function ValidateRegisterForm($post)
{
if (validateFirstName($post['firstName']) && validateLastName($post['lastName']) && validateEmail($post['email']) && validatePassword($post['password']) && validateConfirmPassword($post['confirmPassword']) && validateGender($post['gender']) && validateContactNumber($post['contactNumber']) && validateAddress($post['address'])) {
return true;
} else {
return false;
}
}
function init()
{
if ($this->esoTalk->user) {
redirect("");
}
global $language, $messages, $config;
$this->title = $language["Forgot your password"];
$this->esoTalk->addToHead("<meta name='robots' content='noindex, noarchive'/>");
// If we're on the second step (they've clicked the link in their email)
if ($hash = @$_GET["q2"]) {
// Get the user with this recover password hash
$result = $this->esoTalk->db->query("SELECT memberId FROM {$config["tablePrefix"]}members WHERE resetPassword='******'");
if (!$this->esoTalk->db->numRows($result)) {
redirect("forgotPassword");
}
list($memberId) = $this->esoTalk->db->fetchRow($result);
$this->setPassword = true;
// Validate the form if it was submitted
if (isset($_POST["changePassword"])) {
$password = @$_POST["password"];
$confirm = @$_POST["confirm"];
if ($error = validatePassword(@$_POST["password"])) {
$this->errors["password"] = $error;
}
if ($password != $confirm) {
$this->errors["confirm"] = "passwordsDontMatch";
}
if (!count($this->errors)) {
$passwordHash = md5($config["salt"] . $password);
$this->esoTalk->db->query("UPDATE {$config["tablePrefix"]}members SET resetPassword=NULL, password='******' WHERE memberId={$memberId}");
$this->esoTalk->message("passwordChanged", false);
redirect("");
}
}
}
// If they've submitted their email for a password link, email them!
if (isset($_POST["email"])) {
// Find the member with this email
$result = $this->esoTalk->db->query("SELECT memberId, name, email FROM {$config["tablePrefix"]}members WHERE email='{$_POST["email"]}'");
if (!$this->esoTalk->db->numRows($result)) {
$this->esoTalk->message("emailDoesntExist");
return;
}
list($memberId, $name, $email) = $this->esoTalk->db->fetchRow($result);
// Set a special 'forgot password' hash
$hash = md5(rand());
$this->esoTalk->db->query("UPDATE {$config["tablePrefix"]}members SET resetPassword='******' WHERE memberId={$memberId}");
// Send the email
if (sendEmail($email, sprintf($language["emails"]["forgotPassword"]["subject"], $name), sprintf($language["emails"]["forgotPassword"]["body"], $name, $config["forumTitle"], $config["baseURL"] . makeLink("forgot-password", $hash)))) {
$this->esoTalk->message("passwordEmailSent", false);
redirect("");
}
}
}
public function validatePasswordHandle($password)
{
global $sourcedir;
require_once $sourcedir . '/Subs-Auth.php';
$passwordError = validatePassword($password, $regOptions['username'], array($regOptions['email']));
// Password isn't legal?
if ($passwordError != null) {
return false;
}
return true;
}
function authAdmin($username, $password)
{
global $config;
if (!checkLock("checkadmin")) {
return false;
}
if ($config['admin_username'] == $username && validatePassword($password, $config['admin_password'], $config['admin_passwordformat'])) {
return true;
} else {
lockAction("checkadmin");
return false;
}
}
function UserSignUp()
{
if (isset($_POST['su-btn-submit'])) {
if (isset($_POST['email']) && isset($_POST['username']) && isset($_POST['password']) && isset($_POST['confirm-password']) && isset($_POST['tos-checkbox'])) {
//Get submitted values
$email = validateEmail($_POST['email']) ? 1 : 0;
$user = validateUsername($_POST['username']) ? 1 : 0;
$password = validatePassword($_POST['password']) ? 1 : 0;
$password_hash = password_hash($_POST['password'], PASSWORD_DEFAULT);
$cf_pass = password_verify($_POST['confirm-password'], $password_hash) ? 1 : 0;
$tos_cb = $_POST['tos-checkbox'] ? 1 : 0;
}
}
}
function verification($username, $password)
{
// On va récupérer l'utilisateur précis
$reponse = getUser($username);
// On vérifie si l'adresse email et mot de passe correspondent
if (validatePassword($username, $password)) {
$connected = true;
// le nom et le prénom servent à assurer à l'utilisateur qu'il est connecté
// et connecté avec le bon compte
$_SESSION['first_name'] = $reponse[0]['Prenom'];
$_SESSION['last_name'] = $reponse[0]['Nom'];
// nécessaire pour valider le niveau d'accès de l'utilisateur
$_SESSION['user_type'] = $reponse[0]['TypeUtilisateur'];
//nécessaire pour accéder à d'autres informations liées à l'utilisateur plus loin
// dans la session
$_SESSION['no_user'] = $reponse[0]['NoUtilisateur'];
} else {
$connected = false;
}
return $connected;
}
function getDataErrors($data)
{
$messages = [];
if (empty($data['first_name']) || empty($data['last_name']) || empty($data['username']) || empty($data['password'])) {
$messages[] = 'Παρακαλούμε συμπληρώστε όλα τα πεδία';
return $messages;
}
if (!validateName($data['first_name'])) {
$messages[] = 'Το όνομα σας περιέχει μη επιτρεπτούς χαρακτήρες. Παρακαλούμε εισάγετε μόνο γράμματα της αλφαβήτας';
}
if (!validateName($data['last_name'])) {
$messages[] = 'Το επώνυμό σας περιέχει μη επιτρεπτούς χαρακτήρες. Παρακαλούμε εισάγετε μόνο γράμματα της αλφαβήτας';
}
if (!validateUsername($data['username'])) {
$messages[] = 'Το username σας περιέχει μη πετρεπτούς χαρακτήρες. Παρακαλούμε εισάγετε μόνο λατινικούς χαρακτήρες και αριθμούς';
}
if (!validateEmail($data['email'])) {
$messages[] = 'Το e-mail σας δεν είναι έγκυρο. Παρακούμε εισάγετε ένα έγκυρο e-mail.';
}
if (!validatePassword($data['password'])) {
$messages[] = 'Μη επιτρεπτός κωδικός. Ο κωδικός σας πρέπει να περιλαμβάνει τουλάχιστον 8 ψηφία.';
}
return $messages;
}
<?php
if (isset($_POST["submit_update_user"])) {
$id = $_GET['id'];
$changepass = false;
//$username = $_POST['new_user_username'];
//$username = validateUserName($username) ? $_POST['new_user_username'] : false;
if (!empty($_POST['new_user_password'])) {
$changepass = true;
$bh_password = $_POST['new_user_password'];
$bh_password = validatePassword($bh_password) ? $_POST['new_user_password'] : false;
$password = passwordHash($bh_password);
}
$email = $_POST['new_user_email'];
//$vip = isset($_POST['new_user_vip']) ? 1 : 0;
$bp_role = $_POST['new_user_role'];
$bp_vip = $_POST['new_user_vip'];
if ($bp_vip == 0) {
$vip = 0;
$vip_start = null;
$vip_expire = null;
} elseif ($bp_vip == -1) {
$vip = -1;
$vip_start = $current_datetime;
$vip_expire = null;
} else {
$vip = $bp_vip;
$vip_start = strtotime($current_datetime);
$vip_expire = strtotime('+' . $vip . ' day', $vip_start);
$vip_start = $current_datetime;
$vip_expire = date('Y-m-d H:i:s', $vip_expire);
<?php
echo '<html>';
echo '<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="public/css/bootstrap.min.css" integrity="sha512-dTfge/zgoMYpP7QbHy4gWMEGsbsdZeCXz7irItjcC3sPUFtf0kuFbDz/ixG7ArTxmDjLXDmezHubeNikyKGVyQ==" crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet" href="public/css/bootstrap-theme.min.css" integrity="sha384-aUGj/X2zp5rLCbBxumKTCw2Z50WgIr1vs/PFN4praOTvYXWlVyh2UtNUU0KAUhAX" crossorigin="anonymous">
<!-- Latest compiled and minified JavaScript -->
<script src="public/js/bootstrap.min.js" integrity="sha512-K1qjQ+NcF2TYO/eI3M6v8EiNYZfA95pQumfvcVrTHtwQVDG+aHRqLi/ETn2uB+1JqwYqVG3LIvdm9lj6imS/pQ==" crossorigin="anonymous"></script>';
enter();
echo '<form method="POST" action="http://localhost:8000">
<div class="form-group">
<label for="exampleInputLogin">Login:</label>
<input type="text" class="form-control" id="exampleInputLogin" name="login"/><br/>' . validateLogin($_REQUEST['login']) . '
</div>
<div class="form-group">
<label for="exampleInputPassword1">Password</label>
<input type="text" class="form-control" id="exampleInputPassword" name="password"/></br>' . validatePassword($_REQUEST['password']) . '
</div>
<input type="submit" class="btn btn-default" value="Send"/>
</form>';
enter();
echo '<a href="/src/reg.php">Зарегистрируйтесь</a>';
echo '</html>';
/* http://getbootstrap.com/getting-started/#template - Sign-in page http://getbootstrap.com/examples/signin/ */
/*сделать форму регистрации*/
$form['message'] = getPOST('message');
$form['captchaValue'] = getPOST('captchaValue');
$form['captchaId'] = getPOST('captchaId');
// Add datetime
date_default_timezone_set('Europe/Berlin');
$form['date'] = date("F j, Y, g:i a");
// Check for empty fields
foreach ($form as $key => $value) {
if (!$value) {
$errorMsg .= 'The field "' . $key . '" may not be empty.<br>';
}
}
if (!validateEmail($form['email'])) {
$errorMsg .= "Please check your email address entered.<br>";
}
if (!validatePassword($form['password'], $form['confirmPassword'])) {
$errorMsg .= "Passwords does not match.<br>";
}
if (!validateCaptcha($form['captchaValue'], $form['captchaId'])) {
$errorMsg .= "Please check captcha.<br>";
}
// Remember selectbox
for ($i == 1; $i < 4; $i++) {
if ($form['subject'] == $i) {
$formHelper['select' . $i] = "selected=selected";
}
}
## Store if validation was successful
if (!$errorMsg) {
// Save in textfile for demo reasons only.
// Passwords are not filtered and stored in plaintext, hash function with salt and pepper must be used!
function registerMember(&$regOptions, $return_errors = false)
{
global $scripturl, $txt, $modSettings, $context, $sourcedir;
global $user_info, $options, $settings, $smcFunc;
loadLanguage('Login');
// We'll need some external functions.
require_once $sourcedir . '/lib/Subs-Auth.php';
require_once $sourcedir . '/lib/Subs-Post.php';
// Put any errors in here.
$reg_errors = array();
// Registration from the admin center, let them sweat a little more.
if ($regOptions['interface'] == 'admin') {
is_not_guest();
isAllowedTo('moderate_forum');
} elseif ($regOptions['interface'] == 'guest') {
// You cannot register twice...
if (empty($user_info['is_guest'])) {
redirectexit();
}
// Make sure they didn't just register with this session.
if (!empty($_SESSION['just_registered']) && empty($modSettings['disableRegisterCheck'])) {
fatal_lang_error('register_only_once', false);
}
}
// What method of authorization are we going to use?
if (empty($regOptions['auth_method']) || !in_array($regOptions['auth_method'], array('password', 'openid'))) {
if (!empty($regOptions['openid'])) {
$regOptions['auth_method'] = 'openid';
} else {
$regOptions['auth_method'] = 'password';
}
}
// No name?! How can you register with no name?
if (empty($regOptions['username'])) {
$reg_errors[] = array('lang', 'need_username');
}
// Spaces and other odd characters are evil...
