} elseif ($age < $btit_settings["birthday_lower_limit"]) {
err_msg($language["ERROR"], $language["ERR_DOB_1"] . $age . $language["ERR_DOB_2"]);
stdfoot();
exit;
} elseif ($age > $btit_settings["birthday_upper_limit"]) {
err_msg($language["ERROR"], $language["ERR_DOB_1"] . $age . $language["ERR_DOB_2"]);
stdfoot();
exit;
}
} else {
err_msg($language["ERROR"], $language["INVALID_DOB_1"] . $dobday . "/" . $dobmonth . "/" . $dobyear . $language["INVALID_DOB_2"]);
stdfoot();
exit;
}
// Password confirmation required to update user record
isset($_POST["passconf"]) ? $passcheck = hash_generate(array("salt" => $CURUSER["salt"]), $_POST["passconf"], $CURUSER["username"]) : ($passcheck = array());
if (isset($passcheck[$btit_settings["secsui_pass_type"]]) && is_array($passcheck[$btit_settings["secsui_pass_type"]])) {
$password = $passcheck[$btit_settings["secsui_pass_type"]]["hash"];
} else {
$password = "";
}
if ($password == "" || $CURUSER["password"] != $password) {
stderr($language["ERROR"], $language["ERR_PASS_WRONG"]);
stdfoot();
exit;
}
// Password confirmation required to update user record
// check avatar is a valid image and one of the supported file types
if ($avatar && $avatar != "") {
$imagearr = @getimagesize($avatar);
if (!is_array($imagearr) || !in_array($imagearr["mime"], array("image/bmp", "image/jpeg", "image/pjpeg", "image/gif", "image/x-png", "image/png"))) {
} elseif ($action == "dosavepersonal") {
CSRFCheck();
$username = $member_db[UDB_NAME];
$editnickname = replace_comment("add", $editnickname);
$editmail = replace_comment("add", $editmail);
$edithidemail = replace_comment("add", $edithidemail);
$change_avatar = replace_comment("add", $change_avatar);
if ($editpassword and !preg_match("/^[\\.A-z0-9_\\-]{1,31}\$/i", $editpassword)) {
msg("error", lang('Error!'), lang("Your password must contain only valid characters and numbers"), '#GOBACK');
}
$edithidemail = $edithidemail ? 1 : 0;
$pack = user_search($username);
// editing password (with confirm)
if ($editpassword) {
if ($confirmpassword == $editpassword) {
$hashs = hash_generate($editpassword);
$pack[UDB_PASS] = $hashs[count($hashs) - 1];
} else {
msg('error', lang('Error!'), lang('Confirm password not match'), "#GOBACK");
}
}
$pack[UDB_NICK] = $editnickname;
$pack[UDB_EMAIL] = $editmail;
$pack[UDB_CBYEMAIL] = $edithidemail;
$pack[UDB_AVATAR] = $change_avatar;
user_update($username, $pack);
msg("info", lang("Changes Saved"), lang("Your personal information was saved"), "#GOBACK");
} elseif ($action == "templates") {
if ($member_db[UDB_ACL] != ACL_LEVEL_ADMIN) {
msg("error", lang("Access Denied"), lang("You don't have permissions for this type of action"), '#GOBACK');
}
$firstip = $ip;
$lastip = $ip;
$comment = "max_number_of_invalid_logins_reached";
$firstip = sprintf("%u", ip2long($firstip));
$lastip = sprintf("%u", ip2long($lastip));
$comment = sqlesc($comment);
$added = sqlesc(time());
mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO {$TABLE_PREFIX}bannedip (added, addedby, first, last, comment) VALUES({$added}, '2', {$firstip}, {$lastip}, {$comment})") or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
mysqli_query($GLOBALS["___mysqli_ston"], "DELETE FROM {$TABLE_PREFIX}invalid_logins WHERE ip='" . sprintf("%u", ip2long($ip)) . "' LIMIT 1") or sqlerr();
}
}
//Invalid Login System Hack Stop
$logintpl->set("login_username_incorrect", $language["ERR_USERNAME_INCORRECT"]);
xbtit_login();
} else {
$passtype = hash_generate($row, $pwd, $user);
if ($row["password"] == $passtype[$row["pass_type"]]["hash"]) {
// We have a correct password entry
// If stored password type is not the same as the current set type
if ($row["pass_type"] != $btit_settings["secsui_pass_type"]) {
// We need to update the password
do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `password`='" . mysqli_real_escape_string($DBDT, $passtype[$btit_settings["secsui_pass_type"]]["rehash"]) . "', `salt`='" . mysqli_real_escape_string($DBDT, $passtype[$btit_settings["secsui_pass_type"]]["salt"]) . "', `pass_type`='" . mysqli_real_escape_string($DBDT, $btit_settings["secsui_pass_type"]) . "', `dupe_hash`='" . mysqli_real_escape_string($DBDT, $passtype[$btit_settings["secsui_pass_type"]]["dupehash"]) . "' WHERE `id`=" . $row["id"], true);
// And update the values we got from the database earlier
$row["pass_type"] = $btit_settings["secsui_pass_type"];
$row["password"] = $passtype[$btit_settings["secsui_pass_type"]]["rehash"];
$row["salt"] = $passtype[$btit_settings["secsui_pass_type"]]["salt"];
}
// If we've reached this point we can set the cookies
// call the logoutcookie function for good measure, just in case we have some old cookies that need destroying.
