Exemplos de código com smf_passgen em PHP

Exemplo n.º 1

0

Exibir arquivo

Arquivo: usercp.pass.php Projeto: wilian32/xbtit

         err_msg($language["ERROR"], $language["INS_NEW_PWD"]);
         stdfoot();
         exit;
     } elseif ($_POST["new_pwd"] != $_POST["new_pwd1"]) {
         err_msg($language["ERROR"], $language["DIF_PASSWORDS"]);
         stdfoot();
         exit;
     } else {
         $respwd = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}users WHERE id={$uid} AND password='******' AND username="******"username"]) . "");
         if (!$respwd || mysql_num_rows($respwd) == 0) {
             err_msg($language["ERROR"], $language["ERR_RETR_DATA"]);
         } else {
             $arr = mysql_fetch_assoc($respwd);
             do_sqlquery("UPDATE {$TABLE_PREFIX}users SET password='******' WHERE id={$uid} AND password='******' AND username="******"username"]) . "") or die(mysql_error());
             if ($GLOBALS["FORUMLINK"] == "smf") {
                 $passhash = smf_passgen($CURUSER["username"], $_POST["new_pwd"]);
                 do_sqlquery("UPDATE {$db_prefix}members SET passwd='{$passhash['0']}', passwordSalt='{$passhash['1']}' WHERE ID_MEMBER=" . $arr["smf_fid"]) or die(mysql_error());
             }
             success_msg($language["PWD_CHANGED"], "" . $language["NOW_LOGIN"] . "<br /><a href=\"index.php?page=login\">Go</a>");
             stdfoot(true, false);
         }
     }
     break;
 case '':
 case 'change':
 default:
     $pwdtpl = array();
     $pwdtpl["frm_action"] = "index.php?page=usercp&amp;do=pwd&amp;action=post&amp;uid=" . $uid . "";
     $pwdtpl["frm_cancel"] = "index.php?page=usercp&amp;uid=" . $uid . "";
     $usercptpl->set("pwd", $pwdtpl);
     break;

Exemplo n.º 2

0

Exibir arquivo

Arquivo: account.php Projeto: wilian32/xbtit

function aggiungiutente()
{
    global $SITENAME, $SITEEMAIL, $BASEURL, $VALIDATION, $USERLANG, $USE_IMAGECODE, $TABLE_PREFIX, $XBTT_USE, $language, $THIS_BASEPATH, $FORUMLINK, $db_prefix;
    $utente = mysql_escape_string($_POST["user"]);
    $pwd = mysql_escape_string($_POST["pwd"]);
    $pwd1 = mysql_escape_string($_POST["pwd1"]);
    $email = mysql_escape_string($_POST["email"]);
    $idlangue = intval($_POST["language"]);
    $idstyle = intval($_POST["style"]);
    $idflag = intval($_POST["flag"]);
    $timezone = intval($_POST["timezone"]);
    if (strtoupper($utente) == strtoupper("Guest")) {
        err_msg($language["ERROR"], $language["ERR_GUEST_EXISTS"]);
        stdfoot();
        exit;
    }
    if ($pwd != $pwd1) {
        err_msg($language["ERROR"], $language["DIF_PASSWORDS"]);
        stdfoot();
        exit;
    }
    if ($VALIDATION == "none") {
        $idlevel = 3;
    } else {
        $idlevel = 2;
    }
    # Create Random number
    $floor = 100000;
    $ceiling = 999999;
    srand((double) microtime() * 1000000);
    $random = rand($floor, $ceiling);
    if ($utente == "" || $pwd == "" || $email == "") {
        return -1;
        exit;
    }
    $res = do_sqlquery("SELECT email FROM {$TABLE_PREFIX}users WHERE email='{$email}'");
    if (mysql_num_rows($res) > 0) {
        return -2;
        exit;
    }
    // valid email check - by vibes
    $regex = "^[_+a-z0-9-]+(\\.[_+a-z0-9-]+)*" . "@[a-z0-9-]+(\\.[a-z0-9-]{1,})*" . "\\.([a-z]{2,}){1}\$";
    if (!eregi($regex, $email)) {
        return -3;
        exit;
    }
    // valid email check end
    // duplicate username
    $res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE username='******'");
    if (mysql_num_rows($res) > 0) {
        return -4;
        exit;
    }
    // duplicate username
    if (strpos(mysql_escape_string($utente), " ") == true) {
        return -7;
        exit;
    }
    if ($USE_IMAGECODE) {
        if (extension_loaded('gd')) {
            $arr = gd_info();
            if ($arr['FreeType Support'] == 1) {
                $public = $_POST['public_key'];
                $private = $_POST['private_key'];
                $p = new ocr_captcha();
                if ($p->check_captcha($public, $private) != true) {
                    err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
                    stdfoot();
                    exit;
                }
            } else {
                include "{$THIS_BASEPATH}/include/security_code.php";
                $scode_index = intval($_POST["security_index"]);
                if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
                    err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
                    stdfoot();
                    exit;
                }
            }
        } else {
            include "{$THIS_BASEPATH}/include/security_code.php";
            $scode_index = intval($_POST["security_index"]);
            if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
                err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
                stdfoot();
                exit;
            }
        }
    } else {
        include "{$THIS_BASEPATH}/include/security_code.php";
        $scode_index = intval($_POST["security_index"]);
        if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
            err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
            stdfoot();
            exit;
        }
    }
    $bannedchar = array("\\", "/", ":", "*", "?", "\"", "@", "\$", "'", "`", ",", ";", ".", "<", ">", "!", "£", "%", "^", "&", "(", ")", "+", "=", "#", "~");
    if (straipos(mysql_escape_string($utente), $bannedchar) == true) {
        return -8;
        exit;
    }
    if (strlen(mysql_real_escape_string($pwd)) < 4) {
        return -9;
        exit;
    }
    $pid = md5(uniqid(rand(), true));
    do_sqlquery("INSERT INTO {$TABLE_PREFIX}users (username, password, random, id_level, email, style, language, flag, joined, lastconnect, pid, time_offset) VALUES ('{$utente}', '" . md5($pwd) . "', {$random}, {$idlevel}, '{$email}', {$idstyle}, {$idlangue}, {$idflag}, NOW(), NOW(),'{$pid}', '" . $timezone . "')", true);
    $newuid = mysql_insert_id();
    // Continue to create smf members if they disable smf mode
    // $test=do_sqlquery("SELECT COUNT(*) FROM {$db_prefix}members");
    $test = do_sqlquery("SHOW TABLES LIKE '{$db_prefix}members'");
    if ($FORUMLINK == "smf" || mysql_num_rows($test)) {
        $smfpass = smf_passgen($utente, $pwd);
        $flevel = $idlevel + 10;
        do_sqlquery("INSERT INTO {$db_prefix}members (memberName, dateRegistered, ID_GROUP, realName, passwd, emailAddress, memberIP, memberIP2, is_activated, passwordSalt) VALUES ('{$utente}', UNIX_TIMESTAMP(), {$flevel}, '{$utente}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')");
        $fid = mysql_insert_id();
        do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = {$fid} WHERE `variable` = 'latestMember'");
        do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = '{$utente}' WHERE `variable` = 'latestRealName'");
        do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = UNIX_TIMESTAMP() WHERE `variable` = 'memberlist_updated'");
        do_sqlquery("UPDATE {$TABLE_PREFIX}users SET smf_fid={$fid} WHERE id={$newuid}");
    }
    // xbt
    if ($XBTT_USE) {
        $resin = do_sqlquery("INSERT INTO xbt_users (uid, torrent_pass) VALUES ({$newuid},'{$pid}')");
    }
    if ($VALIDATION == "user") {
        ini_set("sendmail_from", "");
        if (mysql_errno() == 0) {
            send_mail($email, $language["ACCOUNT_CONFIRM"], $language["ACCOUNT_MSG"] . "\n\n" . $BASEURL . "/index.php?page=account&act=confirm&confirm={$random}&language={$idlangue}");
            write_log("Signup new user {$utente} ({$email})", "add");
        } else {
            die(mysql_error());
        }
    }
    return mysql_errno();
}

