return;
}
$ru = $db->query('SELECT username FROM fas_users WHERE username=\'' . $user_name . '\'');
if ($db->num_rows($ru) == 1) {
echo '<div class=\'error\'>Username is already in use.</div>';
return;
}
$ru = $db->query('SELECT email FROM fas_users WHERE email=\'' . $email . '\'');
if ($db->num_rows($ru) == 1) {
echo '<div class=\'error\'>Email is already in use.</div>';
return;
}
$salt = createSalt();
//creates a 3 character string
$pass = setPass($pass_word, $salt);
$answer = setPass($answer, $salt);
if ($email_on == '1') {
$db->query(sprintf('INSERT INTO fas_users SET
username=\'%s\',
password=\'%s\',
salt=\'%s\',
activation_key=\'%s\',
email =\'%s\',
pass_question =\'%s\',
pass_answer =\'%s\',
joindate=\'%u\'', $user_name, $pass, $salt, $activation_number, $email, $question, $answer, $time));
echo '<div class=\'msg\'>Your account has been created! <br /> <font color=red>However, this board requires account activation, an activation key has been sent to the e-mail address you provided. Please check your e-mail for further information.</font></div>';
$subject = 'Welcome to ' . $sitename . '';
$message = 'Dear ' . $user_name . ',<br>Thank you for registering at <a href="' . $domain . '">' . $sitename . '</a>,<br /> Please visit the following link in order to activate your account:<br /><br />
<a href="' . $domain . '/index.php?action=activate&id=' . $activation_number . '">Activate</a><br /><br />Your password has been securely stored in our database and cannot be retrieved. In the event that it is forgotten, you will be able to reset it using the email address associated with your account.<br /><br />Thanks again,<br />' . $sitename . ' administration';
$headers = 'From: ' . $supportemail . '' . "\r\n" . 'Content-Type: text/html; charset=\\"iso-8859-1\\"' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
function writebody()
{
global $db, $domain, $sitename, $cachelife, $template, $gamesfolder, $thumbsfolder, $limitboxgames, $seo_on, $blogentriesshown, $enabledcode_on, $comments_on, $directorypath, $autoapprovecomments, $gamesonpage, $abovegames, $belowgames, $showwebsitelimit, $supportemail, $showblog, $blogentriesshown, $blogcharactersshown, $blogcommentpermissions, $blogcommentsshown, $blogfollowtags, $blogcharactersrss, $usrdata, $userid, $email_on;
if (isset($_POST['submit'])) {
$time = time();
$user_name = clean($_POST['user_name']);
$pass_word = clean($_POST['pass_word']);
$pass_word2 = clean($_POST['pass_word2']);
$email = clean($_POST['email']);
$question = clean($_POST['question']);
$answer = clean($_POST['answer']);
$activation_number = rand();
if (strlen($user_name) > '16') {
echo '<div class=\'error\'>The username you entered is to long.</div>';
return;
}
if (!$user_name || !$pass_word || !$pass_word2 || !$email || !$question || !$answer) {
echo '<div class=\'error\'>You\'ve not filled all required fields in.</div>';
return;
}
if (!valid_email($email)) {
echo '<div class=\'error\'>Email is not valid.</div>';
return;
}
$ru = $db->query('SELECT username FROM fas_users WHERE username=\'' . $user_name . '\'');
if ($db->num_rows($ru) == 1) {
echo '<div class=\'error\'>Username is already in use.</div>';
return;
}
$ru = $db->query('SELECT email FROM fas_users WHERE email=\'' . $email . '\'');
if ($db->num_rows($ru) == 1) {
echo '<div class=\'error\'>Email is already in use.</div>';
return;
}
$salt = createSalt();
//creates a 3 character string
$pass = setPass($pass_word, $salt);
$answer = setPass($answer, $salt);
if ($email_on == '1') {
$db->query(sprintf('INSERT INTO fas_users SET
username=\'%s\',
password=\'%s\',
salt=\'%s\',
activation_key=\'%s\',
email =\'%s\',
pass_question =\'%s\',
pass_answer =\'%s\',
joindate=\'%u\'', $user_name, $pass, $salt, $activation_number, $email, $question, $answer, $time));
echo '<div class=\'msg\'>Your account has been created! <br /> <font color=red>However, this board requires account activation, an activation key has been sent to the e-mail address you provided. Please check your e-mail for further information.</font></div>';
$subject = 'Welcome to ' . $sitename . '';
$message = 'Dear ' . $user_name . ',<br>Thank you for registering at <a href="' . $domain . '">' . $sitename . '</a>,<br /> Please visit the following link in order to activate your account:<br /><br />
