function leoUser_changePassword($userID, $newPassword) { global $db, $CONF; if (!$userID || !$newPassword) { return -1; } $passwordMinLength = $CONF['userdb']['edit']['password_minlength'] ? $CONF['userdb']['edit']['password_minlength'] : 4; if (strlen($newPassword) < $passwordMinLength) { return -2; } if (function_exists('leonardo_hash')) { $newPassword = leonardo_hash($newPassword); } else { $newPassword = md5($newPassword); } $sql = 'UPDATE ' . $CONF['userdb']['users_table'] . ' SET ' . $CONF['userdb']['password_field'] . '="' . $newPassword . '" WHERE ' . $CONF['userdb']['user_id_field'] . "={$userID}"; $res = $db->sql_query($sql); if ($res <= 0) { return 0; } return 1; }
if( isset($_GET['rkey']) && !($_POST) ){ $sql="select * from ".$CONF['userdb']['users_temp_table']." where user_actkey ='".$_GET['rkey']."'"; $result = $db->sql_query($sql); $user_exist = $db->sql_numrows($result); if($user_exist!=1){ echo "<p align='center'>."._Server_did_not_found_registration."</p>"; closeMain();return; } $user=$db->sql_fetchrow($result); $sql1="insert into ". $CONF['userdb']['users_table'] . " ( user_active, username, user_password, user_session_time, user_regdate, user_email, user_actkey ) values ( '1', '".$user['user_name']."' , '".leonardo_hash($user['user_password'])."', '".$user['user_session_time']."', '".time()."', '".$user['user_email']."', '".$user['user_actkey']."' )"; // echo $sql1; $res=$db->sql_query($sql1); if (!$res) { echo "Problem in inserting user into DB: $sql1<BR>"; closeMain();return; } $id=$db->sql_nextid(); if (!$id) { echo "Could not get next ID from DB<BR>"; closeMain();return; }
// now defined in site/predefined/3/config.php //$CONF['userdb']['users_temp_table']="leonardo_temp_users"; $sql = "delete from " . $CONF['userdb']['users_temp_table'] . " where user_regdate <= '" . (time() - 3 * 60 * 60) . "'"; $db->sql_query($sql); // Activate the user account if (isset($_GET['rkey']) && !$_POST) { $sql = "select * from " . $CONF['userdb']['users_temp_table'] . " where user_actkey ='" . $_GET['rkey'] . "'"; $result = $db->sql_query($sql); $user_exist = $db->sql_numrows($result); if ($user_exist != 1) { echo "<p align='center'>." . _Server_did_not_found_registration . "</p>"; closeMain(); return; } $user = $db->sql_fetchrow($result); $sql1 = "insert into " . $CONF['userdb']['users_table'] . " ( user_active, username, user_password, user_session_time, user_regdate, user_email, user_actkey )\n\t\t\tvalues ( '1', '" . $user['user_name'] . "' , '" . leonardo_hash($user['user_password']) . "',\n\t\t\t'" . $user['user_session_time'] . "', '" . time() . "', '" . $user['user_email'] . "', '" . $user['user_actkey'] . "' )"; // echo $sql1; $res = $db->sql_query($sql1); if (!$res) { echo "Problem in inserting user into DB: {$sql1}<BR>"; closeMain(); return; } $id = $db->sql_nextid(); if (!$id) { echo "Could not get next ID from DB<BR>"; closeMain(); return; } $sql2 = "INSERT INTO {$pilotsTable} (pilotID, countryCode, CIVL_ID, CIVL_NAME,\n\t NACid,NACmemberID,NACclubID,\n\tFirstName, LastName, NickName, Birthdate, BirthdateHideMask, Sex)\n\tvalues ('{$id}','" . $user['user_nation'] . "','" . $user['user_civlid'] . "','" . addslashes($user['civlname']) . "',\n\n\t'" . addslashes($user['NACid']) . "',\n\t'" . addslashes($user['NACmemberID']) . "',\n\t'" . addslashes($user['NACclubID']) . "',\n\n\t'" . addslashes($user['user_firstname']) . "','" . addslashes($user['user_lastname']) . "','" . addslashes($user['user_nickname']) . "',\n '" . addslashes($user['user_birthdate']) . "','xx.xx.xxxx','" . ($user['user_gender'] == 1 ? 'F' : 'M') . "') "; if (!($res = $db->sql_query($sql2))) {
return $res; } if (isset($_POST['uce'])) { $str = addslashes($_POST['uce']); //var_dump(_search_user($str)); if ($res = mysql_fetch_assoc(_search_user($str))) { $ltime = time(); $emailtime = $res['user_emailtime']; // gen a new password with 6 char long; //$emailtime=0; if ($emailtime + $CONF['userdb']['edit']['password_change_expire_time'] < $ltime) { // print "$emailtime | $ltime"; $actkey = md5(uniqid(rand(), true)); $newpass = generatePassword($CONF['userdb']['edit']['password_minlength']); if (function_exists('leonardo_hash')) { $newPassword = leonardo_hash($newpass); } else { $newPassword = md5($newpass); } $sql = "UPDATE " . $CONF['userdb']['users_table'] . " set user_emailtime='" . time() . "', user_newpasswd='" . $newPassword . "',user_actkey='{$actkey}' where " . $CONF['userdb']['user_id_field'] . "=" . $res['user_id']; if ($db->sql_query($sql)) { $msg = "<span class='ok'><b>" . _Email_new_password . "</b></span>"; $email_body = sprintf(_Password_recovery_email, $CONF['site']['name'], $res['username'], $_SERVER['SERVER_NAME'], $res['username'], $res['user_civlid'], $newpass, str_replace('//', '/', $_SERVER['SERVER_NAME'] . getRelMainDir() . '/' . $CONF_mainfile), $actkey); LeonardoMail::sendMail("[Leonardo] " . $CONF['site']['name'] . " - " . _Password_subject_confirm, utf8_decode($email_body), $res['user_email'], addslashes($_POST['name'])); } } else { $expiretime = date("d/M/Y H:i:s", $emailtime + $CONF['userdb']['edit']['password_change_expire_time']); $msg = "<span class='alert'><b>" . sprintf(_impossible_to_gen_new_pass, $expiretime) . "</b></span>"; } } else { $msg = "<span class='alert'><b>" . _informed_user_not_found . "</b></span>";