} elseif ($age < $btit_settings["birthday_lower_limit"]) { err_msg($language["ERROR"], $language["ERR_DOB_1"] . $age . $language["ERR_DOB_2"]); stdfoot(); exit; } elseif ($age > $btit_settings["birthday_upper_limit"]) { err_msg($language["ERROR"], $language["ERR_DOB_1"] . $age . $language["ERR_DOB_2"]); stdfoot(); exit; } } else { err_msg($language["ERROR"], $language["INVALID_DOB_1"] . $dobday . "/" . $dobmonth . "/" . $dobyear . $language["INVALID_DOB_2"]); stdfoot(); exit; } // Password confirmation required to update user record isset($_POST["passconf"]) ? $passcheck = hash_generate(array("salt" => $CURUSER["salt"]), $_POST["passconf"], $CURUSER["username"]) : ($passcheck = array()); if (isset($passcheck[$btit_settings["secsui_pass_type"]]) && is_array($passcheck[$btit_settings["secsui_pass_type"]])) { $password = $passcheck[$btit_settings["secsui_pass_type"]]["hash"]; } else { $password = ""; } if ($password == "" || $CURUSER["password"] != $password) { stderr($language["ERROR"], $language["ERR_PASS_WRONG"]); stdfoot(); exit; } // Password confirmation required to update user record // check avatar is a valid image and one of the supported file types if ($avatar && $avatar != "") { $imagearr = @getimagesize($avatar); if (!is_array($imagearr) || !in_array($imagearr["mime"], array("image/bmp", "image/jpeg", "image/pjpeg", "image/gif", "image/x-png", "image/png"))) {
} elseif ($action == "dosavepersonal") { CSRFCheck(); $username = $member_db[UDB_NAME]; $editnickname = replace_comment("add", $editnickname); $editmail = replace_comment("add", $editmail); $edithidemail = replace_comment("add", $edithidemail); $change_avatar = replace_comment("add", $change_avatar); if ($editpassword and !preg_match("/^[\\.A-z0-9_\\-]{1,31}\$/i", $editpassword)) { msg("error", lang('Error!'), lang("Your password must contain only valid characters and numbers"), '#GOBACK'); } $edithidemail = $edithidemail ? 1 : 0; $pack = user_search($username); // editing password (with confirm) if ($editpassword) { if ($confirmpassword == $editpassword) { $hashs = hash_generate($editpassword); $pack[UDB_PASS] = $hashs[count($hashs) - 1]; } else { msg('error', lang('Error!'), lang('Confirm password not match'), "#GOBACK"); } } $pack[UDB_NICK] = $editnickname; $pack[UDB_EMAIL] = $editmail; $pack[UDB_CBYEMAIL] = $edithidemail; $pack[UDB_AVATAR] = $change_avatar; user_update($username, $pack); msg("info", lang("Changes Saved"), lang("Your personal information was saved"), "#GOBACK"); } elseif ($action == "templates") { if ($member_db[UDB_ACL] != ACL_LEVEL_ADMIN) { msg("error", lang("Access Denied"), lang("You don't have permissions for this type of action"), '#GOBACK'); }
$firstip = $ip; $lastip = $ip; $comment = "max_number_of_invalid_logins_reached"; $firstip = sprintf("%u", ip2long($firstip)); $lastip = sprintf("%u", ip2long($lastip)); $comment = sqlesc($comment); $added = sqlesc(time()); mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO {$TABLE_PREFIX}bannedip (added, addedby, first, last, comment) VALUES({$added}, '2', {$firstip}, {$lastip}, {$comment})") or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)); mysqli_query($GLOBALS["___mysqli_ston"], "DELETE FROM {$TABLE_PREFIX}invalid_logins WHERE ip='" . sprintf("%u", ip2long($ip)) . "' LIMIT 1") or sqlerr(); } } //Invalid Login System Hack Stop $logintpl->set("login_username_incorrect", $language["ERR_USERNAME_INCORRECT"]); xbtit_login(); } else { $passtype = hash_generate($row, $pwd, $user); if ($row["password"] == $passtype[$row["pass_type"]]["hash"]) { // We have a correct password entry // If stored password type is not the same as the current set type if ($row["pass_type"] != $btit_settings["secsui_pass_type"]) { // We need to update the password do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `password`='" . mysqli_real_escape_string($DBDT, $passtype[$btit_settings["secsui_pass_type"]]["rehash"]) . "', `salt`='" . mysqli_real_escape_string($DBDT, $passtype[$btit_settings["secsui_pass_type"]]["salt"]) . "', `pass_type`='" . mysqli_real_escape_string($DBDT, $btit_settings["secsui_pass_type"]) . "', `dupe_hash`='" . mysqli_real_escape_string($DBDT, $passtype[$btit_settings["secsui_pass_type"]]["dupehash"]) . "' WHERE `id`=" . $row["id"], true); // And update the values we got from the database earlier $row["pass_type"] = $btit_settings["secsui_pass_type"]; $row["password"] = $passtype[$btit_settings["secsui_pass_type"]]["rehash"]; $row["salt"] = $passtype[$btit_settings["secsui_pass_type"]]["salt"]; } // If we've reached this point we can set the cookies // call the logoutcookie function for good measure, just in case we have some old cookies that need destroying. logoutcookie(); // Then login
if (preg_match($pattern1, substr($pass, $pass_position, 1), $matches)) { $lct_count++; } elseif (preg_match($pattern2, substr($pass, $pass_position, 1), $matches)) { $uct_count++; } elseif (preg_match($pattern3, substr($pass, $pass_position, 1), $matches)) { $num_count++; } elseif (preg_match($pattern4, substr($pass, $pass_position, 1), $matches)) { $sym_count++; } } $newpassword = pass_the_salt(30); if ($lct_count < $pass_min_req[1] || $uct_count < $pass_min_req[2] || $num_count < $pass_min_req[3] || $sym_count < $pass_min_req[4]) { stderr($language["ERROR"], $language["ERR_PASS_TOO_WEAK_1A"] . ":<br /><br />" . ($pass_min_req[1] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[1] . "</span> " . ($pass_min_req[1] == 1 ? $language["ERR_PASS_TOO_WEAK_2"] : $language["ERR_PASS_TOO_WEAK_2A"]) . "</li>" : "") . ($pass_min_req[2] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[2] . "</span> " . ($pass_min_req[2] == 1 ? $language["ERR_PASS_TOO_WEAK_3"] : $language["ERR_PASS_TOO_WEAK_3A"]) . "</li>" : "") . ($pass_min_req[3] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[3] . "</span> " . ($pass_min_req[3] == 