function get_check($address)
{
global $blocked_addresses;
if (strrchr($address, '/')) {
$address = substr(strrchr($address, '/'), 1);
}
$ipc = ip_check($address);
$addressip = ip_check($address) ? $address : gethostbyname_cached($address);
if (!ip_check($addressip)) {
havok(1, $address, $addressip);
}
foreach ($blocked_addresses as $badd) {
if (!$ipc) {
if (strlen($badd) <= strlen($address) && substr($address, strlen($address) - strlen($badd), strlen($badd)) == $badd) {
havok(5);
}
}
if ($badd == $addressip) {
havok(2, $address, $addressip);
} elseif (ip_check($badd, true)) {
if (ipcompare($badd, $addressip)) {
havok(2, $address, $addressip);
}
} else {
$baddip = gethostbyname_cached($badd);
if (empty($baddip)) {
havok(4);
}
if ($baddip == $addressip) {
havok(2, $address, $addressip);
}
}
}
return $addressip;
}
<?php
/* $Id: get_newpass.php,v 1.8 2005/11/18 04:19:33 nighty Exp $ */
require "../../php_includes/cmaster.inc";
$cTheme = get_theme_info();
std_theme_styles(1);
std_theme_body();
$username = strtolower($_POST["username"]);
if ($crc != md5($ts . $_SERVER["HTTP_USER_AGENT"] . CRC_SALT_0001)) {
echo "<h1>Error<br><br>Please use the regular page.</h1>\n";
echo "<a href=forgotten_pass.php>click here</a>.";
echo "</body></html>\n\n";
die;
}
if (!ip_check($username, 0)) {
echo "<h1>Error<br>\n";
echo "Too many failed 'forgotten password' attempts for this user.</h1><br>\n";
echo "</body>\n";
echo "</html>\n\n";
die;
}
std_connect();
/*
$res=pg_safe_exec("select * from noreg where lower(user_name)='$username' AND type=4");
if (pg_numrows($res)>0)
{
echo "<h1>Error<br>\n";
echo "The USERNAME entered is fraudulous.</h1><br><h2>This username cannot be used (FRAUD USERNAME)</h2><br><br>\n";
echo "<a href=\"forgotten_pass.php\">Try again.</a>\n";
echo "</body>\n";
echo "</html>\n\n";
<html>
<head>
<title>CService Login</title>
<?php
std_theme_styles();
?>
</head>
<?php
if (($username != "" || $_COOKIE['rlogin'] != "") && !preg_match(NON_BOGUS, $username)) {
std_theme_body("", "document.forms[0].password.focus();");
} else {
std_theme_body("", "document.forms[0].username.focus();");
}
if ($failed) {
echo "<font color=\"#" . $cTheme->main_warnmsg . "\">Login failed. Please try again</font>";
ip_check($username, 1);
}
echo "<center>\n";
echo "<font size=+2><b>Welcome to CService</b></font>\n";
echo "<br>\n";
echo "<table width=\"400\" bgcolor=#" . $cTheme->main_textcolor . ">\n";
echo "<tr><td>\n";
echo "<table cellpadding=5 bgcolor=#" . $cTheme->table_bgcolor . " width=\"100%\">\n";
echo "<tr><td><center>\n";
echo "<font color=#" . $cTheme->main_textcolor . ">\n";
echo "<font size=+2><b>CService Login</b></font>\n";
if (ereg("^http", $redir)) {
$tgt = "";
} else {
$tgt = " target=body";
}
if (!preg_match("/^[A-Za-z0-9_+-.]+@[A-Za-z0-9.-]+\\.[A-Za-z][A-Za-z]+\$/", $_POST["from_mail"])) {
echo $back_lnk;
echo "<big>e-mail syntax is invalid</big>.";
die("</td></tr></table></body></html>");
}
}
$da_crc = md5(CRC_SALT_0013 . $user_id . $_POST["from_mail"] . $_POST["ct"] . $_POST["complaint_text"] . cl_ip());
$da_users_id = $user_id;
switch ($_POST["ct"]) {
case 1:
if (!preg_match(NON_BOGUS, trim($_POST["login"]))) {
echo $back_lnk;
echo "<big>bogus username</big>.";
die("</td></tr></table></body></html>");
}
if (!ip_check(trim($_POST["login"]), 1)) {
echo $back_lnk;
echo "<big>too many failed attempts for username / password pair, try again later.</big>";
die("</td></tr></table></body></html>");
}
$da_users_id = chk_password($_POST["login"], $_POST["passwd"]);
if ($da_users_id == 0) {
echo $back_lnk;
echo "<big>username or password is invalid</big>.";
die("</td></tr></table></body></html>");
}
$rf = pg_safe_exec("SELECT flags FROM users WHERE id='" . (int) $da_users_id . "'");
$of = pg_fetch_object($rf);
if (!((int) $of->flags & 1)) {
// not suspended
echo $back_lnk;
