function iUsers($iname, $ipass, $imail) { global $admin_file, $CURUSER; if ($_SERVER["REQUEST_METHOD"] == "POST") { list($iclass) = mysql_fetch_row(sql_query('SELECT class FROM users WHERE username = '******'Администратор ' . $CURUSER['username'] . ' пробовал изменить учетные данные пользователя ' . $iname . ' классом выше!', 'red', 'error'); } else { $updateset = array(); if (!empty($ipass)) { $secret = mksecret(); $hash = md5($secret . $ipass . $secret); $updateset[] = "secret = " . sqlesc($secret); $updateset[] = "passhash = " . sqlesc($hash); } if (!empty($imail) && validemail($imail)) { $updateset[] = "email = " . sqlesc($imail); } if (count($updateset)) { $res = sql_query("UPDATE users SET " . implode(", ", $updateset) . " WHERE username = "******"Ошибка", "Смена пароля завершилась неудачей! Возможно указано несуществующее имя пользователя.", "error"); } else { stdmsg("Изменения пользователя прошло успешно", "Имя пользователя: " . $iname . (!empty($hash) ? "<br />Новый пароль: " . $ipass : "") . (!empty($imail) ? "<br />Новая почта: " . $imail : "")); } } } else { echo "<form method=\"post\" action=\"" . $admin_file . ".php?op=iUsers\">" . "<table border=\"0\" cellspacing=\"0\" cellpadding=\"3\">" . "<tr><td class=\"colhead\" colspan=\"2\">Смена пароля</td></tr>" . "<tr>" . "<td><b>Пользователь</b></td>" . "<td><input name=\"iname\" type=\"text\"></td>" . "</tr>" . "<tr>" . "<td><b>Новый пароль</b></td>" . "<td><input name=\"ipass\" type=\"password\"></td>" . "</tr>" . "<tr>" . "<td><b>Новая почта</b></td>" . "<td><input name=\"imail\" type=\"text\"></td>" . "</tr>" . "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"isub\" value=\"Сделать\"></td></tr>" . "</table>" . "<input type=\"hidden\" name=\"op\" value=\"iUsers\" />" . "</form>"; } }
} } } } } } } } if ($isValid && !(checkdnsrr($domain, "MX") || checkdnsrr($domain, "A"))) { // domain not found in DNS $isValid = false; } } return $isValid; } if (!validemail($_POST['email'])) { // Check email address echo "At least try to put in a real email address... not {$_POST['email']}"; } else { if (isset($_POST['username']) ? Strlen($_POST['username']) < 2 : false) { // Check username if posted echo "At least try to put in a name for your account..."; } else { if (isset($_POST['username']) ? Strlen($_POST['username']) > 25 : false) { // Check small enough echo "At least try to put in a reasonable name for your account..."; } else { if ($_POST['f'] == 'sign') { $username = $_POST['username']; $email = $_POST['email']; // Get database connection
public function update_group($group = array()) { LOGGER("update user: "******", id=" . (int) $group['id']); $query = $this->db->query("UPDATE `" . TABLE_GROUP . "` SET `groupname`=? WHERE id=?", array($group['groupname'], (int) $group['id'])); $query = $this->db->query("DELETE FROM `" . TABLE_GROUP_USER . "` WHERE id=?", array($group['id'])); $emails = explode("\n", $group['email']); foreach ($emails as $email) { $email = rtrim($email); if (validemail($email)) { $query = $this->db->query("INSERT INTO `" . TABLE_GROUP_USER . "` (id, email) VALUES(?,?)", array($group['id'], $email)); } } $query = $this->db->query("DELETE FROM `" . TABLE_GROUP_EMAIL . "` WHERE id=?", array($group['id'])); $emails = explode("\n", $group['assigned_email']); foreach ($emails as $email) { $email = rtrim($email); if (validemail($email)) { $query = $this->db->query("INSERT INTO `" . TABLE_GROUP_EMAIL . "` (id, email) VALUES(?,?)", array($group['id'], $email)); } } return $this->db->countAffected(); }
