public static function generate_config_file($db_type, $db_host, $db_name, $db_username, $db_password, $db_prefix = '', $cookie_name = false, $cookie_seed = false) { if ($cookie_name === false) { $cookie_name = 'luna_cookie_' . random_key(6, false, true); } if ($cookie_seed === false) { $cookie_seed = random_key(16, false, true); } return '<?php' . "\n\n" . '$db_type = \'' . $db_type . "';\n" . '$db_host = \'' . $db_host . "';\n" . '$db_name = \'' . addslashes($db_name) . "';\n" . '$db_username = \'' . addslashes($db_username) . "';\n" . '$db_password = \'' . addslashes($db_password) . "';\n" . '$db_prefix = \'' . addslashes($db_prefix) . "';\n" . '$p_connect = false;' . "\n\n" . '$cookie_name = ' . "'" . $cookie_name . "';\n" . '$cookie_domain = ' . "'';\n" . '$cookie_path = ' . "'/';\n" . '$cookie_secure = 0;' . "\n" . '$cookie_seed = \'' . $cookie_seed . "';\n\ndefine('PUN', 1);\n"; }
function hash_password($password, $salt = null) { $rice = ""; if (trim($salt) != "") { $rice = trim($salt); } else { $rice = random_key(SALT_LEN); } $hash = hash("sha256", $password . $rice); $hash .= $rice; return $hash; }
public function set_new_key() { //now we're going to set the random key $this->random_key = random_key(20); //before we can set that random key to the object //we NEED to make sure it doesn't exist while (Reset_Password::is_random_key_being_used($this->random_key)) { //while this key does it exist, keep looping through and generating new //random keys until it already exists $this->random_key = random_key(20); } }
function get_new_password() { global $settings; if ($settings['admin_username'] == $_REQUEST['user'] && $settings['admin_password'] == $_REQUEST['old_pw']) { $new_password = random_key(8, true); $query = array('UPDATE' => 'settings', 'SET' => 'value="' . openld_hash($new_password) . '"', 'WHERE' => 'title="admin_password"'); ($hook = get_hook('admin_login_get_password_settings_sql')) ? eval($hook) : null; $db->query_build($query); generate_settings_cache(); echo NEW_PASSWORD . ":" . $new_password; } else { error("Invalid password request"); } }
private function send($send_parameters) { global $con; $to = $send_parameters["to"]; $from = $_SESSION["userid"]; $msg = $send_parameters["msg"]; $subj = $send_parameters["subject"]; $convoid = $send_parameters["thread"]; if (isset($to) && isset($msg) && isset($subj)) { if (!isset($convoid)) { $convoid = random_key(256); } $send_array = array("thread" => $convoid, "sender" => $from, "receiver" => $to, "subject" => $subj, "msg" => $msg, "date" => date("Y-m-d H:i:s")); addRow($con, "msg", $send_array); return 200; } else { return 401; } }
gid: <?php echo $game_id; ?> }, beforeSend: beforeSend || function(){} }).done(function(res){ if (callback) { callback(res); } }); } var cipheredTerms = <?php $output = "["; foreach ($terms_res as $i) { $key = random_key(max(strlen($i["term"]), strlen($i["def"]))); $term = encode($i["term"], $key); $def = encode($i["def"], $key); $output .= "['{$term}','{$def}','{$i['id']}','{$key}'],"; } $output = substr($output, 0, -1); $output .= "]"; echo $output; ?> ; </script> </head>
function random_pass($len) { return random_key($len, true); }
?> <span class="help-block"><?php _e('Password and confirmation for SMTP server, only when required', 'luna'); ?> </span></label> <div class="col-sm-9"> <div class="checkbox"> <label> <input type="checkbox" name="form[smtp_change_pass]" id="form_smtp_change_pass" value="1" /> <?php _e('Check this if you want to change or delete the currently stored password.', 'luna'); ?> </label> </div> <?php $smtp_pass = !empty($luna_config['o_smtp_pass']) ? random_key(luna_strlen($luna_config['o_smtp_pass']), true) : ''; ?> <div class="row"> <div class="col-sm-6"> <input class="form-control" type="password" name="form[smtp_pass1]" maxlength="50" value="<?php echo $smtp_pass; ?> " /> </div> <div class="col-sm-6"> <input class="form-control" type="password" name="form[smtp_pass2]" maxlength="50" value="<?php echo $smtp_pass; ?> " /> </div> </div>
$mail_message = 'User \'' . $forum_user['username'] . '\' changed to an e-mail address that also belongs to: ' . implode(', ', $dupe_list) . "\n\n" . 'User profile: ' . forum_link($forum_url['user'], $id) . "\n\n" . '-- ' . "\n" . 'Forum Mailer' . "\n" . '(Do not reply to this message)'; forum_mail($forum_config['o_mailing_list'], $mail_subject, $mail_message); } } } // Did everything go according to plan? if (empty($errors)) { if ($forum_config['o_regs_verify'] != '1') { // We have no confirmed e-mail so we change e-mail right now $query = array('UPDATE' => 'users', 'SET' => 'email=\'' . $forum_db->escape($new_email) . '\'', 'WHERE' => 'id=' . $id); ($hook = get_hook('pf_change_email_key_qr_update_email')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); redirect(forum_link($forum_url['profile_about'], $id), $lang_profile['E-mail updated redirect']); } // We have a confirmed e-mail so we going to send an activation link $new_email_key = random_key(8, true); // Save new e-mail and activation key $query = array('UPDATE' => 'users', 'SET' => 'activate_string=\'' . $forum_db->escape($new_email) . '\', activate_key=\'' . $new_email_key . '\'', 'WHERE' => 'id=' . $id); ($hook = get_hook('pf_change_email_normal_qr_update_email_activation')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); // Load the "activate e-mail" template $mail_tpl = forum_trim(file_get_contents(FORUM_ROOT . 