Пример #1
0
function getGID($group)
{
    if (!isAlphaNumeric($group)) {
        return false;
    }
    $sql = dbconnect();
    $gidQ = "select gid from userGroups where name=?";
    $gidQ = $sql->add_select_limit($gidQ, 1);
    $gidP = $sql->prepare_statement($gidQ);
    $gidR = $sql->exec_statement($gidP, array($group));
    if ($sql->num_rows($gidR) == 0) {
        return false;
    }
    $row = $sql->fetch_array($gidR);
    return $row[0];
}
Пример #2
0
// ** OPEN CONNECTION TO THE DATABASE **
$db_link = openDatabase($db_hostname, $db_username, $db_password, $db_name);
// ** CHECK FOR LOGIN **
checkForLogin("admin", "user");
// ** RETRIEVE OPTIONS THAT PERTAIN TO THIS PAGE **
$options = new Options();
$nuser = $_POST['newuserName'];
// ** PERFORM USER UPDATE TASKS **
$actionMsg = "";
switch ($_GET['action']) {
    // ADD A NEW USER (admin only)
    case "adduser":
        checkForLogin("admin");
        // Perform checks and then add if things are OK
        $newuserName = $_POST['newuserName'];
        if (!empty($newuserName) && isAlphaNumeric($newuserName)) {
            if ($_POST['newuserPass'] == $_POST['newuserConfirmPass']) {
                $newuserPass = $_POST['newuserPass'];
                $newuserFullName = $_POST['newuserFullName'];
                $newuserMobile = $_POST['newuserMobile'];
                $newuserType = $_POST['newuserType'];
                $newuserNature = $_POST['newuserNature'];
                $newuserDepartment = $_POST['newuserDepartment'];
                $newuserBatch = $_POST['newuserBatch'];
                $newuserDesignation = $_POST['newuserDesignation'];
                $newuserEmail = $_POST['newuserEmail'];
                // NOT VALIDATED
                $sql = "INSERT INTO " . TABLE_USERS . " (fullname, username, usertype, nature, password, email, mobile, is_confirmed) VALUES ('{$newuserFullName}','{$newuserName}', '{$newuserType}', '{$newuserNature}', MD5('{$newuserPass}'), '{$newuserEmail}','{$newuserMobile}', 1)";
                mysql_query($sql, $db_link);
                $opps = mysql_errno();
                if ($opps == 1062) {
Пример #3
0
         echo "\n<SCRIPT language=\"JavaScript\" src=\"function/registration.js\"></SCRIPT>\n<TABLE width=\"100%\" cellspacing=\"1\" cellpadding=\"3\" align=\"center\" class=\"emptytable3\">\n\t<TBODY>\n\t<form action=\"index.php?act=register&code=02\" method=\"post\" enctype=\"multipart/form-data\" name=\"regis_form\" onsubmit=\"return CheckRegis();\">\n\t\t<TR class=\"topic_title5\" height=\"25\">\n\t\t\t<TD colspan=\"2\"></TD>\n\t\t</TR>\n\t\t<TR id=\"attn_userid\" class=\"reg_attention\" style=\"display:none\"><TD id=\"attn_userid_\" colspan=\"2\" style=\"font-weight:bold\"></TD></TR>\n\t\t<TR id=\"attn_pass\" class=\"reg_attention\" style=\"display:none\"><TD id=\"attn_pass_\" colspan=\"2\" style=\"font-weight:bold\"></TD></TR>\n\t\t<TR id=\"attn_pass2\" class=\"reg_attention\" style=\"display:none\"><TD id=\"attn_pass2_\" colspan=\"2\" style=\"font-weight:bold\"></TD></TR>\n\t\t<TR id=\"attn_slspass\" class=\"reg_attention\" style=\"display:none\"><TD id=\"attn_slspass_\" colspan=\"2\" style=\"font-weight:bold\"></TD></TR>\n\t\t<TR id=\"attn_slspass2\" class=\"reg_attention\" style=\"display:none\"><TD id=\"attn_slspass2_\" colspan=\"2\" style=\"font-weight:bold\"></TD></TR>\n\t\t<TR