Exemplos de código com doupdate_referral em PHP

Exemplo n.º 1

0

Exibir arquivo

Arquivo: user.php Projeto: scamp/minimanager

function doedit_user()
{
    global $lang_global, $realm_db, $mmfpm_db, $user_lvl, $user_name, $action_permission;
    valid_login($action_permission['update']);
    if ((!isset($_POST['pass']) || $_POST['pass'] === '') && (!isset($_POST['mail']) || $_POST['mail'] === '') && (!isset($_POST['expansion']) || $_POST['expansion'] === '') && (!isset($_POST['referredby']) || $_POST['referredby'] === '')) {
        redirect("user.php?action=edit_user&&id={$_POST['id']}&error=1");
    }
    $sqlr = new SQL();
    $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
    $id = $sqlr->quote_smart($_POST['id']);
    $username = $sqlr->quote_smart($_POST['username']);
    $banreason = $sqlr->quote_smart($_POST['banreason']);
    $pass = $sqlr->quote_smart($_POST['pass']);
    $user_pass_change = $pass != sha1(strtoupper($username) . ":******") ? "username='******',sha_pass_hash='{$pass}'," : "";
    $mail = isset($_POST['mail']) && $_POST['mail'] != '' ? $sqlr->quote_smart($_POST['mail']) : "";
    $failed = isset($_POST['failed']) ? $sqlr->quote_smart($_POST['failed']) : 0;
    $gmlevel = isset($_POST['gmlevel']) ? $sqlr->quote_smart($_POST['gmlevel']) : 0;
    $expansion = isset($_POST['expansion']) ? $sqlr->quote_smart($_POST['expansion']) : 1;
    $banned = isset($_POST['banned']) ? $sqlr->quote_smart($_POST['banned']) : 0;
    $locked = isset($_POST['locked']) ? $sqlr->quote_smart($_POST['locked']) : 0;
    $referredby = $sqlr->quote_smart(trim($_POST['referredby']));
    //make sure username/pass at least 4 chars long and less than max
    if (strlen($username) < 4 || strlen($username) > 15) {
        redirect("user.php?action=edit_user&id={$id}&error=8");
    }
    if ($gmlevel >= $user_lvl) {
        redirect("user.php?action=edit_user&&id={$_POST['id']}&error=16");
    }
    require_once "libs/valid_lib.php";
    if (!valid_alphabetic($username)) {
        redirect("user.php?action=edit_user&error=9&id={$id}");
    }
    //restricting accsess to lower gmlvl
    $result = $sqlr->query("SELECT gmlevel,username FROM account WHERE id = '{$id}'");
    if ($user_lvl <= $sqlr->result($result, 0, 'gmlevel') && $user_name != $sqlr->result($result, 0, 'username')) {
        redirect("user.php?error=14");
    }
    if (!$banned) {
        $sqlr->query("DELETE FROM account_banned WHERE id='{$id}'");
    } else {
        $result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '{$id}'");
        if (!$sqlr->result($result, 0)) {
            $sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)\r\n                 VALUES ({$id}, " . time() . "," . (time() + 365 * 24 * 3600) . ",'{$user_name}','{$banreason}', 1)");
        }
    }
    $sqlr->query("UPDATE account SET email='{$mail}', {$user_pass_change} v=0,s=0,failed_logins='{$failed}',locked='{$locked}',expansion='{$expansion}' WHERE id='{$id}'");
    $sqlr->query("UPDATE account SET gmlevel='{$gmlevel}' WHERE id='{$id}'");
    if (doupdate_referral($referredby, $id) || $sqlr->affected_rows()) {
        redirect("user.php?action=edit_user&error=13&id={$id}");
    } else {
        redirect("user.php?action=edit_user&error=12&id={$id}");
    }
}