'lang/' . $forum_user['language'] . '/mail_templates/activate_email.tpl')); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = forum_trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_message = forum_trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', $forum_user['username'], $mail_message); $mail_message = str_replace('<base_url>', $base_url . '/', $mail_message); $mail_message = str_replace('<activation_url>', str_replace('&', '&', forum_link($forum_url['change_email_key'], array($id, $new_email_key))), $mail_message); $mail_message = str_replace('<board_mailer>', sprintf($lang_common['Forum mailer'], $forum_config['o_board_title']), $mail_message); ($hook = get_hook('pf_change_email_normal_pre_activation_email_sent')) ? eval($hook) : null;
private function user_register($profile, $prev_url) { global $forum_config, $lang_fancy_login_loginza, $forum_user, $forum_db, $forum_url; // Load the profile language file if (!isset($lang_profile)) { require FORUM_ROOT . 'lang/' . $forum_user['language'] . '/profile.php'; } // We allowed register new users? if ($forum_config['o_regs_allow'] == '0') { message($lang_profile['No new regs']); } // Check that someone from this IP didn't register a user within the last hour (DoS prevention) $query = array('SELECT' => 'COUNT(u.id)', 'FROM' => 'users AS u', 'WHERE' => 'u.registration_ip=\'' . $forum_db->escape(get_remote_address()) . '\' AND u.registered>' . (time() - 3600)); ($hook = get_hook('rg_register_qr_check_register_flood')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); if ($forum_db->result($result) > 0) { message($lang_profile['Registration flood']); } // Get user info from Loginza Profile $username = $this->get_username_for_new_user($profile); $loginza_identity = isset($profile->identity) ? forum_trim($profile->identity) : FALSE; $lup = new LoginzaUserProfile($profile); $email = $lup->get_email(); if (!$username) { message($lang_fancy_login_loginza['Error empty username']); } if (!$loginza_identity) { message($lang_fancy_login_loginza['Error empty identity']); } // Check e-mail address $banned_email = FALSE; $dupe_list = array(); if ($email) { $error = $this->check_email($email, $banned_email, $dupe_list); if (TRUE !== $error) { message($error); } } // Clean old unverified registrators - delete older than 72 hours $query = array('DELETE' => 'users', 'WHERE' => 'group_id=' . FORUM_UNVERIFIED . ' AND activate_key IS NOT NULL AND registered < ' . (time() - 259200)); ($hook = get_hook('rg_register_qr_delete_unverified')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); ($hook = get_hook('rg_register_end_validation')) ? eval($hook) : null; // User default info $language = $forum_config['o_default_lang']; $password = random_key(12, TRUE); $salt = random_key(12); $password_hash = forum_hash($password, $salt); $initial_group_id = $forum_config['o_regs_verify'] == '0' ? $forum_config['o_default_user_group'] : FORUM_UNVERIFIED; // Timezone & DST $this->get_timezone_and_dst($timezone, $dst); // Insert the new user into the database. // We do this now to get the last inserted id for later use. $user_info = array('username' => $username, 'group_id' => $initial_group_id, 'salt' => $salt, 'password' => $password, 'password_hash' => $password_hash, 'email' => $email, 'email_setting' => $forum_config['o_default_email_setting'], 'timezone' => $timezone, 'dst' => $dst, 'language' => $forum_config['o_default_lang'], 'style' => $forum_config['o_default_style'], 'registered' => time(), 'registration_ip' => get_remote_address(), 'activate_key' => $forum_config['o_regs_verify'] == '1' ? '\'' . random_key(8, TRUE) . '\'' : 'NULL', 'require_verification' => $forum_config['o_regs_verify'] == '1', 'notify_admins' => $forum_config['o_regs_report'] == '1', 'loginza_profile' => $profile, 'loginza_return_url' => $prev_url, 'loginza_banned_email' => $banned_email, 'loginza_dupe_list' => $dupe_list); ($hook = get_hook('rg_register_pre_add_user')) ? eval($hook) : null; // If we dont have email — save userdata to session and show form if (!$email) { if (!isset($_SESSION)) { session_start(); } $session_id = 'fancy_login_loginza_' . random_key(12, TRUE, TRUE); $_SESSION[$session_id] = $user_info; $this->form_end_reg($session_id); } else { if ($forum_config['o_regs_verify'] == '1' && $forum_config['o_fancy_login_loginza_trust_openid_emails'] == '1') { // Skip activate email from OpenID $user_info['activate_key'] = 'NULL'; $user_info['require_verification'] = FALSE; $user_info['group_id'] = $forum_config['o_default_user_group']; } $this->register($user_info); } }
