$acc_page_vars['refer_points'] = Account::getReferPoints($acc->account_username); $template_vars['acc_page'] = Template::load('refer.html', $acc_page_vars, 0); } elseif (isset($_GET['profile'])) { if (isset($_GET['cpass']) && $GLOBALS['CONFIG_CHANGE_PASS']) { if (isset($_POST['change_password']) && isset($_POST['change_npassword']) && isset($_POST['change_rnpassword'])) { $change_password = $acc_page_vars['val_pass'] = htmlspecialchars($_POST['change_password']); $change_npassword = $acc_page_vars['val_npass'] = htmlspecialchars($_POST['change_npassword']); $change_rnpassword = $acc_page_vars['val_rnpass'] = htmlspecialchars($_POST['change_rnpassword']); if ($acc->validate_pass($change_password) && $acc->validate_pass($change_npassword) && $acc->validate_pass($change_rnpassword)) { if ($change_npassword != $change_rnpassword) { $GLOBALS['the_status'] = $GLOBALS['LANG_ERROR_RNPSAME']; } elseif ($change_npassword == $change_password) { $GLOBALS['the_status'] = $GLOBALS['LANG_ERROR_NPSAME']; } else { $old_pass = Main::encrypt($change_password); $new_pass = Main::encrypt($change_npassword); if ($GLOBALS['CONFIG_SERVER_TYPE'] == 1) { $query = Main::db_query(sprintf($GLOBALS['DBQUERY_CHECK_LOGIN'], $GLOBALS['DBSTRUCT_L2OFF_USERAUT_TABLE'], $GLOBALS['DBSTRUCT_L2OFF_USERAUT_ACCOUNT'], Main::db_escape_string($acc->account_username, $GLOBALS['DB_LOGIN_SERVER']), $GLOBALS['DBSTRUCT_L2OFF_USERAUT_PASS'], 'CONVERT(binary, ' . $old_pass . ')'), $GLOBALS['DB_LOGIN_SERVER']); } else { $query = Main::db_query(sprintf($GLOBALS['DBQUERY_CHECK_LOGIN'], $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_TABLE'], $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_NAME'], Main::db_escape_string($acc->account_username, $GLOBALS['DB_LOGIN_SERVER']), $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_PASS'], '\'' . $old_pass . '\''), $GLOBALS['DB_LOGIN_SERVER']); } if (Main::db_rows($query) == 1) { $cpass_flood = new AFlood('cpass'); if (!$cpass_flood->check()) { $GLOBALS['the_status'] = $GLOBALS['LANG_ERROR_CPASS_TIME']; } else { if ($GLOBALS['CONFIG_SERVER_TYPE'] == 1) { Main::db_query(sprintf($GLOBALS['DBQUERY_CHANGE_PASSWORD'], $GLOBALS['DBSTRUCT_L2OFF_USERAUT_TABLE'], $GLOBALS['DBSTRUCT_L2OFF_USERAUT_PASS'], 'CONVERT(binary, ' . $new_pass . ')', $GLOBALS['DBSTRUCT_L2OFF_USERAUT_ACCOUNT'], Main::db_escape_string($acc->account_username, $GLOBALS['DB_LOGIN_SERVER'])), $GLOBALS['DB_LOGIN_SERVER']); } else { Main::db_query(sprintf($GLOBALS['DBQUERY_CHANGE_PASSWORD'], $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_TABLE'], $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_PASS'], '\'' . $new_pass . '\'', $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_NAME'], Main::db_escape_string($acc->account_username, $GLOBALS['DB_LOGIN_SERVER'])), $GLOBALS['DB_LOGIN_SERVER']); }
if (isset($_GET['uname'])) { $template_vars['val_user'] = htmlspecialchars($_GET['uname']); } if (isset($_GET['rid'])) { $template_vars['val_code'] = htmlspecialchars($_GET['rid']); } if (isset($_GET['uname']) && isset($_GET['rid'])) { $rec_user = htmlspecialchars(trim($_GET['uname'])); $rec_rid = htmlspecialchars(trim($_GET['rid'])); if ($acc->validate_user($rec_user) && $acc->validate_code($rec_rid)) { if (Account::recover_check($rec_user)) { $query = Main::db_query(sprintf($GLOBALS['DBQUERY_MCHECK_CHECK'], Main::db_escape_string($rec_user, $GLOBALS['DB_LOGIN_SERVER']), Main::db_escape_string($rec_rid, $GLOBALS['DB_LOGIN_SERVER']), Main::db_escape_string(USER_IP, $GLOBALS['DB_LOGIN_SERVER'])), $GLOBALS['DB_LOGIN_SERVER']); if (Main::db_rows($query) == 1) { $query = Main::db_query(sprintf($GLOBALS['DBQUERY_MCHECK_DATA'], Main::db_escape_string($rec_user, $GLOBALS['DB_LOGIN_SERVER']), Main::db_escape_string($rec_rid, $GLOBALS['DB_LOGIN_SERVER']), Main::db_escape_string(USER_IP, $GLOBALS['DB_LOGIN_SERVER'])), $GLOBALS['DB_LOGIN_SERVER']); $data = Main::db_fetch_row($query); $new_pass = @Main::encrypt($data[2]); if ($GLOBALS['CONFIG_SERVER_TYPE'] == 1) { Main::db_query(sprintf($GLOBALS['DBQUERY_CHANGE_PASSWORD'], $GLOBALS['DBSTRUCT_L2OFF_USERAUT_TABLE'], $GLOBALS['DBSTRUCT_L2OFF_USERAUT_PASS'], 'CONVERT(binary, ' . $new_pass . ')', $GLOBALS['DBSTRUCT_L2OFF_USERAUT_ACCOUNT'], Main::db_escape_string($rec_user, $GLOBALS['DB_LOGIN_SERVER'])), $GLOBALS['DB_LOGIN_SERVER']); } else { Main::db_query(sprintf($GLOBALS['DBQUERY_CHANGE_PASSWORD'], $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_TABLE'], $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_PASS'], '\'' . $new_pass . '\'', $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_NAME'], Main::db_escape_string($rec_user, $GLOBALS['DB_LOGIN_SERVER'])), $GLOBALS['DB_LOGIN_SERVER']); } Main::db_query(sprintf($GLOBALS['DBQUERY_MCHECK_DELETE'], Main::db_escape_string($rec_user, $GLOBALS['DB_LOGIN_SERVER'])), $GLOBALS['DB_LOGIN_SERVER']); $mail = new Mail(); $mail->Send($data[1], $GLOBALS['CONFIG_ADMIN_MAIL'], sprintf($GLOBALS['LANG_RECOVER_PASS_MAIL_SUBJECT'], $GLOBALS['CONFIG_WEBSITE_NAME']), sprintf($GLOBALS['LANG_RECOVER_PASS_MAIL'], $data[0], $data[2], $GLOBALS['CONFIG_WEBSITE_NAME'])); $GLOBALS['the_status'] = $GLOBALS['LANG_RECOVER_SUCCEDED']; } else { $GLOBALS['the_status'] = $GLOBALS['LANG_ERROR_ACT_SESSION']; } } else { $GLOBALS['the_status'] = $GLOBALS['LANG_ERROR_ACT_EXPIRED']; }