function valid_session($id) { if (preg_check("/^[0-9a-z]+\$/", $id)) { return $id; } else { return ""; } }
public function verifyCode($value) { global $locale, $userdata; if (!preg_check("/^[0-9a-z]{32}\$/i", $value)) { redirect("index.php"); } $result = dbquery("SELECT * FROM " . DB_EMAIL_VERIFY . " WHERE user_code='" . $value . "'"); if (dbrows($result)) { $data = dbarray($result); if ($data['user_id'] == $userdata['user_id']) { if ($data['user_email'] != $userdata['user_email']) { $result = dbquery("SELECT user_email FROM " . DB_USERS . " WHERE user_email='" . $data['user_email'] . "'"); if (dbrows($result) > 0) { addNotice("danger", $locale['u164'] . "<br />\n" . $locale['u121']); } else { $this->_completeMessage = $locale['u169']; } $result = dbquery("UPDATE " . DB_USERS . " SET user_email='" . $data['user_email'] . "' WHERE user_id='" . $data['user_id'] . "'"); $result = dbquery("DELETE FROM " . DB_EMAIL_VERIFY . " WHERE user_id='" . $data['user_id'] . "'"); } } else { redirect("index.php"); } } else { redirect("index.php"); } }
+--------------------------------------------------------*/ require_once "maincore.php"; require_once THEMES . "templates/header.php"; include LOCALE . LOCALESET . "user_fields.php"; require_once THEMES . "templates/global/register.php"; include THEMES . "templates/global/profile.php"; $_GET['profiles'] = 1; if (iMEMBER or $settings['enable_registration'] == 0) { redirect("index.php"); } $errors = array(); if (isset($_GET['email']) && isset($_GET['code'])) { if (!preg_check("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $_GET['email'])) { redirect("register.php?error=activate"); } if (!preg_check("/^[0-9a-z]{40}\$/", $_GET['code'])) { redirect("register.php?error=activate"); } $result = dbquery("SELECT user_info FROM " . DB_NEW_USERS . " WHERE user_code='" . $_GET['code'] . "' AND user_email='" . $_GET['email'] . "'"); if (dbrows($result) > 0) { add_to_title($locale['global_200'] . $locale['u155']); $data = dbarray($result); $user_info = unserialize(base64_decode($data['user_info'])); dbquery_insert(DB_USERS, $user_info, 'save'); $result = dbquery("DELETE FROM " . DB_NEW_USERS . " WHERE user_code='" . $_GET['code'] . "' LIMIT 1"); if (fusion_get_settings('admin_activation') == 1) { addNotice("success", $locale['u171'] . " - " . $locale['u162'], 'all'); } else { addNotice("success", $locale['u171'] . " - " . $locale['u161'], 'all'); } redirect(fusion_get_settings('opening_page'));
private function _setUserEmail() { global $locale, $settings; $this->_userEmail = isset($_POST['user_email']) ? stripinput(trim(preg_replace("/ +/i", " ", $_POST['user_email']))) : ""; if ($this->_userEmail != "" && $this->_userEmail != $this->userData['user_email']) { // Require user password for email change if ($this->_isValidCurrentPassword) { // Require a valid email account if (preg_check("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $this->_userEmail)) { $email_domain = substr(strrchr($this->_userEmail, "@"), 1); if (dbcount("(blacklist_id)", DB_BLACKLIST, "blacklist_email='" . $this->_userEmail . "' OR blacklist_email='" . $email_domain . "'") != 0) { $this->_setError("user_email", $locale['u124']); } else { $email_active = dbcount("(user_id)", DB_USERS, "user_email='" . $this->_userEmail . "'"); $email_inactive = dbcount("(user_code)", DB_NEW_USERS, "user_email='" . $this->_userEmail . "'"); if ($email_active == 0 && $email_inactive == 0) { if ($this->verifyNewEmail && $settings['email_verification'] == "1") { $this->_verifyNewEmail(); } else { $this->_userLogFields[] = "user_email"; $this->_setDBValue("user_email", $this->_userEmail); } } else { $this->_setError("user_email", $locale['u125']); } } } else { $this->_setError("user_email", $locale['u123']); } } else { $this->_setError("user_email", $locale['u156']); } } else { $this->_setError("user_email", $locale['u126'], true); } }
