function insertUser($user, $conn)
{
$salt = createSalt();
$password = hashPassword($user['password'], $salt);
$sql = "INSERT INTO users(username, salt, password, f_name, l_name, email, group, permissions) \n\t\t\tVALUES(:username, :salt, :password, :f_name, :l_name, :email, :group, :permissions)";
$psql = $conn->prepare($sql);
$psql->execute(array(":username" => $user['username'], ":salt" => $salt, ":password" => $password, ":f_name" => $user['f_name'], ":l_name" => $user['l_name'], ":email" => $user['email'], ":group" => $user['group'], ":permissions" => $user['permissions']));
}
function createCookie($dbHandle, $username, $password)
{
$salt_t = createSalt();
$token = hash('sha256', createSalt() . hash('sha256', $salt_t));
$query = "SELECT * FROM user_list WHERE username='******' AND password='******'";
$user = $dbHandle->query($query);
$userinfo = $user->fetch_array(MYSQLI_BOTH);
$query = "UPDATE user_list SET token='{$token}', salt_t='{$salt_t}' WHERE user_id=" . $userinfo['user_id'];
$dbHandle->query($query);
setcookie("user_id", $userinfo['user_id'], time() + 3600);
setcookie("token", $token, time() + 3600);
}
function registerUser($username, $password, $email)
{
$salt = createSalt();
$password = saltPassword($password, $salt);
$user_id = createUID('users', 'user_id');
$userCreated = mysql_query("INSERT INTO users (user_id, username, password, email, salt) VALUES ('" . $user_id . "', '" . $username . "', '" . $password . "', '" . $email . "', '" . $salt . "')");
if ($userCreated) {
return createList($user_id);
} else {
$userDeleted = mysql_query("DELETE FROM users WHERE user_id = '" . $user_id . "' AND username = '******'");
return false;
}
}
}
if (!valid_email($email)) {
echo '<div class=\'error\'>Email is not valid.</div>';
return;
}
$ru = $db->query('SELECT username FROM fas_users WHERE username=\'' . $user_name . '\'');
if ($db->num_rows($ru) == 1) {
echo '<div class=\'error\'>Username is already in use.</div>';
return;
}
$ru = $db->query('SELECT email FROM fas_users WHERE email=\'' . $email . '\'');
if ($db->num_rows($ru) == 1) {
echo '<div class=\'error\'>Email is already in use.</div>';
return;
}
$salt = createSalt();
//creates a 3 character string
$pass = setPass($pass_word, $salt);
$answer = setPass($answer, $salt);
if ($email_on == '1') {
$db->query(sprintf('INSERT INTO fas_users SET
username=\'%s\',
password=\'%s\',
salt=\'%s\',
activation_key=\'%s\',
email =\'%s\',
pass_question =\'%s\',
pass_answer =\'%s\',
joindate=\'%u\'', $user_name, $pass, $salt, $activation_number, $email, $question, $answer, $time));
echo '<div class=\'msg\'>Your account has been created! <br /> <font color=red>However, this board requires account activation, an activation key has been sent to the e-mail address you provided. Please check your e-mail for further information.</font></div>';
$subject = 'Welcome to ' . $sitename . '';
function writebody()
{
global $db, $domain, $sitename, $cachelife, $template, $gamesfolder, $thumbsfolder, $limitboxgames, $seo_on, $blogentriesshown, $enabledcode_on, $comments_on, $directorypath, $autoapprovecomments, $gamesonpage, $abovegames, $belowgames, $showwebsitelimit, $supportemail, $showblog, $blogentriesshown, $blogcharactersshown, $blogcommentpermissions, $blogcommentsshown, $blogfollowtags, $blogcharactersrss, $usrdata, $userid, $email_on;
if (isset($_POST['submit'])) {
$time = time();
$user_name = clean($_POST['user_name']);
$pass_word = clean($_POST['pass_word']);
$pass_word2 = clean($_POST['pass_word2']);
$email = clean($_POST['email']);
$question = clean($_POST['question']);
$answer = clean($_POST['answer']);
$activation_number = rand();
if (strlen($user_name) > '16') {
echo '<div class=\'error\'>The username you entered is to long.</div>';
return;
}
if (!$user_name || !$pass_word || !$pass_word2 || !$email || !$question || !$answer) {
