function ValidateRegisterForm($post)
{
    if (validateFirstName($post['firstName']) && validateLastName($post['lastName']) && validateEmail($post['email']) && validatePassword($post['password']) && validateConfirmPassword($post['confirmPassword']) && validateGender($post['gender']) && validateContactNumber($post['contactNumber']) && validateAddress($post['address'])) {
        return true;
    } else {
        return false;
    }
}
 function init()
 {
     if ($this->esoTalk->user) {
         redirect("");
     }
     global $language, $messages, $config;
     $this->title = $language["Forgot your password"];
     $this->esoTalk->addToHead("<meta name='robots' content='noindex, noarchive'/>");
     // If we're on the second step (they've clicked the link in their email)
     if ($hash = @$_GET["q2"]) {
         // Get the user with this recover password hash
         $result = $this->esoTalk->db->query("SELECT memberId FROM {$config["tablePrefix"]}members WHERE resetPassword='******'");
         if (!$this->esoTalk->db->numRows($result)) {
             redirect("forgotPassword");
         }
         list($memberId) = $this->esoTalk->db->fetchRow($result);
         $this->setPassword = true;
         // Validate the form if it was submitted
         if (isset($_POST["changePassword"])) {
             $password = @$_POST["password"];
             $confirm = @$_POST["confirm"];
             if ($error = validatePassword(@$_POST["password"])) {
                 $this->errors["password"] = $error;
             }
             if ($password != $confirm) {
                 $this->errors["confirm"] = "passwordsDontMatch";
             }
             if (!count($this->errors)) {
                 $passwordHash = md5($config["salt"] . $password);
                 $this->esoTalk->db->query("UPDATE {$config["tablePrefix"]}members SET resetPassword=NULL, password='******' WHERE memberId={$memberId}");
                 $this->esoTalk->message("passwordChanged", false);
                 redirect("");
             }
         }
     }
     // If they've submitted their email for a password link, email them!
     if (isset($_POST["email"])) {
         // Find the member with this email
         $result = $this->esoTalk->db->query("SELECT memberId, name, email FROM {$config["tablePrefix"]}members WHERE email='{$_POST["email"]}'");
         if (!$this->esoTalk->db->numRows($result)) {
             $this->esoTalk->message("emailDoesntExist");
             return;
         }
         list($memberId, $name, $email) = $this->esoTalk->db->fetchRow($result);
         // Set a special 'forgot password' hash
         $hash = md5(rand());
         $this->esoTalk->db->query("UPDATE {$config["tablePrefix"]}members SET resetPassword='******' WHERE memberId={$memberId}");
         // Send the email
         if (sendEmail($email, sprintf($language["emails"]["forgotPassword"]["subject"], $name), sprintf($language["emails"]["forgotPassword"]["body"], $name, $config["forumTitle"], $config["baseURL"] . makeLink("forgot-password", $hash)))) {
             $this->esoTalk->message("passwordEmailSent", false);
             redirect("");
         }
     }
 }
示例#3
0
 public function validatePasswordHandle($password)
 {
     global $sourcedir;
     require_once $sourcedir . '/Subs-Auth.php';
     $passwordError = validatePassword($password, $regOptions['username'], array($regOptions['email']));
     // Password isn't legal?
     if ($passwordError != null) {
         return false;
     }
     return true;
 }
示例#4
0
function authAdmin($username, $password)
{
    global $config;
    if (!checkLock("checkadmin")) {
        return false;
    }
    if ($config['admin_username'] == $username && validatePassword($password, $config['admin_password'], $config['admin_passwordformat'])) {
        return true;
    } else {
        lockAction("checkadmin");
        return false;
    }
}
示例#5
0
 function UserSignUp()
 {
     if (isset($_POST['su-btn-submit'])) {
         if (isset($_POST['email']) && isset($_POST['username']) && isset($_POST['password']) && isset($_POST['confirm-password']) && isset($_POST['tos-checkbox'])) {
             //Get submitted values
             $email = validateEmail($_POST['email']) ? 1 : 0;
             $user = validateUsername($_POST['username']) ? 1 : 0;
             $password = validatePassword($_POST['password']) ? 1 : 0;
             $password_hash = password_hash($_POST['password'], PASSWORD_DEFAULT);
             $cf_pass = password_verify($_POST['confirm-password'], $password_hash) ? 1 : 0;
             $tos_cb = $_POST['tos-checkbox'] ? 1 : 0;
         }
     }
 }
function verification($username, $password)
{
    // On va récupérer l'utilisateur précis
    $reponse = getUser($username);
    // On vérifie si l'adresse email et mot de passe correspondent
    if (validatePassword($username, $password)) {
        $connected = true;
        // le nom et le prénom servent à assurer à l'utilisateur qu'il est connecté
        // et connecté avec le bon compte
        $_SESSION['first_name'] = $reponse[0]['Prenom'];
        $_SESSION['last_name'] = $reponse[0]['Nom'];
        // nécessaire pour valider le niveau d'accès de l'utilisateur
        $_SESSION['user_type'] = $reponse[0]['TypeUtilisateur'];
        //nécessaire pour accéder à d'autres informations liées à l'utilisateur plus loin
        // dans la session
        $_SESSION['no_user'] = $reponse[0]['NoUtilisateur'];
    } else {
        $connected = false;
    }
    return $connected;
}
function getDataErrors($data)
{
    $messages = [];
    if (empty($data['first_name']) || empty($data['last_name']) || empty($data['username']) || empty($data['password'])) {
        $messages[] = 'Παρακαλούμε συμπληρώστε όλα τα πεδία';
        return $messages;
    }
    if (!validateName($data['first_name'])) {
        $messages[] = 'Το όνομα σας περιέχει μη επιτρεπτούς χαρακτήρες. Παρακαλούμε εισάγετε μόνο γράμματα της αλφαβήτας';
    }
    if (!validateName($data['last_name'])) {
        $messages[] = 'Το επώνυμό σας περιέχει μη επιτρεπτούς χαρακτήρες. Παρακαλούμε εισάγετε μόνο γράμματα της αλφαβήτας';
    }
    if (!validateUsername($data['username'])) {
        $messages[] = 'Το username σας περιέχει μη πετρεπτούς χαρακτήρες. Παρακαλούμε εισάγετε μόνο λατινικούς χαρακτήρες και αριθμούς';
    }
    if (!validateEmail($data['email'])) {
        $messages[] = 'Το e-mail σας δεν είναι έγκυρο. Παρακούμε εισάγετε ένα έγκυρο e-mail.';
    }
    if (!validatePassword($data['password'])) {
        $messages[] = 'Μη επιτρεπτός κωδικός. Ο κωδικός σας πρέπει να περιλαμβάνει τουλάχιστον 8 ψηφία.';
    }
    return $messages;
}
示例#8
0
<?php

if (isset($_POST["submit_update_user"])) {
    $id = $_GET['id'];
    $changepass = false;
    //$username = $_POST['new_user_username'];
    //$username = validateUserName($username) ? $_POST['new_user_username'] : false;