Exemplo n.º 2

0

Exibir arquivo

Arquivo: edit.php Projeto: Refuge89/World-of-Warcraft-Trinity-Core-MaNGOS

function doedit_user()
{
    global $output, $user_name, $dbc_db, $logon_db, $corem_db, $send_mail_on_email_change, $lang, $defaultoption, $achievement_point_points, $achievement_point_credits, $credits_fractional, $url_path, $format_mail_html, $GMailSender, $smtp_cfg, $title, $sql, $core;
    if ((empty($_POST["pass"]) || $_POST["pass"] == "") && (empty($_POST["mail"]) || $_POST["mail"] == "") && (empty($_POST["expansion"]) || $_POST["expansion"] == "") && (empty($_POST["referredby"]) || $_POST["referredby"] == "")) {
        redirect("edit.php?error=1");
    }
    // ArcEmu: find out if we're using an encrypted password for this account
    if ($core == 1) {
        $pass_query = "SELECT * FROM accounts WHERE login='******' AND encrypted_password<>''";
        $pass_result = $sql["logon"]->query($pass_query);
        $arc_encrypted = $sql["logon"]->num_rows($pass_result);
    }
    // password
    if ($_POST["user_pass"] != "******") {
        if ($core == 1) {
            if ($arc_encrypted) {
                $new_pass = "******" . $sql["logon"]->quote_smart($_POST["pass"]) . "', ";
            } else {
                $new_pass = "******" . $sql["logon"]->quote_smart($_POST["pass"]) . "', ";
            }
        } else {
            $new_pass = "******" . $sql["logon"]->quote_smart($_POST["pass"]) . "', ";
        }
    }
    // other
    $screenname = $sql["logon"]->quote_smart(trim($_POST["screenname"]));
    $new_mail = $sql["logon"]->quote_smart(trim($_POST["mail"]));
    $new_expansion = isset($_POST["expansion"]) ? $sql["logon"]->quote_smart(trim($_POST["expansion"])) : $defaultoption;
    $referredby = $sql["logon"]->quote_smart(trim($_POST["referredby"]));
    $points_to_spend = is_numeric($_POST["points_to_spend"]) && $_POST["points_to_spend"] >= 0 ? $_POST["points_to_spend"] : 0;
    // if we received a Screen Name, make sure it does not conflict with other Screen Names or with
    // the game server's login names.
    if ($screenname) {
        $query = "SELECT * FROM config_accounts WHERE ScreenName='" . $screenname . "'";
        $sn_result = $sql["mgr"]->query($query);
        $sn = $sql["mgr"]->fetch_assoc($sn_result);
        if ($sn["Login"] != $user_name) {
            if ($sql["mgr"]->num_rows($sn_result) != 0) {
                redirect("edit.php?error=6");
            }
            if ($core == 1) {
                $query = "SELECT * FROM accounts WHERE login='******'";
            } else {
                $query = "SELECT * FROM account WHERE username='******'";
            }
            $sn_result = $sql["logon"]->query($query);
            if ($sql["logon"]->num_rows($sn_result) != 0) {
                redirect("edit.php?error=6");
            }
        }
    }
    // set screen name
    if ($screenname) {
        $sn_check_query = "SELECT * FROM config_accounts WHERE Login='******'";
        $sn_check_result = $sql["mgr"]->query($sn_check_query);
        // don't add a new entry if we already have one
        if ($sql["mgr"]->num_rows($sn_check_result) == 0) {
            $sn_result = $sql["mgr"]->query("INSERT INTO config_accounts (Login, ScreenName) VALUES ('" . $user_name . "', '" . $screenname . "')");
        } else {
            $sn_result = $sql["mgr"]->query("UPDATE config_accounts SET ScreenName='" . $screenname . "' WHERE Login='******'");
        }
    }
    //make sure the mail is valid mail format
    require_once "libs/valid_lib.php";
    if (!(valid_email($new_mail) && strlen($new_mail) < 225)) {
        redirect("edit.php?error=2");
    }
    // find out if our email changed
    if ($core == 1) {
        $email_query = "SELECT email FROM accounts WHERE login='******'";
    } else {
        $email_query = "SELECT email FROM account WHERE username='******'";
    }
    $email_result = $sql["logon"]->query($email_query);
    $email = $sql["logon"]->fetch_assoc($email_result);
    // if it did change, then save it
    // if we didn't have an email address already, we just accept the new one
    if ($email["email"] != "" && $email["email"] != $new_mail) {
        // if we have to send a confirm message, do so
        // if not, we're clear to just save it as usual
        if ($send_mail_on_email_change) {
            // generate a private key based on the new email
            $new_mail_sha = sha1($new_mail);
            // prepare our confirmation message
            if ($format_mail_html) {
                $file_name = "lang/mail_templates/" . $lang . "/change_email.tpl";
            } else {
                $file_name = "lang/mail_templates/" . $lang . "/change_email_nohtml.tpl";
            }
            $fh = fopen($file_name, "r");
            $subject = fgets($fh, 4096);
            $body = fread($fh, filesize($file_name));
            fclose($fh);
            $mail = $email["email"];
            $subject = str_replace("<title>", $title, $subject);
            if ($format_mail_html) {
                $body = str_replace("\n", "<br />", $body);
                $body = str_replace("\r", " ", $body);
            }
            $body = str_replace("<username>", $user_name, $body);
            $body = str_replace("<email>", $new_mail, $body);
            $body = str_replace("<key>", $new_mail_sha, $body);
            $body = str_replace("<title>", $title, $body);
            $server_addr = $_SERVER["SERVER_PORT"] != 80 ? $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] : $_SERVER["SERVER_NAME"];
            // if we aren't installed in / then append the path to $server_addr
            $server_addr .= $url_path != "" ? $url_path : "";
            $body = str_replace("<base_url>", $server_addr, $body);
            if ($GMailSender) {
                require_once "libs/mailer/authgMail_lib.php";
                $fromName = $title . " Admin";
                authgMail($from_mail, $fromName, $mail, $mail, $subject, $body, $smtp_cfg);
            } else {
                require_once "libs/mailer/class.phpmailer.php";
                $mailer = new PHPMailer();
                $mailer->Mailer = $mailer_type;
                if ($mailer_type == "smtp") {
                    $mailer->Host = $smtp_cfg["host"];
                    $mailer->Port = $smtp_cfg["port"];
                    if ($smtp_cfg["user"] != "") {
                        $mailer->SMTPAuth = true;
                        $mailer->Username = $smtp_cfg["user"];
                        $mailer->Password = $smtp_cfg["pass"];
                    }
                }
                $mailer->WordWrap = 50;
                $mailer->From = $from_mail;
                $mailer->FromName = $title . " Admin";
                $mailer->Subject = $subject;
                $mailer->IsHTML($format_mail_html);
                $mailer->Body = $body;
                $mailer->AddAddress($mail);
                $mailer->Send();
                $mailer->ClearAddresses();
            }
            // save new email
            $temp_email_query = "UPDATE config_accounts SET TempEmail='" . $new_mail . "' WHERE Login='******'";
            $temp_email_result = $sql["mgr"]->query($temp_email_query);
            // save OLD email back for now
            $new_mail = $email["email"];
        }
    }
    // Achievement Points to Credits
    // just to be sure we have no cheating
    if ($achievement_point_credits) {
        if ($credits_fractional) {
            $new_credits = $achievement_point_credits / $achievement_point_points * $points_to_spend;
        } else {
            $new_credits = float($achievement_point_credits / $achievement_point_points * $points_to_spend);
        }
        $points_query = "UPDATE config_accounts SET Credits=Credits+'" . $new_credits . "', AchievePointsSpent=AchievePointsSpent+'" . $points_to_spend . "' WHERE Login='******'";
        $points_result = $sql["mgr"]->query($points_query);
    }
    // Overriding Remember Me is done via a cookie
    // usage is backward from the name
    // 1 = show check box
    // 0 = hide
    if (!isset($_POST["override"])) {
        $override = 0;
    } else {
        $override = 1;
    }
    if ($override != $_COOKIE["corem_override_remember_me"] || !isset($_COOKIE["corem_override_remember_me"])) {
        if ($override) {
            setcookie("corem_override_remember_me", "1", time() + 60 * 60 * 24 * 30);
        } else {
            setcookie("corem_override_remember_me", "0", time() + 60 * 60 * 24 * 30);
        }
        $other_changes = 1;
    }
    // change other settings
    if ($core == 1) {
        $query = "UPDATE accounts SET email='" . $new_mail . "', " . $new_pass . " flags='" . $new_expansion . "' WHERE login='******'";
    } else {
        $query = "UPDATE account SET email='" . $new_mail . "', " . $new_pass . " expansion='" . $new_expansion . "', v=0, s=0 WHERE username='******'";
    }
    $acct_result = $sql["logon"]->query($query);
    if (doupdate_referral($referredby) || $acct_result || $sn_result || $other_changes) {
        redirect("edit.php?error=3");
    } else {
        redirect("edit.php?error=4");
    }
}

