コード例 #1
0
     if (!empty($error)) {
         redirect(HOST . DIR . '/member/register' . url('.php?erroru=' . $error) . '#errorh');
     } else {
         $user_avatar = $path;
     }
 }
 $admin_sign = $CONFIG['sign'];
 $check_user = $Sql->query("SELECT COUNT(*) as compt FROM " . DB_TABLE_MEMBER . " WHERE login = '******'", __LINE__, __FILE__);
 $check_mail = $Sql->query("SELECT COUNT(*) as compt FROM " . DB_TABLE_MEMBER . " WHERE user_mail = '" . $user_mail . "'", __LINE__, __FILE__);
 if ($check_user >= 1) {
     redirect(HOST . DIR . '/member/register' . url('.php?error=pseudo_auth') . '#errorh');
 } elseif ($check_mail >= 1) {
     redirect(HOST . DIR . '/member/register' . url('.php?error=mail_auth') . '#errorh');
 } else {
     $user_aprob = $CONFIG_USER['activ_mbr'] == 0 ? 1 : 0;
     $activ_mbr = $CONFIG_USER['activ_mbr'] == 1 ? substr(strhash(uniqid(rand(), true)), 0, 15) : '';
     @unlink('../cache/sex.png');
     @unlink('../cache/theme.png');
     $Sql->query_inject("INSERT INTO " . DB_TABLE_MEMBER . " (login,password,level,user_groups,user_lang,user_theme,user_mail,user_show_mail,user_editor,user_timezone,timestamp,user_avatar,user_msg,user_local,user_msn,user_yahoo,user_web,user_occupation,user_hobbies,user_desc,user_sex,user_born,user_sign,user_pm,user_warning,last_connect,test_connect,activ_pass,new_pass,user_ban,user_aprob)\n\t\t\t\t\tVALUES ('" . $login . "', '" . $password_hash . "', 0, '0', '" . $user_lang . "', '" . $user_theme . "', '" . $user_mail . "', '" . $user_show_mail . "', '" . $user_editor . "', '" . $user_timezone . "', '" . time() . "', '" . $user_avatar . "', 0, '" . $user_local . "', '" . $user_msn . "', '" . $user_yahoo . "', '" . $user_web . "', '" . $user_occupation . "', '" . $user_hobbies . "', '" . $user_desc . "', '" . $user_sex . "', '" . $user_born . "', '" . $user_sign . "', 0, 0, '" . time() . "', 0, '" . $activ_mbr . "', '', 0, '" . $user_aprob . "')", __LINE__, __FILE__);
     $last_mbr_id = $Sql->insert_id("SELECT MAX(id) FROM " . DB_TABLE_MEMBER);
     if ($CONFIG_USER['activ_mbr'] == 2) {
         import('events/administrator_alert_service');
         $alert = new AdministratorAlert();
         $alert->set_entitled($LANG['member_registered_to_approbate']);
         $alert->set_fixing_url('admin/admin_members.php?id=' . $last_mbr_id);
         $alert->set_priority(ADMIN_ALERT_MEDIUM_PRIORITY);
         $alert->set_id_in_module($last_mbr_id);
         $alert->set_type('member_account_to_approbate');
         AdministratorAlertService::save_alert($alert);
     } else {
         $Cache->Generate_file('stats');
コード例 #2
0
                        }
                    }
                }
                redirect(HOST . SCRIPT);
            } else {
                redirect(HOST . DIR . '/admin/admin_members' . url('.php?id=' . $id_post . '&error=incomplete') . '#errorh');
            }
        }
    } else {
        redirect(HOST . DIR . '/admin/admin_members' . url('.php?id=' . $id_post . '&error=incomplete') . '#errorh');
    }
} elseif ($add && !empty($_POST['add'])) {
    $login = !empty($_POST['login2']) ? strprotect(substr($_POST['login2'], 0, 25)) : '';
    $password = retrieve(POST, 'password2', '', TSTRING_UNCHANGE);
    $password_bis = retrieve(POST, 'password2_bis', '', TSTRING_UNCHANGE);
    $password_hash = !empty($password) ? strhash($password) : '';
    $level = retrieve(POST, 'level2', 0);