    if (!empty($_POST['new_user_password'])) {
        $changepass = true;
        $bh_password = $_POST['new_user_password'];
        $bh_password = validatePassword($bh_password) ? $_POST['new_user_password'] : false;
        $password = passwordHash($bh_password);
    }
    $email = $_POST['new_user_email'];
    //$vip = isset($_POST['new_user_vip']) ? 1 : 0;
    $bp_role = $_POST['new_user_role'];
    $bp_vip = $_POST['new_user_vip'];
    if ($bp_vip == 0) {
        $vip = 0;
        $vip_start = null;
        $vip_expire = null;
    } elseif ($bp_vip == -1) {
        $vip = -1;
        $vip_start = $current_datetime;
        $vip_expire = null;
    } else {
        $vip = $bp_vip;
        $vip_start = strtotime($current_datetime);
        $vip_expire = strtotime('+' . $vip . ' day', $vip_start);
        $vip_start = $current_datetime;
        $vip_expire = date('Y-m-d H:i:s', $vip_expire);
示例#9
0
<?php

echo '<html>';
echo '<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="public/css/bootstrap.min.css" integrity="sha512-dTfge/zgoMYpP7QbHy4gWMEGsbsdZeCXz7irItjcC3sPUFtf0kuFbDz/ixG7ArTxmDjLXDmezHubeNikyKGVyQ==" crossorigin="anonymous">

<!-- Optional theme -->
<link rel="stylesheet" href="public/css/bootstrap-theme.min.css" integrity="sha384-aUGj/X2zp5rLCbBxumKTCw2Z50WgIr1vs/PFN4praOTvYXWlVyh2UtNUU0KAUhAX" crossorigin="anonymous">

<!-- Latest compiled and minified JavaScript -->
<script src="public/js/bootstrap.min.js" integrity="sha512-K1qjQ+NcF2TYO/eI3M6v8EiNYZfA95pQumfvcVrTHtwQVDG+aHRqLi/ETn2uB+1JqwYqVG3LIvdm9lj6imS/pQ==" crossorigin="anonymous"></script>';
enter();
echo '<form method="POST" action="http://localhost:8000">
<div class="form-group">
    <label for="exampleInputLogin">Login:</label>
    <input type="text"  class="form-control" id="exampleInputLogin" name="login"/><br/>' . validateLogin($_REQUEST['login']) . '
</div>
<div class="form-group">
    <label for="exampleInputPassword1">Password</label>
    <input type="text"  class="form-control" id="exampleInputPassword" name="password"/></br>' . validatePassword($_REQUEST['password']) . '
</div>
<input type="submit" class="btn btn-default" value="Send"/>
</form>';
enter();
echo '<a href="/src/reg.php">Зарегистрируйтесь</a>';
echo '</html>';
/* http://getbootstrap.com/getting-started/#template - Sign-in page    http://getbootstrap.com/examples/signin/ */
/*сделать форму регистрации*/
示例#10
0
 $form['message'] = getPOST('message');
 $form['captchaValue'] = getPOST('captchaValue');
 $form['captchaId'] = getPOST('captchaId');
 // Add datetime
 date_default_timezone_set('Europe/Berlin');
 $form['date'] = date("F j, Y, g:i a");
 // Check for empty fields
 foreach ($form as $key => $value) {
     if (!$value) {
         $errorMsg .= 'The field "' . $key . '" may not be empty.<br>';
     }
 }
 if (!validateEmail($form['email'])) {
     $errorMsg .= "Please check your email address entered.<br>";
 }
 if (!validatePassword($form['password'], $form['confirmPassword'])) {
     $errorMsg .= "Passwords does not match.<br>";
 }
 if (!validateCaptcha($form['captchaValue'], $form['captchaId'])) {
     $errorMsg .= "Please check captcha.<br>";
 }
 // Remember selectbox
 for ($i == 1; $i < 4; $i++) {
     if ($form['subject'] == $i) {
         $formHelper['select' . $i] = "selected=selected";
     }
 }
 ## Store if validation was successful
 if (!$errorMsg) {
     // Save in textfile for demo reasons only.
     // Passwords are not filtered and stored in plaintext, hash function with salt and pepper must be used!
示例#11
0
function registerMember(&$regOptions, $return_errors = false)
{
    global $scripturl, $txt, $modSettings, $context, $sourcedir;
    global $user_info, $options, $settings, $smcFunc;
    loadLanguage('Login');
    // We'll need some external functions.
    require_once $sourcedir . '/lib/Subs-Auth.php';
    require_once $sourcedir . '/lib/Subs-Post.php';
    // Put any errors in here.
    $reg_errors = array();
    // Registration from the admin center, let them sweat a little more.
    if ($regOptions['interface'] == 'admin') {
        is_not_guest();
        isAllowedTo('moderate_forum');
    } elseif ($regOptions['interface'] == 'guest') {
        // You cannot register twice...
        if (empty($user_info['is_guest'])) {
            redirectexit();
        }
        // Make sure they didn't just register with this session.
        if (!empty($_SESSION['just_registered']) && empty($modSettings['disableRegisterCheck'])) {
            fatal_lang_error('register_only_once', false);
        }
    }
    // What method of authorization are we going to use?
    if (empty($regOptions['auth_method']) || !in_array($regOptions['auth_method'], array('password', 'openid'))) {
        if (!empty($regOptions['openid'])) {
            $regOptions['auth_method'] = 'openid';
        } else {
            $regOptions['auth_method'] = 'password';
        }
    }
    // No name?!  How can you register with no name?
    if (empty($regOptions['username'])) {
        $reg_errors[] = array('lang', 'need_username');
    }
    // Spaces and other odd characters are evil...
    $regOptions['username'] = preg_replace('~[\\t\\n\\r\\x0B\\0' . ($context['server']['complex_preg_chars'] ? '\\x{A0}' : " ") . ']+~u', ' ', $regOptions['username']);
    // Don't use too long a name.
    if (commonAPI::strlen($regOptions['username']) > 25) {
        $reg_errors[] = array('lang', 'error_long_name');
    }
    // Only these characters are permitted.
    if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~&#(?:\\d{1,7}|x[0-9a-fA-F]{1,6});~', '', $regOptions['username'])) != 0 || $regOptions['username'] == '_' || $regOptions['username'] == '|' || strpos($regOptions['username'], '[code') !== false || strpos($regOptions['username'], '[/code') !== false) {
        $reg_errors[] = array('lang', 'error_invalid_characters_username');
    }
    if (commonAPI::strtolower($regOptions['username']) === commonAPI::strtolower($txt['guest_title'])) {
        $reg_errors[] = array('lang', 'username_reserved', 'general', array($txt['guest_title']));
    }
    // !!! Separate the sprintf?
    if (empty($regOptions['email']) || preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $regOptions['email']) === 0 || strlen($regOptions['email']) > 255) {
        $reg_errors[] = array('done', sprintf($txt['valid_email_needed'], commonAPI::htmlspecialchars($regOptions['username'])));
    }
    if (!empty($regOptions['check_reserved_name']) && isReservedName($regOptions['username'], 0, false)) {
        if ($regOptions['password'] == 'chocolate cake') {
            $reg_errors[] = array('done', 'Sorry, I don\'t take bribes... you\'ll need to come up with a different name.');
        }
        $reg_errors[] = array('done', '(' . htmlspecialchars($regOptions['username']) . ') ' . $txt['name_in_use']);
    }
    // Generate a validation code if it's supposed to be emailed.
