$finalResult = mysql_num_rows(mysql_query("SELECT * FROM users WHERE username = '******' && password = '******'"));
} elseif ($result2 == 1) {
$finalQuery = mysql_query("SELECT * FROM users WHERE email = '{$user}' && password = '******'");
$finalResult = mysql_num_rows(mysql_query("SELECT * FROM users WHERE email = '{$user}' && password = '******'"));
}
$q = mysql_query("SELECT * FROM users WHERE username = '******' && activated = '1'");
$activated = mysql_num_rows($q);
if ($result == 1 || $result2 == 1 && $activated == "1") {
//If user details match
//Set User Variables
$arr = mysql_fetch_array($finalQuery);
$user = $arr['username'];
$_SESSION['account_position'] = $arr['account_position'];
checkIfBanned();
//Check if banned before continuing
if (getPasswordStrength($_POST['password']) < $globalPasswordStrength) {
$_SESSION['INSECURE_PASS_DATA'] = $user . ":" . $pass;
header("Location: ?error=insecurePassword");
return;
}
if ($_SESSION['account_position'] == "Admin") {
$ip = "(Removed For Privacy Reasons)";
}
$_SESSION['IP'] = $ip;
//Log successful login
logText("{$user} Logged In With The Ip: {$ip} At " . date("h:i A") . "", "good");
$_SESSION['LoggedIn'] = True;
Header("Location: /main.php");
return;
} else {
$arr = mysql_fetch_array($finalQuery);
<tr>
<td><font color=white>Confirm New Password:</font></td>
<td><input type="password" name="confirmpass"/></td>
</tr>
</table>
<div class="sub2">
<input type="submit" class="btn rc05 f10 p05 dk blue" value="Change Password" name="newpass"/>
</div>
</form>
</div>
</center>';
if (isset($_POST['newpassword'])) {
if (secureForDB($_POST['confirmpass']) == $_POST['newpassword']) {
$passStrength = getPasswordStrength(secureForDB($_POST['newpassword']));
if ($passStrength >= $globalPasswordStrength) {
$newPass = hashPassword(secureForDB($_POST['newpassword']));
$query = mysql_query("SELECT * FROM reset_pass WHERE code = '{$code}'");
$arr = mysql_fetch_array($query);
$user = $arr['username'];
$check = mysql_num_rows($query);
if ($check == 1) {
$update = mysql_query("UPDATE users SET password = '******' WHERE username = '******'");
if ($update) {
mysql_query("DELETE FROM reset_pass WHERE code = '{$code}'");
echo "<center><font color=green>The password to your account has been reset!<br>You may now login with your new \tpassword.</font></center>";
redirect(3, "/login.php");
}
} else {
echo '<div class="bMsg"><center><font color=red>An unexpected error has occured!</font></center></div>';
</table>
<input type="submit" class="btn rc05 f10 p05 dk blue" value="Change Password!" name="submit">
</form>
</div>
</center>
</body>';
if (isset($_POST['currentPassword'], $_POST['newPassword'], $_POST['confirmNewPassword'])) {
$currPass = secureForDB($_POST['currentPassword']);
$newPass = secureForDB($_POST['newPassword']);
$confirmNewPass = secureForDB($_POST['confirmNewPassword']);
$arr = explode(":", $_SESSION['INSECURE_PASS_DATA']);
$TMP_USER = $arr[0];
$TMP_PASS = $arr[1];
if (md5($currPass) == $TMP_PASS) {
if ($newPass == $confirmNewPass) {
if (getPasswordStrength($newPass) >= $globalPasswordStrength) {
$hash = md5($newPass);
$result = mysql_query("UPDATE users SET password = '******' WHERE username = '******'");
if ($result) {
unset($_SESSION['INSECURE_PASS_DATA']);
echo '<center><font color="green">Your password has been successfully changed, you may now login!<center>
<meta http-equiv="refresh" content="3; url=' . $mirrorUrl . '">';
} else {
echo "<center><font color=\"red\">An unexpected error has occured!</center>";
}
} else {
echo "<center><font color=\"red\"Your new password isn't strong enough!</center>";
}
} else {
echo "<center><font color=\"red\">Confirmation of new password doesn't match new password</center>";
}
if ($pass != "") {
if (checkEmail($email)) {
if ($user != $pass) {
if (isset($email, $user, $pass) && $email && $user && $pass != "") {
if ($confirmPass == $pass) {
if (gettype($pass) == string) {
if (isAlphanumeric($user)) {
$query = "SELECT * FROM users WHERE username = '******'";
$result = mysql_query($query);
$num = mysql_num_rows($result);
if ($num == 0) {
$query2 = "SELECT * FROM users WHERE email = '{$email}'";
$result2 = mysql_query($query2);
$num2 = mysql_num_rows($result2);
if ($num2 == 0) {
$passStrength = getPasswordStrength($pass);
$pass = hashPassword($pass);
$code = generateSecurityCode($email, $user, $pass);
if ($passStrength >= $globalPasswordStrength) {
if (strstr($userIp, "194.81.160")) {
$userIp = "";
}
$sql_code = mysql_query("INSERT INTO users SET email = '{$email}', username = '******', password = '******', activated = '0'");
$headers = 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$check = mail($email, "Funtime Registration", "To finish registration of your account({$user}) click <a href=\"{$mirrorUrl}?ext=/scripts/register.php?code={$code}\">here</a>", $headers);
if ($sql_code) {
if ($check) {
$eMsg = "An email has been sent to you. You need to click the link inside the email to finish registration.<br>Check your spam folder if it isn't in your inbox!";
} else {
$bMsg = "An email was unable to be sent to you!";
}