<a href="' . $domain . '/index.php?action=activate&id=' . $activation_number . '">Activate</a><br /><br />Your password has been securely stored in our database and cannot be retrieved. In the event that it is forgotten, you will be able to reset it using the email address associated with your account.<br /><br />Thanks again,<br />' . $sitename . ' administration';
$headers = 'From: ' . $supportemail . '' . "\r\n" . 'Content-Type: text/html; charset=\\"iso-8859-1\\"' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
mail($email, $subject, $message, $headers);
} else {
$db->query(sprintf('INSERT INTO fas_users SET
username=\'%s\',
password=\'%s\',
salt=\'%s\',
activation_key=\'%s\',
email =\'%s\',
pass_question =\'%s\',
pass_answer =\'%s\',
joindate=\'%u\'', $user_name, $pass, $salt, '0', $email, $question, $answer, $time));
echo '<div class=\'msg\'>Success, you\'ve now registered.</div>';
}
return;
}
if ($seo_on == 1) {
$surl = '' . $domain . '/signup/';
} else {
$surl = '' . $domain . '/index.php?action=signup';
}
echo '<form action=\'' . $surl . '\' method=\'post\'>
<table width=\'100%\' border=\'0\' align=\'center\'>
<tr>
<th colspan=\'2\' align=\'center\' class=\'header\'>Register now!</th>
</tr>
<tr>
<td class=\'content\'>User Name:*<br /><small>Must be unique, letters and numbers only!</small></td>
<td class=\'content\'><input type=\'text\' name=\'user_name\' size=\'40\' /></td>
</tr>
<tr>
<td class=\'content\'>Password:*<br /><small>Must be unique, letters and numbers only!</small></td>
<td class=\'content\'><input type=\'password\' name=\'pass_word\' size=\'40\' /></td>
</tr>
<tr>
<td class=\'content\'>Repeat Password:*</td>
<td class=\'content\'><input type=\'password\' name=\'pass_word2\' size=\'40\' /></td>
</tr>
<tr>
<td class=\'content\'>Email:*<br /><small>Email must be valid!</small></td>
<td class=\'content\'><input type=\'text\' name=\'email\' size=\'40\' /></td>
</tr>
<tr>
<td class=\'content\'>Question:*<br /><small>If you forgot your password!</small></td>
<td class=\'content\'><input type=\'text\' name=\'question\' size=\'40\' /></td>
</tr>
<tr>
<td class=\'content\'>Answer:*<br /><small>If you forgot your password!</small></td>
<td class=\'content\'><input type=\'text\' name=\'answer\' size=\'40\' /></td>
</tr>
<tr>
<td colspan=\'2\' align=\'center\' class=\'content\'><input type=\'submit\' name=\'submit\' value=\'Signup Now\' /></td>
</tr>
</table>
</form>';
}
function question()
{
global $db, $domain, $sitename, $cachelife, $template, $gamesfolder, $thumbsfolder, $limitboxgames, $seo_on, $blogentriesshown, $enabledcode_on, $comments_on, $directorypath, $autoapprovecomments, $gamesonpage, $abovegames, $belowgames, $ads1, $ads2, $ads3, $bannersleft, $showwebsitelimit, $supportemail, $showblog, $blogentriesshown, $blogcharactersshown, $blogcommentpermissions, $blogcommentsshown, $blogfollowtags, $blogcharactersrss, $usrdata, $userid, $showpages;
if (isset($_POST['submit'])) {
$answer = clean($_POST['answer']);
$username = clean($_GET['username']);
if (!$username || !$answer) {
echo '<div class=\'error\'>You\'ve not filled all required fields in.</div>';
return;
}
$r = $db->query(sprintf('SELECT * FROM fas_users WHERE username=\'%s\'', $username));
$ir = $db->fetch_row($r);
$salt = $ir['salt'];
//check if the salt exists
if (empty($salt)) {
$salt = createSalt();
//creates a 3 character string
}
$answer = checkPass($answer, $salt);
if (!$db->num_rows($r)) {
//check if user exists and answer is corect
echo '<div class=\'error\'>Your username is incorrect. Please try again!</div>';
return;
} elseif ($answer != $ir['pass_answer']) {
echo '<div class=\'error\'>Your security answer is incorrect. Please try again!</div>';
return;
} else {
$email = clean($ir['email']);
$pass_word = rand();
$subject = 'Password Reset';
$message = 'Hello ' . $username . ',<br><br>You are receiving this notification because you have (or someone pretending to be you has) requested a new password be sent for your account on <a href="' . $domain . '">' . $sitename . '</a>.<br> Your password has been reset, your new password is: ' . $pass_word . '.<br><br> You can of course change this password yourself via the profile page. If you have any difficulties please contact the board administrator.
