if (!empty($error)) { redirect(HOST . DIR . '/member/register' . url('.php?erroru=' . $error) . '#errorh'); } else { $user_avatar = $path; } } $admin_sign = $CONFIG['sign']; $check_user = $Sql->query("SELECT COUNT(*) as compt FROM " . DB_TABLE_MEMBER . " WHERE login = '******'", __LINE__, __FILE__); $check_mail = $Sql->query("SELECT COUNT(*) as compt FROM " . DB_TABLE_MEMBER . " WHERE user_mail = '" . $user_mail . "'", __LINE__, __FILE__); if ($check_user >= 1) { redirect(HOST . DIR . '/member/register' . url('.php?error=pseudo_auth') . '#errorh'); } elseif ($check_mail >= 1) { redirect(HOST . DIR . '/member/register' . url('.php?error=mail_auth') . '#errorh'); } else { $user_aprob = $CONFIG_USER['activ_mbr'] == 0 ? 1 : 0; $activ_mbr = $CONFIG_USER['activ_mbr'] == 1 ? substr(strhash(uniqid(rand(), true)), 0, 15) : ''; @unlink('../cache/sex.png'); @unlink('../cache/theme.png'); $Sql->query_inject("INSERT INTO " . DB_TABLE_MEMBER . " (login,password,level,user_groups,user_lang,user_theme,user_mail,user_show_mail,user_editor,user_timezone,timestamp,user_avatar,user_msg,user_local,user_msn,user_yahoo,user_web,user_occupation,user_hobbies,user_desc,user_sex,user_born,user_sign,user_pm,user_warning,last_connect,test_connect,activ_pass,new_pass,user_ban,user_aprob)\n\t\t\t\t\tVALUES ('" . $login . "', '" . $password_hash . "', 0, '0', '" . $user_lang . "', '" . $user_theme . "', '" . $user_mail . "', '" . $user_show_mail . "', '" . $user_editor . "', '" . $user_timezone . "', '" . time() . "', '" . $user_avatar . "', 0, '" . $user_local . "', '" . $user_msn . "', '" . $user_yahoo . "', '" . $user_web . "', '" . $user_occupation . "', '" . $user_hobbies . "', '" . $user_desc . "', '" . $user_sex . "', '" . $user_born . "', '" . $user_sign . "', 0, 0, '" . time() . "', 0, '" . $activ_mbr . "', '', 0, '" . $user_aprob . "')", __LINE__, __FILE__); $last_mbr_id = $Sql->insert_id("SELECT MAX(id) FROM " . DB_TABLE_MEMBER); if ($CONFIG_USER['activ_mbr'] == 2) { import('events/administrator_alert_service'); $alert = new AdministratorAlert(); $alert->set_entitled($LANG['member_registered_to_approbate']); $alert->set_fixing_url('admin/admin_members.php?id=' . $last_mbr_id); $alert->set_priority(ADMIN_ALERT_MEDIUM_PRIORITY); $alert->set_id_in_module($last_mbr_id); $alert->set_type('member_account_to_approbate'); AdministratorAlertService::save_alert($alert); } else { $Cache->Generate_file('stats');
} } } redirect(HOST . SCRIPT); } else { redirect(HOST . DIR . '/admin/admin_members' . url('.php?id=' . $id_post . '&error=incomplete') . '#errorh'); } } } else { redirect(HOST . DIR . '/admin/admin_members' . url('.php?id=' . $id_post . '&error=incomplete') . '#errorh'); } } elseif ($add && !empty($_POST['add'])) { $login = !empty($_POST['login2']) ? strprotect(substr($_POST['login2'], 0, 25)) : ''; $password = retrieve(POST, 'password2', '', TSTRING_UNCHANGE); $password_bis = retrieve(POST, 'password2_bis', '', TSTRING_UNCHANGE); $password_hash = !empty($password) ? strhash($password) : ''; $level = retrieve(POST, 'level2', 0); $mail = strtolower(retrieve(POST, 'mail2', '')); if (check_mail($mail)) { $check_user = $Sql->query("SELECT COUNT(*) as compt FROM " . DB_TABLE_MEMBER . " WHERE login = '******'", __LINE__, __FILE__); $check_mail = $Sql->query("SELECT COUNT(*) as compt FROM " . DB_TABLE_MEMBER . " WHERE user_mail = '" . $mail . "'", __LINE__, __FILE__); if ($check_user >= 1) { redirect(HOST . DIR . '/admin/admin_members' . url('.php?error=pseudo_auth&add=1') . '#errorh'); } elseif ($check_mail >= 1) { redirect(HOST . DIR . '/admin/admin_members' . url('.php?error=auth_mail&add=1') . '#errorh'); } else { if (strlen($password) >= 