logoutcookie();
// Then login
if (preg_match($pattern1, substr($pass, $pass_position, 1), $matches)) {
$lct_count++;
} elseif (preg_match($pattern2, substr($pass, $pass_position, 1), $matches)) {
$uct_count++;
} elseif (preg_match($pattern3, substr($pass, $pass_position, 1), $matches)) {
$num_count++;
} elseif (preg_match($pattern4, substr($pass, $pass_position, 1), $matches)) {
$sym_count++;
}
}
$newpassword = pass_the_salt(30);
if ($lct_count < $pass_min_req[1] || $uct_count < $pass_min_req[2] || $num_count < $pass_min_req[3] || $sym_count < $pass_min_req[4]) {
stderr($language["ERROR"], $language["ERR_PASS_TOO_WEAK_1A"] . ":<br /><br />" . ($pass_min_req[1] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[1] . "</span> " . ($pass_min_req[1] == 1 ? $language["ERR_PASS_TOO_WEAK_2"] : $language["ERR_PASS_TOO_WEAK_2A"]) . "</li>" : "") . ($pass_min_req[2] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[2] . "</span> " . ($pass_min_req[2] == 1 ? $language["ERR_PASS_TOO_WEAK_3"] : $language["ERR_PASS_TOO_WEAK_3A"]) . "</li>" : "") . ($pass_min_req[3] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[3] . "</span> " . ($pass_min_req[3] == 1 ? $language["ERR_PASS_TOO_WEAK_4"] : $language["ERR_PASS_TOO_WEAK_4A"]) . "</li>" : "") . ($pass_min_req[4] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[4] . "</span> " . ($pass_min_req[4] == 1 ? $language["ERR_PASS_TOO_WEAK_5"] : $language["ERR_PASS_TOO_WEAK_5A"]) . "</li>" : "") . "<br />" . $language["ERR_PASS_TOO_WEAK_6"] . ":<br /><br /><span style='color:blue;font-weight:bold;'>" . $newpassword . "</span><br />");
}
$un = !empty($new_username) && $new_username != $curu["username"] ? $new_username : $curu["username"];
$multipass = hash_generate(array("salt" => ""), $pass, $un);
$j = $btit_settings["secsui_pass_type"];
$set[] = "`password`=" . sqlesc($multipass[$j]["rehash"]);
$set[] = "`salt`=" . sqlesc($multipass[$j]["salt"]);
$set[] = "`pass_type`=" . sqlesc($j);
$set[] = "`dupe_hash`=" . sqlesc($multipass[$j]["dupehash"]);
$passhash = smf_passgen($un, $pass);
$smfset[] = '`passwd`=' . sqlesc($passhash[0]);
$smfset[] = '`password' . ($FORUMLINK == "smf" ? "S" : "_s") . 'alt`=' . sqlesc($passhash[1]);
if ($FORUMLINK == "ipb") {
$ipbhash = ipb_passgen($pass);
IPSMember::save($ipb_fid, array("members" => array("member_login_key" => "", "member_login_key_expire" => "0", "members_pass_hash" => "{$ipbhash['0']}", "members_pass_salt" => "{$ipbhash['1']}")));
}
}
$set[] = "block_comment='" . (isset($_POST["block_comment"]) ? "yes" : "no") . "'";
$set[] = "sbox='" . (isset($_POST["sbox"]) ? "yes" : "no") . "'";
}
echo proc_tpl('editusers/user', array('CSRF' => $CSRF, 'user_arr[2]' => $user_arr[2], 'user_arr[4]' => $user_arr[4], 'user_arr[5]' => $user_arr[5], 'user_arr[6]' => $user_arr[6], 'user_date' => date("r", $user_arr[0]), 'edit_level' => $edit_level, 'last_login' => empty($user_arr[UDB_LAST]) ? lang('never') : date('r', $user_arr[UDB_LAST]), 'id' => $id));
} elseif ($action == "doedituser") {
CSRFCheck();
list($id, $editemail, $editpassword, $editlevel) = GET('id,editemail,editpassword,editlevel');
if (empty($id)) {
die(lang("This is not a valid user"));
}
if (false === ($the_user = user_search($id))) {
die(lang("This is not a valid user"));
}
if (check_email($editemail) == false) {
die(lang("Invalid email"));
}
// In case if email already exists, and email not eq. --> error
$find_email = user_search($editemail, 'email');
if ($find_email && $find_email[UDB_EMAIL] != $the_user[UDB_EMAIL]) {
die(lang("User with this email already exists"));
}
// Change password if present
if (!empty($editpassword)) {
$hmet = hash_generate($editpassword);
$the_user[UDB_PASS] = $hmet[count($hmet) - 1];
send_cookie();
}
// Change user level anywhere
$the_user[UDB_EMAIL] = $editemail;
$the_user[UDB_ACL] = $editlevel;
user_update($id, $the_user);
echo proc_tpl('editusers/doedituser/saved');
}
} elseif (preg_match($pattern4, substr($pass_to_test, $pass_position, 1), $matches)) {
$sym_count++;
}
}
if ($lct_count < $pass_min_req[1] || $uct_count < $pass_min_req[2] || $num_count < $pass_min_req[3] || $sym_count < $pass_min_req[4]) {
$newpassword = pass_the_salt(30);
echo $language["ERR_PASS_TOO_WEAK_1"] . ":<br /><br />" . ($pass_min_req[1] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[1] . "</span> " . ($pass_min_req[1] == 1 ? $language["ERR_PASS_TOO_WEAK_2"] : $language["ERR_PASS_TOO_WEAK_2A"]) . "</li>" : "") . ($pass_min_req[2] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[2] . "</span> " . ($pass_min_req[2] == 1 ? $language["ERR_PASS_TOO_WEAK_3"] : $language["ERR_PASS_TOO_WEAK_3A"]) . "</li>" : "") . ($pass_min_req[3] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[3] . "</span> " . ($pass_min_req[3] == 1 ? $language["ERR_PASS_TOO_WEAK_4"] : $language["ERR_PASS_TOO_WEAK_4A"]) . "</li>" : "") . ($pass_min_req[4] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[4] . "</span> " . ($pass_min_req[4] == 1 ? $language["ERR_PASS_TOO_WEAK_5"] : $language["ERR_PASS_TOO_WEAK_5A"]) . "</li>" : "") . "<br />" . $language["ERR_PASS_TOO_WEAK_6"] . ":<br /><br /><span style='color:blue;font-weight:bold;'>" . $newpassword . "</span><br />|2";
die;
}
$floor = 100000;
$ceiling = 999999;
srand((double) microtime() * 1000000);
$random = rand($floor, $ceiling);
// finally insert new user
$pid = md5(uniqid(rand(), true));
$multipass = hash_generate(array("salt" => ""), $_POST["pwd"], $_POST["username"]);
$i = $btit_settings["secsui_pass_type"];
