Exemplo n.º 1
0
}
if ($Invites != $Cur['Invites'] && check_perms('users_edit_invites')) {
    $UpdateSet[] = "invites = '{$Invites}'";
    $EditSummary[] = "number of invites changed to {$Invites}";
    $HeavyUpdates['Invites'] = $Invites;
}
if ($Warned == 1 && $Cur['Warned'] == '0000-00-00 00:00:00' && check_perms('users_warn')) {
    $Weeks = 'week' . ($WarnLength === 1 ? '' : 's');
    Misc::send_pm($UserID, 0, 'You have received a warning', "You have been [url=" . site_url() . "wiki.php?action=article&id=218]warned for {$WarnLength} {$Weeks}[/url] by [user]" . $LoggedUser['Username'] . "[/user]. The reason given was:\n[quote]{$WarnReason}[/quote]");
    $UpdateSet[] = "Warned = '" . sqltime() . "' + INTERVAL {$WarnLength} WEEK";
    $Msg = "warned for {$WarnLength} {$Weeks}";
    if ($WarnReason) {
        $Msg .= " for \"{$WarnReason}\"";
    }
    $EditSummary[] = db_string($Msg);
    $LightUpdates['Warned'] = time_plus(3600 * 24 * 7 * $WarnLength);
} elseif ($Warned == 0 && $Cur['Warned'] != '0000-00-00 00:00:00' && check_perms('users_warn')) {
    $UpdateSet[] = "Warned = '0000-00-00 00:00:00'";
    $EditSummary[] = 'warning removed';
    $LightUpdates['Warned'] = '0000-00-00 00:00:00';
} elseif ($Warned == 1 && $ExtendWarning != '---' && check_perms('users_warn')) {
    $Weeks = 'week' . ($ExtendWarning === 1 ? '' : 's');
    Misc::send_pm($UserID, 0, 'Your warning has been extended', "Your warning has been extended by {$ExtendWarning} {$Weeks} by [user]" . $LoggedUser['Username'] . "[/user]. The reason given was:\n[quote]{$WarnReason}[/quote]");
    $UpdateSet[] = "Warned = Warned + INTERVAL {$ExtendWarning} WEEK";
    $DB->query("\n\t\tSELECT Warned + INTERVAL {$ExtendWarning} WEEK\n\t\tFROM users_info\n\t\tWHERE UserID = '{$UserID}'");
    list($WarnedUntil) = $DB->next_record();
    $Msg = "warning extended by {$ExtendWarning} {$Weeks} to {$WarnedUntil}";
    if ($WarnReason) {
        $Msg .= " for \"{$WarnReason}\"";
    }
    $EditSummary[] = db_string($Msg);
Exemplo n.º 2
0
 function log_attempt($UserID)
 {
     global $DB, $Cache, $AttemptID, $Attempts, $Bans, $BannedUntil;
     $IPStr = $_SERVER['REMOTE_ADDR'];
     $IPA = substr($IPStr, 0, strcspn($IPStr, '.'));
     $IP = Tools::ip_to_unsigned($IPStr);
     if ($AttemptID) {
         // User has attempted to log in recently
         $Attempts++;
         if ($Attempts > 5) {
             // Only 6 allowed login attempts, ban user's IP
             $BannedUntil = time_plus(60 * 60 * 6);
             $DB->query("\n\t\t\t\t\tUPDATE login_attempts\n\t\t\t\t\tSET\n\t\t\t\t\t\tLastAttempt = '" . sqltime() . "',\n\t\t\t\t\t\tAttempts = '" . db_string($Attempts) . "',\n\t\t\t\t\t\tBannedUntil = '" . db_string($BannedUntil) . "',\n\t\t\t\t\t\tBans = Bans + 1\n\t\t\t\t\tWHERE ID = '" . db_string($AttemptID) . "'");
             if ($Bans > 9) {
                 // Automated bruteforce prevention
                 $DB->query("\n\t\t\t\t\t\tSELECT Reason\n\t\t\t\t\t\tFROM ip_bans\n\t\t\t\t\t\tWHERE {$IP} BETWEEN FromIP AND ToIP");
                 if ($DB->has_results()) {
                     //Ban exists already, only add new entry if not for same reason
