function check_admin_pass($password)
{
global $settings, $userdata;
if ($settings['login_method'] == "cookies") {
if (isset($_COOKIE[COOKIE_PREFIX . 'admin']) && encrypt_pw_part2($_COOKIE[COOKIE_PREFIX . 'admin']) == $userdata['user_admin_password'] || encrypt_pw($password) == $userdata['user_admin_password']) {
return true;
} else {
return false;
}
} elseif ($settings['login_method'] == "sessions") {
if (isset($_SESSION[COOKIE_PREFIX . 'admin']) && encrypt_pw_part2($_SESSION[COOKIE_PREFIX . 'admin']) == $userdata['user_admin_password'] || encrypt_pw($password) == $userdata['user_admin_password']) {
return true;
} else {
return false;
}
}
}
if (sendemail($username, $email, $settings['siteusername'], $settings['siteemail'], $locale['449'], $locale['450'] . $activation_url)) {
$user_info = serialize(array("user_name" => $username, "user_password" => encrypt_pw($password1), "user_email" => $email, "user_hide_email" => isnum($_POST['user_hide_email']) ? $_POST['user_hide_email'] : "1"));
$result = dbquery("INSERT INTO " . DB_NEW_USERS . " (user_code, user_email, user_datestamp, user_info) VALUES('{$user_code}', '" . $email . "', '" . time() . "', '{$user_info}')");
// Log Registration + Security Question
log_registration($username, $email, $log);
opentable($locale['400']);
echo "<div style='text-align:center'><br />\n" . $locale['454'] . "<br /><br />\n</div>\n";
closetable();
} else {
opentable($locale['456']);
echo "<div style='text-align:center'><br />\n" . $locale['457'] . "<br /><br />\n</div>\n";
closetable();
}
} else {
$user_status = $settings['admin_activation'] == "1" ? "2" : "0";
$result = dbquery("INSERT INTO " . DB_USERS . " (user_name, user_password, user_admin_password, user_email, user_hide_email, user_avatar, user_posts, user_threads, user_joined, user_lastvisit, user_ip, user_rights, user_groups, user_level, user_status" . $db_fields . ") VALUES('{$username}', '" . encrypt_pw($password1) . "', '', '" . $email . "', '{$user_hide_email}', '', '0', '0', '" . time() . "', '0', '" . USER_IP . "', '', '', '" . nMEMBER . "', '{$user_status}'" . $db_values . ")");
$user_id = mysql_insert_id();
if ($settings['welcome_pm']) {
// Pimped: Welcome PM
send_pm($user_id, $settings['welcome_pm_from'], $settings['welcome_pm_subject'], $settings['welcome_pm_message'], $settings['welcome_pm_smiley']);
}
// Log Registration + Security Question
log_registration($username, $email, $log, $user_id);
unset($user_id);
opentable($locale['400']);
if ($settings['admin_activation'] == "1") {
echo "<div style='text-align:center'><br />\n" . $locale['451'] . "<br /><br />\n" . $locale['453'] . "<br /><br />\n</div>\n";
} else {
echo "<div style='text-align:center'><br />\n" . $locale['451'] . "<br /><br />\n" . $locale['452'] . "<br /><br />\n</div>\n";
}
closetable();
} else {
@unlink(IMAGES_AVA . $avatarname);
$set_avatar = "";
}
} else {
$set_avatar = "";
}
}
if (isset($_POST['del_avatar'])) {
@unlink(IMAGES_AVA . $user_data['user_avatar']);
$set_avatar = ", user_avatar=''";
}
$result = dbquery("SELECT field_name FROM " . DB_USER_FIELDS . " tuf\r\n\t\tINNER JOIN " . DB_USER_FIELD_CATS . " tufc ON tuf.field_cat = tufc.field_cat_id\r\n\t\tORDER BY field_cat_order, field_order");
if (dbrows($result)) {
$profile_method = "validate_update";
while ($data = dbarray($result)) {
if (file_exists(LOCALE . LOCALESET . "user_fields/" . $data['field_name'] . ".php")) {
include LOCALE . LOCALESET . "user_fields/" . $data['field_name'] . ".php";
}
if (file_exists(INCLUDES . "user_fields/" . $data['field_name'] . "_include.php")) {
include INCLUDES . "user_fields/" . $data['field_name'] . "_include.php";
}
}
}
if ($user_new_password) {
$new_pass = "******" . encrypt_pw($user_new_password) . "', ";
} else {
$new_pass = "******";
}
$result = dbquery("UPDATE " . DB_USERS . " SET user_name='" . $user_name . "'," . $new_pass . "user_email='" . $user_email . "',\r\n\tuser_hide_email='" . $user_hide_email . "'" . ($set_avatar ? $set_avatar : "") . $db_values . " WHERE user_id='" . $user_data['user_id'] . "'");