$regOptions['username'] = preg_replace('~[\\t\\n\\r\\x0B\\0' . ($context['server']['complex_preg_chars'] ? '\\x{A0}' : " ") . ']+~u', ' ', $regOptions['username']);
// Don't use too long a name.
if (commonAPI::strlen($regOptions['username']) > 25) {
$reg_errors[] = array('lang', 'error_long_name');
}
// Only these characters are permitted.
if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~&#(?:\\d{1,7}|x[0-9a-fA-F]{1,6});~', '', $regOptions['username'])) != 0 || $regOptions['username'] == '_' || $regOptions['username'] == '|' || strpos($regOptions['username'], '[code') !== false || strpos($regOptions['username'], '[/code') !== false) {
$reg_errors[] = array('lang', 'error_invalid_characters_username');
}
if (commonAPI::strtolower($regOptions['username']) === commonAPI::strtolower($txt['guest_title'])) {
$reg_errors[] = array('lang', 'username_reserved', 'general', array($txt['guest_title']));
}
// !!! Separate the sprintf?
if (empty($regOptions['email']) || preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $regOptions['email']) === 0 || strlen($regOptions['email']) > 255) {
$reg_errors[] = array('done', sprintf($txt['valid_email_needed'], commonAPI::htmlspecialchars($regOptions['username'])));
}
if (!empty($regOptions['check_reserved_name']) && isReservedName($regOptions['username'], 0, false)) {
if ($regOptions['password'] == 'chocolate cake') {
$reg_errors[] = array('done', 'Sorry, I don\'t take bribes... you\'ll need to come up with a different name.');
}
$reg_errors[] = array('done', '(' . htmlspecialchars($regOptions['username']) . ') ' . $txt['name_in_use']);
}
// Generate a validation code if it's supposed to be emailed.
$validation_code = '';
if ($regOptions['require'] == 'activation') {
$validation_code = generateValidationCode();
}
// If you haven't put in a password generate one.
if ($regOptions['interface'] == 'admin' && $regOptions['password'] == '' && $regOptions['auth_method'] == 'password') {
mt_srand(time() + 1277);
$regOptions['password'] = generateValidationCode();
$regOptions['password_check'] = $regOptions['password'];
} elseif ($regOptions['password'] != $regOptions['password_check'] && $regOptions['auth_method'] == 'password') {
$reg_errors[] = array('lang', 'passwords_dont_match');
}
// That's kind of easy to guess...
if ($regOptions['password'] == '') {
if ($regOptions['auth_method'] == 'password') {
$reg_errors[] = array('lang', 'no_password');
} else {
$regOptions['password'] = sha1(mt_rand());
}
}
// Now perform hard password validation as required.
if (!empty($regOptions['check_password_strength'])) {
$passwordError = validatePassword($regOptions['password'], $regOptions['username'], array($regOptions['email']));
// Password isn't legal?
if ($passwordError != null) {
$reg_errors[] = array('lang', 'profile_error_password_' . $passwordError);
}
}
// If they are using an OpenID that hasn't been verified yet error out.
// !!! Change this so they can register without having to attempt a login first
if ($regOptions['auth_method'] == 'openid' && (empty($_SESSION['openid']['verified']) || $_SESSION['openid']['openid_uri'] != $regOptions['openid'])) {
$reg_errors[] = array('lang', 'openid_not_verified');
}
// You may not be allowed to register this email.
if (!empty($regOptions['check_email_ban'])) {
isBannedEmail($regOptions['email'], 'cannot_register', $txt['ban_register_prohibited']);
}
// Check if the email address is in use.
$request = smf_db_query('
SELECT id_member
FROM {db_prefix}members
WHERE email_address = {string:email_address}
OR email_address = {string:username}
LIMIT 1', array('email_address' => $regOptions['email'], 'username' => $regOptions['username']));
// !!! Separate the sprintf?
if (mysql_num_rows($request) != 0) {
$reg_errors[] = array('lang', 'email_in_use', false, array(htmlspecialchars($regOptions['email'])));
}
mysql_free_result($request);
// If we found any errors we need to do something about it right away!
foreach ($reg_errors as $key => $error) {
/* Note for each error:
0 = 'lang' if it's an index, 'done' if it's clear text.
1 = The text/index.
2 = Whether to log.
3 = sprintf data if necessary. */
if ($error[0] == 'lang') {
loadLanguage('Errors');
}
$message = $error[0] == 'lang' ? empty($error[3]) ? $txt[$error[1]] : vsprintf($txt[$error[1]], $error[3]) : $error[1];
// What to do, what to do, what to do.
if ($return_errors) {
if (!empty($error[2])) {
log_error($message, $error[2]);
}
$reg_errors[$key] = $message;
} else {
fatal_error($message, empty($error[2]) ? false : $error[2]);
}
}
// If there's any errors left return them at once!
if (!empty($reg_errors)) {
return $reg_errors;
}
$reservedVars = array('actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url');
// Can't change reserved vars.
if (isset($regOptions['theme_vars']) && array_intersect($regOptions['theme_vars'], $reservedVars) != array()) {
fatal_lang_error('no_theme');
}
// Some of these might be overwritten. (the lower ones that are in the arrays below.)
$regOptions['register_vars'] = array('member_name' => $regOptions['username'], 'email_address' => $regOptions['email'], 'passwd' => sha1(strtolower($regOptions['username']) . $regOptions['password']), 'password_salt' => substr(md5(mt_rand()), 0, 4), 'posts' => 0, 'date_registered' => time(), 'member_ip' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $user_info['ip'], 'member_ip2' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $_SERVER['BAN_CHECK_IP'], 'validation_code' => $validation_code, 'real_name' => $regOptions['username'], 'personal_text' => $modSettings['default_personal_text'], 'pm_email_notify' => 1, 'id_theme' => 0, 'id_post_group' => 4, 'lngfile' => '', 'buddy_list' => '', 'pm_ignore_list' => '', 'message_labels' => '', 'location' => '', 'time_format' => '', 'signature' => '', 'avatar' => '', 'usertitle' => '', 'secret_question' => '', 'secret_answer' => '', 'additional_groups' => '', 'ignore_boards' => '', 'smiley_set' => '', 'openid_uri' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
// Setup the activation status on this new account so it is correct - firstly is it an under age account?
if ($regOptions['require'] == 'coppa') {
$regOptions['register_vars']['is_activated'] = 5;
// !!! This should be changed. To what should be it be changed??
$regOptions['register_vars']['validation_code'] = '';
} elseif ($regOptions['require'] == 'nothing') {
$regOptions['register_vars']['is_activated'] = 1;
} elseif ($regOptions['require'] == 'activation') {
$regOptions['register_vars']['is_activated'] = 0;
} else {
$regOptions['register_vars']['is_activated'] = 3;
}
if (isset($regOptions['memberGroup'])) {
// Make sure the id_group will be valid, if this is an administator.
$regOptions['register_vars']['id_group'] = $regOptions['memberGroup'] == 1 && !allowedTo('admin_forum') ? 0 : $regOptions['memberGroup'];
// Check if this group is assignable.
$unassignableGroups = array(-1, 3);
$request = smf_db_query('
SELECT id_group
FROM {db_prefix}membergroups
WHERE min_posts != {int:min_posts}' . (allowedTo('admin_forum') ? '' : '
OR group_type = {int:is_protected}'), array('min_posts' => -1, 'is_protected' => 1));
while ($row = mysql_fetch_assoc($request)) {
$unassignableGroups[] = $row['id_group'];
}
mysql_free_result($request);
if (in_array($regOptions['register_vars']['id_group'], $unassignableGroups)) {
$regOptions['register_vars']['id_group'] = 0;
}
}
// Integrate optional member settings to be set.
if (!empty($regOptions['extra_register_vars'])) {
foreach ($regOptions['extra_register_vars'] as $var => $value) {
$regOptions['register_vars'][$var] = $value;
}
}
// Integrate optional user theme options to be set.
$theme_vars = array();
if (!empty($regOptions['theme_vars'])) {
foreach ($regOptions['theme_vars'] as $var => $value) {
$theme_vars[$var] = $value;
}
}
// Call an optional function to validate the users' input.
HookAPI::callHook('integrate_register', array(&$regOptions, &$theme_vars));
// Right, now let's prepare for insertion.
$knownInts = array('date_registered', 'posts', 'id_group', 'last_login', 'instant_messages', 'unread_messages', 'new_pm', 'pm_prefs', 'gender', 'hide_email', 'show_online', 'pm_email_notify', 'karma_good', 'karma_bad', 'notify_announcements', 'notify_send_body', 'notify_regularity', 'notify_types', 'id_theme', 'is_activated', 'id_msg_last_visit', 'id_post_group', 'total_time_logged_in', 'warning');
$knownFloats = array('time_offset');
$column_names = array();
$values = array();
foreach ($regOptions['register_vars'] as $var => $val) {
$type = 'string';
if (in_array($var, $knownInts)) {
$type = 'int';
} elseif (in_array($var, $knownFloats)) {
$type = 'float';
} elseif ($var == 'birthdate') {
$type = 'date';
}
$column_names[$var] = $type;
$values[$var] = $val;
}
// Register them into the database.
smf_db_insert('', '{db_prefix}members', $column_names, $values, array('id_member'));
$memberID = smf_db_insert_id('{db_prefix}members', 'id_member');
// Update the number of members and latest member's info - and pass the name, but remove the 's.
if ($regOptions['register_vars']['is_activated'] == 1) {
updateStats('member', $memberID, $regOptions['register_vars']['real_name']);
} else {
updateStats('member');
}
// Theme variables too?
if (!empty($theme_vars)) {
$inserts = array();
foreach ($theme_vars as $var => $val) {
$inserts[] = array($memberID, $var, $val);
}
smf_db_insert('insert', '{db_prefix}themes', array('id_member' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'), $inserts, array('id_member', 'variable'));
}
// If it's enabled, increase the registrations for today.
trackStats(array('registers' => '+'));
// Administrative registrations are a bit different...
if ($regOptions['interface'] == 'admin') {
if ($regOptions['require'] == 'activation') {
$email_message = 'admin_register_activate';
} elseif (!empty($regOptions['send_welcome_email'])) {
$email_message = 'admin_register_immediate';
}
if (isset($email_message)) {
$replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code);
$emaildata = loadEmailTemplate($email_message, $replacements);
sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
}
// All admins are finished here.
return $memberID;
}
// Can post straight away - welcome them to your fantastic community...
if ($regOptions['require'] == 'nothing') {
if (!empty($regOptions['send_welcome_email'])) {
$replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
$emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'immediate', $replacements);
sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
}
// Send admin their notification.
adminNotify('standard', $memberID, $regOptions['username']);
} elseif ($regOptions['require'] == 'activation' || $regOptions['require'] == 'coppa') {
$replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
if ($regOptions['require'] == 'activation') {
$replacements += array('ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code);
} else {
$replacements += array('COPPALINK' => $scripturl . '?action=coppa;u=' . $memberID);
}
$emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . ($regOptions['require'] == 'activation' ? 'activate' : 'coppa'), $replacements);
sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
} else {
$replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
$emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'pending', $replacements);
sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
// Admin gets informed here...
adminNotify('approval', $memberID, $regOptions['username']);
}
// Okay, they're for sure registered... make sure the session is aware of this for security. (Just married :P!)