                     list($Reason) = $DB->next_record(MYSQLI_BOTH, false);
                     if ($Reason != 'Automated ban per >60 failed login attempts') {
                         $DB->query("\n\t\t\t\t\t\t\t\tUPDATE ip_bans\n\t\t\t\t\t\t\t\tSET Reason = CONCAT('Automated ban per >60 failed login attempts AND ', Reason)\n\t\t\t\t\t\t\t\tWHERE FromIP = {$IP}\n\t\t\t\t\t\t\t\t\tAND ToIP = {$IP}");
                     }
                 } else {
                     //No ban
                     $DB->query("\n\t\t\t\t\t\t\tINSERT IGNORE INTO ip_bans\n\t\t\t\t\t\t\t\t(FromIP, ToIP, Reason)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t('{$IP}','{$IP}', 'Automated ban per >60 failed login attempts')");
                     $Cache->delete_value("ip_bans_{$IPA}");
                 }
             }
         } else {
             // User has attempted fewer than 6 logins
             $DB->query("\n\t\t\t\t\tUPDATE login_attempts\n\t\t\t\t\tSET\n\t\t\t\t\t\tLastAttempt = '" . sqltime() . "',\n\t\t\t\t\t\tAttempts = '" . db_string($Attempts) . "',\n\t\t\t\t\t\tBannedUntil = '0000-00-00 00:00:00'\n\t\t\t\t\tWHERE ID = '" . db_string($AttemptID) . "'");
         }
     } else {
         // User has not attempted to log in recently
         $Attempts = 1;
         $DB->query("\n\t\t\t\tINSERT INTO login_attempts\n\t\t\t\t\t(UserID, IP, LastAttempt, Attempts)\n\t\t\t\tVALUES\n\t\t\t\t\t('" . db_string($UserID) . "', '" . db_string($IPStr) . "', '" . sqltime() . "', 1)");
     }
 }
Exemplo n.º 3
0
    /**
     * Warn a user.
     *
     * @param int $UserID
     * @param int $Duration length of warning in seconds
     * @param string $reason
     */
    public static function warn_user($UserID, $Duration, $Reason)
    {
        global $Time;
        $QueryID = G::$DB->get_query_id();
        G::$DB->query("\n\t\t\tSELECT Warned\n\t\t\tFROM users_info\n\t\t\tWHERE UserID = {$UserID}\n\t\t\t\tAND Warned != '0000-00-00 00:00:00'");
        if (G::$DB->has_results()) {
            //User was already warned, appending new warning to old.
            list($OldDate) = G::$DB->next_record();
            $NewExpDate = date('Y-m-d H:i:s', strtotime($OldDate) + $Duration);
            Misc::send_pm($UserID, 0, 'You have received multiple warnings.', "When you received your latest warning (set to expire on " . date('Y-m-d', time() + $Duration) . '), you already had a different warning (set to expire on ' . date('Y-m-d', strtotime($OldDate)) . ").\n\n Due to this collision, your warning status will now expire at {$NewExpDate}.");
            $AdminComment = date('Y-m-d') . " - Warning (Clash) extended to expire at {$NewExpDate} by " . G::$LoggedUser['Username'] . "\nReason: {$Reason}\n\n";
            G::$DB->query('
				UPDATE users_info
				SET
					Warned = \'' . db_string($NewExpDate) . '\',
					WarnedTimes = WarnedTimes + 1,
					AdminComment = CONCAT(\'' . db_string($AdminComment) . '\', AdminComment)
				WHERE UserID = \'' . db_string($UserID) . '\'');
        } else {
            //Not changing, user was not already warned
            $WarnTime = time_plus($Duration);
            G::$Cache->begin_transaction("user_info_{$UserID}");
            G::$Cache->update_row(false, array('Warned' => $WarnTime));