1 ? $language["ERR_PASS_TOO_WEAK_4"] : $language["ERR_PASS_TOO_WEAK_4A"]) . "</li>" : "") . ($pass_min_req[4] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[4] . "</span> " . ($pass_min_req[4] == 1 ? $language["ERR_PASS_TOO_WEAK_5"] : $language["ERR_PASS_TOO_WEAK_5A"]) . "</li>" : "") . "<br />" . $language["ERR_PASS_TOO_WEAK_6"] . ":<br /><br /><span style='color:blue;font-weight:bold;'>" . $newpassword . "</span><br />"); } $un = !empty($new_username) && $new_username != $curu["username"] ? $new_username : $curu["username"]; $multipass = hash_generate(array("salt" => ""), $pass, $un); $j = $btit_settings["secsui_pass_type"]; $set[] = "`password`=" . sqlesc($multipass[$j]["rehash"]); $set[] = "`salt`=" . sqlesc($multipass[$j]["salt"]); $set[] = "`pass_type`=" . sqlesc($j); $set[] = "`dupe_hash`=" . sqlesc($multipass[$j]["dupehash"]); $passhash = smf_passgen($un, $pass); $smfset[] = '`passwd`=' . sqlesc($passhash[0]); $smfset[] = '`password' . ($FORUMLINK == "smf" ? "S" : "_s") . 'alt`=' . sqlesc($passhash[1]); if ($FORUMLINK == "ipb") { $ipbhash = ipb_passgen($pass); IPSMember::save($ipb_fid, array("members" => array("member_login_key" => "", "member_login_key_expire" => "0", "members_pass_hash" => "{$ipbhash['0']}", "members_pass_salt" => "{$ipbhash['1']}"))); } } $set[] = "block_comment='" . (isset($_POST["block_comment"]) ? "yes" : "no") . "'"; $set[] = "sbox='" . (isset($_POST["sbox"]) ? "yes" : "no") . "'";
} echo proc_tpl('editusers/user', array('CSRF' => $CSRF, 'user_arr[2]' => $user_arr[2], 'user_arr[4]' => $user_arr[4], 'user_arr[5]' => $user_arr[5], 'user_arr[6]' => $user_arr[6], 'user_date' => date("r", $user_arr[0]), 'edit_level' => $edit_level, 'last_login' => empty($user_arr[UDB_LAST]) ? lang('never') : date('r', $user_arr[UDB_LAST]), 'id' => $id)); } elseif ($action == "doedituser") { CSRFCheck(); list($id, $editemail, $editpassword, $editlevel) = GET('id,editemail,editpassword,editlevel'); if (empty($id)) { die(lang("This is not a valid user")); } if (false === ($the_user = user_search($id))) { die(lang("This is not a valid user")); } if (check_email($editemail) == false) { die(lang("Invalid email")); } // In case if email already exists, and email not eq. --> error $find_email = user_search($editemail, 'email'); if ($find_email && $find_email[UDB_EMAIL] != $the_user[UDB_EMAIL]) { die(lang("User with this email already exists")); } // Change password if present if (!empty($editpassword)) { $hmet = hash_generate($editpassword); $the_user[UDB_PASS] = $hmet[count($hmet) - 1]; send_cookie(); } // Change user level anywhere $the_user[UDB_EMAIL] = $editemail; $the_user[UDB_ACL] = $editlevel; user_update($id, $the_user); echo proc_tpl('editusers/doedituser/saved'); }
} elseif (preg_match($pattern4, substr($pass_to_test, $pass_position, 1), $matches)) { $sym_count++; } } if ($lct_count < $pass_min_req[1] || $uct_count < $pass_min_req[2] || $num_count < $pass_min_req[3] || $sym_count < $pass_min_req[4]) { $newpassword = pass_the_salt(30); echo $language["ERR_PASS_TOO_WEAK_1"] . ":<br /><br />" . ($pass_min_req[1] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[1] . "</span> " . ($pass_min_req[1] == 1 ? $language["ERR_PASS_TOO_WEAK_2"] : $language["ERR_PASS_TOO_WEAK_2A"]) . "</li>" : "") . ($pass_min_req[2] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[2] . "</span> " . ($pass_min_req[2] == 1 ? $language["ERR_PASS_TOO_WEAK_3"] : $language["ERR_PASS_TOO_WEAK_3A"]) . "</li>" : "") . ($pass_min_req[3] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[3] . "</span> " . ($pass_min_req[3] == 1 ? $language["ERR_PASS_TOO_WEAK_4"] : $language["ERR_PASS_TOO_WEAK_4A"]) . "</li>" : "") . ($pass_min_req[4] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[4] . "</span> " . ($pass_min_req[4] == 1 ? $language["ERR_PASS_TOO_WEAK_5"] : $language["ERR_PASS_TOO_WEAK_5A"]) . "</li>" : "") . "<br />" . $language["ERR_PASS_TOO_WEAK_6"] . ":<br /><br /><span style='color:blue;font-weight:bold;'>" . $newpassword . "</span><br />|2"; die; } $floor = 100000; $ceiling = 999999; srand((double) microtime() * 1000000); $random = rand($floor, $ceiling); // finally insert new user $pid = md5(uniqid(rand(), true)); $multipass = hash_generate(array("salt" => ""), $_POST["pwd"], $_POST["username"]); $i = $btit_settings["secsui_pass_type"]; do_sqlquery("INSERT INTO `{$TABLE_PREFIX}users` (`username`, `password`, `salt`, `pass_type`, `dupe_hash`, `random`, `id_level`, `email`, `style`, `language`, `joined`, `lastconnect`, `pid`) VALUES ('" . $username . "', '" . mysqli_real_escape_string($DBDT, $multipass[$i]["rehash"]) . "', '" . mysqli_real_escape_string($DBDT, $multipass[$i]["salt"]) . "', '" . $i . "', '" . mysqli_real_escape_string($DBDT, $multipass[$i]["dupehash"]) . "', " . $random . ", " . $idlevel . ", '" . $email . "', " . $idstyle . ", " . $idlangue . ", NOW(), NOW(),'" . $pid . "')", true); $newuid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res; if (!isset($db_prefix)) { $db_prefix = "smf_"; } // Continue to create smf members if they disable smf mode // $test=do_sqlquery("SELECT COUNT(*) FROM {$db_prefix}members"); $test = do_sqlquery("SHOW TABLES LIKE '{$db_prefix}members'"); if (substr($FORUMLINK, 0, 3) == "smf" || mysqli_num_rows($test)) { $smfpass = smf_passgen($username, $pwd); $check_lev = get_result("SELECT `smf_group_mirror` FROM `{$TABLE_PREFIX}users_level` WHERE `id`=" . $idlevel); $flevel = $checklev[0]["smf_group_mirror"] > 0 ? $checklev[0]["smf_group_mirror"] : $idlevel + 10; if ($FORUMLINK == "smf") { do_sqlquery("INSERT INTO `{$db_prefix}members` (`memberName`, `dateRegistered`, `ID_GROUP`, `realName`, `passwd`, `emailAddress`, `memberIP`, `memberIP2`, `is_activated`, `passwordSalt`) VALUES ('{$username}', UNIX_TIMESTAMP(), {$flevel}, '{$username}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')");