echo '<div class=\'error\'>You\'ve not filled all required fields in.</div>';
return;
}
if (!valid_email($email)) {
echo '<div class=\'error\'>Email is not valid.</div>';
return;
}
$ru = $db->query('SELECT username FROM fas_users WHERE username=\'' . $user_name . '\'');
if ($db->num_rows($ru) == 1) {
echo '<div class=\'error\'>Username is already in use.</div>';
return;
}
$ru = $db->query('SELECT email FROM fas_users WHERE email=\'' . $email . '\'');
if ($db->num_rows($ru) == 1) {
echo '<div class=\'error\'>Email is already in use.</div>';
return;
}
$salt = createSalt();
//creates a 3 character string
$pass = setPass($pass_word, $salt);
$answer = setPass($answer, $salt);
if ($email_on == '1') {
$db->query(sprintf('INSERT INTO fas_users SET
username=\'%s\',
password=\'%s\',
salt=\'%s\',
activation_key=\'%s\',
email =\'%s\',
pass_question =\'%s\',
pass_answer =\'%s\',
joindate=\'%u\'', $user_name, $pass, $salt, $activation_number, $email, $question, $answer, $time));
echo '<div class=\'msg\'>Your account has been created! <br /> <font color=red>However, this board requires account activation, an activation key has been sent to the e-mail address you provided. Please check your e-mail for further information.</font></div>';
$subject = 'Welcome to ' . $sitename . '';
$message = 'Dear ' . $user_name . ',<br>Thank you for registering at <a href="' . $domain . '">' . $sitename . '</a>,<br /> Please visit the following link in order to activate your account:<br /><br />
<a href="' . $domain . '/index.php?action=activate&id=' . $activation_number . '">Activate</a><br /><br />Your password has been securely stored in our database and cannot be retrieved. In the event that it is forgotten, you will be able to reset it using the email address associated with your account.<br /><br />Thanks again,<br />' . $sitename . ' administration';
$headers = 'From: ' . $supportemail . '' . "\r\n" . 'Content-Type: text/html; charset=\\"iso-8859-1\\"' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
mail($email, $subject, $message, $headers);
} else {
$db->query(sprintf('INSERT INTO fas_users SET
username=\'%s\',
password=\'%s\',
salt=\'%s\',
activation_key=\'%s\',
email =\'%s\',
pass_question =\'%s\',
pass_answer =\'%s\',
joindate=\'%u\'', $user_name, $pass, $salt, '0', $email, $question, $answer, $time));
echo '<div class=\'msg\'>Success, you\'ve now registered.</div>';
}
return;
}
if ($seo_on == 1) {
$surl = '' . $domain . '/signup/';
} else {
$surl = '' . $domain . '/index.php?action=signup';
}
echo '<form action=\'' . $surl . '\' method=\'post\'>
<table width=\'100%\' border=\'0\' align=\'center\'>
<tr>
<th colspan=\'2\' align=\'center\' class=\'header\'>Register now!</th>
</tr>
<tr>
<td class=\'content\'>User Name:*<br /><small>Must be unique, letters and numbers only!</small></td>
<td class=\'content\'><input type=\'text\' name=\'user_name\' size=\'40\' /></td>
</tr>
<tr>
<td class=\'content\'>Password:*<br /><small>Must be unique, letters and numbers only!</small></td>
<td class=\'content\'><input type=\'password\' name=\'pass_word\' size=\'40\' /></td>
</tr>
<tr>
<td class=\'content\'>Repeat Password:*</td>
<td class=\'content\'><input type=\'password\' name=\'pass_word2\' size=\'40\' /></td>
</tr>
<tr>
<td class=\'content\'>Email:*<br /><small>Email must be valid!</small></td>
<td class=\'content\'><input type=\'text\' name=\'email\' size=\'40\' /></td>
</tr>
<tr>
<td class=\'content\'>Question:*<br /><small>If you forgot your password!</small></td>
<td class=\'content\'><input type=\'text\' name=\'question\' size=\'40\' /></td>
</tr>
<tr>
<td class=\'content\'>Answer:*<br /><small>If you forgot your password!</small></td>
<td class=\'content\'><input type=\'text\' name=\'answer\' size=\'40\' /></td>
</tr>
<tr>
<td colspan=\'2\' align=\'center\' class=\'content\'><input type=\'submit\' name=\'submit\' value=\'Signup Now\' /></td>
</tr>
</table>
</form>';
}