    $mail = strtolower(retrieve(POST, 'mail2', ''));
    if (check_mail($mail)) {
        $check_user = $Sql->query("SELECT COUNT(*) as compt FROM " . DB_TABLE_MEMBER . " WHERE login = '******'", __LINE__, __FILE__);
        $check_mail = $Sql->query("SELECT COUNT(*) as compt FROM " . DB_TABLE_MEMBER . " WHERE user_mail = '" . $mail . "'", __LINE__, __FILE__);
        if ($check_user >= 1) {
            redirect(HOST . DIR . '/admin/admin_members' . url('.php?error=pseudo_auth&add=1') . '#errorh');
        } elseif ($check_mail >= 1) {
            redirect(HOST . DIR . '/admin/admin_members' . url('.php?error=auth_mail&add=1') . '#errorh');
        } else {
            if (strlen($password) >= 6 && strlen($password_bis) >= 6) {
                if (!empty($login)) {
                    $Sql->query_inject("INSERT INTO " . DB_TABLE_MEMBER . " (login,password,level,user_groups,user_lang,user_theme,user_mail,user_timezone,user_show_mail,timestamp,user_avatar,user_msg,user_local,user_msn,user_yahoo,user_web,user_occupation,user_hobbies,user_desc,user_sex,user_born,user_sign,user_pm,user_warning,user_readonly,last_connect,test_connect,activ_pass,new_pass,user_ban,user_aprob) \n\t\t\t\t\tVALUES('" . $login . "', '" . $password_hash . "', '" . $level . "', '', '" . $CONFIG['lang'] . "', '', '" . $mail . "', '" . $CONFIG['timezone'] . "', '1', '" . time() . "', '', 0, '', '', '', '', '', '', '', 0, '0000-00-00', '', 0, 0, 0, 0, 0, '', '', 0, 1)", __LINE__, __FILE__);
                    $Cache->Generate_file('stats');
                    redirect(HOST . SCRIPT);
コード例 #3
0
ファイル: install.php プロジェクト: janus57/PHPBoost_v3c
     } elseif (!Mail::check_validity($user_mail)) {
         return $LANG['admin_email_error'];
     } else {
         return '';
     }
 }
 $error = check_admin_account($login, $password, $password_repeat, $user_mail);
 if (empty($error)) {
     require_once 'functions.php';
     load_db_connection();
     import('core/cache');
     $Cache = new Cache();
     $Cache->load('config');
     $Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET login = '******', password = '******', level = '2', user_lang = '" . $CONFIG['lang'] . "', user_theme = '" . $CONFIG['theme'] . "', user_mail = '" . $user_mail . "', user_show_mail = '1', timestamp = '" . time() . "', user_aprob = '1', user_timezone = '" . $CONFIG['timezone'] . "' WHERE user_id = '1'", __LINE__, __FILE__);
     $unlock_admin = substr(strhash(uniqid(mt_rand(), true)), 0, 12);
     $CONFIG['unlock_admin'] = strhash($unlock_admin);
     $CONFIG['mail_exp'] = $user_mail;
     $CONFIG['mail'] = $user_mail;
     $Sql->query_inject("UPDATE " . DB_TABLE_CONFIGS . " SET value = '" . addslashes(serialize($CONFIG)) . "' WHERE name = 'config'", __LINE__, __FILE__);
     $Cache->Generate_file('config');
     $Cache->load('member');
     $CONFIG_USER['activ_register'] = (int) DISTRIBUTION_ENABLE_USER;
     $CONFIG_USER['msg_mbr'] = $LANG['site_config_msg_mbr'];
     $CONFIG_USER['msg_register'] = $LANG['site_config_msg_register'];
     $Sql->query_inject("UPDATE " . DB_TABLE_CONFIGS . " SET value = '" . addslashes(serialize($CONFIG_USER)) . "' WHERE name = 'member'", __LINE__, __FILE__);
     $Cache->generate_file('member');
     $LANG['admin'] = '';
     import('io/mail');
     $mail = new Mail();
     $mail->set_sender('admin');
     $mail->set_recipients($user_mail);
コード例 #4
0
 function get_token()
 {
