function guiLoginAnswer(&$session, &$message) { $session->trace(TC_Gui1, 'guiLoginAnswer; login_user: '******'login_user']); $login_again = true; $message = null; $again = false; $user = $_POST['login_user']; $email = $_POST['login_email']; $code = $_POST['login_code']; if (isset($_POST['but_forget'])) { if (empty($user)) { $message = "+kein Benutzername angegeben"; } elseif (empty($email)) { $message = "+keine EMail-Adresse angegeben"; } else { $row = dbSingleRecord($session, 'select id,email from ' . dbTable($session, T_User) . ' where name=' . dbSqlString($session, $user)); if (!$row) { $message = "+unbekannter Benutzer"; } elseif (empty($row[1])) { $message = "+keine EMail-Adresse eingetragen"; } elseif (strcasecmp($row[1], $email) != 0) { $message = "+EMail-Adresse ist nicht bekannt"; } else { sendPassword($session, $row[0], $user, $email); $message = 'Das Passwort wurde an ' . $email . ' verschickt'; } } $again = true; } else { $message = dbCheckUser($session, $user, $code); if (!empty($message)) { $again = true; } else { setLoginCookie($session, $user, $code); $session->setPageName(P_Home); $session->setSessionNo(1); } } return $again; }
} // Check for gd library availability if (!check_gd()) { throw new iMSCP_Exception(tr("PHP GD extension not loaded.")); } // Remove old unique keys removeOldKeys($cfg['LOSTPASSWORD_TIMEOUT']); $tpl = new iMSCP_pTemplate(); $tpl->define_dynamic(array('layout' => 'shared/layouts/simple.tpl', 'page' => 'lostpassword.tpl', 'page_message' => 'layout')); $tpl->assign(array('TR_PAGE_TITLE' => tr('i-MSCP - Multi Server Control Panel / Lost Password'), 'CONTEXT_CLASS' => '', 'productLongName' => tr('internet Multi Server Control Panel'), 'productLink' => 'http://www.i-mscp.net', 'productCopyright' => tr('© 2010-2015 i-MSCP Team<br/>All Rights Reserved'), 'TR_CAPCODE' => tr('Security code'), 'GET_NEW_IMAGE' => tr('Get a new image'), 'TR_IMGCAPCODE' => '<img id="captcha" src="imagecode.php" width="' . $cfg['LOSTPASSWORD_CAPTCHA_WIDTH'] . '" height="' . $cfg['LOSTPASSWORD_CAPTCHA_HEIGHT'] . '" alt="captcha image" />', 'TR_USERNAME' => tr('Username'), 'TR_SEND' => tr('Send'), 'TR_CANCEL' => tr('Cancel'))); // A request for new password was validated ( User clicked on the link he has received by mail ) if (isset($_GET['key']) && $_GET['key'] != '') { // Check key clean_input($_GET['key']); // Sending new password if (sendPassword($_GET['key'])) { set_page_message(tr('Your new password has been sent. Check your email.'), 'success'); redirectTo('index.php'); } else { set_page_message(tr('New password has not been sent. Ask your administrator.'), 'error'); } } elseif (!empty($_POST)) { // Request for new password $bruteForce = new iMSCP_Plugin_Bruteforce(iMSCP_Registry::get('pluginManager'), 'captcha'); if ($bruteForce->isWaiting() || $bruteForce->isBlocked()) { set_page_message($bruteForce->getLastMessage(), 'error'); redirectTo('lostpassword.php'); } else { $bruteForce->recordAttempt(); } if (!empty($_POST['uname']) && isset($_SESSION['image']) && isset($_POST['capcode'])) {
<?php include_once "includes/mp3act_functions.php"; include_once "includes/sessions.php"; // SEND PASSWORD $error = ''; if (!empty($_POST['email'])) { mp3act_connect(); if (sendPassword($_POST['email'])) { $error = "A new password has been sent to: {$_POST['email']}."; } else { $error = "Email Address is not a valid account"; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html> <head> <title><?php echo $GLOBALS['server_title']; ?> | Login</title> <link rel="Stylesheet" href="css/mp3act_css.php" type="text/css" /> <script type="text/javascript"> function validator() { if(document.getElementById("email").value == ""){
