コード例 #1
0
ファイル: password.php プロジェクト: xcommunicato/pjj-chats
function NewPass($uid, $key, $stamp)
{
    global $handler, $master_name_filter, $master_name, $master_email;
    mysql_query("DELETE FROM uo_chat_newpass WHERE pass_stamp < DATE_SUB(now(), INTERVAL 15 MINUTE)", $handler);
    if (!preg_match('@^\\w+$@', $key)) {
        echo "<p>Invalid key '{$key}'.<br>\n";
        return -1;
    }
    $uid = intval($uid);
    $stamp = date('Y-m-d H:i:s', strtotime($stamp));
    $result = mysql_query("SELECT pass_uid, pass_key, pass_stamp\n\t\tFROM uo_chat_newpass\n\t\tWHERE pass_uid={$uid} AND pass_key='" . $key . "' AND pass_stamp='" . $stamp . "'", $handler);
    $verify = mysql_fetch_assoc($result);
    mysql_free_result($result);
    if (empty($verify['pass_uid']) || $verify['pass_uid'] != $uid) {
        echo "<p>Invalid or expired reset link.<br>\n";
        return -1;
    }
    if (empty($verify['pass_key']) || $verify['pass_key'] != $key) {
        echo "<p>Invalid or expired reset link.<br>\n";
        return -1;
    }
    if (empty($verify['pass_stamp']) || $verify['pass_stamp'] != $stamp) {
        echo "<p>Invalid or expired reset link.<br>\n";
        return -1;
    }
    $result = mysql_query("SELECT chat, uid, username, email\n\t\tFROM uo_chat_database\n\t\tWHERE uid={$uid}", $handler);
    $cuser = mysql_fetch_assoc($result);
    mysql_free_result($result);
    if (empty($cuser['username']) || $cuser['uid'] != $uid) {
        echo "<p>User {$uid} was not found in the database.<br>\n";
        return -1;
    }
    if (strlen($cuser['email']) < 5 || strpos($cuser['email'], '@') === false) {
        echo "<p>User {$uid} doesn't have an email. Impossible to send new password.<br>\n";
        return -1;
    }
    $chat = trim(substr($cuser['chat'], 4));
    $username = trim($cuser['username']);
    $email = trim($cuser['email']);
    $newpass = RandomPass();
    $md5pass = md5($newpass);
    mysql_query("UPDATE uo_chat_database SET password='" . $md5pass . "' WHERE uid={$uid}", $handler);
    mysql_query("DELETE FROM uo_chat_newpass WHERE pass_uid={$uid}", $handler);
    $username = ucwords($username);
    $headers = '';
    $headers .= "From: {$master_name} <{$master_email}>\n";
    $headers .= "Reply-To: {$master_name} <{$master_email}>\n";
    $headers .= "Bcc: {$master_name} <{$master_email}>\n";
    $subject = "pJJ: New password for '{$username}' of /{$chat}";
    $message = <<<XBODY
New password for user {$username} (uid:{$cuser['uid']}):
{$newpass}

-- pJJ Chats

XBODY;
    mail("{$username} <{$email}>", $subject, $message, $headers);
    $fc = fopen("../{$chat}/register/wizard_locked/actionlog.log", "ab");
    fwrite($fc, stripslashes(date("F d, Y T - H:i:s") . ": New password generated for user '{$username}' - {$ip}\n"));
    fclose($fc);
    echo "<p>New password generated for user '{$username}', and emailed to {$email}.<br>\n";
}
コード例 #2
0
ファイル: login.php プロジェクト: TinoDidriksen/pjj-chats
     if (strlen($password) != 32) {
         $_SESSION[$realpath]['user']['password'] = md5($password);
     } else {
         $_SESSION[$realpath]['user']['password'] = $password;
     }
 }
 echo '<h2>Logged in as ', $login, '</h2>', "\n";
 echo "<p><br><FORM ACTION='login.php' METHOD='POST'>";
 if ($adminaction) {
     if ($adminaction == "adduser") {
         $new_name = $_REQUEST['new_name'];
         $new_pass = $_REQUEST['new_pass'];
         $new_level = $_REQUEST['new_level'];
         if ($new_name && $new_pass && $new_level) {
             if ($new_pass == "random") {
                 $new_pass = RandomPass(8);
             }
             $new_mail = $_REQUEST['new_mail'];
             $message = $_REQUEST['message'];
             $subject = $_REQUEST['subject'];
             if ($message && $subject && $new_email) {
                 mail($new_email, $subject, $message, "From: {$master_email}\nReply-To: {$cadmin}\nBCC: {$master_email}\nX-pJJ-IP: {$_SERVER['REMOTE_ADDR']}\nX-pJJ-Chat: https://pjj.cc/{$chatpath}/\nX-pJJ-Auth: {$_REQUEST['login']}\n");
                 echo "Mail sent to {$new_email}.";
             } else {
                 $new_faction = $_REQUEST['new_faction'];
                 if (empty($new_faction)) {
                     $new_faction = "0";
                 }
                 if (AddUser($login, $password, trim($new_name), trim($new_pass), trim($new_faction), trim($new_email), trim($new_level), $chatpath) >= 1) {
                     if ($ruid) {
                         count_mysql_query("UPDATE uo_chat_regapps SET appstat=1 WHERE chat='{$chatpath}' AND id='{$ruid}'", $handler);