function aggiungiutente() { global $DBDT, $INVITATIONSON, $VALID_INV, $SITENAME, $SITEEMAIL, $BASEURL, $VALIDATION, $USERLANG, $USE_IMAGECODE, $TABLE_PREFIX, $XBTT_USE, $language, $THIS_BASEPATH, $FORUMLINK, $db_prefix, $btit_settings; $dobdate = $_POST["datepicker"]; $parts = explode('-', $dobdate); $dobday = $parts[0]; $dobmonth = $parts[1]; $dobyear = $parts[2]; $utente = mysqli_real_escape_string($DBDT, $_POST["user"]); $pwd = mysqli_real_escape_string($DBDT, $_POST["pwd"]); $pwd1 = mysqli_real_escape_string($DBDT, $_POST["pwd1"]); $email = mysqli_real_escape_string($DBDT, $_POST["email"]); if (isset($_POST["language"])) { $idlangue = intval($_POST["language"]); } else { $idlangue = max(1, $btit_settings["default_language"]); } if (isset($_POST["style"])) { $idstyle = intval($_POST["style"]); } else { $idstyle = max(1, $btit_settings["default_style"]); } $idflag = intval($_POST["flag"]); $timezone = intval($_POST["timezone"]); $heard = mysqli_real_escape_string($DBDT, $_POST["heardaboutus"]); // Dt Referral if ($btit_settings["ref_on"] == true) { $rid = intval($_POST["refa"]); } // Dt Referral if (strtoupper($utente) == strtoupper("Guest")) { err_msg($language["ERROR"], $language["ERR_GUEST_EXISTS"]); stdfoot(); exit; } if ($pwd != $pwd1) { err_msg($language["ERROR"], $language["DIF_PASSWORDS"]); stdfoot(); exit; } if ($VALIDATION == "none") { $idlevel = 3; } else { $idlevel = 2; } //begin invitation system by dodge if ($INVITATIONSON == "true") { if ($VALID_INV == "true") { $idlevel = 2; } else { $idlevel = 3; } } //end invitation system # Create Random number $floor = 100000; $ceiling = 999999; srand((double) microtime() * 1000000); $random = rand($floor, $ceiling); if ($utente == "" || $pwd == "" || $email == "") { return -1; exit; } $res = do_sqlquery("SELECT email FROM {$TABLE_PREFIX}users WHERE email='{$email}'", true); if (mysqli_num_rows($res) > 0) { return -2; exit; } // valid email check - by vibes $regex = '/\\b[\\w\\.-]+@[\\w\\.-]+\\.\\w{2,4}\\b/i'; if (!preg_match($regex, $email)) { return -3; exit; } // valid email check end //Function changed by fatepower so now the variable checks the right data. //Added the image also. Cheers boys // check if IP is already in use if ($btit_settings["dupip"] == "true") { $ip = getip(); $i = @mysqli_fetch_row(@mysqli_query($GLOBALS["___mysqli_ston"], "SELECT count(*) FROM {$TABLE_PREFIX}users WHERE cip='{$ip}'")) or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)); if ($i[0] != 0) { err_msg(ERROR, "[" . $ip . "]<br /><img src=\"images/shared_ip.gif\" border=\"0\" alt=\"\" />"); block_end(); stdfoot(); exit; } } // duplicate username $res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE username='******'", true); if (mysqli_num_rows($res) > 0) { return -4; exit; } // duplicate username if (strpos(mysqli_real_escape_string($DBDT, $utente), " ") == true) { return -7; exit; } if ($btit_settings["gcsw"] == false) { if ($USE_IMAGECODE) { if (extension_loaded('gd')) { $arr = gd_info(); if ($arr['FreeType Support'] == 1) { $public = $_POST['public_key']; $private = $_POST['private_key']; $p = new ocr_captcha(); if ($p->check_captcha($public, $private) != true) { err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]); stdfoot(); exit; } } else { include "{$THIS_BASEPATH}/include/security_code.php"; $scode_index = intval($_POST["security_index"]); if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) { err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]); stdfoot(); exit; } } } else { include "{$THIS_BASEPATH}/include/security_code.php"; $scode_index = intval($_POST["security_index"]); if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) { err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]); stdfoot(); exit; } } } else { include "{$THIS_BASEPATH}/include/security_code.php"; $scode_index = intval($_POST["security_index"]); if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) { err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]); stdfoot(); exit; } } } else { require_once "include/recaptchalib.php"; // reCAPTCHA supported 40+ languages listed here: https://developers.google.com/recaptcha/docs/language $lang = "en"; // The response from reCAPTCHA $resp = null; // The error code from reCAPTCHA, if any $error = null; $reCaptcha = new ReCaptcha($btit_settings["gcsekk"]); if ($_POST["g-recaptcha-response"]) { $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]); } else { err_msg($language["ERROR"], "Recaptcha Not submitted"); stdfoot(); exit; } if ($resp != null && $resp->success) { } else { err_msg($language["ERROR"], "Google reports , you are a Robot !"); stdfoot(); exit; } } $bannedchar = array("\\", "/", ":", "*", "?", "\"", "@", "\$", "'", "`", ",", ";", ".", "<", ">", "!", "£", "%", "^", "&", "(", ")", "+", "=", "#", "~"); if (straipos(mysqli_real_escape_string($DBDT, $utente), $bannedchar) == true) { return -8; exit; } $pass_to_test = $_POST["pwd"]; $pass_min_req = explode(",", $btit_settings["secsui_pass_min_req"]); if (strlen($pass_to_test) < $pass_min_req[0]) { return -9; exit; } $exploded = explode("@", $email); $exploded2 = explode(".", $exploded[1]); $cheapmail = mysqli_real_escape_string($DBDT, $exploded[1]); $cheapmail2 = mysqli_real_escape_string($DBDT, "@" . $exploded2[0] . "."); $mailischeap = do_sqlquery("SELECT `domain` FROM `{$TABLE_PREFIX}cheapmail` WHERE `domain`='" . $cheapmail . "' OR `domain`='" . $cheapmail2 . "'", true); if (@mysqli_num_rows($mailischeap) > 0) { return -999; } $userip = getip(); $signupipblock = @mysqli_fetch_assoc(@mysqli_query($GLOBALS["___mysqli_ston"], "SELECT `id` FROM `{$TABLE_PREFIX}signup_ip_block` WHERE `first_ip` <=INET_ATON('{$userip}') AND `last_ip` >=INET_ATON('{$userip}')")); if ($signupipblock) { return -99; exit; } $lct_count = 0; $uct_count = 0; $num_count = 0; $sym_count = 0; $pass_end = (int) (strlen($pass_to_test) - 1); $pass_position = 0; $pattern1 = '#[a-z]#'; $pattern2 = '#[A-Z]#'; $pattern3 = '#[0-9]#'; $pattern4 = '/[¬!"