function send_password() { // Variable errors $errors = array(); $sended = false; // Load the modules $this->load->library('email'); $this->load->helper('email'); // Type text or html emails $config['mailtype'] = 'html'; $this->email->initialize($config); if (!isset($_POST['universe'])) { $errors[] = $this->lang->line('error_universe'); } if (!isset($_POST['email']) or !valid_email($_POST['email'])) { $errors[] = $this->lang->line('error_email2'); } if (!in_array($_POST['universe'], $this->config->item('uni_array'))) { $errors[] = $this->lang->line('error_world'); } if (count($errors) == 0) { $user_query = $this->db->get_where($_POST['universe'] . '_users', array('email' => $_POST['email'])); if ($user_query->num_rows == 0) { $errors[] = $this->lang->line('error_email3'); } else { $user = $user_query->row(); $password = $key = random_key(8); $this->db->set('password', md5($password)); $this->db->where(array('id' => $user->id)); $this->db->update($_POST['universe'] . '_users'); // Send an email $message = ' <html> <body> <p>' . $this->lang->line('register_email_text_1') . ' ' . $user->login . ',<br> <br>' . $this->lang->line('password_email_text_1') . ' (' . $_POST['universe'] . '):<br> <br>' . $password . '<br> <br>' . $this->lang->line('password_email_text_2') . ' <a href="' . $this->config->item('base_url') . '" target="_blank">' . $this->config->item('base_url') . '</a><br> <br>' . $this->lang->line('register_email_text_6') . ',<br>' . $this->lang->line('register_email_text_7') . '</p> </body> </html>'; $this->email->from($this->config->item('email_from'), 'ZZJHONS'); $this->email->to($_POST['email']); $this->email->subject($this->lang->line('password_email_text_1') . '!'); $this->email->message($message); $this->email->send(); $sended = true; } } $this->session->set_flashdata(array('errors' => $errors)); $this->session->set_flashdata(array('sended' => $sended)); $this->load->view('main_index_4', array('page' => 'password', 'errors' => $errors, 'sended' => $sended)); }
} </script> <?php include "../../include/config.php"; include "../../include/db.php"; include "../../include/poa_rca.php"; include "../../include/mail_helper.php"; include "../../include/mail.php"; include "../../include/css/default.css"; $authenticated = $_REQUEST['authenticated']; $ticket_id = $_REQUEST['ticket_id']; $request_date = mktime(); $requested_by = $_REQUEST['requested_by']; $approval_by = $_REQUEST["approver"]; $approval_key = random_key(); $base_url = "http://"; if ($HTTPS == 1) { $base_url = "https://"; } $base_url .= $_SERVER["SERVER_NAME"] . "/" . $INSTALL_HOME . "eztickets/scp"; if ($authenticated == 1) { $sql = "insert into isost_ticket_approval (ticket_id,request_date,requested_by,approval_status,approval_by,approval_date,approval_comments,approval_key)"; $sql .= " values('{$ticket_id}','{$request_date}','{$requested_by}','PENDING','{$approval_by}','','','{$approval_key}')"; $result = mysql_query($sql); $sql = "update isost_ticket set pending_approval=1 where ticket_id='{$ticket_id}'"; $result = mysql_query($sql); $title = "Ticket Pending Approval"; $note = "Ticket is pending external approval from " . $approval_name . " requested by " . $requested_by; $sql = "insert into isost_ticket_note(ticket_id,staff_id,source,title,note,created)"; $sql .= " values('{$ticket_id}','0','system','{$title}','{$note}',NOW())";
public function save() { // Security stuffs $this->Security_model->log('election creation', 3); // None of these fields must be empty. If it occurs, there is an IHM problem and the procedure // should be aborted. $profile = array('election' => array('admin_name' => '', 'admin_surname' => '', 'admin_email' => '', 'admin_password' => '', 'business' => '', 'winners' => '', 'title' => '', 'page' => '', 'start' => '', 'end' => ''), 'candidates' => array(), 'electors' => array()); // No need to specify 'true' in the second argument as it is also configured in the config file, // but as it is a very important verification, it's better to force it here... $data = $this->input->post(null, true); $keys = array_keys($profile['election']); foreach ($data as $key => $value) { if ($key == 'start' or $key == 'end') { //$dt = DateTime::createFromFormat( 'd/m/Y', $value ); $dt = DateTime::createFromFormat('Y/m/d H:i', $value); if ($dt) { $profile['election'][$key] = $dt->format(DateTime::ISO8601); } else { die('Date error.'); } } elseif ($key == 'page') { $profile['election']['page'] = $value; // the same as below, without strip_tags() } elseif (in_array($key, $keys)) { $profile['election'][$key] = strip_tags($value); } elseif (substr($key, 0, 9) == 'candidate') { $profile['candidates'][] = strip_tags($value); } elseif (in_array(substr($key, 0, 4), array('name', 'surn', 'emai'))) { $col = preg_replace('/[0-9]/s', '', $key); $row = preg_replace('/[^0-9]/s', '', $key); $profile['electors'][$row][$col] = strip_tags($value); } elseif (substr($key, 0, 5) == 'valid') { // We have to ignore explicitly this field, otherwise we trigger // an 'unexpected data' error (see bellow) } else { die_error('unexpected data.'); } } // Adding public user ID // // $key_list is used to prevent the generation of two identical keys. // $key_list = array(); foreach ($profile['electors'] as &$e) { $key = random_key(); while (in_array($key, $key_list)) { $key = random_key(); } $key_list[] = $key; $e['public_id'] = $key; } // post treatment validation foreach ($profile as $value) { if ($value == '' or is_array($value) && count($value) == 0) { die_error('missing data.'); } } // generate a password for the