$_SESSION['just_registered'] = 1;
return $memberID;
}
echo $styleInvalid;
}
?>
/>
<span class="formcheck" id="spanUsername"> </span><br />
<label>Password:</label>
<input type="password" name="PASSWORD" size="30" id="passwd" class="validates"
onfocus="pValid()" />
<span class="formcheck" id="spanP"></span><br />
<label>Confirm Password:</label>
<input type="password" name="CONFIRMPASSWORD" size="30" id="confirmPasswd" class="validates"
onkeyup="passwdValid()"
<?php
if (!validatePassword($password1, $password2)) {
echo $styleInvalid;
}
?>
/>
<span class="formcheck" id="spanPasswd"></span><br />
</fieldset>
<fieldset id="fieldYN">
Gender:
<input type="radio" name="GENDER" value="male" id="maleRadio" /><label class="noLabel" for="maleRadio">Male </label>
<input type="radio" name="GENDER" value="female" id="femaleRadio" /><label class="noLabel" for="femaleRadio">Female </label><?php
if (!validateGender($gender)) {
echo "*";
}
?>
function authentication($memID, $saving = false)
{
global $context, $cur_profile, $sourcedir, $txt, $post_errors, $modSettings;
loadLanguage('Login');
// We are saving?
if ($saving) {
// Moving to password passed authentication?
if ($_POST['authenticate'] == 'passwd') {
// Didn't enter anything?
if ($_POST['passwrd1'] == '') {
$post_errors[] = 'no_password';
} elseif (!isset($_POST['passwrd2']) || $_POST['passwrd1'] != $_POST['passwrd2']) {
$post_errors[] = 'bad_new_password';
} else {
require_once $sourcedir . '/Subs-Auth.php';
$passwordErrors = validatePassword($_POST['passwrd1'], $cur_profile['member_name'], array($cur_profile['real_name'], $cur_profile['email_address']));
// Were there errors?
if ($passwordErrors != null) {
$post_errors[] = 'password_' . $passwordErrors;
}
}
if (empty($post_errors)) {
// Integration?
call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd1']));
// Go then.
$passwd = sha1(strtolower($cur_profile['member_name']) . un_htmlspecialchars($_POST['passwrd1']));
// Do the important bits.
updateMemberData($memID, array('openid_uri' => '', 'passwd' => $passwd));
if ($context['user']['is_owner']) {
setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($cur_profile['member_name']) . un_htmlspecialchars($_POST['passwrd2'])) . $cur_profile['password_salt']));
}
redirectexit('action=profile;u=' . $memID);
}
return true;
} elseif ($_POST['authenticate'] == 'openid' && !empty($_POST['openid_identifier'])) {
require_once $sourcedir . '/Subs-OpenID.php';
$_POST['openid_identifier'] = smf_openID_canonize($_POST['openid_identifier']);
if (smf_openid_member_exists($_POST['openid_identifier'])) {
$post_errors[] = 'openid_in_use';
} elseif (empty($post_errors)) {
// Authenticate using the new OpenID URI first to make sure they didn't make a mistake.
if ($context['user']['is_owner']) {
$_SESSION['new_openid_uri'] = $_POST['openid_identifier'];
smf_openID_validate($_POST['openid_identifier'], false, null, 'change_uri');
} else {
updateMemberData($memID, array('openid_uri' => $_POST['openid_identifier']));
}
}
}
}
// Some stuff.
$context['member']['openid_uri'] = $cur_profile['openid_uri'];
$context['auth_method'] = empty($cur_profile['openid_uri']) ? 'password' : 'openid';
$context['sub_template'] = 'authentication_method';
}
<?php
include "validate.php";
$formSend = count($_POST) > 0;
$username = "";
$email = "";
if ($formSend) {
$usernameValid = validateUsername($_POST["username"]);
$emailValid = validateEmail($_POST["email"]);
$passwordValid = validatePassword($_POST["password"]);
$passwordCValid = validateCPassword($_POST["password"], $_POST["passwordC"]);
$username = htmlspecialchars($_POST["username"]);
$email = htmlspecialchars($_POST["email"]);
if ($usernameValid == "" && $emailValid == "" && $passwordValid == "" && $passwordCValid == "") {
header('Location: welcome.php?username='******'text/css' rel='stylesheet' href='style.css'/>
<script src="jquery-2.1.4.min.js"></script>
<script src="jquery.validate.js"></script>
<script type="text/javascript" src="registration.js"></script>
<script type="text/javascript" src="script.js"></script>
</head>
<body>
<header>
eval("echo \"" . getTemplate("email/account_add") . "\";");
}
}
} else {
standard_error(array('allresourcesused', 'allocatetoomuchquota'), $quota);
}
} elseif ($action == 'changepw' && $id != 0) {
$result = $db->query_first("SELECT `id`, `email`, `email_full`, `iscatchall`, `destination`, `customerid`, `popaccountid` FROM `" . TABLE_MAIL_VIRTUAL . "` WHERE `customerid`='" . (int) $userinfo['customerid'] . "' AND `id`='" . (int) $id . "'");
if (isset($result['popaccountid']) && $result['popaccountid'] != '') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$password = validate($_POST['email_password'], 'password');
if ($password == '') {
standard_error(array('stringisempty', 'mypassword'));
exit;
}
$password = validatePassword($password);
$log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'");
$result = $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET " . ($settings['system']['mailpwcleartext'] == '1' ? "`password` = '" . $db->escape($password) . "', " : '') . " `password_enc`=ENCRYPT('" . $db->escape($password) . "') WHERE `customerid`='" . (int) $userinfo['customerid'] . "' AND `id`='" . (int) $result['popaccountid'] . "'");
redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
} else {
$result['email_full'] = $idna_convert->decode($result['email_full']);
$result = htmlentities_array($result);
$account_changepw_data = (include_once dirname(__FILE__) . '/lib/formfields/customer/email/formfield.emails_accountchangepasswd.php');
$account_changepw_form = htmlform::genHTMLForm($account_changepw_data);
$title = $account_changepw_data['emails_accountchangepasswd']['title'];
$image = $account_changepw_data['emails_accountchangepasswd']['image'];
eval("echo \"" . getTemplate("email/account_changepw") . "\";");
}
}
} elseif ($action == 'changequota' && $settings['system']['mail_quota_enabled'] == '1' && $id != 0) {
$result = $db->query_first("SELECT `v`.`id`, `v`.`email`, `v`.`email_full`, `v`.`iscatchall`, `v`.`destination`, `v`.`customerid`, `v`.`popaccountid`, `u`.`quota` FROM `" . TABLE_MAIL_VIRTUAL . "` `v` LEFT JOIN `" . TABLE_MAIL_USERS . "` `u` ON(`v`.`popaccountid` = `u`.`id`)WHERE `v`.`customerid`='" . (int) $userinfo['customerid'] . "' AND `v`.`id`='" . (int) $id . "'");
function net2ftp_module_printBody()
{
// --------------
// This function prints the login screen
// --------------
// -------------------------------------------------------------------------
// Global variables
// -------------------------------------------------------------------------
global $net2ftp_settings, $net2ftp_globals, $net2ftp_messages, $net2ftp_result;
if (isset($_POST["input_admin_username"]) == true) {
$input_admin_username = htmlEncode2(validateGenericInput($_POST["input_admin_username"]));
} else {
$input_admin_username = "";
}
if (isset($_POST["input_admin_password"]) == true) {
$input_admin_password = htmlEncode2(validateGenericInput($_POST["input_admin_password"]));
} else {
$input_admin_password = "";
}
if (isset($_POST["dbusername2"]) == true) {
$dbusername2 = validateUsername($_POST["dbusername2"]);
} else {
$dbusername2 = "";
}
if (isset($_POST["dbpassword2"]) == true) {
$dbpassword2 = validatePassword($_POST["dbpassword2"]);
} else {
$dbpassword2 = "";
}
if (isset($_POST["dbname2"]) == true) {
$dbname2 = validateGenericInput($_POST["dbname2"]);
} else {
$dbname2 = "";
}
if (isset($_POST["dbserver2"]) == true) {
$dbserver2 = validateGenericInput($_POST["dbserver2"]);
} else {
$dbserver2 = "";
}
$dbusername2_html = htmlEncode2($dbusername2);
$dbpassword2_html = htmlEncode2($dbpassword2);
$dbname2_html = htmlEncode2($dbname2);
$dbserver2_html = htmlEncode2($dbserver2);
if ($dbserver2 == "") {
$dbserver2 = "localhost";
}
// -------------------------------------------------------------------------
// Variables for all screens
// -------------------------------------------------------------------------
// Output variable
$net2ftp_output["admin_createtables"][] = "";
// Title
$title = __("Admin functions");
// Form name
$formname = "AdminForm";
// Read the SQL file
$filename = glueDirectories($net2ftp_globals["application_rootdir"], "create_tables.sql");
$handle = fopen($filename, "rb");
// Open the file for reading only
if ($handle == false) {
$net2ftp_output["admin_createtables"][] = __("The handle of file %1\$s could not be opened.", $filename);
}
clearstatcache();
// for filesize
$sqlquerystring = fread($handle, filesize($filename));
if ($sqlquerystring == false) {
$net2ftp_output["admin_createtables"][] = __("The file %1\$s could not be opened.", $filename);
}
$result1 = fclose($handle);
if ($result1 == false) {
$net2ftp_output["admin_createtables"][] = __("The handle of file %1\$s could not be closed.", $filename);
}
// Split the SQL file in individual queries
$sqlquerypieces = explode("\n", $sqlquerystring);
// -------------------------------------------------------------------------
// Variables for screen 1
// -------------------------------------------------------------------------
if ($net2ftp_globals["screen"] == 1) {
// Next screen
$nextscreen = 2;
// Back and forward buttons
$back_onclick = "document.forms['" . $formname . "'].state.value='admin';document.forms['" . $formname . "'].screen.value='1';document.forms['" . $formname . "'].submit();";
$forward_onclick = "document.forms['" . $formname . "'].submit();";
} elseif ($net2ftp_globals["screen"] == 2) {
// Next screen
$nextscreen = 1;
// Back and forward buttons
$back_onclick = "document.forms['" . $formname . "'].state.value='admin';document.forms['" . $formname . "'].screen.value='1';document.forms['" . $formname . "'].submit();";
$dbpassword2_length = strlen($dbpassword2);
// ------------------------------------
// Connect
// ------------------------------------
$mydb = mysql_connect($dbserver2, $dbusername2, $dbpassword2);
if ($mydb == false) {
$net2ftp_output["admin_createtables"][] = __("The connection to the server <b>%1\$s</b> could not be set up. Please check the database settings you've entered.", $dbserver2_html) . "\n";
}
// ------------------------------------
// Select
// ------------------------------------
if ($mydb != false) {
$mysql_select_db_result = mysql_select_db($dbname2);
if ($mysql_select_db_result == false) {
$net2ftp_output["admin_createtables"][] = __("Unable to select the database <b>%1\$s</b>.", $dbserver2_html) . "\n";
}
}
// ------------------------------------
// Query
// ------------------------------------
if ($mydb != false && $mysql_select_db_result != false) {
for ($i = 0; $i < sizeof($sqlquerypieces); $i++) {
$mysql_query_results[$i] = mysql_query($sqlquerypieces[$i]);
if ($mysql_query_results[$i] == false) {
$net2ftp_output["admin_createtables"][] = __("The SQL query nr <b>%1\$s</b> could not be executed.", $i + 1) . "\n";
} else {
$net2ftp_output["admin_createtables"][] = __("The SQL query nr <b>%1\$s</b> was executed successfully.", $i + 1) . "\n";
}
}
}
}
// end elseif
// -------------------------------------------------------------------------
// Print the output
// -------------------------------------------------------------------------
require_once $net2ftp_globals["application_skinsdir"] . "/" . $net2ftp_globals["skin"] . "/manage.template.php";
}
function setPassword2()
{
global $db_prefix, $context, $txt, $modSettings, $sourcedir;
if (empty($_POST['u']) || !isset($_POST['passwrd1']) || !isset($_POST['passwrd2'])) {
fatal_lang_error(1, false);
}
$_POST['u'] = (int) $_POST['u'];
if ($_POST['passwrd1'] != $_POST['passwrd2']) {
fatal_lang_error(213, false);
}
if ($_POST['passwrd1'] == '') {
fatal_lang_error(91, false);
}
loadLanguage('Login');
// Get the code as it should be from the database.
