function request($frm)
{
if (isset($_POST["btn_back"])) {
return enter($frm);
}
if ($frm->validate("request")) {
return confirm($frm);
}
$newkey = genkey();
if (isset($_REQUEST["suppid"])) {
$suppid = $_REQUEST["suppid"];
$custid = "0";
} else {
$custid = $_REQUEST["custid"];
$suppid = "0";
}
$cols = grp(m("introtime", raw("CURRENT_TIMESTAMP")), m("introip", "0.0.0.0"), m("email", $_REQUEST["email"]), m("custid", $custid), m("suppid", $suppid), m("key", dbrow("0.0.0.0/0", "", $newkey)), m("userid", USER_ID));
$upd = new dbUpdate("keys", "trh", $cols);
$upd->run(DB_INSERT);
if ($upd->affected() > 0) {
if (isset($_REQUEST["suppid"])) {
if (($r = send_trhmsg("supp", $_REQUEST["suppid"], $_REQUEST["email"], "reqkey", $newkey)) === true) {
$OUT = "Sent request for communication to supplier. On response you will be notified.";
} else {
$OUT = "Error sending request for communication: {$r}";
}
} else {
if (($r = send_trhmsg("cust", $_REQUEST["custid"], $_REQUEST["email"], "reqkey", $newkey)) === true) {
$OUT = "Sent request for communication to customer. On response you will be notified.";
} else {
$OUT = "Error sending request for communication: {$r}";
}
}
} else {
$OUT = "Error sending request for communication: Error updating database.";
}
return $OUT;
}
} elseif ($ch_name == false) {
$fehler = $lang['namealreadyinuse'];
} elseif ($email != $xemail) {
$fehler = $lang['wrongemail'];
} elseif ($ch_email == false) {
$fehler = $lang['emailalreadyinuse'];
}
$tpl = new tpl('user/regist');
$tpl->set('name', $name);
$tpl->set('email', $email);
$tpl->set_out('FEHLER', $fehler, 1);
if ($allgAr['forum_regist_user_pass'] == 1) {
$tpl->out(2);
}
$tpl->out(3);
} else {
$pass = genkey(8);
if (!empty($_POST['pass'])) {
$pass = escape($_POST['pass'], 'string');
}
user_regist($name, $email, $pass);
$tpl = new tpl('user/regist');
$title = $allgAr['title'] . ' :: Users :: Registrieren :: Step 3 von 3';
$hmenu = $extented_forum_menu . '<a class="smalfont" href="?user">User</a><b> » </b><a class="smalfont" href="?user-regist">Registrieren</a><b> » </b>Step 3 von 3' . $extented_forum_menu_sufix;
$design = new design($title, $hmenu, 1);
$design->header();
$tpl->set_out('NAME', $name, 4);
}
$design->footer();
break;
}
$rules .= '</table><br />';
}
$rules .= '<input type="checkbox" name="rules" value="' . $lang['yes'] . '" />' . str_replace(array('<a target="_blank" href="index.php?rules">', '</a>'), '', $lang['rulzreaded']) . '<br />';
$tpl->set_out('RULES', $rules, 2);
}
$tpl->set('ANTISPAM', get_antispam('joinus', 100));
$tpl->out(3);
} else {
// eintragen
$name = $xname;
$userreg = $lang['no'];
if (!loggedin() and $allgAr['forum_regist'] != 0) {
$x = user_regist($name, $mail, genkey(8));
$userreg = $lang['yes'];
}
db_query("INSERT INTO `prefix_usercheck` (`check`,`name`,`datime`,`ak`,`groupid`) VALUES ('" . genkey(8) . "','" . $name . "',NOW(),4," . $squad . ")");
$squad = escape($squad, 'integer');
$abf = "SELECT `mod1`, `mod2`, `mod4`, `name` FROM `prefix_groups` WHERE `id` = " . $squad;
$erg = db_query($abf);
$row = db_fetch_assoc($erg);
$rulz = isset($_POST['rules']) ? $_POST['rules'] : $lang['no'];
$skill = $skill_ar[$skill];
// bitte in der richtigen reihenfolge angeben, sonst das nicht gehen tun, kann.