Exemplo n.º 3

0

Exibir arquivo

Arquivo: login.php Projeto: Karpec/gizd

 }
 // If we've reached this point we can set the cookies
 // call the logoutcookie function for good measure, just in case we have some old cookies that need destroying.
 logoutcookie();
 // Then login
 logincookie($row, $user);
 if (substr($FORUMLINK, 0, 3) == "smf" && $smf_pass == $row["passwd"]) {
     $new_smf_salt = substr(md5(rand()), 0, 4);
     do_sqlquery("UPDATE `{$db_prefix}members` SET " . ($FORUMLINK == "smf" ? "`passwordSalt`" : "`password_salt`") . "='" . $new_smf_salt . "' WHERE " . ($FORUMLINK == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $row["smf_fid"], true);
     set_smf_cookie($row["smf_fid"], $row["passwd"], $new_smf_salt);
 } elseif (substr($FORUMLINK, 0, 3) == "smf" && $row["pass_type"] == 1 && $row["password"] == $row["passwd"]) {
     $salt = substr(md5(rand()), 0, 4);
     do_sqlquery("UPDATE `{$db_prefix}members` SET `passwd`='{$smf_pass}', " . ($FORUMLINK == "smf" ? "`passwordSalt`='{$salt}' WHERE `ID_MEMBER`" : "`password_salt`='{$salt}' WHERE `id_member`") . "=" . $row["smf_fid"]);
     set_smf_cookie($row["smf_fid"], $smf_pass, $salt);
 } elseif (substr($FORUMLINK, 0, 3) == "smf" && $row["passwd"] == "ffffffffffffffffffffffffffffffffffffffff") {
     $fix_pass = smf_passgen($user, $pwd);
     do_sqlquery("UPDATE `{$db_prefix}members` SET `passwd`='" . $fix_pass[0] . "', " . ($FORUMLINK == "smf" ? "`passwordSalt`='" . $fix_pass[1] . "' WHERE `ID_MEMBER`" : "`password_salt`='" . $fix_pass[1] . "' WHERE `id_member`") . "=" . $row["smf_fid"]);
     set_smf_cookie($row["smf_fid"], $fix_pass[0], $fix_pass[1]);
 } elseif ($FORUMLINK == "ipb") {
     if ($row["members_pass_hash"] == "ffffffffffffffffffffffffffffffff") {
         if (!defined('IPS_ENFORCE_ACCESS')) {
             define('IPS_ENFORCE_ACCESS', true);
         }
         if (!defined('IPB_THIS_SCRIPT')) {
             define('IPB_THIS_SCRIPT', 'public');
         }
         if (!isset($THIS_BASEPATH) || empty($THIS_BASEPATH)) {
             $THIS_BASEPATH = dirname(__FILE__);
         }
         require_once $THIS_BASEPATH . '/ipb/initdata.php';
         require_once IPS_ROOT_PATH . 'sources/base/ipsRegistry.php';