£$%^&*()`{}\\[\\]:@~;\'#<>?,.\\/\\-=_+\\|]/'; for ($pass_position = 0; $pass_position <= $pass_end; $pass_position++) { if (preg_match($pattern1, substr($pass_to_test, $pass_position, 1), $matches)) { $lct_count++; } elseif (preg_match($pattern2, substr($pass_to_test, $pass_position, 1), $matches)) { $uct_count++; } elseif (preg_match($pattern3, substr($pass_to_test, $pass_position, 1), $matches)) { $num_count++; } elseif (preg_match($pattern4, substr($pass_to_test, $pass_position, 1), $matches)) { $sym_count++; } } if ($lct_count < $pass_min_req[1] || $uct_count < $pass_min_req[2] || $num_count < $pass_min_req[3] || $sym_count < $pass_min_req[4]) { return -998; exit; } $multipass = hash_generate(array("salt" => ""), $_POST["pwd"], $_POST["user"]); $i = $btit_settings["secsui_pass_type"]; $sql = "SELECT value FROM {$TABLE_PREFIX}settings WHERE `key` = \"donate_upload\""; $req = mysqli_query($GLOBALS["___mysqli_ston"], $sql) or die('Erreur SQL !<br />' . $sql . '<br />' . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false))); $result = mysqli_fetch_array($req); $credit = $result['value']; $sql = "SELECT value FROM {$TABLE_PREFIX}settings WHERE `key` = \"unit\""; $req = mysqli_query($GLOBALS["___mysqli_ston"], $sql) or die('Erreur SQL !<br />' . $sql . '<br />' . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false))); $result = mysqli_fetch_array($req); $unit = $result['value']; mysqli_free_result($req) || is_object($req) && get_class($req) == "mysqli_result" ? true : false; $kb = 1024; $mb = 1024 * 1024; $gb = 1024 * 1024 * 1024; $tb = 1024 * 1024 * 1024 * 1024; if ($unit == 'Kb') { $uploaded = $credit * $kb; } elseif ($unit == 'Mb') { $uploaded = $credit * $mb; } elseif ($unit == 'Gb') { $uploaded = $credit * $gb; } elseif ($unit == 'Tb') { $uploaded = $credit * $tb; } $realdate = checkdate($dobmonth, $dobday, $dobyear); if ($realdate) { $dob = $dobyear . "-" . $dobmonth . "-" . $dobday; $age = userage($dobyear, $dobmonth, $dobday); $dobtime = mktime(0, 0, 0, $dobmonth, $dobday, $dobyear); if ($dobtime > time()) { err_msg($language["ERROR"], $language["ERR_BORN_IN_FUTURE"]); stdfoot(); exit; } elseif ($age < $btit_settings["birthday_lower_limit"]) { err_msg($language["ERROR"], $language["ERR_DOB_1"] . $age . $language["ERR_DOB_2"]); stdfoot(); exit; } elseif ($age > $btit_settings["birthday_upper_limit"]) { err_msg($language["ERROR"], $language["ERR_DOB_1"] . $age . $language["ERR_DOB_2"]); stdfoot(); exit; } } else { err_msg($language["ERROR"], $language["INVALID_DOB_1"] . $dobday . "/" . $dobmonth . "/" . $dobyear . $language["INVALID_DOB_2"]); stdfoot(); exit; } $mtpp = $btit_settings["max_torrents_per_page"]; $pid = md5(uniqid(rand(), true)); $gen = intval($_POST['gen']); do_sqlquery("INSERT INTO `{$TABLE_PREFIX}users` (`username`, `password`, `dob` ,`salt`, `pass_type`, `dupe_hash`, `random`, `id_level`, `email`, `style`, `language`, `flag`, `joined`, `lastconnect`, `pid`, `time_offset`, `whereheard`,`gender` , `torrentsperpage`) VALUES ('" . $utente . "', '" . mysqli_real_escape_string($DBDT, $multipass[$i]["rehash"]) . "', '" . $dob . "' , '" . mysqli_real_escape_string($DBDT, $multipass[$i]["salt"]) . "', '" . $i . "', '" . mysqli_real_escape_string($DBDT, $multipass[$i]["dupehash"]) . "', " . $random . ", " . $idlevel . ", '" . $email . "', " . $idstyle . ", " . $idlangue . ", " . $idflag . ", NOW(), NOW(),'" . $pid . "', '" . $timezone . "','" . $heard . "','" . $gen . "','" . $mtpp . "')", true); $newuid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res; // DT reputation system start $reput = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}reputation_settings WHERE id =1"); $setrep = mysqli_fetch_array($reput); $plus = $setrep["rep_default"]; if ($setrep["rep_is_online"] == 'false') { //do nothing } else { @mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE {$TABLE_PREFIX}users SET reputation = reputation + '{$plus}' WHERE id='{$newuid}'"); } // DT reputation system end //begin invitation system by dodge if ($INVITATIONSON == "true") { $inviter = 0 + $_POST["inviter"]; $code = unesc($_POST["code"]); $res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE id = {$inviter}", true); $arr = mysqli_fetch_assoc($res); $invusername = $arr["username"]; do_sqlquery("UPDATE {$TABLE_PREFIX}users SET invited_by='" . $inviter . "' WHERE id='" . $newuid . "'", true); do_sqlquery("UPDATE {$TABLE_PREFIX}invitations SET confirmed='true' WHERE hash='{$code}'", true); $msg = sqlesc($language["WELCOME MESSAGE"]); } //end invitation system //DT referral system start if ($btit_settings["ref_on"] == true) { $rup = $btit_settings["ref_gb"] * 1024 * 1024 * 1024; $rap = $btit_settings["ref_sb"]; do_sqlquery("UPDATE {$TABLE_PREFIX}users SET referral={$rid} where id={$newuid}", true); if ($btit_settings["ref_switch"] == true) { do_sqlquery("UPDATE {$TABLE_PREFIX}users SET uploaded=uploaded + '{$rup}' where id='{$rid}'"); } else { do_sqlquery("UPDATE {$TABLE_PREFIX}users SET seedbonus=seedbonus + '{$rap}' where id='{$rid}'"); } } //DT referral system end do_sqlquery("UPDATE {$TABLE_PREFIX}users SET uploaded={$uploaded} WHERE id={$newuid}", true); // begin - announce new confirmed user in shoutbox if ($btit_settings["sbtwo"] == true) { $al = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM {$TABLE_PREFIX}chat ORDER BY id DESC LIMIT 1"); $rw = mysqli_fetch_assoc($al); $ct = $rw["count"] + 1; do_sqlquery("INSERT INTO {$TABLE_PREFIX}chat (uid, time, name, text,count) VALUES (0," . time() . ", 'System','[color=green]Welcome New