private function validate_email($value, $default, $name, $id, $required = FALSE, $safemode = FALSE, $error_text = FALSE) { $value = stripinput(trim(preg_replace("/ +/i", " ", $value))); if (preg_check("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $value)) { return $value; } else { $this->stop(); $this->addError($id); $this->addHelperText($id, $error_text); $this->addNotice("<b>{$name}</b> is not a valid email address."); } }
/** * Checks if is a valid email address * accepts only 50 characters + @ + 4 characters * returns str the input or bool FALSE if check fails */ protected function verify_email() { if ($this->field_config['required'] && !$this->field_value) { self::setInputError($this->field_name); } if (preg_check("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $this->field_value)) { return $this->field_value; } return FALSE; }
| This program is released as free software under the | Affero GPL license. You can redistribute it and/or | modify it under the terms of this license which you | can read by viewing the included agpl.txt or online | at www.gnu.org/licenses/agpl.html. Removal of this | copyright header is strictly prohibited without | written permission from the original author(s). +--------------------------------------------------------*/ require_once "maincore.php"; require_once THEMES . "templates/header.php"; require_once INCLUDES . "suspend_include.php"; include LOCALE . LOCALESET . "reactivate.php"; if (iMEMBER) { redirect("index.php"); } if (isset($_GET['user_id']) && isnum($_GET['user_id']) && isset($_GET['code']) && preg_check("/^[0-9a-z]{32}\$/", $_GET['code'])) { $result = dbquery("SELECT user_name, user_email, user_actiontime, user_password FROM " . DB_USERS . " WHERE user_id='" . $_GET['user_id'] . "' AND user_actiontime>'0' AND user_status='7'"); if (dbrows($result)) { $data = dbarray($result); $code = md5($data['user_actiontime'] . $data['user_password']); if ($_GET['code'] == $code) { if ($data['user_actiontime'] > time()) { $result = dbquery("UPDATE " . DB_USERS . " SET user_status='0', user_actiontime='0', user_lastvisit='" . time() . "' WHERE user_id='" . $_GET['user_id'] . "'"); unsuspend_log($_GET['user_id'], 7, $locale['506'], true); $message = str_replace("[USER_NAME]", $data['user_name'], $locale['505']); require_once INCLUDES . "sendmail_include.php"; sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['504'], $message); redirect(BASEDIR . "login.php"); } else { redirect(FUSION_SELF . "?error=1"); }
| can read by viewing the included agpl.txt or online | at www.gnu.org/licenses/agpl.html. Removal of this | copyright header is strictly prohibited without | written permission from the original author(s). +--------------------------------------------------------*/ require_once "maincore.php"; require_once THEMES . "templates/header.php"; include LOCALE . LOCALESET . "members.php"; add_to_title($locale['global_200'] . $locale['400']); opentable($locale['400']); if (iMEMBER) { if (!isset($_GET['sortby']) || !ctype_alnum($_GET['sortby'])) { $_GET['sortby'] = "all"; } $orderby = $_GET['sortby'] == "all" ? "" : " AND user_name LIKE '" . stripinput($_GET['sortby']) . "%'"; $search_text = isset($_GET['search_text']) && preg_check("/^[-0-9A-Z_@\\s]+\$/i", $_GET['search_text']) ? $orderby = ' AND user_name LIKE "' . stripinput($_GET['search_text']) . '%"' : $_GET['sortby']; $result = dbquery("SELECT user_id FROM " . DB_USERS . " WHERE user_status='0'" . $orderby); $rows = dbrows($result); if (!isset($_GET['rowstart']) || !isnum($_GET['rowstart'])) { $_GET['rowstart'] = 0; } if ($rows) { $i = 0; echo "<table cellpadding='0' cellspacing='0' width='100%'>\n<tr>\n"; echo "<td