id=\"attn_email\" class=\"reg_attention\" style=\"display:none\"><TD id=\"attn_email_\" colspan=\"2\" style=\"font-weight:bold\"></TD></TR>\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD width=\"50%\" align=\"right\">\n\t\t\t\t{$lang['Reg_id']} :\n\t\t\t</TD>\n\t\t\t<TD width=\"50%\">\n\t\t\t\t<input name=\"userid\" type=\"text\" size=\"20\" maxlength=\"24\" class=\"textinput\" onblur=\"check_reg('userid')\">\n\t\t\t\t<span id=\"_attn_userid\"></span>\n\t\t\t</TD>\n\t\t</TR>\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD align=\"right\">\n\t\t\t\t{$lang['Reg_pass']} :\n\t\t\t</TD>\n\t\t\t<TD>\n\t\t\t\t<input name=\"userpass\" type=\"password\" size=\"20\" maxlength=\"24\" class=\"textinput\" onblur=\"check_reg('pass')\">\n\t\t\t\t<span id=\"_attn_pass\"></span>\n\t\t\t</TD>\n\t\t</TR>\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD align=\"right\">\n\t\t\t\t{$lang['Reg_pass2']} :\n\n\t\t\t</TD>\n\t\t\t<TD>\n\t\t\t\t<input name=\"userpass2\" type=\"password\" size=\"20\" maxlength=\"24\" class=\"textinput\" onblur=\"check_reg('pass2')\">\n\t\t\t\t<span id=\"_attn_pass2\"></span>\n\t\t\t</TD>\n\t\t</TR>\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD align=\"right\">\n\t\t\t\t{$lang['Reg_sls_pass']} :\n\n\t\t\t</TD>\n\t\t\t<TD>\n\t\t\t\t<input name=\"userslspass\" type=\"password\" size=\"20\" maxlength=\"24\" class=\"textinput\" onblur=\"check_reg('slspass')\">\n\t\t\t\t<span id=\"_attn_slspass\"></span>\n\t\t\t</TD>\n\t\t</TR>\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD align=\"right\">\n\t\t\t\t{$lang['Reg_sls_pass2']} :\n\n\t\t\t</TD>\n\t\t\t<TD>\n\t\t\t\t<input name=\"userslspass2\" type=\"password\" size=\"20\" maxlength=\"24\" class=\"textinput\" onblur=\"check_reg('slspass2')\">\n\t\t\t\t<span id=\"_attn_slspass2\"></span>\n\t\t\t</TD>\n\t\t</TR>\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD align=\"right\">\n\t\t\t\t{$lang['Reg_sex']} :\n\n\t\t\t</TD>\n\t\t\t<TD>\n\t\t\t\t<select name=\"sex\" class=\"textinput\">\n\t\t\t\t\t<option value=\"M\" selected>Male</option>\n\t\t\t\t\t<option value=\"F\">Female</option>\n\t\t\t\t</select>\n\t\t\t</TD>\n\t\t</TR>\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD align=\"right\">\n\t\t\t\t{$lang['Reg_email']} :\n\n\t\t\t</TD>\n\t\t\t<TD>\n\t\t\t\t<input name=\"email\" type=\"text\" size=\"20\" class=\"textinput\" onblur=\"check_reg('email')\">\n\t\t\t\t<span id=\"_attn_email\"></span>\n\t\t\t</TD>\n\t\t</TR>\n";
         if ($CONFIG_security_mode) {
             echo "\n\t\t<input name=\"security_id\" type=\"hidden\" value=\"" . $sc_id . "\">\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD align=\"right\">\n\t\t\t\t{$lang['Reg_security_code']} :\n\n\t\t\t</TD>\n\t\t\t<TD>\n\t\t\t\t<img src=\"reg_code.php?sc={$sc_id}\"><BR>\n\t\t\t\t<i><a href=\"javascript:ViewSC_Code('{$sc_id}');\">{$lang['Reg_view_sc_code']}</a></i>\n\t\t\t</TD>\n\t\t</TR>\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD align=\"right\">\n\t\t\t\t{$lang['Reg_security_code_confirm']} :\n\n\t\t\t</TD>\n\t\t\t<TD>\n\t\t\t\t<input name=\"security_code\" type=\"text\" size=\"20\" maxlength=\"6\" class=\"textinput\">\n\t\t\t</TD>\n\t\t</TR>\n";
         }
