示例#1
0
     echo "\t\tif (f.decision.value=='') {\n";
     echo "\t\t\talert('You must supply a reason !!!');\n";
     echo "\t\t\treturn(false);\n";
     echo "\t\t}\n";
     echo "\t\treturn(true);\n";
     echo "\t}\n";
     $amc = "";
     $aml = "";
     $arm = pg_safe_exec("SELECT * FROM default_msgs WHERE type=1");
     $yy = 0;
     $opt = "";
     while ($armo = pg_fetch_object($arm)) {
         $yy++;
         $opt .= "<option value=\"" . $yy . "\">" . $armo->label . "</option>\n";
         $aml .= ",'" . post2db($armo->label) . "'";
         $amc .= ",'" . post2db($armo->content) . "'";
     }
     echo "\tvar acc_msgs_c = [''" . $amc . "];\n";
     echo "\tvar acc_msgs_l = [''" . $aml . "];\n";
     echo "\tfunction upd_acc_r(opt) {\n";
     echo "\t\tdocument.forms['accept'].decision.value = acc_msgs_c[parseInt(opt.options[opt.selectedIndex].value)];\n";
     echo "\t}\n";
     echo "//-->\n";
     echo "</script>\n";
     if ($opt != "") {
         echo "<select name=dmsgA onChange=\"upd_acc_r(this)\"><option value=0>-- pick a reason --</option>" . $opt . "</select><br>\n";
     }
     echo "<textarea name=decision cols=40 rows=7></textarea><br><input type=submit value=\" REGISTER THIS CHANNEL \">\n";
     echo "</form>\n";
     echo "</td>";
 }
示例#2
0
     }
     echo "<br><br>";
 }
 make_secure_form("do_reply_admin" . $_GET["ID"] . $_GET["RT"]);
 echo "<script language=\"JavaScript\">\n";
 echo "<!--\n";
 $comc = "";
 $coml = "";
 $rcom = pg_safe_exec("SELECT * FROM default_msgs WHERE type=3");
 $yy = 0;
 $opt = "";
 while ($rcomo = pg_fetch_object($rcom)) {
     $yy++;
     $opt .= "<option value=\"" . $yy . "\">" . $rcomo->label . "</option>\n";
     $coml .= ",'" . post2db($rcomo->label) . "'";
     $comc .= ",'" . post2db($rcomo->content) . "'";
 }
 echo "\tvar com_msgs_c = [''" . $comc . "];\n";
 echo "\tvar com_msgs_l = [''" . $coml . "];\n";
 echo "\tfunction upd_com_r(opt) {\n";
 echo "\t\tdocument.forms['do_reply'].areply.value = com_msgs_c[parseInt(opt.options[opt.selectedIndex].value)];\n";
 echo "\t}\n";
 echo "//-->\n";
 echo "</script>\n";
 echo "Your reply :";
 if ($opt != "") {
     echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
     echo "<select name=dmsgC onChange=\"upd_com_r(this)\"><option value=0>-- pick a common reply --</option>" . $opt . "</select><br>\n";
 } else {
     echo "<br>\n";
 }
示例#3
0
    echo "<br>";
}
if ($_POST["ochan"] == 1) {
    echo "Offending/Purged channel(s). ";
}
if ($_POST["ouser"] == 1) {
    echo "Authenticated/Suspended username(s). ";
}
if ($_POST["qt"] > 0) {
    echo "<br>Specific complaint type (" . $cpt_name[$_POST["qt"]] . "). ";
}
echo "</h4>";
echo "</h2>\n";
echo "<hr width=100% size=1 noshade>";
echo "<a href=\"javascript:history.go(-1);\"><b>&lt;&nbsp;back</b></a><br>\n";
$matchstring = post2db(strtolower(str_replace("*", "%", str_replace("?", "_", str_replace("%", "\\%", str_replace("_", "\\_", N_get_pure_string($_POST["q"])))))));
unset($cidz);
$cidz = array();
if (ereg("\\*", N_get_pure_string($_POST["q"])) || ereg("\\?", N_get_pure_string($_POST["q"]))) {
    $cmp_oper = "LIKE";
} else {
    $cmp_oper = " = ";
}
unset($rQT);
$rQT = "";
if ((int) $_POST["qt"] > 0) {
    $rQT = "complaints.complaint_type='" . (int) $_POST["qt"] . "' AND ";
}
if ($_POST["thread"] == 1) {
    // ticket events (must be separately) [forced auto %wild%]
