function get_new_password()
{
global $settings;
if ($settings['admin_username'] == $_REQUEST['user'] && $settings['admin_password'] == $_REQUEST['old_pw']) {
$new_password = random_key(8, true);
$query = array('UPDATE' => 'settings', 'SET' => 'value="' . openld_hash($new_password) . '"', 'WHERE' => 'title="admin_password"');
($hook = get_hook('admin_login_get_password_settings_sql')) ? eval($hook) : null;
$db->query_build($query);
generate_settings_cache();
echo NEW_PASSWORD . ":" . $new_password;
} else {
error("Invalid password request");
}
}
<?php
//operations
$submit_success = '';
//insert comments
if (isset($_REQUEST['com_name']) && isset($_REQUEST['com_description'])) {
if ($settings['guestbook_allow_comments'] == 'Y') {
$error->check_name(check_if_null($_REQUEST['com_name']), true);
$error->check_description(check_if_null($_REQUEST['com_description']), $settings['guestbook_max_comment_description'], 5, true);
if ($settings['guestbook_use_antispam'] !== 'N' && $_SESSION['captcha'] !== openld_hash($_REQUEST['captcha'])) {
$error->set_warning('captcha_warning', 'Wrong captcha inserted');
}
if ($settings['guestbook_links_within_comments'] == 'N' && strstr($_REQUEST['com_description'], 'http://') == true || strstr($_REQUEST['com_description'], 'https://') == true) {
$error->set_warning('description_warning', 'Links is not allowed within comments');
}
if ($error->transform_error()) {
$sql = array('INSERT' => ($settings['guestbook_use_comment_titles'] == 'Y' ? 'title, ' : '') . 'description,
name,
ip', 'INTO' => 'guestbook_comments', 'VALUES' => ($settings['guestbook_use_comment_titles'] == 'Y' ? '"' . $_REQUEST['com_title'] . '", ' : '') . '"' . $db->escape($_REQUEST['com_description']) . '", "' . $db->escape($_REQUEST['com_name']) . '", "' . $db->escape($_SERVER['REMOTE_ADDR']) . '"');
$db->query_build($sql) or error(__FILE__, __LINE__);
$submit_success = 'Comment was added' . ($settings['guestbook_display_unaccepted_comments'] == 'N' ? ' and is waiting for approval' : '');
}
} else {
error('Comments are not allowed at the moment');
}
}
//insert rating
if (isset($_REQUEST['rate']) && isset($_REQUEST['score'])) {
//check if the voter is unique
$query = array('SELECT' => 'ip', 'FROM' => 'guestbook_votes', 'WHERE' => 'comment_id=' . $_REQUEST['rate'] . ' AND ip="' . $db->escape($_SERVER['REMOTE_ADDR']) . '"');
$ip_sql = $db->query_build($query) or error(__FILE__, __LINE__);
<div class="openld-block openld-form">
<h2><span><?php
echo ECF_CONTACT_LABEL;
?>
</span></h2>
<div class="openld-content">
<?php
if (!empty($_POST)) {
$email_value = check_if_null($_POST['email']);
$subject_value = check_if_null($_POST['subject']);
$message_value = check_if_null($_POST['message']);
$error->check_email($email_value);
$error->check_title($subject_value, 255, 1, true);
$error->check_description($message_value, 1024, 5, true);
//captcha check
if ($_SESSION['captcha'] !== openld_hash($_POST['captcha'])) {
$error->set_warning('captcha_warning', WRONG_CAPTCHA);
}
if ($error->transform_error()) {
mail($settings['email'], $subject_value, $message_value, "From: " . $email_value);
echo ECF_MAIL_SENT_TO_ADMIN;
} else {
?>
<form action="index.php?display=contact" accept-charset="utf-8" method="post"><div class="panel">
<table>
<tr>
<td width="100px"><?php
echo ECF_CONTACT_MAIL_FIELD;
?>
</td>
<td>
);
$db->query_build($query) or error(__FILE__, __LINE__);
}
****/
}
generate_settings_cache();
($hook = get_hook('admin_options_after_insert_sql')) ? eval($hook) : null;
redirect($settings['domain'] . "/admin_options.php");
} else {
//some value was probably incorrect
($hook = get_hook('admin_options_if_error')) ? eval($hook) : null;
}
} elseif (isset($_POST['password']) || isset($_POST['confirm_new_password'])) {
if ($_POST['password'] == $_POST['confirm_new_password']) {
$error->check_new_password($_POST['password']);
} else {
$error->set_warning('retype_warning', WRONG_PASSWORD_CONFIRMATION);
}
if ($error->transform_error()) {