         echo "\n\t\t<TR class=\"topic_title5\">\n\t\t\t<TD align=\"center\" colspan=\"2\">\n\t\t\t\t<input type=\"submit\" name=\"Submit\" value=\"{$lang['Reg_insert']}\" class=\"textinput\">\n\t\t\t\t<input type=\"reset\" name=\"reset\" value=\"{$lang['Reg_edit']}\" class=\"textinput\">\n\t\t\t</TD>\n\t\t</TR>\n\t</form>\n\t</TBODY>\n</TABLE>\n";
         clmain_body();
     }
 } else {
     if ($GET_code == 02) {
         if (!$CONFIG_register_mode) {
             redir("index.php?act=idx", "{$lang['Reg_closed']}", 3);
         } else {
             if (empty($POST_userid) && empty($POST_userpass) && empty($POST_email)) {
                 redir("index.php?act=register", "{$lang['Error']}", 3);
             } else {
                 if (length($POST_userid, 4, 24) && length($POST_userpass, 4, 24) && length($POST_userslspass, 4, 24) && isMailform($POST_email) && isAlphaNumeric($POST_userid) && isAlphaNumeric($POST_userpass) && isAlphaNumeric($POST_userslspass) && ($POST_sex == "M" || $POST_sex == "F")) {
                     $activeid = '0';
                     $active_mes = "";
                     $userpass = mysql_res(checkmd5($CONFIG_md5_support, $POST_userpass));
                     $POST_email = mysql_res($POST_email);
                     $query = "SELECT userid FROM {$CONFIG_sql_dbname}.login WHERE userid = \"" . mysql_res($POST_userid) . "\"";
                     $sql->result = $sql->execute_query($query, 'register.php');
                     $sql->total_query++;
                     $count1 = $sql->count_rows();
                     $query = "SELECT email FROM {$CONFIG_sql_dbname}.login WHERE email = \"" . $POST_email . "\"";
                     $sql->result = $sql->execute_query($query, 'register.php');
                     $sql->total_query++;
                     $count2 = $sql->count_rows();
                     if ($CONFIG_security_mode) {
                         $query = "SELECT COUNT(*) FROM {$CONFIG_sql_cpdbname}.security_code WHERE sc_id = \"" . mysql_res($POST_security_id) . "\" AND sc_code = \"" . mysql_res($POST_security_code) . "\"";
                         $sql->result = $sql->execute_query($query, 'register.php');
Пример #4
0
                $display = $lang[state_incorrect];
            }
        } else {
            $display = $lang[login_wrong];
        }
        redir("index.php?act=sls", "{$display}", 3);
    } else {
        if ($GET_code == 02) {
            ?>
<script language="JavaScript">function CheckSLS(){var L1 = document.sls_form.LG_USER.value; var L2 = document.sls_form.LG_PASS.value; var L3 = document.sls_form.SLS_PASS.value;if (L1.length < 4) {alert("Please enter your ID at least 4 characters."); document.sls_form.LG_USER.focus(); return false;}else if (L2.length < 4) {alert("Please enter your password at least 4 characters."); document.sls_form.LG_PASS.focus(); return false;}else if (L3.length < 4) {alert("Please enter your SLS password at least 4 characters."); document.sls_form.SLS_PASS.focus(); return false;}else {document.sls_form.Submit.disabled=true;return true;}}</script>
<?php 
            opmain_body("Self Locking System");