do_sqlquery("INSERT INTO `{$TABLE_PREFIX}users` (`username`, `password`, `salt`, `pass_type`, `dupe_hash`, `random`, `id_level`, `email`, `style`, `language`, `joined`, `lastconnect`, `pid`) VALUES ('" . $username . "', '" . mysqli_real_escape_string($DBDT, $multipass[$i]["rehash"]) . "', '" . mysqli_real_escape_string($DBDT, $multipass[$i]["salt"]) . "', '" . $i . "', '" . mysqli_real_escape_string($DBDT, $multipass[$i]["dupehash"]) . "', " . $random . ", " . $idlevel . ", '" . $email . "', " . $idstyle . ", " . $idlangue . ", NOW(), NOW(),'" . $pid . "')", true);
$newuid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
if (!isset($db_prefix)) {
$db_prefix = "smf_";
}
// Continue to create smf members if they disable smf mode
// $test=do_sqlquery("SELECT COUNT(*) FROM {$db_prefix}members");
$test = do_sqlquery("SHOW TABLES LIKE '{$db_prefix}members'");
if (substr($FORUMLINK, 0, 3) == "smf" || mysqli_num_rows($test)) {
$smfpass = smf_passgen($username, $pwd);
$check_lev = get_result("SELECT `smf_group_mirror` FROM `{$TABLE_PREFIX}users_level` WHERE `id`=" . $idlevel);
$flevel = $checklev[0]["smf_group_mirror"] > 0 ? $checklev[0]["smf_group_mirror"] : $idlevel + 10;
if ($FORUMLINK == "smf") {
do_sqlquery("INSERT INTO `{$db_prefix}members` (`memberName`, `dateRegistered`, `ID_GROUP`, `realName`, `passwd`, `emailAddress`, `memberIP`, `memberIP2`, `is_activated`, `passwordSalt`) VALUES ('{$username}', UNIX_TIMESTAMP(), {$flevel}, '{$username}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')");
function aggiungiutente()
{
global $DBDT, $INVITATIONSON, $VALID_INV, $SITENAME, $SITEEMAIL, $BASEURL, $VALIDATION, $USERLANG, $USE_IMAGECODE, $TABLE_PREFIX, $XBTT_USE, $language, $THIS_BASEPATH, $FORUMLINK, $db_prefix, $btit_settings;
$dobdate = $_POST["datepicker"];
$parts = explode('-', $dobdate);
$dobday = $parts[0];
$dobmonth = $parts[1];
$dobyear = $parts[2];
$utente = mysqli_real_escape_string($DBDT, $_POST["user"]);
$pwd = mysqli_real_escape_string($DBDT, $_POST["pwd"]);
$pwd1 = mysqli_real_escape_string($DBDT, $_POST["pwd1"]);
$email = mysqli_real_escape_string($DBDT, $_POST["email"]);
if (isset($_POST["language"])) {
$idlangue = intval($_POST["language"]);
} else {
$idlangue = max(1, $btit_settings["default_language"]);
}
if (isset($_POST["style"])) {
$idstyle = intval($_POST["style"]);
} else {
$idstyle = max(1, $btit_settings["default_style"]);
}
$idflag = intval($_POST["flag"]);
$timezone = intval($_POST["timezone"]);
$heard = mysqli_real_escape_string($DBDT, $_POST["heardaboutus"]);
// Dt Referral
if ($btit_settings["ref_on"] == true) {
$rid = intval($_POST["refa"]);
}
// Dt Referral
if (strtoupper($utente) == strtoupper("Guest")) {
err_msg($language["ERROR"], $language["ERR_GUEST_EXISTS"]);
stdfoot();
exit;
}
if ($pwd != $pwd1) {
err_msg($language["ERROR"], $language["DIF_PASSWORDS"]);
stdfoot();
exit;
}
if ($VALIDATION == "none") {
$idlevel = 3;
} else {
$idlevel = 2;
}
//begin invitation system by dodge
if ($INVITATIONSON == "true") {
if ($VALID_INV == "true") {
$idlevel = 2;
} else {
$idlevel = 3;
}
}
//end invitation system
# Create Random number
$floor = 100000;
$ceiling = 999999;
srand((double) microtime() * 1000000);
$random = rand($floor, $ceiling);
if ($utente == "" || $pwd == "" || $email == "") {
return -1;
exit;
}
$res = do_sqlquery("SELECT email FROM {$TABLE_PREFIX}users WHERE email='{$email}'", true);
if (mysqli_num_rows($res) > 0) {
return -2;
exit;
}
// valid email check - by vibes
$regex = '/\\b[\\w\\.-]+@[\\w\\.-]+\\.\\w{2,4}\\b/i';
if (!preg_match($regex, $email)) {
return -3;
exit;
}
// valid email check end
//Function changed by fatepower so now the variable checks the right data.
//Added the image also. Cheers boys
// check if IP is already in use
if ($btit_settings["dupip"] == "true") {
$ip = getip();
$i = @mysqli_fetch_row(@mysqli_query($GLOBALS["___mysqli_ston"], "SELECT count(*) FROM {$TABLE_PREFIX}users WHERE cip='{$ip}'")) or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
if ($i[0] != 0) {
err_msg(ERROR, "[" . $ip . "]<br /><img src=\"images/shared_ip.gif\" border=\"0\" alt=\"\" />");
block_end();
stdfoot();
exit;
}
}
// duplicate username
$res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE username='******'", true);
if (mysqli_num_rows($res) > 0) {
return -4;
exit;
}
// duplicate username
if (strpos(mysqli_real_escape_string($DBDT, $utente), " ") == true) {
return -7;
exit;
}
if ($btit_settings["gcsw"] == false) {
if ($USE_IMAGECODE) {
if (extension_loaded('gd')) {
$arr = gd_info();
if ($arr['FreeType Support'] == 1) {
$public = $_POST['public_key'];
$private = $_POST['private_key'];
$p = new ocr_captcha();
if ($p->check_captcha($public, $private) != true) {
err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
stdfoot();
exit;
}
} else {
include "{$THIS_BASEPATH}/include/security_code.php";
$scode_index = intval($_POST["security_index"]);
if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
stdfoot();
exit;
}
}
} else {
include "{$THIS_BASEPATH}/include/security_code.php";
$scode_index = intval($_POST["security_index"]);
if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
stdfoot();
exit;
}
}
} else {
include "{$THIS_BASEPATH}/include/security_code.php";
$scode_index = intval($_POST["security_index"]);
if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
stdfoot();
exit;
}
}
} else {
require_once "include/recaptchalib.php";
// reCAPTCHA supported 40+ languages listed here: https://developers.google.com/recaptcha/docs/language
$lang = "en";
// The response from reCAPTCHA
$resp = null;
// The error code from reCAPTCHA, if any
$error = null;
$reCaptcha = new ReCaptcha($btit_settings["gcsekk"]);
if ($_POST["g-recaptcha-response"]) {
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
} else {