            G::$Cache->commit_transaction(0);
            $AdminComment = date('Y-m-d') . " - Warned until {$WarnTime} by " . G::$LoggedUser['Username'] . "\nReason: {$Reason}\n\n";
            G::$DB->query('
				UPDATE users_info
				SET
					Warned = \'' . db_string($WarnTime) . '\',
					WarnedTimes = WarnedTimes + 1,
					AdminComment = CONCAT(\'' . db_string($AdminComment) . '\', AdminComment)
				WHERE UserID = \'' . db_string($UserID) . '\'');
        }
        G::$DB->set_query_id($QueryID);
    }
Exemplo n.º 4
0
 }
 $DB->set_query_id($UserQuery);
 $Passkeys = $DB->collect('torrent_pass');
 foreach ($Passkeys as $Passkey) {
     Tracker::update_tracker('update_user', array('passkey' => $Passkey, 'can_leech' => '1'));
 }
 // Put user on ratio watch if he doesn't meet the standards
 sleep(10);
 $DB->query("\n\t\tSELECT m.ID, m.Downloaded\n\t\tFROM users_info AS i\n\t\t\tJOIN users_main AS m ON m.ID = i.UserID\n\t\tWHERE m.Uploaded / m.Downloaded < m.RequiredRatio\n\t\t\tAND i.RatioWatchEnds = '0000-00-00 00:00:00'\n\t\t\tAND m.Enabled = '1'\n\t\t\tAND m.can_leech = '1'");
 $OnRatioWatch = $DB->collect('ID');
 if (count($OnRatioWatch) > 0) {
     $DB->query("\n\t\t\tUPDATE users_info AS i\n\t\t\t\tJOIN users_main AS m ON m.ID = i.UserID\n\t\t\tSET i.RatioWatchEnds = '" . time_plus(60 * 60 * 24 * 14) . "',\n\t\t\t\ti.RatioWatchTimes = i.RatioWatchTimes + 1,\n\t\t\t\ti.RatioWatchDownload = m.Downloaded\n\t\t\tWHERE m.ID IN(" . implode(',', $OnRatioWatch) . ')');
 }
 foreach ($OnRatioWatch as $UserID) {
     $Cache->begin_transaction("user_info_heavy_{$UserID}");
     $Cache->update_row(false, array('RatioWatchEnds' => time_plus(60 * 60 * 24 * 14), 'RatioWatchDownload' => 0));
     $Cache->commit_transaction(0);
     Misc::send_pm($UserID, 0, 'You have been put on Ratio Watch', "This happens when your ratio falls below the requirements we have outlined in the rules located [url=" . site_url() . "rules.php?p=ratio]here[/url].\n For information about ratio watch, click the link above.");
     echo "Ratio watch on: {$UserID}\n";
 }
 sleep(5);
 //------------- Rescore 0.95 logs of disabled users
 $LogQuery = $DB->query("\n\t\t\tSELECT DISTINCT t.ID\n\t\t\tFROM torrents AS t\n\t\t\t\tJOIN users_main AS um ON t.UserID = um.ID\n\t\t\t\tJOIN torrents_logs_new AS tl ON tl.TorrentID = t.ID\n\t\t\tWHERE um.Enabled = '2'\n\t\t\t\tAND t.HasLog = '1'\n\t\t\t\tAND LogScore = 100\n\t\t\t\tAND Log LIKE 'EAC extraction logfile from%'");
 $Details = array();
 $Details[] = "Ripped with EAC v0.95, -1 point [1]";
 $Details = serialize($Details);
 while (list($TorrentID) = $DB->next_record()) {
     $DB->query("\n\t\t\tUPDATE torrents\n\t\t\tSET LogScore = 99\n\t\t\tWHERE ID = {$TorrentID}");
     $DB->query("\n\t\t\tUPDATE torrents_logs_new\n\t\t\tSET Score = 99, Details = '{$Details}'\n\t\t\tWHERE TorrentID = {$TorrentID}");
 }
 sleep(5);
Exemplo n.º 5
0
function warn_user($UserID, $Duration, $Reason) {
	global $LoggedUser, $DB, $Cache, $Time;

	$DB->query("SELECT Warned FROM users_info WHERE UserID=".$UserID." AND Warned <> '0000-00-00 00:00:00'");
	if($DB->record_count() > 0) {
		//User was already warned, appending new warning to old.