    $validation_code = '';
    if ($regOptions['require'] == 'activation') {
        $validation_code = generateValidationCode();
    }
    // If you haven't put in a password generate one.
    if ($regOptions['interface'] == 'admin' && $regOptions['password'] == '' && $regOptions['auth_method'] == 'password') {
        mt_srand(time() + 1277);
        $regOptions['password'] = generateValidationCode();
        $regOptions['password_check'] = $regOptions['password'];
    } elseif ($regOptions['password'] != $regOptions['password_check'] && $regOptions['auth_method'] == 'password') {
        $reg_errors[] = array('lang', 'passwords_dont_match');
    }
    // That's kind of easy to guess...
    if ($regOptions['password'] == '') {
        if ($regOptions['auth_method'] == 'password') {
            $reg_errors[] = array('lang', 'no_password');
        } else {
            $regOptions['password'] = sha1(mt_rand());
        }
    }
    // Now perform hard password validation as required.
    if (!empty($regOptions['check_password_strength'])) {
        $passwordError = validatePassword($regOptions['password'], $regOptions['username'], array($regOptions['email']));
        // Password isn't legal?
        if ($passwordError != null) {
            $reg_errors[] = array('lang', 'profile_error_password_' . $passwordError);
        }
    }
    // If they are using an OpenID that hasn't been verified yet error out.
    // !!! Change this so they can register without having to attempt a login first
    if ($regOptions['auth_method'] == 'openid' && (empty($_SESSION['openid']['verified']) || $_SESSION['openid']['openid_uri'] != $regOptions['openid'])) {
        $reg_errors[] = array('lang', 'openid_not_verified');
    }
    // You may not be allowed to register this email.
    if (!empty($regOptions['check_email_ban'])) {
        isBannedEmail($regOptions['email'], 'cannot_register', $txt['ban_register_prohibited']);
    }
    // Check if the email address is in use.
    $request = smf_db_query('
		SELECT id_member
		FROM {db_prefix}members
		WHERE email_address = {string:email_address}
			OR email_address = {string:username}
		LIMIT 1', array('email_address' => $regOptions['email'], 'username' => $regOptions['username']));
    // !!! Separate the sprintf?
    if (mysql_num_rows($request) != 0) {
        $reg_errors[] = array('lang', 'email_in_use', false, array(htmlspecialchars($regOptions['email'])));
    }
    mysql_free_result($request);
    // If we found any errors we need to do something about it right away!
    foreach ($reg_errors as $key => $error) {
        /* Note for each error:
        			0 = 'lang' if it's an index, 'done' if it's clear text.
        			1 = The text/index.
        			2 = Whether to log.
        			3 = sprintf data if necessary. */
        if ($error[0] == 'lang') {
            loadLanguage('Errors');
        }
        $message = $error[0] == 'lang' ? empty($error[3]) ? $txt[$error[1]] : vsprintf($txt[$error[1]], $error[3]) : $error[1];
        // What to do, what to do, what to do.
        if ($return_errors) {
            if (!empty($error[2])) {
                log_error($message, $error[2]);
            }
            $reg_errors[$key] = $message;
        } else {
            fatal_error($message, empty($error[2]) ? false : $error[2]);
        }
    }
    // If there's any errors left return them at once!
    if (!empty($reg_errors)) {
        return $reg_errors;
    }
    $reservedVars = array('actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url');
    // Can't change reserved vars.
    if (isset($regOptions['theme_vars']) && array_intersect($regOptions['theme_vars'], $reservedVars) != array()) {
        fatal_lang_error('no_theme');
    }
    // Some of these might be overwritten. (the lower ones that are in the arrays below.)
    $regOptions['register_vars'] = array('member_name' => $regOptions['username'], 'email_address' => $regOptions['email'], 'passwd' => sha1(strtolower($regOptions['username']) . $regOptions['password']), 'password_salt' => substr(md5(mt_rand()), 0, 4), 'posts' => 0, 'date_registered' => time(), 'member_ip' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $user_info['ip'], 'member_ip2' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $_SERVER['BAN_CHECK_IP'], 'validation_code' => $validation_code, 'real_name' => $regOptions['username'], 'personal_text' => $modSettings['default_personal_text'], 'pm_email_notify' => 1, 'id_theme' => 0, 'id_post_group' => 4, 'lngfile' => '', 'buddy_list' => '', 'pm_ignore_list' => '', 'message_labels' => '', 'location' => '', 'time_format' => '', 'signature' => '', 'avatar' => '', 'usertitle' => '', 'secret_question' => '', 'secret_answer' => '', 'additional_groups' => '', 'ignore_boards' => '', 'smiley_set' => '', 'openid_uri' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
    // Setup the activation status on this new account so it is correct - firstly is it an under age account?
    if ($regOptions['require'] == 'coppa') {
        $regOptions['register_vars']['is_activated'] = 5;
        // !!! This should be changed.  To what should be it be changed??
        $regOptions['register_vars']['validation_code'] = '';
    } elseif ($regOptions['require'] == 'nothing') {
        $regOptions['register_vars']['is_activated'] = 1;
    } elseif ($regOptions['require'] == 'activation') {
        $regOptions['register_vars']['is_activated'] = 0;
    } else {
        $regOptions['register_vars']['is_activated'] = 3;
    }
    if (isset($regOptions['memberGroup'])) {
        // Make sure the id_group will be valid, if this is an administator.
        $regOptions['register_vars']['id_group'] = $regOptions['memberGroup'] == 1 && !allowedTo('admin_forum') ? 0 : $regOptions['memberGroup'];
        // Check if this group is assignable.
        $unassignableGroups = array(-1, 3);
        $request = smf_db_query('
			SELECT id_group
			FROM {db_prefix}membergroups
			WHERE min_posts != {int:min_posts}' . (allowedTo('admin_forum') ? '' : '
				OR group_type = {int:is_protected}'), array('min_posts' => -1, 'is_protected' => 1));
        while ($row = mysql_fetch_assoc($request)) {
            $unassignableGroups[] = $row['id_group'];
        }
        mysql_free_result($request);
        if (in_array($regOptions['register_vars']['id_group'], $unassignableGroups)) {
            $regOptions['register_vars']['id_group'] = 0;
        }
    }
    // Integrate optional member settings to be set.
    if (!empty($regOptions['extra_register_vars'])) {
        foreach ($regOptions['extra_register_vars'] as $var => $value) {
            $regOptions['register_vars'][$var] = $value;
        }
    }
    // Integrate optional user theme options to be set.
    $theme_vars = array();
    if (!empty($regOptions['theme_vars'])) {
        foreach ($regOptions['theme_vars'] as $var => $value) {
            $theme_vars[$var] = $value;
        }
    }
    // Call an optional function to validate the users' input.