err_msg($language["ERROR"], "Recaptcha Not submitted");
stdfoot();
exit;
}
if ($resp != null && $resp->success) {
} else {
err_msg($language["ERROR"], "Google reports , you are a Robot !");
stdfoot();
exit;
}
}
$bannedchar = array("\\", "/", ":", "*", "?", "\"", "@", "\$", "'", "`", ",", ";", ".", "<", ">", "!", "£", "%", "^", "&", "(", ")", "+", "=", "#", "~");
if (straipos(mysqli_real_escape_string($DBDT, $utente), $bannedchar) == true) {
return -8;
exit;
}
$pass_to_test = $_POST["pwd"];
$pass_min_req = explode(",", $btit_settings["secsui_pass_min_req"]);
if (strlen($pass_to_test) < $pass_min_req[0]) {
return -9;
exit;
}
$exploded = explode("@", $email);
$exploded2 = explode(".", $exploded[1]);
$cheapmail = mysqli_real_escape_string($DBDT, $exploded[1]);
$cheapmail2 = mysqli_real_escape_string($DBDT, "@" . $exploded2[0] . ".");
$mailischeap = do_sqlquery("SELECT `domain` FROM `{$TABLE_PREFIX}cheapmail` WHERE `domain`='" . $cheapmail . "' OR `domain`='" . $cheapmail2 . "'", true);
if (@mysqli_num_rows($mailischeap) > 0) {
return -999;
}
$userip = getip();
$signupipblock = @mysqli_fetch_assoc(@mysqli_query($GLOBALS["___mysqli_ston"], "SELECT `id` FROM `{$TABLE_PREFIX}signup_ip_block` WHERE `first_ip` <=INET_ATON('{$userip}') AND `last_ip` >=INET_ATON('{$userip}')"));
if ($signupipblock) {
return -99;
exit;
}
$lct_count = 0;
$uct_count = 0;
$num_count = 0;
$sym_count = 0;
$pass_end = (int) (strlen($pass_to_test) - 1);
$pass_position = 0;
$pattern1 = '#[a-z]#';
$pattern2 = '#[A-Z]#';
$pattern3 = '#[0-9]#';
$pattern4 = '/[¬!"£$%^&*()`{}\\[\\]:@~;\'#<>?,.\\/\\-=_+\\|]/';
for ($pass_position = 0; $pass_position <= $pass_end; $pass_position++) {
if (preg_match($pattern1, substr($pass_to_test, $pass_position, 1), $matches)) {
$lct_count++;
} elseif (preg_match($pattern2, substr($pass_to_test, $pass_position, 1), $matches)) {
$uct_count++;
} elseif (preg_match($pattern3, substr($pass_to_test, $pass_position, 1), $matches)) {
$num_count++;
} elseif (preg_match($pattern4, substr($pass_to_test, $pass_position, 1), $matches)) {
$sym_count++;
}
}
if ($lct_count < $pass_min_req[1] || $uct_count < $pass_min_req[2] || $num_count < $pass_min_req[3] || $sym_count < $pass_min_req[4]) {
return -998;
exit;
}
$multipass = hash_generate(array("salt" => ""), $_POST["pwd"], $_POST["user"]);
$i = $btit_settings["secsui_pass_type"];
$sql = "SELECT value FROM {$TABLE_PREFIX}settings WHERE `key` = \"donate_upload\"";
$req = mysqli_query($GLOBALS["___mysqli_ston"], $sql) or die('Erreur SQL !<br />' . $sql . '<br />' . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
$result = mysqli_fetch_array($req);
$credit = $result['value'];
$sql = "SELECT value FROM {$TABLE_PREFIX}settings WHERE `key` = \"unit\"";
$req = mysqli_query($GLOBALS["___mysqli_ston"], $sql) or die('Erreur SQL !<br />' . $sql . '<br />' . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
$result = mysqli_fetch_array($req);
$unit = $result['value'];
mysqli_free_result($req) || is_object($req) && get_class($req) == "mysqli_result" ? true : false;
$kb = 1024;
$mb = 1024 * 1024;
$gb = 1024 * 1024 * 1024;
$tb = 1024 * 1024 * 1024 * 1024;
if ($unit == 'Kb') {
$uploaded = $credit * $kb;
} elseif ($unit == 'Mb') {
$uploaded = $credit * $mb;
} elseif ($unit == 'Gb') {
$uploaded = $credit * $gb;
} elseif ($unit == 'Tb') {
$uploaded = $credit * $tb;
}
$realdate = checkdate($dobmonth, $dobday, $dobyear);
if ($realdate) {
$dob = $dobyear . "-" . $dobmonth . "-" . $dobday;
$age = userage($dobyear, $dobmonth, $dobday);
$dobtime = mktime(0, 0, 0, $dobmonth, $dobday, $dobyear);
if ($dobtime > time()) {
err_msg($language["ERROR"], $language["ERR_BORN_IN_FUTURE"]);
stdfoot();
exit;
} elseif ($age < $btit_settings["birthday_lower_limit"]) {
err_msg($language["ERROR"], $language["ERR_DOB_1"] . $age . $language["ERR_DOB_2"]);
stdfoot();
exit;
} elseif ($age > $btit_settings["birthday_upper_limit"]) {
err_msg($language["ERROR"], $language["ERR_DOB_1"] . $age . $language["ERR_DOB_2"]);
stdfoot();
exit;
}
} else {
err_msg($language["ERROR"], $language["INVALID_DOB_1"] . $dobday . "/" . $dobmonth . "/" . $dobyear . $language["INVALID_DOB_2"]);
stdfoot();
exit;
}
$mtpp = $btit_settings["max_torrents_per_page"];
$pid = md5(uniqid(rand(), true));
$gen = intval($_POST['gen']);
do_sqlquery("INSERT INTO `{$TABLE_PREFIX}users` (`username`, `password`, `dob` ,`salt`, `pass_type`, `dupe_hash`, `random`, `id_level`, `email`, `style`, `language`, `flag`, `joined`, `lastconnect`, `pid`, `time_offset`, `whereheard`,`gender` , `torrentsperpage`) VALUES ('" . $utente . "', '" . mysqli_real_escape_string($DBDT, $multipass[$i]["rehash"]) . "', '" . $dob . "' , '" . mysqli_real_escape_string($DBDT, $multipass[$i]["salt"]) . "', '" . $i . "', '" . mysqli_real_escape_string($DBDT, $multipass[$i]["dupehash"]) . "', " . $random . ", " . $idlevel . ", '" . $email . "', " . $idstyle . ", " . $idlangue . ", " . $idflag . ", NOW(), NOW(),'" . $pid . "', '" . $timezone . "','" . $heard . "','" . $gen . "','" . $mtpp . "')", true);
$newuid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
// DT reputation system start
$reput = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}reputation_settings WHERE id =1");
$setrep = mysqli_fetch_array($reput);
$plus = $setrep["rep_default"];
if ($setrep["rep_is_online"] == 'false') {
//do nothing
} else {
@mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE {$TABLE_PREFIX}users SET reputation = reputation + '{$plus}' WHERE id='{$newuid}'");
}
// DT reputation system end
//begin invitation system by dodge
if ($INVITATIONSON == "true") {
$inviter = 0 + $_POST["inviter"];