6 && strlen($password_bis) >= 6) { if (!empty($login)) { $Sql->query_inject("INSERT INTO " . DB_TABLE_MEMBER . " (login,password,level,user_groups,user_lang,user_theme,user_mail,user_timezone,user_show_mail,timestamp,user_avatar,user_msg,user_local,user_msn,user_yahoo,user_web,user_occupation,user_hobbies,user_desc,user_sex,user_born,user_sign,user_pm,user_warning,user_readonly,last_connect,test_connect,activ_pass,new_pass,user_ban,user_aprob) \n\t\t\t\t\tVALUES('" . $login . "', '" . $password_hash . "', '" . $level . "', '', '" . $CONFIG['lang'] . "', '', '" . $mail . "', '" . $CONFIG['timezone'] . "', '1', '" . time() . "', '', 0, '', '', '', '', '', '', '', 0, '0000-00-00', '', 0, 0, 0, 0, 0, '', '', 0, 1)", __LINE__, __FILE__); $Cache->Generate_file('stats'); redirect(HOST . SCRIPT);
} elseif (!Mail::check_validity($user_mail)) { return $LANG['admin_email_error']; } else { return ''; } } $error = check_admin_account($login, $password, $password_repeat, $user_mail); if (empty($error)) { require_once 'functions.php'; load_db_connection(); import('core/cache'); $Cache = new Cache(); $Cache->load('config'); $Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET login = '******', password = '******', level = '2', user_lang = '" . $CONFIG['lang'] . "', user_theme = '" . $CONFIG['theme'] . "', user_mail = '" . $user_mail . "', user_show_mail = '1', timestamp = '" . time() . "', user_aprob = '1', user_timezone = '" . $CONFIG['timezone'] . "' WHERE user_id = '1'", __LINE__, __FILE__); $unlock_admin = substr(strhash(uniqid(mt_rand(), true)), 0, 12); $CONFIG['unlock_admin'] = strhash($unlock_admin); $CONFIG['mail_exp'] = $user_mail; $CONFIG['mail'] = $user_mail; $Sql->query_inject("UPDATE " . DB_TABLE_CONFIGS . " SET value = '" . addslashes(serialize($CONFIG)) . "' WHERE name = 'config'", __LINE__, __FILE__); $Cache->Generate_file('config'); $Cache->load('member'); $CONFIG_USER['activ_register'] = (int) DISTRIBUTION_ENABLE_USER; $CONFIG_USER['msg_mbr'] = $LANG['site_config_msg_mbr']; $CONFIG_USER['msg_register'] = $LANG['site_config_msg_register']; $Sql->query_inject("UPDATE " . DB_TABLE_CONFIGS . " SET value = '" . addslashes(serialize($CONFIG_USER)) . "' WHERE name = 'member'", __LINE__, __FILE__); $Cache->generate_file('member'); $LANG['admin'] = ''; import('io/mail'); $mail = new Mail(); $mail->set_sender('admin'); $mail->set_recipients($user_mail);
function get_token() { if (empty($this->data['token'])) { $this->data['token'] = strhash(uniqid(mt_rand(), true), false); global $Sql; $Sql->query_inject("UPDATE " . DB_TABLE_SESSIONS . " SET token='" . $this->data['token'] . "' WHERE session_id='" . $this->data['session_id'] . "'", __LINE__, __FILE__); } return $this->data['token']; }
$theme_array_bdd = array(); $result = $Sql->query_while("SELECT theme \n\tFROM " . DB_TABLE_THEMES . "", __LINE__, __FILE__); while ($row = $Sql->fetch_assoc($result)) { if (array_search($row['theme'], $tpl_array) !== false) { $theme_array_bdd[] = $row['theme']; } } $Sql->query_close($result); foreach ($theme_array_bdd as $theme_array => $theme_value) { $theme_info = load_ini_file('../templates/' . $theme_value . '/config/', get_ulang()); if ($theme_info) { $theme_name = !empty($theme_info['name']) ? $theme_info['name'] : $theme_value; $selected = $theme_value == $CONFIG['theme'] ? 