$request = db_query("\n\t\tSELECT validation_code, memberName, emailAddress\n\t\tFROM {$db_prefix}members\n\t\tWHERE ID_MEMBER = {$_POST['u']}\n\t\t\tAND is_activated = 1\n\t\t\tAND validation_code != ''\n\t\tLIMIT 1", __FILE__, __LINE__);
// Does this user exist at all?
if (mysql_num_rows($request) == 0) {
fatal_lang_error('invalid_userid', false);
}
list($realCode, $username, $email) = mysql_fetch_row($request);
mysql_free_result($request);
// Is the password actually valid?
require_once $sourcedir . '/Subs-Auth.php';
$passwordError = validatePassword($_POST['passwrd1'], $username, array($email));
// What - it's not?
if ($passwordError != null) {
fatal_lang_error('profile_error_password_' . $passwordError, false);
}
// Quit if this code is not right.
if (empty($_POST['code']) || substr($realCode, 0, 10) != substr(md5($_POST['code']), 0, 10)) {
fatal_error($txt['invalid_activation_code'], false);
}
// User validated. Update the database!
updateMemberData($_POST['u'], array('validation_code' => '\'\'', 'passwd' => '\'' . sha1(strtolower($username) . $_POST['passwrd1']) . '\''));
if (isset($modSettings['integrate_reset_pass']) && function_exists($modSettings['integrate_reset_pass'])) {
call_user_func($modSettings['integrate_reset_pass'], $username, $username, $_POST['passwrd1']);
}
loadTemplate('Login');
$context += array('page_title' => &$txt['reminder_password_set'], 'sub_template' => 'login', 'default_username' => $username, 'default_password' => $_POST['passwrd1'], 'never_expire' => false, 'description' => &$txt['reminder_password_set']);
}
function net2ftp_module_printBody()
{
// --------------
// This function prints the login screen
// --------------
// -------------------------------------------------------------------------
// Global variables
// -------------------------------------------------------------------------
global $net2ftp_settings, $net2ftp_globals, $net2ftp_messages, $net2ftp_result, $net2ftp_output;
if (isset($_POST["troubleshoot_ftpserver"]) == true) {
$troubleshoot_ftpserver = validateFtpserver($_POST["troubleshoot_ftpserver"]);
} else {
$troubleshoot_ftpserver = "";
}
if (isset($_POST["troubleshoot_ftpserverport"]) == true) {
$troubleshoot_ftpserverport = validateFtpserverport($_POST["troubleshoot_ftpserverport"]);
} else {
$troubleshoot_ftpserverport = "";
}
if (isset($_POST["troubleshoot_username"]) == true) {
$troubleshoot_username = validateUsername($_POST["troubleshoot_username"]);
} else {
$troubleshoot_username = "";
}
if (isset($_POST["troubleshoot_password"]) == true) {
$troubleshoot_password = validatePassword($_POST["troubleshoot_password"]);
} else {
$troubleshoot_password = "";
}
if (isset($_POST["troubleshoot_directory"]) == true) {
$troubleshoot_directory = validateDirectory($_POST["troubleshoot_directory"]);
} else {
$troubleshoot_directory = "";
}
if (isset($_POST["troubleshoot_passivemode"]) == true) {
$troubleshoot_passivemode = validatePassivemode($_POST["troubleshoot_passivemode"]);
} else {
$troubleshoot_passivemode = "";
}
$troubleshoot_ftpserver_html = htmlEncode2($troubleshoot_ftpserver);
$troubleshoot_ftpserverport_html = htmlEncode2($troubleshoot_ftpserverport);
$troubleshoot_username_html = htmlEncode2($troubleshoot_username);
$troubleshoot_directory_html = htmlEncode2($troubleshoot_directory);
$troubleshoot_passivemode_html = htmlEncode2($troubleshoot_passivemode);
// -------------------------------------------------------------------------
// Variables for all screens
// -------------------------------------------------------------------------
// Title
$title = __("Troubleshoot an FTP server");
// Form name
$formname = "AdvancedForm";
// -------------------------------------------------------------------------
// Variables for screen 1
// -------------------------------------------------------------------------
if ($net2ftp_globals["screen"] == 1) {
// Next screen
$nextscreen = 2;
// Back and forward buttons
$back_onclick = "document.forms['" . $formname . "'].state.value='advanced';document.forms['" . $formname . "'].screen.value='1';document.forms['" . $formname . "'].submit();";
$forward_onclick = "document.forms['" . $formname . "'].submit();";
} elseif ($net2ftp_globals["screen"] == 2) {
// Back and forward buttons
$back_onclick = "document.forms['" . $formname . "'].state.value='advanced_ftpserver'; document.forms['" . $formname . "'].submit();";
// Initial checks
if ($troubleshoot_passivemode != "yes") {
$troubleshoot_passivemode = "no";
}
// Connect
setStatus(1, 10, __("Connecting to the FTP server"));
$conn_id = ftp_connect("{$troubleshoot_ftpserver}", $troubleshoot_ftpserverport);
// Login with username and password
setStatus(2, 10, __("Logging into the FTP server"));
$ftp_login_result = ftp_login($conn_id, $troubleshoot_username, $troubleshoot_password);
// Passive mode
if ($troubleshoot_passivemode == "yes") {
setStatus(3, 10, __("Setting the passive mode"));
$ftp_pasv_result = ftp_pasv($conn_id, TRUE);
} else {
$ftp_pasv_result = true;
}
// Get the FTP system type
setStatus(4, 10, __("Getting the FTP system type"));
$ftp_systype_result = ftp_systype($conn_id);
// Change the directory
setStatus(5, 10, __("Changing the directory"));
$ftp_chdir_result = ftp_chdir($conn_id, $troubleshoot_directory);
// Get the current directory from the FTP server
setStatus(6, 10, __("Getting the current directory"));
$ftp_pwd_result = ftp_pwd($conn_id);
// Try to get a raw list
setStatus(7, 10, __("Getting the list of directories and files"));
$ftp_rawlist_result = ftp_rawlist($conn_id, "-a");
if (sizeof($ftp_rawlist_result) <= 1) {
$ftp_rawlist_result = ftp_rawlist($conn_id, "");
}
// Parse the list
setStatus(8, 10, __("Parsing the list of directories and files"));
for ($i = 0; $i < sizeof($ftp_rawlist_result); $i++) {
$parsedlist[$i] = ftp_scanline($troubleshoot_directory, $ftp_rawlist_result[$i]);
}
// end for
// Quiting; ftp_quit doesn't return a value
setStatus(9, 10, __("Logging out of the FTP server"));
ftp_quit($conn_id);
}
// end if
// -------------------------------------------------------------------------
// Print the output
// -------------------------------------------------------------------------
setStatus(10, 10, __("Printing the result"));
require_once $net2ftp_globals["application_skinsdir"] . "/" . $net2ftp_globals["skin"] . "/manage.template.php";
}
<?php
session_start();
error_reporting(E_ALL);
require_once 'constants.php';
ini_set('display_errors', 1);
$user_in = filter_input(INPUT_POST, "user", FILTER_SANITIZE_STRING);
$pw_in = filter_input(INPUT_POST, "pw", FILTER_SANITIZE_STRING);
$user = validateUser($user_in);
$pw = validatePassword($pw_in);
validateLogin($user, $pw);
//=========================================================
// Functions used to validate login credentials.
//---------------------------------------------------------
function validateLogin($user, $pw)
{
global $url;
if (doesUserDirectoryExist($user)) {
// User Exists
$pwFile = $GLOBALS['directory'] . "users/" . $user . "/pw.txt";
if (file_get_contents($pwFile) === $pw) {
$_SESSION['logged_on'] = 1;
$_SESSION['user'] = $user;
header('Location: ' . $GLOBALS['url']);
} else {
echo "<font color=\"red\"><b>ERROR: Input did not match a registed username & password combination.</b></font><br>";
echo "(Main page will reload shortly...)\n";
echo "<script type=\"text/javascript\">\nreload_page=function() {\n\tlocation.replace(\"{$url}\");\n}\n";
echo "var intervalID = window.setInterval(reload_page, 5000);\n</script>\n";
}
} else {
function saveProfileChanges(&$profile_vars, &$post_errors, $memID)
{
global $db_prefix, $user_info, $txt, $modSettings, $user_profile;
global $newpassemail, $validationCode, $context, $settings, $sourcedir;
global $func;
// These make life easier....
$old_profile =& $user_profile[$memID];
// Permissions...
if ($context['user']['is_owner']) {
$changeIdentity = allowedTo(array('profile_identity_any', 'profile_identity_own'));
$changeOther = allowedTo(array('profile_extra_any', 'profile_extra_own'));
} else {
$changeIdentity = allowedTo('profile_identity_any');
$changeOther = allowedTo('profile_extra_any');
}
// Arrays of all the changes - makes things easier.
$profile_bools = array('notifyAnnouncements', 'notifyOnce', 'notifySendBody');
$profile_ints = array('pm_email_notify', 'notifyTypes', 'ICQ', 'gender', 'ID_THEME');
$profile_floats = array('timeOffset');
$profile_strings = array('websiteUrl', 'websiteTitle', 'AIM', 'YIM', 'location', 'birthdate', 'timeFormat', 'buddy_list', 'pm_ignore_list', 'smileySet', 'signature', 'personalText', 'avatar');
// Fix the spaces in messenger screennames...
