/** * This file is part of the Froxlor project. * Copyright (c) 2003-2009 the SysCP Team (see authors). * Copyright (c) 2010 the Froxlor Team (see authors). * * For the full copyright and license information, please view the COPYING * file that was distributed with this source code. You can also view the * COPYING file online at http://files.froxlor.org/misc/COPYING.txt * * @copyright (c) the authors * @author Florian Lippert <*****@*****.**> (2003-2009) * @author Froxlor team <*****@*****.**> (2010-) * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt * @package Functions * */ function checkUsername($fieldname, $fielddata, $newfieldvalue, $allnewfieldvalues) { if (!isset($allnewfieldvalues['customer_mysqlprefix'])) { $allnewfieldvalues['customer_mysqlprefix'] = Settings::Get('customer.mysqlprefix'); } $returnvalue = array(); if (validateUsername($newfieldvalue, Settings::Get('panel.unix_names'), 14 - strlen($allnewfieldvalues['customer_mysqlprefix'])) === true) { $returnvalue = array(FORMFIELDS_PLAUSIBILITY_CHECK_OK); } else { $returnvalue = array(FORMFIELDS_PLAUSIBILITY_CHECK_ERROR, 'accountprefixiswrong'); } return $returnvalue; }
function UserSignUp() { if (isset($_POST['su-btn-submit'])) { if (isset($_POST['email']) && isset($_POST['username']) && isset($_POST['password']) && isset($_POST['confirm-password']) && isset($_POST['tos-checkbox'])) { //Get submitted values $email = validateEmail($_POST['email']) ? 1 : 0; $user = validateUsername($_POST['username']) ? 1 : 0; $password = validatePassword($_POST['password']) ? 1 : 0; $password_hash = password_hash($_POST['password'], PASSWORD_DEFAULT); $cf_pass = password_verify($_POST['confirm-password'], $password_hash) ? 1 : 0; $tos_cb = $_POST['tos-checkbox'] ? 1 : 0; } } }
public function validate($retType) { parent::validate($retType); copyArray($_POST, $fv, 'username'); if (validateUsername($fv['username']) == false) { $rets[] = array('msg' => '<br/>Invalid username!', 'field' => 'username'); } if (isset($rets)) { if (isset($retType) && $retType == RT_JSON) { return outputJson($rets); } else { return $rets; } } }
/** * Functions for checking & validating form */ function checkingFormAndSaveNewUser() { include_once 'validate.php'; if (isset($_POST['username']) && isset($_POST['email']) && isset($_POST['password']) && isset($_POST['confirm_password']) && isset($_POST['agree'])) { $username = cleanInput($_POST['username']); $email = cleanInput($_POST['email']); $password = cleanInput($_POST['password']); $confirm_password = cleanInput($_POST['confirm_password']); $agree = $_POST['agree']; if (validateUsername($username) == false) { echo "Name should contain capitals and lower case, not less than 2 symbols"; exit; } $email = filter_var($email, FILTER_SANITIZE_EMAIL); if (validateEmail($email) == false) { echo "E-mail should be in the format of name@example.com"; exit; } if (validateLength($password, 6) == false) { echo "Password should contain not less than 6 symbols"; exit; } if (validateConfirm($password, $confirm_password) == false) { echo "Passwords do not match"; exit; } //$password_hash=password_hash($password, PASSWORD_DEFAULT); //PHP 5 >= 5.5.0 $password_hash = md5($password); $dir_for_saved_users = "./user/"; if (!is_dir($dir_for_saved_users)) { mkdir($dir_for_saved_users, 0777, true); } chmod('./user/', 0777); $filename = $dir_for_saved_users . "user_info"; $new_user_info = $username . ":" . $email . ":" . $password_hash . "\n"; file_put_contents($filename, $new_user_info, FILE_APPEND); //$_SESSION['name'] = $username; echo "You have signed up successfully! <a href='index.php'>Log in</a>"; } else { echo "All fields are required. Please fill in all the fields."; exit; } }
function getDataErrors($data) { $messages = []; if (empty($data['first_name']) || empty($data['last_name']) || empty($data['username']) || empty($data['password'])) { $messages[] = 'Παρακαλούμε συμπληρώστε όλα τα πεδία'; return $messages; } if (!validateName($data['first_name'])) { $messages[] = 'Το όνομα σας περιέχει μη επιτρεπτούς χαρακτήρες. Παρακαλούμε εισάγετε μόνο γράμματα της αλφαβήτας'; } if (!validateName($data['last_name'])) { $messages[] = 'Το επώνυμό σας περιέχει μη επιτρεπτούς χαρακτήρες. Παρακαλούμε εισάγετε μόνο γράμματα της αλφαβήτας'; } if (!validateUsername($data['username'])) { $messages[] = 'Το username σας περιέχει μη πετρεπτούς χαρακτήρες. Παρακαλούμε εισάγετε μόνο λατινικούς χαρακτήρες και αριθμούς'; } if (!validateEmail($data['email'])) { $messages[] = 'Το e-mail σας δεν είναι έγκυρο. Παρακούμε εισάγετε ένα έγκυρο e-mail.'; } if (!validatePassword($data['password'])) { $messages[] = 'Μη επιτρεπτός κωδικός. Ο κωδικός σας πρέπει να περιλαμβάνει τουλάχιστον 8 ψηφία.'; } return $messages; }
function net2ftp_module_printBody() { // -------------- // This function prints the login screen // -------------- // ------------------------------------------------------------------------- // Global variables // ------------------------------------------------------------------------- global $net2ftp_settings, $net2ftp_globals, $net2ftp_messages, $net2ftp_result, $net2ftp_output; if (isset($_POST["troubleshoot_ftpserver"]) == true) { $troubleshoot_ftpserver = validateFtpserver($_POST["troubleshoot_ftpserver"]); } else { $troubleshoot_ftpserver = ""; } if (isset($_POST["troubleshoot_ftpserverport"]) == true) { $troubleshoot_ftpserverport = validateFtpserverport($_POST["troubleshoot_ftpserverport"]); } else { $troubleshoot_ftpserverport = ""; } if (isset($_POST["troubleshoot_username"]) == true) { $troubleshoot_username = validateUsername($_POST["troubleshoot_username"]); } else { $troubleshoot_username = ""; } if (isset($_POST["troubleshoot_password"]) == true) { $troubleshoot_password = validatePassword($_POST["troubleshoot_password"]); } else { $troubleshoot_password = ""; } if (isset($_POST["troubleshoot_directory"]) == true) { $troubleshoot_directory = validateDirectory($_POST["troubleshoot_directory"]); } else { $troubleshoot_directory = ""; } if (isset($_POST["troubleshoot_passivemode"]) == true) { $troubleshoot_passivemode = validatePassivemode($_POST["troubleshoot_passivemode"]); } else { $troubleshoot_passivemode = ""; } $troubleshoot_ftpserver_html = htmlEncode2($troubleshoot_ftpserver); $troubleshoot_ftpserverport_html = htmlEncode2($troubleshoot_ftpserverport); $troubleshoot_username_html = htmlEncode2($troubleshoot_username); $troubleshoot_directory_html = htmlEncode2($troubleshoot_directory); $troubleshoot_passivemode_html = htmlEncode2($troubleshoot_passivemode); // ------------------------------------------------------------------------- // Variables for all screens // ------------------------------------------------------------------------- // Title $title = __("Troubleshoot an FTP server"); // Form name $formname = "AdvancedForm"; // ------------------------------------------------------------------------- // Variables for screen 1 // ------------------------------------------------------------------------- if ($net2ftp_globals["screen"] == 1) { // Next screen $nextscreen = 2; // Back and forward buttons $back_onclick = "document.forms['" . $formname . "'].state.value='advanced';document.forms['" . $formname . "'].screen.value='1';document.forms['" . $formname . "'].submit();"; $forward_onclick = "document.forms['" . $formname . "'].submit();"; } elseif ($net2ftp_globals["screen"] == 2) { // Back and forward buttons $back_onclick = "document.forms['" . $formname . "'].state.value='advanced_ftpserver'; document.forms['" . $formname . "'].submit();"; // Initial checks if ($troubleshoot_passivemode != "yes") { $troubleshoot_passivemode = "no"; } // Connect setStatus(1, 10, __("Connecting to the FTP server")); $conn_id = ftp_connect("{$troubleshoot_ftpserver}", $troubleshoot_ftpserverport); // Login with username and password setStatus(2, 10, __("Logging into the FTP server")); $ftp_login_result = ftp_login($conn_id, $troubleshoot_username, $troubleshoot_password); // Passive mode if ($troubleshoot_passivemode == "yes") { setStatus(3, 10, __("Setting the passive mode")); $ftp_pasv_result = ftp_pasv($conn_id, TRUE); } else { $ftp_pasv_result = true; } // Get the FTP system type setStatus(4, 10, __("Getting the FTP system type")); $ftp_systype_result = ftp_systype($conn_id); // Change the directory setStatus(5, 10, __("Changing the directory")); $ftp_chdir_result = ftp_chdir($conn_id, $troubleshoot_directory); // Get the current directory from the FTP server setStatus(6, 10, __("Getting the current directory")); $ftp_pwd_result = ftp_pwd($conn_id); // Try to get a raw list setStatus(7, 10, __("Getting the list of directories and files")); $ftp_rawlist_result = ftp_rawlist($conn_id, "-a"); if (sizeof($ftp_rawlist_result) <= 1) { $ftp_rawlist_result = ftp_rawlist($conn_id, ""); } // Parse the list setStatus(8, 10, __("Parsing the list of directories and files")); for ($i = 0; $i < sizeof($ftp_rawlist_result); $i++) { $parsedlist[$i] = ftp_scanline($troubleshoot_directory, $ftp_rawlist_result[$i]); } // end for // Quiting; ftp_quit doesn't return a value setStatus(9, 10, __("Logging out of the FTP server")); ftp_quit($conn_id); } // end if // ------------------------------------------------------------------------- // Print the output // ------------------------------------------------------------------------- setStatus(10, 10, __("Printing the result")); require_once $net2ftp_globals["application_skinsdir"] . "/" . $net2ftp_globals["skin"] . "/manage.template.php"; }
require 'emailConf.php'; include 'addUser.php'; include 'login.php'; include 'logout.php'; include 'activation.php'; include 'notConfirmed.php'; \Slim\Slim::registerAutoloader(); $app = new Slim\Slim(); // start it up and declare our routes $app->get('/activate/:activation', 'activation'); $app->get('/notConfirmed/resend', 'nc_resendActivation'); $app->get('/notConfirmed/change/:email', 'nc_changeEmail'); $app->get('/notConfirmed/delete', 'nc_deleteAccount'); $app->post('/user/register/', 'addUser'); $app->post('/user/login/', 'login'); $app->get('/user/logout/', 'logOut'); $app->get('/user/register/validate/email', function () use($app) { validateEmail($app->request()->get('email')); }); $app->get('/user/register/validate/username', function () use($app) { validateUsername($app->request()->get('username')); }); $app->post('/user/resetPassword/set', function () use($app) { include 'resetPassword.php'; resetPassword(); }); $app->post('/user/resetPassword/request', function () use($app) { include 'resetPassword.php'; sendResetPassword(); }); $app->run();
