Exemplo n.º 1
0
if (isset($_GET['reset_pass'])) {
    if (!isset($_GET['username'])) {
        httperror(404);
    }
    $result = $db->query('SELECT id FROM `#^users` WHERE username=\'' . $db->escape($_GET['username']) . '\' AND recover_key=\'' . $db->escape($_GET['key']) . '\'') or error('Failed to find user', __FILE__, __LINE__, $db->error());
    if (!$db->num_rows($result)) {
        httperror(404);
    }
    list($id) = $db->fetch_row($result);
    if (isset($_POST['reset_form_sent'])) {
        if ($_POST['pass1'] != $_POST['pass2']) {
            echo '<p>' . translate('passnomatch') . '</p>';
            return;
        }
        $db->query('UPDATE `#^users` SET password=\'' . $db->escape(futurebb_hash($_POST['pass1'])) . '\',recover_key=NULL WHERE id=' . $id) or error('Failed to update password', __FILE__, __LINE__, $db->error());
        LoginController::LogInUser($id, futurebb_hash($_POST['pass1']), $_SERVER['HTTP_USER_AGENT'], true);
        echo '<p>' . translate('pwdresetsuccess') . '<br /><a href="' . $base_config['baseurl'] . '">' . translate('login') . '</a></p>';
        return;
    } else {
        ?>
		<form action="<?php 
        echo $base_config['baseurl'];
        ?>
/login?reset_pass&amp;username=<?php 
        echo htmlspecialchars($_GET['username']);
        ?>
&amp;key=<?php 
        echo htmlspecialchars($_GET['key']);
        ?>
" method="post" enctype="multipart/form-data">
			<h2><?php
Exemplo n.º 2
0
<?php

LoginController::LogInUser(0, '', '');
header('Location: ' . $base_config['baseurl']);
return;
Exemplo n.º 3
0
            echo '</form>';
            PMBox();
            break;
        case 'security':
            if (isset($_POST['form_sent'])) {
                $common = explode("\n", base64_decode(file_get_contents(FORUM_ROOT . '/app_config/commonpasswords.txt')));
                if ($_POST['pwd1'] != $_POST['pwd2']) {
                    echo '<p><b>' . translate('passnomatch') . '</b></p>';
                } elseif (strlen($_POST['pwd1']) < 8) {
                    echo '<p><b>' . translate('shortpass') . '</b></p>';
                } elseif (in_array($_POST['pwd1'], $common)) {
                    echo '<p><b>' . translate('commonpass') . '</b></p>';
                } else {
                    $db->query('UPDATE `#^users` SET password=\'' . futurebb_hash($_POST['pwd1']) . '\' WHERE username=\'' . $db->escape($user) . '\'') or error('Failed to update password', __FILE__, __LINE__, $db->error());
                    if ($cur_user['id'] == $futurebb_user['id']) {
                        LoginController::LogInUser($futurebb_user['id'], futurebb_hash($_POST['pwd1']), $_SERVER['HTTP_USER_AGENT']);
                    }
                    redirect($base_config['baseurl'] . '/users/' . rawurlencode($dirs[2]));
                }
            }
            echo '<form action="' . $base_config['baseurl'] . '/users/' . htmlspecialchars($dirs[2]) . '/security" method="post" enctype="multipart/form-data">';
            ?>
				<h2><?php 
            echo translate('changepass');
            ?>
</h2>
				<table border="0">
					<tr>
						<td><?php 
            echo translate('newpass');
            ?>