    HookAPI::callHook('integrate_register', array(&$regOptions, &$theme_vars));
    // Right, now let's prepare for insertion.
    $knownInts = array('date_registered', 'posts', 'id_group', 'last_login', 'instant_messages', 'unread_messages', 'new_pm', 'pm_prefs', 'gender', 'hide_email', 'show_online', 'pm_email_notify', 'karma_good', 'karma_bad', 'notify_announcements', 'notify_send_body', 'notify_regularity', 'notify_types', 'id_theme', 'is_activated', 'id_msg_last_visit', 'id_post_group', 'total_time_logged_in', 'warning');
    $knownFloats = array('time_offset');
    $column_names = array();
    $values = array();
    foreach ($regOptions['register_vars'] as $var => $val) {
        $type = 'string';
        if (in_array($var, $knownInts)) {
            $type = 'int';
        } elseif (in_array($var, $knownFloats)) {
            $type = 'float';
        } elseif ($var == 'birthdate') {
            $type = 'date';
        }
        $column_names[$var] = $type;
        $values[$var] = $val;
    }
    // Register them into the database.
    smf_db_insert('', '{db_prefix}members', $column_names, $values, array('id_member'));
    $memberID = smf_db_insert_id('{db_prefix}members', 'id_member');
    // Update the number of members and latest member's info - and pass the name, but remove the 's.
    if ($regOptions['register_vars']['is_activated'] == 1) {
        updateStats('member', $memberID, $regOptions['register_vars']['real_name']);
    } else {
        updateStats('member');
    }
    // Theme variables too?
    if (!empty($theme_vars)) {
        $inserts = array();
        foreach ($theme_vars as $var => $val) {
            $inserts[] = array($memberID, $var, $val);
        }
        smf_db_insert('insert', '{db_prefix}themes', array('id_member' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'), $inserts, array('id_member', 'variable'));
    }
    // If it's enabled, increase the registrations for today.
    trackStats(array('registers' => '+'));
    // Administrative registrations are a bit different...
    if ($regOptions['interface'] == 'admin') {
        if ($regOptions['require'] == 'activation') {
            $email_message = 'admin_register_activate';
        } elseif (!empty($regOptions['send_welcome_email'])) {
            $email_message = 'admin_register_immediate';
        }
        if (isset($email_message)) {
            $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code);
            $emaildata = loadEmailTemplate($email_message, $replacements);
            sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
        }
        // All admins are finished here.
        return $memberID;
    }
    // Can post straight away - welcome them to your fantastic community...
    if ($regOptions['require'] == 'nothing') {
        if (!empty($regOptions['send_welcome_email'])) {
            $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
            $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'immediate', $replacements);
            sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
        }
        // Send admin their notification.
        adminNotify('standard', $memberID, $regOptions['username']);
    } elseif ($regOptions['require'] == 'activation' || $regOptions['require'] == 'coppa') {
        $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
        if ($regOptions['require'] == 'activation') {
            $replacements += array('ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code);
        } else {
            $replacements += array('COPPALINK' => $scripturl . '?action=coppa;u=' . $memberID);
        }
        $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . ($regOptions['require'] == 'activation' ? 'activate' : 'coppa'), $replacements);
        sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
    } else {
        $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
        $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'pending', $replacements);
        sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
        // Admin gets informed here...
        adminNotify('approval', $memberID, $regOptions['username']);
    }
    // Okay, they're for sure registered... make sure the session is aware of this for security. (Just married :P!)
    $_SESSION['just_registered'] = 1;
    return $memberID;
}
示例#12
0
    echo $styleInvalid;
}
?>
 />
		            				<span class="formcheck" id="spanUsername"> </span><br />
	
	            <label>Password:</label>
	            	<input type="password" name="PASSWORD" size="30" id="passwd" class="validates" 
	            		onfocus="pValid()" />
	            			<span class="formcheck" id="spanP"></span><br />
	
	            <label>Confirm Password:</label>
	           		<input type="password" name="CONFIRMPASSWORD" size="30" id="confirmPasswd" class="validates" 
	           			onkeyup="passwdValid()" 
	           				<?php 
if (!validatePassword($password1, $password2)) {
    echo $styleInvalid;
}
?>
 />
	            				<span class="formcheck" id="spanPasswd"></span><br />
	
	        </fieldset>
	        <fieldset id="fieldYN">
	            Gender:
		            <input type="radio" name="GENDER" value="male" id="maleRadio" /><label class="noLabel" for="maleRadio">Male </label>
		            <input type="radio" name="GENDER" value="female" id="femaleRadio" /><label class="noLabel" for="femaleRadio">Female </label><?php 
if (!validateGender($gender)) {
    echo "*";
}
?>
示例#13
0
function authentication($memID, $saving = false)
{
    global $context, $cur_profile, $sourcedir, $txt, $post_errors, $modSettings;
    loadLanguage('Login');
    // We are saving?
    if ($saving) {
        // Moving to password passed authentication?
        if ($_POST['authenticate'] == 'passwd') {
            // Didn't enter anything?
            if ($_POST['passwrd1'] == '') {
                $post_errors[] = 'no_password';
            } elseif (!isset($_POST['passwrd2']) || $_POST['passwrd1'] != $_POST['passwrd2']) {
                $post_errors[] = 'bad_new_password';
            } else {
                require_once $sourcedir . '/Subs-Auth.php';
                $passwordErrors = validatePassword($_POST['passwrd1'], $cur_profile['member_name'], array($cur_profile['real_name'], $cur_profile['email_address']));
                // Were there errors?
                if ($passwordErrors != null) {
                    $post_errors[] = 'password_' . $passwordErrors;
                }
            }
            if (empty($post_errors)) {
                // Integration?
                call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd1']));
                // Go then.
                $passwd = sha1(strtolower($cur_profile['member_name']) . un_htmlspecialchars($_POST['passwrd1']));
                // Do the important bits.
                updateMemberData($memID, array('openid_uri' => '', 'passwd' => $passwd));
                if ($context['user']['is_owner']) {
                    setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($cur_profile['member_name']) . un_htmlspecialchars($_POST['passwrd2'])) . $cur_profile['password_salt']));
                }
                redirectexit('action=profile;u=' . $memID);
            }
            return true;
        } elseif ($_POST['authenticate'] == 'openid' && !empty($_POST['openid_identifier'])) {
            require_once $sourcedir . '/Subs-OpenID.php';
            $_POST['openid_identifier'] = smf_openID_canonize($_POST['openid_identifier']);
            if (smf_openid_member_exists($_POST['openid_identifier'])) {
                $post_errors[] = 'openid_in_use';
            } elseif (empty($post_errors)) {
                // Authenticate using the new OpenID URI first to make sure they didn't make a mistake.
                if ($context['user']['is_owner']) {
                    $_SESSION['new_openid_uri'] = $_POST['openid_identifier'];
                    smf_openID_validate($_POST['openid_identifier'], false, null, 'change_uri');
                } else {
                    updateMemberData($memID, array('openid_uri' => $_POST['openid_identifier']));
                }
            }
        }
    }
    // Some stuff.
