if (!empty($error)) {
redirect(HOST . DIR . '/member/register' . url('.php?erroru=' . $error) . '#errorh');
} else {
$user_avatar = $path;
}
}
$admin_sign = $CONFIG['sign'];
$check_user = $Sql->query("SELECT COUNT(*) as compt FROM " . DB_TABLE_MEMBER . " WHERE login = '******'", __LINE__, __FILE__);
$check_mail = $Sql->query("SELECT COUNT(*) as compt FROM " . DB_TABLE_MEMBER . " WHERE user_mail = '" . $user_mail . "'", __LINE__, __FILE__);
if ($check_user >= 1) {
redirect(HOST . DIR . '/member/register' . url('.php?error=pseudo_auth') . '#errorh');
} elseif ($check_mail >= 1) {
redirect(HOST . DIR . '/member/register' . url('.php?error=mail_auth') . '#errorh');
} else {
$user_aprob = $CONFIG_USER['activ_mbr'] == 0 ? 1 : 0;
$activ_mbr = $CONFIG_USER['activ_mbr'] == 1 ? substr(strhash(uniqid(rand(), true)), 0, 15) : '';
@unlink('../cache/sex.png');
@unlink('../cache/theme.png');
$Sql->query_inject("INSERT INTO " . DB_TABLE_MEMBER . " (login,password,level,user_groups,user_lang,user_theme,user_mail,user_show_mail,user_editor,user_timezone,timestamp,user_avatar,user_msg,user_local,user_msn,user_yahoo,user_web,user_occupation,user_hobbies,user_desc,user_sex,user_born,user_sign,user_pm,user_warning,last_connect,test_connect,activ_pass,new_pass,user_ban,user_aprob)\n\t\t\t\t\tVALUES ('" . $login . "', '" . $password_hash . "', 0, '0', '" . $user_lang . "', '" . $user_theme . "', '" . $user_mail . "', '" . $user_show_mail . "', '" . $user_editor . "', '" . $user_timezone . "', '" . time() . "', '" . $user_avatar . "', 0, '" . $user_local . "', '" . $user_msn . "', '" . $user_yahoo . "', '" . $user_web . "', '" . $user_occupation . "', '" . $user_hobbies . "', '" . $user_desc . "', '" . $user_sex . "', '" . $user_born . "', '" . $user_sign . "', 0, 0, '" . time() . "', 0, '" . $activ_mbr . "', '', 0, '" . $user_aprob . "')", __LINE__, __FILE__);
$last_mbr_id = $Sql->insert_id("SELECT MAX(id) FROM " . DB_TABLE_MEMBER);
if ($CONFIG_USER['activ_mbr'] == 2) {
import('events/administrator_alert_service');
$alert = new AdministratorAlert();
$alert->set_entitled($LANG['member_registered_to_approbate']);
$alert->set_fixing_url('admin/admin_members.php?id=' . $last_mbr_id);
$alert->set_priority(ADMIN_ALERT_MEDIUM_PRIORITY);
$alert->set_id_in_module($last_mbr_id);
$alert->set_type('member_account_to_approbate');
AdministratorAlertService::save_alert($alert);
} else {
$Cache->Generate_file('stats');
}
}
}
redirect(HOST . SCRIPT);
} else {
redirect(HOST . DIR . '/admin/admin_members' . url('.php?id=' . $id_post . '&error=incomplete') . '#errorh');
}
}
} else {
redirect(HOST . DIR . '/admin/admin_members' . url('.php?id=' . $id_post . '&error=incomplete') . '#errorh');
}
} elseif ($add && !empty($_POST['add'])) {
$login = !empty($_POST['login2']) ? strprotect(substr($_POST['login2'], 0, 25)) : '';
$password = retrieve(POST, 'password2', '', TSTRING_UNCHANGE);
$password_bis = retrieve(POST, 'password2_bis', '', TSTRING_UNCHANGE);
$password_hash = !empty($password) ? strhash($password) : '';
$level = retrieve(POST, 'level2', 0);
$mail = strtolower(retrieve(POST, 'mail2', ''));
if (check_mail($mail)) {
$check_user = $Sql->query("SELECT COUNT(*) as compt FROM " . DB_TABLE_MEMBER . " WHERE login = '******'", __LINE__, __FILE__);
$check_mail = $Sql->query("SELECT COUNT(*) as compt FROM " . DB_TABLE_MEMBER . " WHERE user_mail = '" . $mail . "'", __LINE__, __FILE__);
if ($check_user >= 1) {
redirect(HOST . DIR . '/admin/admin_members' . url('.php?error=pseudo_auth&add=1') . '#errorh');
} elseif ($check_mail >= 1) {
redirect(HOST . DIR . '/admin/admin_members' . url('.php?error=auth_mail&add=1') . '#errorh');
} else {