Exemplo n.º 4

0

Exibir arquivo

Arquivo: admin.users.tools.php Projeto: Karpec/gizd

         } elseif (preg_match($pattern4, substr($pass, $pass_position, 1), $matches)) {
             $sym_count++;
         }
     }
     $newpassword = pass_the_salt(30);
     if ($lct_count < $pass_min_req[1] || $uct_count < $pass_min_req[2] || $num_count < $pass_min_req[3] || $sym_count < $pass_min_req[4]) {
         stderr($language["ERROR"], $language["ERR_PASS_TOO_WEAK_1A"] . ":<br /><br />" . ($pass_min_req[1] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[1] . "</span> " . ($pass_min_req[1] == 1 ? $language["ERR_PASS_TOO_WEAK_2"] : $language["ERR_PASS_TOO_WEAK_2A"]) . "</li>" : "") . ($pass_min_req[2] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[2] . "</span> " . ($pass_min_req[2] == 1 ? $language["ERR_PASS_TOO_WEAK_3"] : $language["ERR_PASS_TOO_WEAK_3A"]) . "</li>" : "") . ($pass_min_req[3] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[3] . "</span> " . ($pass_min_req[3] == 1 ? $language["ERR_PASS_TOO_WEAK_4"] : $language["ERR_PASS_TOO_WEAK_4A"]) . "</li>" : "") . ($pass_min_req[4] > 0 ? "<li><span style='color:blue;font-weight:bold;'>" . $pass_min_req[4] . "</span> " . ($pass_min_req[4] == 1 ? $language["ERR_PASS_TOO_WEAK_5"] : $language["ERR_PASS_TOO_WEAK_5A"]) . "</li>" : "") . "<br />" . $language["ERR_PASS_TOO_WEAK_6"] . ":<br /><br /><span style='color:blue;font-weight:bold;'>" . $newpassword . "</span><br />");
     }
     $un = !empty($new_username) && $new_username != $curu["username"] ? $new_username : $curu["username"];
     $multipass = hash_generate(array("salt" => ""), $pass, $un);
     $j = $btit_settings["secsui_pass_type"];
     $set[] = "`password`=" . sqlesc($multipass[$j]["rehash"]);
     $set[] = "`salt`=" . sqlesc($multipass[$j]["salt"]);
     $set[] = "`pass_type`=" . sqlesc($j);
     $set[] = "`dupe_hash`=" . sqlesc($multipass[$j]["dupehash"]);
     $passhash = smf_passgen($un, $pass);
     $smfset[] = '`passwd`=' . sqlesc($passhash[0]);
     $smfset[] = '`password' . ($FORUMLINK == "smf" ? "S" : "_s") . 'alt`=' . sqlesc($passhash[1]);
     if ($FORUMLINK == "ipb") {
         $ipbhash = ipb_passgen($pass);
         IPSMember::save($ipb_fid, array("members" => array("member_login_key" => "", "member_login_key_expire" => "0", "members_pass_hash" => "{$ipbhash['0']}", "members_pass_salt" => "{$ipbhash['1']}")));
     }
 }
 $set[] = "block_comment='" . (isset($_POST["block_comment"]) ? "yes" : "no") . "'";
 $set[] = "sbox='" . (isset($_POST["sbox"]) ? "yes" : "no") . "'";
 //user images
 $set[] = "dona='" . (isset($_POST["dona"]) ? "yes" : "no") . "'";
 $set[] = "donb='" . (isset($_POST["donb"]) ? "yes" : "no") . "'";
 $set[] = "birt='" . (isset($_POST["birt"]) ? "yes" : "no") . "'";
 $set[] = "mal='" . (isset($_POST["mal"]) ? "yes" : "no") . "'";
 $set[] = "fem='" . (isset($_POST["fem"]) ? "yes" : "no") . "'";

Exemplo n.º 5

0

Exibir arquivo

Arquivo: admin.users.chknew.php Projeto: Karpec/gizd

 srand((double) microtime() * 1000000);
 $random = rand($floor, $ceiling);
 // finally insert new user
 $pid = md5(uniqid(rand(), true));
 $multipass = hash_generate(array("salt" => ""), $_POST["pwd"], $_POST["username"]);
 $i = $btit_settings["secsui_pass_type"];
 do_sqlquery("INSERT INTO `{$TABLE_PREFIX}users` (`username`, `password`, `salt`, `pass_type`, `dupe_hash`, `random`, `id_level`, `email`, `style`, `language`, `joined`, `lastconnect`, `pid`) VALUES ('" . $username . "', '" . mysqli_real_escape_string($DBDT, $multipass[$i]["rehash"]) . "', '" . mysqli_real_escape_string($DBDT, $multipass[$i]["salt"]) . "', '" . $i . "', '" . mysqli_real_escape_string($DBDT, $multipass[$i]["dupehash"]) . "', " . $random . ", " . $idlevel . ", '" . $email . "', " . $idstyle . ", " . $idlangue . ", NOW(), NOW(),'" . $pid . "')", true);
 $newuid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
 if (!isset($db_prefix)) {
     $db_prefix = "smf_";
 }
 // Continue to create smf members if they disable smf mode
 // $test=do_sqlquery("SELECT COUNT(*) FROM {$db_prefix}members");
 $test = do_sqlquery("SHOW TABLES LIKE '{$db_prefix}members'");
 if (substr($FORUMLINK, 0, 3) == "smf" || mysqli_num_rows($test)) {
     $smfpass = smf_passgen($username, $pwd);
     $check_lev = get_result("SELECT `smf_group_mirror` FROM `{$TABLE_PREFIX}users_level` WHERE `id`=" . $idlevel);
     $flevel = $checklev[0]["smf_group_mirror"] > 0 ? $checklev[0]["smf_group_mirror"] : $idlevel + 10;
     if ($FORUMLINK == "smf") {
         do_sqlquery("INSERT INTO `{$db_prefix}members` (`memberName`, `dateRegistered`, `ID_GROUP`, `realName`, `passwd`, `emailAddress`, `memberIP`, `memberIP2`, `is_activated`, `passwordSalt`) VALUES ('{$username}', UNIX_TIMESTAMP(), {$flevel}, '{$username}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')");
     } else {
         do_sqlquery("INSERT INTO `{$db_prefix}members` (`member_name`, `date_registered`, `id_group`, `real_name`, `passwd`, `email_address`, `member_ip`, `member_ip2`, `is_activated`, `password_salt`) VALUES ('{$username}', UNIX_TIMESTAMP(), {$flevel}, '{$username}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')");
     }
     $fid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
     do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = {$fid} WHERE `variable` = 'latestMember'");
     do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = '{$username}' WHERE `variable` = 'latestRealName'");
     do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = UNIX_TIMESTAMP() WHERE `variable` = 'memberlist_updated'");
     do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `smf_fid`={$fid} WHERE `id`={$newuid}");
 }
 // Continue to create ipb members if they disable ipb mode
 $test = do_sqlquery("SHOW TABLES LIKE '{$ipb_prefix}members'");