    $context['member']['openid_uri'] = $cur_profile['openid_uri'];
    $context['auth_method'] = empty($cur_profile['openid_uri']) ? 'password' : 'openid';
    $context['sub_template'] = 'authentication_method';
}
示例#14
0
<?php

include "validate.php";
$formSend = count($_POST) > 0;
$username = "";
$email = "";
if ($formSend) {
    $usernameValid = validateUsername($_POST["username"]);
    $emailValid = validateEmail($_POST["email"]);
    $passwordValid = validatePassword($_POST["password"]);
    $passwordCValid = validateCPassword($_POST["password"], $_POST["passwordC"]);
    $username = htmlspecialchars($_POST["username"]);
    $email = htmlspecialchars($_POST["email"]);
    if ($usernameValid == "" && $emailValid == "" && $passwordValid == "" && $passwordCValid == "") {
        header('Location: welcome.php?username='******'text/css' rel='stylesheet' href='style.css'/>
  <script src="jquery-2.1.4.min.js"></script>
  <script src="jquery.validate.js"></script>
  <script type="text/javascript" src="registration.js"></script>
  <script type="text/javascript" src="script.js"></script>
</head>
<body>
  <header>
示例#15
0
                 eval("echo \"" . getTemplate("email/account_add") . "\";");
             }
         }
     } else {
         standard_error(array('allresourcesused', 'allocatetoomuchquota'), $quota);
     }
 } elseif ($action == 'changepw' && $id != 0) {
     $result = $db->query_first("SELECT `id`, `email`, `email_full`, `iscatchall`, `destination`, `customerid`, `popaccountid` FROM `" . TABLE_MAIL_VIRTUAL . "` WHERE `customerid`='" . (int) $userinfo['customerid'] . "' AND `id`='" . (int) $id . "'");
     if (isset($result['popaccountid']) && $result['popaccountid'] != '') {
         if (isset($_POST['send']) && $_POST['send'] == 'send') {
             $password = validate($_POST['email_password'], 'password');
             if ($password == '') {
                 standard_error(array('stringisempty', 'mypassword'));
                 exit;
             }
             $password = validatePassword($password);
             $log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'");
             $result = $db->query("UPDATE `" . TABLE_MAIL_USERS . "` SET " . ($settings['system']['mailpwcleartext'] == '1' ? "`password` = '" . $db->escape($password) . "', " : '') . " `password_enc`=ENCRYPT('" . $db->escape($password) . "') WHERE `customerid`='" . (int) $userinfo['customerid'] . "' AND `id`='" . (int) $result['popaccountid'] . "'");
             redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
         } else {
             $result['email_full'] = $idna_convert->decode($result['email_full']);
             $result = htmlentities_array($result);
             $account_changepw_data = (include_once dirname(__FILE__) . '/lib/formfields/customer/email/formfield.emails_accountchangepasswd.php');
             $account_changepw_form = htmlform::genHTMLForm($account_changepw_data);
             $title = $account_changepw_data['emails_accountchangepasswd']['title'];
             $image = $account_changepw_data['emails_accountchangepasswd']['image'];
             eval("echo \"" . getTemplate("email/account_changepw") . "\";");
         }
     }
 } elseif ($action == 'changequota' && $settings['system']['mail_quota_enabled'] == '1' && $id != 0) {
     $result = $db->query_first("SELECT `v`.`id`, `v`.`email`, `v`.`email_full`, `v`.`iscatchall`, `v`.`destination`, `v`.`customerid`, `v`.`popaccountid`, `u`.`quota` FROM `" . TABLE_MAIL_VIRTUAL . "` `v` LEFT JOIN `" . TABLE_MAIL_USERS . "` `u` ON(`v`.`popaccountid` = `u`.`id`)WHERE `v`.`customerid`='" . (int) $userinfo['customerid'] . "' AND `v`.`id`='" . (int) $id . "'");
function net2ftp_module_printBody()
{
    // --------------
    // This function prints the login screen
    // --------------
    // -------------------------------------------------------------------------
    // Global variables
    // -------------------------------------------------------------------------
    global $net2ftp_settings, $net2ftp_globals, $net2ftp_messages, $net2ftp_result;
    if (isset($_POST["input_admin_username"]) == true) {
        $input_admin_username = htmlEncode2(validateGenericInput($_POST["input_admin_username"]));
    } else {
        $input_admin_username = "";
    }
    if (isset($_POST["input_admin_password"]) == true) {
        $input_admin_password = htmlEncode2(validateGenericInput($_POST["input_admin_password"]));
    } else {
        $input_admin_password = "";
    }
    if (isset($_POST["dbusername2"]) == true) {
        $dbusername2 = validateUsername($_POST["dbusername2"]);
    } else {
        $dbusername2 = "";
    }
    if (isset($_POST["dbpassword2"]) == true) {
        $dbpassword2 = validatePassword($_POST["dbpassword2"]);
    } else {
        $dbpassword2 = "";
    }
    if (isset($_POST["dbname2"]) == true) {
        $dbname2 = validateGenericInput($_POST["dbname2"]);
    } else {
        $dbname2 = "";
    }
    if (isset($_POST["dbserver2"]) == true) {
        $dbserver2 = validateGenericInput($_POST["dbserver2"]);
    } else {
        $dbserver2 = "";
    }
    $dbusername2_html = htmlEncode2($dbusername2);
    $dbpassword2_html = htmlEncode2($dbpassword2);
    $dbname2_html = htmlEncode2($dbname2);
    $dbserver2_html = htmlEncode2($dbserver2);
    if ($dbserver2 == "") {
        $dbserver2 = "localhost";
    }
    // -------------------------------------------------------------------------
    // Variables for all screens
    // -------------------------------------------------------------------------
    // Output variable
    $net2ftp_output["admin_createtables"][] = "";
    // Title
    $title = __("Admin functions");
    // Form name
    $formname = "AdminForm";
    // Read the SQL file
    $filename = glueDirectories($net2ftp_globals["application_rootdir"], "create_tables.sql");
    $handle = fopen($filename, "rb");
    // Open the file for reading only
    if ($handle == false) {
        $net2ftp_output["admin_createtables"][] = __("The handle of file %1\$s could not be opened.", $filename);
    }
    clearstatcache();
    // for filesize
    $sqlquerystring = fread($handle, filesize($filename));
    if ($sqlquerystring == false) {
        $net2ftp_output["admin_createtables"][] = __("The file %1\$s could not be opened.", $filename);
    }
    $result1 = fclose($handle);
    if ($result1 == false) {
        $net2ftp_output["admin_createtables"][] = __("The handle of file %1\$s could not be closed.", $filename);
    }
    // Split the SQL file in individual queries
    $sqlquerypieces = explode("\n", $sqlquerystring);
    // -------------------------------------------------------------------------
    // Variables for screen 1
    // -------------------------------------------------------------------------
    if ($net2ftp_globals["screen"] == 1) {
        // Next screen
        $nextscreen = 2;