if (strlen($password) >= 6 && strlen($password_bis) >= 6) {
if (!empty($login)) {
$Sql->query_inject("INSERT INTO " . DB_TABLE_MEMBER . " (login,password,level,user_groups,user_lang,user_theme,user_mail,user_timezone,user_show_mail,timestamp,user_avatar,user_msg,user_local,user_msn,user_yahoo,user_web,user_occupation,user_hobbies,user_desc,user_sex,user_born,user_sign,user_pm,user_warning,user_readonly,last_connect,test_connect,activ_pass,new_pass,user_ban,user_aprob) \n\t\t\t\t\tVALUES('" . $login . "', '" . $password_hash . "', '" . $level . "', '', '" . $CONFIG['lang'] . "', '', '" . $mail . "', '" . $CONFIG['timezone'] . "', '1', '" . time() . "', '', 0, '', '', '', '', '', '', '', 0, '0000-00-00', '', 0, 0, 0, 0, 0, '', '', 0, 1)", __LINE__, __FILE__);
$Cache->Generate_file('stats');
redirect(HOST . SCRIPT);
} elseif (!Mail::check_validity($user_mail)) {
return $LANG['admin_email_error'];
} else {
return '';
}
}
$error = check_admin_account($login, $password, $password_repeat, $user_mail);
if (empty($error)) {
require_once 'functions.php';
load_db_connection();
import('core/cache');
$Cache = new Cache();
$Cache->load('config');
$Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET login = '******', password = '******', level = '2', user_lang = '" . $CONFIG['lang'] . "', user_theme = '" . $CONFIG['theme'] . "', user_mail = '" . $user_mail . "', user_show_mail = '1', timestamp = '" . time() . "', user_aprob = '1', user_timezone = '" . $CONFIG['timezone'] . "' WHERE user_id = '1'", __LINE__, __FILE__);
$unlock_admin = substr(strhash(uniqid(mt_rand(), true)), 0, 12);
$CONFIG['unlock_admin'] = strhash($unlock_admin);
$CONFIG['mail_exp'] = $user_mail;
$CONFIG['mail'] = $user_mail;
$Sql->query_inject("UPDATE " . DB_TABLE_CONFIGS . " SET value = '" . addslashes(serialize($CONFIG)) . "' WHERE name = 'config'", __LINE__, __FILE__);
$Cache->Generate_file('config');
$Cache->load('member');
$CONFIG_USER['activ_register'] = (int) DISTRIBUTION_ENABLE_USER;
$CONFIG_USER['msg_mbr'] = $LANG['site_config_msg_mbr'];
$CONFIG_USER['msg_register'] = $LANG['site_config_msg_register'];
$Sql->query_inject("UPDATE " . DB_TABLE_CONFIGS . " SET value = '" . addslashes(serialize($CONFIG_USER)) . "' WHERE name = 'member'", __LINE__, __FILE__);
$Cache->generate_file('member');
$LANG['admin'] = '';
import('io/mail');
$mail = new Mail();
$mail->set_sender('admin');
$mail->set_recipients($user_mail);
function get_token()
{
if (empty($this->data['token'])) {
$this->data['token'] = strhash(uniqid(mt_rand(), true), false);
global $Sql;
$Sql->query_inject("UPDATE " . DB_TABLE_SESSIONS . " SET token='" . $this->data['token'] . "' WHERE session_id='" . $this->data['session_id'] . "'", __LINE__, __FILE__);
}
return $this->data['token'];
}
$theme_array_bdd = array();
$result = $Sql->query_while("SELECT theme \n\tFROM " . DB_TABLE_THEMES . "", __LINE__, __FILE__);
while ($row = $Sql->fetch_assoc($result)) {
if (array_search($row['theme'], $tpl_array) !== false) {
$theme_array_bdd[] = $row['theme'];
}
}
$Sql->query_close($result);
foreach ($theme_array_bdd as $theme_array => $theme_value) {
$theme_info = load_ini_file('../templates/' . $theme_value . '/config/', get_ulang());
if ($theme_info) {
$theme_name = !empty($theme_info['name']) ? $theme_info['name'] : $theme_value;
$selected = $theme_value == $CONFIG['theme'] ? 'selected="selected"' : '';
$Template->assign_block_vars('select', array('THEME' => '<option value="' . $theme_value . '" ' . $selected . '>' . $theme_name . '</option>'));
}
}
$Template->pparse('admin_config');
}
if (!empty($_GET['unlock'])) {
import('io/mail');
$Mail = new Mail();
$unlock_admin_clean = substr(strhash(uniqid(mt_rand(), true)), 0, 18);
