public function makeAccount($Username, $Password, $Email, $SendEmail = true, $Enabled = 1, $Quiet = false) { global $DB; if ($this->accountNameInUse($Username) || $this->accountEmailInUse($Email)) { return -3; } // Create the account $Secret = make_secret(); $TS = md5(time() . $Secret . time()); $DB->query("INSERT INTO users (Username, Password, Email, Enabled, Secret, AuthKey, JoinDate) VALUES('%s', '%s', '%s', %d, '%s', '%s')", db_string($Username), db_string(make_hash($Password, $Secret)), db_string($Email), db_string($Enabled), db_string($Secret), db_string($TS), sqltime()); $UserID = $DB->inserted_id(); if ($SendEmail == true) { $EmailTemplate = file_get_contents(SERVER_ROOT . '/res/confirm_account.tpl'); $EmailTemplate = str_replace('%Username%', $Username, $EmailTemplate); $EmailTemplate = str_replace('%AuthKey%', $TS, $EmailTemplate); $Subject = 'Redstone Mods Account Confirmation'; $Headers = 'From: "PTPIMG Mailer" <*****@*****.**>' . PHP_EOL . 'X-Mailer: PHP/' . phpversion() . PHP_EOL; if (mail($Email, $Subject, $EmailTemplate, $Headers)) { if (!$Quiet) { echo "Account created! Please check your email to confirm your account. You will not be able to login until you have confirmed your email address."; } } else { if (!$Quiet) { die("Unknown error, contact admins for additional help."); } else { die; } } } if (is_number($UserID)) { return $UserID; } else { return -1; } }
function _wpr_process_sendmail_parameters($sid, $params, $footerMessage = "") { global $wpdb; $subscriber = new Subscriber($sid); $newsletter = _wpr_newsletter_get($subscriber->getNewsletterId()); //if the fromname field is set in the newsletter, then use that value otherwise use the blog name. $fromname = !empty($params['fromname']) ? $params['fromname'] : !empty($newsletter->fromname) ? $newsletter->fromname : get_bloginfo("name"); if ($newsletter->reply_to) { $replyto = $newsletter->reply_to; } $unsuburl = wpr_get_unsubscription_url($sid); $subject = $params['subject']; $address = get_option("wpr_address"); $textUnSubMessage = "\n\n{$address}\n\n" . __("To unsubscribe or change subscription options visit", 'wpr_autoresponder') . ":\r\n\r\n{$unsuburl}"; $reply_to = $newsletter->reply_to; $htmlbody = trim($params['htmlbody']); $textbody = $params['textbody']; $subject = $params['subject']; //append the address and the unsub link to the email $address = "<br>\n<br>\n" . nl2br(get_option("wpr_address")) . "<br>\n<br>\n"; $htmlUnSubscribeMessage = "<br><br>" . $address . "<br><br>" . __("To unsubscribe or change subscriber options visit:", 'wpr_autoresponder') . "<br />\n\r\n <a href=\"{$unsuburl}\">{$unsuburl}</a>"; $htmlenabled = $params['htmlenabled'] ? 1 : 0; if (!empty($htmlbody)) { if ($footerMessage && !empty($htmlbody)) { $htmlbody .= nl2br($footerMessage) . "<br>\n<br>\n"; } if (strstr($htmlbody, "[!unsubscribe!]")) { $htmlbody = str_replace("[!unsubscribe!]", $unsuburl, $htmlbody); } else { $htmlbody .= $htmlUnSubscribeMessage; } } if ($footerMessage) { $params['textbody'] .