$query = array('UPDATE' => 'settings', 'SET' => 'value="' . openld_hash($_POST['password']) . '"', 'WHERE' => 'title="admin_password"');
($hook = get_hook('admin_options_update_password_sql')) ? eval($hook) : null;
$db->query_build($query) or error(__FILE__, __LINE__);
generate_settings_cache();
} else {
$back_to_form = true;
}
}
//else: print "the option form is empty";
($hook = get_hook('admin_options_after_input_check')) ? eval($hook) : null;
$page = 'admin/admin_options.php';
require OPENLD_ROOT . 'admin_footer.php';
}
//create the tables
$schema = array('FIELDS' => array('id' => array('datatype' => 'SERIAL', 'allow_null' => false), 'spam_word' => array('datatype' => 'VARCHAR(255)', 'allow_null' => true), 'replace_word' => array('datatype' => 'VARCHAR(255)', 'allow_null' => true), 'ban_type' => array('datatype' => 'VARCHAR(1)', 'allow_null' => true)), 'PRIMARY KEY' => array('id'));
$db->create_table('illegal_words', $schema);
$schema = array('FIELDS' => array('id' => array('datatype' => 'SERIAL', 'allow_null' => false), 'father_id' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'title' => array('datatype' => 'VARCHAR(100)', 'allow_null' => true), 'description' => array('datatype' => 'TEXT', 'allow_null' => true), 'active' => array('datatype' => 'TINYINT(1) UNSIGNED', 'allow_null' => true), 'last_update' => array('datatype' => 'TIMESTAMP', 'allow_null' => true), 'created' => array('datatype' => 'DATE', 'allow_null' => true), 'ip' => array('datatype' => 'VARCHAR(15)', 'allow_null' => true), 'position' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0')), 'PRIMARY KEY' => array('id'));
$db->create_table('categories', $schema);
$schema = array('FIELDS' => array('id' => array('datatype' => 'SERIAL', 'allow_null' => false), 'name' => array('datatype' => 'VARCHAR(100)', 'allow_null' => true), 'email' => array('datatype' => 'VARCHAR(150)', 'allow_null' => true), 'url' => array('datatype' => 'VARCHAR(255)', 'allow_null' => true), 'title' => array('datatype' => 'VARCHAR(255)', 'allow_null' => true), 'description' => array('datatype' => 'TEXT', 'allow_null' => true), 'active' => array('datatype' => 'TINYINT(1) UNSIGNED', 'allow_null' => true), 'ip' => array('datatype' => 'VARCHAR(15)', 'allow_null' => true), 'category_id' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => true), 'date_submitted' => array('datatype' => 'TIMESTAMP', 'allow_null' => false, 'default' => 'CURRENT_TIMESTAMP'), 'reciprocal_url' => array('datatype' => 'VARCHAR(255)', 'allow_null' => true), 'type' => array('datatype' => 'VARCHAR(50)', 'allow_null' => true), 'payment_status' => array('datatype' => 'VARCHAR(50)', 'allow_null' => true), 'position' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0')), 'PRIMARY KEY' => array('id'));
$db->create_table('links', $schema);
$schema = array('FIELDS' => array('id' => array('datatype' => 'SERIAL', 'allow_null' => false), 'ip' => array('datatype' => 'VARCHAR(15)', 'allow_null' => false, 'default' => '""')), 'PRIMARY KEY' => array('id'));
$db->create_table('ip_bans', $schema);
$schema = array('FIELDS' => array('id' => array('datatype' => 'SERIAL', 'allow_null' => false), 'title' => array('datatype' => 'VARCHAR(100)', 'allow_null' => false, 'default' => '""'), 'value' => array('datatype' => 'VARCHAR(255)', 'allow_null' => false, 'default' => '""')), 'PRIMARY KEY' => array('id'));
$db->create_table('settings', $schema);
$schema = array('FIELDS' => array('id' => array('datatype' => 'VARCHAR(150)', 'allow_null' => false, 'default' => '""'), 'title' => array('datatype' => 'VARCHAR(150)', 'allow_null' => false, 'default' => '""'), 'version' => array('datatype' => 'VARCHAR(25)', 'allow_null' => false, 'default' => '""'), 'description' => array('datatype' => 'TEXT', 'allow_null' => true), 'author' => array('datatype' => 'VARCHAR(50)', 'allow_null' => false, 'default' => '""'), 'uninstall' => array('datatype' => 'TEXT', 'allow_null' => true)), 'PRIMARY KEY' => array('id'));
$db->create_table('extensions', $schema);