$fix_spaces = array('MSN', 'AIM', 'YIM');
foreach ($fix_spaces as $var) {
// !!! Why?
if (isset($_POST[$var])) {
$_POST[$var] = strtr($_POST[$var], ' ', '+');
}
}
// Make sure the MSN one is an email address, not something like 'none' :P.
if (isset($_POST['MSN']) && ($_POST['MSN'] == '' || preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['MSN']) != 0)) {
$profile_strings[] = 'MSN';
}
// Validate the title...
if (!empty($modSettings['titlesEnable']) && (allowedTo('profile_title_any') || allowedTo('profile_title_own') && $context['user']['is_owner'])) {
$profile_strings[] = 'usertitle';
}
// Validate the timeOffset...
if (isset($_POST['timeOffset'])) {
$_POST['timeOffset'] = strtr($_POST['timeOffset'], ',', '.');
if ($_POST['timeOffset'] < -23.5 || $_POST['timeOffset'] > 23.5) {
$post_errors[] = 'bad_offset';
}
}
// Fix the URL...
if (isset($_POST['websiteUrl'])) {
if (strlen(trim($_POST['websiteUrl'])) > 0 && strpos($_POST['websiteUrl'], '://') === false) {
$_POST['websiteUrl'] = 'http://' . $_POST['websiteUrl'];
}
if (strlen($_POST['websiteUrl']) < 8) {
$_POST['websiteUrl'] = '';
}
}
// !!! Should we check for this year and tell them they made a mistake :P? (based on coppa at least?)
if (isset($_POST['birthdate'])) {
if (preg_match('/(\\d{4})[\\-\\., ](\\d{2})[\\-\\., ](\\d{2})/', $_POST['birthdate'], $dates) === 1) {
$_POST['birthdate'] = checkdate($dates[2], $dates[3], $dates[1] < 4 ? 4 : $dates[1]) ? sprintf('%04d-%02d-%02d', $dates[1] < 4 ? 4 : $dates[1], $dates[2], $dates[3]) : '0001-01-01';
} else {
unset($_POST['birthdate']);
}
} elseif (isset($_POST['bday1'], $_POST['bday2'], $_POST['bday3']) && $_POST['bday1'] > 0 && $_POST['bday2'] > 0) {
$_POST['birthdate'] = checkdate($_POST['bday1'], $_POST['bday2'], $_POST['bday3'] < 4 ? 4 : $_POST['bday3']) ? sprintf('%04d-%02d-%02d', $_POST['bday3'] < 4 ? 4 : $_POST['bday3'], $_POST['bday1'], $_POST['bday2']) : '0001-01-01';
} elseif (isset($_POST['bday1']) || isset($_POST['bday2']) || isset($_POST['bday3'])) {
$_POST['birthdate'] = '0001-01-01';
}
if (isset($_POST['im_email_notify'])) {
$_POST['pm_email_notify'] = $_POST['im_email_notify'];
}
// Validate and set the ignorelist...
if (isset($_POST['pm_ignore_list']) || isset($_POST['im_ignore_list'])) {
if (!isset($_POST['pm_ignore_list'])) {
$_POST['pm_ignore_list'] = $_POST['im_ignore_list'];
}
$_POST['pm_ignore_list'] = strtr($func['htmltrim']($_POST['pm_ignore_list']), array('\\\'' => ''', "\n" => "', '", "\r" => '', '"' => ''));
if (preg_match('~(\\A|,)\\*(\\Z|,)~s', $_POST['pm_ignore_list']) == 0) {
$result = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}members\n\t\t\t\tWHERE memberName IN ('{$_POST['pm_ignore_list']}') OR realName IN ('{$_POST['pm_ignore_list']}')\n\t\t\t\tLIMIT " . (substr_count($_POST['pm_ignore_list'], '\', \'') + 1), __FILE__, __LINE__);
$_POST['pm_ignore_list'] = '';
while ($row = mysql_fetch_assoc($result)) {
$_POST['pm_ignore_list'] .= $row['ID_MEMBER'] . ',';
}
mysql_free_result($result);
// !!! Did we find all the members?
$_POST['pm_ignore_list'] = substr($_POST['pm_ignore_list'], 0, -1);
} else {
$_POST['pm_ignore_list'] = '*';
}
}
// Similarly, do the same for the buddy list
if (isset($_POST['buddy_list'])) {
$_POST['buddy_list'] = strtr(trim($_POST['buddy_list']), array('\\\'' => ''', "\n" => "', '", "\r" => '', '"' => ''));
if (trim($_POST['buddy_list']) != '') {
$result = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}members\n\t\t\t\tWHERE memberName IN ('{$_POST['buddy_list']}') OR realName IN ('{$_POST['buddy_list']}')\n\t\t\t\tLIMIT " . (substr_count($_POST['buddy_list'], '\', \'') + 1), __FILE__, __LINE__);
$_POST['buddy_list'] = '';
while ($row = mysql_fetch_assoc($result)) {
$_POST['buddy_list'] .= $row['ID_MEMBER'] . ',';
}
mysql_free_result($result);
// !!! Did we find all the members?
$_POST['buddy_list'] = substr($_POST['buddy_list'], 0, -1);
}
}
// Validate the smiley set.
if (isset($_POST['smileySet'])) {
$smiley_sets = explode(',', $modSettings['smiley_sets_known']);
if (!in_array($_POST['smileySet'], $smiley_sets) && $_POST['smileySet'] != 'none') {
$_POST['smileySet'] = '';
}
}
// Make sure the signature isn't too long.
if (isset($_POST['signature'])) {
require_once $sourcedir . '/Subs-Post.php';
if (!empty($modSettings['max_signatureLength']) && $func['strlen']($_POST['signature']) > $modSettings['max_signatureLength']) {
$_POST['signature'] = addslashes($func['substr'](stripslashes($_POST['signature']), 0, $modSettings['max_signatureLength']));
}
if (strlen($_POST['signature']) > 65534) {
$_POST['signature'] = addslashes($func['truncate'](stripslashes($_POST['signature']), 65534));
}
$_POST['signature'] = strtr($_POST['signature'], array('"' => '\\"', ''' => '\\'', ''' => '\\''));
preparsecode($_POST['signature']);
}
// Identity-only changes...
if ($changeIdentity) {
// This block is only concerned with display name validation.
if (isset($_POST['realName']) && (!empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum')) && trim($_POST['realName']) != $old_profile['realName']) {
$_POST['realName'] = trim(preg_replace('~[\\s]~' . ($context['utf8'] ? 'u' : ''), ' ', $_POST['realName']));
if (trim($_POST['realName']) == '') {
$post_errors[] = 'no_name';
} elseif ($func['strlen']($_POST['realName']) > 60) {
$post_errors[] = 'name_too_long';
} else {
require_once $sourcedir . '/Subs-Members.php';
if (isReservedName($_POST['realName'], $memID)) {
$post_errors[] = 'name_taken';
}
}
if (isset($_POST['realName'])) {
$profile_vars['realName'] = '\'' . $_POST['realName'] . '\'';
}
}
// Change the registration date.
if (!empty($_POST['dateRegistered']) && allowedTo('admin_forum')) {
// Bad date! Go try again - please?
if (($_POST['dateRegistered'] = strtotime($_POST['dateRegistered'])) === -1) {
fatal_error($txt['smf233'] . ' ' . strftime('%d %b %Y ' . (strpos($user_info['time_format'], '%H') !== false ? '%I:%M:%S %p' : '%H:%M:%S'), forum_time(false)), false);
} elseif ($_POST['dateRegistered'] != $txt[470] && $_POST['dateRegistered'] != strtotime(strftime('%Y-%m-%d', $user_profile[$memID]['dateRegistered'] + ($user_info['time_offset'] + $modSettings['time_offset']) * 3600))) {
$profile_vars['dateRegistered'] = $_POST['dateRegistered'] - ($user_info['time_offset'] + $modSettings['time_offset']) * 3600;
}
}
// Change the number of posts.
if (isset($_POST['posts']) && allowedTo('moderate_forum')) {
$profile_vars['posts'] = $_POST['posts'] != '' ? (int) strtr($_POST['posts'], array(',' => '', '.' => '', ' ' => '')) : '\'\'';
}
// This block is only concerned with email address validation..
if (isset($_POST['emailAddress']) && strtolower($_POST['emailAddress']) != strtolower($old_profile['emailAddress'])) {
$_POST['emailAddress'] = strtr($_POST['emailAddress'], array(''' => '\\\''));
// Prepare the new password, or check if they want to change their own.
if (!empty($modSettings['send_validation_onChange']) && !allowedTo('moderate_forum')) {
require_once $sourcedir . '/Subs-Members.php';
$validationCode = generateValidationCode();
$profile_vars['validation_code'] = '\'' . $validationCode . '\'';
$profile_vars['is_activated'] = '2';
$newpassemail = true;
}
// Check the name and email for validity.
if (trim($_POST['emailAddress']) == '') {
$post_errors[] = 'no_email';
}
if (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', stripslashes($_POST['emailAddress'])) == 0) {
$post_errors[] = 'bad_email';
}
// Email addresses should be and stay unique.
$request = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}members\n\t\t\t\tWHERE ID_MEMBER != {$memID}\n\t\t\t\t\tAND emailAddress = '{$_POST['emailAddress']}'\n\t\t\t\tLIMIT 1", __FILE__, __LINE__);
if (mysql_num_rows($request) > 0) {
$post_errors[] = 'email_taken';
}
mysql_free_result($request);
$profile_vars['emailAddress'] = '\'' . $_POST['emailAddress'] . '\'';
}
// Hide email address?
if (isset($_POST['hideEmail']) && (!empty($modSettings['allow_hideEmail']) || allowedTo('moderate_forum'))) {
$profile_vars['hideEmail'] = empty($_POST['hideEmail']) ? '0' : '1';
}
// Are they allowed to change their hide status?
if (isset($_POST['showOnline']) && (!empty($modSettings['allow_hideOnline']) || allowedTo('moderate_forum'))) {
$profile_vars['showOnline'] = empty($_POST['showOnline']) ? '0' : '1';
}
// If they're trying to change the password, let's check they pick a sensible one.
if (isset($_POST['passwrd1']) && $_POST['passwrd1'] != '') {
// Do the two entries for the password even match?
if ($_POST['passwrd1'] != $_POST['passwrd2']) {
$post_errors[] = 'bad_new_password';
}
// Let's get the validation function into play...
require_once $sourcedir . '/Subs-Auth.php';
$passwordErrors = validatePassword($_POST['passwrd1'], $user_info['username'], array($user_info['name'], $user_info['email']));
// Were there errors?
if ($passwordErrors != null) {
$post_errors[] = 'password_' . $passwordErrors;
}
// Set up the new password variable... ready for storage.
$profile_vars['passwd'] = '\'' . sha1(strtolower($old_profile['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . '\'';
}
if (isset($_POST['secretQuestion'])) {
$profile_vars['secretQuestion'] = '\'' . $_POST['secretQuestion'] . '\'';
}
// Do you have a *secret* password?
if (isset($_POST['secretAnswer']) && $_POST['secretAnswer'] != '') {
$profile_vars['secretAnswer'] = '\'' . md5($_POST['secretAnswer']) . '\'';
}
}
// Things they can do if they are a forum moderator.
if (allowedTo('moderate_forum')) {
if (($_REQUEST['sa'] == 'activateAccount' || !empty($_POST['is_activated'])) && isset($old_profile['is_activated']) && $old_profile['is_activated'] != 1) {
// If we are approving the deletion of an account, we do something special ;)
if ($old_profile['is_activated'] == 4) {
require_once $sourcedir . '/Subs-Members.php';
deleteMembers($memID);
redirectexit();
}
if (isset($modSettings['integrate_activate']) && function_exists($modSettings['integrate_activate'])) {
call_user_func($modSettings['integrate_activate'], $old_profile['memberName']);
}
// Actually update this member now, as it guarantees the unapproved count can't get corrupted.
updateMemberData($memID, array('is_activated' => $old_profile['is_activated'] >= 10 ? '11' : '1', 'validation_code' => '\'\''));
// If we are doing approval, update the stats for the member just incase.
if (in_array($old_profile['is_activated'], array(3, 4, 13, 14))) {
updateSettings(array('unapprovedMembers' => $modSettings['unapprovedMembers'] > 1 ? $modSettings['unapprovedMembers'] - 1 : 0));
}
// Make sure we update the stats too.