Exemplo n.º 6

0

Exibir arquivo

Arquivo: admin.users.tools.php Projeto: wilian32/xbtit

     }
     if ($uploaded != $curu['uploaded']) {
         $xbtset[] = 'uploaded=' . $uploaded;
         $set[] = 'uploaded=0';
     }
 } else {
     if ($uploaded != $curu['uploaded']) {
         $set[] = 'uploaded=' . $uploaded;
     }
     if ($downloaded != $curu['downloaded']) {
         $set[] = 'downloaded=' . $downloaded;
     }
 }
 if ($chpass) {
     $set[] = 'password='******'passwd=' . sqlesc($passhash[0]);
     $smfset[] = 'passwordSalt=' . sqlesc($passhash[1]);
 }
 $updateset = isset($set) ? implode(',', $set) : '';
 $updatesetxbt = isset($xbtset) ? implode(',', $xbtset) : '';
 $updatesetsmf = isset($smfset) ? implode(',', $smfset) : '';
 if ($updateset != '') {
     if ($XBTT_USE && $updatesetxbt != '') {
         quickQuery('UPDATE xbt_users SET ' . $updatesetxbt . ' WHERE uid=' . $uid . ' LIMIT 1;');
     }
     if ($FORUMLINK == 'smf' && $updatesetsmf != '' && !is_bool($smf_fid)) {
         quickQuery('UPDATE ' . $db_prefix . 'members SET ' . $updatesetsmf . ' WHERE ID_MEMBER=' . $smf_fid . ' LIMIT 1;');
     }
     quickQuery('UPDATE ' . $TABLE_PREFIX . 'users SET ' . $updateset . ' WHERE id=' . $uid . ' LIMIT 1;');
     success_msg($language['SUCCESS'], $language['INF_CHANGED'] . $note . '<br /><a href="index.php?page=admin&amp;user='******'uid'] . '&amp;code=' . $CURUSER['random'] . '">' . $language['MNU_ADMINCP'] . '</a>');

Exemplo n.º 7

0

Exibir arquivo

Arquivo: recover.php Projeto: r4kib/cyberfun-xbtit

    if ($random != $arr["random"]) {
        stderr($language["ERROR"], $language["ERR_UPDATE_USER"]);
    }
    $email = $arr["email"];
    // generate new password;
    $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
    $newpassword = "";
    for ($i = 0; $i < 10; $i++) {
        $newpassword .= $chars[mt_rand(0, strlen($chars) - 1)];
    }
    do_sqlquery("UPDATE {$TABLE_PREFIX}users SET password='******' WHERE id={$id} AND random={$random}", true);
    if (!mysql_affected_rows()) {
        stderr($language["ERROR"], $language["ERR_UPDATE_USER"]);
    }
    if ($GLOBALS["FORUMLINK"] == "smf") {
        $passhash = smf_passgen($arr["username"], $newpassword);
        do_sqlquery("UPDATE {$db_prefix}members SET passwd='{$passhash['0']}', passwordSalt='{$passhash['1']}' WHERE ID_MEMBER=" . $arr["smf_fid"], true);
    }
    $body = sprintf($language["RECOVER_EMAIL_2"], $arr["username"], $newpassword, "{$BASEURL}/index.php?page=login", $SITENAME);
    send_mail($email, "{$SITENAME} " . $language["ACCOUNT_DETAILS"], $body) or stderr($language["ERROR"], $language["ERR_SEND_EMAIL"]);
    redirect("index.php?page=recover&act=recover_ok&id={$id}&random={$random}");
    die;
} elseif ($act == "recover_ok") {
    $id = intval(0 + $_GET["id"]);
    $random = intval($_GET["random"]);
    if (!$id || !$random || empty($random) || $random == 0) {
        stderr($language["ERROR"], $language["ERR_UPDATE_USER"]);
    }
    $res = do_sqlquery("SELECT username, email, random" . ($GLOBALS["FORUMLINK"] == "smf" ? ", smf_fid" : "") . " FROM {$TABLE_PREFIX}users WHERE id = {$id}", true);
    $arr = mysql_fetch_array($res);
    if ($random != $arr["random"]) {