function askSalt($login)
{
global $PHP_SELF;
global $DBHost, $DBUserName, $DBPassword, $DBName, $AcceptUnknownUser;
$link = mysql_connect($DBHost, $DBUserName, $DBPassword) or die("0:Can't connect to database host:{$DBHost} user:{$DBUserName}");
mysql_select_db($DBName) or die("0:Can't access to the table dbname:{$DBName}");
$query = "SELECT Password FROM user WHERE Login='******'";
$result = mysql_query($query) or die("0:Can't execute the query: " . $query);
if (mysql_num_rows($result) != 1) {
if ($AcceptUnknownUser) {
$salt = createSalt();
} else {
die("0:Unknown login {$login} (error code 64)");
}
} else {
$res_array = mysql_fetch_array($result);
$salt = substr($res_array['Password'], 0, 2);
}
echo "1:" . $salt;
mysql_close($link);
}
// Mysql_num_row is counting table row
$count = mysqli_num_rows($result);
if ($count >= 1) {
echo "registered";
} else {
$_SESSION["newPhotographerEmail"] = $txtEmail;
$_SESSION["newPhotographerPassword"] = $txtPassword;
//Query for inserting record in photographer master.
$insert_slq_photographer_master = "INSERT INTO {$table_photographer_master}\n\t\t(`{$field_photographer_email}`,\n\t\t\t`{$field_photographer_registered}`\n\t\t\t) VALUES (\n\t\t\t'{$txtEmail}', \n\t\t\tCURRENT_TIMESTAMP)";
//Performing the insert query in database
mysqli_query($con, $insert_slq_photographer_master);
//Extracting the variables from post.
$txtPhotographerId = mysqli_insert_id($con);
$_SESSION["newPhotgrapherId"] = $txtPhotographerId;
//Creating the different salt
$txtSalt = createSalt();
//Generating the encrypted password from password inserted by the user
//and genereted salt.
$txtHashPassword = encryptPassword($txtPassword, $txtSalt);
//Query for inserting record in photographer login.
$insert_sql_photographer_login = "******";
//Performing the insert query in database
mysqli_query($con, $insert_sql_photographer_login);
echo "nextStep";
}
}
//else {
//setcookie("cookieEmail",$txtEmail);
//setcookie("cookiePassword", $txtPassword);
//header("location:photographerRegistration_step2.php");
//}
function question()
{
global $db, $domain, $sitename, $cachelife, $template, $gamesfolder, $thumbsfolder, $limitboxgames, $seo_on, $blogentriesshown, $enabledcode_on, $comments_on, $directorypath, $autoapprovecomments, $gamesonpage, $abovegames, $belowgames, $ads1, $ads2, $ads3, $bannersleft, $showwebsitelimit, $supportemail, $showblog, $blogentriesshown, $blogcharactersshown, $blogcommentpermissions, $blogcommentsshown, $blogfollowtags, $blogcharactersrss, $usrdata, $userid, $showpages;
if (isset($_POST['submit'])) {
$answer = clean($_POST['answer']);
$username = clean($_GET['username']);
if (!$username || !$answer) {
echo '<div class=\'error\'>You\'ve not filled all required fields in.</div>';
return;
}
$r = $db->query(sprintf('SELECT * FROM fas_users WHERE username=\'%s\'', $username));
$ir = $db->fetch_row($r);
$salt = $ir['salt'];
//check if the salt exists
if (empty($salt)) {
$salt = createSalt();
//creates a 3 character string
}
$answer = checkPass($answer, $salt);
if (!$db->num_rows($r)) {
//check if user exists and answer is corect
echo '<div class=\'error\'>Your username is incorrect. Please try again!</div>';
return;
} elseif ($answer != $ir['pass_answer']) {
echo '<div class=\'error\'>Your security answer is incorrect. Please try again!</div>';
return;
} else {
$email = clean($ir['email']);
$pass_word = rand();
$subject = 'Password Reset';
$message = 'Hello ' . $username . ',<br><br>You are receiving this notification because you have (or someone pretending to be you has) requested a new password be sent for your account on <a href="' . $domain . '">' . $sitename . '</a>.<br> Your password has been reset, your new password is: ' . $pass_word . '.<br><br> You can of course change this password yourself via the profile page. If you have any difficulties please contact the board administrator.
