$pwd_saved = true; } else { $pwd_saved = false; } } } if (allowAccess(caver_delete_himself)) { //Delete an account : if (isset($_POST['delete_user'])) { $password = isset($_POST['d_caver_password']) ? $_POST['d_caver_password'] : ''; $key = isset($_POST['d_key']) ? $_POST['d_key'] : ''; $password = crypt_xor(stripslashes($password), $key); $login = isset($_POST['d_caver_login']) ? $_POST['d_caver_login'] : ''; $sql = "SELECT * FROM `" . $_SESSION['Application_host'] . "`.`T_caver` "; $sql .= "WHERE `Id` = " . $_SESSION['user_id'] . " "; $sql .= "AND `Password` = '" . getCryptedPwd($login, $password) . "' "; $sql .= "AND `Login` = '" . $login . "'"; $data = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__); if ($data['Count'] > 0) { trackAction("delete_user", $_SESSION['user_id'], "T_caver"); $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`T_caver` "; $sql .= "WHERE `Id` = " . $_SESSION['user_id']; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_entry_caver` "; $sql .= "WHERE `Id_caver` = " . $_SESSION['user_id']; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_grotto_caver` "; $sql .= "WHERE `Id_caver` = " . $_SESSION['user_id']; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); $sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_caver_group` "; $sql .= "WHERE `Id_caver` = " . $_SESSION['user_id'];
} //Send a new password to the user : if (isset($_POST['send_pwd'])) { $login = isset($_POST['f_caver_login']) ? $_POST['f_caver_login'] : ''; $contact = isset($_POST['f_caver_contact']) ? $_POST['f_caver_contact'] : ''; $password = generatePassword(10, 8); $string = isset($_POST['f_caver_check']) ? $_POST['f_caver_check'] : ''; $user_check = isset($_SESSION['userCheck']) ? $_SESSION['userCheck'] : ''; if (!$_SESSION['do_check'] || md5(getIp() . strtolower($string)) == $user_check) { $sql = "SELECT * FROM `" . $_SESSION['Application_host'] . "`.`T_caver`"; $sql .= " WHERE Login = '******' AND Contact ='" . $contact . "'"; $data = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__); if ($data['Count'] > 0) { if ($data[0]['Activated'] == 'YES') { $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_caver`"; $sql .= " SET Password ='******'"; $sql .= " WHERE Id = " . $data[0]['Id']; $req = execSQL($sql, $frame, __FILE__, __FUNCTION__); if (!defined('NO_PHPBB_INSTALLED')) { chgPwdphpBBuser($login, $password); } sendNewPwdMail($data[0], $password); //echo $password; trackAction("pwd_user", $data[0]['Id'], "T_caver"); $_SESSION['user_pwd_sent'] = true; } else { $activated = false; $_SESSION['user_pwd_sent'] = false; } } else { $_SESSION['user_pwd_sent'] = false;
function connectUser($login, $password, $string) { $activated = false; $banned = true; $connected = false; $registered = false; $data = array(); if (md5(getIp() . strtolower($string)) == $_SESSION['userCheck'] || !$_SESSION['do_check']) { $sql = "SELECT * FROM `" . $_SESSION['Application_host'] . "`.`T_caver`"; $sql .= " WHERE Login = '******' AND Password ='******' "; $data = getDataFromSQL($sql, __FILE__, "function", __FUNCTION__); if ($data['Count'] > 0) { $registered = true; $banned = $data[0]['Banned'] == "YES"; $activated = $data[0]['Activated'] == "YES"; } else { $banned = false; $activated = true; } } $connected = $registered && !$banned && $activated; //Set the session setSession($connected, $data[0]); if ($connected) { //Update the date of last connection for this user $sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_caver` "; $sql .= "SET Date_last_connection = Now(), "; $sql .= "Ip = '" . getIp() . "', "; $sql .= "Browser = '" . getBrowserData() . "', "; $sql .= "Connection_counter = Connection_counter + 1 "; $sql .= "WHERE Id = " . $_SESSION['user_id']; $req = execSQL($sql, "function", __FILE__, __FUNCTION__); } $return = array('Connected' => $connected, 'Activated' => $activated, 'Banned' => $banned, 'Registered' => $registered); return $return; }