$Error->set('email', $tpl->assign('error_email_exist', 'true'));
}
if ($Error->ErrorPresent()) {
$tpl->assign('error', 'true');
} else {
if ($user_profile['gender'] == 'male') {
$gender = 'M';
}
if ($user_profile['gender'] == 'female') {
$gender = 'F';
}
$UserDB = new Db('users');
$data = array('username' => safe($_POST['pseudo'], 'SQL'), 'password' => 'FB_' . hashMe(uniqid()), 'mail' => safe($_POST['email'], 'SQL'), 'rank' => $config->rank_default, 'look' => safe($_POST['figure'], 'SQL'), 'gender' => safe($gender['gender'], 'SQL'), 'motto' => $config->motto_default, 'credits' => $config->credit_default, 'activity_points' => $config->activitypoints_default, 'account_created' => FullDate('hc'), 'ip_reg' => safe($_SERVER['REMOTE_ADDR'], 'SQL'), 'last_online' => time());
$UserDB->save($data);
$uid = $db->getLastID();
$salt = hashMe(uniqid());
$req = $db->query('INSERT INTO habbophp_users_facebook VALUES ("","' . safe($uid, 'SQL') . '","' . safe($user_profile['id'], 'SQL') . '")');
$Auth->setSaltUsers($uid);
$d = date('Y-m-d');
$db->query('UPDATE habbophp_stats SET inscrits=inscrits+1 WHERE date="' . $d . '"');
$fid = $user_profile['id'];
if ($Auth->connexionFB($fid) == true) {
redirection($config->url_site . '/me.php');
}
}
}
$tpl->display('header-lite.tpl');
$tpl->display('register-fb.tpl');
} else {
$fid = $user_profile['id'];
if ($Auth->connexionFB($fid) == true) {
$lastPassword = hashMe($_POST['lastPassword']);
$req = $db->query('SELECT password FROM users WHERE password="******"');
if (isset($_POST['lastPassword']) && empty($_POST['lastPassword'])) {
$Error->set('lastPassword', $tpl->assign('error_last_password', 'true'));
} elseif ($db->NumRowsC() == 0) {
$Error->set('lastPassword', $tpl->assign('profile_error_last_password_correct', 'true'));
}
}
if (isset($_POST['newPassword']) && empty($_POST['newPassword'])) {
$Error->set('newPassword', $tpl->assign('profile_error_new_password_empty', 'true'));
} elseif (strlen($_POST['newPassword']) <= 5) {
$Error->set('password', $tpl->assign('profile_error_new_password_strlen', 'true'));
}
if (isset($_POST['newPasswordConfirm']) && empty($_POST['newPasswordConfirm'])) {
$Error->set('password', $tpl->assign('profile_error_new_passwordConfirm_empty', 'true'));
}
if (trim($_POST['newPasswordConfirm']) != trim($_POST['newPassword'])) {
$Error->set('password', $tpl->assign('profile_error_not_egale', 'true'));
}
if ($Error->ErrorPresent()) {
$tpl->assign('error', 'true');
} else {
$req = $db->query('UPDATE users SET password="******" WHERE id="' . $user->id . '"');
if ($req) {
$tpl->assign('success', 'true');
}
}
}
$tpl->display('profile-password.tpl');
}
$tpl->display('footer.tpl');
public function setSaltUsers($id)
{
$dataSalt = $this->_db->query('SELECT * FROM habbophp_users_security WHERE uid="' . safe($id, 'SQL') . '"', true, false);
$this->_db_security = new Db('habbophp_users_security');
if ($this->_db->NumRowsC() == 0) {
$data = array('salt' => hashMe(uniqid()), 'uid' => $id, 'expire' => time() + 12 * 3600);
$this->_db_security->save($data);
} else {
if (time() > $dataSalt['expire']) {
$data = array('salt' => hashMe(uniqid()), 'uid' => $id, 'expire' => time() + 12 * 3600, 'id' => $dataSalt['id']);
$this->_db_security->save($data);
}
}
}
<?php
include "../../includes/settings.inc.php";
include "../../includes/functions.php";
mysql_connect(HOST, USER_DB, PASSWORD_DB);
mysql_select_db(NAME_DB);
if (empty($_POST['login'])) {
die('Login ?');
}
if (empty($_POST['pwd'])) {
die('Un mot de passe ?');
}
if (empty($_POST['nom_retro'])) {
die('Un nom pour ton beau rétro ?');
}
mysql_query('INSERT INTO users (username,password,rank) VALUES ("' . safe($_POST['login'], 'SQL') . '","' . hashMe($_POST['pwd']) . '"
,7)') or die('Error mysql');
