public function post()
{
$user = Model::factory('User')->where_equal('login', $_POST['email'])->find_one();
if (isset($user->id)) {
echo "Error: This user already exists";
$this->app->redirect($this->app->getBaseUri() . '/signup?error=1');
} else {
$user = Model::factory('User')->create();
$user->login = $_POST['email'];
$user->email = $_POST['email'];
$user->name = $_POST['name'];
$user->display_name = $_POST['name'];
$user->pass = passhash($_POST['pass']);
$user->status = 1;
$user->phone = $_POST['phone'];
$user->activation_key = md5(uniqid(mt_rand(), true));
$user->registered = date('Y-m-d H:i:s');
$user->type = 'user';
$user->save();
$uid = $user->id;
// all other form fields we save as usermeta....
foreach ($_POST as $k => $v) {
if ($k == 'pass') {
continue;
}
$userm = Model::factory('Usermeta')->create();
$userm->user_id = $uid;
$userm->mkey = $k;
$userm->mvalue = $v;
$userm->save();
}
}
$this->app->redirect($this->app->getBaseUri() . '/login');
}
}
if ($_POST['user'] != '') {
$USR = strtolower($_POST['user']);
} else {
$err .= i18n_r('USERNAME_ERROR') . '<br />';
}
if (!check_email_address($_POST['email'])) {
$err .= i18n_r('EMAIL_ERROR') . '<br />';
} else {
$EMAIL = $_POST['email'];
}
# if there were no errors, continue setting up the site
if ($err == '') {
# create new password
$random = createRandomPassword();
$PASSWD = passhash($random);
# create user xml file
$file = _id($USR) . '.xml';
createBak($file, GSUSERSPATH, GSBACKUSERSPATH);
$xml = new SimpleXMLElement('<item></item>');
$xml->addChild('USR', $USR);
$xml->addChild('PWD', $PASSWD);
$xml->addChild('EMAIL', $EMAIL);
$xml->addChild('HTMLEDITOR', '1');
$xml->addChild('TIMEZONE', $TIMEZONE);
$xml->addChild('LANG', $LANG);
if (!XMLsave($xml, GSUSERSPATH . $file)) {
$kill = i18n_r('CHMOD_ERROR');
}
# create password change trigger file
$flagfile = GSUSERSPATH . _id($USR) . ".xml.reset";
# passwords do not match if changing or adding users passwords
$error = i18n_r('PASSWORD_NO_MATCH');
$password = '';
} else {
if ($pwd1 != '' && strlen($pwd1) < getDef('GSPASSLENGTHMIN')) {
# password cannot be shorter than GSPASSLENGTH
$error = i18n_r('PASSWORD_TOO_SHORT');
$password = '';
} else {
if ($pwd1 != '') {
# password changed
$newpassword = $pwd1;
// set new password
exec_action('profile-password-changed');
// @hook profile-password-changed a users password was changed
$password = passhash($newpassword);
// set new password
}
}
}
// check valid lang files
if (isset($lang_array) && !in_array($lang . '.php', $lang_array) && !in_array($lang . '.PHP', $lang_array)) {
$lang = '';
}
// create new xml
$xml = new SimpleXMLElement('<item></item>');
$xml->addChild('USR', $userid);
$xml->addChild('NAME', $name);
$xml->addChild('PWD', $password);
$xml->addChild('EMAIL', $email);
$xml->addChild('HTMLEDITOR', $htmleditor);
# was the form submitted?
if (isset($_POST['submitted'])) {
# initial variable setup
$user_xml = GSUSERSPATH . _id($_POST['userid']) . '.xml';
$userid = strtolower($_POST['userid']);
$password = $_POST['pwd'];
$error = null;
# check the username or password fields
if (!$userid || !$password) {
$error = i18n_r('FILL_IN_REQ_FIELD');
}
# check for any errors
if (!$error) {
exec_action('successful-login-start');
# hash the given password
$password = passhash($password);
# does this user exist?
if (file_exists($user_xml)) {
# pull the data from the user's data file
$data = getXML($user_xml);
$PASSWD = $data->PWD;
$USR = strtolower($data->USR);