            echo "\n<TABLE width=\"100%\" cellspacing=\"1\" cellpadding=\"3\" align=\"center\">\n\t<TBODY>\n\t<form action=\"index.php?act=sls&code=03\" method=\"post\" enctype=\"multipart/form-data\" name=\"sls_form\" onSubmit=\"return CheckSLS()\">\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD width=\"20%\" align=\"right\">\n\t\t\t\t{$lang['login_user']} :\n\t\t\t</TD>\n\t\t\t<TD width=\"80%\" align=\"left\">\n\t\t\t\t<input name=\"LG_USER\" type=\"text\" size=\"28\" maxlength=\"24\" class=\"textinput\">\n\t\t\t</TD>\n\t\t</TR>\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD align=\"right\">\n\t\t\t\t{$lang['login_pass']} :\n\t\t\t</TD>\n\t\t\t<TD align=\"left\">\n\t\t\t\t<input name=\"LG_PASS\" type=\"password\" size=\"28\" maxlength=\"24\" class=\"textinput\">\n\t\t\t</TD>\n\t\t</TR>\n\t\t<TR class=\"topic_title6\">\n\t\t\t<TD align=\"right\">\n\t\t\t\t{$lang['login_sls_pass']} :\n\t\t\t</TD>\n\t\t\t<TD align=\"left\">\n\t\t\t\t<input name=\"SLS_PASS\" type=\"password\" size=\"28\" maxlength=\"24\" class=\"textinput\">\n\t\t\t</TD>\n\t\t</TR>\n\t\t<TR class=\"topic_title5\">\n\t\t\t<TD></TD>\n\t\t\t<TD>\n\t\t\t\t<input type=\"submit\" name=\"Submit\" value=\"{$lang['make_sls_pass']}\" class=\"textinput\">\n\t\t\t</TD>\n\t\t</TR>\n\t</form>\n\t</TBODY>\n</TABLE>\n";
            clmain_body();
        } else {
            if ($GET_code == 03 && isAlphaNumeric($POST_LG_USER) && isAlphaNumeric($POST_LG_PASS) && isAlphaNumeric($POST_SLS_PASS)) {
                $POST_LG_PASS = mysql_res(checkmd5($CONFIG_md5_support, $POST_LG_PASS));
                $query = "SELECT account_id FROM {$CONFIG_sql_dbname}.login WHERE userid = \"" . mysql_res($POST_LG_USER) . "\" AND user_pass=\"{$POST_LG_PASS}\" LIMIT 0,1";
                $sql->result = $sql->execute_query($query, 'sls.php');
                $sql->total_query++;
                if ($sql->count_rows()) {
                    $row = $sql->fetch_row();
                    $userid = $row[account_id];
                    $query = "SELECT user_sls_pass FROM {$CONFIG_sql_cpdbname}.user_profile WHERE user_id = \"" . mysql_res($userid) . "\" LIMIT 0,1";
                    $sql->result = $sql->execute_query($query, 'sls.php');
                    if ($sql->count_rows()) {
                        $row2 = $sql->fetch_row();
                        if (empty($row2[user_sls_pass])) {
                            $sql->execute_query("UPDATE {$CONFIG_sql_cpdbname}.user_profile set user_sls_pass=\"" . mysql_res($POST_SLS_PASS) . "\" WHERE user_id = \"" . mysql_res($userid) . "\" ", 'sls.php');
                            $sql->total_query++;
                            $display = $lang[success_make_sls_pass];
Пример #5
0
function changeAnyPassword($name, $newpassword)
{
    $sql = dbconnect();
    if (!validateUser('admin')) {
        return false;
    }
    if (!isAlphanumeric($newpassword) || !isAlphaNumeric($name)) {
        return false;
    }
    $salt = time();
    $crypt_pass = crypt($newpassword, $salt);
    $updateQ = $sql->prepare_statement("update Users set password=?,salt=? where name=?");
    $updateR = $sql->exec_statement($updateQ, array($crypt_pass, $salt, $name));
    return true;
}
Пример #6
0
function detailGroup($group)
{
    if (!isAlphaNumeric($group)) {
        return false;
    }
    $sql = dbconnect();
    $usersQ = $sql->prepare_statement("select gid,username from userGroups where name=? order by username");
    $usersR = $sql->exec_statement($usersQ, array($group));
    $gid = 0;
    echo "<table class=\"table\">";
    echo "<tr><th>Users</th></tr>";
    while ($row = $sql->fetch_array($usersR)) {
        $gid = $row[0];
        echo "<tr><td>{$row['1']}</td></tr>";
    }
    echo "</table>";
