public function makeAccount($Username, $Password, $Email, $SendEmail = true, $Enabled = 1, $Quiet = false)
{
global $DB;
if ($this->accountNameInUse($Username) || $this->accountEmailInUse($Email)) {
return -3;
}
// Create the account
$Secret = make_secret();
$TS = md5(time() . $Secret . time());
$DB->query("INSERT INTO users (Username, Password, Email, Enabled, Secret, AuthKey, JoinDate) VALUES('%s', '%s', '%s', %d, '%s', '%s')", db_string($Username), db_string(make_hash($Password, $Secret)), db_string($Email), db_string($Enabled), db_string($Secret), db_string($TS), sqltime());
$UserID = $DB->inserted_id();
if ($SendEmail == true) {
$EmailTemplate = file_get_contents(SERVER_ROOT . '/res/confirm_account.tpl');
$EmailTemplate = str_replace('%Username%', $Username, $EmailTemplate);
$EmailTemplate = str_replace('%AuthKey%', $TS, $EmailTemplate);
$Subject = 'Redstone Mods Account Confirmation';
$Headers = 'From: "PTPIMG Mailer" <*****@*****.**>' . PHP_EOL . 'X-Mailer: PHP/' . phpversion() . PHP_EOL;
if (mail($Email, $Subject, $EmailTemplate, $Headers)) {
if (!$Quiet) {
echo "Account created! Please check your email to confirm your account. You will not be able to login until you have confirmed your email address.";
}
} else {
if (!$Quiet) {
die("Unknown error, contact admins for additional help.");
} else {
die;
}
}
}
if (is_number($UserID)) {
return $UserID;
} else {
return -1;
}
}
function _wpr_process_sendmail_parameters($sid, $params, $footerMessage = "")
{
global $wpdb;
$subscriber = new Subscriber($sid);
$newsletter = _wpr_newsletter_get($subscriber->getNewsletterId());
//if the fromname field is set in the newsletter, then use that value otherwise use the blog name.
$fromname = !empty($params['fromname']) ? $params['fromname'] : !empty($newsletter->fromname) ? $newsletter->fromname : get_bloginfo("name");
if ($newsletter->reply_to) {
$replyto = $newsletter->reply_to;
}
$unsuburl = wpr_get_unsubscription_url($sid);
$subject = $params['subject'];
$address = get_option("wpr_address");
$textUnSubMessage = "\n\n{$address}\n\n" . __("To unsubscribe or change subscription options visit", 'wpr_autoresponder') . ":\r\n\r\n{$unsuburl}";
$reply_to = $newsletter->reply_to;
$htmlbody = trim($params['htmlbody']);
$textbody = $params['textbody'];
$subject = $params['subject'];
//append the address and the unsub link to the email
$address = "<br>\n<br>\n" . nl2br(get_option("wpr_address")) . "<br>\n<br>\n";
$htmlUnSubscribeMessage = "<br><br>" . $address . "<br><br>" . __("To unsubscribe or change subscriber options visit:", 'wpr_autoresponder') . "<br />\n\r\n <a href=\"{$unsuburl}\">{$unsuburl}</a>";
$htmlenabled = $params['htmlenabled'] ? 1 : 0;
if (!empty($htmlbody)) {
if ($footerMessage && !empty($htmlbody)) {
$htmlbody .= nl2br($footerMessage) . "<br>\n<br>\n";
}
if (strstr($htmlbody, "[!unsubscribe!]")) {
$htmlbody = str_replace("[!unsubscribe!]", $unsuburl, $htmlbody);
} else {
$htmlbody .= $htmlUnSubscribeMessage;
}
}
if ($footerMessage) {
$params['textbody'] .= $footerMessage . "\n\n";
}
if (strstr($params['textbody'], "[!unsubscribe!]")) {
$textbody = str_replace("[!unsubscribe!]", $unsuburl, $textbody);
} else {
$textbody = $params['textbody'] . $textUnSubMessage;
}
$textbody = addslashes($textbody);
$htmlbody = addslashes($htmlbody);
$subject = addslashes($subject);
$time = time();
$subject = str_replace("[!name!]", $subscriber->getName(), $subject);
$textbody = str_replace("[!name!]", $subscriber->getName(), $textbody);