# do the username and password match?
if ($userid == $USR && $password == $PASSWD) {
$authenticated = true;
} else {
$authenticated = false;
# add login failure to failed logins log
$logFailed = new GS_Logging_Class('failedlogins.log');
$logFailed->add('Username', $userid);
$logFailed->add('Reason', 'Invalid Password');
public function savenew()
{
$this->app->condition('signed_in');
$me = Model::factory('User')->where_equal('id', $this->app->store('user'))->find_one();
if (isset($_POST['pass1']) && isset($_POST['pass2'])) {
if (!empty($_POST['pass1']) && !empty($_POST['pass2'])) {
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if ($pass1 == $pass2) {
$_POST['pass'] = $pass1;
} else {
header("Location: /user/new" . (isset($_REQUEST['embed']) ? '?embed=' . $_REQUEST['embed'] : null));
exit;
}
}
$user = Model::factory('User')->create();
$user->login = $_POST['email'];
$user->email = $_POST['email'];
$user->name = $_POST['name'];
$user->display_name = $_POST['name'];
$user->pass = passhash($_POST['pass']);
$user->status = 1;
$user->phone = $_POST['phone'];
$user->activation_key = md5(uniqid(mt_rand(), true));
$user->registered = date('Y-m-d H:i:s');
$user->type = 'user';
$user->save();
// all other form fields we save as usermeta....
foreach ($_POST as $k => $v) {
if ($k == 'pass') {
continue;
}
$userm = Model::factory('Usermeta')->create();
$userm->user_id = $uid;
$userm->mkey = $k;
$userm->mvalue = $v;
$userm->save();
}
# header("Location: /user");
echo '<script>top.location.href="/user";</script>';
exit;
}
}
$HTMLEDITOR = '';
}
# check to see if passwords are changing
if (isset($_POST['sitepwd'])) {
$pwd1 = $_POST['sitepwd'];
}
if (isset($_POST['sitepwd_confirm'])) {
$pwd2 = $_POST['sitepwd_confirm'];
}
if ($pwd1 != $pwd2 && $pwd2 != '') {
#passwords do not match
$error = i18n_r('PASSWORD_NO_MATCH');
} else {
# password cannot be null
if ($pwd1 != '' && $pwd2 != '') {
$PASSWD = passhash($pwd1);
}
// check valid lang files
if (!in_array($LANG . '.php', $lang_array) and !in_array($LANG . '.PHP', $lang_array)) {
die;
}
# create user xml file
createBak($file, GSUSERSPATH, GSBACKUSERSPATH);
if (file_exists(GSUSERSPATH . _id($USR) . '.xml.reset')) {
unlink(GSUSERSPATH . _id($USR) . '.xml.reset');
}
$xml = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><item></item>');
$xml->addChild('USR', $USR);
$xml->addChild('NAME', var_out($NAME));
$xml->addChild('PWD', $PASSWD);
$xml->addChild('EMAIL', var_out($EMAIL, 'email'));
$message = sprintf(T_("EMAIL_ADDRESS_BANNED_S"), $email);
}
// check if email addy is already in use
$a = @mysql_fetch_row(@SQL_Query_exec("select count(*) from users where email='{$email}'"));
if ($a[0] != 0) {
$message = sprintf(T_("EMAIL_ADDRESS_INUSE_S"), $email);
}
}
//check username isnt in use
$a = @mysql_fetch_row(@SQL_Query_exec("select count(*) from users where username='******'"));
if ($a[0] != 0) {
$message = sprintf(T_("USERNAME_INUSE_S"), $wantusername);
}
$secret = mksecret();
//generate secret field
$wantpassword = passhash($wantpassword);
// hash the password
}
if ($message != "") {
show_error_msg(T_("SIGNUP_FAILED"), $message, 1);
}
if ($message == "") {
if ($invite_row) {
SQL_Query_exec("UPDATE users SET username="******", password="******", secret=" . sqlesc($secret) . ", status='confirmed', added='" . get_date_time() . "' WHERE id={$invite_row['id']}");
//send pm to new user
if ($site_config["WELCOMEPMON"]) {
$dt = sqlesc(get_date_time());
$msg = sqlesc($site_config["WELCOMEPMMSG"]);
SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, {$invite_row['id']}, {$dt}, {$msg}, 0)");
}
header("Refresh: 0; url=account-confirm-ok.php?type=confirm");
if (is_valid_id($_POST["id"]) && strlen($_POST["secret"]) == 32) {
$password = $_POST["password"];
$password1 = $_POST["password1"];
if (empty($password) || empty($password1)) {
$kind = "" . ERROR . "";
$msg = "" . NO_EMTY_FIELDS . "";
} elseif ($password != $password1) {