		list($OldDate) = $DB->next_record();
		$NewExpDate = date('Y-m-d H:i:s', strtotime($OldDate) + $Duration);

		send_pm($UserID, 0, db_string("You have received multiple warnings."), db_string("When you received your latest warning (Set to expire on ".date("Y-m-d", (time() + $Duration))."), you already had a different warning (Set to expire on ".date("Y-m-d", strtotime($OldDate)).").\n\n Due to this collision, your warning status will now expire at ".$NewExpDate."."));

		$AdminComment = date("Y-m-d").' - Warning (Clash) extended to expire at '.$NewExpDate.' by '.$LoggedUser['Username']."\nReason: $Reason\n";

		$DB->query('UPDATE users_info SET
			Warned=\''.db_string($NewExpDate).'\',
			WarnedTimes=WarnedTimes+1,
			AdminComment=CONCAT(\''.db_string($AdminComment).'\',AdminComment)
			WHERE UserID=\''.db_string($UserID).'\'');
	} else {
		//Not changing, user was not already warned
		$WarnTime = time_plus($Duration);

		$Cache->begin_transaction('user_info_'.$UserID);
		$Cache->update_row(false, array('Warned' => $WarnTime));
		$Cache->commit_transaction(0);

		$AdminComment = "\n".date("Y-m-d").' - Warned until '.$WarnTime.' by '.$LoggedUser['Username']."\nReason: $Reason\n";

		$DB->query('UPDATE users_info SET
			Warned=\''.db_string($WarnTime).'\',
			WarnedTimes=WarnedTimes+1,
			AdminComment=CONCAT(\''.db_string($AdminComment).'\',AdminComment)
			WHERE UserID=\''.db_string($UserID).'\'');
	}
}
Exemplo n.º 6
0
$WarningLength = $_POST['length'];
$PostID = (int) $_POST['postid'];
$UserID = (int) $_POST['userid'];
$Key = (int) $_POST['key'];
$SQLTime = sqltime();
$UserInfo = Users::user_info($UserID);
if ($UserInfo['Class'] > $LoggedUser['Class']) {
    error(403);
}
$URL = site_url() . "forums.php?action=viewthread&amp;postid={$PostID}#post{$PostID}";
if ($WarningLength !== 'verbal') {
    $Time = (int) $WarningLength * (7 * 24 * 60 * 60);
    Tools::warn_user($UserID, $Time, "{$URL} - {$Reason}");
    $Subject = 'You have received a warning';
    $PrivateMessage = "You have received a {$WarningLength} week warning for [url={$URL}]this post[/url].\n\n" . $PrivateMessage;
    $WarnTime = time_plus($Time);
    $AdminComment = date('Y-m-d') . " - Warned until {$WarnTime} by " . $LoggedUser['Username'] . " for {$URL}\nReason: {$Reason}\n\n";
} else {
    $Subject = 'You have received a verbal warning';
    $PrivateMessage = "You have received a verbal warning for [url={$URL}]this post[/url].\n\n" . $PrivateMessage;
    $AdminComment = date('Y-m-d') . ' - Verbally warned by ' . $LoggedUser['Username'] . " for {$URL}\nReason: {$Reason}\n\n";
    Tools::update_user_notes($UserID, $AdminComment);
}
$DB->query("\n\tINSERT INTO users_warnings_forums\n\t\t(UserID, Comment)\n\tVALUES\n\t\t('{$UserID}', '" . db_string($AdminComment) . "')\n\tON DUPLICATE KEY UPDATE\n\t\tComment = CONCAT('" . db_string($AdminComment) . "', Comment)");
Misc::send_pm($UserID, $LoggedUser['ID'], $Subject, $PrivateMessage);
//edit the post
$DB->query("\n\tSELECT\n\t\tp.Body,\n\t\tp.AuthorID,\n\t\tp.TopicID,\n\t\tt.ForumID,\n\t\tCEIL(\n\t\t\t(\n\t\t\t\tSELECT COUNT(p2.ID)\n\t\t\t\tFROM forums_posts AS p2\n\t\t\t\tWHERE p2.TopicID = p.TopicID\n\t\t\t\t\tAND p2.ID <= '{$PostID}'\n\t\t\t) / " . POSTS_PER_PAGE . "\n\t\t) AS Page\n\tFROM forums_posts AS p\n\t\tJOIN forums_topics AS t ON p.TopicID = t.ID\n\t\tJOIN forums AS f ON t.ForumID = f.ID\n\tWHERE p.ID = '{$PostID}'");
