function redefinirsenha()
{
global $pdo;
$l_pass = $_POST['l_pass'];
$lc_pass = $_POST['lc_pass'];
$l_senha = $_POST['l_senha'];
$l_usuario = $_POST['l_usuario'];
$sql = "SELECT * FROM tb_lostpassword WHERE lostpassid = '{$l_senha}' AND email = '{$l_usuario}'";
$query = $pdo->query($sql);
$contador = $query->rowCount();
$resultado = $query->fetch();
if ($contador == 1 && $resultado['status'] == 0) {
if ($l_pass == $lc_pass) {
$newsenha = encrypt_pass($l_pass);
$sql = "UPDATE tb_usuarios SET senha = '{$newsenha}' WHERE email = '{$l_usuario}'";
$status = "UPDATE tb_lostpassword SET status = '1' WHERE lostpassid = '{$l_senha}' AND email = '{$l_usuario}'";
$query = $pdo->query($sql);
$query2 = $pdo->query($status);
if (!$query and !$query2) {
echo "\n\t\t\t \t<META HTTP-EQUIV=REFRESH CONTENT = '0;URL=login.php'>\n\t\t\t \t<script type=\"text/javascript\">\n\t\t\t \talert(\"Sua senha não pôde ser redefinida. Tente mais tarde.\");\n\t\t\t \t</script>\n\t\t\t \t";
} else {
echo "\n\t\t\t \t<META HTTP-EQUIV=REFRESH CONTENT = '0;URL=login.php'>\n\t\t\t \t<script type=\"text/javascript\">\n\t\t\t \talert(\"Sucesso! Sua senha foi redefinida com sucesso.\");\n\t\t\t \twindow.location = \"index\";\n\t\t\t \t</script>\n\t\t\t \t";
}
} else {
echo "\n\t\t \t<META HTTP-EQUIV=REFRESH CONTENT = '0;URL='>\n\t\t \t<script type=\"text/javascript\">\n\t\t \talert(\"As senhas não podem ser diferentes. Digite senhas iguais.\");\n\t\t \t</script>\n\t\t \t";
}
} else {
echo "\n\t \t<META HTTP-EQUIV=REFRESH CONTENT = '0;URL=/recuperar.php'>\n\t \t<script type=\"text/javascript\">\n\t \talert(\"A redefinição da senha expirou. Solicite novamente uma nova senha.\");\n\t \t</script>\n\t \t";
}
}
$conf = parse_ini_file ('../conf/config.php', true);
$conf['Database']['master']['master'] = true;
if (isset ($conf['Database']['master']['file'])) {
$conf['Database']['master']['file'] = '../' . $conf['Database']['master']['file'];
}
DB::$prefix = $conf['Database']['prefix'];
if (! DB::open ($conf['Database']['master'])) {
$data['error'] = DB::error ();
} else {
$date = gmdate ('Y-m-d H:i:s');
if (! DB::execute (
"update `#prefix#user` set `email` = ?, `password` = ?, `name` = ? where `id` = 1",
$_POST['email_from'],
encrypt_pass ($_POST['pass']),
$_POST['your_name']
)) {
$data['error'] = DB::error ();
} else {
$data['ready'] = true;
}
}
}
} else {
// set some default values
$_POST['site_name'] = 'Your Site Name';
$_POST['email_from'] = '*****@*****.**';
}
break;
$new_id = $_POST['the_set_id'];
if (!preg_match('/^[A-Za-z0-9]+$/', $new_id) || strlen($new_id) < 3 || strlen($new_id) > 200) {
//如果ID不符合规范
show_error_exit("错误:输入的ID不合法");
}
//判断新ID是否已有笔记本
$sql_return = mysqli_query($notesql, "SELECT ID, content FROM " . $sql_table . " WHERE ID='" . $new_id . "'");
$newid_the_content = mysqli_fetch_array($sql_return);
$this_ID_have_note = isset($newid_the_content['ID']) && $newid_the_content['ID'];
if ($this_ID_have_note) {
show_error_exit("错误:输入的ID已存在");
}
//设置新ID
mysqli_query($notesql, "UPDATE " . $sql_table . " SET ID = '" . $new_id . "' WHERE ID = '" . $noteId . "'");
//更新密码md5
$new_passwd_md5 = encrypt_pass($new_id, $password);
mysqli_query($notesql, "UPDATE " . $sql_table . " SET passwd = '" . $new_passwd_md5 . "' WHERE ID = '" . $new_id . "'");
//有密码标记为假
$passwd = false;
//如果用户中已记录这个ID,则删除它
if (isset($_COOKIE['myNoteUsername'])) {
$key = array_search($noteId, $user_notes_array);
array_splice($user_notes_array, $key, 1);
$user_notes = implode(";", $user_notes_array);
mysqli_query($notesql, "UPDATE " . $sql_table_user . " SET notes = '" . $user_notes . "' WHERE username = '******'");
}
reLocation($new_id);
}
if (isset($_POST['the_username'])) {
$username = $_POST['the_username'];
if (!preg_match('/^[A-Za-z0-9]+$/', $username) || strlen($username) < 3 || strlen($username) > 200) {
$config = preg_replace('/site_key = .*(?:\\r\\n|\\r|\\n)/', 'site_key = "' . md5(uniqid(rand(), true)) . '"' . PHP_EOL, $config, 1);
if (!file_put_contents('../conf/config.php', $config)) {
