$acc_page_vars['refer_points'] = Account::getReferPoints($acc->account_username);
$template_vars['acc_page'] = Template::load('refer.html', $acc_page_vars, 0);
} elseif (isset($_GET['profile'])) {
if (isset($_GET['cpass']) && $GLOBALS['CONFIG_CHANGE_PASS']) {
if (isset($_POST['change_password']) && isset($_POST['change_npassword']) && isset($_POST['change_rnpassword'])) {
$change_password = $acc_page_vars['val_pass'] = htmlspecialchars($_POST['change_password']);
$change_npassword = $acc_page_vars['val_npass'] = htmlspecialchars($_POST['change_npassword']);
$change_rnpassword = $acc_page_vars['val_rnpass'] = htmlspecialchars($_POST['change_rnpassword']);
if ($acc->validate_pass($change_password) && $acc->validate_pass($change_npassword) && $acc->validate_pass($change_rnpassword)) {
if ($change_npassword != $change_rnpassword) {
$GLOBALS['the_status'] = $GLOBALS['LANG_ERROR_RNPSAME'];
} elseif ($change_npassword == $change_password) {
$GLOBALS['the_status'] = $GLOBALS['LANG_ERROR_NPSAME'];
} else {
$old_pass = Main::encrypt($change_password);
$new_pass = Main::encrypt($change_npassword);
if ($GLOBALS['CONFIG_SERVER_TYPE'] == 1) {
$query = Main::db_query(sprintf($GLOBALS['DBQUERY_CHECK_LOGIN'], $GLOBALS['DBSTRUCT_L2OFF_USERAUT_TABLE'], $GLOBALS['DBSTRUCT_L2OFF_USERAUT_ACCOUNT'], Main::db_escape_string($acc->account_username, $GLOBALS['DB_LOGIN_SERVER']), $GLOBALS['DBSTRUCT_L2OFF_USERAUT_PASS'], 'CONVERT(binary, ' . $old_pass . ')'), $GLOBALS['DB_LOGIN_SERVER']);
} else {
$query = Main::db_query(sprintf($GLOBALS['DBQUERY_CHECK_LOGIN'], $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_TABLE'], $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_NAME'], Main::db_escape_string($acc->account_username, $GLOBALS['DB_LOGIN_SERVER']), $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_PASS'], '\'' . $old_pass . '\''), $GLOBALS['DB_LOGIN_SERVER']);
}
if (Main::db_rows($query) == 1) {
$cpass_flood = new AFlood('cpass');
if (!$cpass_flood->check()) {
$GLOBALS['the_status'] = $GLOBALS['LANG_ERROR_CPASS_TIME'];
} else {
if ($GLOBALS['CONFIG_SERVER_TYPE'] == 1) {
Main::db_query(sprintf($GLOBALS['DBQUERY_CHANGE_PASSWORD'], $GLOBALS['DBSTRUCT_L2OFF_USERAUT_TABLE'], $GLOBALS['DBSTRUCT_L2OFF_USERAUT_PASS'], 'CONVERT(binary, ' . $new_pass . ')', $GLOBALS['DBSTRUCT_L2OFF_USERAUT_ACCOUNT'], Main::db_escape_string($acc->account_username, $GLOBALS['DB_LOGIN_SERVER'])), $GLOBALS['DB_LOGIN_SERVER']);
} else {
Main::db_query(sprintf($GLOBALS['DBQUERY_CHANGE_PASSWORD'], $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_TABLE'], $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_PASS'], '\'' . $new_pass . '\'', $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_NAME'], Main::db_escape_string($acc->account_username, $GLOBALS['DB_LOGIN_SERVER'])), $GLOBALS['DB_LOGIN_SERVER']);
}
if (isset($_GET['uname'])) {
$template_vars['val_user'] = htmlspecialchars($_GET['uname']);
}
if (isset($_GET['rid'])) {
$template_vars['val_code'] = htmlspecialchars($_GET['rid']);
}
if (isset($_GET['uname']) && isset($_GET['rid'])) {
$rec_user = htmlspecialchars(trim($_GET['uname']));
$rec_rid = htmlspecialchars(trim($_GET['rid']));
if ($acc->validate_user($rec_user) && $acc->validate_code($rec_rid)) {
if (Account::recover_check($rec_user)) {
$query = Main::db_query(sprintf($GLOBALS['DBQUERY_MCHECK_CHECK'], Main::db_escape_string($rec_user, $GLOBALS['DB_LOGIN_SERVER']), Main::db_escape_string($rec_rid, $GLOBALS['DB_LOGIN_SERVER']), Main::db_escape_string(USER_IP, $GLOBALS['DB_LOGIN_SERVER'])), $GLOBALS['DB_LOGIN_SERVER']);
if (Main::db_rows($query) == 1) {
$query = Main::db_query(sprintf($GLOBALS['DBQUERY_MCHECK_DATA'], Main::db_escape_string($rec_user, $GLOBALS['DB_LOGIN_SERVER']), Main::db_escape_string($rec_rid, $GLOBALS['DB_LOGIN_SERVER']), Main::db_escape_string(USER_IP, $GLOBALS['DB_LOGIN_SERVER'])), $GLOBALS['DB_LOGIN_SERVER']);
$data = Main::db_fetch_row($query);
$new_pass = @Main::encrypt($data[2]);
if ($GLOBALS['CONFIG_SERVER_TYPE'] == 1) {
Main::db_query(sprintf($GLOBALS['DBQUERY_CHANGE_PASSWORD'], $GLOBALS['DBSTRUCT_L2OFF_USERAUT_TABLE'], $GLOBALS['DBSTRUCT_L2OFF_USERAUT_PASS'], 'CONVERT(binary, ' . $new_pass . ')', $GLOBALS['DBSTRUCT_L2OFF_USERAUT_ACCOUNT'], Main::db_escape_string($rec_user, $GLOBALS['DB_LOGIN_SERVER'])), $GLOBALS['DB_LOGIN_SERVER']);
} else {
Main::db_query(sprintf($GLOBALS['DBQUERY_CHANGE_PASSWORD'], $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_TABLE'], $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_PASS'], '\'' . $new_pass . '\'', $GLOBALS['DBSTRUCT_L2J_ACCOUNTS_NAME'], Main::db_escape_string($rec_user, $GLOBALS['DB_LOGIN_SERVER'])), $GLOBALS['DB_LOGIN_SERVER']);
}
Main::db_query(sprintf($GLOBALS['DBQUERY_MCHECK_DELETE'], Main::db_escape_string($rec_user, $GLOBALS['DB_LOGIN_SERVER'])), $GLOBALS['DB_LOGIN_SERVER']);
$mail = new Mail();
$mail->Send($data[1], $GLOBALS['CONFIG_ADMIN_MAIL'], sprintf($GLOBALS['LANG_RECOVER_PASS_MAIL_SUBJECT'], $GLOBALS['CONFIG_WEBSITE_NAME']), sprintf($GLOBALS['LANG_RECOVER_PASS_MAIL'], $data[0], $data[2], $GLOBALS['CONFIG_WEBSITE_NAME']));
$GLOBALS['the_status'] = $GLOBALS['LANG_RECOVER_SUCCEDED'];
} else {
$GLOBALS['the_status'] = $GLOBALS['LANG_ERROR_ACT_SESSION'];
}
} else {
$GLOBALS['the_status'] = $GLOBALS['LANG_ERROR_ACT_EXPIRED'];
}