$code = unesc($_POST["code"]);
$res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE id = {$inviter}", true);
$arr = mysqli_fetch_assoc($res);
$invusername = $arr["username"];
do_sqlquery("UPDATE {$TABLE_PREFIX}users SET invited_by='" . $inviter . "' WHERE id='" . $newuid . "'", true);
do_sqlquery("UPDATE {$TABLE_PREFIX}invitations SET confirmed='true' WHERE hash='{$code}'", true);
$msg = sqlesc($language["WELCOME MESSAGE"]);
}
//end invitation system
//DT referral system start
if ($btit_settings["ref_on"] == true) {
$rup = $btit_settings["ref_gb"] * 1024 * 1024 * 1024;
$rap = $btit_settings["ref_sb"];
do_sqlquery("UPDATE {$TABLE_PREFIX}users SET referral={$rid} where id={$newuid}", true);
if ($btit_settings["ref_switch"] == true) {
do_sqlquery("UPDATE {$TABLE_PREFIX}users SET uploaded=uploaded + '{$rup}' where id='{$rid}'");
} else {
do_sqlquery("UPDATE {$TABLE_PREFIX}users SET seedbonus=seedbonus + '{$rap}' where id='{$rid}'");
}
}
//DT referral system end
do_sqlquery("UPDATE {$TABLE_PREFIX}users SET uploaded={$uploaded} WHERE id={$newuid}", true);
// begin - announce new confirmed user in shoutbox
if ($btit_settings["sbtwo"] == true) {
$al = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM {$TABLE_PREFIX}chat ORDER BY id DESC LIMIT 1");
$rw = mysqli_fetch_assoc($al);
$ct = $rw["count"] + 1;
do_sqlquery("INSERT INTO {$TABLE_PREFIX}chat (uid, time, name, text,count) VALUES (0," . time() . ", 'System','[color=green]Welcome New User :[/color][url={$BASEURL}/index.php?page=userdetails&id={$newuid}]" . $utente . "[/url]'," . $ct . ")");
}
// end - announce new confirmed user in shoutbox
// Continue to create smf members if they disable smf mode
$test = do_sqlquery("SHOW TABLES LIKE '{$db_prefix}members'", true);
if (substr($FORUMLINK, 0, 3) == "smf" || mysqli_num_rows($test)) {
$smfpass = smf_passgen($utente, $pwd);
$fetch = get_result("SELECT `smf_group_mirror` FROM `{$TABLE_PREFIX}users_level` WHERE `id`=" . $idlevel, true, $btit_settings["cache_duration"]);
$flevel = $fetch[0]["smf_group_mirror"] > 0 ? $fetch[0]["smf_group_mirror"] : $idlevel + 10;
if ($FORUMLINK == "smf") {
do_sqlquery("INSERT INTO `{$db_prefix}members` (`memberName`, `dateRegistered`, `ID_GROUP`, `realName`, `passwd`, `emailAddress`, `memberIP`, `memberIP2`, `is_activated`, `passwordSalt`) VALUES ('{$utente}', UNIX_TIMESTAMP(), {$flevel}, '{$utente}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')", true);
} else {
do_sqlquery("INSERT INTO `{$db_prefix}members` (`member_name`, `date_registered`, `id_group`, `real_name`, `passwd`, `email_address`, `member_ip`, `member_ip2`, `is_activated`, `password_salt`) VALUES ('{$utente}', UNIX_TIMESTAMP(), {$flevel}, '{$utente}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')", true);
}
$fid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = {$fid} WHERE `variable` = 'latestMember'", true);
do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = '{$utente}' WHERE `variable` = 'latestRealName'", true);
do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = UNIX_TIMESTAMP() WHERE `variable` = 'memberlist_updated'", true);
do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = `value` + 1 WHERE `variable` = 'totalMembers'", true);
do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `smf_fid`={$fid} WHERE `id`={$newuid}", true);
}
// Continue to create ipb members if they disable ipb mode
$test = do_sqlquery("SHOW TABLES LIKE '{$ipb_prefix}members'");
if ($FORUMLINK == "ipb" || mysqli_num_rows($test)) {
ipb_create($utente, $email, $pwd, $idlevel, $newuid);
}
// xbt
if ($XBTT_USE) {
$resin = do_sqlquery("INSERT INTO xbt_users (uid, torrent_pass) VALUES ({$newuid},'{$pid}')", true);
}
include "include/userstuff.php";
$sub = sqlesc("{$GLOBALS['welcome_sub']}");
$mess = sqlesc("{$GLOBALS['welcome_msg']}");
send_pm(0, $newuid, $sub, $mess);
if ($INVITATIONSON == "true") {
send_pm('2', $newuid, '" . $language["WELCOME"] . "', $msg);
if ($VALID_INV == "true") {
send_mail($email, "{$SITENAME} " . $language["REG_CONFIRM"] . "", $language["INVIT_MSGINFO"] . "{$email}" . $language["INVIT_MSGINFO1"] . " {$utente}\n" . $language["INVIT_MSGINFO2"] . " {$pwd}\n\n" . $language["INVIT_MSGINFO3"], "From: {$SITENAME} <{$SITEEMAIL}>");
} else {
send_mail($email, "{$SITENAME} " . $language["REG_CONFIRM"] . "", $language["INVIT_MSGINFO"] . "{$email}" . $language["INVIT_MSGINFO1"] . " {$utente}\n" . $language["INVIT_MSGINFO2"] . " {$pwd}\n\n\n" . $language["INVIT_MSG_AUTOCONFIRM3"], "From: {$SITENAME} <{$SITEEMAIL}>");
}
write_log("Signup new user {$utente} ({$email})", "add");
} else {
if ($VALIDATION == "user") {
ini_set("sendmail_from", "");
if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 0) {
send_mail($email, $language["ACCOUNT_CONFIRM"], $language["ACCOUNT_MSG"] . "\n\n" . $BASEURL . "/index.php?page=account&act=confirm&confirm={$random}&language={$idlangue}");
write_log("Signup new user {$utente} ({$email})", "add");
} else {
die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
}
}
}
return is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false);
}
stderr($language["ERROR"], $language["INS_NEW_PWD"]);
} elseif ($_POST["new_pwd"] != $_POST["new_pwd1"]) {
stderr($language["ERROR"], $language["DIF_PASSWORDS"]);
} elseif (strlen($pass_to_test) < $pass_min_req[0]) {
stderr($language["ERROR"], $language["ERR_PASS_LENGTH_1"] . " <b><span style=\"color:blue;\">" . $pass_min_req[0] . "</span></b> " . $language["ERR_PASS_LENGTH_2"]);
} elseif ($lct_count < $pass_min_req[1] || $uct_count < $pass_min_req[2] || $num_count < $pass_min_req[3] || $sym_count < $pass_min_req[4]) {
$newpassword = pass_the_salt(30);