</aside> <section id="main_section"><!-- meet of the website--> <div> <h3>My Info</h3> <div id="result" style="padding:5px; color:red"> <?php if (isset($_POST['email'])) { if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $result = $user->setEmail($_POST['email']); echo $result; } else { echo "invalid email"; } } else { if (isset($_POST['username'])) { if (validateUsername($_POST['username'])) { //continue $res = $user->setUsername($_POST['username']); echo $res; } else { echo "Username already taken."; } } else { if (isset($_POST['aboutMe'])) { $res2 = $user->setAboutMe($_POST['aboutMe']); echo $res2; } } } ?> </div>
<?php require 'models/validation_functions.php'; if (!empty($_POST['value'])) { switch ($_POST['field']) { case 1: $res = validateUsername($_POST['value']); if (!$res) { echo 'Το username σας περιέχει μη πετρεπτούς χαρακτήρες. Παρακαλούμε εισάγετε μόνο λατινικούς χαρακτήρες και αριθμούς'; } break; case 2: $res = validateName($_POST['value']); if (!$res) { echo 'Το όνομα σας περιέχει μη επιτρεπτούς χαρακτήρες. Παρακαλούμε εισάγετε μόνο γράμματα της αλφαβήτας'; } break; case 3: $res = validateName($_POST['value']); if (!$res) { echo 'Το επώνυμο σας περιέχει μη επιτρεπτούς χαρακτήρες. Παρακαλούμε εισάγετε μόνο γράμματα της αλφαβήτας'; } break; case 4: $res = validateEmail($_POST['value']); if (!$res) { echo 'Το e-mail σας δεν είναι έγκυρο. Παρακούμε εισάγετε ένα έγκυρο e-mail.'; } break; case 5: $res = validatePassword($_POST['value']);
/** * Generates a random password for a user and emails it to them. * - called by Profile.php when changing someone's username. * - checks the validity of the new username. * - generates and sets a new password for the given user. * - mails the new password to the email address of the user. * - if username is not set, only a new password is generated and sent. * * @param int $memID * @param string $username = null */ function resetPassword($memID, $username = null) { global $scripturl, $context, $txt, $sourcedir, $modSettings, $smcFunc, $language; // Language... and a required file. loadLanguage('Login'); require_once $sourcedir . '/Subs-Post.php'; // Get some important details. $request = $smcFunc['db_query']('', ' SELECT member_name, email_address, lngfile FROM {db_prefix}members WHERE id_member = {int:id_member}', array('id_member' => $memID)); list($user, $email, $lngfile) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); if ($username !== null) { $old_user = $user; $user = trim($username); } // Generate a random password. $newPassword = substr(preg_replace('/\\W/', '', md5(mt_rand())), 0, 10); $newPassword_sha1 = sha1(strtolower($user) . $newPassword); // Do some checks on the username if needed. if ($username !== null) { validateUsername($memID, $user); // Update the database... updateMemberData($memID, array('member_name' => $user, 'passwd' => $newPassword_sha1)); } else { updateMemberData($memID, array('passwd' => $newPassword_sha1)); } call_integration_hook('integrate_reset_pass', array($old_user, $user, $newPassword)); $replacements = array('USERNAME' => $user, 'PASSWORD' => $newPassword); $emaildata = loadEmailTemplate('change_password', $replacements, empty($lngfile) || empty($modSettings['userLanguage']) ? $language : $lngfile); // Send them the email informing them of the change - then we're done! sendmail($email, $emaildata['subject'], $emaildata['body'], null, null, false, 0); }
/** * See if a username already exists. */ private function _registerCheckUsername() { global $context; // This is XML! loadTemplate('Xml'); $context['sub_template'] = 'check_username'; $context['checked_username'] = isset($_GET['username']) ? un_htmlspecialchars($_GET['username']) : ''; $context['valid_username'] = true; // Clean it up like mother would. $context['checked_username'] = preg_replace('~[\\t\\n\\r \\x0B\\0\\x{A0}\\x{AD}\\x{2000}-\\x{200F}\\x{201F}\\x{202F}\\x{3000}\\x{FEFF}]+~u', ' ', $context['checked_username']); $errors = Error_Context::context('valid_username', 0); require_once SUBSDIR . '/Auth.subs.php'; validateUsername(0, $context['checked_username'], 'valid_username', true, false); $context['valid_username'] = !$errors->hasErrors(); }
<?php require_once 'connect.php'; //flag used to represent successful registration and valid username $isValidPassword = false; $isValidUsername = false; //make sure username isn't already being used //set $isValid to false if username is not valid $username = strip_tags($_POST['username']); if (validateUsername($username, $link)) { $isValidUsername = true; } //crypt password to create hash for safe DB storage $salt = "X1K\$6B8"; $password1 = strip_tags($_POST['password1']); $password2 = strip_tags($_POST['password2']); $password1 = crypt($password1, $salt); $password2 = crypt($password2, $salt); //make sure passwords match if (validatePasswords($password1, $password2)) { $isValidPassword = true; } //If username is valid and passwords match - update database! if ($isValidUsername && $isValidPassword) { //collect user info $firstName = strip_tags($_POST['firstName']); $lastName = strip_tags($_POST['lastName']); $street = strip_tags($_POST['street']); $city = strip_tags($_POST['city']); $state = strip_tags($_POST['state']); $zip = strip_tags($_POST['zip']);
/** * Generates a random password for a user and emails it to them. * * What it does: * - called by ProfileOptions controller when changing someone's username. * - checks the validity of the new username. * - generates and sets a new password for the given user. * - mails the new password to the email address of the user. * - if username is not set, only a new password is generated and sent. * * @package Authorization * @param int $memID * @param string|null $username = null */ function resetPassword($memID, $username = null) { global $modSettings, $language, $user_info; // Language... and a required file. loadLanguage('Login'); require_once SUBSDIR . '/Mail.subs.php'; // Get some important details. require_once SUBSDIR . '/Members.subs.php'; $result = getBasicMemberData($memID, array('preferences' => true)); $user = $result['member_name']; $email = $result['email_address']; $lngfile = $result['lngfile']; if ($username !== null) { $old_user = $user; $user = trim($username); } // Generate a random password. require_once EXTDIR . '/PasswordHash.php'; $t_hasher = new PasswordHash(8, false); $newPassword = substr(preg_replace('/\\W/', '', md5(mt_rand())), 0, 10); $newPassword_sha256 = hash('sha256', strtolower($user) . $newPassword); $db_hash = $t_hasher->HashPassword($newPassword_sha256); // Do some checks on the username if needed. if ($username !== null) { $errors = Error_Context::context('reset_pwd', 0); validateUsername($memID, $user, 'reset_pwd'); // If there are "important" errors and you are not an admin: log the first error // Otherwise grab all of them and don't log anything $error_severity = $errors->hasErrors(1) && !$user_info['is_admin'] ? 1 : null; foreach ($errors->prepareErrors($error_severity) as $error) { fatal_error($error, $error_severity === null ? false : 'general'); } // Update the database... updateMemberData($memID, array('member_name' => $user, 'passwd' => $db_hash)); } else { updateMemberData($memID, array('passwd' => $db_hash)); } call_integration_hook('integrate_reset_pass', array($old_user, $user, $newPassword)); $replacements = array('USERNAME' => $user, 'PASSWORD' => $newPassword); $emaildata = loadEmailTemplate('change_password', $replacements, empty($lngfile) || empty($modSettings['userLanguage']) ? $language : $lngfile); // Send them the email informing them of the change - then we're done! sendmail($email, $emaildata['subject'], $emaildata['body'], null, null, false, 0); }
$accountnumber = intval($settings['system']['lastaccountnumber']); $loginname = validate($_POST['loginname'], 'loginname', '/^[a-z0-9\\-_]+$/i'); // Accounts which match systemaccounts are not allowed, filtering them if (preg_match('/^' . preg_quote($settings['customer']['accountprefix'], '/') . '([0-9]+)/', $loginname)) { standard_error('loginnameissystemaccount', $settings['customer']['accountprefix']); } } else { $accountnumber = intval($settings['system']['lastaccountnumber']) + 1; $loginname = $settings['customer']['accountprefix'] . $accountnumber; } // Check if the account already exists $loginname_check = $db->query_first("SELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = '" . $db->escape($loginname) . "'"); $loginname_check_admin = $db->query_first("SELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = '" . $db->escape($loginname) . "'"); if (strtolower($loginname_check['loginname']) == strtolower($loginname) || strtolower($loginname_check_admin['loginname']) == strtolower($loginname)) { standard_error('loginnameexists', $loginname); } elseif (!validateUsername($loginname, $settings['panel']['unix_names'], 14 - strlen($settings['customer']['mysqlprefix']))) { standard_error('loginnameiswrong', $loginname); } $guid = intval($settings['system']['lastguid']) + 1; $documentroot = makeCorrectDir($settings['system']['documentroot_prefix'] . '/' . $loginname); if ($service_active == 1) { $service_active = '1'; if (!isset($servicestart_date) || $servicestart_date == '0000-00-00') { $servicestart_date = date('Y-m-d'); } } else { $service_active = '0'; $servicestart_date = '0000-00-00'; } if ($calc_tax != '1') { $calc_tax = '0';