<br><br>Best regards,<br>' . $sitename . ' administration';
$headers = 'From: ' . $supportemail . '' . "\r\n" . 'Content-Type: text/html; charset=\\"iso-8859-1\\"' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
mail($email, $subject, $message, $headers);
$pass = setPass($pass_word, $salt);
mysql_query("UPDATE fas_users SET password='******', salt='{$salt}' WHERE username='******' AND pass_answer='{$answer}'");
echo '<div class=\'msg\'><font color=red>Your password has been reset, please check your email for the new password!</font></div>';
}
} else {
$username = clean($_GET['username']);
$r = $db->query(sprintf('SELECT * FROM fas_users WHERE username=\'%s\'', $username));
$ir = $db->fetch_row($r);
$question = $ir['pass_question'];
if (!$db->num_rows($r)) {
echo '<div class=\'error\'>Our records show there is no account with the username: <i>' . $username . '</i>!</div>';
return;
} else {
$surl = '' . $domain . '/index.php?action=forgotpassword&case=question&username='******'';
echo '<div id="container">
<div id="content-container">
<div id="side">';
include "includes/blocks.php";
echo '</div>
<div id="content">
<div class="content_nav">Forgot Password?</div>
<div style="clear:both"></div>';
echo '<form action=\'' . $surl . '\' method=\'post\'>
<table width=\'100%\' border=\'0\' align=\'center\'>
<tr>
<td class=\'content\'>' . $question . ':</td>
<td class=\'content\'><input type=\'text\' name=\'answer\' size=\'35\' /></td>
</tr>
<tr>
<td colspan=\'2\' align=\'center\' class=\'content\'><input type=\'submit\' name=\'submit\' value=\'Get new pass!\' /></td>
</tr>
</table>
</form>
';
}
}
}
function writebody()
{
global $db, $domain, $sitename, $domain, $template, $gamesfolder, $thumbsfolder, $limitboxgames, $seo_on, $blogentriesshown, $enabledcode_on, $comments_on, $directorypath, $autoapprovecomments, $gamesonpage, $abovegames, $belowgames, $showwebsitelimit, $supportemail, $showblog, $blogentriesshown, $blogcharactersshown, $blogcommentpermissions, $blogcommentsshown, $blogfollowtags, $blogcharactersrss, $usrdata, $userid;
if (isset($_POST['submit'])) {
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$r = $db->query(sprintf('SELECT * FROM fas_users WHERE username=\'%s\'', $username));
if (!$db->num_rows($r)) {
echo "<div class='error'>The username you entered does not exist!</div>";
} else {
$ir = $db->fetch_row($r);
if ($ir['activation_key'] == "0") {
$salt = $ir['salt'];
$password1 = checkPass($password, $salt);
if ($password1 == $ir['password']) {
$_SESSION['username'] = $username;
$_SESSION['userid'] = $ir['userid'];
$_SESSION['website'] = $ir['website'];
$_SESSION['signature'] = $ir['signature'];
$_SESSION['bloglevel'] = $ir['bloglevel'];
echo '<div class=\'msg\'>You\'ve now logged on.</div>';
echo '<meta http-equiv="REFRESH" content="0;url=' . $domain . '">';
} elseif (md5($password) == $ir['password']) {
$salt = createSalt();
//creates a 3 character string
$newPass = setPass($password, $salt);
$db->query(sprintf('UPDATE fas_users SET password = \'%s\', salt = \'%s\' WHERE username = \'%s\'', $newPass, $salt, $username));
$_SESSION['username'] = $username;
$_SESSION['userid'] = $ir['userid'];
$_SESSION['website'] = $ir['website'];
$_SESSION['signature'] = $ir['signature'];
$_SESSION['bloglevel'] = $ir['bloglevel'];
echo '<div class=\'msg\'>You\'ve now logged on.</div>';
echo '<meta http-equiv="REFRESH" content="0;url=' . $domain . '">';
} else {
echo "<div class='error'>Your password is incorrect!</div>";