    $q = "SELECT complaints_threads.complaint_ref FROM complaints_threads,complaints WHERE (lower(reply_text) LIKE '%" . $matchstring . "%' OR lower(actions_text) LIKE '%" . $matchstring . "%') AND " . $rQT . "complaints.id=complaints_threads.complaint_ref AND complaints.status!=99 ORDER BY created_ts DESC";
示例#4
0
<?php

/* $Id: cfp.php,v 1.1 2005/11/18 04:19:33 nighty Exp $ */
require "../../php_includes/cmaster.inc";
$cTheme = get_theme_info();
std_theme_styles(1);
std_theme_body();
$iid = (int) $_GET["id"];
$ccrc = $_GET["crc"];
$r1 = pg_safe_exec("SELECT * FROM pending_passwordchanges WHERE cookie='" . post2db($ccrc) . "' AND user_id='" . $iid . "'");
if ($o1 = @pg_fetch_object($r1, 0)) {
    if ($ccrc == md5($iid . "modFP" . CRC_SALT_0015 . $o1->new_crypt)) {
        // confirmation of password change
        $rez = @pg_safe_exec("UPDATE users SET password='******',last_updated=now()::abstime::int4,last_updated_by='forgotten password (" . cl_ip() . ")' WHERE id='" . $iid . "'");
        if ($rez) {
            $ru = pg_safe_exec("SELECT * FROM users WHERE id='" . $iid . "'");
            $user = pg_fetch_object($ru, 0);
            mail($user->email, $mail_subject_pass . $user->user_name, "Your Cservice password is: " . $o1->new_clrpass . "\nRemember it!", "From: " . $mail_from_pass . "\nReply-To: " . $mail_from_pass . "\nX-Mailer: " . NETWORK_NAME . " Channel Service");
            log_user($user->id, 9, " [manual confirmation]");
            pg_safe_exec("DELETE FROM pending_passwordchanges WHERE user_id='" . $user->id . "'");
            echo "<h1>Success !<br><br>\n";
            echo "Password change has been approved successfully for user '" . $user->user_name . "'</h1>\n";
            echo "</body></html>\n\n";
            die;
        } else {
            echo "<h1>Error<br><br>\n";
            echo "Unknown SQL Error !</h1>\n";
            echo "</body></html>\n\n";
            die;
        }
    } else {
     std_theme_body("../");
     echo "<h1>Error</h1> The URL entered is not valid.  Please check it ";
     echo "and make sure it is correct</h1><a href=\"confirm_pwreset.php\">Try again.</a>";
     echo "</body></html>";
     exit;
 } else {
     pg_safe_exec("delete from pending_pwreset where expiration<now()::abstime::int4");
     $pwreset = pg_fetch_object($res, 0);
     $userid = $pwreset->user_id;
     $qid = $pwreset->question_id;
     $vdata = $pwreset->verificationdata;
 }
 // change verifdata
 $gor = pg_safe_exec("SELECT verificationdata FROM users WHERE id='" . (int) $userid . "'");
 $goro = pg_fetch_object($gor);
 $res = pg_safe_exec("UPDATE users SET question_id='" . (int) $qid . "',verificationdata='" . post2db($vdata) . "',post_forms=(now()::abstime::int4+86400*10),last_updated=now()::abstime::int4,last_updated_by='Verif Q/A Reset' WHERE id='" . (int) $userid . "'");
 $user_id = $userid;
 log_user($userid, 8, "Cookie was: " . $ID . ", Old V/A was: " . $goro->verificationdata);
 $user_id = 0;
 if ($res) {
     $res = pg_safe_exec("delete from pending_pwreset where cookie='" . $ID . "'");
     echo "<html><head><title>Successful Verificiation Question/Answer Reset</title>";
     std_theme_styles();
     echo "</head>";
     std_theme_body("../");
     echo "<h1>Success!</h1>";
     echo "Your account verification question/answer has been changed !<br>\n";
     echo "<br><br>";
     echo "You may now proceed to the <a href=\"../index.php\" target=_top>Main page</a>.<br>";
     echo "</body></html>";
     exit;
示例#6
0