class='tbl2'><strong>" . $locale['401'] . "</strong></td>\n"; echo "<td class='tbl2'><strong>" . $locale['405'] . "</strong></td>\n"; echo "<td align='center' width='1%' class='tbl2' style='white-space:nowrap'><strong>" . $locale['402'] . "</strong></td>\n"; echo "</tr>\n"; $result = dbquery("SELECT user_id, user_name, user_status, user_level, user_groups FROM " . DB_USERS . " WHERE user_status='0'" . $orderby . " ORDER BY user_level DESC, user_name LIMIT " . $_GET['rowstart'] . ",20"); while ($data = dbarray($result)) { $cell_color = $i % 2 == 0 ? "tbl1" : "tbl2";
+--------------------------------------------------------+ | This program is released as free software under the | Affero GPL license. You can redistribute it and/or | modify it under the terms of this license which you | can read by viewing the included agpl.txt or online | at www.gnu.org/licenses/agpl.html. Removal of this | copyright header is strictly prohibited without | written permission from the original author(s). +--------------------------------------------------------*/ require_once "../maincore.php"; require_once THEMES . "templates/admin_header.php"; include LOCALE . LOCALESET . "admin/comments.php"; if (!checkrights("C") || !defined("iAUTH") || $_GET['aid'] != iAUTH) { redirect("../index.php"); } if (!isset($_GET['ctype']) || !preg_check("/^[0-9A-Z]+\$/i", $_GET['ctype'])) { redirect("../index.php"); } if (!isset($_GET['cid']) || !isnum($_GET['cid'])) { redirect("../index.php"); } if (isset($_GET['status']) && !isset($message)) { if ($_GET['status'] == "su") { $message = $locale['410']; } elseif ($_GET['status'] == "del") { $message = $locale['411']; } if ($message) { echo "<div class='admin-message'>" . $message . "</div>\n"; } }
if (!preg_match("/^[0-9A-Z@]{6,20}\$/i", $user_new_admin_password)) { $error .= $locale['440'] . "<br />\n"; } if (encrypt_pw($user_new_admin_password) == encrypt_pw($user_new_password) || encrypt_pw($user_new_admin_password) == $user_data['user_password']) { $error .= $locale['439'] . "<br><br>\n"; } } } } $user_hide_email = isnum($_POST['user_hide_email']) ? $_POST['user_hide_email'] : "1"; if (!$error && !$user_data['user_avatar'] && !empty($_FILES['user_avatar']['name']) && is_uploaded_file($_FILES['user_avatar']['tmp_name'])) { require_once INCLUDES . "photo_functions_include.php"; $file_types = array(".gif", ".jpg", ".jpeg", ".png"); $avatar_name = str_replace(" ", "_", strtolower(substr($_FILES['user_avatar']['name'], 0, strrpos($_FILES['user_avatar']['name'], ".")))); $avatar_ext = strtolower(strrchr($_FILES['user_avatar']['name'], ".")); if (!preg_check("/^[-0-9A-Z_\\[\\]]+\$/i", $avatar_name)) { $error .= "Avatar file name is invalid.<br />\n"; } elseif ($_FILES['user_avatar']['size'] > $settings['avatar_filesize']) { $error .= "Avatar file size is too big.<br />\n"; } elseif (!in_array($avatar_ext, $file_types)) { $error .= "Avatar file type is invalid.<br />\n"; } else { $avatar_temp = image_exists(IMAGES . "avatars/", "temp" . $avatar_ext); move_uploaded_file($_FILES['user_avatar']['tmp_name'], IMAGES . "avatars/" . $avatar_temp); chmod(IMAGES . "avatars/" . $avatar_temp, 0644); if (!verify_image(IMAGES . "avatars/" . $avatar_temp)) { @unlink(IMAGES . "avatars/" . $avatar_temp); $set_avatar = ""; } else { $imagefile = getimagesize(IMAGES . "avatars/" . $avatar_temp); $avatar_file = image_exists(IMAGES . "avatars/", $avatar_name . $avatar_ext);