Exemplo n.º 8

0

Exibir arquivo

Arquivo: account.php Projeto: Karpec/gizd

function aggiungiutente()
{
    global $DBDT, $INVITATIONSON, $VALID_INV, $SITENAME, $SITEEMAIL, $BASEURL, $VALIDATION, $USERLANG, $USE_IMAGECODE, $TABLE_PREFIX, $XBTT_USE, $language, $THIS_BASEPATH, $FORUMLINK, $db_prefix, $btit_settings;
    $dobdate = $_POST["datepicker"];
    $parts = explode('-', $dobdate);
    $dobday = $parts[0];
    $dobmonth = $parts[1];
    $dobyear = $parts[2];
    $utente = mysqli_real_escape_string($DBDT, $_POST["user"]);
    $pwd = mysqli_real_escape_string($DBDT, $_POST["pwd"]);
    $pwd1 = mysqli_real_escape_string($DBDT, $_POST["pwd1"]);
    $email = mysqli_real_escape_string($DBDT, $_POST["email"]);
    if (isset($_POST["language"])) {
        $idlangue = intval($_POST["language"]);
    } else {
        $idlangue = max(1, $btit_settings["default_language"]);
    }
    if (isset($_POST["style"])) {
        $idstyle = intval($_POST["style"]);
    } else {
        $idstyle = max(1, $btit_settings["default_style"]);
    }
    $idflag = intval($_POST["flag"]);
    $timezone = intval($_POST["timezone"]);
    $heard = mysqli_real_escape_string($DBDT, $_POST["heardaboutus"]);
    // Dt Referral
    if ($btit_settings["ref_on"] == true) {
        $rid = intval($_POST["refa"]);
    }
    // Dt Referral
    if (strtoupper($utente) == strtoupper("Guest")) {
        err_msg($language["ERROR"], $language["ERR_GUEST_EXISTS"]);
        stdfoot();
        exit;
    }
    if ($pwd != $pwd1) {
        err_msg($language["ERROR"], $language["DIF_PASSWORDS"]);
        stdfoot();
        exit;
    }
    if ($VALIDATION == "none") {
        $idlevel = 3;
    } else {
        $idlevel = 2;
    }
    //begin invitation system by dodge
    if ($INVITATIONSON == "true") {
        if ($VALID_INV == "true") {
            $idlevel = 2;
        } else {
            $idlevel = 3;
        }
    }
    //end invitation system
    # Create Random number
    $floor = 100000;
    $ceiling = 999999;
    srand((double) microtime() * 1000000);
    $random = rand($floor, $ceiling);
    if ($utente == "" || $pwd == "" || $email == "") {
        return -1;
        exit;
    }
    $res = do_sqlquery("SELECT email FROM {$TABLE_PREFIX}users WHERE email='{$email}'", true);
    if (mysqli_num_rows($res) > 0) {
        return -2;
        exit;
    }
    // valid email check - by vibes
    $regex = '/\\b[\\w\\.-]+@[\\w\\.-]+\\.\\w{2,4}\\b/i';
    if (!preg_match($regex, $email)) {
        return -3;
        exit;
    }
    // valid email check end
    //Function changed by fatepower so now the variable checks the right data.
    //Added the image also. Cheers boys
    // check if IP is already in use
    if ($btit_settings["dupip"] == "true") {
        $ip = getip();
        $i = @mysqli_fetch_row(@mysqli_query($GLOBALS["___mysqli_ston"], "SELECT count(*) FROM {$TABLE_PREFIX}users WHERE cip='{$ip}'")) or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
        if ($i[0] != 0) {
            err_msg(ERROR, "[" . $ip . "]<br /><img src=\"images/shared_ip.gif\" border=\"0\" alt=\"\" />");
            block_end();
            stdfoot();
            exit;
        }
    }
    // duplicate username
    $res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE username='******'", true);
    if (mysqli_num_rows($res) > 0) {
        return -4;
        exit;
    }
    // duplicate username
    if (strpos(mysqli_real_escape_string($DBDT, $utente), " ") == true) {
        return -7;
        exit;
    }
    if ($btit_settings["gcsw"] == false) {
        if ($USE_IMAGECODE) {
            if (extension_loaded('gd')) {
                $arr = gd_info();
                if ($arr['FreeType Support'] == 1) {
                    $public = $_POST['public_key'];
                    $private = $_POST['private_key'];
                    $p = new ocr_captcha();
                    if ($p->check_captcha($public, $private) != true) {
                        err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
                        stdfoot();
                        exit;
                    }
                } else {
                    include "{$THIS_BASEPATH}/include/security_code.php";
                    $scode_index = intval($_POST["security_index"]);
                    if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
                        err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
                        stdfoot();
                        exit;
                    }
                }
            } else {
                include "{$THIS_BASEPATH}/include/security_code.php";
                $scode_index = intval($_POST["security_index"]);
                if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
                    err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
                    stdfoot();
                    exit;
                }
            }
        } else {
            include "{$THIS_BASEPATH}/include/security_code.php";
            $scode_index = intval($_POST["security_index"]);
            if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
                err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
                stdfoot();
                exit;
            }
        }
    } else {
        require_once "include/recaptchalib.php";
        // reCAPTCHA supported 40+ languages listed here: https://developers.google.com/recaptcha/docs/language
        $lang = "en";
        // The response from reCAPTCHA
        $resp = null;
        // The error code from reCAPTCHA, if any
        $error = null;
        $reCaptcha = new ReCaptcha($btit_settings["gcsekk"]);
        if ($_POST["g-recaptcha-response"]) {
            $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
        } else {
            err_msg($language["ERROR"], "Recaptcha Not submitted");
            stdfoot();
            exit;
        }
        if ($resp != null && $resp->success) {