function register($db) { //Primero obtenemos las entradas de la forma $user = mysql_real_escape_string($_POST['user']); //usamos un string absoluto para evitar sqlinjection $password = sha1($_POST['password']); //encriptamos el password $rpassword = sha1($_POST['rpassword']); //encriptamos la confirmación del password //Ahora validamos, si la validación es correcta procedemos a ejecutar la inserción en la DB if (validateInputs($user, $password, $rpassword)) { //ya hemos validado los inputs, ahora comprobemos que el usuario este libre if (!validateUsername($db, $user)) { //ahora creamos nuestra query $query = "INSERT INTO users(user,password) values('{$user}','{$password}')"; try { $db->beginTransaction(); //iniciamos transacción DBO $db->exec($query); //ejecutamos la inserción de datos y el registro $db->commit(); //terminamos la conexión exitosamente echo "Registro completado\n su usuario:{$user} y su password:{$_POST['password']}" . "\n Entre <a href=\"bienvenido.php\">Aqui</a> para ir a la pagina de bienvenida"; } catch (Exception $e) { $db->rollBack(); //Si falla la conexión, tiramos la conexión echo "<p>Ocurrio un error, el registro no pudo ser completado</p>"; } } else { echo "<p>El nombre de usuario ya existe, por lo que no se pudo completar el registro.</p>"; } } else { echo "<p>Los datos de registro son invalidos, intente de nuevo.</p>"; $db = null; die; } }
/** * Registers a member to the forum. * * What it does: * - Allows two types of interface: 'guest' and 'admin'. The first * - includes hammering protection, the latter can perform the registration silently. * - The strings used in the options array are assumed to be escaped. * - Allows to perform several checks on the input, e.g. reserved names. * - The function will adjust member statistics. * - If an error is detected will fatal error on all errors unless return_errors is true. * * @package Members * @uses Auth.subs.php * @uses Mail.subs.php * @param mixed[] $regOptions * @param string $error_context * @return integer the ID of the newly created member */ function registerMember(&$regOptions, $error_context = 'register') { global $scripturl, $txt, $modSettings, $user_info; $db = database(); loadLanguage('Login'); // We'll need some external functions. require_once SUBSDIR . '/Auth.subs.php'; require_once SUBSDIR . '/Mail.subs.php'; // Put any errors in here. $reg_errors = Error_Context::context($error_context, 0); // Registration from the admin center, let them sweat a little more. if ($regOptions['interface'] == 'admin') { is_not_guest(); isAllowedTo('moderate_forum'); } elseif ($regOptions['interface'] == 'guest') { // You cannot register twice... if (empty($user_info['is_guest'])) { redirectexit(); } // Make sure they didn't just register with this session. if (!empty($_SESSION['just_registered']) && empty($modSettings['disableRegisterCheck'])) { fatal_lang_error('register_only_once', false); } } // What method of authorization are we going to use? if (empty($regOptions['auth_method']) || !in_array($regOptions['auth_method'], array('password', 'openid'))) { if (!empty($regOptions['openid'])) { $regOptions['auth_method'] = 'openid'; } else { $regOptions['auth_method'] = 'password'; } } // Spaces and other odd characters are evil... $regOptions['username'] = trim(preg_replace('~[\\t\\n\\r \\x0B\\0\\x{A0}\\x{AD}\\x{2000}-\\x{200F}\\x{201F}\\x{202F}\\x{3000}\\x{FEFF}]+~u', ' ', $regOptions['username'])); // Valid emails only require_once SUBSDIR . '/DataValidator.class.php'; if (!Data_Validator::is_valid($regOptions, array('email' => 'valid_email|required|max_length[255]'), array('email' => 'trim'))) { $reg_errors->addError('bad_email'); } validateUsername(0, $regOptions['username'], $error_context, !empty($regOptions['check_reserved_name'])); // Generate a validation code if it's supposed to be emailed. $validation_code = ''; if ($regOptions['require'] == 'activation') { $validation_code = generateValidationCode(); } // If you haven't put in a password generate one. if ($regOptions['interface'] == 'admin' && $regOptions['password'] == '' && $regOptions['auth_method'] == 'password') { mt_srand(time() + 1277); $regOptions['password'] = generateValidationCode(); $regOptions['password_check'] = $regOptions['password']; } elseif ($regOptions['password'] != $regOptions['password_check'] && $regOptions['auth_method'] == 'password') { $reg_errors->addError('passwords_dont_match'); } // That's kind of easy to guess... if ($regOptions['password'] == '') { if ($regOptions['auth_method'] == 'password') { $reg_errors->addError('no_password'); } else { $regOptions['password'] = sha1(mt_rand()); } } // Now perform hard password validation as required. if (!empty($regOptions['check_password_strength']) && $regOptions['password'] != '') { $passwordError = validatePassword($regOptions['password'], $regOptions['username'], array($regOptions['email'])); // Password isn't legal? if ($passwordError != null) { $reg_errors->addError('profile_error_password_' . $passwordError); } } // You may not be allowed to register this email. if (!empty($regOptions['check_email_ban'])) { isBannedEmail($regOptions['email'], 'cannot_register', $txt['ban_register_prohibited']); } // Check if the email address is in use. $request = $db->query('', ' SELECT id_member FROM {db_prefix}members WHERE email_address = {string:email_address} OR email_address = {string:username} LIMIT 1', array('email_address' => $regOptions['email'], 'username' => $regOptions['username'])); if ($db->num_rows($request) != 0) { $reg_errors->addError(array('email_in_use', array(htmlspecialchars($regOptions['email'], ENT_COMPAT, 'UTF-8')))); } $db->free_result($request); // Perhaps someone else wants to check this user call_integration_hook('integrate_register_check', array(&$regOptions, &$reg_errors)); // If there's any errors left return them at once! if ($reg_errors->hasErrors()) { return false; } $reservedVars = array('actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url'); // Can't change reserved vars. if (isset($regOptions['theme_vars']) && count(array_intersect(array_keys($regOptions['theme_vars']), $reservedVars)) != 0) { fatal_lang_error('no_theme'); } // New password hash require_once SUBSDIR . '/Auth.subs.php'; // Some of these might be overwritten. (the lower ones that are in the arrays below.) $regOptions['register_vars'] = array('member_name' => $regOptions['username'], 'email_address' => $regOptions['email'], 'passwd' => validateLoginPassword($regOptions['password'], '', $regOptions['username'], true), 'password_salt' => substr(md5(mt_rand()), 0, 4), 'posts' => 0, 'date_registered' => !empty($regOptions['time']) ? $regOptions['time'] : time(), 'member_ip' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $regOptions['ip'], 'member_ip2' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $regOptions['ip2'], 'validation_code' => $validation_code, 'real_name' => $regOptions['username'], 'personal_text' => $modSettings['default_personal_text'], 'pm_email_notify' => 1, 'id_theme' => 0, 'id_post_group' => 4, 'lngfile' => '', 'buddy_list' => '', 'pm_ignore_list' => '', 'message_labels' => '', 'website_title' => '', 'website_url' => '', 'location' => '', 'time_format' => '', 'signature' => '', 'avatar' => '', 'usertitle' => '', 'secret_question' => '', 'secret_answer' => '', 'additional_groups' => '', 'ignore_boards' => '', 'smiley_set' => '', 'openid_uri' => !empty($regOptions['openid']) ? $regOptions['openid'] : ''); // Setup the activation status on this new account so it is correct - firstly is it an under age account? if ($regOptions['require'] == 'coppa') { $regOptions['register_vars']['is_activated'] = 5; // @todo This should be changed. To what should be it be changed?? $regOptions['register_vars']['validation_code'] = ''; } elseif ($regOptions['require'] == 'nothing') { $regOptions['register_vars']['is_activated'] = 1; } elseif ($regOptions['require'] == 'activation') { $regOptions['register_vars']['is_activated'] = 0; } else { $regOptions['register_vars']['is_activated'] = 3; } if (isset($regOptions['memberGroup'])) { // Make sure the id_group will be valid, if this is an administator. $regOptions['register_vars']['id_group'] = $regOptions['memberGroup'] == 1 && !allowedTo('admin_forum') ? 0 : $regOptions['memberGroup']; // Check if this group is assignable. $unassignableGroups = array(-1, 3); $request = $db->query('', ' SELECT id_group FROM {db_prefix}membergroups WHERE min_posts != {int:min_posts}' . (allowedTo('admin_forum') ? '' : ' OR group_type = {int:is_protected}'), array('min_posts' => -1, 'is_protected' => 1)); while ($row = $db->fetch_assoc($request)) { $unassignableGroups[] = $row['id_group']; } $db->free_result($request); if (in_array($regOptions['register_vars']['id_group'], $unassignableGroups)) { $regOptions['register_vars']['id_group'] = 0; } } // Integrate optional member settings to be set. if (!empty($regOptions['extra_register_vars'])) { foreach ($regOptions['extra_register_vars'] as $var => $value) { $regOptions['register_vars'][$var] = $value; } } // Integrate optional user theme options to be set. $theme_vars = array(); if (!empty($regOptions['theme_vars'])) { foreach ($regOptions['theme_vars'] as $var => $value) { $theme_vars[$var] = $value; } } // Right, now let's prepare for insertion. $knownInts = array('date_registered', 'posts', 'id_group', 'last_login', 'personal_messages', 'unread_messages', 'notifications', 'new_pm', 'pm_prefs', 'gender', 'hide_email', 'show_online', 'pm_email_notify', 'karma_good', 'karma_bad', 'notify_announcements', 'notify_send_body', 'notify_regularity', 'notify_types', 'id_theme', 'is_activated', 'id_msg_last_visit', 'id_post_group', 'total_time_logged_in', 'warning'); $knownFloats = array('time_offset'); // Call an optional function to validate the users' input. call_integration_hook('integrate_register', array(&$regOptions, &$theme_vars, &$knownInts, &$knownFloats)); $column_names = array(); $values = array(); foreach ($regOptions['register_vars'] as $var => $val) { $type = 'string'; if (in_array($var, $knownInts)) { $type = 'int'; } elseif (in_array($var, $knownFloats)) { $type = 'float'; } elseif ($var == 'birthdate') { $type = 'date'; } $column_names[$var] = $type; $values[$var] = $val; } // Register them into the