| This program is released as free software under the | Affero GPL license. You can redistribute it and/or | modify it under the terms of this license which you | can read by viewing the included agpl.txt or online | at www.gnu.org/licenses/agpl.html. Removal of this | copyright header is strictly prohibited without | written permission from the original author(s). +--------------------------------------------------------*/ require_once "maincore.php"; require_once THEMES . "templates/header.php"; include_once INCLUDES . "bbcode_include.php"; include LOCALE . LOCALESET . "submit.php"; if (!iMEMBER) { redirect("index.php"); } if (!isset($_GET['stype']) || !preg_check("/^[a-z]\$/", $_GET['stype'])) { redirect("index.php"); } $submit_info = array(); if ($_GET['stype'] == "l") { if (isset($_POST['submit_link'])) { if ($_POST['link_name'] != "" && $_POST['link_url'] != "" && $_POST['link_description'] != "") { $submit_info['link_category'] = stripinput($_POST['link_category']); $submit_info['link_name'] = stripinput($_POST['link_name']); $submit_info['link_url'] = stripinput($_POST['link_url']); $submit_info['link_description'] = stripinput($_POST['link_description']); $result = dbquery("INSERT INTO " . DB_SUBMISSIONS . " (submit_type, submit_user, submit_datestamp, submit_criteria) VALUES ('l', '" . $userdata['user_id'] . "', '" . time() . "', '" . addslashes(serialize($submit_info)) . "')"); add_to_title($locale['global_200'] . $locale['400']); opentable($locale['400']); echo "<div style='text-align:center'><br />\n" . $locale['410'] . "<br /><br />\n"; echo "<a href='submit.php?stype=l'>" . $locale['411'] . "</a><br /><br />\n";
$alias_uid = $userdata['user_id']; } else { $alias_uid = $GLOBALS['user_id']; } $alias_foo1 = dbarray(dbquery('SELECT user_aliases FROM ' . DB_PREFIX . 'users WHERE user_id = ' . $alias_uid)); $user_data['user_aliases'] = alias1($alias_foo1['user_aliases']); unset($alias_foo1); if ($profile_method == "input") { echo "<tr>\n"; echo "<td valign='top' class='tbl'>Vælg 3 aliaser - Det er tilladt at lade standart-værdien stå</td>\n"; echo "<td class='tbl'>1: <input type='text' name='user_alias0' value='" . (isset($user_data['user_aliases']) ? $user_data['user_aliases'][0] : '') . "' /><br />2: <input type='text' name='user_alias1' value='" . (isset($user_data['user_aliases']) ? $user_data['user_aliases'][1] : '') . "' /><br />3: <input type='text' name='user_alias2' value='" . (isset($user_data['user_aliases']) ? $user_data['user_aliases'][2] : '') . "' /></td>\n"; echo "</tr>\n"; } elseif ($profile_method == "display") { //Empty } elseif ($profile_method == "validate_insert") { //Empty } elseif ($profile_method == "validate_update") { global $user_data; if (!isset($_POST['user_alias0'], $_POST['user_alias1'], $_POST['user_alias2'])) { $this->_setError("user_aliases", 'Et eller flere af aliaserne er tomme!'); } elseif (preg_check("/^[-0-9A-Z_@\\sæøåÆØÅ]{3,30}\$/i", $_POST['user_alias0']) && preg_check("/^[-0-9A-Z_@\\sæøåÆØÅ]{3,30}\$/i", $_POST['user_alias1']) && preg_check("/^[-0-9A-Z_@\\sæøåÆØÅ]{3,30}\$/i", $_POST['user_alias2']) && $_POST['user_alias0'] !== $_POST['user_alias1'] && $_POST['user_alias1'] !== $_POST['user_alias2'] && $_POST['user_alias2'] !== $_POST['user_alias0']) { $ualias1_result = dbquery('SELECT user_aliases, user_id FROM ' . DB_PREFIX . 'users WHERE user_aliases REGEXP "^.*,(' . $_POST['user_alias0'] . '|' . $_POST['user_alias1'] . '|' . $_POST['user_alias2'] . '),.*$" AND user_id != ' . $alias_uid); if (dbrows($ualias1_result) > 0) { $this->_setError("user_aliases", 'Et eller flere af aliaserne er optagede!'); } else { $db_values .= ', user_aliases=",' . $_POST['user_alias0'] . ',' . $_POST['user_alias1'] . ',' . $_POST['user_alias2'] . ',"'; } } else { $this->_setError("user_aliases", 'Et eller flere af aliaserne er ugyldige!'); } }