     if (empty($this->data['token'])) {
         $this->data['token'] = strhash(uniqid(mt_rand(), true), false);
         global $Sql;
         $Sql->query_inject("UPDATE " . DB_TABLE_SESSIONS . " SET token='" . $this->data['token'] . "' WHERE session_id='" . $this->data['session_id'] . "'", __LINE__, __FILE__);
     }
     return $this->data['token'];
 }
コード例 #5
0
ファイル: admin_config.php プロジェクト: janus57/PHPBoost_v3c
    $theme_array_bdd = array();
    $result = $Sql->query_while("SELECT theme \n\tFROM " . DB_TABLE_THEMES . "", __LINE__, __FILE__);
    while ($row = $Sql->fetch_assoc($result)) {
        if (array_search($row['theme'], $tpl_array) !== false) {
            $theme_array_bdd[] = $row['theme'];
        }
    }
    $Sql->query_close($result);
    foreach ($theme_array_bdd as $theme_array => $theme_value) {
        $theme_info = load_ini_file('../templates/' . $theme_value . '/config/', get_ulang());
        if ($theme_info) {
            $theme_name = !empty($theme_info['name']) ? $theme_info['name'] : $theme_value;
            $selected = $theme_value == $CONFIG['theme'] ? 'selected="selected"' : '';
            $Template->assign_block_vars('select', array('THEME' => '<option value="' . $theme_value . '" ' . $selected . '>' . $theme_name . '</option>'));
        }
    }
    $Template->pparse('admin_config');
}
if (!empty($_GET['unlock'])) {
    import('io/mail');
    $Mail = new Mail();
    $unlock_admin_clean = substr(strhash(uniqid(mt_rand(), true)), 0, 18);
    $unlock_admin = strhash($unlock_admin_clean);
    $CONFIG['unlock_admin'] = $unlock_admin;
    $Sql->query_inject("UPDATE " . DB_TABLE_CONFIGS . " SET value = '" . addslashes(serialize($CONFIG)) . "' WHERE name = 'config'", __LINE__, __FILE__);
    ###### Régénération du cache $CONFIG #######
    $Cache->Generate_file('config');
    $Mail->send_from_properties($User->get_attribute('user_mail'), $LANG['unlock_title_mail'], sprintf($LANG['unlock_mail'], $unlock_admin_clean), $CONFIG['mail_exp']);
    redirect(HOST . DIR . '/admin/admin_config.php?adv=1&mail=1');
}
require_once '../admin/admin_footer.php';
コード例 #6
0
ファイル: member.php プロジェクト: janus57/PHPBoost_v3c
     }
     if (!empty($errstr)) {
         $Errorh->handler($errstr, E_USER_NOTICE);
     }
     if (isset($LANG[$get_l_error])) {
         $Errorh->handler($LANG[$get_l_error], E_USER_WARNING);
     }
 } elseif (!empty($_POST['valid']) && $User->get_attribute('user_id') === $id_get && $User->check_level(MEMBER_LEVEL)) {
     $check_pass = !empty($_POST['pass']) ? true : false;
     $check_pass_bis = !empty($_POST['pass_bis']) ? true : false;
     if ($check_pass && $check_pass_bis) {
         $password_old_hash = !empty($_POST['pass_old']) ? strhash($_POST['pass_old']) : '';
         $password = retrieve(POST, 'pass', '', TSTRING_UNCHANGE);
         $password_hash = !empty($password) ? strhash($password) : '';
         $password_bis = retrieve(POST, 'pass_bis', '', TSTRING_UNCHANGE);
         $password_bis_hash = !empty($password_bis) ? strhash($password_bis) : '';
         $password_old_bdd = $Sql->query("SELECT password FROM " . DB_TABLE_MEMBER . " WHERE user_id = '" . $User->get_attribute('user_id') . "'", __LINE__, __FILE__);
         if (!empty($password_old_hash) && !empty($password_hash) && !empty($password_bis_hash)) {
             if ($password_old_hash === $password_old_bdd && $password_hash === $password_bis_hash) {