    $authsQ = $sql->prepare_statement("select auth,sub_start,sub_end from userGroupPrivs where gid=? order by auth");
    $authsR = $sql->exec_statement($authsQ, array($gid));
    echo "<table class=\"table\">";
    echo "<tr><th>Authorization Class</th><th>Subclass start</th><th>Subclass End</th></tr>";
    while ($row = $sql->fetch_array($authsR)) {
        echo "<tr><td>{$row['0']}</td><td>{$row['1']}</td><td>{$row['2']}</td></tr>";
    }
    echo "</table>";
}
Пример #7
0
//   _____          /___/        __  ___                __
//  / ___/__  ___  / /________  / / / _ \___ ____  ___ / /
// / /__/ _ \/ _ \/ __/ __/ _ \/ / / ___/ _ `/ _ \/ -_) / 
// \___/\___/_//_/\__/_/  \___/_/ /_/   \_,_/_//_/\__/_/ 
// =========================================================================
// Copyright (c) Stargames Control Panel - Licensed under GNU GPL.
// See LICENSE File
// =========================================================================
// Project Lead by: Mysterious
// =========================================================================
-->
<?php 
require "memory.php";
include_once "gzip_header.php";
echo "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\">\n<head>\n\t<title>View Security Code</title>\n\t<meta name=\"Author\" content=\"" . $CP[author] . "\">\n\t<meta name=\"Keywords\" content=\"" . $CP[name] . "\">\n\t<meta name=\"Description\" content=\"" . $CP[credit] . "\">\n\t<meta name=\"Copyright\" content=\"" . $CP[name] . " (c) " . $CP[corp] . "\">\n\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-874\">\n\t<link rel=\"stylesheet\" type=\"text/css\" href=\"theme/{$STORED['THEME']}/style.css\">\n\t<style type=\"text/css\">\n\t\t.title_bar {\n\t\t\tBACKGROUND-IMAGE: url(theme/{$STORED['THEME']}/{$THEME['title_bar_img_url']})\n\t\t}\n\t\t.title_bar2 {\n\t\t\tBACKGROUND-IMAGE: url(theme/{$STORED['THEME']}/{$THEME['title_bar2_img_url']})\n\t\t}\n\t</style>\n</head>\n<body " . $THEME[background] . ">\n";
if ($_GET[sc] && isAlphaNumeric($_GET[sc])) {
    $sql = new MySQL();
    $sql->Connect($CONFIG_sql_host, $CONFIG_sql_username, $CONFIG_sql_password);
    $query = "SELECT sc_code FROM {$CONFIG_sql_cpdbname}.security_code WHERE sc_id = \"" . mysql_res($_GET[sc]) . "\"";
    $sql->result = $sql->execute_query($query, 'viewcode.php');
    if ($sql->count_rows()) {
        $row = $sql->fetch_row();
        $sc_code = $row[sc_code];
        $num = strlen($sc_code);
        $reg_str = "";
        for ($i = 0; $i < 6; $i++) {
            $ret_str .= $sc_code[$i];
            $ret_str .= " ";
        }
        $sc_code = $ret_str;
        $display = "{$lang['Reg_view_sc_code_success']}: <B>{$sc_code}</B>";
Пример #8
0
        $display = $lang[login_wrong];
    }
}
if ($GET_act == "logout") {
    if ($CONFIG_save_type == 1) {
        session_unregister(loginname);
        session_unregister(loginpass);
    } else {
        CP_removeCookie("loginname");
        CP_removeCookie("loginpass");
    }
    $display = "{$lang['logout']}";
}
include_once "user_profile.php";
include_once "log_post.php";
if ($GET_act == "change_profile" && $CONFIG_change_password && $GET_code == 01 && $STORED_loginname && $STORED_loginpass && length($POST_password, 4, 24) && length($POST_confirmpass, 4, 24) && isAlphaNumeric($POST_password) && isAlphaNumeric($POST_confirmpass)) {
    $change_fail = 0;