$htmlbody = str_replace("[!name!]", $subscriber->getName(), $htmlbody);
$delivery_type = !empty($params['delivery_type']) ? $params['delivery_type'] : 0;
$email_type = !empty($params['email_type']) ? $params['email_type'] : 'misc';
$meta_key = !empty($params['meta_key']) ? $params['meta_key'] : "Misc-{$sid}-{$time}";
$hash = make_hash(array_merge(array('sid' => $sid), $params));
$from = !empty($params['fromemail']) ? $params['fromemail'] : !empty($newsletter->fromemail) ? $newsletter->fromemail : get_bloginfo('admin_email');
$parameters = array('from' => $from, 'fromname' => $fromname, 'to' => $subscriber->email, 'reply_to' => $reply_to, 'subject' => $subject, 'htmlbody' => $htmlbody, 'textbody' => $textbody, 'headers' => '', 'htmlenabled' => $htmlenabled, 'delivery_type' => $delivery_type, 'email_type' => $email_type, 'meta_key' => $meta_key, 'hash' => $hash);
return $parameters;
}
$DB->query("SELECT COUNT(ID) FROM users_main");
list($UserCount) = $DB->next_record();
if($UserCount == 0) {
$NewInstall = true;
$Class = SYSOP;
$Enabled = '1';
} else {
$NewInstall = false;
$Class = USER;
$Enabled = '0';
}
$DB->query("INSERT INTO users_main
(Username,Email,PassHash,Secret,torrent_pass,IP,PermissionID,Enabled,Invites,Uploaded) VALUES
('".db_string(trim($_REQUEST['username']))."','".db_string($_REQUEST['email'])."','".db_string(make_hash($_REQUEST['password'],$Secret))."','".db_string($Secret)."','".db_string($torrent_pass)."','".db_string($_SERVER['REMOTE_ADDR'])."','".$Class."','".$Enabled."','".STARTING_INVITES."', '524288000')");
$DB->query("SELECT ID FROM stylesheets WHERE `Default`='1'");
list($StyleID) = $DB->next_record();
$UserID = $DB->inserted_id();
$AuthKey = make_secret();
$DB->query("INSERT INTO users_info (UserID,StyleID,AuthKey, Inviter, JoinDate) VALUES ('$UserID','$StyleID','".db_string($AuthKey)."', '$InviterID', '".sqltime()."')");
$DB->query("INSERT INTO users_history_ips
(UserID, IP, StartTime) VALUES
('$UserID', '".db_string($_SERVER['REMOTE_ADDR'])."', '".sqltime()."')");
$Secret = make_secret();
$torrent_pass = make_secret();
//Previously SELECT COUNT(ID) FROM users_main, which is a lot slower.
$DB->query("SELECT ID FROM users_main LIMIT 1");
$UserCount = $DB->record_count();
if ($UserCount == 0) {
$NewInstall = true;
$Class = SYSOP;
$Enabled = '1';
} else {
$NewInstall = false;
$Class = USER;
$Enabled = '0';
}
$ipcc = geoip($_SERVER['REMOTE_ADDR']);
$DB->query("INSERT INTO users_main \n\t\t\t\t(Username,Email,PassHash,Secret,IP,PermissionID,Enabled,Invites,ipcc) VALUES\n\t\t\t\t('" . db_string(trim($_POST['username'])) . "','" . db_string($_POST['email']) . "','" . db_string(make_hash($_POST['password'], $Secret)) . "','" . db_string($Secret) . "','" . db_string($_SERVER['REMOTE_ADDR']) . "','" . $Class . "','" . $Enabled . "','" . STARTING_INVITES . "', '{$ipcc}')");
$UserID = $DB->inserted_id();
//User created, delete invite. If things break after this point then it's better to have a broken account to fix, or a 'free' invite floating around that can be reused
$DB->query("DELETE FROM invites WHERE InviteKey='" . db_string($_REQUEST['invite']) . "'");
$DB->query("SELECT ID FROM stylesheets WHERE `Default`='1'");
list($StyleID) = $DB->next_record();
$AuthKey = make_secret();
$DB->query("INSERT INTO users_info (UserID, StyleID,AuthKey, Inviter, JoinDate) VALUES ('{$UserID}','{$StyleID}','" . db_string($AuthKey) . "', '{$InviterID}', '" . sqltime() . "')");