updateStats('member', false);
}
if (isset($_POST['karmaGood'])) {
$profile_vars['karmaGood'] = $_POST['karmaGood'] != '' ? (int) $_POST['karmaGood'] : '\'\'';
}
if (isset($_POST['karmaBad'])) {
$profile_vars['karmaBad'] = $_POST['karmaBad'] != '' ? (int) $_POST['karmaBad'] : '\'\'';
}
}
// Assigning membergroups (you need admin_forum permissions to change an admins' membergroups).
if (allowedTo('manage_membergroups')) {
// The account page allows the change of your ID_GROUP - but not to admin!.
if (isset($_POST['ID_GROUP']) && (allowedTo('admin_forum') || (int) $_POST['ID_GROUP'] != 1 && $old_profile['ID_GROUP'] != 1)) {
$profile_vars['ID_GROUP'] = (int) $_POST['ID_GROUP'];
}
// Find the additional membergroups (if any)
if (isset($_POST['additionalGroups']) && is_array($_POST['additionalGroups'])) {
foreach ($_POST['additionalGroups'] as $i => $group_id) {
if ((int) $group_id == 0 || !allowedTo('admin_forum') && (int) $group_id == 1) {
unset($_POST['additionalGroups'][$i], $_POST['additionalGroups'][$i]);
} else {
$_POST['additionalGroups'][$i] = (int) $group_id;
}
}
// Put admin back in there if you don't have permission to take it away.
if (!allowedTo('admin_forum') && in_array(1, explode(',', $old_profile['additionalGroups']))) {
$_POST['additionalGroups'][] = 1;
}
$profile_vars['additionalGroups'] = '\'' . implode(',', $_POST['additionalGroups']) . '\'';
}
// Too often, people remove delete their own account, or something.
if (in_array(1, explode(',', $old_profile['additionalGroups'])) || $old_profile['ID_GROUP'] == 1) {
$stillAdmin = !isset($profile_vars['ID_GROUP']) || $profile_vars['ID_GROUP'] == 1 || isset($_POST['additionalGroups']) && in_array(1, $_POST['additionalGroups']);
// If they would no longer be an admin, look for any other...
if (!$stillAdmin) {
$request = db_query("\n\t\t\t\t\tSELECT ID_MEMBER\n\t\t\t\t\tFROM {$db_prefix}members\n\t\t\t\t\tWHERE (ID_GROUP = 1 OR FIND_IN_SET(1, additionalGroups))\n\t\t\t\t\t\tAND ID_MEMBER != {$memID}\n\t\t\t\t\tLIMIT 1", __FILE__, __LINE__);
list($another) = mysql_fetch_row($request);
mysql_free_result($request);
if (empty($another)) {
fatal_lang_error('at_least_one_admin');
}
}
}
}
// Validate the language file...
if (($changeIdentity || $changeOther) && isset($_POST['lngfile']) && !empty($modSettings['userLanguage'])) {
$language_directories = array($settings['default_theme_dir'] . '/languages', $settings['actual_theme_dir'] . '/languages');
if (!empty($settings['base_theme_dir'])) {
$language_directories[] = $settings['base_theme_dir'] . '/languages';
}
$language_directories = array_unique($language_directories);
foreach ($language_directories as $language_dir) {
if (!file_exists($language_dir)) {
continue;
}
$dir = dir($language_dir);
while ($entry = $dir->read()) {
if (preg_match('~^index\\.(.+)\\.php$~', $entry, $matches) && $matches[1] == $_POST['lngfile']) {
$profile_vars['lngfile'] = "'{$_POST['lngfile']}'";
// If they are the owner, make this persist even after they log out.
if ($context['user']['is_owner']) {
$_SESSION['language'] = $_POST['lngfile'];
}
}
}
$dir->close();
}
}
// Here's where we sort out all the 'other' values...
if ($changeOther) {
makeThemeChanges($memID, isset($_POST['ID_THEME']) ? (int) $_POST['ID_THEME'] : $old_profile['ID_THEME']);
makeAvatarChanges($memID, $post_errors);
makeNotificationChanges($memID);
foreach ($profile_bools as $var) {
if (isset($_POST[$var])) {
$profile_vars[$var] = empty($_POST[$var]) ? '0' : '1';
}
}
foreach ($profile_ints as $var) {
if (isset($_POST[$var])) {
$profile_vars[$var] = $_POST[$var] != '' ? (int) $_POST[$var] : '\'\'';
}
}
foreach ($profile_floats as $var) {
if (isset($_POST[$var])) {
$profile_vars[$var] = (double) $_POST[$var];
}
}
foreach ($profile_strings as $var) {
if (isset($_POST[$var])) {
$profile_vars[$var] = '\'' . $_POST[$var] . '\'';
}
}
}
if (isset($profile_vars['ICQ']) && $profile_vars['ICQ'] == '0') {
$profile_vars['ICQ'] = '\'\'';
}
}
require_once '../Includes/database.php';
if (isset($_SESSION['username'])) {
redirect('../');
}
require_once '../Includes/header.php';
require_once '../Includes/formvalidation.php';
?>
<script src="../Scripts/formHandling.js" type="text/javascript"></script>
<?php
if (isset($_POST['submit'])) {
$formFields = array('Email', 'FirstName', 'LastName', 'Password1');
$errors = array();
$errors['Email'] = validateEmail($_POST['Email']);
$errors['FirstName'] = validateName($_POST['FirstName']);
$errors['LastName'] = validateName($_POST['LastName']);
$errors['Password1'] = validatePassword($_POST['Password1']);
//$errors['Password2'] = validatePassword($_POST['Password2']);
if ($errors['Password1'] == "") {
if ($_POST['Password1'] != $_POST['Password2']) {
$errors['Password1'] = "Values don't match";
}
}
$totalErrors = "";
foreach ($formFields as $fields) {
$totalErrors .= $errors[$fields];
echo $totalErrors;
//echo "error :{$fields}".$errors[$fields]."<br/>";
//echo $totalErrors;
}
if ($totalErrors == "") {
//No error, proceed with insertion
function SecretAnswer2()
{
global $txt, $context, $modSettings, $smcFunc, $sourcedir;
checkSession();
// Hacker? How did you get this far without an email or username?
if (empty($_REQUEST['uid'])) {
fatal_lang_error('username_no_exist', false);
}
loadLanguage('Login');
// Get the information from the database.
$request = $smcFunc['db_query']('', '
SELECT id_member, real_name, member_name, secret_answer, secret_question, openid_uri, email_address
FROM {db_prefix}members
WHERE id_member = {int:id_member}
LIMIT 1', array('id_member' => $_REQUEST['uid']));
if ($smcFunc['db_num_rows']($request) == 0) {
fatal_lang_error('username_no_exist', false);
}
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
// Check if the secret answer is correct.
if ($row['secret_question'] == '' || $row['secret_answer'] == '' || md5($_POST['secret_answer']) != $row['secret_answer']) {
log_error(sprintf($txt['reminder_error'], $row['member_name']), 'user');
fatal_lang_error('incorrect_answer', false);
}
// If it's OpenID this is where the music ends.
if (!empty($row['openid_uri'])) {
$context['sub_template'] = 'sent';
$context['description'] = sprintf($txt['reminder_openid_is'], $row['openid_uri']);
return;
}
// You can't use a blank one!
if (strlen(trim($_POST['passwrd1'])) === 0) {
fatal_lang_error('no_password', false);
}
// They have to be the same too.
if ($_POST['passwrd1'] != $_POST['passwrd2']) {
fatal_lang_error('passwords_dont_match', false);
}
// Make sure they have a strong enough password.
require_once $sourcedir . '/Subs-Auth.php';
$passwordError = validatePassword($_POST['passwrd1'], $row['member_name'], array($row['email_address']));
// Invalid?
if ($passwordError != null) {
fatal_lang_error('profile_error_password_' . $passwordError, false);
}
// Alright, so long as 'yer sure.
updateMemberData($row['id_member'], array('passwd' => sha1(strtolower($row['member_name']) . $_POST['passwrd1'])));
call_integration_hook('integrate_reset_pass', array($row['member_name'], $row['member_name'], $_POST['passwrd1']));
// Tell them it went fine.
loadTemplate('Login');
$context += array('page_title' => $txt['reminder_password_set'], 'sub_template' => 'login', 'default_username' => $row['member_name'], 'default_password' => $_POST['passwrd1'], 'never_expire' => false, 'description' => $txt['reminder_password_set']);
}
AND `lastreplier`="1"');
$awaitingtickets = $opentickets['count'];
$awaitingtickets_text = '';
if ($opentickets > 0) {
$awaitingtickets_text = strtr($lng['ticket']['awaitingticketreply'], array('%s' => '<a href="customer_tickets.php?page=tickets&s=' . $s . '">' . $opentickets['count'] . '</a>'));
}
eval("echo \"" . getTemplate("index/index") . "\";");
} elseif ($page == 'change_password') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$old_password = validate($_POST['old_password'], 'old password');
if (md5($old_password) != $userinfo['password']) {
standard_error('oldpasswordnotcorrect');
exit;
}
$new_password = validatePassword($_POST['new_password'], 'new password');
$new_password_confirm = validatePassword($_POST['new_password_confirm'], 'new password confirm');
if ($old_password == '') {
standard_error(array('stringisempty', 'oldpassword'));
} elseif ($new_password == '') {
standard_error(array('stringisempty', 'newpassword'));
} elseif ($new_password_confirm == '') {
standard_error(array('stringisempty', 'newpasswordconfirm'));
} elseif ($new_password != $new_password_confirm) {
standard_error('newpasswordconfirmerror');
} else {
$db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `password`='" . md5($new_password) . "' WHERE `customerid`='" . (int) $userinfo['customerid'] . "' AND `password`='" . md5($old_password) . "'");
$log->logAction(USR_ACTION, LOG_NOTICE, 'changed password');
if (isset($_POST['change_main_ftp']) && $_POST['change_main_ftp'] == 'true') {
$db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`=ENCRYPT('" . $db->escape($new_password) . "') WHERE `customerid`='" . (int) $userinfo['customerid'] . "' AND `username`='" . $db->escape($userinfo['loginname']) . "'");
$log->logAction(USR_ACTION, LOG_NOTICE, 'changed main ftp password');
}
function install()
{
global $PGHBA, $gforge_lib_dir, $gforge_etc_dir, $tsearch2_sql, $pgservice, $STDIN, $STDOUT;
show("\n * Enter the Database Name (gforge): ");
if (getenv('FFORGE_DB')) {
$gforge_db = getenv('FFORGE_DB');
} else {
$gforge_db = trim(fgets($STDIN));
if (strlen($gforge_db) == 0) {