= $footerMessage . "\n\n"; } if (strstr($params['textbody'], "[!unsubscribe!]")) { $textbody = str_replace("[!unsubscribe!]", $unsuburl, $textbody); } else { $textbody = $params['textbody'] . $textUnSubMessage; } $textbody = addslashes($textbody); $htmlbody = addslashes($htmlbody); $subject = addslashes($subject); $time = time(); $subject = str_replace("[!name!]", $subscriber->getName(), $subject); $textbody = str_replace("[!name!]", $subscriber->getName(), $textbody); $htmlbody = str_replace("[!name!]", $subscriber->getName(), $htmlbody); $delivery_type = !empty($params['delivery_type']) ? $params['delivery_type'] : 0; $email_type = !empty($params['email_type']) ? $params['email_type'] : 'misc'; $meta_key = !empty($params['meta_key']) ? $params['meta_key'] : "Misc-{$sid}-{$time}"; $hash = make_hash(array_merge(array('sid' => $sid), $params)); $from = !empty($params['fromemail']) ? $params['fromemail'] : !empty($newsletter->fromemail) ? $newsletter->fromemail : get_bloginfo('admin_email'); $parameters = array('from' => $from, 'fromname' => $fromname, 'to' => $subscriber->email, 'reply_to' => $reply_to, 'subject' => $subject, 'htmlbody' => $htmlbody, 'textbody' => $textbody, 'headers' => '', 'htmlenabled' => $htmlenabled, 'delivery_type' => $delivery_type, 'email_type' => $email_type, 'meta_key' => $meta_key, 'hash' => $hash); return $parameters; }
$DB->query("SELECT COUNT(ID) FROM users_main"); list($UserCount) = $DB->next_record(); if($UserCount == 0) { $NewInstall = true; $Class = SYSOP; $Enabled = '1'; } else { $NewInstall = false; $Class = USER; $Enabled = '0'; } $DB->query("INSERT INTO users_main (Username,Email,PassHash,Secret,torrent_pass,IP,PermissionID,Enabled,Invites,Uploaded) VALUES ('".db_string(trim($_REQUEST['username']))."','".db_string($_REQUEST['email'])."','".db_string(make_hash($_REQUEST['password'],$Secret))."','".db_string($Secret)."','".db_string($torrent_pass)."','".db_string($_SERVER['REMOTE_ADDR'])."','".$Class."','".$Enabled."','".STARTING_INVITES."', '524288000')"); $DB->query("SELECT ID FROM stylesheets WHERE `Default`='1'"); list($StyleID) = $DB->next_record(); $UserID = $DB->inserted_id(); $AuthKey = make_secret(); $DB->query("INSERT INTO users_info (UserID,StyleID,AuthKey, Inviter, JoinDate) VALUES ('$UserID','$StyleID','".db_string($AuthKey)."', '$InviterID', '".sqltime()."')"); $DB->query("INSERT INTO users_history_ips (UserID, IP, StartTime) VALUES ('$UserID', '".db_string($_SERVER['REMOTE_ADDR'])."', '".sqltime()."')");
$Secret = make_secret(); $torrent_pass = make_secret(); //Previously SELECT COUNT(ID) FROM users_main, which is a lot slower. $DB->query("SELECT ID FROM users_main LIMIT 1"); $UserCount = $DB->record_count(); if ($UserCount == 0) { $NewInstall = true; $Class = SYSOP; $Enabled = '1'; } else { $NewInstall = false; $Class = USER; $Enabled = '0'; } $ipcc = geoip($_SERVER['REMOTE_ADDR']); $DB->query("INSERT INTO users_main \n\t\t\t\t(Username,Email,PassHash,Secret,IP,PermissionID,Enabled,Invites,ipcc) VALUES\n\t\t\t\t('" . db_string(trim($_POST['username'])) . "','" . db_string($_POST['email']) . "','" . db_string(make_hash($_POST['password'], $Secret)) . "','" . db_string($Secret) . "','" . db_string($_SERVER['REMOTE_ADDR']) . "','" . $Class . "','" . $Enabled . "','" . STARTING_INVITES . "', '{$ipcc}')"); $UserID = $DB->inserted_id(); //User created, delete invite. If things break after this point then it's better to have a broken account to fix, or a 'free' invite floating around that can be reused $DB->query("DELETE FROM invites WHERE InviteKey='" . db_string($_REQUEST['invite']) . "'"); $DB->query("SELECT ID FROM stylesheets WHERE `Default`='1'"); list($StyleID) = $DB->next_record(); $AuthKey = make_secret(); $DB->query("INSERT INTO users_info (UserID, StyleID,AuthKey, Inviter, JoinDate) VALUES ('{$UserID}','{$StyleID}','" . db_string($AuthKey) . "', '{$InviterID}', '" . sqltime() . "')"); $DB->query("INSERT INTO