$kind = "" . ERROR . "";
$msg = "" . PASS_NO_MATCH . "";
} else {
$n = get_row_count("users", "WHERE `id`=" . intval($_POST["id"]) . " AND MD5(`secret`) = " . sqlesc($_POST["secret"]));
if ($n != 1) {
show_error2("" . ERROR . "", "" . NO_SUCH_USER . "");
}
$newsec = sqlesc(mksecret());
SQL_Query_exec("UPDATE `users` SET `password` = '" . passhash($password) . "', `secret` = {$newsec} WHERE `id`=" . intval($_POST['id']) . " AND MD5(`secret`) = " . sqlesc($_POST["secret"]));
$kind = "" . SUCCESS . "";
$msg = "" . PASS_CHANGED_OK . "";
}
}
if ($_SERVER["REQUEST_METHOD"] == "POST" && $_GET["take"] == 1) {
$email = trim($_POST["email"]);
if (!validemail($email)) {
$msg = "" . EMAIL_NOT_VALID . "";
$kind = "" . ERROR . "";
} else {
$res = SQL_Query_exec("SELECT id, username, email FROM users WHERE email=" . sqlesc($email) . " LIMIT 1");
$arr = mysql_fetch_assoc($res);
if (!$arr) {
$msg = "" . EMAIL_NOT_FOUND . "";
$kind = "" . ERROR . "";
# get user information from existing XML file
if (filepath_is_safe(GSUSERSPATH . $file, GSUSERSPATH) && file_exists(GSUSERSPATH . $file)) {
$data = getXML(GSUSERSPATH . $file);
$userid = strtolower($data->USR);
$EMAIL = $data->EMAIL;
if (strtolower($_POST['username']) === $userid) {
# create new random password
$random = createRandomPassword();
// $random = '1234';
# create backup
backup_datafile(GSUSERSPATH . $file);
# copy user file into password change trigger file
$flagfile = GSUSERSPATH . getPWDresetName(_id($userid), 'xml');
copy_file(GSUSERSPATH . $file, $flagfile);
# change password and resave xml file
$data->PWD = passhash($random);
$status = XMLsave($data, GSUSERSPATH . $file);
# send the email with the new password
$subject = $site_full_name . ' ' . i18n_r('RESET_PASSWORD') . ' ' . i18n_r('ATTEMPT');
$message = "<p>" . cl($SITENAME) . " " . i18n_r('RESET_PASSWORD') . " " . i18n_r('ATTEMPT') . '</p>';
$message .= "<p>" . i18n_r('LABEL_USERNAME') . ": <strong>" . $userid . "</strong>";
$message .= "<br>" . i18n_r('NEW_PASSWORD') . ": <strong>" . $random . "</strong>";
$message .= '<br>' . i18n_r('EMAIL_LOGIN') . ': <a href="' . $SITEURL . $GSADMIN . '/">' . $SITEURL . $GSADMIN . '/</a></p>';
exec_action('resetpw-success');
// @hook resetpw-success a user password reset occured
$emailstatus = sendmail($EMAIL, $subject, $message);
# if email fails, we do nothing, maybe handle this in the future
# show the result of the reset attempt
usleep($randSleep);
redirect("resetpassword.php?upd=pwd-" . ($status && $emailstatus ? 'success' : 'error'));
} else {
public function mmProcessEditUser()
{
global $xml, $perm;
$NUSR = $_POST['usernamec'];
$usrfile = $_POST['usernamec'] . '.xml';
$NLANDING = !isset($_POST['Landing']) || isset($_POST['Landing']) && $_POST['Landing'] == 'pages.php' ? '' : $_POST['Landing'];
$NPASSWD = isset($_POST['userpassword']) && !empty($_POST['userpassword']) ? passhash($_POST['userpassword']) : $_POST['nano'];
$email = isset($_POST['useremail']) ? $_POST['useremail'] : '';
$timezone = isset($_POST['ntimezone']) ? $_POST['ntimezone'] : '';
$lang = isset($_POST['userlng']) ? $_POST['userlng'] : '';
$usersname = isset($_POST['users_name']) ? $_POST['users_name'] : '';
$usersbio = isset($_POST['users_bio']) ? $_POST['users_bio'] : '';
$files = isset($_POST['Files']) ? $_POST['Files'] : '';
$pages = isset($_POST['Pages']) ? $_POST['Pages'] : '';
$theme = isset($_POST['Theme']) ? $_POST['Theme'] : '';
$plugins = isset($_POST['Plugins']) ? $_POST['Plugins'] : '';
$backups = isset($_POST['Backups']) ? $_POST['Backups'] : '';
$settings = isset($_POST['Settings']) ? $_POST['Settings'] : '';
$support = isset($_POST['Support']) ? $_POST['Support'] : '';
$edit = isset($_POST['Edit']) ? $_POST['Edit'] : '';
$admin = isset($_POST['Admin']) ? $_POST['Admin'] : '';
if (isset($_POST['usernamec'])) {
// Edit user xml file - This coding was mostly taken from the 'settings.php' page..