        // Back and forward buttons
        $back_onclick = "document.forms['" . $formname . "'].state.value='admin';document.forms['" . $formname . "'].screen.value='1';document.forms['" . $formname . "'].submit();";
        $forward_onclick = "document.forms['" . $formname . "'].submit();";
    } elseif ($net2ftp_globals["screen"] == 2) {
        // Next screen
        $nextscreen = 1;
        // Back and forward buttons
        $back_onclick = "document.forms['" . $formname . "'].state.value='admin';document.forms['" . $formname . "'].screen.value='1';document.forms['" . $formname . "'].submit();";
        $dbpassword2_length = strlen($dbpassword2);
        // ------------------------------------
        // Connect
        // ------------------------------------
        $mydb = mysql_connect($dbserver2, $dbusername2, $dbpassword2);
        if ($mydb == false) {
            $net2ftp_output["admin_createtables"][] = __("The connection to the server <b>%1\$s</b> could not be set up. Please check the database settings you've entered.", $dbserver2_html) . "\n";
        }
        // ------------------------------------
        // Select
        // ------------------------------------
        if ($mydb != false) {
            $mysql_select_db_result = mysql_select_db($dbname2);
            if ($mysql_select_db_result == false) {
                $net2ftp_output["admin_createtables"][] = __("Unable to select the database <b>%1\$s</b>.", $dbserver2_html) . "\n";
            }
        }
        // ------------------------------------
        // Query
        // ------------------------------------
        if ($mydb != false && $mysql_select_db_result != false) {
            for ($i = 0; $i < sizeof($sqlquerypieces); $i++) {
                $mysql_query_results[$i] = mysql_query($sqlquerypieces[$i]);
                if ($mysql_query_results[$i] == false) {
                    $net2ftp_output["admin_createtables"][] = __("The SQL query nr <b>%1\$s</b> could not be executed.", $i + 1) . "\n";
                } else {
                    $net2ftp_output["admin_createtables"][] = __("The SQL query nr <b>%1\$s</b> was executed successfully.", $i + 1) . "\n";
                }
            }
        }
    }
    // end elseif
    // -------------------------------------------------------------------------
    // Print the output
    // -------------------------------------------------------------------------
    require_once $net2ftp_globals["application_skinsdir"] . "/" . $net2ftp_globals["skin"] . "/manage.template.php";
}
示例#17
0
function setPassword2()
{
    global $db_prefix, $context, $txt, $modSettings, $sourcedir;
    if (empty($_POST['u']) || !isset($_POST['passwrd1']) || !isset($_POST['passwrd2'])) {
        fatal_lang_error(1, false);
    }
    $_POST['u'] = (int) $_POST['u'];
    if ($_POST['passwrd1'] != $_POST['passwrd2']) {
        fatal_lang_error(213, false);
    }
    if ($_POST['passwrd1'] == '') {
        fatal_lang_error(91, false);
    }
    loadLanguage('Login');
    // Get the code as it should be from the database.
    $request = db_query("\n\t\tSELECT validation_code, memberName, emailAddress\n\t\tFROM {$db_prefix}members\n\t\tWHERE ID_MEMBER = {$_POST['u']}\n\t\t\tAND is_activated = 1\n\t\t\tAND validation_code != ''\n\t\tLIMIT 1", __FILE__, __LINE__);
    // Does this user exist at all?
    if (mysql_num_rows($request) == 0) {
        fatal_lang_error('invalid_userid', false);
    }
    list($realCode, $username, $email) = mysql_fetch_row($request);
    mysql_free_result($request);
    // Is the password actually valid?
    require_once $sourcedir . '/Subs-Auth.php';
    $passwordError = validatePassword($_POST['passwrd1'], $username, array($email));
    // What - it's not?
    if ($passwordError != null) {
        fatal_lang_error('profile_error_password_' . $passwordError, false);
    }
    // Quit if this code is not right.
    if (empty($_POST['code']) || substr($realCode, 0, 10) != substr(md5($_POST['code']), 0, 10)) {
        fatal_error($txt['invalid_activation_code'], false);
    }
    // User validated.  Update the database!
    updateMemberData($_POST['u'], array('validation_code' => '\'\'', 'passwd' => '\'' . sha1(strtolower($username) . $_POST['passwrd1']) . '\''));
    if (isset($modSettings['integrate_reset_pass']) && function_exists($modSettings['integrate_reset_pass'])) {
        call_user_func($modSettings['integrate_reset_pass'], $username, $username, $_POST['passwrd1']);
    }
    loadTemplate('Login');
    $context += array('page_title' => &$txt['reminder_password_set'], 'sub_template' => 'login', 'default_username' => $username, 'default_password' => $_POST['passwrd1'], 'never_expire' => false, 'description' => &$txt['reminder_password_set']);
}
示例#18
0
function net2ftp_module_printBody()
{
    // --------------
    // This function prints the login screen
    // --------------
    // -------------------------------------------------------------------------
    // Global variables
    // -------------------------------------------------------------------------
    global $net2ftp_settings, $net2ftp_globals, $net2ftp_messages, $net2ftp_result, $net2ftp_output;
    if (isset($_POST["troubleshoot_ftpserver"]) == true) {
        $troubleshoot_ftpserver = validateFtpserver($_POST["troubleshoot_ftpserver"]);
    } else {
        $troubleshoot_ftpserver = "";
    }
    if (isset($_POST["troubleshoot_ftpserverport"]) == true) {
        $troubleshoot_ftpserverport = validateFtpserverport($_POST["troubleshoot_ftpserverport"]);
    } else {
        $troubleshoot_ftpserverport = "";
    }
    if (isset($_POST["troubleshoot_username"]) == true) {
        $troubleshoot_username = validateUsername($_POST["troubleshoot_username"]);
    } else {
        $troubleshoot_username = "";
    }
    if (isset($_POST["troubleshoot_password"]) == true) {
        $troubleshoot_password = validatePassword($_POST["troubleshoot_password"]);
    } else {
        $troubleshoot_password = "";
    }
    if (isset($_POST["troubleshoot_directory"]) == true) {
        $troubleshoot_directory = validateDirectory($_POST["troubleshoot_directory"]);
    } else {
        $troubleshoot_directory = "";
    }
    if (isset($_POST["troubleshoot_passivemode"]) == true) {
        $troubleshoot_passivemode = validatePassivemode($_POST["troubleshoot_passivemode"]);
    } else {
        $troubleshoot_passivemode = "";
    }
    $troubleshoot_ftpserver_html = htmlEncode2($troubleshoot_ftpserver);
    $troubleshoot_ftpserverport_html = htmlEncode2($troubleshoot_ftpserverport);
    $troubleshoot_username_html = htmlEncode2($troubleshoot_username);
    $troubleshoot_directory_html = htmlEncode2($troubleshoot_directory);
    $troubleshoot_passivemode_html = htmlEncode2($troubleshoot_passivemode);
    // -------------------------------------------------------------------------