$gforge_db = 'gforge';
}
}
show(" ...using '{$gforge_db}'");
show(' * Enter the Database Username (gforge): ');
if (getenv('FFORGE_USER')) {
$gforge_user = getenv('FFORGE_USER');
} else {
$gforge_user = trim(fgets($STDIN));
if (strlen($gforge_user) == 0) {
$gforge_user = '******';
}
}
show(" ...using '{$gforge_user}'");
show(" * Modifying DB Access Permissions...");
if (!file_exists("{$PGHBA}.fforge.backup")) {
run("cp {$PGHBA} {$PGHBA}.fforge.backup", true);
}
run("echo \"# GFORGE\nlocal all all trust\" > {$PGHBA}");
show(' * Restarting PostgreSQL...');
run("{$pgservice} stop", true);
run("{$pgservice} start");
show(" * Creating '{$gforge_user}' Group...");
run("/usr/sbin/groupadd {$gforge_user}", true);
show(" * Creating '{$gforge_user}' User...");
run("/usr/sbin/useradd -g {$gforge_user} {$gforge_user}", true);
show(" * Creating Database User '{$gforge_user}'...");
run("su - postgres -c \"createuser -A -R -d -E {$gforge_user}\"", true);
show(' * Creating Language...');
run("su - postgres -c \"createlang plpgsql template1\"", true);
if (!is_dir("/home/{$gforge_user}")) {
$susufix = '';
} else {
$susufix = '-';
}
show(" * Creating '{$gforge_db}' Database...");
run("su {$susufix} {$gforge_user} -c \"createdb {$gforge_db}\"", true);
// # Detect postgresql version, load tsearch2 for pg < 8.3
// $pg_version = explode(' ', shell_exec("postgres --version"));
// $pgv = $pg_version[2];
//
// if (preg_match('/^(7\.|8\.1|8\.2)/', $pgv)) {
// show(" * Dumping tsearch2 Database Into '$gforge_db' DB");
// run("su - postgres -c \"psql $gforge_db < $tsearch2_sql\" >> /tmp/gforge-import.log");
//
// $tables = array('pg_ts_cfg', 'pg_ts_cfgmap', 'pg_ts_dict', 'pg_ts_parser');
// foreach ($tables as $table) {
// run('su - postgres -c "psql '.$gforge_db.' -c \\"GRANT ALL on '.$table.' TO '.$gforge_user.';\\""');
// }
// } else {
// show(" * Creating FTS default configuation (Full Text Search)");
// run("su - postgres -c \"psql $gforge_db < $gforge_lib_dir/db/FTS-20081108.sql\" >> /tmp/gforge-import.log");
// }
show(' * Dumping FusionForge DB');
run("su {$susufix} {$gforge_user} -c \"psql {$gforge_db} < {$gforge_lib_dir}/db/gforge.sql\" >> /tmp/gforge-import.log");
// show(' * Dumping FusionForge FTI DB');
// run("su $susufix $gforge_user -c \"psql $gforge_db < $gforge_lib_dir/db/FTI.sql\" >> /tmp/gforge-import.log");
// run("su $susufix $gforge_user -c \"psql $gforge_db < $gforge_lib_dir/db/FTI-20050315.sql\" >> /tmp/gforge-import.log");
// run("su $susufix $gforge_user -c \"psql $gforge_db < $gforge_lib_dir/db/FTI-20050401.sql\" >> /tmp/gforge-import.log");
// run("su $susufix $gforge_user -c \"psql $gforge_db < $gforge_lib_dir/db/FTI-20050530.sql\" >> /tmp/gforge-import.log");
// run("su $susufix $gforge_user -c \"psql $gforge_db < $gforge_lib_dir/db/FTI-20060130.sql\" >> /tmp/gforge-import.log");
// run("su $susufix $gforge_user -c \"psql $gforge_db < $gforge_lib_dir/db/FTI-20061025.sql\" >> /tmp/gforge-import.log");
show(" * Enter the Admin Username (fforgeadmin): ");
if (getenv('FFORGE_ADMIN_USER')) {
$admin_user = getenv('FFORGE_ADMIN_USER');
} else {
$admin_user = trim(fgets($STDIN));
if (strlen($admin_user) == 0) {
$admin_user = '******';
}
}
show(" ...using '{$admin_user}'");
if (getenv('FFORGE_ADMIN_PASSWORD')) {
$bad_pwd = false;
$pwd1 = getenv('FFORGE_ADMIN_PASSWORD');
} else {
$retries = 0;
$bad_pwd = true;
$pwd1 = '';
$pwd2 = '';
$error = '';
while ($bad_pwd && $retries < 5) {
if ($bad_pwd && $retries > 0) {
show(' * ' . $error);
}
$pwd1 = readMasked(" * Enter the Site Admin Password:"******" * Please enter it again: \n");
if ($pwd1 == $pwd2) {
$bad_pwd = false;
} else {
$error = 'Passwords don\'t match. Please try again.';
}
}
$retries++;
}
}
if ($bad_pwd) {
show('Passwords didn\'t match! Aborting.');
die;
} else {
$pw_md5 = md5($pwd1);
$pw_crypt = crypt($pwd1);
$pw_crypt = str_replace('$', '\\\\\\$', $pw_crypt);
//run( 'su - postgres -c "psql ' .
// $gforge_db .
// ' -c \\"UPDATE \\\\\"user\\\\\" SET unix_name=\'' .
// $admin_user . '\', password_md5=\'' .
// $pw_md5 . '\', password_crypt=\'' .
// $pw_crypt . '\' WHERE user_id=101;\\""'); // MODIFIQUE ESTO
//run( 'su - postgres -c "psql ' .
// $gforge_db .
// ' -c \\"UPDATE \\\\\"users\\\\\" SET user_name=\'' .
// $admin_user . '\', user_pw=\'' .
// $pw_md5 . '\', unix_pw=\'' .
// $pw_crypt . '\' WHERE user_id=101;\\""');
//echo "BREAKPOINT 1\n";
//$t = trim(fgets($STDIN));
// run("su - postgres -c \"psql $gforge_db -c \\\"INSERT INTO users (user_name, user_pw, unix_pw) VALUES ('$admin_user', '$pw_md5', '$pw_crypt')\\\"\"");
run("su - postgres -c \"psql {$gforge_db} -c \\\"INSERT INTO users (user_name, email, user_pw, unix_pw, status, theme_id) VALUES ('{$admin_user}', '*****@*****.**', '{$pw_md5}', '{$pw_crypt}', 'A', 1); INSERT INTO user_group (user_id, group_id, admin_flags) VALUES (currval('users_pk_seq'), 1, 'A')\\\"\"");
//echo "BREAKPOINT 2\n";
//$t = trim(fgets($STDIN));
// run("su - postgres -c \"psql $gforge_db -c \\\"INSERT INTO user_group (user_id, group_id, admin_flags) VALUES (currval('users_pk_seq'), 1, 'A')\\\"\"" );
//echo "BREAKPOINT 3\n";
//$t = trim(fgets($STDIN));
}
if (!is_dir($gforge_etc_dir)) {
mkdir($gforge_etc_dir);
}
show(' * Saving database configuration in FForge config file');
$data = file_get_contents("{$gforge_etc_dir}/local.inc");
$lines = explode("\n", $data);
$config = '';
foreach ($lines as $l) {
$l = preg_replace("/^.sys_dbname\\s*=\\s*'(.*)'/", "\$sys_dbname='{$gforge_db}'", $l);
$l = preg_replace("/^.sys_dbuser\\s*=\\s*'(.*)'/", "\$sys_dbuser='******'", $l);
$config .= $l . "\n";
}
if ($fp = fopen("{$gforge_etc_dir}/local.inc", "w")) {
fwrite($fp, $config);
fclose($fp);
}
show(' * Saving installation log in /tmp/gforge-import.log');
}
function changePasswordEmail()
{
global $config;
$updateData = array();
// Are we setting a new password?
if (!empty($_POST["settingsPasswordEmail"]["new"])) {
// Make a copy of the password; the validatePassword() function will automatically format it into a hash.
$hash = $_POST["settingsPasswordEmail"]["new"];
if ($error = validatePassword($hash)) {
$this->messages["new"] = $error;
} elseif ($_POST["settingsPasswordEmail"]["new"] != $_POST["settingsPasswordEmail"]["confirm"]) {
$this->messages["confirm"] = "passwordsDontMatch";
} else {
$updateData["password"] = "******";
$this->messages["confirm"] = "reenterInformation";
// Just in case we fail later on.
}
$this->messages["current"] = "reenterInformation";
}
// Are we setting a new email?
if (!empty($_POST["settingsPasswordEmail"]["email"])) {
// Validate the email address. If it's ok, add the updating part to the query.
if ($error = validateEmail($_POST["settingsPasswordEmail"]["email"])) {
$this->messages["email"] = $error;
} else {
$updateData["email"] = "'{$_POST["settingsPasswordEmail"]["email"]}'";
}
$this->messages["current"] = "reenterInformation";
}
// Check the user's old password.
if (!$this->esoTalk->db->result("SELECT 1 FROM {$config["tablePrefix"]}members WHERE memberId={$this->esoTalk->user["memberId"]} AND password='******'", 0)) {
$this->messages["current"] = "incorrectPassword";
} elseif (count($updateData)) {
$query = $this->esoTalk->db->constructUpdateQuery("members", $updateData, array("memberId" => $this->esoTalk->user["memberId"]));
$this->esoTalk->db->query($query);
$this->messages = array();
return true;
}
}
/**
* Verify the answer to the secret question.
* Accessed with sa=secret2
*/
public function action_secret2()
{
global $txt, $context;
checkSession();
validateToken('remind-sai');
// Hacker? How did you get this far without an email or username?
if (empty($_REQUEST['uid'])) {
fatal_lang_error('username_no_exist', false);
}
loadLanguage('Login');
// Get the information from the database.
require_once SUBSDIR . '/Members.subs.php';
$member = getBasicMemberData((int) $_REQUEST['uid'], array('authentication' => true));
if (empty($member)) {
fatal_lang_error('username_no_exist', false);
}
// Check if the secret answer is correct.
if ($member['secret_question'] == '' || $member['secret_answer'] == '' || md5($_POST['secret_answer']) !== $member['secret_answer']) {
log_error(sprintf($txt['reminder_error'], $member['member_name']), 'user');
fatal_lang_error('incorrect_answer', false);
}
// If it's OpenID this is where the music ends.
if (!empty($member['openid_uri'])) {
$context['sub_template'] = 'sent';
$context['description'] = sprintf($txt['reminder_openid_is'], $member['openid_uri']);
return;
}
// You can't use a blank one!
if (strlen(trim($_POST['passwrd1'])) === 0) {
fatal_lang_error('no_password', false);
}
// They have to be the same too.
if ($_POST['passwrd1'] != $_POST['passwrd2']) {
fatal_lang_error('passwords_dont_match', false);
}
// Make sure they have a strong enough password.
require_once SUBSDIR . '/Auth.subs.php';
$passwordError = validatePassword($_POST['passwrd1'], $member['member_name'], array($member['email_address']));
// Invalid?
if ($passwordError != null) {
fatal_lang_error('profile_error_password_' . $passwordError, false);
}
// Alright, so long as 'yer sure.
require_once SUBSDIR . '/Auth.subs.php';
$sha_passwd = $_POST['passwrd1'];
updateMemberData($member['id_member'], array('passwd' => validateLoginPassword($sha_passwd, '', $member['member_name'], true)));
call_integration_hook('integrate_reset_pass', array($member['member_name'], $member['member_name'], $_POST['passwrd1']));
// Tell them it went fine.