User :[/color][url={$BASEURL}/index.php?page=userdetails&id={$newuid}]" . $utente . "[/url]'," . $ct . ")"); } // end - announce new confirmed user in shoutbox // Continue to create smf members if they disable smf mode $test = do_sqlquery("SHOW TABLES LIKE '{$db_prefix}members'", true); if (substr($FORUMLINK, 0, 3) == "smf" || mysqli_num_rows($test)) { $smfpass = smf_passgen($utente, $pwd); $fetch = get_result("SELECT `smf_group_mirror` FROM `{$TABLE_PREFIX}users_level` WHERE `id`=" . $idlevel, true, $btit_settings["cache_duration"]); $flevel = $fetch[0]["smf_group_mirror"] > 0 ? $fetch[0]["smf_group_mirror"] : $idlevel + 10; if ($FORUMLINK == "smf") { do_sqlquery("INSERT INTO `{$db_prefix}members` (`memberName`, `dateRegistered`, `ID_GROUP`, `realName`, `passwd`, `emailAddress`, `memberIP`, `memberIP2`, `is_activated`, `passwordSalt`) VALUES ('{$utente}', UNIX_TIMESTAMP(), {$flevel}, '{$utente}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')", true); } else { do_sqlquery("INSERT INTO `{$db_prefix}members` (`member_name`, `date_registered`, `id_group`, `real_name`, `passwd`, `email_address`, `member_ip`, `member_ip2`, `is_activated`, `password_salt`) VALUES ('{$utente}', UNIX_TIMESTAMP(), {$flevel}, '{$utente}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')", true); } $fid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res; do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = {$fid} WHERE `variable` = 'latestMember'", true); do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = '{$utente}' WHERE `variable` = 'latestRealName'", true); do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = UNIX_TIMESTAMP() WHERE `variable` = 'memberlist_updated'", true); do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = `value` + 1 WHERE `variable` = 'totalMembers'", true); do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `smf_fid`={$fid} WHERE `id`={$newuid}", true); } // Continue to create ipb members if they disable ipb mode $test = do_sqlquery("SHOW TABLES LIKE '{$ipb_prefix}members'"); if ($FORUMLINK == "ipb" || mysqli_num_rows($test)) { ipb_create($utente, $email, $pwd, $idlevel, $newuid); } // xbt if ($XBTT_USE) { $resin = do_sqlquery("INSERT INTO xbt_users (uid, torrent_pass) VALUES ({$newuid},'{$pid}')", true); } include "include/userstuff.php"; $sub = sqlesc("{$GLOBALS['welcome_sub']}"); $mess = sqlesc("{$GLOBALS['welcome_msg']}"); send_pm(0, $newuid, $sub, $mess); if ($INVITATIONSON == "true") { send_pm('2', $newuid, '" . $language["WELCOME"] . "', $msg); if ($VALID_INV == "true") { send_mail($email, "{$SITENAME} " . $language["REG_CONFIRM"] . "", $language["INVIT_MSGINFO"] . "{$email}" . $language["INVIT_MSGINFO1"] . " {$utente}\n" . $language["INVIT_MSGINFO2"] . " {$pwd}\n\n" . $language["INVIT_MSGINFO3"], "From: {$SITENAME} <{$SITEEMAIL}>"); } else { send_mail($email, "{$SITENAME} " . $language["REG_CONFIRM"] . "", $language["INVIT_MSGINFO"] . "{$email}" . $language["INVIT_MSGINFO1"] . " {$utente}\n" . $language["INVIT_MSGINFO2"] . " {$pwd}\n\n\n" . $language["INVIT_MSG_AUTOCONFIRM3"], "From: {$SITENAME} <{$SITEEMAIL}>"); } write_log("Signup new user {$utente} ({$email})", "add"); } else { if ($VALIDATION == "user") { ini_set("sendmail_from", ""); if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 0) { send_mail($email, $language["ACCOUNT_CONFIRM"], $language["ACCOUNT_MSG"] . "\n\n" . $BASEURL . "/index.php?page=account&act=confirm&confirm={$random}&language={$idlangue}"); write_log("Signup new user {$utente} ({$email})", "add"); } else { die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)); } } } return is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false); }
stderr($language["ERROR"], $language["INS_NEW_PWD"]); } elseif ($_POST["new_pwd"] != $_POST["new_pwd1"]) { stderr($language["ERROR"], $language["DIF_PASSWORDS"]); } elseif (strlen($pass_to_test) < $pass_min_req[0]) { stderr($language["ERROR"], $language["ERR_PASS_LENGTH_1"] . " <b><span style=\"color:blue;\">" . $pass_min_req[0] . "</span></b> " . $language["ERR_PASS_LENGTH_2"]); } elseif ($lct_count < $pass_min_req[1] || $uct_count < $pass_min_req[2] || $num_count < $pass_min_req[3] || $sym_count < $pass_min_req[4]) { $newpassword = pass_the_salt(30); stderr($language["ERROR"], $language["ERR_PASS_TOO_WEAK_1"] . ":<br /><br />" . ($pass_min_req[1] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[1] . "</span> " . ($pass_min_req[1] == 1 ? $language["ERR_PASS_TOO_WEAK_2"] : $language["ERR_PASS_TOO_WEAK_2A"]) . "</li>" : "") . ($pass_min_req[2] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[2] . "</span> " . ($pass_min_req[2] == 1 ? $language["ERR_PASS_TOO_WEAK_3"] : $language["ERR_PASS_TOO_WEAK_3A"]) . "</li>" : "") . ($pass_min_req[3] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[3] . "</span> " . ($pass_min_req[3] == 1 ? $language["ERR_PASS_TOO_WEAK_4"] : $language["ERR_PASS_TOO_WEAK_4A"]) . "</li>" : "") . ($pass_min_req[4] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[4] . "</span> " . ($pass_min_req[4] == 1 ? $language["ERR_PASS_TOO_WEAK_5"] : $language["ERR_PASS_TOO_WEAK_5A"]) . "</li>" : "") . "<br />" . $language["ERR_PASS_TOO_WEAK_6"] . ":<br /><br /><span style='color:blue;font-weight:bold;'>" . $newpassword . "</span><br />"); } else { $testpass = hash_generate(array("salt" => $CURUSER["salt"]), $_POST["old_pwd"], $CURUSER["username"]); $respwd = do_sqlquery("SELECT * FROM `{$TABLE_PREFIX}users` WHERE `id`={$uid} AND `password`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $testpass[$CURUSER["pass_type"]]["hash"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "' AND username="******"username"]) . "", true); if (!