function new_row() { $new_email = security_filter(@$_POST['new_email']); $new_pass = security_filter(@$_POST['new_pass']); $new_passwd = security_filter(@$_POST['new_passwd']); $new_port = security_filter(@$_POST['new_port']); $new_transfer = security_filter(@$_POST['new_transfer']); $new_transfer = (int) $new_transfer * 1024 * 1024; $GLOBALS['DB']->query("INSERT INTO user (email,pass,passwd,port,transfer_enable) VALUES (?,?,?,?,?)", array($new_email, $new_pass, $new_passwd, $new_port, $new_transfer)); }
function sign_up() { $email = validate_email(@$_POST['email']); $pass = security_filter(@$_POST['password']); $token = security_filter(@$_POST['token']); if (email_overlap($email)) { echo "email overlap"; die; } $count = count($GLOBALS['DB']->query("SELECT * FROM user WHERE email=? and token=?", array($email, $token))); if ($count > 0) { echo "token auth success"; $result = $GLOBALS['DB']->query("UPDATE user SET activated='1', enable='1', pass=?, passwd='0000000' WHERE email=? and token=?", array($pass, $email, $token)); } else { echo "token auth fail"; } }
<?php session_start(); $user = @$_SESSION['myemail']; if ($user == NULL) { header("location: ./../index.php"); die; } require './../config.php'; require './../src/security.php'; $which = security_filter(@$_POST['which']); $old = security_filter(@$_POST['old']); $new = security_filter(@$_POST['new']); if ($which == "login") { $count = count($DB->query("SELECT * FROM user WHERE email=? and pass=? and activated='1' ", array($user, $old))); if ($count == 1) { $result = $DB->query("UPDATE user SET pass=? WHERE email=?", array($new, $user)); echo "success"; } else { echo "old login password is wrong"; } } if ($which == "ss") { $count = count($DB->query("SELECT * FROM user WHERE email=? and passwd=? and activated='1' ", array($user, $old))); if ($count == 1) { $result = $DB->query("UPDATE user SET passwd=? WHERE email=?", array($new, $user)); echo "success"; } else { echo "old ss password is wrong"; } }
# ------------------------------------------------------------------- if (!empty($open_template)) { include $open_template; } if (isset($_POST['button'])) { foreach ($_POST as $key => $value) { if ($key != 'button') { if (preg_match('/^hidden_(.*)/i', $key)) { $value = security_filter($value); $key = trim(strstr($key, '_'), '_'); if (isset($hidden[$key])) { $hidden_data[$key] = $value; } } else { if (isset($question[$key])) { $value = security_filter($value); if ($question[$key]['type'] == 'checkbox') { $value = "YES"; } $results[$key] = $value; } } } } # Now that the responses are processed, prepare the email. $msg = "----------------- User Info -----------------\n\n"; $msg .= "Sent from: " . $_SERVER['REMOTE_HOST'] . " [" . $_SERVER['REMOTE_ADDR'] . "] \n"; $msg .= "Coming from (referer): " . $_SERVER['HTTP_REFERER'] . "\n"; $msg .= "Using (user agent): " . $_SERVER['HTTP_USER_AGENT'] . "\n\n"; $msg .= "---------------------------------------------\n\n"; if (isset($question)) {
<?php require "config.php"; require "./src/security.php"; function echoandexit($str) { echo $str; $GLOBALS['DB']->CloseConnection(); die; } if (!empty($_POST["username"]) and !empty($_POST["password"])) { $email = security_filter($_POST["username"]); $password = security_filter($_POST["password"]); //$password=MD5($password.'ssmanager'); if ($email == "admin") { if ($password == $GLOBALS['manager_password']) { session_start(); $_SESSION['myemail'] = "admin"; echoandexit("success_admin"); } else { echoandexit("admin auth failed!"); } } else { $count = count($DB->query("SELECT * FROM user WHERE email=? and pass=? and activated='1' ", array($email, $password))); if ($count == 1) { session_start(); $_SESSION['myemail'] = $email; $_SESSION['mypassword'] = $password; echoandexit("success_user"); } else { echoandexit("user auth failed!");
if ($user == NULL) { header("location: ./../index.php"); die; } require './../config.php'; require './../src/security.php'; if (@$_GET['action'] == 'get_vcode') { require './../src/vcode.php'; $vcode = new Vcode(300, 40, 4); $_SESSION['code'] = $vcode->getcode(); $vcode->outimg(); die; } if (!empty($_POST["giftcode"]) and !empty($_POST["vcode"])) { $giftcode = security_filter($_POST['giftcode']); $vcode = security_filter($_POST['vcode']); if (strtolower($vcode) != strtolower($_SESSION['code'])) { echo '<script>alert("CAPTCHA is wrong!");window.location.href="";</script>'; die; } $count = count($DB->query("SELECT * FROM gift WHERE code=? ", array($giftcode))); if ($count > 0) { $DB->query("DELETE FROM gift WHERE code=? ", array($giftcode)); $DB->query("UPDATE user SET transfer_enable = transfer_enable + 1000*1024*1024 WHERE email=? ", array($user)); echo '<script>window.location.href="./index.php";</script>'; die; } else { echo '<script>alert("Gift code is wrong!");window.location.href="";</script>'; die; } }