private function setInbox() { global $locale, $userdata; /** * Sanitize environment */ $myStatus = self::get_pm_settings($userdata['user_id']); //print_p($myStatus); if (!isset($_GET['folder']) || !preg_check("/^(inbox|outbox|archive|options)\$/", $_GET['folder'])) { $_GET['folder'] = "inbox"; } function validate_user($user_id) { if (isnum($user_id) && dbcount("(user_id)", DB_USERS, "user_id='" . intval($user_id) . "' AND user_status ='0'")) { return TRUE; } return FALSE; } if (isset($_POST['msg_send']) && isnum($_POST['msg_send']) && validate_user($_POST['msg_send'])) { $_GET['msg_send'] = $_POST['msg_send']; } // prohibits send message to non-existing group $user_group = fusion_get_groups(); unset($user_group[0]); if (isset($_POST['msg_to_group']) && isnum($_POST['msg_to_group']) && isset($user_group[$_POST['msg_to_group']])) { $_GET['msg_to_group'] = $_POST['msg_to_group']; } $this->info = array("folders" => array("inbox" => array("link" => BASEDIR . "messages.php?folder=inbox", "title" => $locale['402']), "outbox" => array("link" => BASEDIR . "messages.php?folder=outbox", "title" => $locale['403']), "archive" => array("link" => BASEDIR . "messages.php?folder=archive", "title" => $locale['404']), "options" => array("link" => BASEDIR . "messages.php?folder=options", "title" => $locale['425'])), "inbox_total" => dbrows(dbquery("SELECT message_id FROM " . DB_MESSAGES . " WHERE message_user='******'user_id'] . "' and message_to='" . $userdata['user_id'] . "' AND message_folder='0'")), "outbox_total" => dbrows(dbquery("SELECT message_id FROM " . DB_MESSAGES . " WHERE message_user='******'user_id'] . "' and message_to='" . $userdata['user_id'] . "' AND message_folder='1'")), "archive_total" => dbrows(dbquery("SELECT message_id FROM " . DB_MESSAGES . " WHERE message_user='******'user_id'] . "' and message_to='" . $userdata['user_id'] . "' AND message_folder='2'")), "button" => array("new" => array('link' => BASEDIR . "messages.php?msg_send=new", 'name' => $locale['401']), "options" => array('link' => BASEDIR . "messages.php?folder=options", 'name' => $locale['425'])), "actions_form" => ""); add_to_title($locale['global_200'] . $locale['400']); add_to_meta("description", $locale['400']); }
$page_content .= "<strong>" . $locale['global_411'] . "</strong><br /><br />\n"; $page_refresh = "10"; } elseif (isset($_GET['error']) && $_GET['error'] == 6) { // anonymized/deleted $page_content .= "<strong>" . $locale['global_412'] . "</strong><br /><br />\n"; $page_refresh = "10"; } elseif (isset($_GET['error']) && $_GET['error'] == 8) { // username/password does not match $page_content .= "<strong>" . $locale['global_196'] . "</strong><br /><br />\n"; } else { if ($settings['login_method'] == "cookies" && isset($_COOKIE[COOKIE_PREFIX . 'user']) || $settings['login_method'] == "sessions" && isset($_SESSION[COOKIE_PREFIX . 'user_id']) && isset($_SESSION[COOKIE_PREFIX . 'user_pass'])) { if ($settings['login_method'] == "cookies") { $cookie_vars = explode(".", $_COOKIE[COOKIE_PREFIX . 'user']); $user_pass = preg_check("/^[0-9a-z]{32}\$/", $cookie_vars['1']) ? $cookie_vars['1'] : ""; } elseif ($settings['login_method'] == "sessions") { $user_pass = preg_check("/^[0-9a-z]{32}\$/", $_SESSION[COOKIE_PREFIX . 'user_pass']) ? $_SESSION[COOKIE_PREFIX . 'user_pass'] : ""; } $user_name = preg_replace(array("/\\=/", "/\\#/", "/\\sOR\\s/"), "", stripinput($_GET['user'])); if (!dbcount("(user_id)", DB_USERS, "user_name='" . $user_name . "' AND user_password='******'")) { $page_content .= "<strong>" . $locale['global_196'] . "</strong><br /><br />\n"; } else { $result = dbquery("DELETE FROM " . DB_ONLINE . " WHERE online_user='******' AND online_ip='" . USER_IP . "'"); $page_content .= "<strong>" . $locale['global_193'] . $_GET['user'] . "</strong><br /><br />\n"; } } } } echo "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>\n"; echo "<html>\n<head>\n"; echo "<title>" . $settings['sitename'] . "</title>\n"; echo "<meta http-equiv='Content-Type' content='text/html; charset=" . $locale['charset'] . "' />\n";