Exemplo n.º 3

0

Exibir arquivo

Arquivo: edit.php Projeto: BACKUPLIB/minimanager

function doedit_user(&$sqlr, &$sqlc)
{
    global $output, $user_name;
    if ((empty($_POST['pass']) || $_POST['pass'] === '') && (empty($_POST['mail']) || $_POST['mail'] === '') && (empty($_POST['expansion']) || $_POST['expansion'] === '') && (empty($_POST['referredby']) || $_POST['referredby'] === '')) {
        redirect('edit.php?error=1');
    }
    $new_pass = $sqlr->quote_smart($_POST['pass']) == sha1(strtoupper($user_name) . ':******') ? '' : 'sha_pass_hash=\'' . $sqlr->quote_smart($_POST['pass']) . '\', ';
    $new_mail = $sqlr->quote_smart(trim($_POST['mail']));
    $new_expansion = $sqlr->quote_smart(trim($_POST['expansion']));
    $referredby = $sqlr->quote_smart(trim($_POST['referredby']));
    //make sure the mail is valid mail format
    if (valid_email($new_mail) && strlen($new_mail) < 225) {
    } else {
        redirect('edit.php?error=2');
    }
    $sqlr->query('UPDATE account SET email = \'' . $new_mail . '\', ' . $new_pass . ' v=0, s=0, expansion = \'' . $new_expansion . '\' WHERE username = \'' . $user_name . '\'');
    if (doupdate_referral($referredby, $sqlr, $sqlc) || $sqlr->affected_rows()) {
        redirect('edit.php?error=3');
    } else {
        redirect('edit.php?error=4');
    }
}