$respwd || mysqli_num_rows($respwd) == 0) { stderr($language["ERROR"], $language["ERR_RETR_DATA"]); } else { $arr = mysqli_fetch_assoc($respwd); $multipass = hash_generate(array("salt" => ""), $_POST["new_pwd"], $CURUSER["username"]); $i = $btit_settings["secsui_pass_type"]; do_sqlquery("UPDATE {$TABLE_PREFIX}users SET `password`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["rehash"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', `salt`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["salt"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', `pass_type`='" . $i . "', `dupe_hash`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["dupehash"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "' WHERE id={$uid} AND password='******' AND username="******"username"]) . "", true); if (substr($GLOBALS["FORUMLINK"], 0, 3) == "smf") { $passhash = smf_passgen($CURUSER["username"], $_POST["new_pwd"]); do_sqlquery("UPDATE `{$db_prefix}members` SET `passwd`='{$passhash['0']}', `password" . ($GLOBALS["FORUMLINK"] == "smf" ? "S" : "_s") . "alt`='{$passhash['1']}' WHERE " . ($GLOBALS["FORUMLINK"] == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $arr["smf_fid"], true); } elseif ($GLOBALS["FORUMLINK"] == "ipb") { if (!defined('IPS_ENFORCE_ACCESS')) { define('IPS_ENFORCE_ACCESS', true); } if (!defined('IPB_THIS_SCRIPT')) { define('IPB_THIS_SCRIPT', 'public'); } require_once $THIS_BASEPATH . '/ipb/initdata.php'; require_once IPS_ROOT_PATH . 'sources/base/ipsRegistry.php'; require_once IPS_ROOT_PATH . 'sources/base/ipsController.php';
echo $tpl->fetch(load_template("main.tpl")); die; } elseif ($act == "generate") { $id = intval(0 + $_GET["id"]); $random = intval($_GET["random"]); if (!$id || !$random || empty($random) || $random == 0) { stderr($language["ERROR"], $language["ERR_UPDATE_USER"]); } $res = do_sqlquery("SELECT `username`, `email`, `random`" . (substr($GLOBALS["FORUMLINK"], 0, 3) == "smf" ? ", `smf_fid`" : ($GLOBALS["FORUMLINK"] == "ipb" ? ", ipb_fid" : "")) . " FROM `{$TABLE_PREFIX}users` WHERE `id` = {$id}", true); $arr = mysqli_fetch_array($res); if ($random != $arr["random"]) { stderr($language["ERROR"], $language["ERR_UPDATE_USER"]); } $email = $arr["email"]; $newpassword = pass_the_salt(30); $multipass = hash_generate(array("salt" => ""), $newpassword, $arr["username"]); $i = $btit_settings["secsui_pass_type"]; do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `password`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["rehash"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', `salt`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["salt"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', `pass_type`='" . $i . "', `dupe_hash`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["dupehash"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "' WHERE `id`={$id} AND `random`={$random}", true); if (!mysqli_affected_rows($GLOBALS["___mysqli_ston"])) { stderr($language["ERROR"], $language["ERR_UPDATE_USER"]); } if (substr($GLOBALS["FORUMLINK"], 0, 3) == "smf") { $passhash = smf_passgen($arr["username"], $newpassword); do_sqlquery("UPDATE `{$db_prefix}members` SET `passwd`='{$passhash['0']}', `password" . ($FORUMLINK == "smf" ? "S" : "_s") . "alt`='{$passhash['1']}' WHERE " . ($FORUMLINK == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $arr["smf_fid"], true); } elseif ($GLOBALS["FORUMLINK"] == "ipb") { if (!defined('IPS_ENFORCE_ACCESS')) { define('IPS_ENFORCE_ACCESS', true); } if (!defined('IPB_THIS_SCRIPT')) { define('IPB_THIS_SCRIPT', 'public'); }
$is_member = true; // Check stored password in cookies if ($CNpass and $user_member[UDB_PASS] == $CNpass) { $password = true; } if (!empty($_SESS['user']) && $_SESS['user'] == $name) { $is_member = true; } elseif (empty($password)) { $comments = preg_replace(array("'\"'", "'\\''", "''"), array(""", "'", ""), $comments); $name = replace_comment("add", preg_replace("/\n/", "", $name)); $mail = replace_comment("add", preg_replace("/\n/", "", $mail)); $remcheck = $CNremember == '1' ? ' checked="checked" ' : ''; echo proc_tpl('enter_passcode'); return FALSE; } else { $gen = hash_generate($password); // password ok? if (in_array($user_member[UDB_PASS], $gen) || $CNpass && $user_member[UDB_PASS] == $CNpass) { // if check remember password -> echo this script if (empty($CNrememberPass) == false) { $name = htmlspecialchars($name); if (empty($mail)) { $mail = htmlspecialchars($user_member[UDB_EMAIL]); } echo read_tpl('remember') . '<script type="text/javascript">CNRememberPass("' . $user_member[UDB_PASS] . '", "' . $name . '", "' . $mail . '")</script>'; } // hide email $mail = $user_member[UDB_CBYEMAIL] ? false : $user_member[UDB_EMAIL]; $captcha_enabled = false; } else { echo '<div class="blocking_posting_comment">' . lang('Wrong password!') . ' <a href="javascript:document.location = \'' . $_SERVER['HTTP_REFERER'] . '\'">' . lang('Refresh') . '</a></div>';
$is_loged_in = true; } else { $_SESS['user'] = false; $is_loged_in = false; send_cookie(); } } // --------------------------------------------------------------------------------------------------------------------- // If User is Not Logged In, Display The Login Page // First RUN if ($enter_without_login) { $is_loged_in = TRUE; // Initial $member_db = array(UDB_ID => time(), UDB_ACL => ACL_LEVEL_ADMIN, UDB_NAME => 'Administrator', UDB_PASS => md5('123456'), UDB_NICK => '', UDB_EMAIL => '*****@*****.**', UDB_COUNT => 0, UDB_CBYEMAIL => 1, UDB_AVATAR => '', UDB_LAST => time()); if (REQ('section') == 'main_area') { $ht = hash_generate(REQ('admin_passwd')); $member_db[UDB_NAME] = REQ('admin_name'); $member_db[UDB_EMAIL] = REQ('admin_email'); $member_db[UDB_PASS] = $ht[count($ht) - 1]; if (REQ('admin_name') == false) { msg('error', lang('error'), lang('Enter name'), '#GOBACK'); } if (REQ('admin_email') == false) { msg('error', lang('error'), lang('Enter email'), '#GOBACK'); } if (REQ('admin_passwd') == false) { msg('error', lang('error'), lang('Enter password'), '#GOBACK'); } // add user user_add($member_db); make_crypt_salt();