    if ($CONFIG_change_password_with_sls && length($POST_slspassword, 4, 24)) {
        $check_sls = 1;
    } else {
        if ($CONFIG_change_password_with_sls && !length($POST_slspassword, 4, 24)) {
            $change_fail = 1;
            $check_sls = 1;
        } else {
            $check_sls = 0;
        }
    }
    if (!$change_fail) {
        $password = checkmd5($CONFIG_md5_support, $POST_password);
        $query = "SELECT account_id FROM {$CONFIG_sql_dbname}.login WHERE account_id = \"" . $CP['login_id'] . "\" AND user_pass = \"" . mysql_res($password) . "\" AND email =\"" . mysql_res($CP[login_mail]) . "\"";
        $sql->result = $sql->execute_query($query, 'action.php');
Пример #9
0
function get_attn_reg($check, $val, $val2)
{
    header("Content-type: text/xml;charset=iso-8859-3");
    global $CONFIG_sql_dbname, $lang;
    $sql = new MySQL();
    $check = strip_tags($check);
    switch ($check) {
        case "userid":
            $query = "SELECT userid FROM {$CONFIG_sql_dbname}.login WHERE userid = \"" . mysql_res($val) . "\"";
            if (!length($val, 4, 24)) {
                echo "- {$lang['Reg_attn_1']}";
            } else {
                if (!isAlphaNumeric($val)) {
                    echo "- {$lang['Reg_attn_11']}";
                } else {
                    if ($sql->count_rows($sql->execute_query($query, 'lib_ajax.php'))) {
                        echo "- {$lang['Reg_attn_2']}";
                    }
                }
            }
            break;
        case "pass":
            if (!length($val, 4, 24)) {
                echo "- {$lang['Reg_attn_3']}";
            } else {
                if (!isAlphaNumeric($val)) {
                    echo "- {$lang['Reg_attn_12']}";
                }
            }
            break;
        case "pass2":
            if ($val != $val2) {
                echo "- {$lang['Reg_attn_4']}";
            } else {
                if (!isAlphaNumeric($val)) {
                    echo "- {$lang['Reg_attn_13']}";
                } else {
                    if (!length($val, 4, 24)) {
                        echo "- {$lang['Reg_attn_5']}";
                    }
                }
            }
            break;
        case "slspass":
            if (!length($val, 4, 24)) {
                echo "- {$lang['Reg_attn_6']}";
            } else {
                if (!isAlphaNumeric($val)) {
                    echo "- {$lang['Reg_attn_14']}";
                }
            }
            break;
        case "slspass2":
            if ($val != $val2) {
                echo "- {$lang['Reg_attn_7']}";
            } else {
                if (!isAlphaNumeric($val)) {
                    echo "- {$lang['Reg_attn_15']}";
                } else {
                    if (!length($val, 4, 24)) {
                        echo "- {$lang['Reg_attn_8']}";
                    }
                }
            }
            break;
        case "email":
            $query = "SELECT COUNT(*) FROM {$CONFIG_sql_dbname}.login WHERE email = \"" . mysql_res($val) . "\"";
            if (!isMailform($val)) {
                echo "- {$lang['Reg_attn_9']}";
            } else {
                if ($sql->result($sql->execute_query($query, 'lib_ajax.php'))) {
                    echo "- {$lang['Reg_attn_10']}";
                }
            }
            break;
    }
}