$unlock_admin = strhash($unlock_admin_clean);
$CONFIG['unlock_admin'] = $unlock_admin;
$Sql->query_inject("UPDATE " . DB_TABLE_CONFIGS . " SET value = '" . addslashes(serialize($CONFIG)) . "' WHERE name = 'config'", __LINE__, __FILE__);
###### Régénération du cache $CONFIG #######
$Cache->Generate_file('config');
$Mail->send_from_properties($User->get_attribute('user_mail'), $LANG['unlock_title_mail'], sprintf($LANG['unlock_mail'], $unlock_admin_clean), $CONFIG['mail_exp']);
redirect(HOST . DIR . '/admin/admin_config.php?adv=1&mail=1');
}
require_once '../admin/admin_footer.php';
}
if (!empty($errstr)) {
$Errorh->handler($errstr, E_USER_NOTICE);
}
if (isset($LANG[$get_l_error])) {
$Errorh->handler($LANG[$get_l_error], E_USER_WARNING);
}
} elseif (!empty($_POST['valid']) && $User->get_attribute('user_id') === $id_get && $User->check_level(MEMBER_LEVEL)) {
$check_pass = !empty($_POST['pass']) ? true : false;
$check_pass_bis = !empty($_POST['pass_bis']) ? true : false;
if ($check_pass && $check_pass_bis) {
$password_old_hash = !empty($_POST['pass_old']) ? strhash($_POST['pass_old']) : '';
$password = retrieve(POST, 'pass', '', TSTRING_UNCHANGE);
$password_hash = !empty($password) ? strhash($password) : '';
$password_bis = retrieve(POST, 'pass_bis', '', TSTRING_UNCHANGE);
$password_bis_hash = !empty($password_bis) ? strhash($password_bis) : '';
$password_old_bdd = $Sql->query("SELECT password FROM " . DB_TABLE_MEMBER . " WHERE user_id = '" . $User->get_attribute('user_id') . "'", __LINE__, __FILE__);
if (!empty($password_old_hash) && !empty($password_hash) && !empty($password_bis_hash)) {
if ($password_old_hash === $password_old_bdd && $password_hash === $password_bis_hash) {
if (strlen($password) >= 6 && strlen($password_bis) >= 6) {
$Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET password = '******' WHERE user_id = '" . $id_get . "'", __LINE__, __FILE__);
} else {
redirect(HOST . DIR . '/member/member' . url('.php?id=' . $id_get . '&edit=1&error=pass_mini') . '#errorh');
}
} else {
redirect(HOST . DIR . '/member/member' . url('.php?id=' . $id_get . '&edit=1&error=pass_same') . '#errorh');
}
}
}
if (!empty($_POST['del_member'])) {
$Sql->query_inject("DELETE FROM " . DB_TABLE_MEMBER . " WHERE user_id = '" . $User->get_attribute('user_id') . "'", __LINE__, __FILE__);
function _update_code()
{
global $Sql;
$user_id = substr(strhash(USER_IP), 0, 13) . $this->instance;
$check_user_id = $Sql->query("SELECT COUNT(*) FROM " . DB_TABLE_VERIF_CODE . " WHERE user_id = '" . $user_id . "'", __LINE__, __FILE__);
if ($check_user_id == 1) {
$Sql->query_inject("UPDATE " . DB_TABLE_VERIF_CODE . " SET code = '" . $this->code . "' WHERE user_id = '" . $user_id . "'", __LINE__, __FILE__);
} else {
$Sql->query_inject("INSERT INTO " . DB_TABLE_VERIF_CODE . " (user_id, code, difficulty, timestamp) VALUES ('" . $user_id . "', '" . $this->code . "', '4', '" . time() . "')", __LINE__, __FILE__);
}
}
function _generate_file_info($filename, $filepostname, $uniq_name)
{
$this->extension[$filepostname] = strtolower(substr(strrchr($filename, '.'), 1));
if (strrpos($filename, '.') !== FALSE) {
$filename = substr($filename, 0, strrpos($filename, '.'));
}
$filename = str_replace('.', '_', $filename);
$filename = $this->_clean_filename($filename);
if ($uniq_name) {
$filename_tmp = $filename;
if (!empty($this->extension[$filepostname])) {
$filename_tmp .= '.' . $this->extension[$filepostname];
}
$filename1 = $filename;
while (file_exists($this->base_directory . $filename_tmp)) {
$filename1 = $filename . '_' . substr(strhash(uniqid(mt_rand(), true)), 0, 5);
$filename_tmp = $filename1;
if (!empty($this->extension[$filepostname])) {