database. $db->insert('', '{db_prefix}members', $column_names, $values, array('id_member')); $memberID = $db->insert_id('{db_prefix}members', 'id_member'); // Update the number of members and latest member's info - and pass the name, but remove the 's. if ($regOptions['register_vars']['is_activated'] == 1) { updateMemberStats($memberID, $regOptions['register_vars']['real_name']); } else { updateMemberStats(); } // Theme variables too? if (!empty($theme_vars)) { $inserts = array(); foreach ($theme_vars as $var => $val) { $inserts[] = array($memberID, $var, $val); } $db->insert('insert', '{db_prefix}themes', array('id_member' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'), $inserts, array('id_member', 'variable')); } // If it's enabled, increase the registrations for today. trackStats(array('registers' => '+')); // Administrative registrations are a bit different... if ($regOptions['interface'] == 'admin') { if ($regOptions['require'] == 'activation') { $email_message = 'admin_register_activate'; } elseif (!empty($regOptions['send_welcome_email'])) { $email_message = 'admin_register_immediate'; } if (isset($email_message)) { $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code); $emaildata = loadEmailTemplate($email_message, $replacements); sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); } } else { // Can post straight away - welcome them to your fantastic community... if ($regOptions['require'] == 'nothing') { if (!empty($regOptions['send_welcome_email'])) { $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : ''); $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'immediate', $replacements); sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); } // Send admin their notification. require_once SUBSDIR . '/Notification.subs.php'; sendAdminNotifications('standard', $memberID, $regOptions['username']); } elseif ($regOptions['require'] == 'activation' || $regOptions['require'] == 'coppa') { $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : ''); if ($regOptions['require'] == 'activation') { $replacements += array('ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code); } else { $replacements += array('COPPALINK' => $scripturl . '?action=coppa;u=' . $memberID); } $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . ($regOptions['require'] == 'activation' ? 'activate' : 'coppa'), $replacements); sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); } else { $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : ''); $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'pending', $replacements); sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); // Admin gets informed here... require_once SUBSDIR . '/Notification.subs.php'; sendAdminNotifications('approval', $memberID, $regOptions['username']); } // Okay, they're for sure registered... make sure the session is aware of this for security. (Just married :P!) $_SESSION['just_registered'] = 1; } // If they are for sure registered, let other people to know about it call_integration_hook('integrate_register_after', array($regOptions, $memberID)); return $memberID; }
<?php session_start(); require_once "php/database.php"; require_once "php/validation.php"; require_once "php/security.php"; require_once "php/storedprocedures.php"; require_once "php/error.php"; $db = connectToDatabase(); if ($db) { $username = $_POST["username"]; $displayName = $_POST["displayname"]; $rawPassword = $_POST["password"]; $usernameValid = validateUsername($username); $displaynameValid = validateDisplayname($displayName); $passwordValid = validatePassword($rawPassword); if ($usernameValid && $displaynameValid && $passwordValid) { $hashedPass = hashPassword($rawPassword); $salt = substr($hashedPass, 7, 22); $results = registerUser($db, $username, $hashedPass, $salt, $displayName); switch ($results[SP::ERROR]) { case ERR::OK: // It worked, try to log in. $results = login($db, $username, $hashedPass); switch ($results[SP::ERROR]) { case ERR::OK: $_SESSION['token'] = $results[SP::TOKEN]; $_SESSION['id'] = $results[USER::ID]; $_SESSION['permission'] = $results[PERMISSION::LEVEL]; // Give them a default avatar copy("avatar/default.jpg", "avatar/" . $results[USER::ID] . ".jpg");
function net2ftp_module_printBody() { // -------------- // This function prints the login screen // -------------- // ------------------------------------------------------------------------- // Global variables // ------------------------------------------------------------------------- global $net2ftp_settings, $net2ftp_globals, $net2ftp_messages, $net2ftp_result; if (isset($_POST["input_admin_username"]) == true) { $input_admin_username = htmlEncode2(validateGenericInput($_POST["input_admin_username"])); } else { $input_admin_username = ""; } if (isset($_POST["input_admin_password"]) == true) { $input_admin_password = htmlEncode2(validateGenericInput($_POST["input_admin_password"])); } else { $input_admin_password = ""; } if (isset($_POST["dbusername2"]) == true) { $dbusername2 = validateUsername($_POST["dbusername2"]); } else { $dbusername2 = ""; } if (isset($_POST["dbpassword2"]) == true) { $dbpassword2 = validatePassword($_POST["dbpassword2"]); } else { $dbpassword2 = ""; } if (isset($_POST["dbname2"]) == true) { $dbname2 = validateGenericInput($_POST["dbname2"]); } else { $dbname2 = ""; } if (isset($_POST["dbserver2"]) == true) { $dbserver2 = validateGenericInput($_POST["dbserver2"]); } else { $dbserver2 = ""; } $dbusername2_html = htmlEncode2($dbusername2); $dbpassword2_html = htmlEncode2($dbpassword2); $dbname2_html = htmlEncode2($dbname2); $dbserver2_html = htmlEncode2($dbserver2); if ($dbserver2 == "") { $dbserver2 = "localhost"; } // ------------------------------------------------------------------------- // Variables for all screens // ------------------------------------------------------------------------- // Output variable $net2ftp_output["admin_createtables"][] = ""; // Title $title = __("Admin functions"); // Form name $formname = "AdminForm"; // Read the SQL file $filename = glueDirectories($net2ftp_globals["application_rootdir"], "create_tables.sql"); $handle = fopen($filename, "rb"); // Open the file for reading only if ($handle == false) { $net2ftp_output["admin_createtables"][] = __("The handle of file %1\$s could not be opened.", $filename); } clearstatcache(); // for filesize $sqlquerystring = fread($handle, filesize($filename)); if ($sqlquerystring == false) { $net2ftp_output["admin_createtables"][] = __("The file %1\$s could not be opened.", $filename); } $result1 = fclose($handle); if ($result1 == false) { $net2ftp_output["admin_createtables"][] = __("The handle of file %1\$s could not be closed.", $filename); } // Split the SQL file in individual queries $sqlquerypieces = explode("\n", $sqlquerystring); // ------------------------------------------------------------------------- // Variables for screen 1 // ------------------------------------------------------------------------- if ($net2ftp_globals["screen"] == 1) { // Next screen $nextscreen = 2; // Back and forward buttons $back_onclick = "document.forms['" . $formname . "'].state.value='admin';document.forms['" . $formname . "'].screen.value='1';document.forms['" . $formname . "'].submit();"; $forward_onclick = "document.forms['" . $formname . "'].submit();"; } elseif ($net2ftp_globals["screen"] == 2) { // Next screen $nextscreen = 1; // Back and forward buttons $back_onclick = "document.forms['" . $formname . "'].state.value='admin';document.forms['" . $formname . "'].screen.value='1';document.forms['" . $formname . "'].submit();"; $dbpassword2_length = strlen($dbpassword2); // ------------------------------------ // Connect // ------------------------------------ $mydb = mysql_connect($dbserver2, $dbusername2, $dbpassword2); if ($mydb == false) { $net2ftp_output["admin_createtables"][] = __("The connection to the server <b>%1\$s</b> could not be set up. Please check the database settings you've entered.", $dbserver2_html) . "\n"; } // ------------------------------------ // Select // ------------------------------------ if ($mydb != false) { $mysql_select_db_result = mysql_select_db($dbname2); if ($mysql_select_db_result == false) { $net2ftp_output["admin_createtables"][] = __("Unable to select the database <b>%1\$s</b>.", $dbserver2_html) . "\n"; } } // ------------------------------------ // Query // ------------------------------------ if ($mydb != false && $mysql_select_db_result != false) { for ($i = 0; $i < sizeof($sqlquerypieces); $i++) { $mysql_query_results[$i] = mysql_query($sqlquerypieces[$i]); if ($mysql_query_results[$i] == false) { $net2ftp_output["admin_createtables"][] = __("The SQL query nr <b>%1\$s</b> could not be executed.", $i + 1) . "\n"; } else { $net2ftp_output["admin_createtables"][] = __("The SQL query nr <b>%1\$s</b> was executed successfully.", $i + 1) . "\n"; } } } } // end elseif // ------------------------------------------------------------------------- // Print the output // ------------------------------------------------------------------------- require_once $net2ftp_globals["application_skinsdir"] . "/" . $net2ftp_globals["skin"] . "/manage.template.php"; }