loadTemplate('Login');
loadJavascriptFile('sha256.js', array('defer' => true));
$context += array('page_title' => $txt['reminder_password_set'], 'sub_template' => 'login', 'default_username' => $member['member_name'], 'default_password' => $_POST['passwrd1'], 'never_expire' => false, 'description' => $txt['reminder_password_set']);
createToken('login');
}
}
}
return true;
}
//Form data validation
if (isset($_POST['register'])) {
$strEmail = "";
$strProfile = "";
$strPassqord = "";
$strConPassword = "";
$strEmail = $_POST["email"];
$strProfile = $_POST["name"];
$strPassword = $_POST["password"];
$strConPassword = $_POST["confirmPassword"];
//$_SESSION["email"] = $strEmail;
if (validateProfile($strProfile, "Profile Name") && validatePassword($strPassword, "Password")) {
if ($strPassword != $strConPassword) {
echo "The password can not match.";
} else {
//Connect to database server and table
include "connection.php";
@mysqli_select_db($conn, "cl56-henningdb") or die("Database not available");
/*
$strSql = "INSERT INTO friends (friend_email, password, profile_name, date_started, num_of_friends) values ('$strEmail', '$strPassword', '$strProfile', CURDATE(), 0)";
$Result = mysqli_query($conn, $strSql)
or die("Problem reading table");
if($Result){
echo "Register successfully!";
header("location:friendadd.php");
}
static function submitNewUser($username, $password, $email, $password2 = null)
{
if (!registerUsers()) {
return 5;
}
// admin has disabled registering new users
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
$username = validateUserName($username) ? $username : false;
$password = validatePassword($password) ? $password : false;
if (!$username || !$password) {
return 1;
// username or password does not meet the requirements
}
if (isset($password2)) {
$password2 = validatePassword($password2) ? $password2 : false;
if ($password2 != false) {
//$password2 = passwordHash($password2);
if ($password2 != $password) {
return 4;
// passwords do not match
}
} else {
return 4;
}
}
$password = passwordHash($password);
$current_datetime = jDateTime::gdate('Y-m-d H:i:s');
if (Users::userExists($username)) {
return 2;
// username already exist
}
$activate = md5($email . time());
$conn = MySQL::open_conn();
$query = "INSERT INTO c_users (user_login, user_pass, user_email, user_registered, activate) ";
$query .= "VALUES ('{$username}', '{$password}', '{$email}', '{$current_datetime}', '{$activate}')";
$res = $conn->query($query);
if (!$res) {
return 3;
}
// unknown error while creating new user
$row = $conn->query("SELECT MAX(ID) AS max FROM c_users")->fetch_array();
if ($row) {
$id = $row['max'];
}
if (shouldConfMail()) {
$mail_content = replace_template(getDefaultEmailTemplateContent(), getConfEmailTemplateVars($id));
Email::sendMail($email, $username, getConfMailSubject(), $mail_content);
}
return 0;
}
function net2ftp_module_printBody()
{
// --------------
// This function prints the login screen
// --------------
// -------------------------------------------------------------------------
// Global variables
// -------------------------------------------------------------------------
global $net2ftp_settings, $net2ftp_globals, $net2ftp_messages, $net2ftp_result, $net2ftp_output;
// The 2 go_to_state variables come from the bookmark, or from registerglobals.inc.php
if (isset($_GET["go_to_state"]) == true) {
$go_to_state = validateGenericInput($_GET["go_to_state"]);
} else {
$go_to_state = $net2ftp_globals["go_to_state"];
}
if (isset($_GET["go_to_state2"]) == true) {
$go_to_state2 = validateGenericInput($_GET["go_to_state2"]);
} else {
$go_to_state2 = $net2ftp_globals["go_to_state2"];
}
if (isset($_GET["errormessage"]) == true) {
$errormessage = validateGenericInput($_GET["errormessage"]);
}
// Most actions
if (isset($_POST["list"]) == true) {
$list = getSelectedEntries($_POST["list"]);
} else {
$list = "";
}
// Bookmark
if (isset($_POST["url"]) == true) {
$url = validateGenericInput($_POST["url"]);
} else {
$url = "";
}
if (isset($_POST["text"]) == true) {
$text = validateGenericInput($_POST["text"]);
} else {
$text = "";
}
// Copy, move, delete
if (isset($_POST["ftpserver2"]) == true) {
$net2ftp_globals["ftpserver2"] = validateFtpserver($_POST["ftpserver2"]);
} else {
$net2ftp_globals["ftpserver2"] = "";
}
if (isset($_POST["ftpserverport2"]) == true) {
$net2ftp_globals["ftpserverport2"] = validateFtpserverport($_POST["ftpserverport2"]);
} else {
$net2ftp_globals["ftpserverport2"] = "";
}
if (isset($_POST["username2"]) == true) {
$net2ftp_globals["username2"] = validateUsername($_POST["username2"]);
} else {
$net2ftp_globals["username2"] = "";
}
if (isset($_POST["password2"]) == true) {
$net2ftp_globals["password2"] = validatePassword($_POST["password2"]);
} else {
$net2ftp_globals["password2"] = "";
}
// Edit
if (isset($_POST["textareaType"]) == true) {
$textareaType = validateTextareaType($_POST["textareaType"]);
} else {
$textareaType = "";
}
if (isset($_POST["text"]) == true) {
$text = $_POST["text"];
} else {
$text = "";
}
if (isset($_POST["text_splitted"]) == true) {
$text_splitted = $_POST["text_splitted"];
} else {
$text_splitted = "";
}
// Find string
if (isset($_POST["searchoptions"]) == true) {
$searchoptions = $_POST["searchoptions"];
}
// New directory
// Rename
if (isset($_POST["newNames"]) == true) {
$newNames = validateEntry($_POST["newNames"]);
} else {
$newNames = "";
}
// Raw FTP command
if (isset($_POST["command"]) == true) {
$command = $_POST["command"];
} else {
$command = "CWD {$directory_html}\nPWD\n";
}
// Zip
if (isset($_POST["zipactions"]) == true) {
$zipactions = $_POST["zipactions"];
} else {
$zipactions = "";
}
// -------------------------------------------------------------------------
// Variables for all screens
// -------------------------------------------------------------------------
$formname = "LoginForm";
$enctype = "";
if ($net2ftp_globals["state2"] == "admin") {
$message = __("Please enter your Administrator username and password.");
$button_text = __("Login");
$username_fieldname = "input_admin_username";
$password_fieldname = "input_admin_password";
$username_value = "";
$password_value = "";
$focus = $username_fieldname;
} elseif ($net2ftp_globals["state2"] == "bookmark") {
$message = __("Please enter your username and password for FTP server <b>%1\$s</b>.", htmlEncode2($net2ftp_globals["ftpserver"]));
$button_text = __("Login");
$username_fieldname = "username";
$password_fieldname = "password";
if (isset($net2ftp_globals["username"]) == true) {
$username_value = htmlEncode2($net2ftp_globals["username"]);
$focus = $password_fieldname;
} else {
$username_value = "";
$focus = $username_fieldname;
}
$password_value = "";
} elseif ($net2ftp_globals["state2"] == "session_expired") {
$message = __("Your session has expired; please enter your password for FTP server <b>%1\$s</b> to continue.", htmlEncode2($net2ftp_globals["ftpserver"]));
$button_text = __("Continue");
$username_fieldname = "username";
$password_fieldname = "password";
if (isset($net2ftp_globals["username"]) == true) {
$username_value = htmlEncode2($net2ftp_globals["username"]);
$focus = $password_fieldname;
} else {
$username_value = "";
$focus = $username_fieldname;
}
$password_value = "";
} elseif ($net2ftp_globals["state2"] == "session_ipchange") {
$message = __("Your IP address has changed; please enter your password for FTP server <b>%1\$s</b> to continue.", htmlEncode2($net2ftp_globals["ftpserver"]));
$button_text = __("Continue");
$username_fieldname = "username";
$password_fieldname = "password";
if (isset($net2ftp_globals["username"]) == true) {
$username_value = htmlEncode2($net2ftp_globals["username"]);
$focus = $password_fieldname;
} else {
$username_value = "";
$focus = $username_fieldname;
}
$password_value = "";
}
// -------------------------------------------------------------------------
// Print the output
// -------------------------------------------------------------------------
require_once $net2ftp_globals["application_skinsdir"] . "/" . $net2ftp_globals["skin"] . "/login_small.template.php";
}
function net2ftp_module_printBody()
{
// --------------
// This function prints the copy/move/delete screen
// --------------
// -------------------------------------------------------------------------
// Global variables
// -------------------------------------------------------------------------
global $net2ftp_settings, $net2ftp_globals, $net2ftp_messages, $net2ftp_result, $net2ftp_output;
if (isset($_POST["list"]) == true) {
$list = getSelectedEntries($_POST["list"]);
} else {
$list = "";
}
if (isset($_POST["ftpserver2"]) == true) {
$net2ftp_globals["ftpserver2"] = validateFtpserver($_POST["ftpserver2"]);
} else {
$net2ftp_globals["ftpserver2"] = "";
}
if (isset($_POST["ftpserverport2"]) == true) {
$net2ftp_globals["ftpserverport2"] = validateFtpserverport($_POST["ftpserverport2"]);
} else {
$net2ftp_globals["ftpserverport2"] = "";
}
if (isset($_POST["username2"]) == true) {
$net2ftp_globals["username2"] = validateUsername($_POST["username2"]);
} else {
$net2ftp_globals["username2"] = "";
}
if (isset($_POST["password2"]) == true) {
$net2ftp_globals["password2"] = validatePassword($_POST["password2"]);
} else {
$net2ftp_globals["password2"] = "";
}
// -------------------------------------------------------------------------
// Variables for all screens
// -------------------------------------------------------------------------
// Title
if ($net2ftp_globals["state2"] == "copy") {
$title = __("Copy directories and files");
} elseif ($net2ftp_globals["state2"] == "move") {
$title = __("Move directories and files");
} elseif ($net2ftp_globals["state2"] == "delete") {
$title = __("Delete directories and files");
}
// Form name, back and forward buttons
$formname = "CopyMoveDeleteForm";
$back_onclick = "document.forms['" . $formname . "'].state.value='browse';document.forms['" . $formname . "'].state2.value='main';document.forms['" . $formname . "'].submit();";
$forward_onclick = "document.forms['" . $formname . "'].submit();";
// -------------------------------------------------------------------------
// Variables for screen 1
// -------------------------------------------------------------------------
if ($net2ftp_globals["screen"] == 1) {
// Next screen
$nextscreen = 2;
} elseif ($net2ftp_globals["screen"] == 2) {
// ---------------------------------------
// Open connection to the source server
// ---------------------------------------
setStatus(2, 10, __("Connecting to the FTP server"));
$conn_id_source = ftp_openconnection();
if ($net2ftp_result["success"] == false) {
return false;
}
// ---------------------------------------
// Open connection to the target server, if it is different from the source server, or if the username
// is different (different users may have different authorizations on the same FTP server)
// ---------------------------------------
if (($net2ftp_globals["ftpserver2"] != "" || $net2ftp_globals["username2"] != "") && ($net2ftp_globals["ftpserver2"] != $net2ftp_globals["ftpserver"] || $net2ftp_globals["username2"] != $net2ftp_globals["username"])) {
$conn_id_target = ftp_openconnection2();
// Note: ftp_openconnection2 cleans the input values
if ($net2ftp_result["success"] == false) {
return false;
}
} else {
$conn_id_target = $conn_id_source;
}
// ---------------------------------------
// Copy, move or delete the files and directories
// ---------------------------------------
ftp_copymovedelete($conn_id_source, $conn_id_target, $list, $net2ftp_globals["state2"], 0);
// ---------------------------------------
// Close the connection to the source server
// ---------------------------------------
ftp_closeconnection($conn_id_source);
// ---------------------------------------
// Close the connection to the target server, if it is different from the source server
// ---------------------------------------
if ($conn_id_source != $conn_id_target) {
ftp_closeconnection($conn_id_target);
}
}
// end elseif
// -------------------------------------------------------------------------
// Print the output
// -------------------------------------------------------------------------
require_once $net2ftp_globals["application_skinsdir"] . "/" . $net2ftp_globals["skin"] . "/manage.template.php";
}