$xml = new SimpleXMLExtended('<item></item>');
$xml->addChild('USR', $NUSR);
$xml->addChild('PWD', $NPASSWD);
$xml->addChild('EMAIL', $email);
$xml->addChild('HTMLEDITOR', $_POST['usereditor']);
$xml->addChild('TIMEZONE', $timezone);
$xml->addChild('LANG', $lang);
$xml->addChild('USERSNAME', $usersname);
$userbio = $xml->addChild('USERSBIO');
$userbio->addCData($usersbio);
$perm = $xml->addChild('PERMISSIONS');
$perm->addChild('PAGES', $pages);
$perm->addChild('FILES', $files);
$perm->addChild('THEME', $theme);
$perm->addChild('PLUGINS', $plugins);
$perm->addChild('BACKUPS', $backups);
$perm->addChild('SETTINGS', $settings);
$perm->addChild('SUPPORT', $support);
$perm->addChild('EDIT', $edit);
$perm->addChild('LANDING', $NLANDING);
$perm->addChild('ADMIN', $admin);
save_custom_permissions();
if (!XMLsave($xml, GSUSERSPATH . $usrfile)) {
$error = i18n_r('user-managment/SAVEERROR');
echo $error;
} else {
print '<div class="updated" style="display: block;">' . i18n_r('user-managment/SAVED') . '</div>';
}
mmManageUsersForm();
}
}
// TorrentTrader v2.x
// $LastChangedDate: 2012-09-19 19:13:35 +0100 (Wed, 19 Sep 2012) $
// $LastChangedBy: torrenttrader $
//
// http://www.torrenttrader.org
//
//
require_once "backend/functions.php";
dbconn();
if (!empty($_REQUEST["returnto"])) {
if (!$_GET["nowarn"]) {
$nowarn = T_("MEMBERS_ONLY");
}
}
if ($_POST["username"] && $_POST["password"]) {
$password = passhash($_POST["password"]);
if (!empty($_POST["username"]) && !empty($_POST["password"])) {
$res = SQL_Query_exec("SELECT id, password, secret, status, enabled FROM users WHERE username = "******"username"]) . "");
$row = mysql_fetch_assoc($res);
if (!$row || $row["password"] != $password) {
$message = T_("LOGIN_INCORRECT");
} elseif ($row["status"] == "pending") {
$message = T_("ACCOUNT_PENDING");
} elseif ($row["enabled"] == "no") {
$message = T_("ACCOUNT_DISABLED");
}
} else {
$message = T_("NO_EMPTY_FIELDS");
}
if (!$message) {
logincookie($row["id"], $row["password"], $row["secret"]);
// Logout --------------------------------------------------------------------------------------------
$app->get('/logout', function () use($app) {
$app->store('user', 0);
$app->redirect($app->getBaseUri() . '/login');
});
// Conditions --------------------------------------------------------------------------------------------
$app->condition('signed_in', function () use($app) {
$app->redirect($app->getBaseUri() . '/login', !$app->store('user'));
});
// Login --------------------------------------------------------------------------------------------
$app->get('/login', function () use($app) {
$app->render('login', array(), 'blank');
});
$app->post('/login', function () use($app) {
$user = Model::factory('User')->where_equal('login', $_POST['user'])->find_one();
if ($user->pass == passhash($_POST['pass'])) {
$app->store("user", $user->id);
$app->redirect($app->getBaseUri() . '/dashboard');
} else {
$app->redirect($app->getBaseUri() . '/login');
}
});
// Register --------------------------------------------------------------------------------------------
$app->get('/signup', function () use($app) {
$app->render('register', array(), 'blank');
});
$app->post('/signup', 'signup#post');
// Logged in area --------------------------------------------------------------------------------------------