function net2ftp_module_printBody() { // -------------- // This function prints the copy/move/delete screen // -------------- // ------------------------------------------------------------------------- // Global variables // ------------------------------------------------------------------------- global $net2ftp_settings, $net2ftp_globals, $net2ftp_messages, $net2ftp_result, $net2ftp_output; if (isset($_POST["list"]) == true) { $list = getSelectedEntries($_POST["list"]); } else { $list = ""; } if (isset($_POST["ftpserver2"]) == true) { $net2ftp_globals["ftpserver2"] = validateFtpserver($_POST["ftpserver2"]); } else { $net2ftp_globals["ftpserver2"] = ""; } if (isset($_POST["ftpserverport2"]) == true) { $net2ftp_globals["ftpserverport2"] = validateFtpserverport($_POST["ftpserverport2"]); } else { $net2ftp_globals["ftpserverport2"] = ""; } if (isset($_POST["username2"]) == true) { $net2ftp_globals["username2"] = validateUsername($_POST["username2"]); } else { $net2ftp_globals["username2"] = ""; } if (isset($_POST["password2"]) == true) { $net2ftp_globals["password2"] = validatePassword($_POST["password2"]); } else { $net2ftp_globals["password2"] = ""; } // ------------------------------------------------------------------------- // Variables for all screens // ------------------------------------------------------------------------- // Title if ($net2ftp_globals["state2"] == "copy") { $title = __("Copy directories and files"); } elseif ($net2ftp_globals["state2"] == "move") { $title = __("Move directories and files"); } elseif ($net2ftp_globals["state2"] == "delete") { $title = __("Delete directories and files"); } // Form name, back and forward buttons $formname = "CopyMoveDeleteForm"; $back_onclick = "document.forms['" . $formname . "'].state.value='browse';document.forms['" . $formname . "'].state2.value='main';document.forms['" . $formname . "'].submit();"; $forward_onclick = "document.forms['" . $formname . "'].submit();"; // ------------------------------------------------------------------------- // Variables for screen 1 // ------------------------------------------------------------------------- if ($net2ftp_globals["screen"] == 1) { // Next screen $nextscreen = 2; } elseif ($net2ftp_globals["screen"] == 2) { // --------------------------------------- // Open connection to the source server // --------------------------------------- setStatus(2, 10, __("Connecting to the FTP server")); $conn_id_source = ftp_openconnection(); if ($net2ftp_result["success"] == false) { return false; } // --------------------------------------- // Open connection to the target server, if it is different from the source server, or if the username // is different (different users may have different authorizations on the same FTP server) // --------------------------------------- if (($net2ftp_globals["ftpserver2"] != "" || $net2ftp_globals["username2"] != "") && ($net2ftp_globals["ftpserver2"] != $net2ftp_globals["ftpserver"] || $net2ftp_globals["username2"] != $net2ftp_globals["username"])) { $conn_id_target = ftp_openconnection2(); // Note: ftp_openconnection2 cleans the input values if ($net2ftp_result["success"] == false) { return false; } } else { $conn_id_target = $conn_id_source; } // --------------------------------------- // Copy, move or delete the files and directories // --------------------------------------- ftp_copymovedelete($conn_id_source, $conn_id_target, $list, $net2ftp_globals["state2"], 0); // --------------------------------------- // Close the connection to the source server // --------------------------------------- ftp_closeconnection($conn_id_source); // --------------------------------------- // Close the connection to the target server, if it is different from the source server // --------------------------------------- if ($conn_id_source != $conn_id_target) { ftp_closeconnection($conn_id_target); } } // end elseif // ------------------------------------------------------------------------- // Print the output // ------------------------------------------------------------------------- require_once $net2ftp_globals["application_skinsdir"] . "/" . $net2ftp_globals["skin"] . "/manage.template.php"; }
function loadProfileFields($force_reload = false) { global $context, $profile_fields, $txt, $scripturl, $modSettings, $user_info, $old_profile, $smcFunc, $cur_profile, $language; // Don't load this twice! if (!empty($profile_fields) && !$force_reload) { return; } /* This horrific array defines all the profile fields in the whole world! In general each "field" has one array - the key of which is the database column name associated with said field. Each item can have the following attributes: string $type: The type of field this is - valid types are: - callback: This is a field which has its own callback mechanism for templating. - check: A simple checkbox. - hidden: This doesn't have any visual aspects but may have some validity. - password: A password box. - select: A select box. - text: A string of some description. string $label: The label for this item - default will be $txt[$key] if this isn't set. string $subtext: The subtext (Small label) for this item. int $size: Optional size for a text area. array $input_attr: An array of text strings to be added to the input box for this item. string $value: The value of the item. If not set $cur_profile[$key] is assumed. string $permission: Permission required for this item (Excluded _any/_own subfix which is applied automatically). function $input_validate: A runtime function which validates the element before going to the database. It is passed the relevant $_POST element if it exists and should be treated like a reference. Return types: - true: Element can be stored. - false: Skip this element. - a text string: An error occured - this is the error message. function $preload: A function that is used to load data required for this element to be displayed. Must return true to be displayed at all. string $cast_type: If set casts the element to a certain type. Valid types (bool, int, float). string $save_key: If the index of this element isn't the database column name it can be overriden with this string. bool $is_dummy: If set then nothing is acted upon for this element. bool $enabled: A test to determine whether this is even available - if not is unset. string $link_with: Key which links this field to an overall set. Note that all elements that have a custom input_validate must ensure they set the value of $cur_profile correct to enable the changes to be displayed correctly on submit of the form. */ $profile_fields = array('avatar_choice' => array('type' => 'callback_template', 'callback_name' => 'profile/avatar_select', 'preload' => 'profileLoadAvatarData', 'input_validate' => 'profileSaveAvatarData', 'save_key' => 'avatar'), 'bday1' => array('type' => 'callback_template', 'callback_name' => 'profile/birthdate_select', 'permission' => 'profile_extra', 'preload' => function () { global $cur_profile, $context; // Split up the birthdate.... list($uyear, $umonth, $uday) = explode('-', empty($cur_profile['birthdate']) || $cur_profile['birthdate'] == '0001-01-01' ? '0000-00-00' : $cur_profile['birthdate']); $context['member']['birth_date'] = array('year' => $uyear == '0004' ? '0000' : $uyear, 'month' => $umonth, 'day' => $uday); return true; }, 'input_validate' => function (&$value) { global $profile_vars, $cur_profile; if (isset($_POST['bday2'], $_POST['bday3']) && $value > 0 && $_POST['bday2'] > 0) { // Set to blank? if ((int) $_POST['bday3'] == 1 && (int) $_POST['bday2'] == 1 && (int) $value == 1) { $value = '0001-01-01'; } else { $value = checkdate($value, $_POST['bday2'], $_POST['bday3'] < 4 ? 4 : $_POST['bday3']) ? sprintf('%04d-%02d-%02d', $_POST['bday3'] < 4 ? 4 : $_POST['bday3'], $_POST['bday1'], $_POST['bday2']) : '0001-01-01'; } } else { $value = '0001-01-01'; } $profile_vars['birthdate'] = $value; $cur_profile['birthdate'] = $value; return false; }), 'birthdate' => array('type' => 'hidden', 'permission' => 'profile_extra', 'input_validate' => function (&$value) { global $cur_profile; // !!! Should we check for this year and tell them they made a mistake :P? (based on coppa at least?) if (preg_match('/(\\d{4})[\\-\\., ](\\d{2})[\\-\\., ](\\d{2})/', $value, $dates) === 1) { $value = checkdate($dates[2], $dates[3], $dates[1] < 4 ? 4 : $dates[1]) ? sprintf('%04d-%02d-%02d', $dates[1] < 4 ? 4 : $dates[1], $dates[2], $dates[3]) : '0001-01-01'; return true; } else { $value = empty($cur_profile['birthdate']) ? '0001-01-01' : $cur_profile['birthdate']; return false; } }), 'date_registered' => array('type' => 'text', 'value' => empty($cur_profile['date_registered']) ? $txt['not_applicable'] : strftime('%Y-%m-%d', $cur_profile['date_registered'] + ($user_info['time_offset'] + $modSettings['time_offset']) * 3600), 'label' => $txt['date_registered'], 'log_change' => true, 'permission' => 'moderate_forum', 'input_validate' => function (&$value) { global $txt, $user_info, $modSettings, $cur_profile, $context; // Bad date! Go try again - please? if (($value = strtotime($value)) === -1) { $value = $cur_profile['date_registered']; return $txt['invalid_registration'] . ' ' . strftime('%d %b %Y ' . (strpos($user_info['time_format'], '%H') !== false ? '%I:%M:%S %p' : '%H:%M:%S'), forum_time(false)); } elseif ($value != $txt['not_applicable'] && $value != strtotime(strftime('%Y-%m-%d', $cur_profile['date_registered'] + ($user_info['time_offset'] + $modSettings['time_offset']) * 3600))) { $value = $value - ($user_info['time_offset'] + $modSettings['time_offset']) * 3600; } else { $value = $cur_profile['date_registered']; } return true; }), 'email_address' => array('type' => 'text', 'label' => $txt['email'], 'subtext' => $txt['valid_email'], 'log_change' => true, 'permission' => 'profile_identity', 'input_validate' => function (&$value) { global $context, $old_profile, $context, $profile_vars, $sourcedir, $modSettings; if (strtolower($value) == strtolower($old_profile['email_address'])) { return false; } $isValid = profileValidateEmail($value, $context['id_member']); // Do they need to revalidate? If so schedule the function! if ($isValid === true && !empty($modSettings['send_validation_onChange']) && !allowedTo('moderate_forum')) { require_once $sourcedir . '/lib/Subs-Members.php'; $profile_vars['validation_code'] = generateValidationCode(); $profile_vars['is_activated'] = 2; $context['profile_execute_on_save'][] = 'profileSendActivation'; unset($context['profile_execute_on_save']['reload_user']); } return $isValid; }), 'gender' => array('type' => 'select', 'cast_type' => 'int', 'options' => 'return array(0 => \'\', 1 => $txt[\'male\'], 2 => $txt[\'female\']);', 'label' => $txt['gender'], 'permission' => 'profile_extra'), 'hide_email' => array('type' => 'check', 'value' => empty($cur_profile['hide_email']) ? true : false, 'label' => $txt['allow_user_email'], 'permission' => 'profile_identity', 'input_validate' => function (&$value) { $value = $value == 0 ? 