} else { $name = str_replace(array('?', '*'), array('_', '%'), $name); $name_is .= (isset($name_is) ? " OR " : "") . "u.username LIKE " . sqlesc($name); } } $where_is .= $name_is . ")"; } $q .= ($q ? "&" : "") . "n=" . urlencode(trim($_GET['n'])); } // email $emaila = explode(' ', trim($_GET['em'])); if ($emaila[0] !== "") { $where_is .= isset($where_is) ? " AND (" : "("; foreach ($emaila as $email) { if (strpos($email, '*') === false && strpos($email, '?') === false && strpos($email, '%') === false) { if (validemail($email) !== 1) { stdmsg("Error", "Bad email."); stdfoot(); die; } $email_is .= (isset($email_is) ? " OR " : "") . "u.email =" . sqlesc($email); } else { $sql_email = str_replace(array('?', '*'), array('_', '%'), $email); $email_is .= (isset($email_is) ? " OR " : "") . "u.email LIKE " . sqlesc($sql_email); } } $where_is .= $email_is . ")"; $q .= ($q ? "&" : "") . "em=" . urlencode(trim($_GET['em'])); } // class // NB: the c parameter is passed as two units above the real one
function checkemail($email, $domains) { if (validemail($email) == 0) { return 0; } if ($email == 'admin@local') { return 1; } list($u, $d) = explode('@', $email); foreach ($domains as $domain) { if ($domain == $d) { return 1; } } return -1; }
$age = (int) $_POST["age"]; if (empty($wantpassword) || empty($email) && !$invite_row || empty($wantusername)) { $message = T_("DONT_LEAVE_ANY_FIELD_BLANK"); } elseif (strlen($wantusername) > $username_length) { $message = sprintf(T_("USERNAME_TOO_LONG"), $username_length); } elseif ($wantpassword != $passagain) { $message = T_("PASSWORDS_NOT_MATCH"); } elseif (strlen($wantpassword) < $password_minlength) { $message = sprintf(T_("PASS_TOO_SHORT_2"), $password_minlength); } elseif (strlen($wantpassword) > $password_maxlength) { $message = sprintf(T_("PASS_TOO_LONG_2"), $password_maxlength); } elseif ($wantpassword == $wantusername) { $message = T_("PASS_CANT_MATCH_USERNAME"); } elseif (!validusername($wantusername)) { $message = "Invalid username."; } elseif (!$invite_row && !validemail($email)) { $message = "That doesn't look like a valid email address."; } if ($message == "") { // Certain checks must be skipped for invites if (!$invite_row) { //check email isnt banned $maildomain = substr($email, strpos($email, "@") + 1); $a = @mysql_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain='{$email}'")); if ($a[0] != 0) { $message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email); } $a = @mysql_fetch_row(@SQL_Query_exec("select count(*) from email_bans where mail_domain LIKE '%{$maildomain}%'")); if ($a[0] != 0) { $message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email); }
public function update_user($user) { LOGGER("update user: "******", uid=" . (int) $user['uid']); $emails = explode("\n", $user['email']); foreach ($emails as $email) { $email = rtrim($email); if (validemail($email) == 0) { continue; } $query = $this->db->query("SELECT COUNT(*) AS count FROM " . TABLE_EMAIL . " WHERE uid!=? AND email=?", array((int) $user['uid'], $email)); if ($query->row['count'] > 0) { return $email; } } /* update password field if we have to */ if (strlen($user['password']) >= MIN_PASSWORD_LENGTH) { $query = $this->db->query("UPDATE " . TABLE_USER . " SET password=? WHERE uid=?", array(crypt($user['password']), (int) $user['uid'])); if ($this->db->countAffected() != 1) { return 0; } } $query = $this->db->query("UPDATE " . TABLE_USER . " SET username=?, realname=?, domain=?, dn=?, isadmin=? WHERE uid=?", array($user['username'], $user['realname'], $user['domain'], @$user['dn'], $user['isadmin'], (int) $user['uid'])); /* first, remove all his email addresses */ $query = $this->db->query("DELETE FROM " . TABLE_EMAIL . " WHERE uid=?", array((int) $user['uid'])); /* then add all the emails we have from the CGI post input */ foreach ($emails as $email) { $email = rtrim($email); if (validemail($email) == 0) { continue; } $query = $this->db->query("INSERT INTO " . TABLE_EMAIL . " (uid, email) VALUES(?,?)", array((int) $user['uid'], $email)); /* remove from memcached */ if (MEMCACHED_ENABLED) { $memcache = Registry::get('memcache'); $memcache->delete(MEMCACHED_PREFIX . $email); } } $this->update_domains_settings((int) $user['uid'], $user['domains']); $this->update_group_settings($emails[0], $user['group']); $this->update_folder_settings((int) $user['uid'], $user['folder']); return 1; }