Exemplo n.º 4

0

Exibir arquivo

Arquivo: user.php Projeto: GlassFace/CoreManager2

function doedit_user()
{
    global $logon_db, $corem_db, $corem_db, $user_id, $user_lvl, $defaultoption, $user_name, $action_permission, $sql, $core;
    valid_login($action_permission["update"]);
    if ((!isset($_POST["pass"]) || $_POST["pass"] === '') && (!isset($_POST["mail"]) || $_POST["mail"] === '') && (!isset($_POST["expansion"]) || $_POST["expansion"] === '') && (!isset($_POST["referredby"]) || $_POST["referredby"] === '')) {
        redirect("user.php?action=edit_user&acct={$_POST["acct"]}&error=1");
    }
    $acct = $sql["logon"]->quote_smart($_POST["acct"]);
    $login = $sql["logon"]->quote_smart($_POST["login"]);
    $screenname = $sql["mgr"]->quote_smart($_POST["screenname"]);
    $banreason = $sql["logon"]->quote_smart($_POST["banreason"]);
    $password = $sql["logon"]->quote_smart($_POST["pass"]);
    //$user_password_change = ($password != sha1(strtoupper($login).":******")) ? "login='******',password='******'," : "";
    $mail = isset($_POST["mail"]) && $_POST["mail"] != '' ? $sql["logon"]->quote_smart($_POST["mail"]) : "";
    $failed = isset($_POST["failed"]) ? $sql["logon"]->quote_smart($_POST["failed"]) : 0;
    $gmlevel = isset($_POST["gm"]) ? $sql["logon"]->quote_smart($_POST["gm"]) : 0;
    $seclevel = isset($_POST["seclvl"]) ? $sql["logon"]->quote_smart($_POST["seclvl"]) : 0;
    $webadmin = isset($_POST["webadmin"]) ? $sql["logon"]->quote_smart($_POST["webadmin"]) : 0;
    $expansion = isset($_POST["expansion"]) ? $sql["logon"]->quote_smart($_POST["expansion"]) : $defaultoption;
    $banned = isset($_POST["banned"]) ? $sql["logon"]->quote_smart($_POST["banned"]) : 0;
    $locked = isset($_POST["locked"]) ? $sql["logon"]->quote_smart($_POST["locked"]) : 0;
    $referredby = $sql["logon"]->quote_smart(trim($_POST["referredby"]));
    $credits = $sql["logon"]->quote_smart($_POST["credits"]);
    //make sure username/pass at least 4 chars long and less than max
    if (strlen($login) < 4 || strlen($login) > 15) {
        redirect("user.php?action=edit_user&acct=" . $acct . "&error=8");
    }
    // if we received a Screen Name, make sure it does not conflict with other Screen Names or with
    // login names.
    if ($screenname != $_POST["oldscreenname"]) {
        $query = "SELECT * FROM config_accounts WHERE ScreenName='" . $screenname . "'";
        $sn_result = $sql["mgr"]->query($query);
        if ($sql["mgr"]->num_rows($sn_result) != 0) {
            redirect('user.php?action=edit_user&acct=' . $acct . '&error=7&');
        }
        if ($core == 1) {
            $query = "SELECT * FROM accounts WHERE login='******'";
        } else {
            $query = "SELECT * FROM account WHERE username='******'";
        }
        $sn_result = $sql["logon"]->query($query);
        if ($sql["logon"]->num_rows($sn_result) != 0) {
            redirect('user.php?action=edit_user&acct=' . $acct . '&error=7');
        }
        //make sure screen name is at least 4 chars long and less than max
        if ($screenname) {
            if (strlen($screenname) < 4 || strlen($screenname) > 15) {
                redirect("user.php?action=edit_user&acct=" . $acct . "&error=8");
            }
        }
    }
    //restricting access to lower security level
    if ($seclevel > $user_lvl || $user_lvl < $action_permission["delete"]) {
        redirect("user.php?action=edit_user&acct=" . $_POST["acct"] . "&error=16");
    }
    require_once "libs/valid_lib.php";
    if (!valid_alphabetic($login)) {
        redirect("user.php?action=edit_user&error=9&acct=" . $acct);
    }
    // record changes to Banned status
    if (!$banned) {
        if ($core == 1) {
            $sql["logon"]->query("UPDATE accounts SET banned=0 WHERE acct='" . $acct . "'");
        } else {
            $sql["logon"]->query("DELETE FROM account_banned WHERE id='" . $acct . "'");
        }
    } else {
        if ($core == 1) {
            $ban_count = "SELECT COUNT(*) FROM accounts WHERE banned<>0 AND acct='" . $acct . "'";
        } else {
            $ban_count = "SELECT COUNT(*) FROM account_banned WHERE active<>0 AND id='" . $acct . "'";
        }
        $result = $sql["logon"]->query($ban_count);
        if (!$sql["logon"]->result($result, 0)) {
            if ($core == 1) {
                $ban_query = "INSERT INTO accounts (acct, banned, banreason) VALUES ('" . $acct . "', '" . (time() + 365 * 24 * 3600) . "', '" . $banreason . "')";
            } else {
                $ban_query = "INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)\r\n                 VALUES (" . $acct . ", " . time() . ", " . (time() + 365 * 24 * 3600) . ", '" . $user_name . "', '" . $banreason . "', 1)";
            }
        } else {
            // this_is_junk: I removed the SETs for when the ban expires because it was extending the ban
            // hopefully this won't cause other problems
            if ($core == 1) {
                $ban_query = "UPDATE accounts SET banreason='" . $banreason . "' WHERE acct='" . $acct . "'";
            } else {
                $ban_query = "UPDATE account_banned SET banreason='" . $banreason . "', active=1 WHERE id='" . $acct . "'";
            }
        }
        $sql["logon"]->query($ban_query);
    }
    // record changes in Credits
    if ($core == 1) {
        $acct_name_query = "SELECT login FROM `" . $logon_db["name"] . "`.accounts WHERE acct='" . $acct . "'";
    } else {
        $acct_name_query = "SELECT username AS login FROM `" . $logon_db["name"] . "`.account WHERE id='" . $acct . "'";
    }
    $acct_name_result = $sql["logon"]->query($acct_name_query);
    $acct_name_result = $sql["logon"]->fetch_assoc($acct_name_result);
