET)) {
    echo '1';
}
$req = mysql_query('SELECT * FROM habbophp_users_jetons WHERE uid="' . safe($_GET['id'], 'SQL') . '"');
if (!mysql_num_rows($req)) {
    $reqJ = mysql_query('INSERT INTO habbophp_users_jetons VALUES ("","' . safe($_GET['id'], 'SQL') . '","' . $jetons . '")');
} else {
    $reqJ = mysql_query('UPDATE habbophp_users_jetons SET jetons=' . $jetons . ' WHERE uid="' . safe($_GET['id'], 'SQL') . '"');
}
if ($reqJ) {
    echo '1';
}
}
if (isset($_POST['password'])) {
    $Error = new error();
    $s = true;
    if (isset($_POST['password']) && empty($_POST['password'])) {
        $Error->set('password', $tpl->assign('error_password_empty', 'true'));
        $tpl->assign('error', 'true');
        $s = false;
    } elseif (strlen($_POST['password']) <= 5) {
        $Error->set('password', $tpl->assign('error_strlen', 'true'));
    }
    if (isset($_POST['retypedPassword']) && empty($_POST['retypedPassword'])) {
        $Error->set('retypedPassword', $tpl->assign('error_empty_retypedPassword', 'true'));
        $tpl->assign('error', 'true');
        $s = false;
    }
    if (isset($_POST['password']) && isset($_POST['retypedPassword']) && $s == true) {
        if (trim($_POST['password']) != trim($_POST['retypedPassword'])) {
            $Error->set('passwordNot', $tpl->assign('error_password_not_egal', 'true'));
            $tpl->assign('error', 'true');
        }
    }
    if (!$Error->ErrorPresent()) {
        $password = hashMe($_POST['password']);
        $req = $db->query('UPDATE users SET password="******" WHERE id="' . safe($data['uid'], 'HTML') . '"');
        $db->query('DELETE FROM habbophp_password_forgotten WHERE id="' . safe($data['id'], 'HTML') . '"');
        redirection($config->url_site . '/');
    }
}
$tpl->assign('email', $data['mail']);
$tpl->display('password_forgotten.tpl');