    // Variables for all screens
    // -------------------------------------------------------------------------
    // Title
    $title = __("Troubleshoot an FTP server");
    // Form name
    $formname = "AdvancedForm";
    // -------------------------------------------------------------------------
    // Variables for screen 1
    // -------------------------------------------------------------------------
    if ($net2ftp_globals["screen"] == 1) {
        // Next screen
        $nextscreen = 2;
        // Back and forward buttons
        $back_onclick = "document.forms['" . $formname . "'].state.value='advanced';document.forms['" . $formname . "'].screen.value='1';document.forms['" . $formname . "'].submit();";
        $forward_onclick = "document.forms['" . $formname . "'].submit();";
    } elseif ($net2ftp_globals["screen"] == 2) {
        // Back and forward buttons
        $back_onclick = "document.forms['" . $formname . "'].state.value='advanced_ftpserver'; document.forms['" . $formname . "'].submit();";
        // Initial checks
        if ($troubleshoot_passivemode != "yes") {
            $troubleshoot_passivemode = "no";
        }
        // Connect
        setStatus(1, 10, __("Connecting to the FTP server"));
        $conn_id = ftp_connect("{$troubleshoot_ftpserver}", $troubleshoot_ftpserverport);
        // Login with username and password
        setStatus(2, 10, __("Logging into the FTP server"));
        $ftp_login_result = ftp_login($conn_id, $troubleshoot_username, $troubleshoot_password);
        // Passive mode
        if ($troubleshoot_passivemode == "yes") {
            setStatus(3, 10, __("Setting the passive mode"));
            $ftp_pasv_result = ftp_pasv($conn_id, TRUE);
        } else {
            $ftp_pasv_result = true;
        }
        // Get the FTP system type
        setStatus(4, 10, __("Getting the FTP system type"));
        $ftp_systype_result = ftp_systype($conn_id);
        // Change the directory
        setStatus(5, 10, __("Changing the directory"));
        $ftp_chdir_result = ftp_chdir($conn_id, $troubleshoot_directory);
        // Get the current directory from the FTP server
        setStatus(6, 10, __("Getting the current directory"));
        $ftp_pwd_result = ftp_pwd($conn_id);
        // Try to get a raw list
        setStatus(7, 10, __("Getting the list of directories and files"));
        $ftp_rawlist_result = ftp_rawlist($conn_id, "-a");
        if (sizeof($ftp_rawlist_result) <= 1) {
            $ftp_rawlist_result = ftp_rawlist($conn_id, "");
        }
        // Parse the list
        setStatus(8, 10, __("Parsing the list of directories and files"));
        for ($i = 0; $i < sizeof($ftp_rawlist_result); $i++) {
            $parsedlist[$i] = ftp_scanline($troubleshoot_directory, $ftp_rawlist_result[$i]);
        }
        // end for
        // Quiting; ftp_quit doesn't return a value
        setStatus(9, 10, __("Logging out of the FTP server"));
        ftp_quit($conn_id);
    }
    // end if
    // -------------------------------------------------------------------------
    // Print the output
    // -------------------------------------------------------------------------
    setStatus(10, 10, __("Printing the result"));
    require_once $net2ftp_globals["application_skinsdir"] . "/" . $net2ftp_globals["skin"] . "/manage.template.php";
}
示例#19
0
<?php

session_start();
error_reporting(E_ALL);
require_once 'constants.php';
ini_set('display_errors', 1);
$user_in = filter_input(INPUT_POST, "user", FILTER_SANITIZE_STRING);
$pw_in = filter_input(INPUT_POST, "pw", FILTER_SANITIZE_STRING);
$user = validateUser($user_in);
$pw = validatePassword($pw_in);
validateLogin($user, $pw);
//=========================================================
// Functions used to validate login credentials.
//---------------------------------------------------------
function validateLogin($user, $pw)
{
    global $url;
    if (doesUserDirectoryExist($user)) {
        // User Exists
        $pwFile = $GLOBALS['directory'] . "users/" . $user . "/pw.txt";
        if (file_get_contents($pwFile) === $pw) {
            $_SESSION['logged_on'] = 1;
            $_SESSION['user'] = $user;
            header('Location: ' . $GLOBALS['url']);
        } else {
            echo "<font color=\"red\"><b>ERROR: Input did not match a registed username & password combination.</b></font><br>";
            echo "(Main page will reload shortly...)\n";
            echo "<script type=\"text/javascript\">\nreload_page=function() {\n\tlocation.replace(\"{$url}\");\n}\n";
            echo "var intervalID = window.setInterval(reload_page, 5000);\n</script>\n";
        }
    } else {
示例#20
0
文件: Profile.php 项目: alencarmo/OCF
function saveProfileChanges(&$profile_vars, &$post_errors, $memID)
{
    global $db_prefix, $user_info, $txt, $modSettings, $user_profile;
    global $newpassemail, $validationCode, $context, $settings, $sourcedir;
    global $func;
    // These make life easier....
    $old_profile =& $user_profile[$memID];
    // Permissions...
    if ($context['user']['is_owner']) {
        $changeIdentity = allowedTo(array('profile_identity_any', 'profile_identity_own'));
        $changeOther = allowedTo(array('profile_extra_any', 'profile_extra_own'));
    } else {
        $changeIdentity = allowedTo('profile_identity_any');
        $changeOther = allowedTo('profile_extra_any');
    }
    // Arrays of all the changes - makes things easier.
    $profile_bools = array('notifyAnnouncements', 'notifyOnce', 'notifySendBody');
    $profile_ints = array('pm_email_notify', 'notifyTypes', 'ICQ', 'gender', 'ID_THEME');
    $profile_floats = array('timeOffset');
    $profile_strings = array('websiteUrl', 'websiteTitle', 'AIM', 'YIM', 'location', 'birthdate', 'timeFormat', 'buddy_list', 'pm_ignore_list', 'smileySet', 'signature', 'personalText', 'avatar');
    // Fix the spaces in messenger screennames...
    $fix_spaces = array('MSN', 'AIM', 'YIM');
    foreach ($fix_spaces as $var) {
        // !!! Why?
        if (isset($_POST[$var])) {
            $_POST[$var] = strtr($_POST[$var], ' ', '+');
        }
    }
    // Make sure the MSN one is an email address, not something like 'none' :P.
    if (isset($_POST['MSN']) && ($_POST['MSN'] == '' || preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['MSN']) != 0)) {
        $profile_strings[] = 'MSN';
    }
    // Validate the title...
    if (!empty($modSettings['titlesEnable']) && (allowedTo('profile_title_any') || allowedTo('profile_title_own') && $context['user']['is_owner'])) {
        $profile_strings[] = 'usertitle';
    }
    // Validate the timeOffset...
    if (isset($_POST['timeOffset'])) {
        $_POST['timeOffset'] = strtr($_POST['timeOffset'], ',', '.');
        if ($_POST['timeOffset'] < -23.5 || $_POST['timeOffset'] > 23.5) {
            $post_errors[] = 'bad_offset';
        }
    }
    // Fix the URL...