admin // It will be sent to the admin with its confirmation mail. // In the database, only the md5 is saved for security reasons. $password = random_key(); $profile['election']['admin_password'] = md5($password); // Ok, so let's record it $this->load->model('Election_model'); $this->load->model('Candidate_model'); $this->load->model('Elector_model'); $fk = $this->Election_model->save($profile['election']); $this->Candidate_model->save($profile['candidates'], $fk); $this->Elector_model->save($profile['electors'], $fk); // warn the admin $this->lang->load('el_mail'); $response = sendmail(array('subject' => 'Congratulations ! Elections are on rails now', 'message' => $this->load->view('email/creation', array('data' => $profile['election'], 'password' => $password), true), 'toName' => $profile['election']['admin_name'] . ' ' . $profile['election']['admin_surname'], 'toEmail' => $profile['election']['admin_email'])); if ($response !== true) { die_error($response); } // warn the electors foreach ($profile['electors'] as $elector) { $mail = array('subject' => $profile['election']['title'], 'message' => $this->load->view('email/invitation', array('message' => $profile['election']['page'], 'public_id' => $elector['public_id'], 'start' => $profile['election']['start'], 'end' => $profile['election']['end']), true), 'fromName' => 'Election Libre', 'fromEmail' => $profile['election']['admin_email'], 'fromBusiness' => $profile['election']['business'], 'toName' => $elector['name'] . ' ' . $elector['surname'], 'toEmail' => $elector['email']); $response = sendmail($mail); if ($response !== true) { die_error($response); } } die(lang('manage_success')); }
?> </span> </td> </tr> <tr> <th scope="row"><?php echo $lang_admin_options['SMTP password label']; ?> </th> <td> <label><input type="checkbox" name="form_smtp_change_pass" value="1" /> <?php echo $lang_admin_options['SMTP change password help']; ?> </label> <?php $smtp_pass = !empty($feather_config['o_smtp_pass']) ? random_key(feather_strlen($feather_config['o_smtp_pass']), true) : ''; ?> <input type="password" name="form_smtp_pass1" size="25" maxlength="50" value="<?php echo $smtp_pass; ?> " /> <input type="password" name="form_smtp_pass2" size="25" maxlength="50" value="<?php echo $smtp_pass; ?> " /> <span><?php echo $lang_admin_options['SMTP password help']; ?> </span> </td> </tr>
* Last Updated: 6/5/2014 * Signature: Tyler Nickerson * Copyright 2014 eDart * * [Do not remove this header. One MUST be included at the start of every page/script] * */ include_once $_SERVER["DOC_ROOT"] . "/scripts/php/core.php"; //Include core functionality $complete = false; //Boolean denoting whether the form has been submitted //If the form has been submitted... if (isset($_POST["forgotbox"])) { $to = trim($_POST["forgotbox"]); //Get the email address to send it to $rand = random_key(64); //Get a random password to reset to $fname = "eDart"; //Default user first name $lname = "User"; //Default user last name $found = false; //Boolean as to whether this user exists //Connect to MySQL $con = mysqli_connect(host(), username(), password(), mainDb()); //Try to find the user by email (not possible via the API) $que = mysqli_query($con, "SELECT * FROM `usr` WHERE `email`='" . mysqli_real_escape_string($con, $to) . "'"); //Loop through the results while ($row = mysqli_fetch_array($que)) { //If we found them... $fname = $row["fname"];
//If the user is not logged in... if (!isset($_SESSION["userid"])) { header("Location: /"); //Send them home exit; //Exit } HTML::begin(); Head::make("Validate Email"); Body::begin(); //Connect to MySQL $con = mysqli_connect(host(), username(), password(), mainDb()); //Delete any previous validation keys from the server mysqli_query($con, "DELETE FROM validate WHERE `id`='" . mysqli_real_escape_string($con, $_SESSION["userid"]) . "'"); //Generate a 256 character validation key $ukey = random_key(256); //Put the key in the table with the user ID attached $set_key = "INSERT INTO validate(`id`, `key`) VALUES ('" . mysqli_real_escape_string($con, $_SESSION["userid"]) . "', '" . mysqli_real_escape_string($con, $ukey) . "')"; mysqli_query($con, $set_key); //Close the connection mysqli_close($con); //Get info about the current user $curuser = new User(array("action" => "get", "id" => $_SESSION["userid"])); $uinfo = $curuser->run(true); $uinfo = $uinfo[0]; //Send an email to the user sendMail($uinfo["email"], $uinfo["fname"], $uinfo["lname"], "Validate Your Email", "Click the button below to validate your email.", "signup/continue.php?auth=" . urlencode($ukey), "Validate Email"); ?> <div class="layout-1200 uk-container-center"> <div class="uk-width-1-3 uk-align-center">