                 if (strlen($password) >= 6 && strlen($password_bis) >= 6) {
                     $Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET password = '******' WHERE user_id = '" . $id_get . "'", __LINE__, __FILE__);
                 } else {
                     redirect(HOST . DIR . '/member/member' . url('.php?id=' . $id_get . '&edit=1&error=pass_mini') . '#errorh');
                 }
             } else {
                 redirect(HOST . DIR . '/member/member' . url('.php?id=' . $id_get . '&edit=1&error=pass_same') . '#errorh');
             }
         }
     }
     if (!empty($_POST['del_member'])) {
         $Sql->query_inject("DELETE FROM " . DB_TABLE_MEMBER . " WHERE user_id = '" . $User->get_attribute('user_id') . "'", __LINE__, __FILE__);
コード例 #7
0
 function _update_code()
 {
     global $Sql;
     $user_id = substr(strhash(USER_IP), 0, 13) . $this->instance;
     $check_user_id = $Sql->query("SELECT COUNT(*) FROM " . DB_TABLE_VERIF_CODE . " WHERE user_id = '" . $user_id . "'", __LINE__, __FILE__);
     if ($check_user_id == 1) {
         $Sql->query_inject("UPDATE " . DB_TABLE_VERIF_CODE . " SET code = '" . $this->code . "' WHERE user_id = '" . $user_id . "'", __LINE__, __FILE__);
     } else {
         $Sql->query_inject("INSERT INTO " . DB_TABLE_VERIF_CODE . " (user_id, code, difficulty, timestamp) VALUES ('" . $user_id . "', '" . $this->code . "', '4', '" . time() . "')", __LINE__, __FILE__);
     }
 }
コード例 #8
0
ファイル: upload.class.php プロジェクト: janus57/PHPBoost_v3c
 function _generate_file_info($filename, $filepostname, $uniq_name)
 {
     $this->extension[$filepostname] = strtolower(substr(strrchr($filename, '.'), 1));
     if (strrpos($filename, '.') !== FALSE) {
         $filename = substr($filename, 0, strrpos($filename, '.'));
     }
     $filename = str_replace('.', '_', $filename);
     $filename = $this->_clean_filename($filename);
     if ($uniq_name) {
         $filename_tmp = $filename;
         if (!empty($this->extension[$filepostname])) {
             $filename_tmp .= '.' . $this->extension[$filepostname];
         }
         $filename1 = $filename;
         while (file_exists($this->base_directory . $filename_tmp)) {
             $filename1 = $filename . '_' . substr(strhash(uniqid(mt_rand(), true)), 0, 5);
             $filename_tmp = $filename1;
             if (!empty($this->extension[$filepostname])) {
                 $filename_tmp .= '.' . $this->extension[$filepostname];
             }
         }
         $filename = $filename1;
     }
     if (!empty($this->extension[$filepostname])) {
         $filename .= '.' . $this->extension[$filepostname];
     }
     $this->filename[$filepostname] = $filename;
 }
コード例 #9
0
ファイル: forget.php プロジェクト: janus57/PHPBoost_v3c
$activ_confirm = retrieve(GET, 'activate', false);
$activ_get = retrieve(GET, 'activ', '');
$user_get = retrieve(GET, 'u', 0);
$forget = retrieve(POST, 'forget', '');
if (!$User->check_level(MEMBER_LEVEL)) {
    if (!$activ_confirm) {
        $Template->set_filenames(array('forget' => 'member/forget.tpl'));
        if (!empty($forget)) {
            $user_mail = retrieve(POST, 'mail', '');
            $login = retrieve(POST, 'name', '');
            if (!empty($user_mail) && check_mail($user_mail)) {
                $user_id = $Sql->query("SELECT user_id FROM " . DB_TABLE_MEMBER . " WHERE user_mail = '" . $user_mail . "' AND login = '******'", __LINE__, __FILE__);