$response->error = "Can not download cert_mail_file"; result($response); } $check = @file_get_contents($to_db['reg_mail_file']); if (!$check) { $response->error = "Can not download reg_mail_file"; result($response); } $check = @file_get_contents($to_db['failed_mail_file']); if (!$check) { $response->error = "Can not download failed_mail_file"; result($response); } if ($data['bcc_email']) { $to_db['bcc_email'] = (string) $data['bcc_email']; if (!validemail($to_db['bcc_email'])) { $response->error = "Invalid email format in bcc_email"; result($response); } } if ($data['api_password']) { $to_db['api_password'] = (string) $data['api_password']; } $DB->query("UPDATE clients SET {$DB->build_update_query($to_db)} WHERE id={$client_id}"); $response->data = array('success' => true, 'message' => 'API data has been updated'); result($response); } elseif ($mode == 'api_info') { $result = array('client_id' => $client['id'], 'api_password' => $client['api_password'], 'from_name' => $client['from_name'], 'from_email' => $client['from_email'], 'support_name' => $client['support_name'], 'support_email' => $client['support_email'], 'bcc_email' => $client['bcc_email'], 'cert_mail_file' => $client['cert_mail_file'], 'reg_mail_file' => $client['reg_mail_file'], 'failed_mail_file' => $client['failed_mail_file'], 'provision_filename' => $client['provision_filename']); $response->data = $result; result($response); } elseif ($mode == 'delete') {
public function get_email_array_from_ldap_attr($e = array()) { $data = array(); foreach ($e as $a) { syslog(LOG_INFO, "checking ldap entry dn: " . $a['dn'] . ", cn: " . $a['cn']); foreach (array("mail", "mailalternateaddress", "proxyaddresses", "zimbraMailForwardingAddress", "member", "memberOfGroup") as $mailattr) { if (isset($a[$mailattr])) { if (is_array($a[$mailattr])) { for ($i = 0; $i < $a[$mailattr]['count']; $i++) { syslog(LOG_INFO, "checking entry: " . $a[$mailattr][$i]); $a[$mailattr][$i] = strtolower($a[$mailattr][$i]); if (strchr($a[$mailattr][$i], '@')) { if (preg_match("/^([\\w]+)\\:/i", $a[$mailattr][$i], $p)) { if (isset($p[0]) && $p[0] != "smtp:") { continue; } } $email = preg_replace("/^([\\w]+)\\:/i", "", $a[$mailattr][$i]); if (validemail($email) && !in_array($email, $data)) { array_push($data, $email); } } } } else { syslog(LOG_INFO, "checking entry #2: " . $a[$mailattr]); $email = strtolower(preg_replace("/^([\\w]+)\\:/i", "", $a[$mailattr])); if (validemail($email) && !in_array($email, $data)) { array_push($data, $email); } } } } } return $data; }
echo "" . CON_SECS . ""; ?> </div> <?php $type = $_GET["type"]; $email = $_GET["email"]; if (!$type) { die; } if ($type == "noconf") { //email conf is disabled? print "<div class='confirmb'><div class='success-box'>" . PLEASE_NOW_LOGIN_REST . "</div></div>"; die; } if ($type == "signup" && validemail($email)) { if (!$site_config["ACONFIRM"]) { print "<div class='confirmb'><div class='success-box'>" . EMAIL_CHANGE_SEND . "" . " (" . htmlspecialchars($email) . "). " . "" . ACCOUNT_CONFIRM_SENT_TO_ADDY_REST . "" . "</div></div>"; } else { print "<div class='confirmb'><div class='success-box'>" . EMAIL_CHANGE_SEND . "" . " (" . htmlspecialchars($email) . "). " . "" . ACCOUNT_CONFIRM_SENT_TO_ADDY_ADMIN . "" . "</div></div>"; } } elseif ($type == "confirmed") { print "<div class='confirmb'><div class='success-box'>" . ACCOUNT_ALREADY_CONFIRMED . "</div></div>"; } elseif ($type == "invite" && $_GET["email"]) { print "<div class='confirmb'><div class='success-box'>" . "" . INVITE_SUCCESSFUL . "" . "<br /><br />" . "" . A_CONFIRMATION_EMAIL_HAS_BEEN_SENT . "" . " (" . htmlspecialchars($email) . "). " . "" . THEY_NEED_TO_READ_AND_RESPOND_TO_THIS_EMAIL . "" . "</div></div>"; } elseif ($type == "confirm") { if (isset($CURUSER)) { print "<div class='confirmb'><div class='success-box'>" . ACCOUNT_ACTIVATED . " <a href='" . $site_config["SITEURL"] . "/index.php'> " . ACCOUNT_ACTIVATED_REST . "</div></div>"; print "<div class='confirmb'><div class='success-box'>" . ACCOUNT_BEFOR_USING . " " . $site_config["SITENAME"] . " " . ACCOUNT_BEFOR_USING_REST . "</div></div>"; } else { print "<div class='confirmb'><div class='success-box'>" . ACCOUNT_ACTIVATED . "</div></div>";