$schema = array('FIELDS' => array('id' => array('datatype' => 'VARCHAR(150)', 'allow_null' => false, 'default' => '""'), 'extension_id' => array('datatype' => 'VARCHAR(150)', 'allow_null' => false, 'default' => '""'), 'code' => array('datatype' => 'TEXT', 'allow_null' => true), 'installed' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0')), 'PRIMARY KEY' => array('id', 'extension_id'));
$db->create_table('extension_hooks', $schema);
// Make sure base_url doesn't end with a slash
$_POST['site_domain'] = remove_last_slash($_POST['site_domain']);
//Now, we will implement the settings
$config = array('admin_username' => $db->escape($_POST['admin_username']), 'admin_password' => openld_hash($_POST['admin_password']), 'title' => $db->escape($_POST['site_title']), 'description' => $db->escape($_POST['site_description']), 'email' => $db->escape($_POST['admin_email']), 'domain' => $db->escape($_POST['site_domain']), 'links_sorting_by' => "title", 'categories_sorting_by' => "title", 'number_of_colums' => "2", 'number_of_links_per_page' => "20", 'number_of_search_results_per_page' => "20", 'link_title_max_length' => "255", 'link_title_min_length' => "2", 'link_url_max_length' => "255", 'link_url_min_length' => "2", 'link_description_max_length' => "1024", 'link_description_min_length' => "0", 'category_description_max_length' => "1024", 'category_description_min_length' => "0", 'reciprocal_links_option' => "N", 'reciprocal_url_option' => $db->escape($_POST['site_domain']), 'regular_links_option' => "Y", 'paid_links_option' => "N", 'sponsor_links_option' => "N", 'template_path' => "default/", 'admin_template_path' => "default/", 'language' => "english", 'auto_accept_links' => "N", 'display_unaccepted_links' => "N", 'display_unaccepted_categories' => "N", 'disable_extensions' => "N", 'payments' => 'paypal', 'paid_price_option' => '1', 'paid_curr_option' => 'USD', 'paid_account_option' => $db->escape($_POST['admin_email']), 'sponsor_price_option' => '5', 'sponsor_curr_option' => 'USD', 'sponsor_account_option' => $db->escape($_POST['admin_email']), 'rewrite_layer' => 'off', 'gzip' => 'N', 'hide_admin_button' => 'N', 'deny_index_page_submissions' => 'N', 'open_links_in_new_windows' => 'N');
while (list($conf_name, $conf_value) = @each($config)) {
$query = array('INSERT' => 'title, value', 'INTO' => 'settings', 'VALUES' => '"' . $conf_name . '","' . $conf_value . '"');
$db->query_build($query) or error('Unable to insert into table ' . $db_prefix . 'settings. Please check your configuration and try again. Failing values: "' . $conf_name . '", "' . $conf_value . '"', __FILE__, __LINE__);
}
//generate settings cache
generate_settings_cache();
// install extensions by default - list all below
install_extension('support_openld');
if ($db_type == 'pgsql' || $db_type == 'sqlite') {
$db->end_transaction();
}
return sha1($str);
} else {
if (function_exists('mhash')) {
// Only if Mhash library is loaded
return bin2hex(mhash(MHASH_SHA1, $str));
} else {
return md5($str);
}
}
}
session_start();
//Generate a captcha string
$rand = openld_hash(mktime() * microtime());
$captcha_string = substr($rand, 0, rand(5, 6));
//store the string in a session
$_SESSION['captcha'] = openld_hash($captcha_string);
//make an image
$image_width = rand(150, 179);
$image_height = rand(50, 58);
$lines = rand(1, 8);
$rand_color = array(rand(0, 180), rand(0, 180), rand(0, 180));
$captcha_image = imagecreate($image_width, $image_height);
imagecolorallocate($captcha_image, rand(237, 255), rand(246, 255), rand(238, 255));
$text_color = imagecolorallocate($captcha_image, $rand_color[0], $rand_color[1], $rand_color[2]);
imagestring($captcha_image, rand(3, 5), rand(19, 80), rand(4, 39), $captcha_string, $text_color);
//line up
$loop = rand(0, $lines);
for ($i = 0; $i <= $loop; $i++) {
$line = imagecolorallocate($captcha_image, $rand_color[0], $rand_color[1], $rand_color[2]);
imageline($captcha_image, rand(0, $image_width), rand(0, $image_height), rand(0, $image_width), rand(0, $image_height), $line);
}