$DB->query("INSERT INTO users_history_ips\n\t\t\t\t\t(UserID, IP, StartTime) VALUES\n\t\t\t\t\t('{$UserID}', '" . db_string($_SERVER['REMOTE_ADDR']) . "', '" . sqltime() . "')");
$DB->query("INSERT INTO users_history_emails\n\t\t\t\t(UserID, Email, Time, IP) VALUES \n\t\t\t\t('{$UserID}', '" . db_string($_REQUEST['email']) . "', '0000-00-00 00:00:00', '" . db_string($_SERVER['REMOTE_ADDR']) . "')");
if ($_REQUEST['email'] != $InviteEmail) {
$DB->query("INSERT INTO users_history_emails\n\t\t\t\t\t(UserID, Email, Time, IP) VALUES \n\t\t\t\t\t('{$UserID}', '{$InviteEmail}', '" . sqltime() . "', '" . db_string($_SERVER['REMOTE_ADDR']) . "')");
}
// Manage invite trees, delete invite
if ($InviterID !== NULL) {
$DB->query("SELECT \n\t\t\t\t\tTreePosition, TreeID, TreeLevel \n\t\t\t\t\tFROM invite_tree WHERE UserID='{$InviterID}'");
//Show our beautiful header
show_header('Create a User');
//Make sure the form was sent
if (isset($_POST['Username'])) {
authorize();
//Create variables for all the fields
$Username = $_POST['Username'];
$Email = $_POST['Email'];
$Password = $_POST['Password'];
//Make sure all the fields are filled in
if (!empty($Username) && !empty($Email) && !empty($Password)) {
//Create hashes...
$Secret = make_secret();
$torrent_pass = make_secret();
//Create the account
$DB->query("INSERT INTO users_main (Username,Email,PassHash,Secret,torrent_pass,Enabled,PermissionID, Language) VALUES ('" . db_string($Username) . "','" . db_string($Email) . "','" . db_string(make_hash($Password, $Secret)) . "','" . db_string($Secret) . "','" . db_string($torrent_pass) . "','1','" . USER . "', 'en')");
//Increment site user count
$Cache->increment('stats_user_count');
//Grab the userid
$UserID = $DB->inserted_id();
update_tracker('add_user', array('id' => $UserID, 'passkey' => $torrent_pass));
//Default stylesheet
$DB->query("SELECT ID FROM stylesheets");
list($StyleID) = $DB->next_record();
//Auth key
$AuthKey = make_secret();
//Give them a row in users_info
$DB->query("INSERT INTO users_info \n\t\t(UserID,StyleID,AuthKey,JoinDate) VALUES \n\t\t('" . db_string($UserID) . "','" . db_string($StyleID) . "','" . db_string($AuthKey) . "', '" . sqltime() . "')");
//Redirect to users profile
header("Location: user.php?id=" . $UserID);
//What to do if we don't have a username, email, or password
if ($MergeStatsFrom && check_perms('users_edit_ratio')) {
$DB->query("SELECT ID, Uploaded, Downloaded FROM users_main WHERE Username LIKE '" . $MergeStatsFrom . "'");
if ($DB->record_count() > 0) {
list($MergeID, $MergeUploaded, $MergeDownloaded) = $DB->next_record();
$DB->query("UPDATE users_main AS um JOIN users_info AS ui ON um.ID=ui.UserID SET um.Uploaded = 0, um.Downloaded = 0, ui.AdminComment = CONCAT('" . sqltime() . " - Stats merged into http://" . NONSSL_SITE_URL . "/user.php?id=" . $UserID . " (" . $Cur['Username'] . ") by " . $LoggedUser['Username'] . "\n\n', ui.AdminComment) WHERE ID = " . $MergeID);
$UpdateSet[] = "Uploaded = Uploaded + '{$MergeUploaded}'";
$UpdateSet[] = "Downloaded = Downloaded + '{$MergeDownloaded}'";
$EditSummary[] = "stats merged from http://" . NONSSL_SITE_URL . "/user.php?id=" . $MergeID . " (" . $MergeStatsFrom . ")";
$Cache->delete_value('users_stats_' . $UserID);
$Cache->delete_value('users_stats_' . $MergeID);
}
}
if ($Pass && check_perms('users_edit_password')) {
$Secret = make_secret();
$UpdateSet[] = "Secret='{$Secret}'";
$UpdateSet[] = "PassHash='" . db_string(make_hash($Pass, $Secret)) . "'";
$EditSummary[] = 'password reset';