$filename_tmp .= '.' . $this->extension[$filepostname];
}
}
$filename = $filename1;
}
if (!empty($this->extension[$filepostname])) {
$filename .= '.' . $this->extension[$filepostname];
}
$this->filename[$filepostname] = $filename;
}
$activ_confirm = retrieve(GET, 'activate', false);
$activ_get = retrieve(GET, 'activ', '');
$user_get = retrieve(GET, 'u', 0);
$forget = retrieve(POST, 'forget', '');
if (!$User->check_level(MEMBER_LEVEL)) {
if (!$activ_confirm) {
$Template->set_filenames(array('forget' => 'member/forget.tpl'));
if (!empty($forget)) {
$user_mail = retrieve(POST, 'mail', '');
$login = retrieve(POST, 'name', '');
if (!empty($user_mail) && check_mail($user_mail)) {
$user_id = $Sql->query("SELECT user_id FROM " . DB_TABLE_MEMBER . " WHERE user_mail = '" . $user_mail . "' AND login = '******'", __LINE__, __FILE__);
if (!empty($user_id)) {
$new_pass = substr(strhash(uniqid(rand(), true)), 0, 6);
$activ_pass = substr(strhash(uniqid(rand(), true)), 0, 30);
$Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET activ_pass = '******', new_pass = '******' WHERE user_id = '" . $user_id . "'", __LINE__, __FILE__);
import('io/mail');
$Mail = new Mail();
$Mail->send_from_properties($user_mail, $LANG['forget_mail_activ_pass'], sprintf($LANG['forget_mail_pass'], $login, HOST, HOST . DIR, $user_id, $activ_pass, $new_pass, $CONFIG['sign']), $CONFIG['mail_exp']);
redirect(HOST . DIR . '/member/forget.php?error=forget_mail_send');
} else {
$Errorh->handler($LANG['e_mail_forget'], E_USER_NOTICE);
}
} else {
$Errorh->handler($LANG['e_incomplete'], E_USER_NOTICE);
}
}
$get_error = retrieve(GET, 'error', '', TSTRING_UNCHANGE);
$errno = E_USER_NOTICE;
switch ($get_error) {
case 'forget_mail_send':
<?php
if (defined('PHPBOOST') !== true) {
exit;
}
$login = retrieve(POST, 'login', '');
$password = retrieve(POST, 'password', '', TSTRING_UNCHANGE);
$autoconnexion = retrieve(POST, 'auto', false);
$unlock = strhash(retrieve(POST, 'unlock', '', TSTRING_UNCHANGE));
if (retrieve(GET, 'disconnect', false)) {
$Session->end();
redirect(get_start_page());
}
if (retrieve(POST, 'connect', false) && !empty($login) && !empty($password)) {
$user_id = $Sql->query("SELECT user_id FROM " . DB_TABLE_MEMBER . " WHERE login = '******' AND level = 2", __LINE__, __FILE__);
if (!empty($user_id)) {
$info_connect = $Sql->query_array(DB_TABLE_MEMBER, 'level', 'user_warning', 'last_connect', 'test_connect', 'user_ban', 'user_aprob', "WHERE user_id = '" . $user_id . "' AND level = 2", __LINE__, __FILE__);
$delay_connect = time() - $info_connect['last_connect'];
$delay_ban = time() - $info_connect['user_ban'];
if ($delay_ban >= 0 && $info_connect['user_aprob'] == '1' && $info_connect['user_warning'] < '100') {
if ($info_connect['test_connect'] < '5' || $unlock === $CONFIG['unlock_admin']) {
$error_report = $Session->start($user_id, $password, $info_connect['level'], '', '', '', $autoconnexion);
} elseif ($delay_connect >= 600 && $info_connect['test_connect'] == '5') {
$Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET last_connect = '" . time() . "', test_connect = 0 WHERE user_id = '" . $user_id . "' AND level = 2", __LINE__, __FILE__);
$error_report = $Session->start($user_id, $password, $info_connect['level'], '', '', '', $autoconnexion);
} elseif ($delay_connect >= 300 && $info_connect['test_connect'] == '5') {
$Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET last_connect = '" . time() . "', test_connect = 3 WHERE user_id = '" . $user_id . "' AND level = 2", __LINE__, __FILE__);
$error_report = $Session->start($user_id, $password, $info_connect['level'], '', '', '', $autoconnexion);
} else {
redirect(HOST . DIR . '/admin/admin_index.php?flood=0');
}