'selected="selected"' : ''; $Template->assign_block_vars('select', array('THEME' => '<option value="' . $theme_value . '" ' . $selected . '>' . $theme_name . '</option>')); } } $Template->pparse('admin_config'); } if (!empty($_GET['unlock'])) { import('io/mail'); $Mail = new Mail(); $unlock_admin_clean = substr(strhash(uniqid(mt_rand(), true)), 0, 18); $unlock_admin = strhash($unlock_admin_clean); $CONFIG['unlock_admin'] = $unlock_admin; $Sql->query_inject("UPDATE " . DB_TABLE_CONFIGS . " SET value = '" . addslashes(serialize($CONFIG)) . "' WHERE name = 'config'", __LINE__, __FILE__); ###### Régénération du cache $CONFIG ####### $Cache->Generate_file('config'); $Mail->send_from_properties($User->get_attribute('user_mail'), $LANG['unlock_title_mail'], sprintf($LANG['unlock_mail'], $unlock_admin_clean), $CONFIG['mail_exp']); redirect(HOST . DIR . '/admin/admin_config.php?adv=1&mail=1'); } require_once '../admin/admin_footer.php';
} if (!empty($errstr)) { $Errorh->handler($errstr, E_USER_NOTICE); } if (isset($LANG[$get_l_error])) { $Errorh->handler($LANG[$get_l_error], E_USER_WARNING); } } elseif (!empty($_POST['valid']) && $User->get_attribute('user_id') === $id_get && $User->check_level(MEMBER_LEVEL)) { $check_pass = !empty($_POST['pass']) ? true : false; $check_pass_bis = !empty($_POST['pass_bis']) ? true : false; if ($check_pass && $check_pass_bis) { $password_old_hash = !empty($_POST['pass_old']) ? strhash($_POST['pass_old']) : ''; $password = retrieve(POST, 'pass', '', TSTRING_UNCHANGE); $password_hash = !empty($password) ? strhash($password) : ''; $password_bis = retrieve(POST, 'pass_bis', '', TSTRING_UNCHANGE); $password_bis_hash = !empty($password_bis) ? strhash($password_bis) : ''; $password_old_bdd = $Sql->query("SELECT password FROM " . DB_TABLE_MEMBER . " WHERE user_id = '" . $User->get_attribute('user_id') . "'", __LINE__, __FILE__); if (!empty($password_old_hash) && !empty($password_hash) && !empty($password_bis_hash)) { if ($password_old_hash === $password_old_bdd && $password_hash === $password_bis_hash) { if (strlen($password) >= 6 && strlen($password_bis) >= 6) { $Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET password = '******' WHERE user_id = '" . $id_get . "'", __LINE__, __FILE__); } else { redirect(HOST . DIR . '/member/member' . url('.php?id=' . $id_get . '&edit=1&error=pass_mini') . '#errorh'); } } else { redirect(HOST . DIR . '/member/member' . url('.php?id=' . $id_get . '&edit=1&error=pass_same') . '#errorh'); } } } if (!empty($_POST['del_member'])) { $Sql->query_inject("DELETE FROM " . DB_TABLE_MEMBER . " WHERE user_id = '" . $User->get_attribute('user_id') . "'", __LINE__, __FILE__);
function _update_code() { global $Sql; $user_id = substr(strhash(USER_IP), 0, 13) . $this->instance; $check_user_id = $Sql->query("SELECT COUNT(*) FROM " . DB_TABLE_VERIF_CODE . " WHERE user_id = '" . $user_id . "'", __LINE__, __FILE__); if ($check_user_id == 1) { $Sql->query_inject("UPDATE " . DB_TABLE_VERIF_CODE . " SET code = '" . $this->code . "' WHERE user_id = '" . $user_id . "'", __LINE__, __FILE__); } else { $Sql->query_inject("INSERT INTO " . DB_TABLE_VERIF_CODE . " (user_id, code, difficulty, timestamp) VALUES ('" . $user_id . "', '" . $this->code . "', '4', '" . time() . "')", __LINE__, __FILE__); } }
function _generate_file_info($filename, $filepostname, $uniq_name) { $this->extension[$filepostname] = strtolower(substr(strrchr($filename, '.'), 1)); if (strrpos($filename, '.') !== FALSE) { $filename = substr($filename, 0, strrpos($filename, '.')); } $filename = str_replace('.', '_', $filename); $filename = $this->_clean_filename($filename); if ($uniq_name) { $filename_tmp = $filename; if (!empty($this->extension[$filepostname])) { $filename_tmp .= '.' . $this->extension[$filepostname]; } $filename1 = $filename; while (file_exists($this->base_directory . $filename_tmp)) { $filename1 = $filename . '_' . substr(strhash(uniqid(mt_rand(), true)), 0, 5); $filename_tmp = $filename1; if (!empty($this->extension[$filepostname])) { $filename_tmp .= '.' . $this->extension[$filepostname]; } } $filename = $filename1; } if (!empty($this->extension[$filepostname])) { $filename .= '.' . $this->extension[$filepostname]; } $this->filename[$filepostname] = $filename; }