$forgotForm = "<form action='' method='post'>" . "<font face='Verdana' color='red' size=6><b>Forgot Password</b></font><br><br>" . "<font face='Verdana' color='blue'><b>Enter your email address: </b> <input type='text' name='email' size='50'><br><br>" . "<input type='submit' style='color: red; font-family: Verdana; font-weight: bold; font-size: 16px; ' value='Submit'> </form>"; // If $email is not set, $message is empty so as $youremail, then show the form if (!isset($_REQUEST['email'])) { echo $forgotForm; } else { $email = $_REQUEST['email']; $passValue = getPassword($email); if ($passValue == "" or $passValue == null) { echo $forgotForm; echo "<font color='red' size=3>Your email address is not registered. Please contact the administrator on pkmittal82@gmail.com if you have any difficulties.</font>"; } else { $message = "Hi, You have requested for the password for " . $full_tubename . ".Here are the details."; $message = $message . "<br><br>" . $vURL; $message = $message . "<br>" . "Username: "******"<br>" . "Password/Key: " . $passValue; $send = sendPassword($email, $subject, $message); // If we can not send this email let's show the error if (!$send) { echo "Error in sending email!"; } else { echo "<font color='blue' size=6>Your password has been sent to " . $email . ". Now you can close this window</font>"; } } } ?> <?php function getPassword($email) { $query = "SELECT ikey FROM keystable where userid ='{$email}'"; $result = mysql_query($query);
function baseLoginAnswer(&$session) { $login_again = true; $session->trace(TC_Gui1, 'baseLoginAnswer'); global $login_user, $login_code, $session_user, $but_forget, $login_email; if (isset($but_forget)) { $message = null; if (empty($login_user)) { $message = "+kein Benutzername angegeben"; } elseif (empty($login_email)) { $message = "+keine EMail-Adresse angegeben"; } else { $row = dbSingleRecord($session, 'select id,email from ' . dbTable($session, T_User) . ' where name=' . dbSqlString($session, $login_user)); if (!$row) { $message = "+unbekannter Benutzer"; } elseif (empty($row[1])) { $message = "+keine EMail-Adresse eingetragen"; } elseif (strcasecmp($row[1], $login_email) != 0) { $message = "+EMail-Adresse ist nicht bekannt"; } else { sendPassword($session, $row[0], $login_user, $login_email); $message = 'Das Passwort wurde an ' . $login_email . ' verschickt'; } } guiLogin($session, $message); } else { $rc = dbCheckUser($session, $login_user, $login_code); if (!empty($rc)) { guiLogin($session, $rc); } else { setLoginCookie($session, $login_user, $login_code); $session->setPageName(P_Start); $login_again = false; } } return $login_again; }
well_done(); } elseif ($mode == $proto_mode_register) { $email = addslashes(retrieve_from_post($proto_userid)); $fullname = addslashes(retrieve_from_post($proto_fullname)); $company = addslashes(retrieve_from_post($proto_company)); // Check if the email has already been registered. $result = mysqli_query($global_mysqli_link, "SELECT email FROM users WHERE email='{$email}'") or die_nice('Cannot check user id existence: ' . mysqli_error($global_mysqli_link)); if (mysqli_num_rows($result) > 0) { die_nice("Ooops! Email {$email} has already registered. Please check your mailbox or contact hello@kiri.travel"); } // Generate and send password $password = generate_password(); $hasher = new PasswordHash($passwordhash_cost_log2, $passwordhash_portable); $passwordHash = $hasher->HashPassword($password); mysqli_query($global_mysqli_link, "INSERT INTO users(email, password, privilegeApiUsage, fullName, company) VALUES('{$email}', '{$passwordHash}', 1, '{$fullname}', '{$company}')") or die_nice('Cannot add new user $email: ' . mysqli_error($global_mysqli_link)); sendPassword($email, $password, $fullname); log_statistic("{$apikey_kiri}", 'REGISTER', "{$email}/{$fullname}/{$company}"); deinit_mysql(); well_done(); } elseif ($mode == $proto_mode_getprofile) { $email = $active_userid; $result = mysqli_query($global_mysqli_link, "SELECT fullName, company FROM users WHERE email='{$email}'") or die_nice('Cannot retrieve user details: ' . mysqli_error($global_mysqli_link)); if ($row = mysqli_fetch_row($result)) { $fullname = $row[0]; $company = $row[1]; } else { die_nice("User {$email} not found in database."); } deinit_mysql(); // Construct json. $json = array($proto_status => $proto_status_ok, $proto_fullname => $fullname, $proto_company => $company);