$Cache->delete_value('user_info_' . $UserID);
$Cache->delete_value('user_info_heavy_' . $UserID);
$Cache->delete_value('user_stats_' . $UserID);
$Cache->delete_value('enabled_' . $UserID);
$DB->query("SELECT SessionID FROM users_sessions WHERE UserID='{$UserID}'");
while (list($SessionID) = $DB->next_record()) {
$Cache->delete_value('session_' . $UserID . '_' . $SessionID);
}
$Cache->delete_value('users_sessions_' . $UserID);
$DB->query("DELETE FROM users_sessions WHERE UserID='{$UserID}'");
}
if (empty($UpdateSet) && empty($EditSummary)) {
if (!$Reason) {
if (str_replace("\r", '', $Cur['AdminComment']) != str_replace("\r", '', $AdminComment) && check_perms('users_disable_any')) {
} else {
// User has not attempted to log in recently
$Attempts = 1;
$DB->query("INSERT INTO login_attempts \n\t\t\t\t(UserID,IP,LastAttempt,Attempts) VALUES \n\t\t\t\t('" . db_string($UserID) . "','" . db_string($_SERVER['REMOTE_ADDR']) . "','" . sqltime() . "',1)");
}
}
// end log_attempt function
// If user has submitted form
if (isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password'])) {
$Err = $Validate->ValidateForm($_POST);
if (!$Err) {
// Passes preliminary validation (username and password "look right")
$DB->query("SELECT\n\t\t\t\tID,\n\t\t\t\tPermissionID,\n\t\t\t\tCustomPermissions,\n\t\t\t\tPassHash,\n\t\t\t\tSecret,\n\t\t\t\tEnabled\n\t\t\t\tFROM users_main WHERE Username='******'username']) . "' \n\t\t\t\tAND Username<>''");
list($UserID, $PermissionID, $CustomPermissions, $PassHash, $Secret, $Enabled) = $DB->next_record(MYSQLI_NUM, array(2));
if (strtotime($BannedUntil) < time()) {
if ($UserID && $PassHash == make_hash($_POST['password'], $Secret)) {
if ($Enabled == 1) {
$SessionID = make_secret();
$Cookie = $Enc->encrypt($Enc->encrypt($SessionID . '|~|' . $UserID));
if (isset($_POST['keeplogged']) && $_POST['keeplogged']) {
$KeepLogged = 1;
setcookie('session', $Cookie, time() + 60 * 60 * 24 * 365, '/', '', false);
} else {
$KeepLogged = 0;
setcookie('session', $Cookie, 0, '/', '', false);
}
//TODO: another tracker might enable this for donors, I think it's too stupid to bother adding that
// Because we <3 our staff
$Permissions = get_permissions($PermissionID);
$CustomPermissions = unserialize($CustomPermissions);
if (isset($Permissions['Permissions']['site_disable_ip_history']) || isset($CustomPermissions['site_disable_ip_history'])) {
}
switch ($_GET['act']) {
case 'login':
case 'logout':
//-------------------
// LOGIN/LOGOUT
//-------------------
if (isset($_GET['act']) && $_GET['act'] == "logout") {
logout();
}
// Process the input
if (!empty($_GET['tkl'])) {
if (isset($_POST['username']) && preg_match('/^[a-z0-9_?]{1,20}$/iD', $_POST['username']) && strlen($_POST['password']) < 40) {
$DB->query("SELECT\n\t\t\t\t\tID,\n\t\t\t\t\tPassword,\n\t\t\t\t\tSecret,\n\t\t\t\t\tEnabled\n\t\t\t\t\tFROM users WHERE Username='******'username']) . "'\n\t\t\t\t\tAND Username<>''");
list($UserID, $PassHash, $Secret, $Enabled) = $DB->next_record();
if ($UserID && $PassHash == make_hash($_POST['password'], $Secret) && $Enabled == 1) {
$User->doLogin($UserID);
if (empty($_POST['ref_page'])) {
header("Location: index.php");
} else {
$URL = base64_decode($_POST['ref_page']);
if (preg_match('/^\\/[a-zA-Z0-9]+\\.php/i', $URL)) {
header("Location: {$URL}");
} else {
header("Location: index.php");
}
}
exit;
} else {
echo "<font color='red'><strong>BAD USERNAME/PASSWORD, try again</strong></font>";
}
}
}
}
}
} else {