$app->get('/dashboard', function () use($app) {
$app->condition('signed_in');
$me = Model::factory('User')->where_equal('id', $app->store('user'))->find_one();
}
// end do
}
//end action
if ($action == "changepw") {
if ($do == "newpassword") {
$chpassword = $_POST['chpassword'];
$passagain = $_POST['passagain'];
if ($chpassword != "") {
if (strlen($chpassword) < 6) {
$message = T_("PASS_TOO_SHORT");
}
if ($chpassword != $passagain) {
$message = T_("PASSWORDS_NOT_MATCH");
}
$chpassword = passhash($chpassword);
$secret = mksecret();
}
if (!$chpassword || !$passagain) {
$message = "You must enter something!";
}
begin_frame();
navmenu();
if (!$message) {
SQL_Query_exec("UPDATE users SET password = "******", secret = " . sqlesc($secret) . " WHERE id = " . $CURUSER["id"]);
echo "<br /><br /><center><b>" . T_("PASSWORD_CHANGED_OK") . "</b></center>";
logoutcookie();
} else {
echo "<br /><br /><b><center>" . $message . "</center></b><br /><br />";
}
end_frame();
$nonce = $_POST['nonce'];
if (!check_nonce($nonce, "reset_password")) {
die("CSRF detected!");
}
if (isset($_POST['email'])) {
if ($_POST['email'] == $EMAIL) {
// create new random password
$random = createRandomPassword();
// create new users.xml file
$bakpath = GSBACKUPSPATH . "other/";
createBak($file, GSDATAOTHERPATH, $bakpath);
$flagfile = GSBACKUPSPATH . "other/user.xml.reset";
copy(GSDATAOTHERPATH . $file, $flagfile);
$xml = @new SimpleXMLElement('<item></item>');
$xml->addChild('USR', @$USR);
$xml->addChild('PWD', passhash($random));
$xml->addChild('EMAIL', @$EMAIL);
XMLsave($xml, GSDATAOTHERPATH . $file);
// send the email with the new password
$subject = $site_full_name . ' ' . $i18n['RESET_PASSWORD'] . ' ' . $i18n['ATTEMPT'];
$message = "'" . cl($SITENAME) . "' " . $i18n['RESET_PASSWORD'] . " " . $i18n['ATTEMPT'];
$message .= '<br>-------------------------------------------------------<br>';
$message .= "<br>" . $i18n['LABEL_USERNAME'] . ": " . $USR;
$message .= "<br>" . $i18n['NEW_PASSWORD'] . ": " . $random;
$message .= '<br><br>' . $i18n['EMAIL_LOGIN'] . ': <a href="' . $SITEURL . 'admin/">' . $SITEURL . 'admin/</a>';
exec_action('resetpw-success');
$status = sendmail($EMAIL, $subject, $message);
header("Location: resetpassword.php?upd=pwd-" . $status);
} else {
exec_action('resetpw-error');
header("Location: resetpassword.php?upd=pwd-error");
$htmleditor = '';
}
# check to see if passwords are changing
if (isset($_POST['sitepwd'])) {
$pwd1 = $_POST['sitepwd'];
}
if (isset($_POST['sitepwd_confirm'])) {
$pwd2 = $_POST['sitepwd_confirm'];
}
if ($pwd1 != $pwd2 || $adding === true && (empty($pwd1) || $pwd1 !== $pwd2)) {
#passwords do not match
$error = i18n_r('PASSWORD_NO_MATCH');
} else {
# password cannot be null
if ($pwd1 != '') {
$password = passhash($pwd1);
}
// check valid lang files
if (!in_array($lang . '.php', $lang_array) and !in_array($lang . '.PHP', $lang_array)) {
$lang = '';
}
# create user xml file
createBak($file, GSUSERSPATH, GSBACKUSERSPATH);
if (file_exists(GSUSERSPATH . _id($userid) . '.xml.reset')) {
unlink(GSUSERSPATH . _id($userid) . '.xml.reset');
}
$xml = new SimpleXMLElement('<item></item>');
$xml->addChild('USR', $userid);
$xml->addChild('NAME', $name);
$xml->addChild('PWD', $password);
$xml->addChild('EMAIL', $email);
