예제 #1
0
파일: index.php 프로젝트: cbsistem/nexos
function mail_password()
{
    global $user_prefix, $db, $pagetitle, $userinfo;
    if ((!isset($_POST['lost_username']) || empty($_POST['lost_username'])) && (!isset($_POST['lost_email']) || empty($_POST['lost_email']))) {
        cpg_error('Please enter either a username or email address');
    }
    if (isset($_POST['lost_username']) && (!isset($_POST['lost_email']) || empty($_POST['lost_email']))) {
        $username = Fix_Quotes($_POST['lost_username']);
        if (empty($username) || strtolower($username) == 'anonymous') {
            cpg_error('Invalid username');
        }
        $sql = "username='******'";
    } else {
        $sql = "user_email='" . Fix_Quotes($_POST['lost_email']) . "'";
    }
    $result = $db->sql_query('SELECT username, user_email, user_password, user_level FROM ' . $user_prefix . '_users WHERE ' . $sql);
    $pagetitle .= ' ' . _BC_DELIM . ' ' . _PASSWORDLOST;
    if ($db->sql_numrows($result) != 1) {
        cpg_error(_SORRYNOUSERINFO);
    } else {
        $row = $db->sql_fetchrow($result);
        $username = $row['username'];
        if ($row['user_level'] > 0) {
            global $sitename, $MAIN_CFG;
            $code = $_POST['code'];
            $areyou = substr($row['user_password'], 0, 10);
            $from = 'noreply@' . str_replace('www.', '', $MAIN_CFG['server']['domain']);
            if ($areyou == $code) {
                $newpass = make_pass(8, 5);
                $message = _USERACCOUNT . " '{$username}' " . _AT . " {$sitename} " . _HASTHISEMAIL . "  " . _AWEBUSERFROM . " " . decode_ip($userinfo["user_ip"]) . " " . _HASREQUESTED . "\n\n" . _YOURNEWPASSWORD . " {$newpass}\n\n " . _YOUCANCHANGE . " " . URL::index('Your_Account', true, true) . "\n\n" . _IFYOUDIDNOTASK;
                $subject = _USERPASSWORD4 . " {$username}";
                if (!send_mail($mailer_message, $message, 0, $subject, $row['user_email'], $username, $from)) {
                    cpg_error($mailer_message);
                }
                // Next step: add the new password to the database
                $cryptpass = md5($newpass);
                $query = "UPDATE " . $user_prefix . "_users SET user_password='******' WHERE username='******'";
                if (!$db->sql_query($query)) {
                    cpg_error(_UPDATEFAILED);
                }
                cpg_error(_PASSWORD4 . " {$username} " . _MAILED, _TB_INFO, URL::index());
                // If no code, send it
            } else {
                $message = _USERACCOUNT . " '{$username}' " . _AT . " {$sitename} " . _HASTHISEMAIL . " " . _AWEBUSERFROM . " " . decode_ip($userinfo["user_ip"]) . " " . _CODEREQUESTED . "\n\n" . _YOURCODEIS . " {$areyou} \n\n" . _WITHTHISCODE . " " . URL::index('&op=pass_lost', true, true) . "\n" . _IFYOUDIDNOTASK2;
                $subject = _CODEFOR . " {$username}";
                if (!send_mail($mailer_message, $message, 0, $subject, $row['user_email'], $username, $from)) {
                    cpg_error($mailer_message);
                }
                cpg_error(_CODEFOR . " {$username} " . _MAILED, _TB_INFO, URL::index('&op=pass_lost'));
            }
        } elseif ($row['user_level'] == 0) {
            cpg_error(_ACCSUSPENDED);
        } elseif ($row['user_level'] == -1) {
            cpg_error(_ACCDELETED);
        }
    }
}
예제 #2
0
    }
} elseif ($op == "reset_passwd") {
    /*** verification securite ***/
    if ($grade['a'] != 'a' && $grade['b'] != 'b' && $grade['j'] != 'j') {
        js_goto($PHP_SELF);
    }
    $db->select("id,passwd,email");
    $db->from("{$dbprefix}joueurs");
    $db->where("id = '{$id}'");
    $db->exec();
    $joueur = $db->fetch();
    if ($db->num_rows() != 1) {
        show_erreur($strElementsJoueurInvalide);
    } else {
        // génération du nouveau pass
        $nv_pass = make_pass();
        $array1 = array("%nomsite%", "%urlsite%", "%passwd%");
        $array2 = array($config['nomsite'], $config['urlsite'], $nv_pass);
        if ($config['mail'] != 'N') {
            // envoi du mail contenant le nouveau pass
            $to = $joueur->email;
            $from = $config['emailcontact'];
            $subject = $strPasswordEmail;
            $subject = str_replace($array1, $array2, $subject);
            $body = $strPasswordEmailMessage;
            $body = str_replace($array1, $array2, $body);
            $mail = new phpTMailer();
            $mail->From = $from;
            $mail->FromName = "";
            $mail->AddAddress($to);
            $mail->Subject = $subject;
예제 #3
0
function make_pass_rand(&$p, $names = null)
{
    $p[!empty($names['input']) ? $names['input'] : 'pass'] = rand_pass();
    make_pass($p, $names);
}
예제 #4
0
파일: users.php 프로젝트: cbsistem/nexos
     }
     $username = Fix_Quotes($_POST['username'], 1);
     $email = Fix_Quotes($_POST['email'], 1);
     $password = Fix_Quotes($_POST['password'], 1);
     if ($password != Fix_Quotes($_POST['password_confirm'], 1)) {
         cpg_error(_PASSDIFFERENT);
     } else {
         if (strlen($password) < $MAIN_CFG['member']['minpass'] && $password != '') {
             cpg_error(_YOUPASSMUSTBE . ' <b>' . $MAIN_CFG['member']['minpass'] . '</b> ' . _CHARLONG);
         }
     }
     userCheck($_POST['username'], $_POST['email']);
     $fieldlist = $valuelist = '';
     check_fields($fieldlist, $valuelist, $fields);
     if (empty($password)) {
         $password = make_pass(8, 5);
     }
     $result = $db->sql_query('INSERT INTO ' . $user_prefix . '_users (username, user_email, user_password, user_regdate, user_avatar' . $fieldlist . ') ' . "VALUES ('{$username}', '{$email}', '" . md5($password) . "', '" . time() . "', '" . $MAIN_CFG['avatar']['default'] . "'" . $valuelist . ')');
     $message = _WELCOMETO . " {$MAIN_CFG['global']['sitename']}!\n\n" . _YOUUSEDEMAIL . " ({$email}) " . _TOREGISTER . " {$MAIN_CFG['global']['sitename']}.\n\n " . _FOLLOWINGMEM . "\n" . _USERNAME . ": {$username}\n" . _PASSWORD . ": {$password}";
     send_mail($dummy, $message, 0, _ACTIVATIONSUB, $email, $username);
     URL::redirect(URL::admin());
 } else {
     if ($_POST['mode'] == 'promoteConf') {
         if ($CPG_SESS['admin']['page'] != 'users') {
             cpg_error(_ERROR_BAD_LINK, _SEC_ERROR);
         }
         if (can_admin()) {
             list($num) = $db->sql_ufetchrow("SELECT COUNT(*) FROM " . $prefix . "_admins WHERE aid='{$_POST['aid']}'", SQL_NUM);
             if ($num > 0) {
                 cpg_error(_NAMEERROR);
             } else {
예제 #5
0
파일: views.php 프로젝트: ricobl/frix
	function forgot () {
		
