die;
}
if (isset($_REQUEST['act']) && $_REQUEST['act'] == 'recover') {
// Recover password
if (!empty($_REQUEST['key'])) {
// User has entered a new password, use step 2
$DB->query("\n\t\t\tSELECT\n\t\t\t\tm.ID,\n\t\t\t\tm.Email,\n\t\t\t\tm.ipcc,\n\t\t\t\ti.ResetExpires\n\t\t\tFROM users_main as m\n\t\t\t\tINNER JOIN users_info AS i ON i.UserID = m.ID\n\t\t\tWHERE i.ResetKey = '" . db_string($_REQUEST['key']) . "'\n\t\t\t\tAND i.ResetKey != ''\n\t\t\t\tAND m.Enabled = '1'");
list($UserID, $Email, $Country, $Expires) = $DB->next_record();
if ($UserID && strtotime($Expires) > time()) {
// If the user has requested a password change, and his key has not expired
$Validate->SetFields('password', '1', 'regex', 'You entered an invalid password. A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol, or is 20 characters or longer', array('regex' => '/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$|.{20,}/'));
$Validate->SetFields('verifypassword', '1', 'compare', 'Your passwords did not match.', array('comparefield' => 'password'));
if (!empty($_REQUEST['password'])) {
// If the user has entered a password.
// If the user has not entered a password, $Reset is not set to 1, and the success message is not shown
$Err = $Validate->ValidateForm($_REQUEST);
if ($Err == '') {
// Form validates without error, set new secret and password.
$DB->query("\n\t\t\t\t\t\tUPDATE\n\t\t\t\t\t\t\tusers_main AS m,\n\t\t\t\t\t\t\tusers_info AS i\n\t\t\t\t\t\tSET\n\t\t\t\t\t\t\tm.PassHash = '" . db_string(Users::make_crypt_hash($_REQUEST['password'])) . "',\n\t\t\t\t\t\t\ti.ResetKey = '',\n\t\t\t\t\t\t\ti.ResetExpires = '0000-00-00 00:00:00'\n\t\t\t\t\t\tWHERE m.ID = '{$UserID}'\n\t\t\t\t\t\t\tAND i.UserID = m.ID");
$DB->query("\n\t\t\t\t\t\tINSERT INTO users_history_passwords\n\t\t\t\t\t\t\t(UserID, ChangerIP, ChangeTime)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t('{$UserID}', '{$_SERVER['REMOTE_ADDR']}', '" . sqltime() . "')");
$Reset = true;
// Past tense form of "to reset", meaning that password has now been reset
G::$LoggedUser['ID'] = $UserID;
// Set $LoggedUser['ID'] for logout_all_sessions() to work
logout_all_sessions();
}
}
// Either a form asking for them to enter the password
// Or a success message if $Reset is 1
require 'recover_step2.php';
} else {
if ($P['category'] > 0 || check_perms('site_collages_renamepersonal')) {
$Val->SetFields('name', '1', 'string', 'The name must be between 3 and 100 characters', array('maxlength' => 100, 'minlength' => 3));
} else {
// Get a collage name and make sure it's unique
$name = $LoggedUser['Username'] . "'s personal collage";
$P['name'] = db_string($name);
$DB->query("\n\t\tSELECT ID\n\t\tFROM collages\n\t\tWHERE Name = '" . $P['name'] . "'");
$i = 2;
while ($DB->has_results()) {
$P['name'] = db_string("{$name} no. {$i}");
$DB->query("\n\t\t\tSELECT ID\n\t\t\tFROM collages\n\t\t\tWHERE Name = '" . $P['name'] . "'");
$i++;
}
}
$Val->SetFields('description', '1', 'string', 'The description must be between 10 and 65535 characters', array('maxlength' => 65535, 'minlength' => 10));
$Err = $Val->ValidateForm($_POST);
if (!$Err && $P['category'] === '0') {
$DB->query("\n\t\tSELECT COUNT(ID)\n\t\tFROM collages\n\t\tWHERE UserID = '{$LoggedUser['ID']}'\n\t\t\tAND CategoryID = '0'\n\t\t\tAND Deleted = '0'");
list($CollageCount) = $DB->next_record();
if ($CollageCount >= $LoggedUser['Permissions']['MaxCollages'] || !check_perms('site_collages_personal')) {
$Err = 'You may not create a personal collage.';
} elseif (check_perms('site_collages_renamepersonal') && !stristr($P['name'], $LoggedUser['Username'])) {
$Err = 'Your personal collage\'s title must include your username.';
}
}
if (!$Err) {
$DB->query("\n\t\tSELECT ID, Deleted\n\t\tFROM collages\n\t\tWHERE Name = '{$P['name']}'");
if ($DB->has_results()) {
list($ID, $Deleted) = $DB->next_record();
if ($Deleted) {
$Err = 'That collection already exists but needs to be recovered; please <a href="staffpm.php">contact</a> the staff team!';
include('step2.php');
}
} elseif(OPEN_REGISTRATION || !empty($_REQUEST['invite'])) {
$Val->SetFields('username',true,'regex','You did not enter a valid username.',array('regex'=>'/^[a-z0-9_?]{1,20}$/iD'));
$Val->SetFields('email',true,'email','You did not enter a valid email address.');
$Val->SetFields('password',true,'string','You did not enter a valid password (6 - 40 characters).',array('minlength'=>6,'maxlength'=>40));
$Val->SetFields('confirm_password',true,'compare','Your passwords do not match.',array('comparefield'=>'password'));
$Val->SetFields('readrules',true,'checkbox','You did not check the box that says you will read the rules.');
$Val->SetFields('readwiki',true,'checkbox','You did not check the box that says you will read the wiki.');
$Val->SetFields('agereq',true,'checkbox','You did not check the box that says you are 13 or older.');
//$Val->SetFields('captcha',true,'string','You did not enter a captcha code.',array('minlength'=>6,'maxlength'=>6));
if(!empty($_REQUEST['submit'])) {
// User has submitted registration form
$Err=$Val->ValidateForm($_REQUEST);
/*
if(!$Err && strtolower($_SESSION['captcha'])!=strtolower($_REQUEST['captcha'])) {
$Err="You did not enter the correct captcha code.";
}
*/
if(!$Err) {
$DB->query("SELECT COUNT(ID) FROM users_main WHERE Username LIKE '".db_string(trim($_REQUEST['username']))."'");
list($UserCount)=$DB->next_record();
if($UserCount) {
$Err='There is already someone registered with that username.';
$_REQUEST['username']='';
}
$Validate->SetFields('release_desc',
'0','string','The release description has a minimum length of 10 characters.',array('maxlength'=>1000000, 'minlength'=>10));
break;
case 'Applications':
case 'Comics':
case 'E-Books':
case 'E-Learning Videos':
$Validate->SetFields('title',
'1','string','Title must be between 2 and 200 characters.',array('maxlength'=>200, 'minlength'=>2));
break;
}
$Err=$Validate->ValidateForm($_POST); // Validate the form
if($Err){ // Show the upload form, with the data the user entered
error_message($Err);
header('Location: '.$_SERVER['HTTP_REFERER']);
die();
}
//******************************************************************************//
//--------------- Make variables ready for database input ----------------------//
// Shorten and escape $Properties for database input
$T = array();
foreach ($Properties as $Key => $Value) {
$T[$Key]="'".db_string(trim($Value))."'";