        $q = "SELECT * FROM channels,levels WHERE channels.registered_ts>0 AND lower(channels.name)='" . strtolower(trim(post2db($_GET["cname"]))) . "' AND levels.channel_id=channels.id AND levels.access>0 ORDER BY access DESC";
        $r = pg_safe_exec($q);
        while ($o = pg_fetch_object($r)) {
            $da_id_list[] = $o->user_id;
        }
        show_fraud_list($da_id_list, 1);
    }
    if ($listtype == 2) {
        //$slock = "";
        $slock = " AND pending.status!=3";
        $qchk = "SELECT channels.id FROM channels,pending WHERE lower(channels.name)='" . strtolower(trim(post2db($_GET["cname"]))) . "' AND pending.channel_id=channels.id" . $slock;
        $rchk = pg_safe_exec($qchk);
        if ($ochk = pg_fetch_object($rchk)) {
            $chan_id = $ochk->id;
        } else {
            echo "<br><br><b>ERROR</b> - The channel '" . db2disp(post2db($_GET["cname"])) . "' is NOT a valid incoming/pending application.<br>\n";
            echo "<a href=\"javascript:history.go(-1);\">Back</a>\n";
            echo "<br><br>For CService Admins use <b>ONLY</b>.";
            echo "</body></html>\n\n";
            die;
        }
        $q = "SELECT * FROM objections WHERE channel_id='" . $chan_id . "' AND admin_only='N'";
        $r = pg_safe_exec($q);
        while ($o = pg_fetch_object($r)) {
            $da_id_list[] = $o->user_id;
        }
        show_fraud_list($da_id_list, 1);
    }
}
echo "<br><br><a href=\"./index.php\">New search</a>\n";
echo "<br><br>\n";
示例#7
0
}
std_connect();
/*
       	$res=pg_safe_exec("select * from noreg where lower(user_name)='$username' AND type=4");
        if (pg_numrows($res)>0)
        	{
        	echo "<h1>Error<br>\n";
        	echo "The USERNAME entered is fraudulous.</h1><br><h2>This username cannot be used (FRAUD USERNAME)</h2><br><br>\n";
	echo "<a href=\"forgotten_pass.php\">Try again.</a>\n";
	echo "</body>\n";
	echo "</html>\n\n";
	die;
        	}
unset($res);
*/
$res = pg_safe_exec("select * from users where lower(user_name)='" . post2db($username) . "'");
if (pg_numrows($res) == 0) {
    echo "<h1>Error<br>\n";
    echo "The USERNAME entered is not valid.</h1><br><h2>Please check it and make sure it is correct</h2><br><br>\n";
    echo "<a href=\"forgotten_pass.php\">Try again.</a>\n";
    echo "</body>\n";
    echo "</html>\n\n";
    die;
}
$user = pg_fetch_object($res, 0);
if ((int) $user->question_id == 0 || $user->verificationdata == "") {
    echo "<h1>Error</h1><br><h3>\n";
    echo "You must have the other authentication method enabled (PASSPHRASE)</h3><br>\n";
    echo "If you really don't have your password anymore. then ask " . SERVICE_CHANNEL . ".<br><br>\n";
    echo "If you are just testing this feature and you read that page, that means you<br>\n";
    echo "will need to <b>log in</b> then go to <b>modify</b> your account and put something<br>\n";
    if ($_GET["posted"] != 1 || trim($_GET["rlabel"]) == "" || trim($_GET["rcontent"]) == "") {
        $umr = pg_safe_exec("SELECT * FROM default_msgs WHERE id='" . (int) $_GET["id"] . "'");
        $umo = pg_fetch_object($umr);
        echo "<h3>Edit the reply</h3><a href=\"javascript:history.go(-1);\">Go Back</a><hr width=100% noshade size=1><br>\n";
        echo "Label :<br>\n";
        echo "<input type=text name=rlabel size=60 maxlength=255 value=\"" . post2input($umo->label) . "\"><br>\n";
        echo "Content :<br>\n";
        echo "<textarea name=rcontent cols=60 rows=10 wrap>" . post2textarea($umo->content) . "</textarea><br>\n";