        } else {
            err_msg($language["ERROR"], "Google reports , you are a Robot !");
            stdfoot();
            exit;
        }
    }
    $bannedchar = array("\\", "/", ":", "*", "?", "\"", "@", "\$", "'", "`", ",", ";", ".", "<", ">", "!", "£", "%", "^", "&", "(", ")", "+", "=", "#", "~");
    if (straipos(mysqli_real_escape_string($DBDT, $utente), $bannedchar) == true) {
        return -8;
        exit;
    }
    $pass_to_test = $_POST["pwd"];
    $pass_min_req = explode(",", $btit_settings["secsui_pass_min_req"]);
    if (strlen($pass_to_test) < $pass_min_req[0]) {
        return -9;
        exit;
    }
    $exploded = explode("@", $email);
    $exploded2 = explode(".", $exploded[1]);
    $cheapmail = mysqli_real_escape_string($DBDT, $exploded[1]);
    $cheapmail2 = mysqli_real_escape_string($DBDT, "@" . $exploded2[0] . ".");
    $mailischeap = do_sqlquery("SELECT `domain` FROM `{$TABLE_PREFIX}cheapmail` WHERE `domain`='" . $cheapmail . "' OR `domain`='" . $cheapmail2 . "'", true);
    if (@mysqli_num_rows($mailischeap) > 0) {
        return -999;
    }
    $userip = getip();
    $signupipblock = @mysqli_fetch_assoc(@mysqli_query($GLOBALS["___mysqli_ston"], "SELECT `id` FROM `{$TABLE_PREFIX}signup_ip_block` WHERE `first_ip` <=INET_ATON('{$userip}') AND `last_ip` >=INET_ATON('{$userip}')"));
    if ($signupipblock) {
        return -99;
        exit;
    }
    $lct_count = 0;
    $uct_count = 0;
    $num_count = 0;
    $sym_count = 0;
    $pass_end = (int) (strlen($pass_to_test) - 1);
    $pass_position = 0;
    $pattern1 = '#[a-z]#';
    $pattern2 = '#[A-Z]#';
    $pattern3 = '#[0-9]#';
    $pattern4 = '/[¬!"£$%^&*()`{}\\[\\]:@~;\'#<>?,.\\/\\-=_+\\|]/';
    for ($pass_position = 0; $pass_position <= $pass_end; $pass_position++) {
        if (preg_match($pattern1, substr($pass_to_test, $pass_position, 1), $matches)) {
            $lct_count++;
        } elseif (preg_match($pattern2, substr($pass_to_test, $pass_position, 1), $matches)) {
            $uct_count++;
        } elseif (preg_match($pattern3, substr($pass_to_test, $pass_position, 1), $matches)) {
            $num_count++;
        } elseif (preg_match($pattern4, substr($pass_to_test, $pass_position, 1), $matches)) {
            $sym_count++;
        }
    }
    if ($lct_count < $pass_min_req[1] || $uct_count < $pass_min_req[2] || $num_count < $pass_min_req[3] || $sym_count < $pass_min_req[4]) {
        return -998;
        exit;
    }
    $multipass = hash_generate(array("salt" => ""), $_POST["pwd"], $_POST["user"]);
    $i = $btit_settings["secsui_pass_type"];
    $sql = "SELECT value FROM {$TABLE_PREFIX}settings WHERE `key` = \"donate_upload\"";
    $req = mysqli_query($GLOBALS["___mysqli_ston"], $sql) or die('Erreur SQL !<br />' . $sql . '<br />' . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
    $result = mysqli_fetch_array($req);
    $credit = $result['value'];
    $sql = "SELECT value FROM {$TABLE_PREFIX}settings WHERE `key` = \"unit\"";
    $req = mysqli_query($GLOBALS["___mysqli_ston"], $sql) or die('Erreur SQL !<br />' . $sql . '<br />' . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
    $result = mysqli_fetch_array($req);
    $unit = $result['value'];
    mysqli_free_result($req) || is_object($req) && get_class($req) == "mysqli_result" ? true : false;
    $kb = 1024;
    $mb = 1024 * 1024;
    $gb = 1024 * 1024 * 1024;
    $tb = 1024 * 1024 * 1024 * 1024;
    if ($unit == 'Kb') {
        $uploaded = $credit * $kb;
    } elseif ($unit == 'Mb') {
        $uploaded = $credit * $mb;
    } elseif ($unit == 'Gb') {
        $uploaded = $credit * $gb;
    } elseif ($unit == 'Tb') {
        $uploaded = $credit * $tb;
    }
    $realdate = checkdate($dobmonth, $dobday, $dobyear);
    if ($realdate) {
        $dob = $dobyear . "-" . $dobmonth . "-" . $dobday;
        $age = userage($dobyear, $dobmonth, $dobday);
        $dobtime = mktime(0, 0, 0, $dobmonth, $dobday, $dobyear);
        if ($dobtime > time()) {
            err_msg($language["ERROR"], $language["ERR_BORN_IN_FUTURE"]);
            stdfoot();
            exit;
        } elseif ($age < $btit_settings["birthday_lower_limit"]) {
            err_msg($language["ERROR"], $language["ERR_DOB_1"] . $age . $language["ERR_DOB_2"]);
            stdfoot();
            exit;
        } elseif ($age > $btit_settings["birthday_upper_limit"]) {
            err_msg($language["ERROR"], $language["ERR_DOB_1"] . $age . $language["ERR_DOB_2"]);
            stdfoot();
            exit;
        }
    } else {
        err_msg($language["ERROR"], $language["INVALID_DOB_1"] . $dobday . "/" . $dobmonth . "/" . $dobyear . $language["INVALID_DOB_2"]);
        stdfoot();
        exit;
    }
    $mtpp = $btit_settings["max_torrents_per_page"];
    $pid = md5(uniqid(rand(), true));
    $gen = intval($_POST['gen']);
    do_sqlquery("INSERT INTO `{$TABLE_PREFIX}users` (`username`, `password`, `dob` ,`salt`, `pass_type`, `dupe_hash`, `random`, `id_level`, `email`, `style`, `language`, `flag`, `joined`, `lastconnect`, `pid`, `time_offset`, `whereheard`,`gender` , `torrentsperpage`) VALUES ('" . $utente . "', '" . mysqli_real_escape_string($DBDT, $multipass[$i]["rehash"]) . "', '" . $dob . "' , '" . mysqli_real_escape_string($DBDT, $multipass[$i]["salt"]) . "', '" . $i . "', '" . mysqli_real_escape_string($DBDT, $multipass[$i]["dupehash"]) . "', " . $random . ", " . $idlevel . ", '" . $email . "', " . $idstyle . ", " . $idlangue . ", " . $idflag . ", NOW(), NOW(),'" . $pid . "', '" . $timezone . "','" . $heard . "','" . $gen . "','" . $mtpp . "')", true);
    $newuid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
    // DT reputation system start
    $reput = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}reputation_settings WHERE id =1");
    $setrep = mysqli_fetch_array($reput);
    $plus = $setrep["rep_default"];
    if ($setrep["rep_is_online"] == 'false') {
        //do nothing
    } else {