function send_password() { // Переменная ошибок $errors = array(); $sended = false; // Загружаем модули $this->load->library('email'); $this->load->helper('email'); // Тип письма text или html $config['mailtype'] = 'html'; $this->email->initialize($config); if (!isset($_POST['universe'])) { $errors[] = $this->lang->line('error_universe'); } if (!isset($_POST['email']) or !valid_email($_POST['email'])) { $errors[] = $this->lang->line('error_email2'); } if (count($errors) == 0) { $user_query = $this->db->get_where($_POST['universe'] . '_users', array('email' => $_POST['email'])); if ($user_query->num_rows == 0) { $errors[] = $this->lang->line('error_email3'); } else { $user = $user_query->row(); $password = $key = random_key(8); $this->db->set('password', md5($password)); $this->db->where(array('id' => $user->id)); $this->db->update($_POST['universe'] . '_users'); //Отправляем письмо $message = '<html><body><p>' . $this->lang->line('register_email_text_1') . ' ' . $user->login . ',<br><br>' . $this->lang->line('password_email_text_1') . ' (' . $_POST['universe'] . '):<br><br>' . $password . '<br><br>' . $this->lang->line('password_email_text_2') . ' <a href="' . $this->config->item('base_url') . '" target="_blank">' . $this->config->item('base_url') . '</a><br><br>' . $this->lang->line('register_email_text_6') . ',<br>' . $this->lang->line('register_email_text_7') . '</p></body></html>'; $this->email->from($this->config->item('email_from'), $this->lang->line('register_email_from')); $this->email->to($_POST['email']); $this->email->subject($this->lang->line('password_email_text_1') . '!'); $this->email->message($message); $this->email->send(); $sended = true; } } $this->session->set_flashdata(array('errors' => $errors)); $this->session->set_flashdata(array('sended' => $sended)); $this->load->view('main_index', array('page' => 'password', 'errors' => $errors)); }
</span></span> <input type="text" name="cookie_name" value="<?php echo panther_htmlspecialchars('panther_cookie_' . random_key(6, false, true)); ?> " maxlength="25" /></label> </div> <div class="row"> <label class="req"><span class="title"><?php echo $lang_install['Cookie seed']; ?> <span class="required"><?php echo $lang_install['Required']; ?> </span></span> <input type="text" name="cookie_seed" value="<?php echo panther_htmlspecialchars(random_key(16, false, true)); ?> " maxlength="25" /></label> </div> </div> </div> <div class="box"> <p class="boxtitle"><?php echo $lang_install['Appearance']; ?> </p> <p class="boxinfo"><?php echo $lang_install['Info 15'];
$approver_key = $check_key; $action_date = mktime(); $sql = "update poa_approval_history set action='{$action}', action_date='{$action_date}', action_by='{$action_by}',comments='{$comments}' where activity_id='{$activity_id}' and action='PENDING APPROVAL'"; $result = mysql_query($sql); echo "<h2>You have submitted your approval. You can close this browser window.</h2>"; if ($action == "APPROVED") { // Check if additional approvals are required and if yes, notify the next user in the approval chain $sql = "select record_index,approver_name,approver_email,approver_key"; $sql .= " from poa_approval_history where activity_id='{$activity_id}' and action in ('ADDED') order by item_order asc limit 1"; $result = mysql_query($sql); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_row($result); $record_index = $row[0]; $next_approver_name = $row[1]; $next_approver_email = $row[2]; $next_approver_key = random_key(); $sql = "update poa_approval_history set approver_key='{$next_approver_key}',action='PENDING APPROVAL' where record_index='{$record_index}'"; $result = mysql_query($sql); $subject = "PLANNED ACTIVITY APPROVAL REQUEST : {$poa_display}"; $url = $base_url . "/pa_view.php" . "?check_email=" . $next_approver_email . "&check_key=" . "{$next_approver_key}"; $body = "\nA Planned Activity is pending your approval. Kindly click on the URL : {$url} to view and approve the request.\n\n\n"; $body .= "PLEASE NOTE THAT THE ABOVE URL IS FOR ONE TIME USE ONLY.\nPLEASE DO NOT REPLY TO THIS E-MAIL"; ezmail($next_approver_email, $next_approver_name, $subject, $body, ""); $i++; } else { // set flag for completed approvals $approvals_completed = 1; } // Notify the owner of the POA $subject = "PLANNED ACTIVITY : {$approver_name} {$action}"; $body = "\nThis is to inform you that, {$approver_name} has {$action} the Planned Activity with ID : {$poa_display} submitted by you.\n\nThe Planned Activity may require further approvals and you shall be notified accordingly.\n\n\n";
$initial_group_id = 9; } else { $initial_group_id = $forum_config['o_regs_verify'] == '0' ? $forum_config['o_default_user_group'] : FORUM_UNVERIFIED; } $salt = random_key(12); $password_hash = forum_hash($password1, $salt); // Validate timezone and DST $timezone = isset($_POST['timezone']) ? floatval($_POST['timezone']) : $forum_config['o_default_timezone']; // Validate timezone — on error use default value if ($timezone > 14.0 || $timezone < -12.0) { $timezone = $forum_config['o_default_timezone']; } // DST $dst = isset($_POST['dst']) && intval($_POST['dst']) === 1 ? 