$activ_confirm = retrieve(GET, 'activate', false); $activ_get = retrieve(GET, 'activ', ''); $user_get = retrieve(GET, 'u', 0); $forget = retrieve(POST, 'forget', ''); if (!$User->check_level(MEMBER_LEVEL)) { if (!$activ_confirm) { $Template->set_filenames(array('forget' => 'member/forget.tpl')); if (!empty($forget)) { $user_mail = retrieve(POST, 'mail', ''); $login = retrieve(POST, 'name', ''); if (!empty($user_mail) && check_mail($user_mail)) { $user_id = $Sql->query("SELECT user_id FROM " . DB_TABLE_MEMBER . " WHERE user_mail = '" . $user_mail . "' AND login = '******'", __LINE__, __FILE__); if (!empty($user_id)) { $new_pass = substr(strhash(uniqid(rand(), true)), 0, 6); $activ_pass = substr(strhash(uniqid(rand(), true)), 0, 30); $Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET activ_pass = '******', new_pass = '******' WHERE user_id = '" . $user_id . "'", __LINE__, __FILE__); import('io/mail'); $Mail = new Mail(); $Mail->send_from_properties($user_mail, $LANG['forget_mail_activ_pass'], sprintf($LANG['forget_mail_pass'], $login, HOST, HOST . DIR, $user_id, $activ_pass, $new_pass, $CONFIG['sign']), $CONFIG['mail_exp']); redirect(HOST . DIR . '/member/forget.php?error=forget_mail_send'); } else { $Errorh->handler($LANG['e_mail_forget'], E_USER_NOTICE); } } else { $Errorh->handler($LANG['e_incomplete'], E_USER_NOTICE); } } $get_error = retrieve(GET, 'error', '', TSTRING_UNCHANGE); $errno = E_USER_NOTICE; switch ($get_error) { case 'forget_mail_send':
<?php if (defined('PHPBOOST') !== true) { exit; } $login = retrieve(POST, 'login', ''); $password = retrieve(POST, 'password', '', TSTRING_UNCHANGE); $autoconnexion = retrieve(POST, 'auto', false); $unlock = strhash(retrieve(POST, 'unlock', '', TSTRING_UNCHANGE)); if (retrieve(GET, 'disconnect', false)) { $Session->end(); redirect(get_start_page()); } if (retrieve(POST, 'connect', false) && !empty($login) && !empty($password)) { $user_id = $Sql->query("SELECT user_id FROM " . DB_TABLE_MEMBER . " WHERE login = '******' AND level = 2", __LINE__, __FILE__); if (!empty($user_id)) { $info_connect = $Sql->query_array(DB_TABLE_MEMBER, 'level', 'user_warning', 'last_connect', 'test_connect', 'user_ban', 'user_aprob', "WHERE user_id = '" . $user_id . "' AND level = 2", __LINE__, __FILE__); $delay_connect = time() - $info_connect['last_connect']; $delay_ban = time() - $info_connect['user_ban']; if ($delay_ban >= 0 && $info_connect['user_aprob'] == '1' && $info_connect['user_warning'] < '100') { if ($info_connect['test_connect'] < '5' || $unlock === $CONFIG['unlock_admin']) { $error_report = $Session->start($user_id, $password, $info_connect['level'], '', '', '', $autoconnexion); } elseif ($delay_connect >= 600 && $info_connect['test_connect'] == '5') { $Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET last_connect = '" . time() . "', test_connect = 0 WHERE user_id = '" . $user_id . "' AND level = 2", __LINE__, __FILE__); $error_report = $Session->start($user_id, $password, $info_connect['level'], '', '', '', $autoconnexion); } elseif ($delay_connect >= 300 && $info_connect['test_connect'] == '5') { $Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET last_connect = '" . time() . "', test_connect = 3 WHERE user_id = '" . $user_id . "' AND level = 2", __LINE__, __FILE__); $error_report = $Session->start($user_id, $password, $info_connect['level'], '', '', '', $autoconnexion); } else { redirect(HOST . DIR . '/admin/admin_index.php?flood=0'); }