$data['error'] = __('Failed to write to conf/config.php');
} else {
// create the admin user now
$conf = parse_ini_file('../conf/config.php', true);
$conf['Database']['master']['master'] = true;
if (isset($conf['Database']['master']['file'])) {
$conf['Database']['master']['file'] = '../' . $conf['Database']['master']['file'];
}
DB::$prefix = $conf['Database']['prefix'];
if (!DB::open($conf['Database']['master'])) {
$data['error'] = DB::error();
} else {
$date = gmdate('Y-m-d H:i:s');
if (!DB::execute("update `#prefix#user` set `email` = ?, `password` = ?, `name` = ? where `id` = 1", $_POST['email_from'], encrypt_pass($_POST['pass']), $_POST['your_name'])) {
$data['error'] = DB::error();
} else {
$data['ready'] = true;
}
}
}
} else {
// set some default values
$_POST['site_name'] = 'Your Site Name';
$_POST['email_from'] = '*****@*****.**';
}
break;
case 'finished':
@umask(00);
@touch('../conf/installed');
<?php
function encrypt_pass($parametro)
{
$parametro = md5($parametro);
$senhadb = md5($parametro);
return $senhadb;
}
echo encrypt_pass('3755d43776');
/****************** 新送出註冊單 *******************/
if ($_POST['action'] == 'add_new_user_pending') {
$response_array['status'] = false;
$response_array['message'] = "";
$email_regex = '/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})$/';
if (!empty($_POST['useradd']) && !empty($_POST['passadd']) && !empty($_POST['nick']) && !empty($_POST['bbs']) && !empty($_POST['ref']) && !empty($_POST['intro']) && !empty($_POST['email']) && mb_strlen($_POST['passadd']) > 3 && mb_strlen($_POST['passadd']) < 21) {
if (!preg_match($email_regex, $_POST['email'])) {
$response_array['message'] = "E-mail 格式不正確!";
} else {
if (is_username_used($_POST['useradd'])) {
$response_array['message'] = "帳號已被使用!";
} else {
if (is_username_registing($_POST['useradd'])) {
$response_array['message'] = "等待審核中,請勿重複送出申請!";
} else {
$add = add_new_user_pending(htmlspecialchars($_POST['useradd'], ENT_QUOTES, "UTF-8"), encrypt_pass($_POST['passadd']), $_POST['email'], $_SERVER['REMOTE_ADDR'], time(), htmlspecialchars($_POST['nick'], ENT_QUOTES, "UTF-8"), htmlspecialchars($_POST['bbs'], ENT_QUOTES, "UTF-8"), htmlspecialchars($_POST['ref'], ENT_QUOTES, "UTF-8"), htmlspecialchars($_POST['intro'], ENT_QUOTES, "UTF-8"));
$to = "*****@*****.**";
$subject = "=?UTF-8?B?" . base64_encode("[SnowServer] 新註冊單") . "?=";
$headers = 'MIME-Version: 1.0' . "\r\n" . "Content-type: text/html; charset=utf-8\r\n" . "From: snowserver@mine.snowtec.org\r\n" . "Reply-to: taya86334@gmail.com";
$message = '<html><body>' . '<p><strong>' . htmlspecialchars($_POST['nick'], ENT_QUOTES, "UTF-8") . '</strong> ' . '填寫了註冊單。</p>' . '<p>請上<a href="http://mine.snowtec.org/pwd">網站</a>審核。</p>' . '</body></html>';
mail($to, $subject, $message, $headers);
if ($add) {
$response_array['status'] = true;
$response_array['message'] = "成功送出申請!";
} else {
$response_array['message'] = "資料庫連線錯誤!請通知管理員。";
}
}
}
}
} else {
<?php
require '../admin/classes/Database.php';
$pdo = Database::connect();
function encrypt_pass($parametro)
{
$parametro = md5($parametro);
$senhadb = md5($parametro);
return $senhadb;
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$password = $_POST['passnick'];
$encsenha = encrypt_pass($password);
$userlogs = $_POST['usernick'];
if (!$pdo) {
echo 'Não foi possível se conectar ao banco de dados';
} else {
// Tá conectado, vamos buscar os dados de acesso para comprar.
$consulta = "SELECT * FROM tb_usuarios WHERE email = '{$userlogs}'";
$resultado = $pdo->query($consulta);
$dados = $resultado->fetch();
if ($resultado->rowCount() == 1) {
if ($dados["senha"] == $encsenha) {
if ($dados["status"] == 1) {
session_start();
$_SESSION['usuarioPassw'] = $dados["senha"];
$_SESSION['usuarioEmail'] = $dados["email"];
$_SESSION['usuarioNomes'] = $dados["nome"];
$_SESSION['usuarioNivel'] = $dados["nivel"];
$_SESSION['usuarioStatus'] = $dados["status"];
echo '<script>window.location = "admin/home/index";</script>';