users_history_ips\n\t\t\t\t\t(UserID, IP, StartTime) VALUES\n\t\t\t\t\t('{$UserID}', '" . db_string($_SERVER['REMOTE_ADDR']) . "', '" . sqltime() . "')"); $DB->query("INSERT INTO users_history_emails\n\t\t\t\t(UserID, Email, Time, IP) VALUES \n\t\t\t\t('{$UserID}', '" . db_string($_REQUEST['email']) . "', '0000-00-00 00:00:00', '" . db_string($_SERVER['REMOTE_ADDR']) . "')"); if ($_REQUEST['email'] != $InviteEmail) { $DB->query("INSERT INTO users_history_emails\n\t\t\t\t\t(UserID, Email, Time, IP) VALUES \n\t\t\t\t\t('{$UserID}', '{$InviteEmail}', '" . sqltime() . "', '" . db_string($_SERVER['REMOTE_ADDR']) . "')"); } // Manage invite trees, delete invite if ($InviterID !== NULL) { $DB->query("SELECT \n\t\t\t\t\tTreePosition, TreeID, TreeLevel \n\t\t\t\t\tFROM invite_tree WHERE UserID='{$InviterID}'");
//Show our beautiful header show_header('Create a User'); //Make sure the form was sent if (isset($_POST['Username'])) { authorize(); //Create variables for all the fields $Username = $_POST['Username']; $Email = $_POST['Email']; $Password = $_POST['Password']; //Make sure all the fields are filled in if (!empty($Username) && !empty($Email) && !empty($Password)) { //Create hashes... $Secret = make_secret(); $torrent_pass = make_secret(); //Create the account $DB->query("INSERT INTO users_main (Username,Email,PassHash,Secret,torrent_pass,Enabled,PermissionID, Language) VALUES ('" . db_string($Username) . "','" . db_string($Email) . "','" . db_string(make_hash($Password, $Secret)) . "','" . db_string($Secret) . "','" . db_string($torrent_pass) . "','1','" . USER . "', 'en')"); //Increment site user count $Cache->increment('stats_user_count'); //Grab the userid $UserID = $DB->inserted_id(); update_tracker('add_user', array('id' => $UserID, 'passkey' => $torrent_pass)); //Default stylesheet $DB->query("SELECT ID FROM stylesheets"); list($StyleID) = $DB->next_record(); //Auth key $AuthKey = make_secret(); //Give them a row in users_info $DB->query("INSERT INTO users_info \n\t\t(UserID,StyleID,AuthKey,JoinDate) VALUES \n\t\t('" . db_string($UserID) . "','" . db_string($StyleID) . "','" . db_string($AuthKey) . "', '" . sqltime() . "')"); //Redirect to users profile header("Location: user.php?id=" . $UserID); //What to do if we don't have a username, email, or password
if ($MergeStatsFrom && check_perms('users_edit_ratio')) { $DB->query("SELECT ID, Uploaded, Downloaded FROM users_main WHERE Username LIKE '" . $MergeStatsFrom . "'"); if ($DB->record_count() > 0) { list($MergeID, $MergeUploaded, $MergeDownloaded) = $DB->next_record(); $DB->query("UPDATE users_main AS um JOIN users_info AS ui ON um.ID=ui.UserID SET um.Uploaded = 0, um.Downloaded = 0, ui.AdminComment = CONCAT('" . sqltime() . " - Stats merged into http://" . NONSSL_SITE_URL . "/user.php?id=" . $UserID . " (" . $Cur['Username'] . ") by " . $LoggedUser['Username'] . "\n\n', ui.AdminComment) WHERE ID = " . $MergeID); $UpdateSet[] = "Uploaded = Uploaded + '{$MergeUploaded}'"; $UpdateSet[] = "Downloaded = Downloaded + '{$MergeDownloaded}'"; $EditSummary[] = "stats merged from http://" . NONSSL_SITE_URL . "/user.php?id=" . $MergeID . " (" . $MergeStatsFrom . ")"; $Cache->delete_value('users_stats_' . $UserID); $Cache->delete_value('users_stats_' . $MergeID); } } if ($Pass && check_perms('users_edit_password')) { $Secret = make_secret(); $UpdateSet[] = "Secret='{$Secret}'"; $UpdateSet[] = "PassHash='" . db_string(make_hash($Pass, $Secret)) . "'"; $EditSummary[] = 'password