$newpassword = pbkdf2($newpass, $newsalt); // Encrypt new password $uid = $_SESSION['uid']; mysqli_query($con, "UPDATE users SET password='******' WHERE id='{$uid}'"); // Update new password echo "<div class='alert alert-success' role='alert'><a href='#' class='close' data-dismiss='alert'>×</a>" . $m['password_set'] . "</div>"; } } // Add IP block if (!empty($_POST['add_block']) && is_logged_in() && is_admin()) { // Check if everything required is filled in if (empty($_POST['ip'])) { echo "<div class='alert alert-danger' role='alert'><a href='#' class='close' data-dismiss='alert'>×</a>" . $m['fill_in_ip'] . "</div>"; } elseif (empty($_POST['reason'])) { echo "<div class='alert alert-danger' role='alert'><a href='#' class='close' data-dismiss='alert'>×</a>" . $m['fill_in_reason'] . "</div>"; } elseif (checkIp($_POST['ip']) == false) { echo "<div class='alert alert-danger' role='alert'><a href='#' class='close' data-dismiss='alert'>×</a>" . $m['fill_in_valid_ip'] . "</div>"; } else { $ip = htmlentities(mysqli_real_escape_string($con, $_POST['ip']), ENT_QUOTES); $reason = htmlentities(mysqli_real_escape_string($con, $_POST['reason']), ENT_QUOTES); $time = time(); $logs = "0"; $blocked_amount = htmlentities(mysqli_real_escape_string($con, $_POST['blocked_amount']), ENT_QUOTES); $blocked_format = htmlentities(mysqli_real_escape_string($con, $_POST['blocked_format']), ENT_QUOTES); // If blocked amount is not filled in or is 0, the block will be forever if (empty($blocked_amount) || $blocked_amount == "0") { $blocked_format = "forever"; } // If the blocked format is forever, the blocked amount is 0 if ($blocked_format == "forever") { $blocked_amount = "0";
session_start(); session_write_close(); require_once __DIR__ . '/../bootstrap.php'; error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE); if ($_SERVER['REQUEST_METHOD'] == 'POST') { try { if (!isNull($_POST['data'])) { $string = preg_replace("/[\r\n]+/", " ", base64_decode($_POST['data'])); $json = utf8_encode($string); $data = json_decode($json); if (!isNull($data->{'user'}) && !isNull($data->{'password'}) && !isNull($data->{'email'}) && !isNull($data->{'ime'}) && !isNull($data->{'deviceid'}) && !isNull($data->{'key'}) && !isNull($data->{'type'})) { if (strcmp(API_USER, $data->{'user'}) != 0 || strcmp(API_PASSWORD, $data->{'password'}) != 0) { echo "false"; exit; } if (!checkIp()) { echo 'block'; exit; } // $index= getIdFromKey($_GET['key']); // if($index==0) // { // echo 'false'; // exit; // } $keys = getkeyByKey($data->{'key'}); if (!$keys) { echo 'false'; exit; } $email = $data->{'email'};