}
} else {
echo "<div class='error'>You need to activate your account first!</div>";
}
}
} else {
if ($seo_on == 1) {
$url = '' . $domain . '/login/';
$forgot = '' . $domain . '/forgotpassword/';
} else {
$url = '' . $domain . '/index.php?action=login';
$forgot = '' . $domain . '/index.php?action=forgotpassword';
}
echo '<form action=\'' . $url . '\' method=\'post\'>
<table width="100%" border="0" cellpadding="0" cellspacing="1" align="center">
<tr>
<td class=\'header\' colspan=\'2\'>Log In</td>
</tr>
<tr>
<td class=\'content\'>Username:</td>
<td class=\'content\'><input type=\'text\' name=\'username\' size=\'37\' /></td>
</tr>
<tr>
<td class=\'content\'>Password:</td>
<td class=\'content\'><input type=\'password\' name=\'password\' size=\'37\' /></td>
</tr>
<tr>
<td class=\'content\' colspan=\'2\'><a href=\'' . $forgot . '\'>Forgot password?</a></td>
</tr>
<tr>
<td class=\'content\' colspan=\'2\' align=\'center\'><input type=\'submit\' name=\'submit\' value="login" /></td>
</tr>
</table>
</form>';
}
}
<?php
session_start();
require 'connect.php';
//generate two fields
$pass = hash('sha256', $_POST[new_pass]);
function createSalt()
{
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}
$salt1 = createSalt();
$pass = hash('sha256', $salt1 . $pass);
//end generating salt
$query = "update acc_dtls set password='******',salt='{$salt1}' where email='{$_SESSION['email']}'";
//query ends here
if (!mysqli_query($con, $query)) {
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
header('location:index.php');
?>
?>
function register($data)
{
require_once 'control.php';
$this->firstname = encode5t($data['fname']);
$this->lastname = encode5t($data['lname']);
$this->email = $data['email'];
$this->salt = createSalt();
if ($data['password']) {
$this->secret = createHash($this->salt, $data['password']);
} else {
$this->secret = createHash($this->salt, $data['fname'] . '_' . $data['lname'] . '_' . substr($data['email'], 0, 4));
}
$this->verified = false;
$this->authorize = getToken(32);
$this->req = getToken(32);
$this->perma = getToken(32);
if (!$data['avatar']) {
$this->avatar = '';
} else {
$this->avatar = $data['avatar'];
}
$this->sup = false;
$this->part = false;
$this->corp = false;
$this->sql = "INSERT INTO ident (fname,lname,email,salt,secret,verified,authorize,req,perma,sup,part,corp,avatar) VALUES ('{$this->firstname}','{$this->lastname}','{$this->email}','{$this->salt}','{$this->secret}','{$this->verified}','{$this->authorize}','{$this->req}','{$this->perma}','{$this->sup}','{$this->part}','{$this->corp}','{$this->avatar}');";
return $this->sql;
}
<?php
$content_tpl->set_block("F_CONTENT", "B_MESSAGE_MAIL_SENT", "H_MESSAGE_MAIL_SENT");
$content_tpl->set_block("F_CONTENT", "B_MESSAGE", "H_MESSAGE");
$content_tpl->set_block("F_CONTENT", "B_WARNING_USERNAME", "H_WARNING_USERNAME");
$content_tpl->set_block("F_CONTENT", "B_WARNING", "H_WARNING");
$content_tpl->set_block("F_CONTENT", "B_MAIL_SUBJECT", "H_MAIL_SUBJECT");
$content_tpl->set_block("F_CONTENT", "B_MAIL_BODY", "H_MAIL_BODY");
$username = dbEscape($_REQUEST['username']);
$users_ref = dbQuery("SELECT * FROM `{$cfg['db_table_prefix']}users` " . "WHERE `username` = '{$username}'");
if ($users_row = dbFetch($users_ref)) {
// Generate password
$rand_num = mt_rand();
$new_password = crypt($rand_num, createSalt());
$new_encrypted_password = crypt($new_password, createSalt());