<br><br>Best regards,<br>' . $sitename . ' administration';
$headers = 'From: ' . $supportemail . '' . "\r\n" . 'Content-Type: text/html; charset=\\"iso-8859-1\\"' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
mail($email, $subject, $message, $headers);
$pass = setPass($pass_word, $salt);
mysql_query("UPDATE fas_users SET password='******', salt='{$salt}' WHERE username='******' AND pass_answer='{$answer}'");
echo '<div class=\'msg\'><font color=red>Your password has been reset, please check your email for the new password!</font></div>';
}
} else {
$username = clean($_GET['username']);
$r = $db->query(sprintf('SELECT * FROM fas_users WHERE username=\'%s\'', $username));
$ir = $db->fetch_row($r);
$question = $ir['pass_question'];
if (!$db->num_rows($r)) {
echo '<div class=\'error\'>Our records show there is no account with the username: <i>' . $username . '</i>!</div>';
return;
} else {
$surl = '' . $domain . '/index.php?action=forgotpassword&case=question&username='******'';
echo '<div id="container">
<div id="content-container">
<div id="side">';
include "includes/blocks.php";
echo '</div>
<div id="content">
<div class="content_nav">Forgot Password?</div>
<div style="clear:both"></div>';
echo '<form action=\'' . $surl . '\' method=\'post\'>
<table width=\'100%\' border=\'0\' align=\'center\'>
<tr>
<td class=\'content\'>' . $question . ':</td>
<td class=\'content\'><input type=\'text\' name=\'answer\' size=\'35\' /></td>
</tr>
<tr>
<td colspan=\'2\' align=\'center\' class=\'content\'><input type=\'submit\' name=\'submit\' value=\'Get new pass!\' /></td>
</tr>
</table>
</form>
';
}
}
}
function writebody()
{
global $db, $domain, $sitename, $domain, $template, $gamesfolder, $thumbsfolder, $limitboxgames, $seo_on, $blogentriesshown, $enabledcode_on, $comments_on, $directorypath, $autoapprovecomments, $gamesonpage, $abovegames, $belowgames, $showwebsitelimit, $supportemail, $showblog, $blogentriesshown, $blogcharactersshown, $blogcommentpermissions, $blogcommentsshown, $blogfollowtags, $blogcharactersrss, $usrdata, $userid;
if (isset($_POST['submit'])) {
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$r = $db->query(sprintf('SELECT * FROM fas_users WHERE username=\'%s\'', $username));
if (!$db->num_rows($r)) {
echo "<div class='error'>The username you entered does not exist!</div>";
} else {
$ir = $db->fetch_row($r);
if ($ir['activation_key'] == "0") {
$salt = $ir['salt'];
$password1 = checkPass($password, $salt);
if ($password1 == $ir['password']) {
$_SESSION['username'] = $username;
$_SESSION['userid'] = $ir['userid'];
$_SESSION['website'] = $ir['website'];
$_SESSION['signature'] = $ir['signature'];
$_SESSION['bloglevel'] = $ir['bloglevel'];
echo '<div class=\'msg\'>You\'ve now logged on.</div>';
echo '<meta http-equiv="REFRESH" content="0;url=' . $domain . '">';
} elseif (md5($password) == $ir['password']) {
$salt = createSalt();
//creates a 3 character string
$newPass = setPass($password, $salt);
$db->query(sprintf('UPDATE fas_users SET password = \'%s\', salt = \'%s\' WHERE username = \'%s\'', $newPass, $salt, $username));
$_SESSION['username'] = $username;
$_SESSION['userid'] = $ir['userid'];
$_SESSION['website'] = $ir['website'];
$_SESSION['signature'] = $ir['signature'];
$_SESSION['bloglevel'] = $ir['bloglevel'];
echo '<div class=\'msg\'>You\'ve now logged on.</div>';
echo '<meta http-equiv="REFRESH" content="0;url=' . $domain . '">';
} else {
echo "<div class='error'>Your password is incorrect!</div>";
}
} else {
echo "<div class='error'>You need to activate your account first!</div>";
}
}
} else {
if ($seo_on == 1) {
$url = '' . $domain . '/login/';
$forgot = '' . $domain . '/forgotpassword/';
} else {
$url = '' . $domain . '/index.php?action=login';
$forgot = '' . $domain . '/index.php?action=forgotpassword';
}
echo '<form action=\'' . $url . '\' method=\'post\'>
<table width="100%" border="0" cellpadding="0" cellspacing="1" align="center">
<tr>
<td class=\'header\' colspan=\'2\'>Log In</td>
</tr>
<tr>