stderr($language["ERROR"], $language["ERR_PASS_TOO_WEAK_1"] . ":<br /><br />" . ($pass_min_req[1] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[1] . "</span> " . ($pass_min_req[1] == 1 ? $language["ERR_PASS_TOO_WEAK_2"] : $language["ERR_PASS_TOO_WEAK_2A"]) . "</li>" : "") . ($pass_min_req[2] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[2] . "</span> " . ($pass_min_req[2] == 1 ? $language["ERR_PASS_TOO_WEAK_3"] : $language["ERR_PASS_TOO_WEAK_3A"]) . "</li>" : "") . ($pass_min_req[3] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[3] . "</span> " . ($pass_min_req[3] == 1 ? $language["ERR_PASS_TOO_WEAK_4"] : $language["ERR_PASS_TOO_WEAK_4A"]) . "</li>" : "") . ($pass_min_req[4] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[4] . "</span> " . ($pass_min_req[4] == 1 ? $language["ERR_PASS_TOO_WEAK_5"] : $language["ERR_PASS_TOO_WEAK_5A"]) . "</li>" : "") . "<br />" . $language["ERR_PASS_TOO_WEAK_6"] . ":<br /><br /><span style='color:blue;font-weight:bold;'>" . $newpassword . "</span><br />");
} else {
$testpass = hash_generate(array("salt" => $CURUSER["salt"]), $_POST["old_pwd"], $CURUSER["username"]);
$respwd = do_sqlquery("SELECT * FROM `{$TABLE_PREFIX}users` WHERE `id`={$uid} AND `password`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $testpass[$CURUSER["pass_type"]]["hash"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "' AND username="******"username"]) . "", true);
if (!$respwd || mysqli_num_rows($respwd) == 0) {
stderr($language["ERROR"], $language["ERR_RETR_DATA"]);
} else {
$arr = mysqli_fetch_assoc($respwd);
$multipass = hash_generate(array("salt" => ""), $_POST["new_pwd"], $CURUSER["username"]);
$i = $btit_settings["secsui_pass_type"];
do_sqlquery("UPDATE {$TABLE_PREFIX}users SET `password`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["rehash"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', `salt`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["salt"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', `pass_type`='" . $i . "', `dupe_hash`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["dupehash"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "' WHERE id={$uid} AND password='******' AND username="******"username"]) . "", true);
if (substr($GLOBALS["FORUMLINK"], 0, 3) == "smf") {
$passhash = smf_passgen($CURUSER["username"], $_POST["new_pwd"]);
do_sqlquery("UPDATE `{$db_prefix}members` SET `passwd`='{$passhash['0']}', `password" . ($GLOBALS["FORUMLINK"] == "smf" ? "S" : "_s") . "alt`='{$passhash['1']}' WHERE " . ($GLOBALS["FORUMLINK"] == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $arr["smf_fid"], true);
} elseif ($GLOBALS["FORUMLINK"] == "ipb") {
if (!defined('IPS_ENFORCE_ACCESS')) {
define('IPS_ENFORCE_ACCESS', true);
}
if (!defined('IPB_THIS_SCRIPT')) {
define('IPB_THIS_SCRIPT', 'public');
}
require_once $THIS_BASEPATH . '/ipb/initdata.php';
require_once IPS_ROOT_PATH . 'sources/base/ipsRegistry.php';
require_once IPS_ROOT_PATH . 'sources/base/ipsController.php';
echo $tpl->fetch(load_template("main.tpl"));
die;
} elseif ($act == "generate") {
$id = intval(0 + $_GET["id"]);
$random = intval($_GET["random"]);
if (!$id || !$random || empty($random) || $random == 0) {
stderr($language["ERROR"], $language["ERR_UPDATE_USER"]);
}
$res = do_sqlquery("SELECT `username`, `email`, `random`" . (substr($GLOBALS["FORUMLINK"], 0, 3) == "smf" ? ", `smf_fid`" : ($GLOBALS["FORUMLINK"] == "ipb" ? ", ipb_fid" : "")) . " FROM `{$TABLE_PREFIX}users` WHERE `id` = {$id}", true);
$arr = mysqli_fetch_array($res);
if ($random != $arr["random"]) {
stderr($language["ERROR"], $language["ERR_UPDATE_USER"]);
}
$email = $arr["email"];
$newpassword = pass_the_salt(30);
$multipass = hash_generate(array("salt" => ""), $newpassword, $arr["username"]);
$i = $btit_settings["secsui_pass_type"];
do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `password`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["rehash"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', `salt`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["salt"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', `pass_type`='" . $i . "', `dupe_hash`='" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["dupehash"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "' WHERE `id`={$id} AND `random`={$random}", true);
if (!mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
stderr($language["ERROR"], $language["ERR_UPDATE_USER"]);
}
if (substr($GLOBALS["FORUMLINK"], 0, 3) == "smf") {
$passhash = smf_passgen($arr["username"], $newpassword);
do_sqlquery("UPDATE `{$db_prefix}members` SET `passwd`='{$passhash['0']}', `password" . ($FORUMLINK == "smf" ? "S" : "_s") . "alt`='{$passhash['1']}' WHERE " . ($FORUMLINK == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $arr["smf_fid"], true);
} elseif ($GLOBALS["FORUMLINK"] == "ipb") {
if (!defined('IPS_ENFORCE_ACCESS')) {
define('IPS_ENFORCE_ACCESS', true);
}
if (!defined('IPB_THIS_SCRIPT')) {
define('IPB_THIS_SCRIPT', 'public');
}
$is_member = true;
// Check stored password in cookies
if ($CNpass and $user_member[UDB_PASS] == $CNpass) {
$password = true;
}
if (!empty($_SESS['user']) && $_SESS['user'] == $name) {
$is_member = true;
} elseif (empty($password)) {
$comments = preg_replace(array("'\"'", "'\\''", "''"), array(""", "'", ""), $comments);
$name = replace_comment("add", preg_replace("/\n/", "", $name));
$mail = replace_comment("add", preg_replace("/\n/", "", $mail));
$remcheck = $CNremember == '1' ? ' checked="checked" ' : '';
echo proc_tpl('enter_passcode');
return FALSE;
} else {
$gen = hash_generate($password);
// password ok?