dbQuery("UPDATE `{$cfg['db_table_prefix']}users` SET `new_password` = '{$new_encrypted_password}' WHERE `id` = {$users_row['id']}");
// Send a mail
$to = $users_row['email'];
// Subject
$content_tpl->set_var("I_TOURNEY_NAME", $cfg['tourney_name']);
$content_tpl->parse("MAIL_SUBJECT", "B_MAIL_SUBJECT");
$subject = $content_tpl->get("MAIL_SUBJECT");
// Message
$content_tpl->set_var("I_USERNAME", $users_row['username']);
$content_tpl->set_var("I_NEW_PASSWORD", $new_password);
$content_tpl->set_var("I_ACTIVATION_URL", $cfg['host'] . $cfg['path'] . "index.php?mod=users&act=activation_login");
$content_tpl->parse("MAIL_BODY", "B_MAIL_BODY");
$message = $content_tpl->get("MAIL_BODY");
sendMail($to, $subject, $message, $cfg['mail_from_address'], $cfg['mail_reply_to_address'], $cfg['mail_return_path'], $cfg['mail_bcc_address']);
$content_tpl->parse("H_MESSAGE_MAIL_SENT", "B_MESSAGE_MAIL_SENT");
$content_tpl->parse("H_MESSAGE", "B_MESSAGE");
}
if ($_REQUEST['irc_channel'] == "") {
$is_complete = 0;
$content_tpl->parse("H_WARNING_IRC_CHANNEL", "B_WARNING_IRC_CHANNEL");
}
if ($_REQUEST['id_country'] == "") {
$is_complete = 0;
$content_tpl->parse("H_WARNING_COUNTRY", "B_WARNING_COUNTRY");
}
if ($is_complete) {
// Notification
if (!isset($_REQUEST['notify'])) {
$_REQUEST['notify'] = 0;
}
// Encrypt password
$password = crypt($_REQUEST['password'], createSalt());
// Register an account
$id_country = intval($_REQUEST['id_country']);
$email = dbEscape($_REQUEST['email']);
$irc_channel = dbEscape($_REQUEST['irc_channel']);
$notify = intval($_REQUEST['notify']);
dbQuery("INSERT INTO `{$cfg['db_table_prefix']}users` " . "(`username`, `id_country`, `password`, `email`, `irc_channel`, `notify`, `submitted`) " . "VALUES ('{$username}', {$id_country}, " . "'{$password}', '{$email}', '{$irc_channel}', {$notify}, NOW())");
// Sign up
$signup = false;
if ($season['status'] == "signups" and $_REQUEST['signup'] == 1) {
$users_ref = dbQuery("SELECT * FROM `{$cfg['db_table_prefix']}users` " . "WHERE `username` = '{$username}'");
$users_row = dbFetch($users_ref);
dbQuery("INSERT INTO `{$cfg['db_table_prefix']}season_users` " . "(`ip`, `submitted`, `usertype_player`, `id_season`, `id_user`) " . "VALUES ('{$_SERVER['REMOTE_ADDR']}', NOW(), 1, {$season['id']}, {$users_row['id']})");
$signup = true;
}
// Send a mail to the player that signed up
$content_tpl->parse("H_MESSAGE", "B_MESSAGE");
}
if (!$is_complete) {
$content_tpl->parse("H_WARNING", "B_WARNING");
$content_tpl->parse("H_BACK", "B_BACK");
}
} elseif ($_REQUEST['opt'] != "" and ($user['usertype_headadmin'] or $user['usertype_root'])) {
$is_complete = 1;
if ($_REQUEST['password'] == "") {
$is_complete = 0;
$content_tpl->parse("H_WARNING_PASSWORD", "B_WARNING_PASSWORD");
}
if ($_REQUEST['password'] != $_REQUEST['password_retyped']) {
$is_complete = 0;
$content_tpl->parse("H_WARNING_PASSWORD_RETYPED", "B_WARNING_PASSWORD_RETYPED");
}
if ($is_complete) {
$id_user = intval($_REQUEST['opt']);
$password = dbEscape(crypt($_REQUEST['password'], createSalt()));
dbQuery("UPDATE `{$cfg['db_table_prefix']}users` SET " . "`password` = '{$password}' " . "WHERE `id` = {$id_user}");
$content_tpl->parse("H_MESSAGE_PASSWORD_EDITED", "B_MESSAGE_PASSWORD_EDITED");
$content_tpl->parse("H_MESSAGE", "B_MESSAGE");
}
if (!$is_complete) {
$content_tpl->parse("H_WARNING", "B_WARNING");
$content_tpl->parse("H_BACK", "B_BACK");
}
} else {
$content_tpl->parse("H_WARNING_NO_ACCESS", "B_WARNING_NO_ACCESS");
$content_tpl->parse("H_WARNING", "B_WARNING");
}
