$newpassword = pass_the_salt(30); if ($lct_count < $pass_min_req[1] || $uct_count < $pass_min_req[2] || $num_count < $pass_min_req[3] || $sym_count < $pass_min_req[4]) { stderr($language["ERROR"], $language["ERR_PASS_TOO_WEAK_1A"] . ":<br /><br />" . ($pass_min_req[1] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[1] . "</span> " . ($pass_min_req[1] == 1 ? $language["ERR_PASS_TOO_WEAK_2"] : $language["ERR_PASS_TOO_WEAK_2A"]) . "</li>" : "") . ($pass_min_req[2] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[2] . "</span> " . ($pass_min_req[2] == 1 ? $language["ERR_PASS_TOO_WEAK_3"] : $language["ERR_PASS_TOO_WEAK_3A"]) . "</li>" : "") . ($pass_min_req[3] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[3] . "</span> " . ($pass_min_req[3] == 1 ? $language["ERR_PASS_TOO_WEAK_4"] : $language["ERR_PASS_TOO_WEAK_4A"]) . "</li>" : "") . ($pass_min_req[4] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[4] . "</span> " . ($pass_min_req[4] == 1 ? $language["ERR_PASS_TOO_WEAK_5"] : $language["ERR_PASS_TOO_WEAK_5A"]) . "</li>" : "") . "<br />" . $language["ERR_PASS_TOO_WEAK_6"] . ":<br /><br /><span style='color:blue;font-weight:bold;'>" . $newpassword . "</span><br />"); } $un = !empty($new_username) && $new_username != $curu["username"] ? $new_username : $curu["username"]; $multipass = hash_generate(array("salt" => ""), $pass, $un); $j = $btit_settings["secsui_pass_type"]; $set[] = "`password`=" . sqlesc($multipass[$j]["rehash"]); $set[] = "`salt`=" . sqlesc($multipass[$j]["salt"]); $set[] = "`pass_type`=" . sqlesc($j); $set[] = "`dupe_hash`=" . sqlesc($multipass[$j]["dupehash"]); $passhash = smf_passgen($un, $pass); $smfset[] = '`passwd`=' . sqlesc($passhash[0]); $smfset[] = '`password' . ($FORUMLINK == "smf" ? "S" : "_s") . 'alt`=' . sqlesc($passhash[1]); if ($FORUMLINK == "ipb") { $ipbhash = ipb_passgen($pass); IPSMember::save($ipb_fid, array("members" => array("member_login_key" => "", "member_login_key_expire" => "0", "members_pass_hash" => "{$ipbhash['0']}", "members_pass_salt" => "{$ipbhash['1']}"))); } } $set[] = "block_comment='" . (isset($_POST["block_comment"]) ? "yes" : "no") . "'"; $set[] = "sbox='" . (isset($_POST["sbox"]) ? "yes" : "no") . "'"; //user images $set[] = "dona='" . (isset($_POST["dona"]) ? "yes" : "no") . "'"; $set[] = "donb='" . (isset($_POST["donb"]) ? "yes" : "no") . "'"; $set[] = "birt='" . (isset($_POST["birt"]) ? "yes" : "no") . "'"; $set[] = "mal='" . (isset($_POST["mal"]) ? "yes" : "no") . "'"; $set[] = "fem='" . (isset($_POST["fem"]) ? "yes" : "no") . "'"; $set[] = "war='" . (isset($_POST["war"]) ? "yes" : "no") . "'"; $set[] = "bann='" . (isset($_POST["bann"]) ? "yes" : "no") . "'"; $set[] = "par='" . (isset($_POST["par"]) ? "yes" : "no") . "'"; $set[] = "bot='" . (isset($_POST["bot"]) ? "yes" : "no") . "'";
if (substr($GLOBALS["FORUMLINK"], 0, 3) == "smf") { $passhash = smf_passgen($CURUSER["username"], $_POST["new_pwd"]); do_sqlquery("UPDATE `{$db_prefix}members` SET `passwd`='{$passhash['0']}', `password" . ($GLOBALS["FORUMLINK"] == "smf" ? "S" : "_s") . "alt`='{$passhash['1']}' WHERE " . ($GLOBALS["FORUMLINK"] == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $arr["smf_fid"], true); } elseif ($GLOBALS["FORUMLINK"] == "ipb") { if (!defined('IPS_ENFORCE_ACCESS')) { define('IPS_ENFORCE_ACCESS', true); } if (!defined('IPB_THIS_SCRIPT')) { define('IPB_THIS_SCRIPT', 'public'); } require_once $THIS_BASEPATH . '/ipb/initdata.php'; require_once IPS_ROOT_PATH . 'sources/base/ipsRegistry.php'; require_once IPS_ROOT_PATH . 'sources/base/ipsController.php'; $registry = ipsRegistry::instance(); $registry->init(); $ipbhash = ipb_passgen($_POST["new_pwd"]); IPSMember::save($arr["ipb_fid"], array("members" => array("member_login_key" => "", "member_login_key_expire" => "0", "members_pass_hash" => "{$ipbhash['0']}", "members_pass_salt" => "{$ipbhash['1']}"))); } success_msg($language["PWD_CHANGED"], "" . $language["NOW_LOGIN"] . "<br /><a href=\"index.php?page=login\">Go</a>"); stdfoot(true, false); exit; } } break; case '': case 'change': default: $pwdtpl = array(); $pwdtpl["frm_action"] = "index.php?page=usercp&do=pwd&action=post&uid=" . $uid . ""; $pwdtpl["frm_cancel"] = "index.php?page=usercp&uid=" . $uid . ""; $usercptpl->set("pwd", $pwdtpl);