list($OldBody, $AuthorID, $TopicID, $ForumID, $Page) = $DB->next_record();
// Perform the update
$DB->query("\n\tUPDATE forums_posts\n\tSET Body = '" . db_string($Body) . "',\n\t\tEditedUserID = '{$UserID}',\n\t\tEditedTime = '{$SQLTime}'\n\tWHERE ID = '{$PostID}'");
$CatalogueID = floor((POSTS_PER_PAGE * $Page - POSTS_PER_PAGE) / THREAD_CATALOGUE);
Exemplo n.º 7
0
function time_df($TS1, $TS2, $Levels = 2, $Span = true)
{
    $TimeStamp1 = strtotime($TS1);
    $TimeStamp2 = strtotime($TS2);
    $Time = $TimeStamp1 - $TimeStamp2;
    //If the time is negative, then we know that it expires in the future
    if ($Time < 0) {
        $Time = -$Time;
        $HideAgo = true;
    }
    $Years = floor($Time / 31556926);
    // seconds in a year
    $Remain = $Time - $Years * 31556926;
    $Months = floor($Remain / 2629744);
    // seconds in a month
    $Remain = $Remain - $Months * 2629744;
    $Weeks = floor($Remain / 604800);
    // seconds in a week
    $Remain = $Remain - $Weeks * 604800;
    $Days = floor($Remain / 86400);
    // seconds in a day
    $Remain = $Remain - $Days * 86400;
    $Hours = floor($Remain / 3600);
    $Remain = $Remain - $Hours * 3600;
    $Minutes = floor($Remain / 60);
    $Remain = $Remain - $Minutes * 60;
    $Seconds = $Remain;
    $Return = '';
    if ($Years > 0 && $Levels > 0) {
        if ($Years > 1) {
            $Return .= $Years . ' years';
        } else {
            $Return .= $Years . ' year';
        }
        $Levels--;
    }
    if ($Months > 0 && $Levels > 0) {
        if ($Return != '') {
            $Return .= ', ';
        }
        if ($Months > 1) {
            $Return .= $Months . ' months';
        } else {
            $Return .= $Months . ' month';
        }
        $Levels--;
    }
    if ($Weeks > 0 && $Levels > 0) {
        if ($Return != "") {
            $Return .= ', ';
        }
        if ($Weeks > 1) {
            $Return .= $Weeks . ' weeks';
        } else {
            $Return .= $Weeks . ' week';
        }
        $Levels--;
    }
    if ($Days > 0 && $Levels > 0) {
        if ($Return != '') {
            $Return .= ', ';
        }
        if ($Days > 1) {
            $Return .= $Days . ' days';
        } else {
            $Return .= $Days . ' day';
        }
        $Levels--;
    }
    if ($Hours > 0 && $Levels > 0) {
        if ($Return != '') {
            $Return .= ', ';
        }
        if ($Hours > 1) {
            $Return .= $Hours . ' hours';
        } else {
            $Return .= $Hours . ' hour';
        }
        $Levels--;
    }
    if ($Minutes > 0 && $Levels > 0) {
        if ($Return != '') {
            $Return .= ' and ';
        }
        if ($Minutes > 1) {
            $Return .= $Minutes . ' mins';
        } else {
            $Return .= $Minutes . ' min';
        }
        $Levels--;
    }
    if ($Return == '') {
        $Return = 'Just now';
    } elseif (!isset($HideAgo)) {
        $Return .= ' ago';
    }
    if ($Span) {
        return '<span class="time" title="' . date('M d Y, H:i', strtotime(time_plus($Time))) . '">' . $Return . '</span>';
    } else {
        return $Return;
    }
}
Exemplo n.º 8
0
 function log_attempt($UserID)