$username = empty($_POST['user']) ? $_POST['username'] : $_SESS['ix']; $password = $_POST['password']; // User is banned if ($bandata = user_getban($ip, false)) { if ($bandata[1] > $config_ban_attempts + 1) { msg('error', lang('Error!'), getpart('youban', format_date($bandata[2], 'since-short'))); } } if (empty($_SESS['user'])) { /* Login Authorization using COOKIES */ if ($action == 'dologin') { // Check referer RereferCheck(); // Do we have correct username and password ? $member_db = user_search($username); $cmd5_password = hash_generate($password); if (in_array($member_db[UDB_PASS], $cmd5_password)) { $_SESS['ix'] = $username; $_SESS['user'] = $username; if ($rememberme == 'yes') { $_SESS['@'] = true; } elseif (isset($_SESS['@'])) { unset($_SESS['@']); } add_to_log($username, 'login'); user_remove_ban($ip); // Modify Last Login $member_db[UDB_LAST] = time(); user_update($username, $member_db); $is_loged_in = true; send_cookie();
if ($_REQ['widget_personal_action'] === 'login') { if (!isset($_SESSION['.CSRF'])) { $_SESSION['.CSRF'] = ''; } if ($_REQ['widget_personal_csrf'] && $_REQ['widget_personal_csrf'] === $_SESSION['.CSRF']) { $login = $_REQ['widget_personal_username']; $pass = $_REQ['widget_personal_password']; $rem = isset($_REQ['widget_personal_rememberme']) && !empty($_REQ['widget_personal_rememberme']); // Get User Session $_SESSION['user'] = $login; $user = member_get(); if ($user['acl'] == ACL_LEVEL_ADMIN) { cn_front_message("Admin login denied from this place", 'login'); $_SESSION['user'] = null; } elseif ($login && $pass) { $gp = hash_generate($pass); if (in_array($user['pass'], $gp)) { $_SESSION['user'] = $login; if ($rem) { $_POST['cn_remember_me'] = $rem; } $_POST['CN_COOKIE_POSTPROCESS'] = TRUE; } else { $_SESSION['user'] = null; cn_front_message('Invalid login or password', 'login'); } } else { $_SESSION['user'] = null; } } else { cn_front_message("CSRF attempt!", 'login');
function aggiungiutente() { global $SITENAME, $SITEEMAIL, $BASEURL, $VALIDATION, $USERLANG, $USE_IMAGECODE, $TABLE_PREFIX, $XBTT_USE, $language, $THIS_BASEPATH, $FORUMLINK, $db_prefix, $btit_settings; $utente = isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $_POST["user"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : ""); $pwd = isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $_POST["pwd"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : ""); $pwd1 = isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $_POST["pwd1"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : ""); $email = isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $_POST["email"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : ""); $idlangue = intval($_POST["language"]); $idstyle = intval($_POST["style"]); $idflag = intval($_POST["flag"]); $timezone = intval($_POST["timezone"]); if (strtoupper($utente) == strtoupper("Guest")) { err_msg($language["ERROR"], $language["ERR_GUEST_EXISTS"]); stdfoot(); exit; } if ($pwd != $pwd1) { err_msg($language["ERROR"], $language["DIF_PASSWORDS"]); stdfoot(); exit; } if ($VALIDATION == "none") { $idlevel = 3; } else { $idlevel = 2; } # Create Random number $floor = 100000; $ceiling = 999999; srand((double) microtime() * 1000000); $random = rand($floor, $ceiling); if ($utente == "" || $pwd == "" || $email == "") { return -1; exit; } $res = do_sqlquery("SELECT email FROM {$TABLE_PREFIX}users WHERE email='{$email}'", true); if (mysqli_num_rows($res) > 0) { return -2; exit; } // valid email check - by vibes $regex = '/\\b[\\w\\.-]+@[\\w\\.-]+\\.\\w{2,4}\\b/i'; if (!preg_match($regex, $email)) { return -3; exit; } // valid email check end // duplicate username $res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE username='******'", true); if (mysqli_num_rows($res) > 0) { return -4; exit; } // duplicate username if (strpos(isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $utente) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : ""), " ") == true) { return -7; exit; } if ($USE_IMAGECODE) { if (extension_loaded('gd')) { $arr = gd_info(); if ($arr['FreeType Support'] == 1) { $public = $_POST['public_key']; $private = $_POST['private_key']; $p = new ocr_captcha(); if ($p->check_captcha($public, $private) != true) { err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]); stdfoot(); exit; } } else { include "{$THIS_BASEPATH}/include/security_code.php"; $scode_index = intval($_POST["security_index"]); if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) { err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]); stdfoot(); exit; } } } else { include "{$THIS_BASEPATH}/include/security_code.php"; $scode_index = intval($_POST["security_index"]); if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) { err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]); stdfoot(); exit; } } } else { include "{$THIS_BASEPATH}/include/security_code.php"; $scode_index = intval($_POST["security_index"]); if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) { err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]); stdfoot(); exit; } } $bannedchar = array("\\", "/", ":", "*", "?", "\"", "@", "\$", "'", "`", ",", ";", ".", "<", ">", "!", "£", "%", "^", "&", "(", ")", "+", "=", "#", "~"); if (straipos(isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $utente) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : ""), $bannedchar) == true) { return -8; exit; } $pass_to_test = $_POST["pwd"]; $pass_min_req = explode(",", $btit_settings["secsui_pass_min_req"]); if (strlen($pass_to_test) < $pass_min_req[0]) { return -9; exit; } $lct_count = 0; $uct_count = 0; $num_count = 0; $sym_count = 0; $pass_end = (int) (strlen($pass_to_test) - 1); $pass_position = 0; $pattern1 = '#[a-z]#'; $pattern2 = '#[A-Z]#'; $pattern3 = '#[0-9]#'; $pattern4 = '/[¬!"