		// Load Auth app
		$auth_app = Frix::app('auth');
		
		// Already authorized?
		if ($auth_app->get_user()) {
			// Go to the admin home
			redir(url(self::$root));
		}
		
		// Load AuthUser model
		$auth_app->load_model('AuthUser');
		// Get model meta
		$meta = AuthUser::meta();
		
		$f = new Form;
		$f->add_fields(array(
			'email' => new CharField('E-mail', array('length' => 100)),
		));
		
		if ($_SERVER['REQUEST_METHOD'] == 'POST') {
			
			// Get form data
			$f->input($_POST);
			
			$email = $f->get_email();
			
			// Check for a valid e-mail address.
			if (!validate_email($email)) {
				self::$context['msg'] = sprintf('Invalid e-mail address "%s"!', $email);
				self::$context['msg_type'] = 'err';
			}
			else {
				// Get user by e-mail address
				$user = $meta->one(array('email' => $email));
				
				if ($user) {
					
					// Create a new password
					$pass = make_pass();
					
					$msg =
						'Your new passord is:' . "\n" .
						$pass . "\n\n" .
						'You can log in using your username:'******'New password', $msg, Frix::app('settings')->get('contact_email'), $user->email);
					
					// Error sending the msg?
					if (!$ok) {
						self::$context['msg'] =
							'Couldn\'t send msg.<br />' .
							'Password not changed.'
						;
						self::$context['msg_type'] = 'err';
					}
					// Message sucessfully sent?
					else {
						// Change user password and save
						$user->set_password($pass);
						$user->save();
						// Redirect with a success msg
						redir('./?sent=1');
					}
					
				}
				else {
					self::$context['msg'] = sprintf('E-mail address "%s" not found!', $email);
					self::$context['msg_type'] = 'err';
				}
			}
			
		}
		else {
			if ($_GET['sent']) {
				self::$context['msg'] =
					'The new password was sent!<br />'.
					'Please check your inbox.'
				;
				self::$context['msg_type'] = 'ok';
			}
			else {
				self::$context['msg'] = 'Type your e-mail to get a new password.';
			}
		}
		
		self::$context['form'] = $f;
		
		$t = new Template('frix/admin/forgot');
		echo $t->render(self::$context);
		