if (in_array($user_member[UDB_PASS], $gen) || $CNpass && $user_member[UDB_PASS] == $CNpass) {
// if check remember password -> echo this script
if (empty($CNrememberPass) == false) {
$name = htmlspecialchars($name);
if (empty($mail)) {
$mail = htmlspecialchars($user_member[UDB_EMAIL]);
}
echo read_tpl('remember') . '<script type="text/javascript">CNRememberPass("' . $user_member[UDB_PASS] . '", "' . $name . '", "' . $mail . '")</script>';
}
// hide email
$mail = $user_member[UDB_CBYEMAIL] ? false : $user_member[UDB_EMAIL];
$captcha_enabled = false;
} else {
echo '<div class="blocking_posting_comment">' . lang('Wrong password!') . ' <a href="javascript:document.location = \'' . $_SERVER['HTTP_REFERER'] . '\'">' . lang('Refresh') . '</a></div>';
$is_loged_in = true;
} else {
$_SESS['user'] = false;
$is_loged_in = false;
send_cookie();
}
}
// ---------------------------------------------------------------------------------------------------------------------
// If User is Not Logged In, Display The Login Page
// First RUN
if ($enter_without_login) {
$is_loged_in = TRUE;
// Initial
$member_db = array(UDB_ID => time(), UDB_ACL => ACL_LEVEL_ADMIN, UDB_NAME => 'Administrator', UDB_PASS => md5('123456'), UDB_NICK => '', UDB_EMAIL => '*****@*****.**', UDB_COUNT => 0, UDB_CBYEMAIL => 1, UDB_AVATAR => '', UDB_LAST => time());
if (REQ('section') == 'main_area') {
$ht = hash_generate(REQ('admin_passwd'));
$member_db[UDB_NAME] = REQ('admin_name');
$member_db[UDB_EMAIL] = REQ('admin_email');
$member_db[UDB_PASS] = $ht[count($ht) - 1];
if (REQ('admin_name') == false) {
msg('error', lang('error'), lang('Enter name'), '#GOBACK');
}
if (REQ('admin_email') == false) {
msg('error', lang('error'), lang('Enter email'), '#GOBACK');
}
if (REQ('admin_passwd') == false) {
msg('error', lang('error'), lang('Enter password'), '#GOBACK');
}
// add user
user_add($member_db);
make_crypt_salt();
$username = empty($_POST['user']) ? $_POST['username'] : $_SESS['ix'];
$password = $_POST['password'];
// User is banned
if ($bandata = user_getban($ip, false)) {
if ($bandata[1] > $config_ban_attempts + 1) {
msg('error', lang('Error!'), getpart('youban', format_date($bandata[2], 'since-short')));
}
}
if (empty($_SESS['user'])) {
/* Login Authorization using COOKIES */
if ($action == 'dologin') {
// Check referer
RereferCheck();
// Do we have correct username and password ?
$member_db = user_search($username);
$cmd5_password = hash_generate($password);
if (in_array($member_db[UDB_PASS], $cmd5_password)) {
$_SESS['ix'] = $username;
$_SESS['user'] = $username;
if ($rememberme == 'yes') {
$_SESS['@'] = true;
} elseif (isset($_SESS['@'])) {
unset($_SESS['@']);
}
add_to_log($username, 'login');
user_remove_ban($ip);
// Modify Last Login
$member_db[UDB_LAST] = time();
user_update($username, $member_db);
$is_loged_in = true;
send_cookie();
if ($_REQ['widget_personal_action'] === 'login') {
if (!isset($_SESSION['.CSRF'])) {
$_SESSION['.CSRF'] = '';
}
if ($_REQ['widget_personal_csrf'] && $_REQ['widget_personal_csrf'] === $_SESSION['.CSRF']) {
$login = $_REQ['widget_personal_username'];
$pass = $_REQ['widget_personal_password'];
$rem = isset($_REQ['widget_personal_rememberme']) && !empty($_REQ['widget_personal_rememberme']);
// Get User Session
$_SESSION['user'] = $login;
$user = member_get();
if ($user['acl'] == ACL_LEVEL_ADMIN) {
cn_front_message("Admin login denied from this place", 'login');
$_SESSION['user'] = null;
} elseif ($login && $pass) {
$gp = hash_generate($pass);
if (in_array($user['pass'], $gp)) {
$_SESSION['user'] = $login;
if ($rem) {
$_POST['cn_remember_me'] = $rem;
}
$_POST['CN_COOKIE_POSTPROCESS'] = TRUE;
} else {
$_SESSION['user'] = null;
cn_front_message('Invalid login or password', 'login');
}
} else {
$_SESSION['user'] = null;
}
} else {
cn_front_message("CSRF attempt!", 'login');
function aggiungiutente()
{
global $SITENAME, $SITEEMAIL, $BASEURL, $VALIDATION, $USERLANG, $USE_IMAGECODE, $TABLE_PREFIX, $XBTT_USE, $language, $THIS_BASEPATH, $FORUMLINK, $db_prefix, $btit_settings;
$utente = isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $_POST["user"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "");
$pwd = isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $_POST["pwd"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "");
$pwd1 = isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $_POST["pwd1"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "");
$email = isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $_POST["email"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "");
$idlangue = intval($_POST["language"]);
$idstyle = intval($_POST["style"]);
$idflag = intval($_POST["flag"]);
$timezone = intval($_POST["timezone"]);
if (strtoupper($utente) == strtoupper("Guest")) {
err_msg($language["ERROR"], $language["ERR_GUEST_EXISTS"]);
stdfoot();
exit;
}
if ($pwd != $pwd1) {
err_msg($language["ERROR"], $language["DIF_PASSWORDS"]);
stdfoot();
exit;
}
if ($VALIDATION == "none") {
$idlevel = 3;
} else {
$idlevel = 2;
}
# Create Random number
$floor = 100000;
$ceiling = 999999;
srand((double) microtime() * 1000000);
$random = rand($floor, $ceiling);
if ($utente == "" || $pwd == "" || $email == "") {
return -1;
exit;
}
$res = do_sqlquery("SELECT email FROM {$TABLE_PREFIX}users WHERE email='{$email}'", true);
if (mysqli_num_rows($res) > 0) {
return -2;
exit;
}
// valid email check - by vibes
$regex = '/\\b[\\w\\.-]+@[\\w\\.-]+\\.\\w{2,4}\\b/i';
if (!preg_match($regex, $email)) {
return -3;
exit;
}
// valid email check end
// duplicate username
$res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE username='******'", true);
if (mysqli_num_rows($res) > 0) {
return -4;
exit;
}
// duplicate username
if (strpos(isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $utente) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : ""), " ") == true) {
return -7;
exit;
}
if ($USE_IMAGECODE) {
if (extension_loaded('gd')) {
$arr = gd_info();
if ($arr['FreeType Support'] == 1) {
$public = $_POST['public_key'];
$private = $_POST['private_key'];
$p = new ocr_captcha();
if ($p->check_captcha($public, $private) != true) {
err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
stdfoot();
exit;
}
} else {
include "{$THIS_BASEPATH}/include/security_code.php";
$scode_index = intval($_POST["security_index"]);
if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
stdfoot();
exit;
}
}
} else {
include "{$THIS_BASEPATH}/include/security_code.php";
$scode_index = intval($_POST["security_index"]);
if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
stdfoot();