// +--------------------------------------------------------------------------+ */ require_once 'include/bittorrent.php'; dbconn(); if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($use_captcha) { $b = get_row_count('captcha', 'WHERE imagehash = ' . sqlesc($_POST['imagehash']) . ' AND imagestring = ' . sqlesc($_POST['imagestring'])); sql_query('DELETE FROM captcha WHERE imagehash = ' . sqlesc($_POST['imagehash'])) or die(mysql_error()); if ($b == 0) { stderr($tracker_lang['error'], 'Вы ввели неправильный код подтверждения.'); } } if (!mkglobal('useremail:subject:message')) { stderr($tracker_lang['error'], 'Вы не заполнили все поля формы! Вернитесь назад и попробуйте еще раз.'); } if (!validemail($useremail)) { stderr($tracker_lang['error'], 'Это не похоже на реальный email адрес.'); } $ip = getip(); $username = $CURUSER['username'] ? $CURUSER['username'] : '******'; if ($CURUSER) { $userid = $CURUSER['id']; } else { $userid = 0; } $body = <<<EOD Сообщение через обратную связь на {$website_name}: -------------------------------- {$message}
public function check_your_permission_by_id_list($id = array()) { $q = $q2 = ''; $arr = $a = $result = array(); if (count($id) < 1) { return $result; } $session = Registry::get('session'); $arr = $id; for ($i = 0; $i < count($id); $i++) { $q2 .= ",?"; } $q2 = preg_replace("/^\\,/", "", $q2); if (Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) { if (validdomain($session->get("domain")) == 1) { $q .= ",?"; array_push($a, $session->get("domain")); } $auditdomains = $session->get("auditdomains"); while (list($k, $v) = each($auditdomains)) { if (validdomain($v) == 1 && !in_array($v, $a)) { $q .= ",?"; array_push($a, $v); } } } else { if (Registry::get('auditor_user') == 0) { $emails = $session->get("emails"); while (list($k, $v) = each($emails)) { if (validemail($v) == 1) { $q .= ",?"; array_push($a, $v); } } } } $q = preg_replace("/^\\,/", "", $q); if (Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 0) { $query = $this->db->query("SELECT id FROM `" . TABLE_META . "` WHERE `id` IN ({$q2})", $arr); } else { if (ENABLE_FOLDER_RESTRICTIONS == 1) { $query = $this->sphx->query("SELECT id, folder FROM " . SPHINX_MAIN_INDEX . " WHERE id IN (" . implode(",", $id) . ")"); } else { $arr = array_merge($arr, $a, $a); if (Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) { $query = $this->db->query("SELECT id FROM `" . VIEW_MESSAGES . "` WHERE `id` IN ({$q2}) AND ( `fromdomain` IN ({$q}) OR `todomain` IN ({$q}) )", $arr); } else { $query = $this->db->query("SELECT id FROM `" . VIEW_MESSAGES . "` WHERE `id` IN ({$q2}) AND ( `from` IN ({$q}) OR `to` IN ({$q}) )", $arr); } } } if ($query->num_rows > 0) { foreach ($query->rows as $q) { if (ENABLE_FOLDER_RESTRICTIONS == 1) { if (in_array($q['folder'], $session->get("folders"))) { array_push($result, $q['id']); } } else { array_push($result, $q['id']); } } } return $result; }
public function process_users($users = array(), $globals = array()) { $late_add = array(); $uids = array(); $exclude = array(); $newuser = 0; $deleteduser = 0; $n = 0; LOGGER("running process_users() ..."); /* build a list of DNs to exclude from the import */ while (list($k, $v) = each($globals)) { if (preg_match("/^reject_/", $k)) { $exclude[$v] = $v; } } foreach ($users as $_user) { if (strlen($_user['dn']) > DN_MAX_LEN) { LOGGER("ERR: too long entry: " . $_user['dn']); } if (in_array($_user['dn'], $exclude)) { LOGGER("excluding from import:" . $_user['dn']); continue; } /* Does this DN exist in the user table ? */ $__user = $this->model_user_user->get_user_by_dn($_user['dn']); if (isset($__user['uid'])) { array_push($uids, $__user['uid']); /* if so, then verify the email addresses */ $changed = 0; $emails = $this->model_user_user->get_emails_by_uid($__user['uid']); /* first let's add the new email addresses */ $ldap_emails = explode("\n", $_user['emails']); $sql_emails = explode("\n", $emails); foreach ($ldap_emails as $email) { if (!in_array($email, $sql_emails)) { $rc = $this->model_user_user->add_email($__user['uid'], $email); $changed++; /* in case of an error add it to the $late_add array() */ if ($rc == 0) { $late_add[] = array('uid' => $__user['uid'], 'email' => $email); } } } /* delete emails not present in the user's LDAP entry */ foreach ($sql_emails as $email) { if (!in_array($email, $ldap_emails)) { $rc = $this->model_user_user->remove_email($__user['uid'], $email); $changed++; } } LOGGER($_user['dn'] . ": exists, changed={$changed}"); if ($changed > 0) { $n++; } } else { /* update DN field if it's an existing user */ if (($cuid = $this->model_user_user->get_uid_by_name($_user['username'])) > 0) { $this->model_user_user->update_dn_by_uid($cuid, $_user['dn']); continue; } /* or add the new user */ $user = $this->createNewUserArray($_user['dn'], $_user['username'], $_user['realname'], $_user['emails'], $_user['samaccountname'], $globals); $user['folder'] = ''; array_push($uids, $user['uid']); $rc = $this->model_user_user->add_user($user); if ($rc == 1) { $newuser++; } } } /* add the rest to the email table */ foreach ($late_add as $new) { $rc = $this->model_user_user->add_email($new['uid'], $new['email']); if ($rc == 1) { $newuser++; } } /* delete accounts not present in the LDAP directory */ if (count($uids) > 0) { $uidlist = implode("','", $uids); $query = $this->db->query("SELECT uid, username FROM " . TABLE_USER . " WHERE domain=? AND dn != '*' AND dn LIKE '%" . $globals['ldap_basedn'] . "' AND dn is NOT NULL AND uid NOT IN ('{$uidlist}')", array($globals['domain'])); foreach ($query->rows as $deleted) { $deleteduser++; $this->model_user_user->delete_user($deleted['uid']); } } /* try to add new membership entries */ reset($users); foreach ($users as $user) { if ($user['members']) { $group = $this->model_user_user->get_user_by_dn($user['dn']); $members = explode("\n", $user['members']); if (count($members) > 0) { if (isset($group['uid'])) { $query = $this->db->query("DELETE FROM " . TABLE_EMAIL_LIST . " WHERE gid=?", array($group['uid'])); } foreach ($members as $member) { if (validemail($member)) { $__user = $this->model_user_user->get_user_by_email($member); } else { $__user = $this->model_user_user->get_user_by_dn($member); } if (isset($group['uid']) && isset($__user['uid'])) { $query = $this->db->query("INSERT INTO " . TABLE_EMAIL_LIST . " (uid, gid) VALUES(?,?)", array((int) $__user['uid'], $group['uid'])); } } } } } return array($newuser, $deleteduser); }
class_check(UC_ADMINISTRATOR); $lang = array_merge($lang, load_language('ad_adduser')); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $insert = array('username' => '', 'email' => '', 'secret' => '', 'passhash' => '', 'status' => 'confirmed', 'added' => TIME_NOW, 'last_access' => TIME_NOW); if (isset($_POST['username']) && strlen($_POST['username']) >= 5) { $insert['username'] = $_POST['username']; } else { stderr($lang['std_err'], $lang['err_username']); } if (isset($_POST['password']) && isset($_POST['password2']) && strlen($_POST['password']) > 6 && $_POST['password'] == $_POST['password2']) { $insert['secret'] = mksecret(); $insert['passhash'] = make_passhash($insert['secret'], md5($_POST['password'])); } else { stderr($lang['std_err'], $lang['err_password']); } if (isset($_POST['email']) && validemail($_POST['email'])) { $insert['email'] = $_POST['email']; } else { stderr($lang['std_err'], $lang['err_email']); } if (sql_query(sprintf('INSERT INTO users (username, email, secret, passhash, status, added, last_access) VALUES (%s)', join(', ', array_map('sqlesc', $insert))))) { $user_id = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res; stderr($lang['std_success'], sprintf($lang['text_user_added'], $user_id)); } else { if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 1062) { $res = sql_query(sprintf('SELECT id FROM users WHERE username = %s', sqlesc($insert['username']))) or sqlerr(__FILE__, __LINE__); if (mysqli_num_rows($res)) { $arr = mysqli_fetch_assoc($res); header(sprintf('refresh:3; url=userdetails.php?id=%d', $arr['id'])); } stderr($lang['std_err'], $lang['err_already_exists']);
