/** * Class constructor * * @return void */ public function __construct() { log_info("info", "security opened"); $this->securitytoken_time = time() + 60 * 1; $this->securitytoken = "token" . randstring(10); // 1min $this->urltoken(); $this->verifyUrl(); }
<?if(!defined("B_PROLOG_INCLUDED") || B_PROLOG_INCLUDED!==true)die(); $arParams["form_index"] = randstring(4); $arParams["FORM_ID"] = "REPLIER".$arParams["form_index"]; $arParams["jsObjName"] = "oLHE"; $arParams["LheId"] = "idLHE".$arParams["form_index"]; $arParams["tabIndex"] = intVal(intval($arParams["TAB_INDEX"]) > 0 ? $arParams["TAB_INDEX"] : 10); $arParams["EDITOR_CODE_DEFAULT"] = ($arParams["EDITOR_CODE_DEFAULT"] == "Y" ? "Y" : "N"); $arResult["QUESTIONS"] = array_values($arResult["QUESTIONS"]); if ($arParams['AJAX_POST']=='Y' && ($_REQUEST["save_product_review"] == "Y")) { ob_start(); } ?>
$validmcuser = false; /*$ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, "http://www.minecraft.net/haspaid.jsp?user="******"-" . $_POST['month'] . "-" . $_POST['day']; $datejoined = date("Y/m/d H:i:s"); $age = get_age($dob); $pass = $_POST['pass']; $confirmpass = $_POST['confirmpass']; $hashed_pass = sha1($pass); $verifcode = randstring(); if (checkdate(intval($_POST['month']), intval($_POST['day']), intval($_POST['year']))) { if ($pass == $confirmpass) { if (!empty($user) && !empty($email) && !empty($pass) && !empty($mcuser) && $user != " " && $email != " " && $pass != " " && $mcuser != " ") { if ($age >= 13) { if (checkstr($user) == false) { if (filter_var($email, FILTER_VALIDATE_EMAIL)) { if ($mcuser != "") { $query = "SELECT id, username, email, minecraft_username FROM users\n\t\t\t\t\t\t\t\t\t\tWHERE username='******' OR email='{$email}' OR minecraft_username='******'"; } else { $query = "SELECT id, username, email, minecraft_username FROM users\n\t\t\t\t\t\t\t\t\t\tWHERE username='******' OR email='{$email}'"; } $result = mysql_query($query, $connection); confirm_query($result); if (mysql_num_rows($result) >= 1) { if ($mcuser != "") {
private function set_newpass() { if (strlen($this->me['newpass']) == 8) { return $this->me['newpass']; } while (true) { $newpass = randstring(8); $this->db->query("SELECT id FROM persons WHERE newpass='******' LIMIT 1"); if ($this->db->num_rows() == 0) { $this->db->query("UPDATE persons SET newpass='******' WHERE id=" . $this->id); return $newpass; } } }
<?php require_once "includes/functions.php"; if (isset($_POST['submit'])) { if ($_POST['email'] != '') { $query = "SELECT username, email FROM `users` WHERE `email`='{$_POST['email']}'"; $result = mysqli_query($connection, $query); confirm_query($result); if (mysqli_num_rows($result) == 1) { $user = mysqli_fetch_array($result); $auth_code = randstring(); try { $query = "UPDATE `users` SET `chng_pass_authcode`='{$auth_code}', `chng_pass_authcode_date`='{$date}' WHERE `email`='{$_POST['email']}'"; $result = mysqli_query($connection, $query); confirm_query($result); //send email with password reset link $to = $user['email']; $email_subject = "Forgotten Password"; $email_message = 'Password change request for user "' . $user['username'] . '"<br />'; $email_message .= 'Change Password here: <a href="' . $GLOBALS['HOST'] . '/password_reset?auth=' . urlencode($auth_code) . '">' . $GLOBALS['HOST'] . '/password_reset?auth=' . urlencode($auth_code) . '</a><br />'; $email_message .= 'This link is good for 48 hours.'; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; if ($GLOBALS['site_info']['contact_email'] != "") { $headers .= "From: " . $GLOBALS['site_info']['contact_email'] . PHP_EOL; } else { $headers .= "From: " . $GLOBALS['site_info']['name'] . PHP_EOL; } mail($to, $email_subject, $email_message, $headers); $success = "An email has been sent containing a link to reset your password."; } catch (Exception $e) {
<?php require_once "../includes/functions.php"; ?> <?php if (!check_permission(array("Forms;add_form", "Forms;edit_form", "Forms;delete_form"))) { redirect_to("index.php"); } if (isset($_POST['newform'])) { if (check_permission("Forms", "add_form")) { if ($formname = mysql_prep($_POST['formname']) != "") { $formname = mysql_prep($_POST['formname']); $unique_name = randstring(); $date = date("Y/m/d H:i:s", time()); $query = "INSERT INTO `forms` (\n\t\t\t\t`name`, `u_name`, `creator`, `date_created`\n\t\t\t) VALUES (\n\t\t\t\t'{$formname}', '{$unique_name}', {$_SESSION['user_id']}, '{$date}')"; $result = mysqli_query($connection, $query); confirm_query($result); $query = "SELECT * FROM `galleries` WHERE `name` = '{$_POST['formname']}'"; $result = mysqli_query($connection, $query); confirm_query($result); $formid = mysqli_fetch_array($result); $success = "Form \"{$_POST['formname']}\" added!"; } else { $error = "Form name cannot be blank."; } } } elseif (isset($_POST['delforms'])) { if (check_permission("Forms", "delete_form")) { function del_form($id) {