if ($ar_pw_conf != $ar_pw) { $errors[] = 'error_pw_conf_wrong'; } } // save user if no errors: if (empty($errors)) { // generate password if not specified: if ($ar_pw == '') { if ($settings['min_pw_length'] < 8) { $pwl = 8; } else { $pwl = $settings['min_pw_length']; } $ar_pw = random_string($pwl); } $pw_hash = generate_pw_hash($ar_pw); mysql_query("INSERT INTO " . $db_settings['userdata_table'] . " (user_type, user_name, user_real_name, user_pw, user_email, user_hp, user_location, email_contact, last_login, last_logout, user_ip, registered, user_view, fold_threads, signature, profile, auto_login_code, pwf_code, activate_code) VALUES (0,'" . mysql_real_escape_string($ar_username) . "', '', '" . mysql_real_escape_string($pw_hash) . "','" . mysql_real_escape_string($ar_email) . "', '', '', " . $settings['default_email_contact'] . ", NOW(), NOW(),'" . $_SERVER["REMOTE_ADDR"] . "',NOW()," . intval($settings['default_view']) . "," . intval($settings['fold_threads']) . ",'','','','','')", $connid) or die(mysql_error()); //raise_error('database_error',mysql_error()); // send userdata: $send_error = ''; if (isset($ar_send_userdata)) { $smarty->config_load($settings['language_file'], 'emails'); $lang = $smarty->get_config_vars(); $ip = $_SERVER['REMOTE_ADDR']; $lang['admin_reg_user_email_text'] = str_replace("[name]", $ar_username, $lang['admin_reg_user_email_text']); $lang['admin_reg_user_email_text'] = str_replace("[password]", $ar_pw, $lang['admin_reg_user_email_text']); $lang['admin_reg_user_email_text'] = str_replace("[login_link]", $settings['forum_address'] . "index.php?mode=login&username="******"&userpw=" . $ar_pw, $lang['admin_reg_user_email_text']); $lang['admin_reg_user_email_text'] = stripslashes($lang['admin_reg_user_email_text']); $header = "From: " . $settings['forum_name'] . " <" . $settings['forum_email'] . ">\n"; $header .= "X-Mailer: Php/" . phpversion() . "\n"; $header .= "X-Sender-ip: " . $_SERVER["REMOTE_ADDR"] . "\n";
if ($settings['captcha_register'] == 2) { if (empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_captcha($_SESSION['captcha_session'], $_POST['captcha_code']) != true) { $errors[] = 'captcha_check_failed'; } } else { if (empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_math_captcha($_SESSION['captcha_session'][2], $_POST['captcha_code']) != true) { $errors[] = 'captcha_check_failed'; } } unset($_SESSION['captcha_session']); } // save user if no errors: if (empty($errors)) { $pw_hash = generate_pw_hash($reg_pw); $activate_code = random_string(32); $activate_code_hash = generate_pw_hash($activate_code); if ($settings['register_mode'] == 1) { $user_lock = 1; } else { $user_lock = 0; } @mysql_query("INSERT INTO " . $db_settings['userdata_table'] . " (user_type, user_name, user_real_name, user_pw, user_email, user_hp, user_location, signature, profile, email_contact, last_login, last_logout, user_ip, registered, user_view, fold_threads, user_lock, auto_login_code, pwf_code, activate_code) VALUES (0,'" . mysql_real_escape_string($new_user_name) . "','','" . mysql_real_escape_string($pw_hash) . "','" . mysql_real_escape_string($new_user_email) . "','','','',''," . $settings['default_email_contact'] . ",NOW(),NOW(),'" . mysql_real_escape_string($_SERVER["REMOTE_ADDR"]) . "',NOW()," . intval($settings['default_view']) . ", " . intval($settings['fold_threads']) . ", " . $user_lock . ", '', '', '" . mysql_real_escape_string($activate_code_hash) . "')", $connid) or raise_error('database_error', mysql_error()); // get new user ID: $new_user_id_result = mysql_query("SELECT user_id FROM " . $db_settings['userdata_table'] . " WHERE user_name = '" . mysql_real_escape_string($new_user_name) . "' LIMIT 1", $connid); if (!$new_user_id_result) { raise_error('database_error', mysql_error()); } $field = mysql_fetch_array($new_user_id_result); $new_user_id = $field['user_id']; mysql_free_result($new_user_id_result); // send e-mail with activation key to new user:
if (isset($_GET['activate']) && trim($_GET['activate']) != "" && isset($_GET['code']) && trim($_GET['code']) != "") { $pwf_result = mysql_query("SELECT user_id, user_name, user_email, pwf_code FROM " . $db_settings['userdata_table'] . " WHERE user_id = '" . intval($_GET["activate"]) . "'", $connid); if (!$pwf_result) { raise_error('database_error', mysql_error()); } $field = mysql_fetch_array($pwf_result); mysql_free_result($pwf_result); if ($field['user_id'] == $_GET['activate'] && is_pw_correct($_GET['code'], $field['pwf_code'])) { // generate new password: if ($settings['min_pw_length'] < 8) { $pwl = 8; } else { $pwl = $settings['min_pw_length']; } $new_pw = random_string($pwl); $pw_hash = generate_pw_hash($new_pw); $update_result = mysql_query("UPDATE " . $db_settings['userdata_table'] . " SET last_login=last_login, registered=registered, user_pw='" . mysql_real_escape_string($pw_hash) . "', pwf_code='' WHERE user_id='" . $field["user_id"] . "' LIMIT 1", $connid); // send new password: $smarty->config_load($settings['language_file'], 'emails'); $lang = $smarty->get_config_vars(); $lang['new_pw_email_txt'] = str_replace("[name]", $field['user_name'], $lang['new_pw_email_txt']); $lang['new_pw_email_txt'] = str_replace("[password]", $new_pw, $lang['new_pw_email_txt']); $lang['new_pw_email_txt'] = str_replace("[login_link]", $settings['forum_address'] . basename($_SERVER['PHP_SELF']) . "?mode=login&username="******"&userpw=" . $new_pw, $lang['new_pw_email_txt']); $lang['new_pw_email_txt'] = stripslashes($lang['new_pw_email_txt']); $header = "From: " . my_mb_encode_mimeheader($settings['forum_name'], CHARSET, "Q") . " <" . $settings['forum_email'] . ">" . MAIL_HEADER_SEPARATOR; $header .= "Content-Type: text/plain; charset=" . CHARSET . MAIL_HEADER_SEPARATOR; $header .= "Content-transfer-encoding: 8bit" . MAIL_HEADER_SEPARATOR; $new_pw_mailto = my_mb_encode_mimeheader($field['user_name'], CHARSET, "Q") . " <" . $field['user_email'] . ">"; if ($settings['mail_parameter'] != '') { if (@mail($new_pw_mailto, my_mb_encode_mimeheader($lang['new_pw_email_sj'], CHARSET, "Q"), $lang['new_pw_email_txt'], $header, $settings['mail_parameter'])) { header("location: index.php?mode=login&login_message=pw_sent");
if ($line != '' && my_substr($line, 0, 1, $lang['charset']) != '#') { $cleared_lines[] = $line; } } @mysql_query("START TRANSACTION", $connid) or die(mysql_error()); foreach ($cleared_lines as $line) { if (!@mysql_query($line, $connid)) { $errors[] = $lang['error_sql'] . " (MySQL: " . mysql_error($connid) . ")"; #break; } } @mysql_query("COMMIT", $connid); } // insert admin in userdata table: if (empty($errors)) { $pw_hash = generate_pw_hash($_POST['admin_pw']); @mysql_query("UPDATE " . $db_settings['userdata_table'] . " SET user_name='" . mysql_real_escape_string($_POST['admin_name']) . "', user_pw = '" . mysql_real_escape_string($pw_hash) . "', user_email = '" . mysql_real_escape_string($_POST['admin_email']) . "' WHERE user_id=1", $connid) or $errors[] = $lang['error_create_admin'] . " (MySQL: " . mysql_error($connid) . ")"; } // set forum name, address and email address: if (empty($errors)) { @mysql_query("UPDATE " . $db_settings['settings_table'] . " SET value='" . mysql_real_escape_string($_POST['forum_name']) . "' WHERE name='forum_name' LIMIT 1", $connid) or $errors[] = $lang['error_update_settings'] . " (MySQL: " . mysql_error($connid) . ")"; @mysql_query("UPDATE " . $db_settings['settings_table'] . " SET value='" . mysql_real_escape_string($_POST['forum_address']) . "' WHERE name='forum_address' LIMIT 1", $connid) or $errors[] = $lang['error_update_settings'] . " (MySQL: " . mysql_error($connid) . ")"; @mysql_query("UPDATE " . $db_settings['settings_table'] . " SET value='" . mysql_real_escape_string($_POST['forum_email']) . "' WHERE name='forum_email' LIMIT 1", $connid) or $errors[] = $lang['error_update_settings'] . " (MySQL: " . mysql_error($connid) . ")"; @mysql_query("UPDATE " . $db_settings['settings_table'] . " SET value='" . mysql_real_escape_string($_POST['language_file']) . "' WHERE name='language_file' LIMIT 1", $connid) or $errors[] = $lang['error_update_settings'] . " (MySQL: " . mysql_error($connid) . ")"; } if (empty($errors)) { header('Location: ../'); exit; } } if (empty($action)) {
$errors[] = 'error_form_uncomplete'; } if (empty($errors)) { $dbr = Database::$userdata->prepare("SELECT pw FROM " . Database::$db_settings['userdata_table'] . " WHERE id=:id LIMIT 1"); $dbr->bindParam(':id', $_SESSION[$settings['session_prefix'] . 'user_id'], PDO::PARAM_INT); $dbr->execute(); $data = $dbr->fetch(); if (!is_pw_correct($_POST['old_pw'], $data['pw'])) { $errors[] = 'error_pw_wrong'; } if ($_POST['new_pw'] !== $_POST['new_pw_r']) { $errors[] = 'error_pw_doesnt_comply'; } } if (empty($errors)) { $pw_hash = generate_pw_hash($_POST['new_pw']); $dbr = Database::$userdata->prepare("UPDATE " . Database::$db_settings['userdata_table'] . " SET pw=:pw WHERE id=:id"); $dbr->bindParam(':pw', $pw_hash, PDO::PARAM_STR); $dbr->bindParam(':id', $_SESSION[$settings['session_prefix'] . 'user_id'], PDO::PARAM_INT); $dbr->execute(); } if (empty($errors)) { header('Location: ' . BASE_URL . ADMIN_DIR . 'index.php?mode=users&edit=' . $_SESSION[$settings['session_prefix'] . 'user_id'] . '&saved=true'); exit; } } if (isset($errors)) { $template->assign('errors', $errors); if (isset($_POST['id'])) { $userdata['id'] = intval($_POST['id']); }
} else { $spam_check_status = 1; } } } // end check data if (empty($errors)) { // save new posting: if (isset($_POST['save_entry']) && $posting_mode == 0) { if ($settings['entries_by_users_only'] != 0 && empty($_SESSION[$settings['session_prefix'] . 'user_name'])) { die('No autorisation!'); } // if editing own postings by unregistered users, generate edit_key: if (empty($_SESSION[$settings['session_prefix'] . 'user_id']) && $settings['user_edit'] == 2) { $edit_key = random_string(32); $edit_key_hash = generate_pw_hash($edit_key); } else { $edit_key = ''; $edit_key_hash = ''; } $locked = $spam == 0 ? 0 : 1; if (isset($_SESSION[$settings['session_prefix'] . 'user_id'])) { $savename = ''; } else { $savename = $name; } @mysql_query("INSERT INTO " . $db_settings['forum_table'] . " (pid, tid, uniqid, time, last_reply, user_id, name, subject, email, hp, location, ip, text, tags, show_signature, email_notification, category, locked, sticky, spam, spam_check_status, edit_key) VALUES (" . intval($id) . "," . intval($thread) . ",'" . mysql_real_escape_string($uniqid) . "',NOW(), NOW()," . intval($user_id) . ",'" . mysql_real_escape_string($savename) . "','" . mysql_real_escape_string($subject) . "','" . mysql_real_escape_string($email) . "','" . mysql_real_escape_string($hp) . "','" . mysql_real_escape_string($location) . "','" . mysql_real_escape_string($_SERVER["REMOTE_ADDR"]) . "','" . mysql_real_escape_string($text) . "','" . mysql_real_escape_string($s_tags) . "'," . intval($show_signature) . "," . intval($email_notification) . "," . intval($p_category) . "," . intval($locked) . "," . intval($sticky) . "," . intval($spam) . ", " . intval($spam_check_status) . ", '" . mysql_real_escape_string($edit_key_hash) . "')", $connid) or raise_error('database_error', mysql_error()); if ($id == 0) { // new thread, set thread id: @mysql_query("UPDATE " . $db_settings['forum_table'] . " SET tid=id, time=time WHERE id = LAST_INSERT_id()", $connid) or raise_error('database_error', mysql_error()); }