exit;
}
}
} else {
include "{$THIS_BASEPATH}/include/security_code.php";
$scode_index = intval($_POST["security_index"]);
if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
stdfoot();
exit;
}
}
$bannedchar = array("\\", "/", ":", "*", "?", "\"", "@", "\$", "'", "`", ",", ";", ".", "<", ">", "!", "£", "%", "^", "&", "(", ")", "+", "=", "#", "~");
if (straipos(isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $utente) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : ""), $bannedchar) == true) {
return -8;
exit;
}
$pass_to_test = $_POST["pwd"];
$pass_min_req = explode(",", $btit_settings["secsui_pass_min_req"]);
if (strlen($pass_to_test) < $pass_min_req[0]) {
return -9;
exit;
}
$lct_count = 0;
$uct_count = 0;
$num_count = 0;
$sym_count = 0;
$pass_end = (int) (strlen($pass_to_test) - 1);
$pass_position = 0;
$pattern1 = '#[a-z]#';
$pattern2 = '#[A-Z]#';
$pattern3 = '#[0-9]#';
$pattern4 = '/[¬!"£$%^&*()`{}\\[\\]:@~;\'#<>?,.\\/\\-=_+\\|]/';
for ($pass_position = 0; $pass_position <= $pass_end; $pass_position++) {
if (preg_match($pattern1, substr($pass_to_test, $pass_position, 1), $matches)) {
$lct_count++;
} elseif (preg_match($pattern2, substr($pass_to_test, $pass_position, 1), $matches)) {
$uct_count++;
} elseif (preg_match($pattern3, substr($pass_to_test, $pass_position, 1), $matches)) {
$num_count++;
} elseif (preg_match($pattern4, substr($pass_to_test, $pass_position, 1), $matches)) {
$sym_count++;
}
}
if ($lct_count < $pass_min_req[1] || $uct_count < $pass_min_req[2] || $num_count < $pass_min_req[3] || $sym_count < $pass_min_req[4]) {
return -998;
exit;
}
$multipass = hash_generate(array("salt" => ""), $_POST["pwd"], $_POST["user"]);
$i = $btit_settings["secsui_pass_type"];
$pid = md5(uniqid(rand(), true));
do_sqlquery("INSERT INTO `{$TABLE_PREFIX}users` (`username`, `password`, `salt`, `pass_type`, `dupe_hash`, `random`, `id_level`, `email`, `style`, `language`, `flag`, `joined`, `lastconnect`, `pid`, `time_offset`) VALUES ('" . $utente . "', '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["rehash"]) : (trigger_error("[MySQLConverterToo] Fix the mysqli_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["salt"]) : (trigger_error("[MySQLConverterToo] Fix the mysqli_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', '" . $i . "', '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["dupehash"]) : (trigger_error("[MySQLConverterToo] Fix the mysqli_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', " . $random . ", " . $idlevel . ", '" . $email . "', " . $idstyle . ", " . $idlangue . ", " . $idflag . ", NOW(), NOW(),'" . $pid . "', '" . $timezone . "')", true);
$newuid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
// Continue to create smf members if they disable smf mode
$test = do_sqlquery("SHOW TABLES LIKE '{$db_prefix}members'", true);
if (substr($FORUMLINK, 0, 3) == "smf" || mysqli_num_rows($test)) {
$smfpass = smf_passgen($utente, $pwd);
$fetch = get_result("SELECT `smf_group_mirror` FROM `{$TABLE_PREFIX}users_level` WHERE `id`=" . $idlevel, true, $btit_settings["cache_duration"]);
$flevel = $fetch[0]["smf_group_mirror"] > 0 ? $fetch[0]["smf_group_mirror"] : $idlevel + 10;
if ($FORUMLINK == "smf") {
do_sqlquery("INSERT INTO `{$db_prefix}members` (`memberName`, `dateRegistered`, `ID_GROUP`, `realName`, `passwd`, `emailAddress`, `memberIP`, `memberIP2`, `is_activated`, `passwordSalt`) VALUES ('{$utente}', UNIX_TIMESTAMP(), {$flevel}, '{$utente}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')", true);
} else {
do_sqlquery("INSERT INTO `{$db_prefix}members` (`member_name`, `date_registered`, `id_group`, `real_name`, `passwd`, `email_address`, `member_ip`, `member_ip2`, `is_activated`, `password_salt`) VALUES ('{$utente}', UNIX_TIMESTAMP(), {$flevel}, '{$utente}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')", true);
}
$fid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = {$fid} WHERE `variable` = 'latestMember'", true);
do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = '{$utente}' WHERE `variable` = 'latestRealName'", true);
do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = UNIX_TIMESTAMP() WHERE `variable` = 'memberlist_updated'", true);
do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = `value` + 1 WHERE `variable` = 'totalMembers'", true);
do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `smf_fid`={$fid} WHERE `id`={$newuid}", true);
}
// Continue to create ipb members if they disable ipb mode
$test = do_sqlquery("SHOW TABLES LIKE '{$ipb_prefix}members'");
if ($FORUMLINK == "ipb" || mysqli_num_rows($test)) {
ipb_create($utente, $email, $pwd, $idlevel, $newuid);
}
// xbt
if ($XBTT_USE) {
$resin = do_sqlquery("INSERT INTO xbt_users (uid, torrent_pass) VALUES ({$newuid},'{$pid}')", true);
}
if ($VALIDATION == "user") {
ini_set("sendmail_from", "");
if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 0) {
send_mail($email, $language["ACCOUNT_CONFIRM"], $language["ACCOUNT_MSG"] . "\n\n" . $BASEURL . "/index.php?page=account&act=confirm&confirm={$random}&language={$idlangue}");
write_log("Signup new user {$utente} ({$email})", "add");
} else {
die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
}
}
return is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false);
}
// Check validation
if ($the_email) {
$user_arr = user_search($the_email, 'email');
$user = $user_arr[UDB_NAME];
} else {
add_to_log(':anonym:', 'Validate "s" parameter: invalid request');
msg("error", lang('Error!'), lang("Validation is broken"), '#GOBACK');
}
// Generate
srand(time());
$salt = "abcdefghjkmnpqrstuvwxyz0123456789-ABCDEFGHIJKLMNOPQRSTUVWXYZ";
for ($i = 0; $i < 9; $i++) {
$new_pass .= $salt[rand(0, strlen($salt) - 1)];
}
// Save new password
$hmet = hash_generate($new_pass);
$user_arr[UDB_PASS] = $hmet[count($hmet) - 1];
print_r($new_pass);
print_R($hmet);
user_update($user, $user_arr);
$message = str_replace(array('%1', '%2'), array($user, $new_pass), lang("Hi %1,\nYour new password for CuteNews is\n\n %2\n\nplease after you login change this password."));
send_mail($user_arr[UDB_EMAIL], lang("Your New Password for CuteNews"), $message);
add_to_log($user, lang('New password received'));
msg("info", lang("Password Sent"), str_replace('%1', $user, lang("The new password for <b>%1</b> was sent to the email.")));
} else {
if ($config_allow_registration != "1") {
msg("error", lang('Error!'), lang("User registration is Disabled"), '#GOBACK');
}
echoheader("user", lang("User Registration"));
echo proc_tpl('register/reg', array('result' => $result));
echofooter();