        echo "<br>\n";
        echo "<input type=hidden name=posted value=1>\n";
        echo "<input type=hidden name=type value=\"modify\">\n";
        echo "<input type=hidden name=type2 value=\"" . $_GET["type2"] . "\">\n";
        echo "<input type=hidden name=id value=\"" . $_GET["id"] . "\">\n";
        echo "<input type=submit value=\"Save changes\">\n";
    } else {
        $rq = pg_safe_exec("UPDATE default_msgs SET label='" . post2db($_GET["rlabel"]) . "', content='" . post2db($_GET["rcontent"]) . "' WHERE id='" . (int) $_GET["id"] . "'");
        if (!$rq) {
            die(pg_errormessage());
        } else {
            if ($_GET["type2"] == 1) {
                js_redir("default_msgs.php?type=review");
            } else {
                js_redir("default_msgs.php?type=complaints");
            }
        }
    }
}
if ($_GET["type"] == "complaints") {
    echo "<h3>Edit default complaint replies</h3><a href=\"complaints/admin.php\"><b>Complaints Manager Home</b></a><hr width=100% noshade size=1><br>\n";
    $crm = pg_safe_exec("SELECT * FROM default_msgs WHERE type=3");
    echo "<b>COMPLAINT REPLIES</b> <input type=button value=\"Add\" onClick=\"location.href='default_msgs.php?type=addcom'\"><br>\n";
 $ra = pg_safe_exec("SELECT access FROM levels WHERE channel_id=1 AND user_id='" . $user->id . "'");
 if ($oa = @pg_fetch_object($ra, 0)) {
     if (LOCK_PWCHG_LEVEL > 0 && LOCK_PWCHG_LEVEL <= $oa->access) {
         // lock prevails...
         echo "<h1>Error</h1><h3><br>\nFor security reasons, this option has been disabled for you.</h3>\n";
         echo "</body></html>\n\n";
         die;
     } elseif (CONFIRM_STAR_PWRESET && is_email_valid(CONFIRM_STAR_PWRESET_MAIL) && $oa->access > 0) {
         $rp = pg_safe_exec("SELECT * FROM pending_passwordchanges WHERE user_id='" . $user->id . "'");
         if ($op = @pg_fetch_object($rp, 0)) {
             echo "<h1>Error</h1><h3><br>\nA pending password change is already in progress for you.</h3>\n";
             echo "</body></html>\n\n";
             die;
         } else {
             $Xcrc = md5($user->id . "modFP" . CRC_SALT_0015 . $crypt);
             pg_safe_exec("INSERT INTO pending_passwordchanges VALUES ('" . post2db($Xcrc) . "','" . $user->id . "','" . $user->password . "','" . $crypt . "','" . post2db($password) . "',now()::abstime::int4)");
             if (LOCK_ON_PWCHG) {
                 $crypt = "*";
             } else {
                 $crypt = $user->password;
             }
             $ss = "[Forgotten Password] Confirmation request for '" . $user->username . "'";
             $mm = "";
             $mm .= "------- SECURITY -------\n\n";
             $mm .= "Forgotten password request for * account:\n";
             $mm .= "USER_ID = " . $user->id . "\n";
             $mm .= "USER_LEVEL = *" . $oa->access . "\n";
             $mm .= "USERNAME = "******"\n";
             $mm .= "USER_EMAIL = " . $user->email . "\n";
             $mm .= "REQUEST_IP = " . cl_ip() . "\n";
             $mm .= "REQUEST_HOST = " . cl_host() . "\n";
示例#10
0
if ($to = pg_fetch_object($tq)) {
    $da_c_id = $to->id;
    $ticket_number = strtoupper($da_c_id . "-" . substr(md5($da_c_id . CRC_SALT_0007 . "ticket"), 0, 10));
    if ($_POST["ct"] == 3) {
        // if 'pending application anonymous objection', insert an ADMIN comment in the given application to notify
        // that the complaint has been recorded...