 {
     global $DB, $AttemptID, $Attempts, $Bans, $BannedUntil, $Time;
     if ($AttemptID) {
         // User has attempted to log in recently
         $Attempts++;
         if ($Attempts > 5) {
             // Only 6 allowed login attempts, ban user's IP
             $BannedUntil = time_plus(60 * 60 * 6);
             $DB->query("UPDATE login_attempts SET\n\t\t\t\t\tLastAttempt='" . sqltime() . "',\n\t\t\t\t\tAttempts='" . db_string($Attempts) . "',\n\t\t\t\t\tBannedUntil='" . db_string($BannedUntil) . "',\n\t\t\t\t\tBans=Bans+1 \n\t\t\t\t\tWHERE ID='" . db_string($AttemptID) . "'");
             if ($Bans > 9) {
                 // Automated bruteforce prevention
                 $IP = ip2unsigned($_SERVER['REMOTE_ADDR']);
                 $DB->query("SELECT Reason FROM ip_bans WHERE " . $IP . " BETWEEN FromIP AND ToIP");
                 if ($DB->record_count() > 0) {
                     //Ban exists already, only add new entry if not for same reason
                     list($Reason) = $DB->next_record(MYSQLI_BOTH, false);
                     if ($Reason != "Automated ban per >60 failed login attempts") {
                         $DB->query("UPDATE ip_bans\n\t\t\t\t\t\t\t\tSET Reason = CONCAT('Automated ban per >60 failed login attempts AND ', Reason)\n\t\t\t\t\t\t\t\tWHERE FromIP = " . $IP . " AND ToIP = " . $IP);
                     }
                 } else {
                     //No ban
                     $DB->query("INSERT INTO ip_bans\n\t\t\t\t\t\t\t(FromIP, ToIP, Reason) VALUES\n\t\t\t\t\t\t\t('{$IP}','{$IP}', 'Automated ban per >60 failed login attempts')");
                     $Cache->delete_value('ip_bans');
                 }
             }
         } else {
             // User has attempted fewer than 6 logins
             $DB->query("UPDATE login_attempts SET\n\t\t\t\t\tLastAttempt='" . sqltime() . "',\n\t\t\t\t\tAttempts='" . db_string($Attempts) . "',\n\t\t\t\t\tBannedUntil='0000-00-00 00:00:00' \n\t\t\t\t\tWHERE ID='" . db_string($AttemptID) . "'");
         }
     } else {
         // User has not attempted to log in recently
         $Attempts = 1;
         $DB->query("INSERT INTO login_attempts \n\t\t\t\t(UserID,IP,LastAttempt,Attempts) VALUES \n\t\t\t\t('" . db_string($UserID) . "','" . db_string($_SERVER['REMOTE_ADDR']) . "','" . sqltime() . "',1)");
     }
 }
Exemplo n.º 9
0
	function log_attempt($UserID) {
		global $DB, $AttemptID, $Attempts, $Bans, $BannedUntil, $Time;
		if($AttemptID) { // User has attempted to log in recently
			$Attempts++;
			if ($Attempts>5) { // Only 6 allowed login attempts, ban user's IP
				$BannedUntil=time_plus(60*60*6);
				$DB->query("UPDATE login_attempts SET
					LastAttempt='".sqltime()."',
					Attempts='".db_string($Attempts)."',
					BannedUntil='".db_string($BannedUntil)."',
					Bans=Bans+1 
					WHERE ID='".db_string($AttemptID)."'");
				if (!empty($UserID)) {
					$DB->query("UPDATE users_info SET AdminComment = CONCAT('".sqltime()." - 6 Failed login attempts from ".$_SERVER['REMOTE_ADDR']."\n\n', AdminComment) WHERE UserID = ".$UserID);
				}
					if ($Bans>9) { // Automated bruteforce prevention
						$IP = ip2long($_SERVER['REMOTE_ADDR']);
						$DB->query("SELECT Reason FROM ip_bans WHERE ".$IP." BETWEEN FromIP AND ToIP");
						if($DB->record_count() > 0) {
