function check_admin_pass($password) { global $settings, $userdata; if ($settings['login_method'] == "cookies") { if (isset($_COOKIE[COOKIE_PREFIX . 'admin']) && encrypt_pw_part2($_COOKIE[COOKIE_PREFIX . 'admin']) == $userdata['user_admin_password'] || encrypt_pw($password) == $userdata['user_admin_password']) { return true; } else { return false; } } elseif ($settings['login_method'] == "sessions") { if (isset($_SESSION[COOKIE_PREFIX . 'admin']) && encrypt_pw_part2($_SESSION[COOKIE_PREFIX . 'admin']) == $userdata['user_admin_password'] || encrypt_pw($password) == $userdata['user_admin_password']) { return true; } else { return false; } } }
if (sendemail($username, $email, $settings['siteusername'], $settings['siteemail'], $locale['449'], $locale['450'] . $activation_url)) { $user_info = serialize(array("user_name" => $username, "user_password" => encrypt_pw($password1), "user_email" => $email, "user_hide_email" => isnum($_POST['user_hide_email']) ? $_POST['user_hide_email'] : "1")); $result = dbquery("INSERT INTO " . DB_NEW_USERS . " (user_code, user_email, user_datestamp, user_info) VALUES('{$user_code}', '" . $email . "', '" . time() . "', '{$user_info}')"); // Log Registration + Security Question log_registration($username, $email, $log); opentable($locale['400']); echo "<div style='text-align:center'><br />\n" . $locale['454'] . "<br /><br />\n</div>\n"; closetable(); } else { opentable($locale['456']); echo "<div style='text-align:center'><br />\n" . $locale['457'] . "<br /><br />\n</div>\n"; closetable(); } } else { $user_status = $settings['admin_activation'] == "1" ? "2" : "0"; $result = dbquery("INSERT INTO " . DB_USERS . " (user_name, user_password, user_admin_password, user_email, user_hide_email, user_avatar, user_posts, user_threads, user_joined, user_lastvisit, user_ip, user_rights, user_groups, user_level, user_status" . $db_fields . ") VALUES('{$username}', '" . encrypt_pw($password1) . "', '', '" . $email . "', '{$user_hide_email}', '', '0', '0', '" . time() . "', '0', '" . USER_IP . "', '', '', '" . nMEMBER . "', '{$user_status}'" . $db_values . ")"); $user_id = mysql_insert_id(); if ($settings['welcome_pm']) { // Pimped: Welcome PM send_pm($user_id, $settings['welcome_pm_from'], $settings['welcome_pm_subject'], $settings['welcome_pm_message'], $settings['welcome_pm_smiley']); } // Log Registration + Security Question log_registration($username, $email, $log, $user_id); unset($user_id); opentable($locale['400']); if ($settings['admin_activation'] == "1") { echo "<div style='text-align:center'><br />\n" . $locale['451'] . "<br /><br />\n" . $locale['453'] . "<br /><br />\n</div>\n"; } else { echo "<div style='text-align:center'><br />\n" . $locale['451'] . "<br /><br />\n" . $locale['452'] . "<br /><br />\n</div>\n"; } closetable();
} else { @unlink(IMAGES_AVA . $avatarname); $set_avatar = ""; } } else { $set_avatar = ""; } } if (isset($_POST['del_avatar'])) { @unlink(IMAGES_AVA . $user_data['user_avatar']); $set_avatar = ", user_avatar=''"; } $result = dbquery("SELECT field_name FROM " . DB_USER_FIELDS . " tuf\r\n\t\tINNER JOIN " . DB_USER_FIELD_CATS . " tufc ON tuf.field_cat = tufc.field_cat_id\r\n\t\tORDER BY field_cat_order, field_order"); if (dbrows($result)) { $profile_method = "validate_update"; while ($data = dbarray($result)) { if (file_exists(LOCALE . LOCALESET . "user_fields/" . $data['field_name'] . ".php")) { include LOCALE . LOCALESET . "user_fields/" . $data['field_name'] . ".php"; } if (file_exists(INCLUDES . "user_fields/" . $data['field_name'] . "_include.php")) { include INCLUDES . "user_fields/" . $data['field_name'] . "_include.php"; } } } if ($user_new_password) { $new_pass = "******" . encrypt_pw($user_new_password) . "', "; } else { $new_pass = "******"; } $result = dbquery("UPDATE " . DB_USERS . " SET user_name='" . $user_name . "'," . $new_pass . "user_email='" . $user_email . "',\r\n\tuser_hide_email='" . $user_hide_email . "'" . ($set_avatar ? $set_avatar : "") . $db_values . " WHERE user_id='" . $user_data['user_id'] . "'"); }