$mailtxt = sprintf($lang['joinusprivmsg'], $name, $row['name'], $skill, $mail, $hometown, $age, $icqnumber, $favmap, $ground, $rulz, $userreg);
// pm an den leader
sendpm($_SESSION['authid'], $row['mod1'], 'Joinus Anfrage', $mailtxt, -1);
// Wenn Co Leader != Leader
if ($row['mod2'] != $row['mod1']) {
sendpm($_SESSION['authid'], $row['mod2'], 'Joinus Anfrage', $mailtxt, -1);
}
if ($row['mod4'] != $row['mod1'] and $row['mod2'] != $row['mod4']) {
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL)
* @copyright (C) 2000-2010 ilch.de
* @version $Id$
*/
defined('main') or die('no direct access');
$title = $allgAr['title'] . ' :: Users :: Password Reminder';
$hmenu = $extented_forum_menu . '<a class="smalfont" href="?user">Users</a><b> » </b> Password Reminder' . $extented_forum_menu_sufix;
$design = new design($title, $hmenu, 1);
$design->header();
$show = true;
if (isset($_POST['email'])) {
$email = get_lower(escape($_POST['email'], 'string'));
$erg = db_query("SELECT `name` FROM `prefix_user` WHERE `email` = BINARY '" . $email . "'");
if (db_num_rows($erg) == 1) {
$row = db_fetch_assoc($erg);
$new_pass = genkey(8);
$md5_pass = md5($new_pass);
$id = md5(uniqid(rand()));
db_query("INSERT INTO `prefix_usercheck` (`check`,`name`,`email`,`pass`,`datime`,`ak`)\n\t\tVALUES ('" . $id . "','" . $row['name'] . "','" . $email . "','" . $md5_pass . "',NOW(),2)");
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
$confirmlinktext = "\n" . $lang['registconfirm'] . "\n\n" . sprintf($lang['registconfirmlink'], $page, $id);
$regmail = sprintf($lang['newpasswordmail'], $row['name'], $confirmlinktext, $new_pass);
icmail($email, 'Password Reminder', $regmail);
// email an user
echo $lang['youhavereceivedaemail'];
$show = false;
} else {
echo $lang['namenotfound'];
}
}
if ($show) {
function user_regist($name, $mail, $pass)
{
global $allgAr, $lang;
$name_clean = get_lower($name);
$erg = db_query("SELECT `id` FROM `prefix_user` WHERE `name_clean` = BINARY '" . $name_clean . "'");
if (db_num_rows($erg) > 0) {
return false;
}
$mail = get_lower($mail);
$erg = db_query("SELECT `id` FROM `prefix_user` WHERE `email` = BINARY '" . $mail . "'");
if (db_num_rows($erg) > 0) {
return false;
}
if ($allgAr['forum_regist_user_pass'] == 0) {
$new_pass = genkey(8);
} else {
$new_pass = $pass;
}
$md5_pass = md5($new_pass);
$confirmlinktext = '';
// confirm insert in confirm tb not confirm insert in user tb
if ($allgAr['forum_regist_confirm_link'] == 1) {
// confirm link + text ... bit of shit put it in languages file
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
$id = md5(uniqid(rand()));
$confirmlinktext = "\n" . $lang['registconfirm'] . "\n\n" . sprintf($lang['registconfirmlink'], $page, $id);
db_query("INSERT INTO `prefix_usercheck` (`check`,`name`,`email`,`pass`,`datime`,`ak`)\r\n\t\tVALUES ('" . $id . "','" . $name . "','" . $mail . "','" . $md5_pass . "',NOW(),1)");
} else {
db_query("INSERT INTO `prefix_user` (`name`,`name_clean`,`pass`,`recht`,`regist`,`llogin`,`email`,`status`,`opt_mail`,`opt_pm`)\r\n\t\tVALUES('" . $name . "','" . $name_clean . "','" . $md5_pass . "',-1,'" . time() . "','" . time() . "','" . $mail . "',1,1,1)");
$userid = db_last_id();
}
$regmail = sprintf($lang['registemail'], $name, $confirmlinktext, $mail, $new_pass);
icmail($mail, 'Anmeldung', $regmail);
// email an user
return true;
}
<?php
include "common.php";
session_start();
$conn = new mysqli($host, $username, $password, $dbname);
if ($conn->connect_errno) {
die('Could not connect: ' . $conn->connect_error);
}
if (empty($_SESSION["username"])) {
header("location: login.html");
}
$uname = $_SESSION["username"];
$newhash = genkey();
$query = "UPDATE {$usertablename} SET idhash='{$newhash}' WHERE username='******'";
$conn->query($query);