} } else { $result = dbquery("SELECT user_id FROM " . DB_USERS . " WHERE user_name='" . $user_name . "' LIMIT 1"); // Pimped -> if (dbrows($result)) { $data = dbarray($result); dbquery("INSERT INTO " . DB_FAILED_LOGINS . " (user_id, datestamp, logged_ip) VALUES ('" . $data['user_id'] . "', '" . time() . "', '" . USER_IP . "')"); } // Pimped <- redirect(BASEDIR . "setuser.php?error=8"); } } if (isset($_COOKIE[COOKIE_PREFIX . 'user'])) { $cookie_vars = explode(".", $_COOKIE[COOKIE_PREFIX . 'user']); $cookie_1 = isnum($cookie_vars['0']) ? $cookie_vars['0'] : "0"; $cookie_2 = preg_check("/^[0-9a-z]{32}\$/", $cookie_vars['1']) ? $cookie_vars['1'] : ""; $result = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_id='" . $cookie_1 . "' AND user_password='******' LIMIT 1"); unset($cookie_vars, $cookie_2); // Pimped if (dbrows($result)) { $userdata = dbarray($result); if ($userdata['user_status'] == 0) { if ($userdata['user_theme'] != "Default" && file_exists(THEMES . $userdata['user_theme'] . "/theme.php") && ($settings['userthemes'] == 1 || $userdata['user_level'] >= nADMIN)) { if (!theme_exists($userdata['user_theme'])) { echo "<strong>" . $settings['sitename'] . " - " . $locale['global_300'] . ".</strong><br /><br />\n"; echo $locale['global_301']; die; } } else { if (!theme_exists($settings['theme'])) { echo "<strong>" . $settings['sitename'] . " - " . $locale['global_300'] . ".</strong><br /><br />\n";
/** * Validate the code to the user code * @access private */ function validate() { if (preg_check("/^[0-9a-z]+\$/", strtolower(trim($this->code_entered)))) { $result = dbquery("SELECT * FROM " . DB_CAPTCHA . " WHERE captcha_ip='" . USER_IP . "' AND captcha_string='" . strtolower(trim($this->code_entered)) . "'"); if (dbrows($result)) { $result = dbquery("DELETE FROM " . DB_CAPTCHA . " WHERE captcha_ip='" . USER_IP . "' AND captcha_string='" . strtolower(trim($this->code_entered)) . "'"); $this->correct_code = TRUE; } else { $this->correct_code = FALSE; } } else { $this->correct_code = FALSE; } }
/** * Checks if is a valid email address * accepts only 50 characters + @ + 4 characters * returns str the input or bool FALSE if check fails */ protected function verify_email() { // TODO: This regex was reported previously as flawed and should be reviewed and fixed if ($this->field_config['required'] && !$this->field_value) { self::setInputError($this->field_name); } if (preg_check("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $this->field_value)) { return $this->field_value; } return FALSE; }
$user_new_admin_password = ""; } if ($user_name == "" || $user_email == "") { $error .= $locale['430'] . "<br />\n"; } else { if (preg_check("/^[-0-9A-Z_@\\s]+\$/i", $user_name)) { if ($user_name != $userdata['user_name']) { $result = dbquery("SELECT user_name FROM " . DB_USERS . " WHERE user_name='" . $user_name . "' AND user_id<>'" . $userdata['user_id'] . "'"); if (dbrows($result)) { $error .= $locale['432'] . "<br />\n"; } } } else { $error .= $locale['431'] . "<br />\n"; } if (preg_check("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $user_email)) { if ($user_email != $userdata['user_email']) { if (isset($_POST['user_password']) && md5(md5($_POST['user_password'])) == $userdata['user_password']) { $result = dbquery("SELECT user_email FROM " . DB_USERS . " WHERE user_email='" . $user_email . "'"); if (dbrows($result)) { $error .= $locale['434'] . "<br />\n"; } } else { $error .= $locale['437'] . "<br />\n"; } } } else { $error .= $locale['433'] . "<br />\n"; } } if ($user_new_password) {