    $credit_query = "UPDATE config_accounts SET Credits='" . $credits . "' WHERE Login='******'";
    $credit_result = $sql["mgr"]->query($credit_query);
    // record changes in Security Level
    if ($core == 1) {
        $acct_name_query = "SELECT login FROM `" . $logon_db["name"] . "`.accounts WHERE acct='" . $acct . "'";
    } else {
        $acct_name_query = "SELECT username AS login FROM `" . $logon_db["name"] . "`.account WHERE id='" . $acct . "'";
    }
    $sec_level_query = "SELECT * FROM config_accounts WHERE Login=(" . $acct_name_query . ") COLLATE utf8_general_ci";
    $sec_level_result = $sql["mgr"]->query($sec_level_query);
    $sec_level_fields = $sql["mgr"]->fetch_assoc($sec_level_result);
    if ($sec_level_fields["SecurityLevel"] != NULL || $sec_level_fields["SecurityLevel"] != $seclevel) {
        $sec_level_query = "UPDATE config_accounts SET SecurityLevel='" . ($seclevel + $webadmin) . "' WHERE Login=(" . $acct_name_query . ") COLLATE utf8_general_ci";
    } else {
        $sec_level_query = "INSERT INTO config_accounts (Login, SecurityLevel) VALUES ((" . $acct_name_query . "), '" . ($seclevel + $webadmin) . "')";
    }
    $sec_level_result = $sql["mgr"]->query($sec_level_query);
    // record Screen Name
    if ($screenname != $_POST["oldscreenname"] || $login != $_POST["oldlogin"]) {
        if ($login == $_POST["oldlogin"]) {
            $temp_login = $_POST["oldlogin"];
        } else {
            $temp_login = $login;
        }
        $query = "SELECT * FROM config_accounts WHERE Login='******'";
        $sn_result = $sql["mgr"]->query($query);
        if ($sql["mgr"]->num_rows($sn_result)) {
            $s_result = $sql["mgr"]->query("UPDATE config_accounts SET Login='******', ScreenName='" . $screenname . "' WHERE Login='******'");
        } else {
            $s_result = $sql["mgr"]->query("INSERT INTO config_accounts (Login, ScreenName) VALUES ('" . $login . "', '" . $screenname . "')");
        }
    } else {
        $s_result = true;
    }
    // ArcEmu: find out if we're using an encrypted password for this account
    if ($core == 1) {
        $pass_query = "SELECT * FROM accounts WHERE login='******' AND encrypted_password<>''";
        $pass_result = $sql["logon"]->query($pass_query);
        $arc_encrypted = $sql["logon"]->num_rows($pass_result);
    }
    // record changes to account
    if ($password == "******") {
        if ($core == 1) {
            $a_result = $sql["logon"]->query("UPDATE accounts SET login='******', email='" . $mail . "', muted='" . $locked . "', gm='" . $gmlevel . "', flags='" . $expansion . "' WHERE acct=" . $acct);
        } elseif ($core == 2) {
            $a_result = $sql["logon"]->query("UPDATE account SET username='******', email='" . $mail . "', locked='" . $locked . "', gmlevel='" . $gmlevel . "', expansion='" . $expansion . "' WHERE id=" . $acct);
        } else {
            // Trinity makes things a little more complex
            $a_result = $sql["logon"]->query("UPDATE account SET username='******', email='" . $mail . "', locked='" . $locked . "', expansion='" . $expansion . "' WHERE id=" . $acct);
            $gm_query = "SELECT * FROM account_access WHERE id='" . $acct . "'";
            $gm_result = $sql["logon"]->query($gm_query);
            $gm = $sql["logon"]->fetch_assoc($gm_result);
            if ($gm["gmlevel"] == NULL) {
                $gm_result = $sql["logon"]->query("INSERT INTO account_access (id, gmlevel, RealmID) VALUES ('" . $acct . "', '" . $gmlevel . "', -1)");
            } else {
                $gm_result = $sql["logon"]->query("UPDATE account_access SET gmlevel='" . $gmlevel . "' WHERE id='" . $acct . "'");
            }
        }
    } else {
        if ($core == 1) {
            if ($arc_encrypted) {
                $a_result = $sql["logon"]->query("UPDATE accounts SET login='******', email='" . $mail . "', encrypted_password='******', muted='" . $locked . "', gm='" . $gmlevel . "', flags='" . $expansion . "' WHERE acct=" . $acct);
            } else {
                $a_result = $sql["logon"]->query("UPDATE accounts SET login='******', email='" . $mail . "', password='******', muted='" . $locked . "', gm='" . $gmlevel . "', flags='" . $expansion . "' WHERE acct=" . $acct);
            }
        } elseif ($core == 2) {
            $a_result = $sql["logon"]->query("UPDATE account SET username='******', email='" . $mail . "', sha_pass_hash=UCASE('" . $password . "'), locked='" . $locked . "', gmlevel='" . $gmlevel . "', expansion='" . $expansion . "', v=0, s=0 WHERE id=" . $acct);
        } else {
            // Trinity makes things a little more complex
            $a_result = $sql["logon"]->query("UPDATE account SET username='******', email='" . $mail . "', sha_pass_hash=UCASE('" . $password . "'), locked='" . $locked . "', expansion='" . $expansion . "', v=0, s=0 WHERE id=" . $acct);
            $gm_query = "SELECT * FROM account_access WHERE id='" . $acct . "'";
            $gm_result = $sql["logon"]->query($gm_query);
            $gm = $sql["logon"]->fetch_assoc($gm_result);
            if ($gm["gmlevel"] == NULL) {
                $gm_result = $sql["logon"]->query("INSERT INTO account_access (id, gmlevel, RealmID) VALUES ('" . $acct . "', '" . $gmlevel . "', -1)");
            } else {
                $gm_result = $sql["logon"]->query("UPDATE account_access SET gmlevel='" . $gmlevel . "' WHERE id='" . $acct . "'");
            }
        }
    }
    $result = $s_result && $a_result;
    if (doupdate_referral($referredby, $acct) || $result) {
        redirect("user.php?action=edit_user&error=13&acct=" . $acct);
    } else {
        redirect("user.php?action=edit_user&error=12&acct=" . $acct);
    }
}

