die; } if (isset($_REQUEST['act']) && $_REQUEST['act'] == 'recover') { // Recover password if (!empty($_REQUEST['key'])) { // User has entered a new password, use step 2 $DB->query("\n\t\t\tSELECT\n\t\t\t\tm.ID,\n\t\t\t\tm.Email,\n\t\t\t\tm.ipcc,\n\t\t\t\ti.ResetExpires\n\t\t\tFROM users_main as m\n\t\t\t\tINNER JOIN users_info AS i ON i.UserID = m.ID\n\t\t\tWHERE i.ResetKey = '" . db_string($_REQUEST['key']) . "'\n\t\t\t\tAND i.ResetKey != ''\n\t\t\t\tAND m.Enabled = '1'"); list($UserID, $Email, $Country, $Expires) = $DB->next_record(); if ($UserID && strtotime($Expires) > time()) { // If the user has requested a password change, and his key has not expired $Validate->SetFields('password', '1', 'regex', 'You entered an invalid password. A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol, or is 20 characters or longer', array('regex' => '/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$|.{20,}/')); $Validate->SetFields('verifypassword', '1', 'compare', 'Your passwords did not match.', array('comparefield' => 'password')); if (!empty($_REQUEST['password'])) { // If the user has entered a password. // If the user has not entered a password, $Reset is not set to 1, and the success message is not shown $Err = $Validate->ValidateForm($_REQUEST); if ($Err == '') { // Form validates without error, set new secret and password. $DB->query("\n\t\t\t\t\t\tUPDATE\n\t\t\t\t\t\t\tusers_main AS m,\n\t\t\t\t\t\t\tusers_info AS i\n\t\t\t\t\t\tSET\n\t\t\t\t\t\t\tm.PassHash = '" . db_string(Users::make_crypt_hash($_REQUEST['password'])) . "',\n\t\t\t\t\t\t\ti.ResetKey = '',\n\t\t\t\t\t\t\ti.ResetExpires = '0000-00-00 00:00:00'\n\t\t\t\t\t\tWHERE m.ID = '{$UserID}'\n\t\t\t\t\t\t\tAND i.UserID = m.ID"); $DB->query("\n\t\t\t\t\t\tINSERT INTO users_history_passwords\n\t\t\t\t\t\t\t(UserID, ChangerIP, ChangeTime)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t('{$UserID}', '{$_SERVER['REMOTE_ADDR']}', '" . sqltime() . "')"); $Reset = true; // Past tense form of "to reset", meaning that password has now been reset G::$LoggedUser['ID'] = $UserID; // Set $LoggedUser['ID'] for logout_all_sessions() to work logout_all_sessions(); } } // Either a form asking for them to enter the password // Or a success message if $Reset is 1 require 'recover_step2.php'; } else {
if ($P['category'] > 0 || check_perms('site_collages_renamepersonal')) { $Val->SetFields('name', '1', 'string', 'The name must be between 3 and 100 characters', array('maxlength' => 100, 'minlength' => 3)); } else { // Get a collage name and make sure it's unique $name = $LoggedUser['Username'] . "'s personal collage"; $P['name'] = db_string($name); $DB->query("\n\t\tSELECT ID\n\t\tFROM collages\n\t\tWHERE Name = '" . $P['name'] . "'"); $i = 2; while ($DB->has_results()) { $P['name'] = db_string("{$name} no. {$i}"); $DB->query("\n\t\t\tSELECT ID\n\t\t\tFROM collages\n\t\t\tWHERE Name = '" . $P['name'] . "'"); $i++; } } $Val->SetFields('description', '1', 'string', 'The description must be between 10 and 65535 characters', array('maxlength' => 65535, 'minlength' => 10)); $Err = $Val->ValidateForm($_POST); if (!$Err && $P['category'] === '0') { $DB->query("\n\t\tSELECT COUNT(ID)\n\t\tFROM collages\n\t\tWHERE UserID = '{$LoggedUser['ID']}'\n\t\t\tAND CategoryID = '0'\n\t\t\tAND Deleted = '0'"); list($CollageCount) = $DB->next_record(); if ($CollageCount >= $LoggedUser['Permissions']['MaxCollages'] || !check_perms('site_collages_personal')) { $Err = 'You may not create a personal collage.'; } elseif (check_perms('site_collages_renamepersonal') && !stristr($P['name'], $LoggedUser['Username'])) { $Err = 'Your personal collage\'s title must include your username.'; } } if (!$Err) { $DB->query("\n\t\tSELECT ID, Deleted\n\t\tFROM collages\n\t\tWHERE Name = '{$P['name']}'"); if ($DB->has_results()) { list($ID, $Deleted) = $DB->next_record(); if ($Deleted) { $Err = 'That collection already exists but needs to be recovered; please <a href="staffpm.php">contact</a> the staff team!';
include('step2.php'); } } elseif(OPEN_REGISTRATION || !empty($_REQUEST['invite'])) { $Val->SetFields('username',true,'regex','You did not enter a valid username.',array('regex'=>'/^[a-z0-9_?]{1,20}$/iD')); $Val->SetFields('email',true,'email','You did not enter a valid email address.'); $Val->SetFields('password',true,'string','You did not enter a valid password (6 - 40 characters).',array('minlength'=>6,'maxlength'=>40)); $Val->SetFields('confirm_password',true,'compare','Your passwords do not match.',array('comparefield'=>'password')); $Val->SetFields('readrules',true,'checkbox','You did not check the box that says you will read the rules.'); $Val->SetFields('readwiki',true,'checkbox','You did not check the box that says you will read the wiki.'); $Val->SetFields('agereq',true,'checkbox','You did not check the box that says you are 13 or older.'); //$Val->SetFields('captcha',true,'string','You did not enter a captcha code.',array('minlength'=>6,'maxlength'=>6)); if(!empty($_REQUEST['submit'])) { // User has submitted registration form $Err=$Val->ValidateForm($_REQUEST); /* if(!$Err && strtolower($_SESSION['captcha'])!=strtolower($_REQUEST['captcha'])) { $Err="You did not enter the correct captcha code."; } */ if(!$Err) { $DB->query("SELECT COUNT(ID) FROM users_main WHERE Username LIKE '".db_string(trim($_REQUEST['username']))."'"); list($UserCount)=$DB->next_record(); if($UserCount) { $Err='There is already someone registered with that username.'; $_REQUEST['username']=''; }
$Validate->SetFields('release_desc', '0','string','The release description has a minimum length of 10 characters.',array('maxlength'=>1000000, 'minlength'=>10)); break; case 'Applications': case 'Comics': case 'E-Books': case 'E-Learning Videos': $Validate->SetFields('title', '1','string','Title must be between 2 and 200 characters.',array('maxlength'=>200, 'minlength'=>2)); break; } $Err=$Validate->ValidateForm($_POST); // Validate the form if($Err){ // Show the upload form, with the data the user entered error_message($Err); header('Location: '.$_SERVER['HTTP_REFERER']); die(); } //******************************************************************************// //--------------- Make variables ready for database input ----------------------// // Shorten and escape $Properties for database input $T = array(); foreach ($Properties as $Key => $Value) { $T[$Key]="'".db_string(trim($Value))."'";