| written permission from the original author(s). +--------------------------------------------------------*/ require_once "maincore.php"; require_once THEMES . "templates/header.php"; include LOCALE . LOCALESET . "messages.php"; if (!iMEMBER) { redirect("index.php"); } add_to_title($locale['global_200'] . $locale['400']); $msg_settings = dbarray(dbquery("SELECT * FROM " . DB_MESSAGES_OPTIONS . " WHERE user_id='0'")); if (iADMIN || $userdata['user_id'] == 1) { $msg_settings['pm_inbox'] = 0; $msg_settings['pm_savebox'] = 0; $msg_settings['pm_sentbox'] = 0; } if (!isset($_GET['folder']) || !preg_check("/^(inbox|outbox|archive|options)\$/", $_GET['folder'])) { $_GET['folder'] = "inbox"; } if (isset($_POST['msg_send']) && isnum($_POST['msg_send'])) { $_GET['msg_send'] = $_POST['msg_send']; } if (isset($_POST['msg_to_group']) && isnum($_POST['msg_to_group'])) { $_GET['msg_to_group'] = $_POST['msg_to_group']; } $error = ""; $msg_ids = ""; $check_count = 0; if (isset($_POST['check_mark'])) { if (is_array($_POST['check_mark']) && count($_POST['check_mark']) > 1) { foreach ($_POST['check_mark'] as $thisnum) { if (isnum($thisnum)) {
function check_captcha($captchs_encode, $captcha_string) { if (preg_check("/^[0-9A-Za-z]+\$/", $captchs_encode) && preg_check("/^[0-9A-Za-z]+\$/", $captcha_string)) { $result = dbquery("SELECT * FROM " . DB_CAPTCHA . " WHERE captcha_ip='" . USER_IP . "' AND captcha_encode='" . $captchs_encode . "' AND captcha_string='" . $captcha_string . "'"); if (dbrows($result)) { $result = dbquery("DELETE FROM " . DB_CAPTCHA . " WHERE captcha_ip='" . USER_IP . "' AND captcha_encode='" . $captchs_encode . "' AND captcha_string='" . $captcha_string . "'"); return true; } else { return false; } } else { return false; } }
if ($_POST['user_hash'] == $user_data['user_password']) { if (!preg_match("/^[0-9A-Z@]{6,20}\$/i", $user_new_password)) { $error .= $locale['457'] . "<br />\n"; } } else { $error .= $locale['458'] . "<br />\n"; } } } $user_hide_email = isnum($_POST['user_hide_email']) ? $_POST['user_hide_email'] : "1"; if ($error == "") { if (!$user_data['user_avatar'] && !empty($_FILES['user_avatar']['name']) && is_uploaded_file($_FILES['user_avatar']['tmp_name'])) { $newavatar = $_FILES['user_avatar']; $avatarext = strrchr($newavatar['name'], "."); $avatarname = substr($newavatar['name'], 0, strrpos($newavatar['name'], ".")); if (preg_check("/^[-0-9A-Z_\\[\\]]+\$/i", $avatarname) && preg_check("/(\\.gif|\\.GIF|\\.jpg|\\.JPG|\\.jpeg|\\.JPEG|\\.png|\\.PNG)\$/", $avatarext) && $newavatar['size'] <= 30720) { $avatarname = $avatarname . "[" . $userdata['user_id'] . "]" . $avatarext; move_uploaded_file($newavatar['tmp_name'], IMAGES . "avatars/" . $avatarname); chmod(IMAGES . "avatars/" . $avatarname, 0644); $set_avatar = ", user_avatar='" . $avatarname . "'"; if ($size = @getimagesize(IMAGES . "avatars/" . $avatarname)) { if ($size['0'] > 100 || $size['1'] > 100) { @unlink(IMAGES . "avatars/" . $avatarname); $set_avatar = ""; } elseif (!verify_image(IMAGES . "avatars/" . $avatarname)) { @unlink(IMAGES . "avatars/" . $avatarname); $set_avatar = ""; } } else { @unlink(IMAGES . "avatars/" . $avatarname); $set_avatar = "";
echo "<ul class='dropdown-menu text-left' role='action-menu' style='left:70px;'>\n"; echo "<li><a href='{$ban_link}'>" . getsuspension(1, TRUE) . "</a></li>\n"; echo "<li><a href='{$suspend_link}'>" . getsuspension(3, TRUE) . "</a></li>\n"; echo "<li><a href='{$cancel_link}'>" . getsuspension(5, TRUE) . "</a></li>\n"; echo "<li><a href='{$anon_link}'>" . getsuspension(6, TRUE) . "</a></li>\n"; echo "<li><a href='{$deac_link}'>" . getsuspension(7, TRUE) . "</a></li>\n"; echo "<li><a href='{$inac_link}'>" . getsuspension(8, TRUE) . "</a></li>\n"; echo "</ul>\n"; } echo "</div>\n"; echo "</td>\n</tr>\n"; $i++; } echo "</tbody>\n</table>\n"; } else { if (isset($_GET['search_text']) && preg_check("/^[-0-9A-Z_@\\s]+\$/i", $_GET['search_text'])) { echo "<div style='text-align:center'><br />" . sprintf($locale['411'], $status == 0 ? "" : getsuspension($status)) . $locale['413'] . "'" . stripinput($_GET['search_text']) . "'<br /><br />\n</div>\n"; } else { echo "<div style='text-align:center'><br />" . sprintf($locale['411'], $status == 0 ? "" : getsuspension($status)) . ($_GET['sortby'] == "all" ? "" : $locale['412'] . $_GET['sortby']) . ".