1 : $forum_config['o_default_dst']; // Insert the new user into the database. We do this now to get the last inserted id for later use. $user_info = array('username' => $username, 'pubkey' => $pubkey, 'btcaddress' => $btcaddress, 'invitedBy' => $username2, 'group_id' => $initial_group_id, 'salt' => $salt, 'password' => $password1, 'password_hash' => $password_hash, 'email' => $email1, 'email_setting' => $forum_config['o_default_email_setting'], 'timezone' => $timezone, 'dst' => $dst, 'language' => $language, 'style' => $forum_config['o_default_style'], 'registered' => time(), 'registration_ip' => get_remote_address(), 'activate_key' => $forum_config['o_regs_verify'] == '1' ? '\'' . random_key(8, true) . '\'' : 'NULL', 'require_verification' => $forum_config['o_regs_verify'] == '1', 'notify_admins' => $forum_config['o_regs_report'] == '1'); ($hook = get_hook('rg_register_pre_add_user')) ? eval($hook) : null; add_user($user_info, $new_uid); // If we previously found out that the e-mail was banned if ($banned_email && $forum_config['o_mailing_list'] != '') { $mail_subject = 'Alert - Banned e-mail detected'; $mail_message = 'User \'' . $username . '\' registered with banned e-mail address: ' . $email1 . "\n\n" . 'User profile: ' . forum_link($forum_url['user'], $new_uid) . "\n\n" . '-- ' . "\n" . 'Forum Mailer' . "\n" . '(Do not reply to this message)'; ($hook = get_hook('rg_register_banned_email')) ? eval($hook) : null; forum_mail($forum_config['o_mailing_list'], $mail_subject, $mail_message); } // If we previously found out that the e-mail was a dupe if (!empty($dupe_list) && $forum_config['o_mailing_list'] != '') { $mail_subject = 'Alert - Duplicate e-mail detected'; $mail_message = 'User \'' . $username . '\' registered with an e-mail address that also belongs to: ' . implode(', ', $dupe_list) . "\n\n" . 'User profile: ' . forum_link($forum_url['user'], $new_uid) . "\n\n" . '-- ' . "\n" . 'Forum Mailer' . "\n" . '(Do not reply to this message)'; ($hook = get_hook('rg_register_dupe_email')) ? eval($hook) : null; forum_mail($forum_config['o_mailing_list'], $mail_subject, $mail_message);
function set_default_user() { global $forum_db, $db_type, $forum_user, $forum_config; $remote_addr = get_remote_address(); $return = ($hook = get_hook('fn_set_default_user_start')) ? eval($hook) : null; if ($return != null) { return; } // Fetch guest user $query = array('SELECT' => 'u.*, g.*, o.logged, o.csrf_token, o.prev_url, o.last_post, o.last_search', 'FROM' => 'users AS u', 'JOINS' => array(array('INNER JOIN' => 'groups AS g', 'ON' => 'g.g_id=u.group_id'), array('LEFT JOIN' => 'online AS o', 'ON' => 'o.ident=\'' . $forum_db->escape($remote_addr) . '\'')), 'WHERE' => 'u.id=1'); ($hook = get_hook('fn_set_default_user_qr_get_default_user')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); $forum_user = $forum_db->fetch_assoc($result); if (!$forum_user) { exit('Unable to fetch guest information. The table \'' . $forum_db->prefix . 'users\' must contain an entry with id = 1 that represents anonymous users.'); } if (!defined('FORUM_QUIET_VISIT')) { // Update online list if (!$forum_user['logged']) { $forum_user['logged'] = time(); $forum_user['csrf_token'] = random_key(40, false, true); $forum_user['prev_url'] = get_current_url(255); // REPLACE INTO avoids a user having two rows in the online table $query = array('REPLACE' => 'user_id, ident, logged, csrf_token', 'INTO' => 'online', 'VALUES' => '1, \'' . $forum_db->escape($remote_addr) . '\', ' . $forum_user['logged'] . ', \'' . $forum_user['csrf_token'] . '\'', 'UNIQUE' => 'user_id=1 AND ident=\'' . $forum_db->escape($remote_addr) . '\''); if ($forum_user['prev_url'] != null) { $query['REPLACE'] .= ', prev_url'; $query['VALUES'] .= ', \'' . $forum_db->escape($forum_user['prev_url']) . '\''; } ($hook = get_hook('fn_set_default_user_qr_add_online_guest_user')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); } else { $query = array('UPDATE' => 'online', 'SET' => 'logged=' . time(), 'WHERE' => 'ident=\'' . $forum_db->escape($remote_addr) . '\''); $current_url = get_current_url(255); if ($current_url != null) { $query['SET'] .= ', prev_url=\'' . $forum_db->escape($current_url) . '\''; } ($hook = get_hook('fn_set_default_user_qr_update_online_guest_user')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); } } $forum_user['disp_topics'] = $forum_config['o_disp_topics_default']; $forum_user['disp_posts'] = $forum_config['o_disp_posts_default']; $forum_user['timezone'] = $forum_config['o_default_timezone']; $forum_user['dst'] = $forum_config['o_default_dst']; $forum_user['language'] = $forum_config['o_default_lang']; $forum_user['style'] = $forum_config['o_default_style']; $forum_user['is_guest'] = true; $forum_user['is_admmod'] = false; ($hook = get_hook('fn_set_default_user_end')) ? eval($hook) : null; }
$first_crlf = strpos($mail_tpl, "\n"); $mail_subject = forum_trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_message = forum_trim(substr($mail_tpl, $first_crlf)); // Do the generic replacements first (they apply to all e-mails sent out here) $mail_message = str_replace('<base_url>', $base_url . '/', $mail_message); $mail_message = str_replace('<board_mailer>', sprintf($lang_common['Forum mailer'], $forum_config['o_board_title']), $mail_message); ($hook = get_hook('li_forgot_pass_new_general_replace_data')) ? eval($hook) : null; // Loop through users we found foreach ($users_with_email as $cur_hit) { $forgot_pass_timeout = 3600; ($hook = get_hook('li_forgot_pass_pre_flood_check')) ? eval($hook) : null; if ($cur_hit['last_email_sent'] != '' && time() - $cur_hit['last_email_sent'] < $forgot_pass_timeout && time() - $cur_hit['last_email_sent'] >= 0) { message(sprintf($lang_login['Email