reset'; $Cache->delete_value('user_info_' . $UserID); $Cache->delete_value('user_info_heavy_' . $UserID); $Cache->delete_value('user_stats_' . $UserID); $Cache->delete_value('enabled_' . $UserID); $DB->query("SELECT SessionID FROM users_sessions WHERE UserID='{$UserID}'"); while (list($SessionID) = $DB->next_record()) { $Cache->delete_value('session_' . $UserID . '_' . $SessionID); } $Cache->delete_value('users_sessions_' . $UserID); $DB->query("DELETE FROM users_sessions WHERE UserID='{$UserID}'"); } if (empty($UpdateSet) && empty($EditSummary)) { if (!$Reason) { if (str_replace("\r", '', $Cur['AdminComment']) != str_replace("\r", '', $AdminComment) && check_perms('users_disable_any')) {
} else { // User has not attempted to log in recently $Attempts = 1; $DB->query("INSERT INTO login_attempts \n\t\t\t\t(UserID,IP,LastAttempt,Attempts) VALUES \n\t\t\t\t('" . db_string($UserID) . "','" . db_string($_SERVER['REMOTE_ADDR']) . "','" . sqltime() . "',1)"); } } // end log_attempt function // If user has submitted form if (isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password'])) { $Err = $Validate->ValidateForm($_POST); if (!$Err) { // Passes preliminary validation (username and password "look right") $DB->query("SELECT\n\t\t\t\tID,\n\t\t\t\tPermissionID,\n\t\t\t\tCustomPermissions,\n\t\t\t\tPassHash,\n\t\t\t\tSecret,\n\t\t\t\tEnabled\n\t\t\t\tFROM users_main WHERE Username='******'username']) . "' \n\t\t\t\tAND Username<>''"); list($UserID, $PermissionID, $CustomPermissions, $PassHash, $Secret, $Enabled) = $DB->next_record(MYSQLI_NUM, array(2)); if (strtotime($BannedUntil) < time()) { if ($UserID && $PassHash == make_hash($_POST['password'], $Secret)) { if ($Enabled == 1) { $SessionID = make_secret(); $Cookie = $Enc->encrypt($Enc->encrypt($SessionID . '|~|' . $UserID)); if (isset($_POST['keeplogged']) && $_POST['keeplogged']) { $KeepLogged = 1; setcookie('session', $Cookie, time() + 60 * 60 * 24 * 365, '/', '', false); } else { $KeepLogged = 0; setcookie('session', $Cookie, 0, '/', '', false); } //TODO: another tracker might enable this for donors, I think it's too stupid to bother adding that // Because we <3 our staff $Permissions = get_permissions($PermissionID); $CustomPermissions = unserialize($CustomPermissions); if (isset($Permissions['Permissions']['site_disable_ip_history']) || isset($CustomPermissions['site_disable_ip_history'])) {
} switch ($_GET['act']) { case 'login': case 'logout': //------------------- // LOGIN/LOGOUT //------------------- if (isset($_GET['act']) && $_GET['act'] == "logout") { logout(); } // Process the input if (!empty($_GET['tkl'])) { if (isset($_POST['username']) && preg_match('/^[a-z0-9_?]{1,20}$/iD', $_POST['username']) && strlen($_POST['password']) < 40) { $DB->query("SELECT\n\t\t\t\t\tID,\n\t\t\t\t\tPassword,\n\t\t\t\t\tSecret,\n\t\t\t\t\tEnabled\n\t\t\t\t\tFROM users WHERE Username='******'username']) . "'\n\t\t\t\t\tAND Username<>''"); list($UserID, $PassHash, $Secret, $Enabled) = $DB->next_record(); if ($UserID && $PassHash == make_hash($_POST['password'], $Secret) && $Enabled == 1) { $User->doLogin($UserID); if (empty($_POST['ref_page'])) { header("Location: index.php"); } else { $URL = base64_decode($_POST['ref_page']); if (preg_match('/^\\/[a-zA-Z0-9]+\\.php/i', $URL)) { header("Location: {$URL}"); } else { header("Location: index.php"); } } exit; } else { echo "<font color='red'><strong>BAD USERNAME/PASSWORD, try again</strong></font>"; }