        unset($issuer_id);
        unset($da_cmt);
        unset($notif_q);
        $issuer_id = COMPLAINTS_ADMINCOMMENT_ID;
        // this ID needs to be a permanently valid user !!!!! (see config.inc)
        $da_cmt = "";
        $da_cmt .= "**** AUTOMATIC ****<br><br>";
        $da_cmt .= "<b>An anonymous objection has been posted through the Complaints System.</b><br>";
        $da_cmt .= "<a href=\"complaints/admin.php?view=" . $ticket_number . "\">click here</a> to go to that complaint.<br><br>";
        $notif_q = "INSERT INTO objections (channel_id,user_id,comment,created_ts,admin_only) VALUES ('" . (int) $da_channel1_id . "','" . (int) $issuer_id . "','" . post2db($da_cmt) . "',now()::abstime::int4,'Y')";
        pg_safe_exec($notif_q);
    }
} else {
    $ticket_number = "N/A";
}
if (!$res) {
    die($back_lnk . "<b>SQL ERROR</b><br><br></td></tr></table></body></html>");
} else {
    if ($da_users_id > 0) {
        log_user($da_users_id, 11, "Type: " . $cpt_name[$_POST["ct"]] . ", Ticket-Number: " . $ticket_number);
    }
    $mmsg = "";
    $mmsg .= "\n\n";
    $mmsg .= "We recently received a complaint to CService using this e-mail address (" . $_POST["from_mail"] . ") for the reply.\n";
    $mmsg .= "If you haven't sent any complaint and don't know what this is all about, then just delete this message and DO NOT CLICK below.\n\n";
示例#11
0
            // checks if cookie disallowing new username is present.
            if ($_COOKIE["UNETUB"] != "" && UNETUB_TIME > 0) {
                err_newuser("Your IP has already registered a username, you can only signup for ONE username.");
                $err = 1;
            } elseif (NEWUSERS_IPCHECK && !newu_ipcheck(1)) {
                err_newuser("Your IP has already registered a username, you can only signup for ONE username.");
                $err = 1;
            } else {
                $cookie = md5(microtime() . time() . CRC_SALT_0003 . $_POST["username"] . $_POST["email"]);
                $expire = time() + 86400;
                // 1 day
                $language = (int) $_POST["language"];
                // Run any user typed field that hasn't already been sanity checked through the prepare_dbtext() function.
                $verificationdata = post2db($_POST["verificationdata"]);
                //local_seclog("New user request for `" . N_get_pure_string($_POST["username"]) . "`");
                pg_safe_exec("insert into pendingusers (user_name,cookie,expire,email,language,question_id,verificationdata,poster_ip) values ('" . post2db($_POST["username"]) . "','" . post2db($cookie) . "'," . (int) $expire . ",'" . post2db(strtolower($_POST["email"])) . "'," . $language . "," . (int) $question_id . ",'" . $verificationdata . "','" . cl_ip() . "')");
                $boundary = md5(time());
                mail($_POST["email"], $mail_subject_new, "To continue the registration process go to " . $confirm_url . "?cookie=" . $cookie, "From: " . $mail_from_new . "\nReply-To: " . $mail_from_new . "\nX-Mailer: " . NETWORK_NAME . " Channel Service");
                echo "<p>Your registration email has been sent.  Please wait to receive it, and then follow the instructions it contains to continue</p>";
            }
        } else {
            err_newuser($err);
            $err = 1;
        }
        break;
}
if ((int) $curr_step != 8) {
    if ($err == "") {
        if ((int) $curr_step < 7) {
            echo "<p align=right><input type=submit value=\"NEXT &gt;&gt;\"></p>\n";
        } else {