flood'], $forgot_pass_timeout)); } // Generate a new password activation key $new_password_key = random_key(8, true); $query = array('UPDATE' => 'users', 'SET' => 'activate_key=\'' . $new_password_key . '\', last_email_sent = ' . time(), 'WHERE' => 'id=' . $cur_hit['id']); ($hook = get_hook('li_forgot_pass_qr_set_activate_key')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); // Do the user specific replacements to the template $cur_mail_message = str_replace('<username>', $cur_hit['username'], $mail_message); $cur_mail_message = str_replace('<activation_url>', str_replace('&', '&', forum_link($forum_url['change_password_key'], array($cur_hit['id'], $new_password_key))), $cur_mail_message); ($hook = get_hook('li_forgot_pass_new_user_replace_data')) ? eval($hook) : null; forum_mail($email, $mail_subject, $cur_mail_message); } message(sprintf($lang_login['Forget mail'], '<a href="mailto:' . forum_htmlencode($forum_config['o_admin_email']) . '">' . forum_htmlencode($forum_config['o_admin_email']) . '</a>')); } else { $errors[] = sprintf($lang_login['No e-mail match'], forum_htmlencode($email)); } } }
?> </span> </td> </tr> <tr> <th scope="row"><?php echo $lang->t('SMTP password label'); ?> </th> <td> <span><input type="checkbox" name="form[smtp_change_pass]" value="1" />  <?php echo $lang->t('SMTP change password help'); ?> </span> <?php $smtp_pass = !empty($pun_config['o_smtp_pass']) ? random_key(pun_strlen($pun_config['o_smtp_pass']), true) : ''; ?> <input type="password" name="form[smtp_pass1]" size="25" maxlength="50" value="<?php echo $smtp_pass; ?> " /> <input type="password" name="form[smtp_pass2]" size="25" maxlength="50" value="<?php echo $smtp_pass; ?> " /> <span><?php echo $lang->t('SMTP password help'); ?> </span> </td> </tr>
// Regenerate the config cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require PANTHER_ROOT . 'include/cache.php'; } generate_config_cache(); clear_feed_cache(); if ($form['url_type'] != $panther_config['o_url_type']) { //Load new URL pack to avoid 404 error after redirecting if (file_exists(PANTHER_ROOT . 'include/url/' . $form['url_type'] . '.php')) { require PANTHER_ROOT . 'include/url/' . $form['url_type'] . '.php'; } else { require PANTHER_ROOT . 'include/url/default.php'; } generate_quickjump_cache(); } redirect(panther_link($panther_url['admin_options']), $lang_admin_options['Options updated redirect']); } $page_title = array($panther_config['o_board_title'], $lang_admin_common['Admin'], $lang_admin_common['Options']); define('PANTHER_ACTIVE_PAGE', 'admin'); require PANTHER_ROOT . 'header.php'; generate_admin_menu('options'); $diff = ($panther_user['timezone'] + $panther_user['dst']) * 3600; $timestamp = time() + $diff; $schemes = get_url_schemes(); $scheme_options = array(); foreach ($schemes as $scheme) { $scheme_options[] = array('file' => $scheme, 'title' => substr(ucwords(str_replace('_', ' ', $scheme)), 0, -4)); } $tpl = load_template('admin_options.tpl'); echo $tpl->render(array('lang_admin_options' => $lang_admin_options, 'lang_admin_common' => $lang_admin_common, 'panther_config' => $panther_config, 'form_action' => panther_link($panther_url['admin_options']), 'csrf_token' => generate_csrf_token(PANTHER_ADMIN_DIR . '/options.php'), 'max_file_size' => $max_file_size, 'types' => $scheme_options, 'languages' => forum_list_langs(), 'styles' => forum_list_styles(), 'time_format' => gmdate($panther_config['o_time_format'], $timestamp), 'date_format' => gmdate($panther_config['o_date_format'], $timestamp), 'censoring_link' => panther_link($panther_url['admin_censoring']), 'archive_link' => panther_link($panther_url['admin_archive']), 'ranks_link' => panther_link($panther_url['admin_ranks']), 'tasks_link' => panther_link($panther_url['admin_tasks']), 'feeds' => array(5, 15, 30, 60), 'smtp_pass' => !empty($panther_config['o_smtp_pass']) ? random_key(panther_strlen($panther_config['o_smtp_pass']), true) : '', 'themes' => forum_list_themes())); require PANTHER_ROOT . 'footer.php';
} $cache_dir->close(); } } else { $alerts[] = '<li><span>' . $lang_install['No cache write'] . '</span></li>'; } // Check if default avatar directory is writable if (!is_writable(FORUM_ROOT . 'img/avatars/')) { $alerts[] = '<li><span>' . $lang_install['No avatar write'] . '</span></li>'; } // Check if we disabled uploading avatars because file_uploads was disabled if ($avatars == '0') { $alerts[] = '<li><span>' . $lang_install['File upload alert'] . '</span></li>'; } // Add some random bytes at the end of the cookie name to prevent collisions $cookie_name = 'forum_cookie_' . random_key(6, false, true); /// Generate the config.php file data $config = generate_config_file(); // Attempt to write config.php and serve it up for download if writing fails $written = false; if (is_writable(FORUM_ROOT)) { $fh = @fopen(FORUM_ROOT . 'config.php', 'wb'); if ($fh) { fwrite($fh, $config); fclose($fh); $written = true; } } if ($install_pun_repository && is_readable(FORUM_ROOT . 'extensions/pun_repository/manifest.xml')) { require FORUM_ROOT . 'include/xml.php'; $ext_data = xml_to_array(file_get_contents(FORUM_ROOT . 'extensions/pun_repository/manifest.xml'));