1 : 0; return true; }), 'id_group' => array('type' => 'callback_template', 'callback_name' => 'profile/group_manage', 'permission' => 'manage_membergroups', 'preload' => 'profileLoadGroups', 'log_change' => true, 'input_validate' => 'profileSaveGroups'), 'id_theme' => array('type' => 'callback_template', 'callback_name' => 'profile/theme_pick', 'permission' => 'profile_extra', 'enabled' => $modSettings['theme_allow'] || allowedTo('admin_forum'), 'preload' => function () { global $context, $cur_profile, $txt; $request = smf_db_query('SELECT value FROM {db_prefix}themes WHERE id_theme = {int:id_theme} AND variable = {string:variable} LIMIT 1', array('id_theme' => $cur_profile['id_theme'], 'variable' => 'name')); list($name) = mysql_fetch_row($request); mysql_free_result($request); $context['member']['theme'] = array('id' => $cur_profile['id_theme'], 'name' => empty($cur_profile['id_theme']) ? $txt['theme_forum_default'] : $name); return true; }, 'input_validate' => function (&$value) { $value = (int) $value; return true; }), 'karma_good' => array('type' => 'callback_template', 'callback_name' => 'profile/reputation_display', 'permission' => 'admin_forum', 'input_validate' => function (&$value) { global $profile_vars, $cur_profile; $value = (int) $value; if (isset($_POST['karma_bad'])) { $profile_vars['karma_bad'] = $_POST['karma_bad'] != '' ? (int) $_POST['karma_bad'] : 0; $cur_profile['karma_bad'] = $_POST['karma_bad'] != '' ? (int) $_POST['karma_bad'] : 0; } return true; }, 'preload' => function () { global $context, $cur_profile; //$context['member']['karma']['good'] = $cur_profile['karma_good']; //$context['member']['karma']['bad'] = $cur_profile['karma_bad']; return true; }, 'enabled' => !empty($modSettings['karmaMode'])), 'lngfile' => array('type' => 'select', 'options' => 'return $context[\'profile_languages\'];', 'label' => $txt['preferred_language'], 'permission' => 'profile_identity', 'preload' => 'profileLoadLanguages', 'enabled' => !empty($modSettings['userLanguage']), 'value' => empty($cur_profile['lngfile']) ? $language : $cur_profile['lngfile'], 'input_validate' => function (&$value) { global $context, $cur_profile; // Load the languages. profileLoadLanguages(); if (isset($context['profile_languages'][$value])) { if ($context['user']['is_owner']) { $_SESSION['language'] = $value; } return true; } else { $value = $cur_profile['lngfile']; return false; } }), 'location' => array('type' => 'text', 'label' => $txt['location'], 'log_change' => true, 'size' => 50, 'permission' => 'profile_extra'), 'member_name' => array('type' => allowedTo('admin_forum') && isset($_GET['changeusername']) ? 'text' : 'label', 'label' => $txt['username'], 'subtext' => allowedTo('admin_forum') && !isset($_GET['changeusername']) ? '(<a href="' . $scripturl . '?action=profile;u=' . $context['id_member'] . ';area=account;changeusername" style="font-style: italic;">' . $txt['username_change'] . '</a>)' : '', 'log_change' => true, 'permission' => 'profile_identity', 'prehtml' => allowedTo('admin_forum') && isset($_GET['changeusername']) ? '<div class="alert">' . $txt['username_warning'] . '</div>' : '', 'input_validate' => function (&$value) { global $sourcedir, $context, $user_info, $cur_profile; if (allowedTo('admin_forum')) { // We\'ll need this... require_once $sourcedir . '/lib/Subs-Auth.php'; // Maybe they are trying to change their password as well? $resetPassword = true; if (isset($_POST['passwrd1']) && $_POST['passwrd1'] != '' && isset($_POST['passwrd2']) && $_POST['passwrd1'] == $_POST['passwrd2'] && validatePassword($_POST['passwrd1'], $value, array($cur_profile['real_name'], $user_info['username'], $user_info['name'], $user_info['email'])) == null) { $resetPassword = false; } // Do the reset... this will send them an email too. if ($resetPassword) { resetPassword($context['id_member'], $value); } elseif ($value !== null) { validateUsername($context['id_member'], $value); updateMemberData($context['id_member'], array('member_name' => $value)); } } return false; }), 'passwrd1' => array('type' => 'password', 'label' => $txt['choose_pass'], 'subtext' => $txt['password_strength'], 'size' => 20, 'value' => '', 'enabled' => empty($cur_profile['openid_uri']), 'permission' => 'profile_identity', 'save_key' => 'passwd', 'input_validate' => function (&$value) { global $sourcedir, $user_info, $smcFunc, $cur_profile; // If we didn\'t try it then ignore it! if ($value == '') { return false; } // Do the two entries for the password even match? if (!isset($_POST['passwrd2']) || $value != $_POST['passwrd2']) { return 'bad_new_password'; } // Let\'s get the validation function into play... require_once $sourcedir . '/lib/Subs-Auth.php'; $passwordErrors = validatePassword($value, $cur_profile['member_name'], array($cur_profile['real_name'], $user_info['username'], $user_info['name'], $user_info['email'])); // Were there errors? if ($passwordErrors != null) { return 'password_' . $passwordErrors; } // Set up the new password variable... ready for storage. $value = sha1(strtolower($cur_profile['member_name']) . un_htmlspecialchars($value)); return true; }), 'passwrd2' => array('type' => 'password', 'label' => $txt['verify_pass'], 'enabled' => empty($cur_profile['openid_uri']), 'size' => 20, 'value' => '', 'permission' => 'profile_identity', 'is_dummy' => true), 'personal_text' => array('type' => 'text', 'label' => $txt['personal_text'], 'log_change' => true, 'input_attr' => array('maxlength="50"'), 'size' => 50, 'permission' => 'profile_extra'), 'pm_prefs' => array('type' => 'callback_template', 'callback_name' => 'pm/settings', 'permission' => 'pm_read', 'preload' => function () { global $context, $cur_profile; $context['display_mode'] = $cur_profile['pm_prefs'] & 3; $context['send_email'] = $cur_profile['pm_email_notify']; $context['receive_from'] = !empty($cur_profile['pm_receive_from']) ? $cur_profile['pm_receive_from'] : 0; return true; }, 'input_validate' => function (&$value) { global $cur_profile, $profile_vars; // Simple validate and apply the two "sub settings" $value = max(min($value, 2), 0); $cur_profile['pm_email_notify'] = $profile_vars['pm_email_notify'] = max(min((int) $_POST['pm_email_notify'], 2), 0); $cur_profile['pm_receive_from'] = $profile_vars['pm_receive_from'] = max(min((int) $_POST['pm_receive_from'], 4), 0); return true; }), 'posts' => array('type' => 'int', 'label' => $txt['profile_posts'], 'log_change' => true, 'size' => 7, 'permission' => 'moderate_forum', 'input_validate' => function (&$value) { $value = $value != '' ? strtr($value, array(',' => '', '.' => '', ' ' => '')) : 0; return true; }), 'real_name' => array('type' => !empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum') ? 'text' : 'label', 'label' => $txt['name'], 'subtext' => $txt['display_name_desc'], 'log_change' => true, 'input_attr' => array('maxlength="60"'), 'permission' => 'profile_identity', 'enabled' => !empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum'), 'input_validate' => function (&$value) { global $context, $smcFunc, $sourcedir, $cur_profile; $value = trim(preg_replace('~[\\s]~' . ($context['utf8'] ? 'u' : ''), ' ', $value)); if (trim($value) == '') { return 'no_name'; } elseif (CommonAPI::strlen($value) > 60) { return 'name_too_long'; } elseif ($cur_profile['real_name'] != $value) { require_once $sourcedir . '/lib/Subs-Members.php'; if (isReservedName($value, $context['id_member'])) { return 'name_taken'; } } return true; }), 'secret_question' => array('type' => 'text', 'label' => $txt['secret_question'], 'subtext' => $txt['secret_desc'], 'size' => 50, 'permission' => 'profile_identity'), 'secret_answer' => array('type' => 'text', 'label' => $txt['secret_answer'], 'subtext' => $txt['secret_desc2'], 'size' => 20, 'postinput' => '<span class="smalltext" style="margin-left: 4ex;"><a href="' . $scripturl . '?action=helpadmin;help=secret_why_blank" onclick="return reqWin(this.href);">' . $txt['secret_why_blank'] . '</a></span>', 'value' => '', 'permission' => 'profile_identity', 'input_validate' => function (&$value) { $value = $value != '' ? md5($value) : ''; return true; }), 'signature' => array('type' => 'callback_template', 'callback_name' => allowedTo('profile_signature') ? 'profile/signature_modify' : 'profile/signature_cannot_modify', 'permission' => 'profile_extra', 'enabled' => substr($modSettings['signature_settings'], 0, 1) == 1, 'preload' => 'profileLoadSignatureData', 'input_validate' => 'profileValidateSignature'), 'show_online' => array('type' => 'check', 'label' => $txt['show_online'], 'permission' => 'profile_identity', 'enabled' => !empty($modSettings['allow_hideOnline']) || allowedTo('moderate_forum')), 'smiley_set' => array('type' => 'callback_template', 'callback_name' => 'profile/smiley_pick', 'enabled' => !empty($modSettings['smiley_sets_enable']), 'permission' => 'profile_extra', 'preload' => function () { global $modSettings, $context, $txt, $cur_profile; $context['member']['smiley_set']['id'] = empty($cur_profile['smiley_set']) ? '' : $cur_profile['smiley_set']; $context['smiley_sets'] = explode(',', 'none,,' . $modSettings['smiley_sets_known']); $set_names = explode("\n", $txt['smileys_none'] . "\n" . $txt['smileys_forum_board_default'] . "\n" . $modSettings['smiley_sets_names']); foreach ($context['smiley_sets'] as $i => $set) { $context['smiley_sets'][$i] = array('id' => htmlspecialchars($set), 'name' => htmlspecialchars($set_names[$i]), 'selected' => $set == $context['member']['smiley_set']['id']); if ($context['smiley_sets'][$i]['selected']) { $context['member']['smiley_set']['name'] = $set_names[$i]; } } return true; }, 'input_validate' => function (&$value) { global $modSettings; $smiley_sets = explode(',', $modSettings['smiley_sets_known']); if (!in_array($value, $smiley_sets) && $value != 'none') { $value = ''; } return true; }), 'theme_settings' => array('type' => 'callback_template', 'callback_name' => 'profile/theme_settings', 'permission' => 'profile_extra', 'is_dummy' => true, 'preload' => function () { loadLanguage('Settings'); return true; }), 'time_format' => array('type' => 'callback_template', 'callback_name' => 'profile/timeformat_modify', 'permission' => 'profile_extra', 'preload' => function () { global $context, $user_info, $txt, $cur_profile, $modSettings; $context['easy_timeformats'] = array(array('format' => '', 'title' => $txt['timeformat_default']), array('format' => '%B %d, %Y, %I:%M:%S %p', 'title' => $txt['timeformat_easy1']), array('format' => '%B %d, %Y, %H:%M:%S', 'title' => $txt['timeformat_easy2']), array('format' => '%Y-%m-%d, %H:%M:%S', 'title' => $txt['timeformat_easy3']), array('format' => '%d %B %Y, %H:%M:%S', 'title' => $txt['timeformat_easy4']), array('format' => '%d-%m-%Y, %H:%M:%S', 'title' => $txt['timeformat_easy5'])); $context['member']['time_format'] = $cur_profile['time_format']; $context['current_forum_time'] = strftime($modSettings['time_format'], forum_time(false)) . ' ' . date_default_timezone_get(); $context['current_forum_time_js'] = strftime('%Y,' . ((int) strftime('%m', time() + $modSettings['time_offset'] * 3600) - 1) . ',%d,%H,%M,%S', time() + $modSettings['time_offset'] * 3600); $context['current_forum_time_hour'] = (int) strftime('%H', forum_time(false)); return true; }), 'time_offset' => array('type' => 'callback_template', 'callback_name' => 'profile/timeoffset_modify', 'permission' => 'profile_extra', 'preload' => function () { global $context, $cur_profile; $context['member']['time_offset'] = $cur_profile['time_offset']; return true; }, 'input_validate' => function (&$value) { // Validate the time_offset... $value = (double) strtr($value, ',', '.'); if ($value < -23.5 || $value > 23.5) { return 'bad_offset'; } return true; }), 'usertitle' => array('type' => 'text', 'label' => $txt['custom_title'], 'log_change' => true, 'size' => 50, 'permission' => 'profile_title', 'input_attr' => array('maxlength="50"'), 'enabled' => !empty($modSettings['titlesEnable']))); $disabled_fields = !empty($modSettings['disabled_profile_fields']) ? explode(',', $modSettings['disabled_profile_fields']) : array(); // For each of the above let's take out the bits which don't apply - to save memory and security! foreach ($profile_fields as $key => $field) { // Do we have permission to do this? if (isset($field['permission']) && !allowedTo($context['user']['is_owner'] ? array($field['permission'] . '_own', $field['permission'] . '_any') : $field['permission'] . '_any') && !allowedTo($field['permission'])) { unset($profile_fields[$key]); } // Is it enabled? if (isset($field['enabled']) && !$field['enabled']) { unset($profile_fields[$key]); } // Is it specifically disabled? if (in_array($key, $disabled_fields) || isset($field['link_with']) && in_array($field['link_with'], $disabled_fields)) { unset($profile_fields[$key]); } } }
// Additional filtering for Bug #962 if (function_exists('posix_getpwnam') && !in_array("posix_getpwnam", explode(",", ini_get('disable_functions'))) && posix_getpwnam($loginname)) { standard_error('loginnameissystemaccount', Settings::Get('customer.accountprefix')); } } else { $accountnumber = intval(Settings::Get('system.lastaccountnumber')) + 1; $loginname = Settings::Get('customer.accountprefix') . $accountnumber; } // Check if the account already exists $loginname_check_stmt = Database::prepare("\n\t\t\t\t\t\tSELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :loginname"); $loginname_check = Database::pexecute_first($loginname_check_stmt, array('loginname' => $loginname)); $loginname_check_admin_stmt = Database::prepare("\n\t\t\t\t\t\tSELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :loginname"); $loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array('loginname' => $loginname)); if (strtolower($loginname_check['loginname']) == strtolower($loginname) || strtolower($loginname_check_admin['loginname']) == strtolower($loginname)) { standard_error('loginnameexists', $loginname); } elseif (!validateUsername($loginname, Settings::Get('panel.unix_names'), 14 - strlen(Settings::Get('customer.mysqlprefix')))) { if (strlen($loginname) > 14 - strlen(Settings::Get('customer.mysqlprefix'))) { standard_error('loginnameiswrong2', 14 - strlen(Settings::Get('customer.mysqlprefix'))); } else { standard_error('loginnameiswrong', $loginname); } } $guid = intval(Settings::Get('system.lastguid')) + 1; $documentroot = makeCorrectDir(Settings::Get('system.documentroot_prefix') . '/' . $loginname); if (file_exists($documentroot)) { standard_error('documentrootexists', $documentroot); } if ($createstdsubdomain != '1') { $createstdsubdomain = '0'; } if ($phpenabled != '0') {
oci_free_statement($stid); } } } } // REMOVE USER if (isset($_POST['removeUserBtn'])) { $username = $_POST['username']; // check if username is entered, if not display message & return if (empty($username)) { echo '<ul class="list-group"> <li class="list-group-item list-group-item-info">Username cannot be blank. A username must be selected.</li> </ul>'; } else { // Check if username is in the database $results = validateUsername($username, $conn); // if username doesn't exist in the database, display message & return if (empty($results)) { echo '<ul class="list-group"> <li class="list-group-item list-group-item-danger">Username does not exist in the database.</li> </ul>'; } else { // if username exists, remove it removeUser($username, $conn); } } } // retrive contents of users table to display function get_all_users($conn) { $arr = array();
<?php include 'registrationConnection.php'; $action = $_GET['action']; ///////////////////////////////////////// GET ALL THE USERNAME ///////////////////////////////////////////////// if ($action == "getUsername1") { $user = trim($_POST['uname']); if (validateUsername($user) == true) { echo true; } else { echo false; } } else { if ($action == "getUsernameforUpdate") { $user = trim($_POST['uname']); if (validateUsernameForUpdate($user) == true) { echo true; } else { echo false; } } else { if ($action == "checkClientPassword") { if (checkClientPassword(trim($_POST['cpold'])) == true) { echo true; } else { echo false; } } elseif ($action == "clientUpdatePassword") { $password = trim($_POST['cpconew']); $result = clientUpdatePassword($password); echo $result;
<?php include "validate.php"; $formSend = count($_POST) > 0; $username = ""; $email = ""; if ($formSend) { $usernameValid = validateUsername($_POST["username"]); $emailValid = validateEmail($_POST["email"]); $passwordValid = validatePassword($_POST["password"]); $passwordCValid = validateCPassword($_POST["password"], $_POST["passwordC"]); $username = htmlspecialchars($_POST["username"]); $email = htmlspecialchars($_POST["email"]); if ($usernameValid == "" && $emailValid == "" && $passwordValid == "" && $passwordCValid == "") { header('Location: welcome.php?username='******'text/css' rel='stylesheet' href='style.css'/> <script src="jquery-2.1.4.min.js"></script> <script src="jquery.validate.js"></script> <script type="text/javascript" src="registration.js"></script> <script type="text/javascript" src="script.js"></script> </head> <body> <header>
} // ------------------------------------------------------------------------- // 6 COOKIE variabes // ------------------------------------------------------------------------- if (isset($_COOKIE["net2ftpcookie_ftpserver"]) == true) { $net2ftp_globals["cookie_ftpserver"] = validateFtpserver($_COOKIE["net2ftpcookie_ftpserver"]); } else { $net2ftp_globals["cookie_ftpserver"] = ""; } if (isset($_COOKIE["net2ftpcookie_ftpserverport"]) == true) { $net2ftp_globals["cookie_ftpserverport"] = validateFtpserverport($_COOKIE["net2ftpcookie_ftpserverport"]); } else { $net2ftp_globals["cookie_ftpserverport"] = ""; } if (isset($_COOKIE["net2ftpcookie_username"]) == true) { $net2ftp_globals["cookie_username"] = validateUsername($_COOKIE["net2ftpcookie_username"]); } else { $net2ftp_globals["cookie_username"] = ""; } if (isset($_COOKIE["net2ftpcookie_language"]) == true) { $net2ftp_globals["cookie_language"] = validateLanguage($_COOKIE["net2ftpcookie_language"]); } else { $net2ftp_globals["cookie_language"] = ""; } if (isset($_COOKIE["net2ftpcookie_skin"]) == true) { $net2ftp_globals["cookie_skin"] = validateSkin($_COOKIE["net2ftpcookie_skin"]); } else { $net2ftp_globals["cookie_skin"] = ""; } if (isset($_COOKIE["net2ftpcookie_ftpmode"]) == true) { $net2ftp_globals["cookie_ftpmode"] = validateFtpmode($_COOKIE["net2ftpcookie_ftpmode"]);
function register($username, $email, $password) { global $TLD, $tld_db; show_header(); /* prepare clean data */ $username = htmlspecialchars(stripslashes($username)); $password = htmlspecialchars(stripslashes($password)); #$name=htmlspecialchars(stripslashes($name)); $email = htmlspecialchars(stripslashes($email)); /* perform validation checks */ if (filter_var($email, FILTER_VALIDATE_EMAIL) == FALSE) { echo "Not a valid email address"; die; } if (!validateUsername($username)) { echo "Usernames must be alphanumeric characters only<br>"; die; } $username = clean_up_input($username); /* just in case */ $username = strtolower($username); if (username_taken($username)) { echo "That username is already taken. Please try using another, different username."; die; } /* let the user know */ echo "Creating new account for {$username}<BR>\n"; /* generate user verification key */ $userkeyfile = "tmp/" . $username . ".ukf"; // some environments does not allow execuion outside its boundaries even /tmp $fh = fopen($userkeyfile, 'w') or die("Can't create user key verification file. Please report this to the admin."); $userkey = unique_id(16); fwrite($fh, $userkey); fclose($fh); /* prepare account */ $base = database_open_now($tld_db, 0666); $real_password = hash('sha256', $password); date_default_timezone_set('Etc/UTC'); $registered = strftime('%Y-%m-%d'); #$query = "INSERT INTO users (username, password, email, registered, verified) # VALUES('".$username."', '".$real_password."', '".$email."', '".$registered."', 0)"; #$results = database_query_now($base, $query); $results = database_pdo_query("INSERT INTO users (username, password, email, registered, verified) VALUES('" . $username . "', '" . $real_password . "', '" . $email . "', '" . $registered . "', 0)"); /* construct email */ $msg_FROM = "FROM: hostmaster@opennic." . $TLD; $msg_subject = "OpenNIC " . $TLD . " User Registration."; $msg = "Welcome " . $username . " to OpenNIC." . $TLD . "!\n\n"; $msg .= "Your details are:\n"; $msg .= "Username: "******"\n"; $msg .= "Password: (The one you specified during sign up. Remember, this is encrypted and cannot be retrieved.)\n\n"; $msg .= "Always ensure your contact details are up to date.\n\n"; $msg .= "To confirm this email and activate your account, please visit https://www.opennic." . $TLD . "/register/confirm.php?username="******"&userkey=" . $userkey . "\nYou have 24 hours to activate your account, otherwise it will be deleted.\n\n"; $msg .= "Thank you for your patronage.\nOpenNIC" . $TLD . " Administration.\n"; mail($email, $msg_subject, $msg, $msg_FROM); echo "If registration was successful, you should receive an email shortly. Please contact hostmaster@opennic." . $TLD . " if you do not receive one within 24 hours. Please ensure that email address is on your email whitelist."; // echo "DEBUG: [".$msg."]"; }
