예제 #1
0
        echo $_POST['uname'];
        ?>
 successfully added.</strong></p>
<?php 
    } else {
        ?>
      <p style="padding:2px;border:1px solid #CC9966;margin-bottom:10px;"><strong>Information missing (passwords do not match or username empty).</strong></p>
<?php 
    }
} else {
    if ($_POST['aact'] == 'chguser' && $id !== FALSE) {
        if ($_POST['pass'] == $_POST['pass2'] && dname2name($_POST['uname'])) {
            $_PERSIST['users'][$id]['dname'] = $_POST['uname'];
            $_PERSIST['users'][$id]['name'] = dname2name($_POST['uname']);
            if ($_POST['pass'] && ($id > 1 || $id == 1 && $uid == 1)) {
                $_PERSIST['users'][$id]['pass'] = pwencode(dname2name($_POST['uname']), $_POST['pass']);
            }
            if ($_POST['temppass'] && ($id > 1 || $id == 1 && $uid == 1)) {
                $_PERSIST['users'][$id]['temppass'] = true;
            } else {
                if ($_PERSIST['users'][$id]['temppass']) {
                    unset($_PERSIST['users'][$id]['temppass']);
                }
            }
            $_PERSIST['users'][$id]['psub'] = $_POST['psub'];
            $_PERSIST['users'][$id]['dpsub'] = $_POST['dpsub'] === '*' ? $_POST['psub'] : $_POST['dpsub'];
            $_PERSIST['users'][$id]['priv'] = upriv($_POST['rank']);
            if ($_PERSIST['users'][$id]['priv'] == 2 && $id == 0) {
                $_PERSIST['users'][$id]['priv'] = 1;
            }
            persist_update() or die('<strong>Error:</strong>Persist not writable, please CHMOD persist.inc.php to 777.');
예제 #2
0
        $asid = '&fmsid=' . $sid;
        $hasid = '&amp;fmsid=' . $sid;
        $qsid = $hqsid = '?fmsid=' . $sid;
        $isid = '<input type="hidden" name="fmsid" value="' . $sid . '" />';
        $ssid = $sid;
    }
}
if (!$sid) {
    $sid = FALSE;
}
unset($i);
$presub = $user['priv'] == 127 ? '' : $user['psub'];
if ($presub) {
    $allow_php = $false;
}
if ($_POST['login'] && dname2name($_POST['uname']) === 'guest' && !$_PERSIST['users'][0]['priv']) {
    $status = $_PERSIST['users'][0]['priv'] ? 'gli' : 'gad';
}
if ($user['priv'] == 127) {
    $aphp = TRUE;
}
//====================
// Parse GET strings
//====================
if ($d === false) {
    $d = is_string($user['dpsub']) ? $user['dpsub'] : $user['psub'];
}
//$tmp = substr($d,0,strlen($presub));
//echo "<pre>";var_dump($presub);echo "\n";var_dump($d);echo "\n";var_dump($tmp);echo "</pre>";
if ($presub && substr($d, 0, strlen($presub)) !== $presub && !($nokill && !($isauth = false))) {
    die('<err>Access Denied (Trying to access forbidden directory).</err>');