mysql_query("UPDATE habbophp_config SET value='" . $_POST['url'] . "' WHERE name='url_site'") or die('Error mysql (url)');
mysql_query("UPDATE habbophp_config SET value='" . $_POST['nom_retro'] . "' WHERE name='name'") or die('Error mysql (nom rétro)');
echo 'true';
<?php
define('AUTH', 'AUTH');
require '../init.php';
if (!isset($_GET['mail']) or empty($_GET['mail']) or !Validate::ValideInput(array('mail' => 'isEmail'))) {
echo 'no';
exit;
}
$p = safe($_GET['mail'], 'SQL');
if (isset($p) && !empty($p) && $_SERVER['REQUEST_METHOD'] == "GET") {
$db->query('SELECT id,username,mail FROM users WHERE mail="' . $p . '"');
if ($db->NumRowsC() == 1) {
$data = $db->getQuery();
$new_password = hashMe(uniqid()) . hashMe(uniqid());
$expire = time() + 3600 * 24;
$req = $db->query('SELECT id,uid FROM habbophp_password_forgotten WHERE uid="' . $data['id'] . '"', true);
if ($db->NumRowsC() == 0) {
$db->query('INSERT INTO habbophp_password_forgotten VALUES ("","' . $data['id'] . '","' . $new_password . '","' . $expire . '")');
} else {
$db->query("UPDATE habbophp_password_forgotten SET keysecret='" . safe($new_password, 'SQL') . "' WHERE uid='" . safe($data['id'], 'SQL') . "'");
}
$link = $config->url_site . '/mot_de_passe_oublier.php?key=' . $new_password;
$body = file_get_contents('../modules/mail/password_forgotten.html');
$body = str_replace('{$url_site}', $config->url_site, $body);
$body = str_replace('{$pseudo}', $data['username'], $body);
$body = str_replace('{$link}', $link, $body);
$mail = new PHPMailer();
// defaults to using php "mail()"
if (!empty($config->smtp_username) && !empty($config->smtp_password)) {
$mail->IsSMTP();
// telling the class to use SMTP
<?php
define('RANK', '7');
require '../includes/init.php';
$usersManage = new Db('users');
if ($_GET['password'] == '') {
unset($_GET['password']);
} else {
$_GET['password'] = hashMe($_GET['password']);
}
$_GET['username'] = safe($_GET['username'], 'SQL');
if (EMULATOR == 'phoenix') {
if ($_GET['rank'] == 2) {
$_GET['vip'] = 1;
}
}
unset($_GET['token']);
$jetons = $_GET['jetons'];
unset($_GET['jetons']);
if ($usersManage->save($_GET)) {
echo '1';
}
$req = mysql_query('SELECT * FROM habbophp_users_jetons WHERE uid="' . safe($_GET['id'], 'SQL') . '"');
if (!mysql_num_rows($req)) {
$reqJ = mysql_query('INSERT INTO habbophp_users_jetons VALUES ("","' . safe($_GET['id'], 'SQL') . '","' . $jetons . '")');
} else {
$reqJ = mysql_query('UPDATE habbophp_users_jetons SET jetons=' . $jetons . ' WHERE uid="' . safe($_GET['id'], 'SQL') . '"');
}
if ($reqJ) {
echo '1';
}
}
if (isset($_POST['password'])) {
$Error = new error();
$s = true;
if (isset($_POST['password']) && empty($_POST['password'])) {
$Error->set('password', $tpl->assign('error_password_empty', 'true'));
$tpl->assign('error', 'true');
$s = false;
} elseif (strlen($_POST['password']) <= 5) {
$Error->set('password', $tpl->assign('error_strlen', 'true'));
}
if (isset($_POST['retypedPassword']) && empty($_POST['retypedPassword'])) {
$Error->set('retypedPassword', $tpl->assign('error_empty_retypedPassword', 'true'));
$tpl->assign('error', 'true');
$s = false;
}
if (isset($_POST['password']) && isset($_POST['retypedPassword']) && $s == true) {
if (trim($_POST['password']) != trim($_POST['retypedPassword'])) {
$Error->set('passwordNot', $tpl->assign('error_password_not_egal', 'true'));
$tpl->assign('error', 'true');
}
}
if (!$Error->ErrorPresent()) {
$password = hashMe($_POST['password']);
$req = $db->query('UPDATE users SET password="******" WHERE id="' . safe($data['uid'], 'HTML') . '"');
$db->query('DELETE FROM habbophp_password_forgotten WHERE id="' . safe($data['id'], 'HTML') . '"');
redirection($config->url_site . '/');
}
}
$tpl->assign('email', $data['mail']);
$tpl->display('password_forgotten.tpl');