<br /><br />\n</div>\n"; } } $alphanum = array("A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9"); echo "<div style='margin-top:10px;'></div>\n"; echo "<table cellpadding='0' cellspacing='1' width='450' class='table table-responsive tbl-border center'>\n<tr>\n"; echo "<td rowspan='2' class='tbl2'><a href='" . FUSION_SELF . $aidlink . "&status=" . $status . "'>" . $locale['414'] . "</a></td>"; for ($i = 0; $i < 36; $i++) { echo "<td align='center' class='tbl1'><div class='small'><a href='" . FUSION_SELF . $aidlink . "&sortby=" . $alphanum[$i] . "&status={$status}'>" . $alphanum[$i] . "</a></div></td>"; echo $i == 17 ? "<td rowspan='2' class='tbl2'><a href='" . FUSION_SELF . $aidlink . "&status=" . $status . "'>" . $locale['414'] . "</a></td>\n</tr>\n<tr>\n" : "\n"; } echo "</tr>\n</table>\n"; echo "<hr />\n";
require_once TEMPLATES . "header.php"; include LOCALE . LOCALESET . "register.php"; include LOCALE . LOCALESET . "user_fields.php"; if (iMEMBER || !$settings['enable_registration']) { redirect("index.php"); } if ($settings['display_validation'] == "2" && ($settings['recaptcha_publickey'] == "" || $settings['recaptcha_privatekey'] == "")) { $settings['display_validation'] = "1"; } if ($settings['display_validation'] == "2") { require_once INCLUDES . "recaptcha/recaptchalib.php"; $resp = null; $recaptcha_error = null; } if (isset($_GET['activate'])) { if (!preg_check("/^[0-9a-z]{32}\$/", $_GET['activate'])) { redirect("index.php"); } $result = dbquery("SELECT user_info FROM " . DB_NEW_USERS . " WHERE user_code='" . $_GET['activate'] . "'"); if (dbrows($result)) { $data = dbarray($result); $user_info = unserialize($data['user_info']); $user_status = $settings['admin_activation'] == "1" ? "2" : "0"; $profile_method = "validate_insert"; $db_fields = ""; $db_values = ""; $result = dbquery("SELECT tuf.field_name FROM " . DB_USER_FIELDS . " tuf\r\n\t\t\tINNER JOIN " . DB_USER_FIELD_CATS . " tufc ON tuf.field_cat = tufc.field_cat_id\r\n\t\t\tORDER BY field_cat_order, field_order"); if (dbrows($result)) { while ($data = dbarray($result)) { if (file_exists(LOCALE . LOCALESET . "user_fields/" . $data['field_name'] . ".php")) { include LOCALE . LOCALESET . "user_fields/" . $data['field_name'] . ".php";
$valid = $passAuth->isValidNewPassword(); if ($valid === 0) { $result = true; $msg = "<span style='color:green;'><img src='images/yes.png' width='12' /> OK</span>"; } else { $result = false; $msg = "<span style='color:red;'><img src='images/no.png' width='12' /> Incorrect password</span>"; } $e = array("result" => $result, "msg" => $msg); print json_encode($e); } if (isset($_POST['action']) && $_POST['action'] == "check_name") { $name = $_POST['username']; $name = stripinput(trim(preg_replace("/ +/i", " ", $name))); if (!empty($name)) { if (!preg_check("/^[-0-9A-Z_@\\s]+\$/i", $name) || strlen($name) < 3 || strlen($name) > 25) { $msg = "<span style='color:red;'><img src='images/no.png' width='12' /> Invalid symbols or incorrect lenght</span>"; $result = false; } else { $check1 = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_name='" . $name . "'"); $check2 = dbquery("SELECT * FROM " . DB_RM_USERS . " WHERE rmuser_username='******'"); if (dbrows($check1) || dbrows($check2)) { $msg = "<span style='color:red;'><img src='images/no.png' width='12' /> Name already exist</span>"; $result = false; } else { $msg = "<span style='color:green;'><img src='images/yes.png' width='12' /> OK</span> "; $result = true; } } } else { $result = false;