}
$result = dbquery("SELECT field_name FROM " . DB_USER_FIELDS . " tuf\r\n\t\t\tINNER JOIN " . DB_USER_FIELD_CATS . " tufc ON tuf.field_cat = tufc.field_cat_id\r\n\t\t\tORDER BY field_cat_order, field_order");
if (dbrows($result)) {
while ($data = dbarray($result)) {
if (file_exists(LOCALE . LOCALESET . "user_fields/" . $data['field_name'] . ".php")) {
include_once LOCALE . LOCALESET . "user_fields/" . $data['field_name'] . ".php";
} elseif (file_exists(LOCALE . "English/user_fields/" . $data['field_name'] . ".php")) {
// Pimped
include_once LOCALE . "English/user_fields/" . $data['field_name'] . ".php";
}
if (file_exists(INCLUDES . "user_fields/" . $data['field_name'] . "_include.php")) {
include INCLUDES . "user_fields/" . $data['field_name'] . "_include.php";
}
}
}
if ($error == "") {
$result = dbquery("INSERT INTO " . DB_USERS . " (user_name, user_password, user_admin_password, user_email, user_hide_email, user_avatar, user_posts, user_threads, user_joined, user_lastvisit, user_ip, user_rights, user_groups, user_level, user_status, user_actiontime" . (isset($db_fields) ? $db_fields : "") . ") VALUES('{$username}', '" . encrypt_pw($_POST['password1']) . "', '', '" . $_POST['email'] . "', '" . intval($_POST['hide_email']) . "', '', '0', '0', '" . time() . "', '0', '" . USER_IP . "', '', '', '" . nMEMBER . "', '0', '0'" . (isset($db_values) ? $db_values : "") . ")");
// Pimped: nMEMBER and encrypt_pw();
// todo: radio check button to disable the mail
require_once LOCALE . LOCALESET . "admin/members_email.php";
require_once INCLUDES . "sendmail_include.php";
$subject = $locale['email_create_subject'] . $settings['sitename'];
$replace_this = array("[USER_NAME]", "[PASSWORD]");
$replace_with = array($username, $_POST['password1']);
$message = str_replace($replace_this, $replace_with, $locale['email_create_message']);
sendemail($username, $_POST['email'], $settings['siteusername'], $settings['siteemail'], $subject, $message);
opentable($locale['480']);
echo "<div style='text-align:center'><br />\n" . $locale['481'] . "<br /><br />\n";
echo "<a href='members.php" . $aidlink . "'>" . $locale['432'] . "</a><br /><br />\n";
echo "<a href='index.php" . $aidlink . "'>" . $locale['433'] . "</a><br /><br />\n";
echo "</div>\n";
closetable();
$error = 1;
}
if ($error == 0) {
$result = dbquery("SELECT user_id, user_name FROM " . DB_USERS . " WHERE user_password='******'account'] . "' AND user_email='" . $email . "'");
if (dbrows($result) != 0) {
$data = dbarray($result);
$chars = "abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ123456789-_!@";
$char_count = strlen($chars) - 1;
$new_pass = "";
for ($i = 0; $i < 8; $i++) {
$new_pass .= substr($chars, mt_rand(0, $char_count), 1);
}
$mailbody = str_replace("[NEW_PASS]", $new_pass, $locale['411']);
$mailbody = str_replace("[USER_NAME]", $data['user_name'], $mailbody);
sendemail($data['user_name'], $email, $settings['siteusername'], $settings['siteemail'], $locale['409'] . $settings['sitename'], $mailbody);
$result = dbquery("UPDATE " . DB_USERS . " SET user_password='******' WHERE user_id='" . $data['user_id'] . "'");
echo "<div style='text-align:center'><br />\n" . $locale['402'] . "<br /><br />\n<a href='index.php'>" . $locale['403'] . "</a><br /><br />\n</div>\n";
} else {
$error = 1;
}
}
if ($error == 1) {
redirect("index.php");
}
} elseif (isset($_POST['send_password'])) {
$email = stripinput(trim(preg_replace("/ +/i", "", $_POST['email'])));
if (preg_match("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $email)) {
$result = dbquery("SELECT user_name, user_password FROM " . DB_USERS . " WHERE user_email='" . $email . "'");
if (dbrows($result)) {
$data = dbarray($result);
$new_pass_link = $settings['siteurl'] . "lostpassword.php?email=" . $email . "&account=" . $data['user_password'];
