$rq_opass = base64_decode($_POST["op"]);
$rq_npass = base64_decode($_POST["np"]);
$rq_cpass = base64_decode($_POST["cp"]);
if ($rq_npass != $rq_cpass) {
echo "<div class='err'>La confirmacion no coincide</div>";
exit(2);
}
if (strlen($rq_opass) < MIN_PASS_LENGTH || strlen($rq_npass) < MIN_PASS_LENGTH || strlen($rq_cpass) < MIN_PASS_LENGTH) {
echo "<div class='err'>No cumple las longitudes mínimas</div>";
exit(2);
}
$pgclient = new PgClient($db_config);
$opass = hash("sha512", $salt . $rq_opass);
$npass = hash("sha512", $salt . $rq_npass);
$cpass = hash("sha512", $salt . $rq_cpass);
$pgclient->connect() or die("<div class='err'>Woooops, culpa nuestra, contacte con el administrador</div>");
$q = "Select * from usuarios where lower(mail)=lower('" . $_SESSION["email"] . "') and pass='******';";
$r = pg_fetch_object($pgclient->exeq($q));
if ($pgclient->lq_nresults() == 0) {
// USER NON EXISTENT OR PASSWORD ERROR
echo "<div class='err'>Los datos introducidos no son correctos</div>";
exit(3);
}
$q = "Update usuarios set pass='******' where lower(mail)=lower('" . $_SESSION["email"] . "');";
$pgclient->exeq($q);
$pgclient->disconnect();
session_write_close();
echo "<div class='ok'>Contraseña actualizada con éxito</div>";
?>
echo $text[$lan]["f_add"];
?>
"/>
</li>
</ul>
</form>
</section>
<div id="myhosts">
<?php
$pgclient = new PgClient($db_config);
$pgclient->connect() or die($text[$lan]["dberror"]);
$q = "select tag, ip from hosts where oid=(select id from usuarios where mail='" . $_SESSION["email"] . "');";
$r = $pgclient->exeq($q);
?>
<h3><?php
echo $text[$lan]["ht_htitle"];
?>
</h3>
<form id="change" action="<?php
echo $config["html_root"];
?>
/?z=mod" method="POST">
<input type="hidden" id="edith" name="edith" required/>
<input type="hidden" id="editip" name="editip" required/>
</form>
<form id="del" action="<?php
echo $config["html_root"];
?>
$rq_npass = base64_decode($_POST["p"]);
$rq_cpass = base64_decode($_POST["cp"]);
if (strlen($_POST["u"]) < MIN_USER_LENGTH || strlen($rq_npass) < MIN_PASS_LENGTH || strlen($rq_cpass) < MIN_PASS_LENGTH) {
echo $text[$lan]["err2"];
exit(2);
}
if ($_POST["p"] != $_POST["cp"]) {
echo $text[$lan]["err3"];
exit(3);
}
$pgclient = new PgClient($db_config);
$user = $pgclient->prepare($_POST["u"], "email");
$pass = hash("sha512", $salt . $rq_npass);
$token = $pgclient->prepare($_POST["t"], "text");
$pgclient->connect() or die($text[$lan]["dberror"]);
$q = "Select * from usuarios where lower(mail)=lower('" . $user . "') and hash='" . $token . "' and now() < max_time_valid_hash;";
$pgclient->exeq($q);
if ($pgclient->lq_nresults() == 0) {
// No results, no valid hash
echo $text[$lan]["err4"];
exit(4);
}
$q = "update usuarios set pass='******' where lower(mail)=lower('" . $user . "');";
$pgclient->exeq($q);
$q = "update usuarios set hash='' where lower(mail)=lower('" . $user . "');";
$pgclient->exeq($q);
$q = "update usuarios set max_time_valid_hash=null where lower(mail)=lower('" . $user . "');";
$pgclient->exeq($q);
$pgclient->disconnect();
echo $text[$lan]["ok"];
session_write_close();
/* DEUTSCH */
if (!isset($_POST["u"]) || !isset($_POST["p"])) {
echo $text[$lan]["err1"];
exit(1);
}
$rq_pass = base64_decode($_POST["p"]);
if (strlen($_POST["u"]) < MIN_USER_LENGTH || strlen($rq_pass) < MIN_PASS_LENGTH) {
echo $text[$lan]["err2"];
exit(2);
}
$pgclient = new PgClient($db_config);
$user = $pgclient->prepare($_POST["u"], "email");
$pass = hash("sha512", $salt . $rq_pass);
$pgclient->connect() or die($text[$lan]["dberror"]);
$q = "Select * from usuarios where lower(mail)=lower('" . $user . "') and pass='******';";
$r = pg_fetch_object($pgclient->exeq($q));
if ($pgclient->lq_nresults() == 0) {
// USER NON EXISTENT OR PASSWORD ERROR
echo $text[$lan]["err3"];
exit(3);
}
$q = "update usuarios set last_login=now(), ip_last_login='******' where lower(mail)=lower('" . $user . "');";
$pgclient->exeq($q) or die($text[$lan]["dberror"]);
$pgclient->disconnect();
$_SESSION["email"] = $user;
$_SESSION["time"] = time();
session_write_close();
echo $text[$lan]["welcome"];
//header ("Location: /?lang=" . $lan . "&z=hosts");
?>
exit(2);
}
if ($_POST["p"] != $_POST["pp"]) {
echo "<div class='err'>La confirmación de contraseña no coincide</div>";
exit(3);
}
$text_sender = "CODDNS";
$email_sender = "noreply@" . $config["domainname"];
$text_mail_welcome_body = "Hola!\n\n Ya formas parte de los usuariuos de custom open dynamic DNS :D";
$text_mail_welcome_subject = "Gracias por registrarte!";
$pgclient = new PgClient($db_config);
$user = $pgclient->prepare($_POST["u"], "email");
$pass = hash("sha512", $salt . $rq_pass);
$pgclient->connect() or die($text[$lan]["dberror"]);
$q = "Select * from " . $db_config["schema"] . ".usuarios where lower(mail)=lower('" . $user . "');";
$pgclient->exeq($q) or die($text[$lan]["dberror"]);
if ($pgclient->lq_nresults() == 0) {
// ADD NEW USER
$q = "insert into " . $db_config["schema"] . ".usuarios (mail,pass, ip_last_login, first_login) values (lower('" . $user . "'),'" . $pass . "', '" . _ip() . "', now());";
$pgclient->exeq($q) or die($text[$lan]["dberror"]);
$recipient = $user;
//recipient
$mail_body = $text_mail_welcome_body;
//mail body
$subject = $text_mail_welcome_subject;
//subject
$header = "From: " . $text_sender . " <" . $email_sender . ">\r\n";
//optional headerfields
mail($recipient, $subject, $mail_body, $header);
//mail command :)
} else {