Exemplo n.º 5

0

Exibir arquivo

Arquivo: user.php Projeto: BACKUPLIB/minimanager

function doedit_user()
{
    global $lang_global, $realm_db, $mmfpm_db, $user_lvl, $user_name, $action_permission;
    valid_login($action_permission['update']);
    if ((!isset($_POST['pass']) || $_POST['pass'] === '') && (!isset($_POST['mail']) || $_POST['mail'] === '') && (!isset($_POST['expansion']) || $_POST['expansion'] === '') && (!isset($_POST['referredby']) || $_POST['referredby'] === '')) {
        redirect("user.php?action=edit_user&&id={$_POST['id']}&error=1");
    }
    $sqlr = new SQL();
    $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
    $id = $sqlr->quote_smart($_POST['id']);
    $username = $sqlr->quote_smart($_POST['username']);
    $banreason = $sqlr->quote_smart($_POST['banreason']);
    $pass = $sqlr->quote_smart($_POST['pass']);
    $user_pass_change = $pass != sha1(strtoupper($username) . ":******") ? "username='******',sha_pass_hash='{$pass}'," : "";
    $mail = isset($_POST['mail']) && $_POST['mail'] != '' ? $sqlr->quote_smart($_POST['mail']) : "";
    $failed = isset($_POST['failed']) ? $sqlr->quote_smart($_POST['failed']) : 0;
    $gmlevel = isset($_POST['gmlevel']) ? $sqlr->quote_smart($_POST['gmlevel']) : 0;
    $expansion = isset($_POST['expansion']) ? $sqlr->quote_smart($_POST['expansion']) : 1;
    $banned = isset($_POST['banned']) ? $sqlr->quote_smart($_POST['banned']) : 0;
    $locked = isset($_POST['locked']) ? $sqlr->quote_smart($_POST['locked']) : 0;
    $referredby = $sqlr->quote_smart(trim($_POST['referredby']));
    //make sure username/pass at least 4 chars long and less than max
    if (strlen($username) < 4 || strlen($username) > 15) {
        redirect("user.php?action=edit_user&id={$id}&error=8");
    }
    if ($gmlevel >= $user_lvl) {
        redirect("user.php?action=edit_user&&id={$_POST['id']}&error=16");
    }
    if (!valid_alphabetic($username)) {
        redirect("user.php?action=edit_user&error=9&id={$id}");
    }
    //restricting accsess to lower gmlvl
    $result = $sqlr->query("SELECT account.username, IFNULL(account_access.gmlevel,0) as gmlevel FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE account.id = '{$id}'");
    if ($user_lvl <= $sqlr->result($result, 0, 'gmlevel') && $user_name != $sqlr->result($result, 0, 'username')) {
        redirect("user.php?error=14");
    }
    $accgmlevel = $sqlr->result($result, 0, 'gmlevel');
    if (!$banned) {
        $sqlr->query("DELETE FROM account_banned WHERE id='{$id}'");
    } else {
        $result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '{$id}'");
        if (!$sqlr->result($result, 0)) {
            $sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)\r\n                          VALUES ({$id}, " . time() . "," . (time() + 365 * 24 * 3600) . ",'{$user_name}','{$banreason}', 1)");
        }
    }
    $error = false;
    $sqlr->query("UPDATE account SET email='{$mail}', {$user_pass_change} v=0,s=0,failed_logins='{$failed}',locked='{$locked}',expansion='{$expansion}' WHERE id='{$id}'");
    if (!$sqlr->affected_rows()) {
        $error = true;
    }
    if ($gmlevel != $accgmlevel) {
        if ($gmlevel == 0 && $accgmlevel > 0) {
            $sqlr->query("DELETE FROM account_access WHERE id='{$id}'");
        } elseif ($gmlevel > 0 && $accgmlevel == 0) {
            //0 has no entry in account_access, add one; sometimes there's a bug so there's indeed a gmlevel 0 entry in the table -> replace
            $sqlr->query("REPLACE INTO account_access (`id`,`gmlevel`,`RealmID`) VALUES ('{$id}','{$gmlevel}','-1')");
        } else {
            $sqlr->query("UPDATE account_access SET gmlevel='{$gmlevel}' WHERE id='{$id}'");
        }
        $sqlr->query("SELECT IFNULL((SELECT gmlevel FROM account_access WHERE id='{$id}'),0)");
        if (!$sqlr->affected_rows() || $sqlr->result($result, 0) != $accgmlevel) {
            //temporary errorhandling
            $error = true;
        }
    }
    if (doupdate_referral($referredby, $id) || $error) {
        redirect("user.php?action=edit_user&error=13&id={$id}");
    } else {
        redirect("user.php?action=edit_user&error=12&id={$id}");
    }
}