} } } } } else { $header = 'Please, wait 15 seconds, to Earn your Credits. Browse the site below, in the mean time!'; } } } if ($log_str) { fap_log($log_str); } if ($ajax_request) { exit('<b>' . $header . '</b>'); } $e = make_hash(unmix_link(strtoupper($u)) . $h); $parts = parse_url($userlink); $domain = $parts['scheme'] . '://' . $parts['host']; //die($domain); $opts = array($parts['scheme'] => array(max_redirects => 99)); $context = stream_context_create($opts); $content = file_get_contents($userlink); $content = reltoabs($content, $domain); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title>Free AD Planet - Earn Credits</title> <script type="text/javascript" src="jsm.js"></script> <script type="text/javascript"> <!--
$Cache->begin_transaction('user_info_' . $UserID); $Cache->update_row(false, array('Avatar' => $_POST['avatar'], 'Paranoia' => $Paranoia, 'Country' => $Country, 'Anonymous' => $Anonymous)); $Cache->commit_transaction(0); $Cache->begin_transaction('user_info_heavy_' . $UserID); $Cache->update_row(false, array('StyleID' => $_POST['stylesheet'], 'StyleURL' => $_POST['styleurl'], 'DownloadAlt' => $DownloadAlt)); $Cache->update_row(false, $Options); $Cache->commit_transaction(0); $SQL = "UPDATE users_main AS m JOIN users_info AS i ON m.ID=i.UserID SET\n\ti.StyleID='" . db_string($_POST['stylesheet']) . "',\n\ti.StyleURL='" . db_string($_POST['styleurl']) . "',\n\ti.Avatar='" . db_string($_POST['avatar']) . "',\n\ti.SiteOptions='" . db_string(serialize($Options)) . "',\n\ti.Info='" . db_string($_POST['info']) . "',\n\ti.DownloadAlt='{$DownloadAlt}',\n\tm.Email='" . db_string($_POST['email']) . "',\n\tm.IRCKey='" . db_string($_POST['irckey']) . "',\n i.Country='" . $Country . "',\n\ti.Timezone='" . $Timezone . "',"; if (check_perms('anonymous')) { $SQL .= "m.Anonymous='" . db_string($Anonymous) . "',"; } $SQL .= "m.Paranoia='" . db_string(serialize($Paranoia)) . "'"; if ($ResetPassword) { $ChangerIP = db_string($LoggedUser['IP']); $Secret = make_secret(); $PassHash = make_hash($_POST['new_pass_1'], $Secret); $SQL .= ",m.Secret='" . db_string($Secret) . "',m.PassHash='" . db_string($PassHash) . "'"; $DB->query("INSERT INTO users_history_passwords\n\t\t(UserID, ChangerIP, ChangeTime) VALUES\n\t\t('{$UserID}', '{$ChangerIP}', '" . sqltime() . "')"); } if (isset($_POST['resetpasskey'])) { $OldPassKey = db_string($LoggedUser['torrent_pass']); $NewPassKey = db_string(make_secret()); $ChangerIP = db_string($LoggedUser['IP']); $SQL .= ",m.torrent_pass='******'"; $DB->query("INSERT INTO users_history_passkeys\n\t\t\t(UserID, OldPassKey, NewPassKey, ChangerIP, ChangeTime) VALUES\n\t\t\t('{$UserID}', '{$OldPassKey}', '{$NewPassKey}', '{$ChangerIP}', '" . sqltime() . "')"); $Cache->begin_transaction('user_info_heavy_' . $UserID); $Cache->update_row(false, array('torrent_pass' => $NewPassKey)); $Cache->commit_transaction(0); $Cache->delete_value('user_' . $OldPassKey); update_tracker('change_passkey', array('oldpasskey' => $OldPassKey, 'newpasskey' => $NewPassKey)); }
public function change_password($post) { $email = $this->session->userdata('email'); $this->db->set('password', make_hash($post['pwd2'])); $this->db->where('email', $email); $this->db->update('users'); if ($this->db->affected_rows() > 0) { return true; } return false; }
public function make_hash($var = 1) { echo make_hash($var); }
public function index() { $this->data['title'] = 'PhoneShop - Stam'; $this->data['content'] = make_hash(12345); $this->load->view('templates/main', $this->data); }