echo "Server URL: " . $streamurl . $newhash . "<br>";
echo "<br><a href={$baseurl}/profile.php>Go back</a>";
$uid = escape($_POST['uID'], 'integer');
$altes_recht = db_result(db_query("SELECT recht FROM prefix_user WHERE id = " . $uid), 0);
$neues_recht = escape($_POST['urecht'], 'integer');
if (($neues_recht <= $_SESSION['authright'] or $altes_recht <= $_SESSION['authright']) and $_SESSION['authid'] > 1) {
$changeok = false;
}
if ($changeok and chk_antispam('adminuser', true)) {
if (isset($_POST['userdel'])) {
user_remove($uid);
wd('?user', 'User wurde erfolgreich gelöscht');
} else {
$abf = "SELECT * FROM prefix_user WHERE id = '" . $uid . "'";
$erg = db_query($abf);
$row = db_fetch_object($erg);
if (isset($_POST['passw'])) {
$newPass = genkey(8);
$newPassHash = user_pw_crypt($newPass);
icmail($row->email, 'neues Password', "Hallo\n\nDein Password wurde soeben von einem Administrator gäendert es ist nun:\n\n{$newPass}\n\nGruß der Administrator");
db_query('UPDATE `prefix_user` SET pass = "******" WHERE id = "' . escape($_POST['uID'], 'integer') . '"');
}
// avatar speichern START
$avatar_sql_update = '';
if (!empty($_FILES['avatarfile']['name'])) {
$file_tmpe = $_FILES['avatarfile']['tmp_name'];
$rile_type = ic_mime_type($_FILES['avatarfile']['tmp_name']);
$file_type = $_FILES['avatarfile']['type'];
$file_size = $_FILES['avatarfile']['size'];
$fmsg = $lang['avatarisnopicture'];
$size = @getimagesize($file_tmpe);
$endar = array(1 => 'gif', 2 => 'jpg', 3 => 'png');
if (($size[2] == 1 or $size[2] == 2 or $size[2] == 3) and $size[0] > 10 and $size[1] > 10 and substr($file_type, 0, 6) == 'image/' and substr($rile_type, 0, 6) == 'image/') {
$browser = $_SERVER["HTTP_USER_AGENT"];
$protocol = isset($_SERVER["HTTPS"]) ? "https://" : "http://";
$baseref = "{$protocol}{$webname}";
$modbase = "{$docroot}/tracker";
$_SESSION["docroot"] = $docroot;
$_SESSION["scriptname"] = $scriptname;
$_SESSION["webname"] = $webname;
$_SESSION["baseref"] = $baseref;
include_once "{$docroot}/baselib/baselib.php";
include_once "{$docroot}/baselib/iconfig.php";
include_once "{$docroot}/sql/checktables.php";
include_once "{$docroot}/view.php";
// we are in $dev
$dev = true;
$debug = false;
$rnd = genkey(6);
$shandle = initi("{$docroot}", $modbase);
trackhit($shandle, $webname, $scriptname, "", "", "mysqli", false, $dev);
// now let's make sure all tables exist
check_tables($shandle, $docroot, $debug);
// now we'll make set visable css attribute based on browser
$btype = !isset($_SESSION["btype"]) ? strtolower(browsertype($browser)) : $_SESSION["btype"];
$block = $btype == "msie" ? "block" : "inline";
$_SESSION["browser"] = $btype;
$_SESSION["shandle"] = $shandle;
$_SESSION["debug"] = $debug;
// check for authentication
$logstate = (isset($_SESSION["logstate"]) and $_SESSION["logstate"] == "authenticated") ? "isauth" : "unauth";
$authtitle = (isset($_SESSION["logstate"]) and $_SESSION["logstate"] == "authenticated") ? "Login Authenticated" : "You must log in for access";
$nextact = getvardata("nextact", "home", 99);
$_SESSION["nextact"] = $nextact;
function user_regist($name, $mail, $pass)
{
global $allgAr, $lang;
$erg = db_query("SELECT id FROM prefix_user WHERE name = BINARY '" . $name . "'");
if (db_num_rows($erg) > 0) {
return false;
}
if ($allgAr['forum_regist_user_pass'] == 0) {
$new_pass = genkey(8);
} else {
$new_pass = $pass;
}
$passwordHash = user_pw_crypt($new_pass);
$confirmlinktext = '';
# confirm insert in confirm tb not confirm insert in user tb
if ($allgAr['forum_regist_confirm_link'] == 1) {
# confirm link + text ... bit of shit put it in languages file
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
$id = md5(uniqid(rand()));
$confirmlinktext = "\n" . $lang['registconfirm'] . "\n\n" . sprintf($lang['registconfirmlink'], $page, $id);