Exemplo n.º 6

0

Exibir arquivo

Arquivo: register.php Projeto: Refuge89/World-of-Warcraft-Trinity-Core-MaNGOS

function doregister()
{
    global $characters_db, $logon_db, $corem_db, $realm_id, $disable_acc_creation, $invite_only, $lang, $limit_acc_per_ip, $valid_ip_mask, $send_mail_on_creation, $create_acc_locked, $from_mail, $mailer_type, $smtp_cfg, $title, $expansion_select, $defaultoption, $GMailSender, $format_mail_html, $enable_captcha, $use_recaptcha, $recaptcha_private_key, $send_confirmation_mail_on_creation, $sql, $url_path, $initial_credits, $core;
    // ArcEmu: if one account has an encrypted password all new accounts will as well
    if ($core == 1) {
        $pass_query = "SELECT * FROM accounts WHERE encrypted_password<>'' LIMIT 1";
        $pass_result = $sql["logon"]->query($pass_query);
        $arc_encrypted = $sql["logon"]->num_rows($pass_result);
    }
    if ($enable_captcha) {
        if ($use_recaptcha) {
            require_once 'libs/recaptcha/recaptchalib.php';
            $resp = recaptcha_check_answer($recaptcha_private_key, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
            if (!$resp->is_valid) {
                redirect("register.php?err=13");
            }
        } else {
            if ($_POST["security_code"] != $_SESSION["security_code"]) {
                redirect("register.php?err=13");
            }
        }
    }
    if (empty($_POST["pass"]) || empty($_POST["email"]) || empty($_POST["username"])) {
        redirect("register.php?err=1");
    }
    // if Disable Account Creation is enabled and Invitation Only is disabled then we error out
    if ($disable_acc_creation && !$invite_only) {
        redirect("register.php?err=4");
    }
    // if Invitation Only is enabled and we didn't get an Invitation Key then we error out
    if ($invite_only && !isset($_POST["invitationkey"])) {
        redirect("register.php?err=4");
    }
    if (filter_var(getenv("HTTP_X_FORWARDED_FOR"), FILTER_VALIDATE_IP)) {
        $last_ip = $sql["mgr"]->quote_smart(getenv("HTTP_X_FORWARDED_FOR"));
    } else {
        $last_ip = $sql["mgr"]->quote_smart(getenv("REMOTE_ADDR"));
    }
    if (sizeof($valid_ip_mask)) {
        $qFlag = 0;
        $user_ip_mask = explode('.', $last_ip);
        foreach ($valid_ip_mask as $mask) {
            $vmask = explode('.', $mask);
            $v_count = 4;
            $i = 0;
            foreach ($vmask as $range) {
                $vmask_h = explode('-', $range);
                if (isset($vmask_h[1])) {
                    if ($vmask_h[0] >= $user_ip_mask[$i] && $vmask_h[1] <= $user_ip_mask[$i]) {
                        $v_count--;
                    }
                } else {
                    if ($vmask_h[0] == $user_ip_mask[$i]) {
                        $v_count--;
                    }
                }
                $i++;
            }
            if (!$v_count) {
                $qFlag++;
                break;
            }
        }
        if (!$qFlag) {
            redirect("register.php?err=9&usr="******"logon"]->quote_smart(trim($_POST["username"]));
    $screenname = !empty($_POST["screenname"]) ? $sql["mgr"]->quote_smart(trim($_POST["screenname"])) : NULL;
    $pass = $sql["logon"]->quote_smart($_POST["pass"]);
    $pass1 = $sql["logon"]->quote_smart($_POST["pass1"]);
    // get invitation key
    $invite_key = isset($_POST["invitationkey"]) ? $sql["logon"]->quote_smart($_POST["invitationkey"]) : NULL;
    // check it for XSS
    if ($invite_key != htmlspecialchars($_POST["invitationkey"])) {
        redirect("register.php?err=4");
    }
    // make sure username/pass at least 4 chars long and less than max
    if (strlen($user_name) < 4 || strlen($user_name) > 15) {
        redirect("register.php?err=5");
    }
    if ($core == 1 && !$arc_encrypted) {
        if (strlen($pass) < 4 || strlen($pass) > 15) {
            redirect("register.php?err=5");
        }
    } else {
        if (strlen($pass1) < 4 || strlen($pass1) > 15) {
            redirect("register.php?err=5");
        }
    }
    // make sure screen name is at least 4 chars long and less than max
    if (isset($screenname)) {
        if (strlen($screenname) < 4 || strlen($screenname) > 15) {
            redirect("register.php?err=5");
        }
    }
    require_once "libs/valid_lib.php";
    // make sure it doesnt contain non english chars.
    if (!valid_alphabetic($user_name)) {
        redirect("register.php?err=6");
    }
    // make sure screen name doesnt contain non english chars.
    if (!valid_alphabetic($screenname)) {
        redirect("register.php?err=6");
    }
    // make sure the mail is valid mail format
    $mail = $sql["logon"]->quote_smart(trim($_POST["email"]));
    if (!valid_email($mail) || strlen($mail) > 254) {
        redirect("register.php?err=7");
    }
    // if we limit accounts per ip, we'll need to throw an error
    if ($limit_acc_per_ip) {
        if ($core == 1) {
            $result = $sql["logon"]->query("SELECT login, email FROM accounts WHERE lastip='" . $last_ip . "'");
        } else {
            $result = $sql["logon"]->query("SELECT username AS login, email FROM account WHERE last_ip='" . $last_ip . "'");
        }
        if ($sql["logon"]->num_rows($result)) {
            redirect("register.php?err=15");
        }
    }
    // IP is in ban list
    if ($core == 1) {
        $result = $sql["logon"]->query("SELECT ip FROM ipbans WHERE ip='" . $last_ip . "'");
    } else {
        $result = $sql["logon"]->query("SELECT ip FROM ip_banned WHERE ip='" . $last_ip . "'");
    }
    if ($sql["logon"]->num_rows($result)) {
        redirect("register.php?err=8&usr="******"logon"]->query("SELECT login, email FROM accounts WHERE email='" . $mail . "'");
    } else {
        $result = $sql["logon"]->query("SELECT username AS login, email FROM account WHERE email='" . $mail . "'");
    }
    if ($sql["logon"]->num_rows($result)) {
        redirect("register.php?err=14");
    }
    // username check
    if ($core == 1) {
        $result = $sql["logon"]->query("SELECT login, email FROM accounts WHERE login='******' OR login='******'");
    } else {
        $result = $sql["logon"]->query("SELECT username AS login, email FROM account WHERE username='******' OR username='******'");
    }
    // make sure we got a valid Invitation Key
    if ($invite_only) {
        $check_invite_query = "SELECT * FROM invitations WHERE invited_email='" . $mail . "' AND invitation_key='" . $invite_key . "'";
        $check_invite_result = $sql["mgr"]->query($check_invite_query);
        $check_invite = $sql["mgr"]->num_rows($check_invite_result);
        if ($check_invite == 0) {
            redirect("register.php?err=17&by=" . $_POST["invitedby"] . "&key=" . $invite_key);
        }
    }
    if ($sql["logon"]->num_rows($result)) {
        // there is already someone with same account name
        redirect("register.php?err=3&usr="******"SELECT * FROM config_accounts WHERE ScreenName='" . $screenname . "'";
            $result = $sql["mgr"]->query($query);
            if ($sql["mgr"]->num_rows($result)) {
                redirect("register.php?err=3&usr="******"expansion"]) ? $sql["logon"]->quote_smart($_POST["expansion"]) : 0;
        } else {
            $expansion = $defaultoption;
        }
        // insert screen name (if we didn't get a screen name, we still need to exit registration correctly.
        if ($screenname) {
            $query = "INSERT INTO config_accounts (Login, ScreenName, Credits) VALUES ('" . $user_name . "', '" . $screenname . "', '" . $initial_credits . "')";
        } else {
            $query = "INSERT INTO config_accounts (Login, ScreenName, Credits) VALUES ('" . $user_name . "', '', '" . $initial_credits . "')";
        }
        $s_result = $sql["mgr"]->query($query);
        if ($send_confirmation_mail_on_creation) {
            // for email confirmation we save their real password to their config_accounts entry
            // and a temporary (and incorrect) password into the logon database
            $temppass = $pass;
            $pass_gen_list = "abcdefghijklmnopqrstuvwxyz";
            // generate a random, temporary pass
            $pass = $pass_gen_list[rand(0, 25)];
            $pass .= $pass_gen_list[rand(0, 25)];
            $pass .= $pass_gen_list[rand(0, 25)];
            $pass .= rand(1, 9);
            $pass .= rand(1, 9);
            $pass .= rand(1, 9);
            $pass .= $pass_gen_list[rand(0, 25)];
            // save their real password
            $query = "UPDATE config_accounts SET TempPassword='******' WHERE Login='******'";
            $q_result = $sql["mgr"]->query($query);
            // now; we create their, temporarily crippled, account
            if ($core == 1) {
                $query = "INSERT INTO accounts (login, password, gm, banned, email, flags) VALUES ('" . $user_name . "', '" . $pass . "', '0', '0', '" . $mail . "', '" . $expansion . "')";
            } else {
                $query = "INSERT INTO account (username, sha_pass_hash, email, expansion) VALUES ('" . $user_name . "', '" . sha1(strtoupper($user_name . ":" . $pass)) . "', '" . $mail . "', '" . $expansion . "')";
            }
            $a_result = $sql["logon"]->query($query);
        } else {
            // otherwise, we just save
            if ($core == 1) {
                if ($arc_encrypted) {