function attach_generate_filename($storagepath, $messagelength = 0, $size = 0) { // Login keys are one time use only. Use this as salt too. global $panther_user; $newfile = md5($messagelength . $size . $panther_user['login_key'] . random_key(18)) . '.attach'; if (!is_file($storagepath . $newfile)) { return $newfile; } else { return attach_generate_filename($storagepath, $messagelength, $size); } }
private function create($parameters) { global $con; if (!isset($parameters["item1"]) || !isset($parameters["item2"])) { return 401; } elseif (!isset($_SESSION["userid"])) { return 403; } else { $offerid = random_key(256); $offer_fields = array("id" => $offerid, "item1" => $parameters["item1"], "item2" => $parameters["item2"]); addRow($con, "exchange", $offer_fields); $originItem = new Item(array("action" => "get", "filter" => array("id" => $parameters["item1"]))); $originInfo = $originItem->run(); if ($originInfo[0]["usr"] != $_SESSION["userid"]) { return 403; exit; } $itemAuth = new User(array("action" => "get", "id" => $originInfo[0]["usr"])); $userGet = $itemAuth->run(); $afname = $userGet[0]["fname"]; $acceptItem = new Item(array("action" => "get", "filter" => array("id" => $parameters["item2"]))); $acceptInfo = $acceptItem->run(); $ai_name = $acceptInfo[0]["name"]; $ai_usr = $acceptInfo[0]["usr"]; $pronoun = "their"; switch (trim($userGet[0]["gender"])) { case "0": $pronoun = "his"; break; case "1": $pronoun = "her"; break; } $offermsg = $afname . " has decided to trade {$pronoun} " . $originInfo[0]["name"] . " for your " . $ai_name; $link = "exchange.php?offerid=" . trim($offerid); sendNotify($acceptInfo[0]["usr"], $offermsg, $link); return 200; } }
function generate_config_file() { global $db_type, $db_host, $db_name, $db_username, $db_password, $db_prefix, $cookie_name, $cookie_seed; return '<?php' . "\n\n" . '$db_type = \'' . $db_type . "';\n" . '$db_host = \'' . $db_host . "';\n" . '$db_name = \'' . addslashes($db_name) . "';\n" . '$db_username = \'' . addslashes($db_username) . "';\n" . '$db_password = \'' . addslashes($db_password) . "';\n" . '$db_prefix = \'' . addslashes($db_prefix) . "';\n" . '$p_connect = false;' . "\n\n" . '$cookie_name = ' . "'" . $cookie_name . "';\n" . '$cookie_domain = ' . "'';\n" . '$cookie_path = ' . "'/';\n" . '$cookie_secure = 0;' . "\n" . '$cookie_seed = \'' . random_key(16, false, true) . "';\n\ndefine('PUN', 1);\n"; }
$base_url = "http://"; if ($HTTPS == 1) { $base_url = "https://"; } $base_url .= $_SERVER["SERVER_NAME"] . "/" . $INSTALL_HOME . "rca"; $activity_id = $_REQUEST["activity_id"]; $action = "PENDING APPROVAL"; $action_by = $username; $action_date = mktime(); $email = $_REQUEST["email"]; $sql = "select record_index,approver_name,approver_email,approver_key,item_order"; $sql .= " from rca_approval_history where activity_id='{$activity_id}' and approver_email='{$email}' order by record_index asc limit 1"; $result = mysql_query($sql); while ($row = mysql_fetch_row($result)) { $record_index = $row[0]; $approver_name = $row[1]; $approver_email = $row[2]; $approver_key = random_key(); $sql = "update rca_approval_history set approver_key='{$approver_key}' where record_index='{$record_index}'"; $result = mysql_query($sql); $item_order = $row[4]; $subject = "RCA APPROVAL REQUEST : {$activity_id}"; $url = $base_url . "/rca_view.php" . "?check_email=" . $approver_email . "&check_key=" . "{$approver_key}"; $body = "\nA Root Cause Analysis (RCA) is pending your approval. Kindly click on the URL : {$url} to view and approve the request.\n\n\n"; $body .= "PLEASE NOTE THAT THE ABOVE URL IS FOR ONE TIME USE ONLY. \nPLEASE DO NOT REPLY TO THIS E-MAIL"; ezmail($approver_email, $approver_name, $subject, $body, ""); } ?> <meta http-equiv="REFRESH" content="0;URL=index.php">
} else { $query['WHERE'] = 'LOWER(username)=LOWER(\'' . $forum_db->escape($form_username) . '\')'; } ($hook = get_hook('li_login_qr_get_login_data')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); list($user_id, $group_id, $db_password_hash, $salt) = $forum_db->fetch_row($result); $authorized = false; if (!empty($db_password_hash)) { $sha1_in_db = strlen($db_password_hash) == 40 ? true : false; $form_password_hash = forum_hash($form_password, $salt); if ($sha1_in_db && $db_password_hash == $form_password_hash) { $authorized = true; } else { if (!$sha1_in_db && $db_password_hash == md5($form_password) || $sha1_in_db && $db_password_hash == sha1($form_password)) { $authorized = true; $salt = random_key(12); $form_password_hash = forum_hash($form_password, $salt); // There's an old MD5 hash or an unsalted SHA1 hash in the database, so we replace it // with a randomly generated salt and a new, salted SHA1 hash $query = array('UPDATE' => 'users', 'SET' => 'password=\'' . $form_password_hash . '\', salt=\'' . $forum_db->escape($salt) . '\'', 'WHERE' => 'id=' . $user_id); ($hook = get_hook('li_login_qr_update_user_hash')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); } } } ($hook = get_hook('li_login_pre_auth_message')) ? eval($hook) : null; if (!$authorized) { $errors[] = sprintf($lang_login['Wrong user/pass']); echo 'ERROR: ' . sprintf($lang_login['Wrong user/pass']); echo '<br /><a href="board/">Back to Board Index</a>'; }