$header = 'Please, wait 15 seconds, to Earn your Credits. Browse the site below, in the mean time!';
}
}
}
if ($log_str) {
fap_log($log_str);
}
if ($ajax_request) {
exit('<b>' . $header . '</b>');
}
$e = make_hash(unmix_link(strtoupper($u)) . $h);
$parts = parse_url($userlink);
$domain = $parts['scheme'] . '://' . $parts['host'];
//die($domain);
$opts = array($parts['scheme'] => array(max_redirects => 99));
$context = stream_context_create($opts);
$content = file_get_contents($userlink);
$content = reltoabs($content, $domain);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Free AD Planet - Earn Credits</title>
<script type="text/javascript" src="jsm.js"></script>
<script type="text/javascript">
<!--
$Cache->begin_transaction('user_info_' . $UserID);
$Cache->update_row(false, array('Avatar' => $_POST['avatar'], 'Paranoia' => $Paranoia, 'Country' => $Country, 'Anonymous' => $Anonymous));
$Cache->commit_transaction(0);
$Cache->begin_transaction('user_info_heavy_' . $UserID);
$Cache->update_row(false, array('StyleID' => $_POST['stylesheet'], 'StyleURL' => $_POST['styleurl'], 'DownloadAlt' => $DownloadAlt));
$Cache->update_row(false, $Options);
$Cache->commit_transaction(0);
$SQL = "UPDATE users_main AS m JOIN users_info AS i ON m.ID=i.UserID SET\n\ti.StyleID='" . db_string($_POST['stylesheet']) . "',\n\ti.StyleURL='" . db_string($_POST['styleurl']) . "',\n\ti.Avatar='" . db_string($_POST['avatar']) . "',\n\ti.SiteOptions='" . db_string(serialize($Options)) . "',\n\ti.Info='" . db_string($_POST['info']) . "',\n\ti.DownloadAlt='{$DownloadAlt}',\n\tm.Email='" . db_string($_POST['email']) . "',\n\tm.IRCKey='" . db_string($_POST['irckey']) . "',\n i.Country='" . $Country . "',\n\ti.Timezone='" . $Timezone . "',";
if (check_perms('anonymous')) {
$SQL .= "m.Anonymous='" . db_string($Anonymous) . "',";
}
$SQL .= "m.Paranoia='" . db_string(serialize($Paranoia)) . "'";
if ($ResetPassword) {
$ChangerIP = db_string($LoggedUser['IP']);
$Secret = make_secret();
$PassHash = make_hash($_POST['new_pass_1'], $Secret);
$SQL .= ",m.Secret='" . db_string($Secret) . "',m.PassHash='" . db_string($PassHash) . "'";
$DB->query("INSERT INTO users_history_passwords\n\t\t(UserID, ChangerIP, ChangeTime) VALUES\n\t\t('{$UserID}', '{$ChangerIP}', '" . sqltime() . "')");
}
if (isset($_POST['resetpasskey'])) {
$OldPassKey = db_string($LoggedUser['torrent_pass']);
$NewPassKey = db_string(make_secret());
$ChangerIP = db_string($LoggedUser['IP']);
$SQL .= ",m.torrent_pass='******'";
$DB->query("INSERT INTO users_history_passkeys\n\t\t\t(UserID, OldPassKey, NewPassKey, ChangerIP, ChangeTime) VALUES\n\t\t\t('{$UserID}', '{$OldPassKey}', '{$NewPassKey}', '{$ChangerIP}', '" . sqltime() . "')");
$Cache->begin_transaction('user_info_heavy_' . $UserID);
$Cache->update_row(false, array('torrent_pass' => $NewPassKey));
$Cache->commit_transaction(0);
$Cache->delete_value('user_' . $OldPassKey);
update_tracker('change_passkey', array('oldpasskey' => $OldPassKey, 'newpasskey' => $NewPassKey));
}
public function change_password($post)
{
$email = $this->session->userdata('email');
$this->db->set('password', make_hash($post['pwd2']));
$this->db->where('email', $email);
$this->db->update('users');
if ($this->db->affected_rows() > 0) {
return true;
}
return false;
}
public function make_hash($var = 1)
{
echo make_hash($var);
}
public function index()
{
$this->data['title'] = 'PhoneShop - Stam';
$this->data['content'] = make_hash(12345);
$this->load->view('templates/main', $this->data);
}