$result = dbquery("SELECT field_name FROM " . DB_USER_FIELDS . " tuf\r\n\t\t\tINNER JOIN " . DB_USER_FIELD_CATS . " tufc ON tuf.field_cat = tufc.field_cat_id\r\n\t\t\tORDER BY field_cat_order, field_order"); if (dbrows($result)) { while ($data = dbarray($result)) { if (file_exists(LOCALE . LOCALESET . "user_fields/" . $data['field_name'] . ".php")) { include_once LOCALE . LOCALESET . "user_fields/" . $data['field_name'] . ".php"; } elseif (file_exists(LOCALE . "English/user_fields/" . $data['field_name'] . ".php")) { // Pimped include_once LOCALE . "English/user_fields/" . $data['field_name'] . ".php"; } if (file_exists(INCLUDES . "user_fields/" . $data['field_name'] . "_include.php")) { include INCLUDES . "user_fields/" . $data['field_name'] . "_include.php"; } } } if ($error == "") { $result = dbquery("INSERT INTO " . DB_USERS . " (user_name, user_password, user_admin_password, user_email, user_hide_email, user_avatar, user_posts, user_threads, user_joined, user_lastvisit, user_ip, user_rights, user_groups, user_level, user_status, user_actiontime" . (isset($db_fields) ? $db_fields : "") . ") VALUES('{$username}', '" . encrypt_pw($_POST['password1']) . "', '', '" . $_POST['email'] . "', '" . intval($_POST['hide_email']) . "', '', '0', '0', '" . time() . "', '0', '" . USER_IP . "', '', '', '" . nMEMBER . "', '0', '0'" . (isset($db_values) ? $db_values : "") . ")"); // Pimped: nMEMBER and encrypt_pw(); // todo: radio check button to disable the mail require_once LOCALE . LOCALESET . "admin/members_email.php"; require_once INCLUDES . "sendmail_include.php"; $subject = $locale['email_create_subject'] . $settings['sitename']; $replace_this = array("[USER_NAME]", "[PASSWORD]"); $replace_with = array($username, $_POST['password1']); $message = str_replace($replace_this, $replace_with, $locale['email_create_message']); sendemail($username, $_POST['email'], $settings['siteusername'], $settings['siteemail'], $subject, $message); opentable($locale['480']); echo "<div style='text-align:center'><br />\n" . $locale['481'] . "<br /><br />\n"; echo "<a href='members.php" . $aidlink . "'>" . $locale['432'] . "</a><br /><br />\n"; echo "<a href='index.php" . $aidlink . "'>" . $locale['433'] . "</a><br /><br />\n"; echo "</div>\n"; closetable();
$error = 1; } if ($error == 0) { $result = dbquery("SELECT user_id, user_name FROM " . DB_USERS . " WHERE user_password='******'account'] . "' AND user_email='" . $email . "'"); if (dbrows($result) != 0) { $data = dbarray($result); $chars = "abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ123456789-_!@"; $char_count = strlen($chars) - 1; $new_pass = ""; for ($i = 0; $i < 8; $i++) { $new_pass .= substr($chars, mt_rand(0, $char_count), 1); } $mailbody = str_replace("[NEW_PASS]", $new_pass, $locale['411']); $mailbody = str_replace("[USER_NAME]", $data['user_name'], $mailbody); sendemail($data['user_name'], $email, $settings['siteusername'], $settings['siteemail'], $locale['409'] . $settings['sitename'], $mailbody); $result = dbquery("UPDATE " . DB_USERS . " SET user_password='******' WHERE user_id='" . $data['user_id'] . "'"); echo "<div style='text-align:center'><br />\n" . $locale['402'] . "<br /><br />\n<a href='index.php'>" . $locale['403'] . "</a><br /><br />\n</div>\n"; } else { $error = 1; } } if ($error == 1) { redirect("index.php"); } } elseif (isset($_POST['send_password'])) { $email = stripinput(trim(preg_replace("/ +/i", "", $_POST['email']))); if (preg_match("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $email)) { $result = dbquery("SELECT user_name, user_password FROM " . DB_USERS . " WHERE user_email='" . $email . "'"); if (dbrows($result)) { $data = dbarray($result); $new_pass_link = $settings['siteurl'] . "lostpassword.php?email=" . $email . "&account=" . $data['user_password'];