	}
예제 #6
0
파일: register.php 프로젝트: cbsistem/nexos
function register_finish()
{
    global $db, $user_cfg, $user_prefix, $sitename, $sec_code, $CPG_SESS, $userinfo, $MAIN_CFG;
    if ($sec_code & 4) {
        if (!validate_secimg()) {
            cpg_error(_SECCODEINCOR);
        }
    }
    $fields = $_SESSION['REGISTER'];
    if (empty($fields['username'])) {
        cpg_error('session gone...');
    }
    $random = empty($fields['password']);
    if ($random) {
        $fields['password'] = make_pass(8, 5);
    }
    $user_email = $fields['email'];
    $fieldlist = $valuelist = '';
    check_fields($fieldlist, $valuelist, $fields, false);
    $username = $fields['username'];
    $password = $random ? "\n" . _PASSWORD . ': ' . $fields['password'] : '';
    mt_srand((double) microtime() * 1000000);
    $check_num = mt_rand(0, 1000000);
    $check_num = md5($check_num);
    $new_password = md5($fields['password']);
    $user_regdate = time();
    if ($user_cfg['useactivate'] || $user_cfg['requireadmin']) {
        $result = $db->sql_query("INSERT INTO " . $user_prefix . "_users_temp (username, user_email, user_password, user_regdate, check_num, time" . $fieldlist . ") VALUES ('{$username}', '{$user_email}', '{$new_password}', '{$user_regdate}', '{$check_num}', {$user_regdate} {$valuelist})");
    } else {
        $result = $db->sql_query("INSERT INTO " . $user_prefix . "_users (username, user_email, user_password, user_regdate, user_lastvisit, user_avatar {$fieldlist}) VALUES ('{$username}', '{$user_email}', '{$new_password}', '{$user_regdate}', {$user_regdate}, '{$MAIN_CFG['avatar']['default']}' {$valuelist})");
        if ($user_cfg['send_welcomepm']) {
            welcome_pm();
        }
    }
    $uid = $db->sql_nextid('user_id');
    $finishlink = URL::index("&file=register&activate={$uid}&check_num={$check_num}", true, true);
    $message = _WELCOMETO . " {$sitename}!\n\n" . _YOUUSEDEMAIL . " ({$user_email}) ";
    if ($fields['coppa']) {
        //		$message = $lang['COPPA'];
        //		$email_template = 'coppa_welcome_inactive';
        $message .= _TOAPPLY . " {$sitename}.\n\n" . _WAITAPPROVAL . "\n\n" . _FOLLOWINGMEM . "\n" . _USERNAME . ": {$username}{$password}";
        $subject = _APPLICATIONSUB;
        OpenTable();
        echo "<center><b>" . _ACCOUNTRESERVED . "</b><br /><br />" . _YOUAREPENDING . "<br /><br />" . _THANKSAPPL . " {$sitename}!</center>";
    } else {
        if (!$user_cfg['requireadmin']) {
            $message .= _TOREGISTER . " {$sitename}.\n\n";
            OpenTable();
            echo "<center><b>" . _ACCOUNTCREATED . "</b><br /><br />" . _YOUAREREGISTERED . "<br /><br />";
            if ($user_cfg['useactivate']) {
                echo _FINISHUSERCONF;
                $message .= _TOFINISHUSER . "\n\n {$finishlink}\n\n";
                //<- Is the activation link in email. DJMaze
                $subject = _ACTIVATIONSUB;
            } else {
                echo _FINISHUSERCONF2 . '<a href="' . URL::index() . '">' . _FINISHUSERCONF3 . '</a>.';
                $subject = _REGISTRATIONSUB;
            }
            echo '<br /><br />' . _THANKSUSER . " {$sitename}!</center>";
            $message .= _FOLLOWINGMEM . "\n" . _USERNAME . ": {$username}{$password}";
        } else {
            $message .= _TOAPPLY . " {$sitename}.\n\n" . _WAITAPPROVAL . "\n\n" . _FOLLOWINGMEM . "\n" . _USERNAME . ": {$username}{$password}";
            $subject = _APPLICATIONSUB;
            OpenTable();
            echo '<center><b>' . _ACCOUNTRESERVED . '</b><br /><br />' . _YOUAREPENDING . '<br /><br />' . _THANKSAPPL . " {$sitename}!</center>";
        }
    }
    $from = 'noreply@' . str_replace('www.', '', $MAIN_CFG['server']['domain']);
    if (!send_mail($mailer_message, $message, 0, $subject, $user_email, $username, $from)) {
        echo 'Member mail: ' . $mailer_message;
    }
    if ($user_cfg['sendaddmail']) {
        if ($user_cfg['requireadmin']) {
            $subject = "{$sitename} - " . _MEMAPL;
        } else {
            $subject = "{$sitename} - " . _MEMADD;
        }
        $message = "{$username} has been added to {$sitename}.\n\nUser IP: " . decode_ip($userinfo['user_ip']) . "\n--------------------------------------------------------\nDo not reply to this message!!";
        if (!send_mail($mailer_message, $message, 0, $subject)) {
            echo "Admin mail: " . $mailer_message;
        }
    }
    CloseTable();
    unset($_SESSION['REGISTER']);
}