                if (!empty($user_id)) {
                    $new_pass = substr(strhash(uniqid(rand(), true)), 0, 6);
                    $activ_pass = substr(strhash(uniqid(rand(), true)), 0, 30);
                    $Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET activ_pass = '******', new_pass = '******' WHERE user_id = '" . $user_id . "'", __LINE__, __FILE__);
                    import('io/mail');
                    $Mail = new Mail();
                    $Mail->send_from_properties($user_mail, $LANG['forget_mail_activ_pass'], sprintf($LANG['forget_mail_pass'], $login, HOST, HOST . DIR, $user_id, $activ_pass, $new_pass, $CONFIG['sign']), $CONFIG['mail_exp']);
                    redirect(HOST . DIR . '/member/forget.php?error=forget_mail_send');
                } else {
                    $Errorh->handler($LANG['e_mail_forget'], E_USER_NOTICE);
                }
            } else {
                $Errorh->handler($LANG['e_incomplete'], E_USER_NOTICE);
            }
        }
        $get_error = retrieve(GET, 'error', '', TSTRING_UNCHANGE);
        $errno = E_USER_NOTICE;
        switch ($get_error) {
            case 'forget_mail_send':
コード例 #10
0
ファイル: admin_access.php プロジェクト: janus57/PHPBoost_v3c
<?php

if (defined('PHPBOOST') !== true) {
    exit;
}
$login = retrieve(POST, 'login', '');
$password = retrieve(POST, 'password', '', TSTRING_UNCHANGE);
$autoconnexion = retrieve(POST, 'auto', false);
$unlock = strhash(retrieve(POST, 'unlock', '', TSTRING_UNCHANGE));
if (retrieve(GET, 'disconnect', false)) {
    $Session->end();
    redirect(get_start_page());
}
if (retrieve(POST, 'connect', false) && !empty($login) && !empty($password)) {
    $user_id = $Sql->query("SELECT user_id FROM " . DB_TABLE_MEMBER . " WHERE login = '******' AND level = 2", __LINE__, __FILE__);
    if (!empty($user_id)) {
        $info_connect = $Sql->query_array(DB_TABLE_MEMBER, 'level', 'user_warning', 'last_connect', 'test_connect', 'user_ban', 'user_aprob', "WHERE user_id = '" . $user_id . "' AND level = 2", __LINE__, __FILE__);
        $delay_connect = time() - $info_connect['last_connect'];
        $delay_ban = time() - $info_connect['user_ban'];
        if ($delay_ban >= 0 && $info_connect['user_aprob'] == '1' && $info_connect['user_warning'] < '100') {
            if ($info_connect['test_connect'] < '5' || $unlock === $CONFIG['unlock_admin']) {
                $error_report = $Session->start($user_id, $password, $info_connect['level'], '', '', '', $autoconnexion);
            } elseif ($delay_connect >= 600 && $info_connect['test_connect'] == '5') {
                $Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET last_connect = '" . time() . "', test_connect = 0 WHERE user_id = '" . $user_id . "' AND level = 2", __LINE__, __FILE__);
                $error_report = $Session->start($user_id, $password, $info_connect['level'], '', '', '', $autoconnexion);
            } elseif ($delay_connect >= 300 && $info_connect['test_connect'] == '5') {
                $Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET last_connect = '" . time() . "', test_connect = 3 WHERE user_id = '" . $user_id . "' AND level = 2", __LINE__, __FILE__);
                $error_report = $Session->start($user_id, $password, $info_connect['level'], '', '', '', $autoconnexion);
            } else {
                redirect(HOST . DIR . '/admin/admin_index.php?flood=0');
            }