if ($islogin) { header("Location: ?page=private"); exit; } elseif (isset($_POST['register'])) { if (!$_POST['username']) { $errormessage = $localize->Translate('error_empty_login'); } elseif (!$_POST['password']) { $errormessage = $localize->Translate('error_empty_password'); } elseif (!$_POST['email']) { $errormessage = $localize->Translate('error_empty_email'); } else { $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS); $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL); if ($_POST['password'] == $username) { $errormessage = $localize->Translate('error_invalid_passwor'); } elseif (!validemail($email)) { $errormessage = $localize->Translate('error_invalid_email'); } elseif (!validusername($username)) { $errormessage = $localize->Translate('error_invalid_login'); } else { $result = $db->query("SELECT email FROM users WHERE (email='{$email}')"); if ($db->num_rows($result) > 0) { $errormessage = $localize->Translate('error_registered_email') . $email . $localize->Translate('error_registered'); } else { $result = $db->query("SELECT username FROM users WHERE (username='******')"); if ($db->num_rows($result) > 0) { $errormessage = $username . $localize->Translate('error_registered'); } else { $secret = generateCode(); $passhash = md5($secret . $_POST['password'] . $secret); $last_login = time();
$ssl = true; } else { $ssl = false; } logincookie($CURUSER["id"], $passh, 1, 0x7fffffff, $securelogin_indentity_cookie, $ssl); //sessioncookie($CURUSER["id"], $passh); $passupdated = 1; } if ($disableemailchange != 'no' && $smtptype != 'none' && $email != $CURUSER["email"]) { if (EmailBanned($email)) { bark($lang_usercp['std_email_address_banned']); } if (!EmailAllowed($email)) { bark($lang_usercp['std_wrong_email_address_domains'] . allowedemails()); } if (!validemail($email)) { stderr($lang_usercp['std_error'], $lang_usercp['std_wrong_email_address_format'] . goback("-2"), 0); die; } $r = sql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr(); if (mysql_num_rows($r) > 0) { stderr($lang_usercp['std_error'], $lang_usercp['std_email_in_use'] . goback("-2"), 0); die; } $changedemail = 1; } if ($resetpasskey == 1) { $passkey = md5($CURUSER['username'] . date("Y-m-d H:i:s") . $CURUSER['passhash']); $updateset[] = "passkey = " . sqlesc($passkey); } if ($changedemail == 1) {
$message .= "Username already in use!<br/>"; } else { $result1a = $mysqli->query("Update sp_users set username = '******' Where userno={$userno};"); $message .= "Username updated successfully.<br/>"; $_SESSION['sp_username'] = $username; $current_username = $username; } } // Email address 1 changed if ($ed_email1 != $current_email1 and $ed_email1 != '' and validemail($ed_email1)) { $mysqli->query("Update sp_users Set email1='{$ed_email1}' Where userno={$userno}"); $current_email1 = $ed_email1; $message .= "Email updated successfully.<BR/>"; } // Email address 2 changed if ($ed_email2 != $current_email2 and $ed_email2 != '' and ($ed_mail == ' ' or validemail($ed_email2))) { $mysqli->query("Update sp_users Set email2='{$ed_email2}' Where userno={$userno};"); $current_email2 = $ed_email2; $message .= "Alternative Email updated successfully.<BR/>"; } // Change password if ($newpass == $confirm and $newpass != '') { $mysqli->query("Update sp_users Set pass='******' Where userno={$userno};"); $message .= "Your password has been successfully changed.<BR/>"; } else { if ($newpass != $confirm and $newpass != '') { $message .= "Password and confirmation did not match.<BR/>"; } } // Change map type if ($map_type != $current_map_type and $map_type != '') {