<td class=\'content\'>Username:</td>
<td class=\'content\'><input type=\'text\' name=\'username\' size=\'37\' /></td>
</tr>
<tr>
<td class=\'content\'>Password:</td>
<td class=\'content\'><input type=\'password\' name=\'password\' size=\'37\' /></td>
</tr>
<tr>
<td class=\'content\' colspan=\'2\'><a href=\'' . $forgot . '\'>Forgot password?</a></td>
</tr>
<tr>
<td class=\'content\' colspan=\'2\' align=\'center\'><input type=\'submit\' name=\'submit\' value="login" /></td>
</tr>
</table>
</form>';
}
}
function dosettings($data, $user)
{
$err = '';
$chg = getparam('Change', false);
$check = false;
switch ($chg) {
case 'EMail':
$email = getparam('email', false);
if (stripos($email, 'hotmail') !== false) {
$err = 'hotmail not allowed';
} else {
$pass = getparam('pass', false);
$twofa = getparam('2fa', false);
$ans = userSettings($user, $email, null, $pass, $twofa);
$err = 'EMail changed';
$check = true;
}
break;
case 'Address':
if (!isset($data['info']['u_multiaddr'])) {
$addr = getparam('baddr', false);
$addrarr = array(array('addr' => $addr));
$pass = getparam('pass', false);
$twofa = getparam('2fa', false);
$ans = userSettings($user, null, $addrarr, $pass, $twofa);
$err = 'Payout address changed';
$check = true;
}
break;
case 'Password':
$oldpass = getparam('oldpass', false);
$pass1 = getparam('pass1', false);
$pass2 = getparam('pass2', false);
$twofa = getparam('2fa', false);
if (!safepass($pass1)) {
$err = 'Unsafe password. ' . passrequires();
} elseif ($pass1 != $pass2) {
$err = "Passwords don't match";
} else {
$ans = setPass($user, $oldpass, $pass1, $twofa);
$err = 'Password changed';
$check = true;
}
break;
}
$doemail = false;
if ($check === true) {
if ($ans['STATUS'] != 'ok') {
$err = $ans['STATUS'];
if ($ans['ERROR'] != '') {
$err .= ': ' . $ans['ERROR'];
}
} else {
$doemail = true;
}
}
$ans = userSettings($user);
if ($ans['STATUS'] != 'ok') {
dbdown();
}
// Should be no other reason?
if (isset($ans['email'])) {
$email = $ans['email'];
} else {
$email = '';
}
// Use the first one - updating will expire all others
if (isset($ans['rows']) and $ans['rows'] > 0) {
$addr = $ans['addr:0'];
} else {
$addr = '';
}
if ($doemail) {
if ($email == '') {
if ($err != '') {
$err .= '<br>';
}
$err .= 'An error occurred, check your details below';
goto iroiroattanoyo;
}
$emailinfo = getOpts($user, emailOptList());
if ($emailinfo['STATUS'] != 'ok') {
if ($err != '') {
$err .= '<br>';
}
$err .= 'An error occurred, check your details below';
goto iroiroattanoyo;
}
switch ($chg) {
case 'EMail':
if (isset($_SESSION['old_set_email'])) {
$old = $_SESSION['old_set_email'];
} else {
$old = null;
}
emailAddressChanged($email, zeip(), $emailinfo, $old);
break;
case 'Address':
payoutAddressChanged($email, zeip(), $emailinfo);
break;
case 'Password':
passChanged($email, zeip(), $emailinfo);
break;
}
}
iroiroattanoyo:
$pg = settings($data, $user, $email, $addr, $err);
return $pg;
}
$_SESSION['signature'] = $ir['signature'];
$_SESSION['bloglevel'] = $ir['bloglevel'];
echo '<div id="container">
<div id="content-container">
<div id="side">';
include "includes/blocks.php";
echo '</div>
<div id="content">';
echo '<div class=\'msg\'>You\'ve now logged on.</div>';
echo '<meta http-equiv="REFRESH" content="0;url=' . $domain . '">';
echo '</div></div></div>';
} elseif (md5($password) == $ir['password']) {
$salt = createSalt();
//creates a 3 character string
$newPass = setPass($password, $salt);
$db->query(sprintf('UPDATE fas_users SET password = \'%s\', salt = \'%s\' WHERE username = \'%s\'', $newPass, $salt, $username));
$_SESSION['username'] = $username;
$_SESSION['userid'] = $ir['userid'];
$_SESSION['website'] = $ir['website'];
$_SESSION['signature'] = $ir['signature'];
$_SESSION['bloglevel'] = $ir['bloglevel'];
echo '<div id="container">
<div id="content-container">
<div id="side">';
include "includes/blocks.php";
echo '</div>
<div id="content">';
echo '<div class=\'msg\'>You\'ve now logged on.</div>';
echo '<meta http-equiv="REFRESH" content="0;url=' . $domain . '">';