} ?> /> <span class="formcheck" id="spanEmail"> </span><br /> <label>Username:</label> <input type="text" name="USERNAME" size="30" id="user" onfocus="usernameValid()" value="<?php if (isset($_POST['USERNAME'])) { echo $username; } ?> " <?php if (!validateUsername($username)) { echo $styleInvalid; } ?> /> <span class="formcheck" id="spanUsername"> </span><br /> <label>Password:</label> <input type="password" name="PASSWORD" size="30" id="passwd" class="validates" onfocus="pValid()" /> <span class="formcheck" id="spanP"></span><br /> <label>Confirm Password:</label> <input type="password" name="CONFIRMPASSWORD" size="30" id="confirmPasswd" class="validates" onkeyup="passwdValid()" <?php
} $diskspace = $diskspace * 1024; $traffic = $traffic * 1024 * 1024; $ipaddress = intval_ressource($_POST['ipaddress']); // Check if the account already exists $loginname_check_stmt = Database::prepare("\n\t\t\t\tSELECT `loginname` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname` = :login\n\t\t\t"); $loginname_check = Database::pexecute_first($loginname_check_stmt, array('login' => $loginname)); $loginname_check_admin_stmt = Database::prepare("\n\t\t\t\tSELECT `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname` = :login\n\t\t\t"); $loginname_check_admin = Database::pexecute_first($loginname_check_admin_stmt, array('login' => $loginname)); if ($loginname == '') { standard_error(array('stringisempty', 'myloginname')); } elseif (strtolower($loginname_check['loginname']) == strtolower($loginname) || strtolower($loginname_check_admin['loginname']) == strtolower($loginname)) { standard_error('loginnameexists', $loginname); } elseif (preg_match('/^' . preg_quote(Settings::Get('customer.accountprefix'), '/') . '([0-9]+)/', $loginname)) { standard_error('loginnameissystemaccount', Settings::Get('customer.accountprefix')); } elseif (!validateUsername($loginname)) { standard_error('loginnameiswrong', $loginname); } elseif ($name == '') { standard_error(array('stringisempty', 'myname')); } elseif ($email == '') { standard_error(array('stringisempty', 'emailadd')); } elseif ($password == '') { standard_error(array('stringisempty', 'mypassword')); } elseif (!validateEmail($email)) { standard_error('emailiswrong', $email); } else { if ($customers_see_all != '1') { $customers_see_all = '0'; } if ($domains_see_all != '1') { $domains_see_all = '0';
function net2ftp_module_printBody() { // -------------- // This function prints the login screen // -------------- // ------------------------------------------------------------------------- // Global variables // ------------------------------------------------------------------------- global $net2ftp_settings, $net2ftp_globals, $net2ftp_messages, $net2ftp_result, $net2ftp_output; // The 2 go_to_state variables come from the bookmark, or from registerglobals.inc.php if (isset($_GET["go_to_state"]) == true) { $go_to_state = validateGenericInput($_GET["go_to_state"]); } else { $go_to_state = $net2ftp_globals["go_to_state"]; } if (isset($_GET["go_to_state2"]) == true) { $go_to_state2 = validateGenericInput($_GET["go_to_state2"]); } else { $go_to_state2 = $net2ftp_globals["go_to_state2"]; } if (isset($_GET["errormessage"]) == true) { $errormessage = validateGenericInput($_GET["errormessage"]); } // Most actions if (isset($_POST["list"]) == true) { $list = getSelectedEntries($_POST["list"]); } else { $list = ""; } // Bookmark if (isset($_POST["url"]) == true) { $url = validateGenericInput($_POST["url"]); } else { $url = ""; } if (isset($_POST["text"]) == true) { $text = validateGenericInput($_POST["text"]); } else { $text = ""; } // Copy, move, delete if (isset($_POST["ftpserver2"]) == true) { $net2ftp_globals["ftpserver2"] = validateFtpserver($_POST["ftpserver2"]); } else { $net2ftp_globals["ftpserver2"] = ""; } if (isset($_POST["ftpserverport2"]) == true) { $net2ftp_globals["ftpserverport2"] = validateFtpserverport($_POST["ftpserverport2"]); } else { $net2ftp_globals["ftpserverport2"] = ""; } if (isset($_POST["username2"]) == true) { $net2ftp_globals["username2"] = validateUsername($_POST["username2"]); } else { $net2ftp_globals["username2"] = ""; } if (isset($_POST["password2"]) == true) { $net2ftp_globals["password2"] = validatePassword($_POST["password2"]); } else { $net2ftp_globals["password2"] = ""; } // Edit if (isset($_POST["textareaType"]) == true) { $textareaType = validateTextareaType($_POST["textareaType"]); } else { $textareaType = ""; } if (isset($_POST["text"]) == true) { $text = $_POST["text"]; } else { $text = ""; } if (isset($_POST["text_splitted"]) == true) { $text_splitted = $_POST["text_splitted"]; } else { $text_splitted = ""; } // Find string if (isset($_POST["searchoptions"]) == true) { $searchoptions = $_POST["searchoptions"]; } // New directory // Rename if (isset($_POST["newNames"]) == true) { $newNames = validateEntry($_POST["newNames"]); } else { $newNames = ""; } // Raw FTP command if (isset($_POST["command"]) == true) { $command = $_POST["command"]; } else { $command = "CWD {$directory_html}\nPWD\n"; } // Zip if (isset($_POST["zipactions"]) == true) { $zipactions = $_POST["zipactions"]; } else { $zipactions = ""; } // ------------------------------------------------------------------------- // Variables for all screens // ------------------------------------------------------------------------- $formname = "LoginForm"; $enctype = ""; if ($net2ftp_globals["state2"] == "admin") { $message = __("Please enter your Administrator username and password."); $button_text = __("Login"); $username_fieldname = "input_admin_username"; $password_fieldname = "input_admin_password"; $username_value = ""; $password_value = ""; $focus = $username_fieldname; } elseif ($net2ftp_globals["state2"] == "bookmark") { $message = __("Please enter your username and password for FTP server <b>%1\$s</b>.", htmlEncode2($net2ftp_globals["ftpserver"])); $button_text = __("Login"); $username_fieldname = "username"; $password_fieldname = "password"; if (isset($net2ftp_globals["username"]) == true) { $username_value = htmlEncode2($net2ftp_globals["username"]); $focus = $password_fieldname; } else { $username_value = ""; $focus = $username_fieldname; } $password_value = ""; } elseif ($net2ftp_globals["state2"] == "session_expired") { $message = __("Your session has expired; please enter your password for FTP server <b>%1\$s</b> to continue.", htmlEncode2($net2ftp_globals["ftpserver"])); $button_text = __("Continue"); $username_fieldname = "username"; $password_fieldname = "password"; if (isset($net2ftp_globals["username"]) == true) { $username_value = htmlEncode2($net2ftp_globals["username"]); $focus = $password_fieldname; } else { $username_value = ""; $focus = $username_fieldname; } $password_value = ""; } elseif ($net2ftp_globals["state2"] == "session_ipchange") { $message = __("Your IP address has changed; please enter your password for FTP server <b>%1\$s</b> to continue.", htmlEncode2($net2ftp_globals["ftpserver"])); $button_text = __("Continue"); $username_fieldname = "username"; $password_fieldname = "password"; if (isset($net2ftp_globals["username"]) == true) { $username_value = htmlEncode2($net2ftp_globals["username"]); $focus = $password_fieldname; } else { $username_value = ""; $focus = $username_fieldname; } $password_value = ""; } // ------------------------------------------------------------------------- // Print the output // ------------------------------------------------------------------------- require_once $net2ftp_globals["application_skinsdir"] . "/" . $net2ftp_globals["skin"] . "/login_small.template.php"; }
$r = $this->db1->query("SELECT username FROM users WHERE email='" . $fb_email . "' AND auth='facebook'"); if (!($obj = $db2->fetch_object($r))) { $code = uniqueCode(11, 1, 'users', 'code'); $fb_pass = getCode(10, 1); $salt = md5(uniqid(rand(), true)); $hash = hash('sha512', $salt . $fb_pass); $ip = $this->db1->escape(ip2long($_SERVER['REMOTE_ADDR'])); $fb_id = $D->fb_user_profile['id']; $fb_first_name = $this->db1->e($D->fb_user_profile['first_name']); $fb_last_name = $this->db1->e($D->fb_user_profile['last_name']); $fb_gender = $D->fb_user_profile['gender']; $fb_username = $D->fb_user_profile['name']; $fb_username = str_replace(' ', '', $fb_username); $fb_username = str_replace('.', '', $fb_username); //if the username does not work, use your email if (!validateUsername($fb_username)) { $newUser = explode('@', $fb_email); $fb_username = str_replace('.', '', $newUser[0]); $fb_username = str_replace('-', '', $fb_username); $lenun = strlen($fb_username); if (strlen($fb_username) < 6) { $fb_username = $fb_username . getCode(6 - $lenun, 1); } } $numu = $this->db1->fetch_field("SELECT count(iduser) FROM users WHERE username='******'"); if ($numu != 0) { $fb_username = $fb_username . '' . ($numu + 1); } $fb_username = $this->db1->e($fb_username); $gender = 0; if ($fb_gender == 'male') {