fwrite($fd, $lang_data); fclose($fd); if (!defined('IPS_ENFORCE_ACCESS')) { define('IPS_ENFORCE_ACCESS', true); } if (!defined('IPB_THIS_SCRIPT')) { define('IPB_THIS_SCRIPT', 'public'); } require_once dirname(__FILE__) . '/ipb/initdata.php'; require_once IPS_ROOT_PATH . 'sources/base/ipsRegistry.php'; require_once IPS_ROOT_PATH . 'sources/base/ipsController.php'; $registry = ipsRegistry::instance(); $registry->init(); $l_username = strtolower($username); $seo_username = IPSText::makeSeoTitle($username); $ipbpass = ipb_passgen($password); @mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO `{$ipb_prefix}members` (`member_id`,`name`, `member_group_id`, `email`, `joined`, `ip_address`, `allow_admin_mails`, `time_offset`, `language`, `members_display_name`, `members_seo_name`, `members_created_remote`, `members_l_display_name`, `members_l_username`, `members_pass_hash`, `members_pass_salt`, `bday_day`, `bday_month`, `bday_year`, `msg_show_notification`, `last_visit`, `last_activity`, `posts`) VALUES (2, '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', 8, '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $email) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', UNIX_TIMESTAMP(), '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $_SERVER["REMOTE_ADDR"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', 1, 0, 1, '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $seo_username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', 1, '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $l_username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $l_username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $ipbpass[0]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $ipbpass[1]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', 0, 0, 0, 1, UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), 1)"); @mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO `{$ipb_prefix}pfields_content` (`member_id`) VALUES (2)"); @mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO `{$ipb_prefix}profile_portal` (`pp_member_id`, `pp_setting_count_friends`, `pp_setting_count_comments`) VALUES (2, 1, 1)"); @mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE `{$ipb_prefix}forums` SET `last_poster_id`='2', `last_poster_name`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "' WHERE `id`=2"); @mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE `{$ipb_prefix}posts` SET `author_id`= '2', `author_name`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "' WHERE `pid`=1"); @mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE `{$ipb_prefix}topics` SET `starter_id`='2', `last_poster_id`='2', `starter_name`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', `last_poster_name`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', `seo_last_name`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $seo_username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', `seo_first_name`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $seo_username) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "' WHERE `tid`=1"); $myres = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT `cs_value` FROM `{$ipb_prefix}cache_store` WHERE `cs_key`='stats'"); $myrow = mysqli_fetch_assoc($myres); $in = unserialize($myrow["cs_value"]); $in["mem_count"] = 1; $in["last_mem_name"] = $username; $in["last_mem_id"] = 2; $in["last_mem_name_seo"] = $seo_username; $out = serialize($in); @mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE `{$ipb_prefix}cache_store` SET `cs_value`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $out) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "' WHERE `cs_key`='stats'");
} elseif ($GLOBALS["FORUMLINK"] == "ipb") { if (!defined('IPS_ENFORCE_ACCESS')) { define('IPS_ENFORCE_ACCESS', true); } if (!defined('IPB_THIS_SCRIPT')) { define('IPB_THIS_SCRIPT', 'public'); } if (!isset($THIS_BASEPATH) || empty($THIS_BASEPATH)) { $THIS_BASEPATH = dirname(__FILE__); } require_once $THIS_BASEPATH . '/ipb/initdata.php'; require_once IPS_ROOT_PATH . 'sources/base/ipsRegistry.php'; require_once IPS_ROOT_PATH . 'sources/base/ipsController.php'; $registry = ipsRegistry::instance(); $registry->init(); $ipbhash = ipb_passgen($newpassword); IPSMember::save($arr["ipb_fid"], array("members" => array("member_login_key" => "", "member_login_key_expire" => "0", "members_pass_hash" => "{$ipbhash['0']}", "members_pass_salt" => "{$ipbhash['1']}"))); } $body = sprintf($language["RECOVER_EMAIL_2"], $arr["username"], $newpassword, "{$BASEURL}/index.php?page=login", $SITENAME); send_mail($email, "{$SITENAME} " . $language["ACCOUNT_DETAILS"], $body) or stderr($language["ERROR"], $language["ERR_SEND_EMAIL"]); redirect("index.php?page=recover&act=recover_ok&id={$id}&random={$random}"); die; } elseif ($act == "recover_ok") { $id = intval(0 + $_GET["id"]); $random = intval($_GET["random"]); if (!$id || !$random || empty($random) || $random == 0) { stderr($language["ERROR"], $language["ERR_UPDATE_USER"]); } $res = do_sqlquery("SELECT `username`, `email`, `random`" . (substr($GLOBALS["FORUMLINK"], 0, 3) == "smf" ? ", `smf_fid`" : "") . " FROM `{$TABLE_PREFIX}users` WHERE `id` = {$id}", true); $arr = mysqli_fetch_array($res); if ($random != $arr["random"]) {