        @mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE {$TABLE_PREFIX}users SET reputation = reputation + '{$plus}' WHERE id='{$newuid}'");
    }
    // DT reputation system end
    //begin invitation system by dodge
    if ($INVITATIONSON == "true") {
        $inviter = 0 + $_POST["inviter"];
        $code = unesc($_POST["code"]);
        $res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE id = {$inviter}", true);
        $arr = mysqli_fetch_assoc($res);
        $invusername = $arr["username"];
        do_sqlquery("UPDATE {$TABLE_PREFIX}users SET invited_by='" . $inviter . "' WHERE id='" . $newuid . "'", true);
        do_sqlquery("UPDATE {$TABLE_PREFIX}invitations SET confirmed='true' WHERE hash='{$code}'", true);
        $msg = sqlesc($language["WELCOME MESSAGE"]);
    }
    //end invitation system
    //DT referral system start
    if ($btit_settings["ref_on"] == true) {
        $rup = $btit_settings["ref_gb"] * 1024 * 1024 * 1024;
        $rap = $btit_settings["ref_sb"];
        do_sqlquery("UPDATE {$TABLE_PREFIX}users SET referral={$rid} where id={$newuid}", true);
        if ($btit_settings["ref_switch"] == true) {
            do_sqlquery("UPDATE {$TABLE_PREFIX}users SET uploaded=uploaded + '{$rup}' where id='{$rid}'");
        } else {
            do_sqlquery("UPDATE {$TABLE_PREFIX}users SET seedbonus=seedbonus + '{$rap}' where id='{$rid}'");
        }
    }
    //DT referral system end
    do_sqlquery("UPDATE {$TABLE_PREFIX}users SET uploaded={$uploaded} WHERE id={$newuid}", true);
    // begin - announce new confirmed user in shoutbox
    if ($btit_settings["sbtwo"] == true) {
        $al = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM {$TABLE_PREFIX}chat ORDER BY id DESC LIMIT 1");
        $rw = mysqli_fetch_assoc($al);
        $ct = $rw["count"] + 1;
        do_sqlquery("INSERT INTO {$TABLE_PREFIX}chat (uid, time, name, text,count) VALUES (0," . time() . ", 'System','[color=green]Welcome New User :[/color][url={$BASEURL}/index.php?page=userdetails&id={$newuid}]" . $utente . "[/url]'," . $ct . ")");
    }
    // end - announce new confirmed user in shoutbox
    // Continue to create smf members if they disable smf mode
    $test = do_sqlquery("SHOW TABLES LIKE '{$db_prefix}members'", true);
    if (substr($FORUMLINK, 0, 3) == "smf" || mysqli_num_rows($test)) {
        $smfpass = smf_passgen($utente, $pwd);
        $fetch = get_result("SELECT `smf_group_mirror` FROM `{$TABLE_PREFIX}users_level` WHERE `id`=" . $idlevel, true, $btit_settings["cache_duration"]);
        $flevel = $fetch[0]["smf_group_mirror"] > 0 ? $fetch[0]["smf_group_mirror"] : $idlevel + 10;
        if ($FORUMLINK == "smf") {
            do_sqlquery("INSERT INTO `{$db_prefix}members` (`memberName`, `dateRegistered`, `ID_GROUP`, `realName`, `passwd`, `emailAddress`, `memberIP`, `memberIP2`, `is_activated`, `passwordSalt`) VALUES ('{$utente}', UNIX_TIMESTAMP(), {$flevel}, '{$utente}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')", true);
        } else {
            do_sqlquery("INSERT INTO `{$db_prefix}members` (`member_name`, `date_registered`, `id_group`, `real_name`, `passwd`, `email_address`, `member_ip`, `member_ip2`, `is_activated`, `password_salt`) VALUES ('{$utente}', UNIX_TIMESTAMP(), {$flevel}, '{$utente}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')", true);
        }
        $fid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
        do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = {$fid} WHERE `variable` = 'latestMember'", true);
        do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = '{$utente}' WHERE `variable` = 'latestRealName'", true);
        do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = UNIX_TIMESTAMP() WHERE `variable` = 'memberlist_updated'", true);
        do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = `value` + 1 WHERE `variable` = 'totalMembers'", true);
        do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `smf_fid`={$fid} WHERE `id`={$newuid}", true);
    }
    // Continue to create ipb members if they disable ipb mode
    $test = do_sqlquery("SHOW TABLES LIKE '{$ipb_prefix}members'");
    if ($FORUMLINK == "ipb" || mysqli_num_rows($test)) {
        ipb_create($utente, $email, $pwd, $idlevel, $newuid);
    }
    // xbt
    if ($XBTT_USE) {
        $resin = do_sqlquery("INSERT INTO xbt_users (uid, torrent_pass) VALUES ({$newuid},'{$pid}')", true);
    }
    include "include/userstuff.php";
    $sub = sqlesc("{$GLOBALS['welcome_sub']}");
    $mess = sqlesc("{$GLOBALS['welcome_msg']}");
    send_pm(0, $newuid, $sub, $mess);
    if ($INVITATIONSON == "true") {
        send_pm('2', $newuid, '" . $language["WELCOME"] . "', $msg);
        if ($VALID_INV == "true") {
            send_mail($email, "{$SITENAME} " . $language["REG_CONFIRM"] . "", $language["INVIT_MSGINFO"] . "{$email}" . $language["INVIT_MSGINFO1"] . " {$utente}\n" . $language["INVIT_MSGINFO2"] . " {$pwd}\n\n" . $language["INVIT_MSGINFO3"], "From: {$SITENAME} <{$SITEEMAIL}>");
        } else {
            send_mail($email, "{$SITENAME} " . $language["REG_CONFIRM"] . "", $language["INVIT_MSGINFO"] . "{$email}" . $language["INVIT_MSGINFO1"] . " {$utente}\n" . $language["INVIT_MSGINFO2"] . " {$pwd}\n\n\n" . $language["INVIT_MSG_AUTOCONFIRM3"], "From: {$SITENAME} <{$SITEEMAIL}>");
        }
        write_log("Signup new user {$utente} ({$email})", "add");
    } else {
        if ($VALIDATION == "user") {
            ini_set("sendmail_from", "");
            if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 0) {
                send_mail($email, $language["ACCOUNT_CONFIRM"], $language["ACCOUNT_MSG"] . "\n\n" . $BASEURL . "/index.php?page=account&act=confirm&confirm={$random}&language={$idlangue}");
                write_log("Signup new user {$utente} ({$email})", "add");
            } else {
                die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
            }
        }
    }
    return is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false);
}