db_query("INSERT INTO prefix_usercheck (`check`,name,email,pass,datime,ak)\n\t\tVALUES ('" . $id . "','" . $name . "','" . $mail . "','" . $passwordHash . "',NOW(),1)");
} else {
db_query("INSERT INTO prefix_user (name,pass,recht,regist,llogin,email,status,opt_mail,opt_pm)\n\t\tVALUES('" . $name . "','" . $passwordHash . "',-1,'" . time() . "','" . time() . "','" . $mail . "',1,1,1)");
$userid = db_last_id();
}
$regmail = sprintf($lang['registemail'], $name, $confirmlinktext, $name, $new_pass);
icmail($mail, 'Anmeldung', $regmail);
# email an user
return true;
}
echo "Username too long";
echo "<br><a href={$baseurl}/register.html>Go back</a>";
die;
}
if (strlen($email) > 64) {
echo "Email too long";
echo "<br><a href={$baseurl}/register.html>Go back</a>";
die;
}
$namequery = "SELECT username FROM {$usertablename} WHERE username = '******'";
$emailquery = "SELECT email FROM {$usertablename} WHERE email = '{$email}'";
$nameresult = $conn->query($namequery);
$emailresult = $conn->query($emailquery);
if (mysqli_num_rows($nameresult) >= 1) {
echo "Duplicate username";
echo "<br><a href={$baseurl}/register.html>Go back</a>";
die;
}
if (mysqli_num_rows($emailresult) >= 1) {
echo "Duplicate email";
echo "<br><a href={$baseurl}/register.html>Go back</a>";
die;
}
$idhash = genkey();
$query = "INSERT INTO {$usertablename} (username, email, password, idhash) VALUES ('{$username}', '{$email}', '{$password}', '{$idhash}')";
$conn->query($query);
echo "Server URL: " . $streamurl . $idhash . "<br>";
echo "Play Path/Stream Key: " . $username;
echo "<br><a href={$baseurl}/index.html>Main page</a>";
echo "<br><a href={$baseurl}/profile.php>User profile</a>";
die;
function writenewkeyfile($keyfile = "key/key.key")
{
$h = fopen($keyfile, "w");
fwrite($h, implode("\r\n", genkey()) . "\r\n");
}
function infobox()
{
$rnd = genkey(5);
$baseref = $_SESSION["baseref"];
$allstylesrbtn = getvardata("allstylesrbtn", "no", 99);
$checkyes = $allstylesrbtn == "yes" ? "checked" : "";
$checkno = $allstylesrbtn == "no" ? "checked" : "";
//echo "<!-- allstylesrbtn[$allstylesrbtn]-->\n";
echo "\t<div name='tbox' id='tbox' class='topbox'>\n";
echo "\t\t<table border=0 cellpadding=0 cellspacing=0><tr>\n";
echo "<td>activecss @ {$baseref}<span id='xxx'></span></td>";
echo "<td> </td>";
echo "<td>Show all Styles?</td>";
echo "<td> </td>";
echo "<td onclick=\"setallstyles('yes');\" class=\"rbtn midstyle\">Yes:<input type=radio name='allstylesrbtn' id='allstylesrbtn[yes]' value='yes' {$checkyes}></td>";
echo "<td onclick=\"setallstyles('no');\" class=\"rbtn midstyle\">No:<input type=radio name='allstylesrbtn' id='allstylesrbtn[no]' value='no' {$checkno}></td>";
echo "<td> </td>";
echo "<td>[{$rnd}]</td>";
echo "</tr></table>\n";
echo "\t</div>\n";
}
function answered($shandle, $username, $fullnane, $email)
{
$tpass = genkey(8);
$upass = md5($tpass);
$sql = "set password=\"{$upass}\" where username=\"{$username}\"";
$sresult = mysql_query($sql, $shandle) or die("Cannot set password, contact site admin for assistance");
$subject = "Password reset";
$message = "Hello {$fullname}, your password has been reset to '{$tpass}' - please login and change your password as soon as you can.\n";
$headers = "From: alphageek@iworkere.com";
mail($email, $subject, $message, $headers);
echo "Your password has been emailed to your address - please login and change your password as soon as you can<br/>\n";
echo "<input type=button name=qbtn id=qbtn value=\"Next ->\" onclick=\"go('login');\">\n";
}
<?php
include "../../config/baselib.php";
include "../../config/config.php";
$modbase = "modules/login";
$_SESSION["modbase"] = $modbase;
if (!isset($_SESSION["key"])) {
session_start();
$_SESSION["key"] = genkey(10);
}
$key = $_SESSION["key"];