£$%^&*()`{}\\[\\]:@~;\'#<>?,.\\/\\-=_+\\|]/'; for ($pass_position = 0; $pass_position <= $pass_end; $pass_position++) { if (preg_match($pattern1, substr($pass_to_test, $pass_position, 1), $matches)) { $lct_count++; } elseif (preg_match($pattern2, substr($pass_to_test, $pass_position, 1), $matches)) { $uct_count++; } elseif (preg_match($pattern3, substr($pass_to_test, $pass_position, 1), $matches)) { $num_count++; } elseif (preg_match($pattern4, substr($pass_to_test, $pass_position, 1), $matches)) { $sym_count++; } } if ($lct_count < $pass_min_req[1] || $uct_count < $pass_min_req[2] || $num_count < $pass_min_req[3] || $sym_count < $pass_min_req[4]) { return -998; exit; } $multipass = hash_generate(array("salt" => ""), $_POST["pwd"], $_POST["user"]); $i = $btit_settings["secsui_pass_type"]; $pid = md5(uniqid(rand(), true)); do_sqlquery("INSERT INTO `{$TABLE_PREFIX}users` (`username`, `password`, `salt`, `pass_type`, `dupe_hash`, `random`, `id_level`, `email`, `style`, `language`, `flag`, `joined`, `lastconnect`, `pid`, `time_offset`) VALUES ('" . $utente . "', '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["rehash"]) : (trigger_error("[MySQLConverterToo] Fix the mysqli_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["salt"]) : (trigger_error("[MySQLConverterToo] Fix the mysqli_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', '" . $i . "', '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["dupehash"]) : (trigger_error("[MySQLConverterToo] Fix the mysqli_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', " . $random . ", " . $idlevel . ", '" . $email . "', " . $idstyle . ", " . $idlangue . ", " . $idflag . ", NOW(), NOW(),'" . $pid . "', '" . $timezone . "')", true); $newuid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res; // Continue to create smf members if they disable smf mode $test = do_sqlquery("SHOW TABLES LIKE '{$db_prefix}members'", true); if (substr($FORUMLINK, 0, 3) == "smf" || mysqli_num_rows($test)) { $smfpass = smf_passgen($utente, $pwd); $fetch = get_result("SELECT `smf_group_mirror` FROM `{$TABLE_PREFIX}users_level` WHERE `id`=" . $idlevel, true, $btit_settings["cache_duration"]); $flevel = $fetch[0]["smf_group_mirror"] > 0 ? $fetch[0]["smf_group_mirror"] : $idlevel + 10; if ($FORUMLINK == "smf") { do_sqlquery("INSERT INTO `{$db_prefix}members` (`memberName`, `dateRegistered`, `ID_GROUP`, `realName`, `passwd`, `emailAddress`, `memberIP`, `memberIP2`, `is_activated`, `passwordSalt`) VALUES ('{$utente}', UNIX_TIMESTAMP(), {$flevel}, '{$utente}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')", true); } else { do_sqlquery("INSERT INTO `{$db_prefix}members` (`member_name`, `date_registered`, `id_group`, `real_name`, `passwd`, `email_address`, `member_ip`, `member_ip2`, `is_activated`, `password_salt`) VALUES ('{$utente}', UNIX_TIMESTAMP(), {$flevel}, '{$utente}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')", true); } $fid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res; do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = {$fid} WHERE `variable` = 'latestMember'", true); do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = '{$utente}' WHERE `variable` = 'latestRealName'", true); do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = UNIX_TIMESTAMP() WHERE `variable` = 'memberlist_updated'", true); do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = `value` + 1 WHERE `variable` = 'totalMembers'", true); do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `smf_fid`={$fid} WHERE `id`={$newuid}", true); } // Continue to create ipb members if they disable ipb mode $test = do_sqlquery("SHOW TABLES LIKE '{$ipb_prefix}members'"); if ($FORUMLINK == "ipb" || mysqli_num_rows($test)) { ipb_create($utente, $email, $pwd, $idlevel, $newuid); } // xbt if ($XBTT_USE) { $resin = do_sqlquery("INSERT INTO xbt_users (uid, torrent_pass) VALUES ({$newuid},'{$pid}')", true); } if ($VALIDATION == "user") { ini_set("sendmail_from", ""); if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 0) { send_mail($email, $language["ACCOUNT_CONFIRM"], $language["ACCOUNT_MSG"] . "\n\n" . $BASEURL . "/index.php?page=account&act=confirm&confirm={$random}&language={$idlangue}"); write_log("Signup new user {$utente} ({$email})", "add"); } else { die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)); } } return is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false); }
// Check validation if ($the_email) { $user_arr = user_search($the_email, 'email'); $user = $user_arr[UDB_NAME]; } else { add_to_log(':anonym:', 'Validate "s" parameter: invalid request'); msg("error", lang('Error!'), lang("Validation is broken"), '#GOBACK'); } // Generate srand(time()); $salt = "abcdefghjkmnpqrstuvwxyz0123456789-ABCDEFGHIJKLMNOPQRSTUVWXYZ"; for ($i = 0; $i < 9; $i++) { $new_pass .= $salt[rand(0, strlen($salt) - 1)]; } // Save new password $hmet = hash_generate($new_pass); $user_arr[UDB_PASS] = $hmet[count($hmet) - 1]; print_r($new_pass); print_R($hmet); user_update($user, $user_arr); $message = str_replace(array('%1', '%2'), array($user, $new_pass), lang("Hi %1,\nYour new password for CuteNews is\n\n %2\n\nplease after you login change this password.")); send_mail($user_arr[UDB_EMAIL], lang("Your New Password for CuteNews"), $message); add_to_log($user, lang('New password received')); msg("info", lang("Password Sent"), str_replace('%1', $user, lang("The new password for <b>%1</b> was sent to the email."))); } else { if ($config_allow_registration != "1") { msg("error", lang('Error!'), lang("User registration is Disabled"), '#GOBACK'); } echoheader("user", lang("User Registration")); echo proc_tpl('register/reg', array('result' => $result)); echofooter();