Exemplo n.º 9

0

Exibir arquivo

Arquivo: account.php Projeto: fchypzero/cybyd

function aggiungiutente()
{
    global $SITENAME, $SITEEMAIL, $BASEURL, $VALIDATION, $USERLANG, $USE_IMAGECODE, $TABLE_PREFIX, $XBTT_USE, $language, $THIS_BASEPATH, $FORUMLINK, $db_prefix, $btit_settings;
    $utente = isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $_POST["user"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "");
    $pwd = isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $_POST["pwd"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "");
    $pwd1 = isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $_POST["pwd1"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "");
    $email = isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $_POST["email"]) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "");
    $idlangue = intval($_POST["language"]);
    $idstyle = intval($_POST["style"]);
    $idflag = intval($_POST["flag"]);
    $timezone = intval($_POST["timezone"]);
    if (strtoupper($utente) == strtoupper("Guest")) {
        err_msg($language["ERROR"], $language["ERR_GUEST_EXISTS"]);
        stdfoot();
        exit;
    }
    if ($pwd != $pwd1) {
        err_msg($language["ERROR"], $language["DIF_PASSWORDS"]);
        stdfoot();
        exit;
    }
    if ($VALIDATION == "none") {
        $idlevel = 3;
    } else {
        $idlevel = 2;
    }
    # Create Random number
    $floor = 100000;
    $ceiling = 999999;
    srand((double) microtime() * 1000000);
    $random = rand($floor, $ceiling);
    if ($utente == "" || $pwd == "" || $email == "") {
        return -1;
        exit;
    }
    $res = do_sqlquery("SELECT email FROM {$TABLE_PREFIX}users WHERE email='{$email}'", true);
    if (mysqli_num_rows($res) > 0) {
        return -2;
        exit;
    }
    // valid email check - by vibes
    $regex = '/\\b[\\w\\.-]+@[\\w\\.-]+\\.\\w{2,4}\\b/i';
    if (!preg_match($regex, $email)) {
        return -3;
        exit;
    }
    // valid email check end
    // duplicate username
    $res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE username='******'", true);
    if (mysqli_num_rows($res) > 0) {
        return -4;
        exit;
    }
    // duplicate username
    if (strpos(isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $utente) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : ""), " ") == true) {
        return -7;
        exit;
    }
    if ($USE_IMAGECODE) {
        if (extension_loaded('gd')) {
            $arr = gd_info();
            if ($arr['FreeType Support'] == 1) {
                $public = $_POST['public_key'];
                $private = $_POST['private_key'];
                $p = new ocr_captcha();
                if ($p->check_captcha($public, $private) != true) {
                    err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
                    stdfoot();
                    exit;
                }
            } else {
                include "{$THIS_BASEPATH}/include/security_code.php";
                $scode_index = intval($_POST["security_index"]);
                if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
                    err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
                    stdfoot();
                    exit;
                }
            }
        } else {
            include "{$THIS_BASEPATH}/include/security_code.php";
            $scode_index = intval($_POST["security_index"]);
            if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
                err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
                stdfoot();
                exit;
            }
        }
    } else {
        include "{$THIS_BASEPATH}/include/security_code.php";
        $scode_index = intval($_POST["security_index"]);
        if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
            err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
            stdfoot();
            exit;
        }
    }
    $bannedchar = array("\\", "/", ":", "*", "?", "\"", "@", "\$", "'", "`", ",", ";", ".", "<", ">", "!", "£", "%", "^", "&", "(", ")", "+", "=", "#", "~");
    if (straipos(isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $utente) : (trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : ""), $bannedchar) == true) {
        return -8;
        exit;
    }
    $pass_to_test = $_POST["pwd"];
    $pass_min_req = explode(",", $btit_settings["secsui_pass_min_req"]);
    if (strlen($pass_to_test) < $pass_min_req[0]) {
        return -9;
        exit;
    }
    $lct_count = 0;
    $uct_count = 0;
    $num_count = 0;
    $sym_count = 0;
    $pass_end = (int) (strlen($pass_to_test) - 1);
    $pass_position = 0;
    $pattern1 = '#[a-z]#';
    $pattern2 = '#[A-Z]#';
    $pattern3 = '#[0-9]#';
    $pattern4 = '/[¬!"£$%^&*()`{}\\[\\]:@~;\'#<>?,.\\/\\-=_+\\|]/';
    for ($pass_position = 0; $pass_position <= $pass_end; $pass_position++) {
        if (preg_match($pattern1, substr($pass_to_test, $pass_position, 1), $matches)) {
            $lct_count++;
        } elseif (preg_match($pattern2, substr($pass_to_test, $pass_position, 1), $matches)) {
            $uct_count++;
        } elseif (preg_match($pattern3, substr($pass_to_test, $pass_position, 1), $matches)) {
            $num_count++;
        } elseif (preg_match($pattern4, substr($pass_to_test, $pass_position, 1), $matches)) {
            $sym_count++;
        }
    }
    if ($lct_count < $pass_min_req[1] || $uct_count < $pass_min_req[2] || $num_count < $pass_min_req[3] || $sym_count < $pass_min_req[4]) {
        return -998;
        exit;
    }
    $multipass = hash_generate(array("salt" => ""), $_POST["pwd"], $_POST["user"]);
    $i = $btit_settings["secsui_pass_type"];
    $pid = md5(uniqid(rand(), true));
    do_sqlquery("INSERT INTO `{$TABLE_PREFIX}users` (`username`, `password`, `salt`, `pass_type`, `dupe_hash`, `random`, `id_level`, `email`, `style`, `language`, `flag`, `joined`, `lastconnect`, `pid`, `time_offset`) VALUES ('" . $utente . "', '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["rehash"]) : (trigger_error("[MySQLConverterToo] Fix the mysqli_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["salt"]) : (trigger_error("[MySQLConverterToo] Fix the mysqli_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', '" . $i . "', '" . (isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"]) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $multipass[$i]["dupehash"]) : (trigger_error("[MySQLConverterToo] Fix the mysqli_escape_string() call! This code does not work.", E_USER_ERROR) ? "" : "")) . "', " . $random . ", " . $idlevel . ", '" . $email . "', " . $idstyle . ", " . $idlangue . ", " . $idflag . ", NOW(), NOW(),'" . $pid . "', '" . $timezone . "')", true);
    $newuid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
    // Continue to create smf members if they disable smf mode
    $test = do_sqlquery("SHOW TABLES LIKE '{$db_prefix}members'", true);
    if (substr($FORUMLINK, 0, 3) == "smf" || mysqli_num_rows($test)) {
        $smfpass = smf_passgen($utente, $pwd);
        $fetch = get_result("SELECT `smf_group_mirror` FROM `{$TABLE_PREFIX}users_level` WHERE `id`=" . $idlevel, true, $btit_settings["cache_duration"]);
        $flevel = $fetch[0]["smf_group_mirror"] > 0 ? $fetch[0]["smf_group_mirror"] : $idlevel + 10;
        if ($FORUMLINK == "smf") {
            do_sqlquery("INSERT INTO `{$db_prefix}members` (`memberName`, `dateRegistered`, `ID_GROUP`, `realName`, `passwd`, `emailAddress`, `memberIP`, `memberIP2`, `is_activated`, `passwordSalt`) VALUES ('{$utente}', UNIX_TIMESTAMP(), {$flevel}, '{$utente}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')", true);
        } else {
            do_sqlquery("INSERT INTO `{$db_prefix}members` (`member_name`, `date_registered`, `id_group`, `real_name`, `passwd`, `email_address`, `member_ip`, `member_ip2`, `is_activated`, `password_salt`) VALUES ('{$utente}', UNIX_TIMESTAMP(), {$flevel}, '{$utente}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')", true);
        }
        $fid = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
        do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = {$fid} WHERE `variable` = 'latestMember'", true);
        do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = '{$utente}' WHERE `variable` = 'latestRealName'", true);
        do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = UNIX_TIMESTAMP() WHERE `variable` = 'memberlist_updated'", true);
        do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = `value` + 1 WHERE `variable` = 'totalMembers'", true);
        do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `smf_fid`={$fid} WHERE `id`={$newuid}", true);
    }
    // Continue to create ipb members if they disable ipb mode
    $test = do_sqlquery("SHOW TABLES LIKE '{$ipb_prefix}members'");
    if ($FORUMLINK == "ipb" || mysqli_num_rows($test)) {
        ipb_create($utente, $email, $pwd, $idlevel, $newuid);
    }
    // xbt
    if ($XBTT_USE) {
        $resin = do_sqlquery("INSERT INTO xbt_users (uid, torrent_pass) VALUES ({$newuid},'{$pid}')", true);
    }
    if ($VALIDATION == "user") {
        ini_set("sendmail_from", "");
        if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 0) {
            send_mail($email, $language["ACCOUNT_CONFIRM"], $language["ACCOUNT_MSG"] . "\n\n" . $BASEURL . "/index.php?page=account&act=confirm&confirm={$random}&language={$idlangue}");
            write_log("Signup new user {$utente} ({$email})", "add");
        } else {
            die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
        }
    }
    return is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false);
}

Exemplos de smf_passgen em PHP