                    $query = "INSERT INTO accounts (login, password, encrypted_password, gm, banned, email, flags) VALUES ('" . $user_name . "', '', '" . $pass . "', '0', '0', '" . $mail . "', '" . $expansion . "')";
                } else {
                    $query = "INSERT INTO accounts (login, password, gm, banned, email, flags) VALUES ('" . $user_name . "', '" . $pass . "', '0', '0', '" . $mail . "', '" . $expansion . "')";
                }
            } else {
                $query = "INSERT INTO account (username, sha_pass_hash, email, expansion) VALUES ('" . $user_name . "', '" . $pass . "', '" . $mail . "', '" . $expansion . "')";
            }
            $a_result = $sql["logon"]->query($query);
        }
        // if we got an Invitation Key then we need to remove the invitation
        if (isset($invite_key)) {
            $clear_invite_query = "DELETE FROM invitations WHERE invitation_key='" . $invite_key . "'";
            $clear_invite_result = $sql["mgr"]->query($clear_invite_query);
        }
        // do referral
        if ($core == 1) {
            $our_acct_query = "SELECT acct AS id FROM accounts WHERE login='******'";
        } else {
            $our_acct_query = "SELECT id FROM account WHERE username='******'";
        }
        $our_acct_result = $sql["logon"]->query($our_acct_query);
        $our_acct_result = $sql["logon"]->fetch_assoc($our_acct_result);
        $our_acct = $our_acct_result["id"];
        $referredby = isset($_POST["invitedby"]) ? $sql["logon"]->quote_smart($_POST["invitedby"]) : NULL;
        $referralresult = doupdate_referral($referredby, $our_acct);
        // Trinity uses a separate table for gm levels and realm access
        if ($core == 3) {
            $id_query = "SELECT * FROM account WHERE username='******'";
            $id_result = $sql["logon"]->query($id_query);
            $id_fields = $sql["logon"]->fetch_assoc($id_result);
            $new_id = $id_fields["id"];
            $query = "INSERT INTO account_access (id, gmlevel, RealmID) VALUES ('" . $new_id . "', '0', '-1')";
            $aa_result = $sql["logon"]->query($query);
        }
        // compile results
        if ($core != 3) {
            $result = $s_result && $a_result;
        } else {
            $result = $s_result && $a_result && $aa_result;
        }
        // destroy the terms cookie
        setcookie("terms", "", time() - 3600);
        // set $lang global
        if (empty($_POST["lang"])) {
            redirect("register.php?error=1");
        } else {
            $lang = addslashes($_POST["lang"]);
        }
        // create lang cookie
        if ($lang) {
            setcookie("lang", $lang, time() + 60 * 60 * 24 * 30 * 6);
        } else {
            redirect("register.php?error=1");
        }
        // registration emails
        if ($send_confirmation_mail_on_creation) {
            // we send our confirmation message
            // prepare message
            if ($format_mail_html) {
                $file_name = "lang/mail_templates/" . $lang . "/mail_activate.tpl";
            } else {
                $file_name = "lang/mail_templates/" . $lang . "/mail_activate_nohtml.tpl";
            }
            $fh = fopen($file_name, 'r');
            $subject = fgets($fh, 4096);
            $body = fread($fh, filesize($file_name));
            fclose($fh);
            $subject = str_replace("<title>", $title, $subject);
            if ($format_mail_html) {
                $body = str_replace("\n", "<br />", $body);
                $body = str_replace("\r", " ", $body);
            }
            $body = str_replace("<core>", core_name($core), $body);
            $body = str_replace("<username>", $user_name, $body);
            if ($screenname) {
                $body = str_replace("<screenname>", $screenname, $body);
            } else {
                $body = str_replace("<screenname>", "NONE GIVEN", $body);
            }
            $body = str_replace("<password>", $pass1, $body);
            $server_addr = $_SERVER["SERVER_PORT"] != 80 ? $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] : $_SERVER["SERVER_NAME"];
            // if we aren't installed in / then append the path to $server_addr
            $server_addr .= $url_path != "" ? $url_path : "";
            $body = str_replace("<base_url>", $server_addr, $body);
            if ($core == 1) {
                if ($arc_encrypted) {
                    $body = str_replace("<key>", $temppass, $body);
                } else {
                    $body = str_replace("<key>", sha1(strtoupper($user_name . ":" . $temppass)), $body);
                }
            } else {
                $body = str_replace("<key>", $temppass, $body);
            }
            if ($GMailSender) {
                require_once "libs/mailer/authgMail_lib.php";
                $fromName = $title . " Admin";
                authgMail($from_mail, $fromName, $mail, $mail, $subject, $body, $smtp_cfg);
            } else {
                require_once "libs/mailer/class.phpmailer.php";
                $mailer = new PHPMailer();
                $mailer->Mailer = $mailer_type;
                if ($mailer_type == "smtp") {
                    $mailer->Host = $smtp_cfg["host"];
                    $mailer->Port = $smtp_cfg["port"];
                    if ($smtp_cfg["user"] != "") {
                        $mailer->SMTPAuth = true;
                        $mailer->Username = $smtp_cfg["user"];
                        $mailer->Password = $smtp_cfg["pass"];
                    }
                }
                $mailer->WordWrap = 50;
                $mailer->From = $from_mail;
                $mailer->FromName = $title . " Admin";
                $mailer->Subject = $subject;
                $mailer->IsHTML($format_mail_html);
                $mailer->Body = $body;
                $mailer->AddAddress($mail);
                $mailer->Send();
                $mailer->ClearAddresses();
            }
        } else {
            // we only send the welcome message if we don't send the confirmation
            if ($send_mail_on_creation) {
                // prepare message
                if ($format_mail_html) {
                    $file_name = "lang/mail_templates/" . $lang . "/mail_welcome.tpl";
                } else {
                    $file_name = "lang/mail_templates/" . $lang . "/mail_welcome_nohtml.tpl";
                }
                $fh = fopen($file_name, 'r');
                $subject = fgets($fh, 4096);
                $subject = str_replace("Subject: ", "", $subject);
                $subject = trim($subject);
                $body = fread($fh, filesize($file_name));
                fclose($fh);
                $subject = str_replace("<title>", $title, $subject);
                if ($format_mail_html) {
                    $body = str_replace("\n", "<br />", $body);
                    $body = str_replace("\r", "", $body);
                }
                $body = str_replace("<core>", core_name($core), $body);
                $body = str_replace("<username>", $user_name, $body);
                if ($screenname) {
                    $body = str_replace("<screenname>", $screenname, $body);
                } else {
                    $body = str_replace("<screenname>", "NONE GIVEN", $body);
                }
                $body = str_replace("<password>", $pass1, $body);
                $server_addr = $_SERVER["SERVER_PORT"] != 80 ? $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] : $_SERVER["SERVER_NAME"];
                // if we aren't installed in / then append the path to $server_addr
                $server_addr .= $url_path != "" ? $url_path : "";
                $body = str_replace("<base_url>", $server_addr, $body);
                if ($GMailSender) {
                    require_once "libs/mailer/authgMail_lib.php";
                    $fromName = $title . " Admin";
                    authgMail($from_mail, $fromName, $mail, $mail, $subject, $body, $smtp_cfg);
                } else {
                    require_once "libs/mailer/class.phpmailer.php";
                    $mailer = new PHPMailer();
                    $mailer->Mailer = $mailer_type;
                    if ($mailer_type == "smtp") {
                        $mailer->Host = $smtp_cfg["host"];
                        $mailer->Port = $smtp_cfg["port"];
                        if ($smtp_cfg["user"] != "") {
                            $mailer->SMTPAuth = true;
                            $mailer->Username = $smtp_cfg["user"];
                            $mailer->Password = $smtp_cfg["pass"];
                        }
                    }
                    $mailer->WordWrap = 50;
                    $mailer->From = $from_mail;
                    $mailer->FromName = $title . " Admin";
                    $mailer->Subject = $subject;
                    $mailer->IsHTML($format_mail_html);
                    $mailer->Body = $body;
                    $mailer->AddAddress($mail);
                    $mailer->Send();
                    $mailer->ClearAddresses();
                }
            }
        }
        if ($result) {
            if ($referralresult) {
                $appendinfo = "";
            } else {
                $appendinfo = "&info=1";
            }
            if ($send_confirmation_mail_on_creation) {
                redirect("login.php?error=8" . $appendinfo);
            } else {
                redirect("login.php?error=6" . $appendinfo);
            }
        }
    }
}

Exemplos de doupdate_referral em PHP