if (!isset($_SESSION["shandle"]) || $_SESSION["shandle"] == 0) {
$_SESSION["shandle"] = modinit("../../");
}
$nextact = getvardata("nextact", "view");
switch ($nextact) {
case "view":
showform();
break;
case "login":
dologin();
break;
case "home":
header("Location:./../../mobile.php");
}
exit;
/////////////////////////////////////////////////////////
// functions from here to eof
/////////////////////////////////////////////////////////
function showform()
{
$rules .= '</table><br />';
}
$rules .= '<input type="checkbox" name="rules" value="' . $lang['yes'] . '" />' . str_replace(array('<a target="_blank" href="index.php?rules">', '</a>'), '', $lang['rulzreaded']) . '<br />';
$tpl->set_out('RULES', $rules, 2);
}
$tpl->set('ANTISPAM', get_antispam('joinus', 100));
$tpl->out(3);
} else {
# eintragen
$name = $xname;
$userreg = $lang['no'];
if (!loggedin() and $allgAr['forum_regist'] != 0) {
$x = user_regist($name, $mail, genkey(8));
$userreg = $lang['yes'];
}
db_query("INSERT INTO prefix_usercheck (`check`,name,datime,ak,groupid) VALUES ('" . genkey(8) . "','" . $name . "',NOW(),4,{$squad})");
$squad = escape($squad, 'integer');
$abf = "SELECT `mod1`, `mod2`, `mod4`, name FROM prefix_groups WHERE id = " . $squad;
$erg = db_query($abf);
$row = db_fetch_assoc($erg);
$rulz = isset($_POST['rules']) ? $_POST['rules'] : $lang['no'];
$skill = $skill_ar[$skill];
# bitte in der richtigen reihenfolge angeben, sonst das nicht gehen tun, kann.
$mailtxt = sprintf($lang['joinusprivmsg'], $name, $row['name'], $skill, $mail, $hometown, $age, $icqnumber, $favmap, $ground, $rulz, $userreg);
# pm an den leader
sendpm($_SESSION['authid'], $row['mod1'], 'Joinus Anfrage', $mailtxt, -1);
# Wenn Co Leader != Leader
if ($row['mod2'] != $row['mod1']) {
sendpm($_SESSION['authid'], $row['mod2'], 'Joinus Anfrage', $mailtxt, -1);
}
if ($row['mod4'] != $row['mod1'] and $row['mod2'] != $row['mod4']) {
/**
* handles a new request
*
* @param string $key
* @param clsMailMsg $oMSG
* @param array $config
* @return bool
*/
function request_new($key, $oMSG, $config)
{
if (($stds = msg_std($oMSG)) === false) {
return false;
}
list($compname, $ipaddr, $bustel, $fromwho, $email) = $stds;
/* locate customer/supplier */
if ($fromwho == "supp") {
$suppid = locateSupplier($compname);
$custid = 0;
} else {
// $fromwho == "cust"
$custid = locateCustomer($compname);
$suppid = 0;
}
print "name: {$compname}\n";
print "ipaddr: {$ipaddr}\n";
print "bustel: {$bustel}\n";
print "fromwho: {$fromwho}\n";
print "custid: {$custid}\n";
print "suppid: {$suppid}\n";
/* check if company name and key is in list */
$qry = new dbSelect("keys", "trh", grp(m("cols", "1"), m("where", "{$fromwho}id='" . ${"{$fromwho}id"} . "' AND (key).send_key='{$key}'")));
$qry->run();
if ($qry->num_rows() > 0) {
print "---> KEY EXISTS, ignoring\n";
return false;
}
$qry->free();
print "from email: {$email}\n";
/* generate a key for receiving for client */
$newkey = genkey();
/* add new key to system */
$cols = grp(m("userid", $config["MANAGEUSER"]), m("introtime", raw("CURRENT_TIMESTAMP")), m("introip", $ipaddr), m("email", $email), m("compname", $compname), m("bustel", $bustel), m("custid", $custid), m("suppid", $suppid), m("key", dbrow("0.0.0.0/0", $key, $newkey)));
$upd = new dbUpdate("keys", "trh", $cols);
$upd->run(DB_INSERT);
$upd->free();
if ($custid == -1 && $suppid == -1) {
$desc = $fromwho == "supp" ? "supplier" : "customer";
$userinfo = qryUsers($config["MANAGEUSER"]);
msgSend($userinfo["username"], "Unknown {$desc} requested Transheks communication. \n\t\t\tClick <a target='mainframe' href=\"../transheks/commapprove.php\">here</a> to view.");
return false;
} else {
/* send response */
return send_trhmsg($fromwho, ${"{$fromwho}id"}, $email, "rspkey", "{$newkey}", $config);
}
}