							//Ban exists already, only add new entry if not for same reason
							list($Reason) = $DB->next_record();
							if($Reason != "Automated ban per >60 failed login attempts") {
								$DB->query("INSERT INTO ip_bans
									(FromIP, ToIP, Reason) VALUES
									('$IP','$IP', 'Automated ban per >60 failed login attempts')");
							}
						} else {
							//No ban
							$DB->query("INSERT INTO ip_bans
								(FromIP, ToIP, Reason) VALUES
								('$IP','$IP', 'Automated ban per >60 failed login attempts')");
						}
					}
			} else {
				// User has attempted fewer than 6 logins
				$DB->query("UPDATE login_attempts SET
					LastAttempt='".sqltime()."',
					Attempts='".db_string($Attempts)."',
					BannedUntil='0000-00-00 00:00:00' 
					WHERE ID='".db_string($AttemptID)."'");
			}
		} else { // User has not attempted to log in recently
			$Attempts=1;
			$DB->query("INSERT INTO login_attempts 
				(UserID,IP,LastAttempt,Attempts) VALUES 
				('".db_string($UserID)."','".db_string($_SERVER['REMOTE_ADDR'])."','".sqltime()."',1)");
		}
	} // end log_attempt function
Exemplo n.º 10
0
 /**
  * Initiate a password reset
  *
  * @param int $UserID The user ID
  * @param string $Username The username
  * @param string $Email The email address
  */
 public static function resetPassword($UserID, $Username, $Email)
 {
     $ResetKey = Users::make_secret();
     G::$DB->query("\n\t\t\tUPDATE users_info\n\t\t\tSET\n\t\t\t\tResetKey = '" . db_string($ResetKey) . "',\n\t\t\t\tResetExpires = '" . time_plus(60 * 60) . "'\n\t\t\tWHERE UserID = '{$UserID}'");
     require SERVER_ROOT . '/classes/templates.class.php';
     $TPL = new TEMPLATE();
     $TPL->open(SERVER_ROOT . '/templates/password_reset.tpl');
     // Password reset template
     $TPL->set('Username', $Username);
     $TPL->set('ResetKey', $ResetKey);
     $TPL->set('IP', $_SERVER['REMOTE_ADDR']);
     $TPL->set('SITE_NAME', SITE_NAME);
     $TPL->set('SITE_URL', NONSSL_SITE_URL);
     Misc::send_email($Email, 'Password reset information for ' . SITE_NAME, $TPL->get(), 'noreply');
 }
Exemplo n.º 11
0
    list($UserCount) = $DB->next_record();
    $Cache->cache_value('stats_user_count', $UserCount, 0);
}
$UserID = $LoggedUser['ID'];
//This is where we handle things passed to us
authorize();
$DB->query("SELECT can_leech FROM users_main WHERE ID = " . $UserID);
list($CanLeech) = $DB->next_record();
if ($LoggedUser['RatioWatch'] || !$CanLeech || $LoggedUser['DisableInvites'] == '1' || $LoggedUser['Invites'] == 0 && !check_perms('site_send_unlimited_invites') || $UserCount >= USER_LIMIT && USER_LIMIT != 0 && !check_perms('site_can_invite_always')) {
    error(403);
}
$Email = $_POST['email'];
$Username = $LoggedUser['Username'];
$SiteName = SITE_NAME;
$SiteURL = NONSSL_SITE_URL;
$InviteExpires = time_plus(60 * 60 * 24 * 3);
// 3 days
//MultiInvite
if (strpos($Email, '|') && check_perms('site_send_unlimited_invites')) {
    $Emails = explode('|', $Email);
} else {
    $Emails = array($Email);
}
foreach ($Emails as $CurEmail) {
    if (!preg_match("/^" . EMAIL_REGEX . "\$/i", $CurEmail)) {
        if (count($Emails) > 1) {
            continue;
        } else {
            error('Invalid email.');
            header('Location: user.php?action=invite');
            die;