    if (isset($_POST['websiteUrl'])) {
        if (strlen(trim($_POST['websiteUrl'])) > 0 && strpos($_POST['websiteUrl'], '://') === false) {
            $_POST['websiteUrl'] = 'http://' . $_POST['websiteUrl'];
        }
        if (strlen($_POST['websiteUrl']) < 8) {
            $_POST['websiteUrl'] = '';
        }
    }
    // !!! Should we check for this year and tell them they made a mistake :P? (based on coppa at least?)
    if (isset($_POST['birthdate'])) {
        if (preg_match('/(\\d{4})[\\-\\., ](\\d{2})[\\-\\., ](\\d{2})/', $_POST['birthdate'], $dates) === 1) {
            $_POST['birthdate'] = checkdate($dates[2], $dates[3], $dates[1] < 4 ? 4 : $dates[1]) ? sprintf('%04d-%02d-%02d', $dates[1] < 4 ? 4 : $dates[1], $dates[2], $dates[3]) : '0001-01-01';
        } else {
            unset($_POST['birthdate']);
        }
    } elseif (isset($_POST['bday1'], $_POST['bday2'], $_POST['bday3']) && $_POST['bday1'] > 0 && $_POST['bday2'] > 0) {
        $_POST['birthdate'] = checkdate($_POST['bday1'], $_POST['bday2'], $_POST['bday3'] < 4 ? 4 : $_POST['bday3']) ? sprintf('%04d-%02d-%02d', $_POST['bday3'] < 4 ? 4 : $_POST['bday3'], $_POST['bday1'], $_POST['bday2']) : '0001-01-01';
    } elseif (isset($_POST['bday1']) || isset($_POST['bday2']) || isset($_POST['bday3'])) {
        $_POST['birthdate'] = '0001-01-01';
    }
    if (isset($_POST['im_email_notify'])) {
        $_POST['pm_email_notify'] = $_POST['im_email_notify'];
    }
    // Validate and set the ignorelist...
    if (isset($_POST['pm_ignore_list']) || isset($_POST['im_ignore_list'])) {
        if (!isset($_POST['pm_ignore_list'])) {
            $_POST['pm_ignore_list'] = $_POST['im_ignore_list'];
        }
        $_POST['pm_ignore_list'] = strtr($func['htmltrim']($_POST['pm_ignore_list']), array('\\\'' => '&#039;', "\n" => "', '", "\r" => '', '&quot;' => ''));
        if (preg_match('~(\\A|,)\\*(\\Z|,)~s', $_POST['pm_ignore_list']) == 0) {
            $result = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}members\n\t\t\t\tWHERE memberName IN ('{$_POST['pm_ignore_list']}') OR realName IN ('{$_POST['pm_ignore_list']}')\n\t\t\t\tLIMIT " . (substr_count($_POST['pm_ignore_list'], '\', \'') + 1), __FILE__, __LINE__);
            $_POST['pm_ignore_list'] = '';
            while ($row = mysql_fetch_assoc($result)) {
                $_POST['pm_ignore_list'] .= $row['ID_MEMBER'] . ',';
            }
            mysql_free_result($result);
            // !!! Did we find all the members?
            $_POST['pm_ignore_list'] = substr($_POST['pm_ignore_list'], 0, -1);
        } else {
            $_POST['pm_ignore_list'] = '*';
        }
    }
    // Similarly, do the same for the buddy list
    if (isset($_POST['buddy_list'])) {
        $_POST['buddy_list'] = strtr(trim($_POST['buddy_list']), array('\\\'' => '&#039;', "\n" => "', '", "\r" => '', '&quot;' => ''));
        if (trim($_POST['buddy_list']) != '') {
            $result = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}members\n\t\t\t\tWHERE memberName IN ('{$_POST['buddy_list']}') OR realName IN ('{$_POST['buddy_list']}')\n\t\t\t\tLIMIT " . (substr_count($_POST['buddy_list'], '\', \'') + 1), __FILE__, __LINE__);
            $_POST['buddy_list'] = '';
            while ($row = mysql_fetch_assoc($result)) {
                $_POST['buddy_list'] .= $row['ID_MEMBER'] . ',';
            }
            mysql_free_result($result);
            // !!! Did we find all the members?
            $_POST['buddy_list'] = substr($_POST['buddy_list'], 0, -1);
        }
    }
    // Validate the smiley set.
    if (isset($_POST['smileySet'])) {
        $smiley_sets = explode(',', $modSettings['smiley_sets_known']);
        if (!in_array($_POST['smileySet'], $smiley_sets) && $_POST['smileySet'] != 'none') {
            $_POST['smileySet'] = '';
        }
    }
    // Make sure the signature isn't too long.
    if (isset($_POST['signature'])) {
        require_once $sourcedir . '/Subs-Post.php';
        if (!empty($modSettings['max_signatureLength']) && $func['strlen']($_POST['signature']) > $modSettings['max_signatureLength']) {
            $_POST['signature'] = addslashes($func['substr'](stripslashes($_POST['signature']), 0, $modSettings['max_signatureLength']));
        }
        if (strlen($_POST['signature']) > 65534) {
            $_POST['signature'] = addslashes($func['truncate'](stripslashes($_POST['signature']), 65534));
        }
        $_POST['signature'] = strtr($_POST['signature'], array('&quot;' => '\\&quot;', '&#039;' => '\\&#39;', '&#39;' => '\\&#39;'));
        preparsecode($_POST['signature']);
    }
    // Identity-only changes...
    if ($changeIdentity) {
        // This block is only concerned with display name validation.
        if (isset($_POST['realName']) && (!empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum')) && trim($_POST['realName']) != $old_profile['realName']) {
            $_POST['realName'] = trim(preg_replace('~[\\s]~' . ($context['utf8'] ? 'u' : ''), ' ', $_POST['realName']));
            if (trim($_POST['realName']) == '') {
                $post_errors[] = 'no_name';
            } elseif ($func['strlen']($_POST['realName']) > 60) {
                $post_errors[] = 'name_too_long';
            } else {
                require_once $sourcedir . '/Subs-Members.php';
                if (isReservedName($_POST['realName'], $memID)) {
                    $post_errors[] = 'name_taken';
                }
            }
            if (isset($_POST['realName'])) {
                $profile_vars['realName'] = '\'' . $_POST['realName'] . '\'';
            }
        }
        // Change the registration date.
        if (!empty($_POST['dateRegistered']) && allowedTo('admin_forum')) {
            // Bad date!  Go try again - please?
            if (($_POST['dateRegistered'] = strtotime($_POST['dateRegistered'])) === -1) {
                fatal_error($txt['smf233'] . ' ' . strftime('%d %b %Y ' . (strpos($user_info['time_format'], '%H') !== false ? '%I:%M:%S %p' : '%H:%M:%S'), forum_time(false)), false);
            } elseif ($_POST['dateRegistered'] != $txt[470] && $_POST['dateRegistered'] != strtotime(strftime('%Y-%m-%d', $user_profile[$memID]['dateRegistered'] + ($user_info['time_offset'] + $modSettings['time_offset']) * 3600))) {
                $profile_vars['dateRegistered'] = $_POST['dateRegistered'] - ($user_info['time_offset'] + $modSettings['time_offset']) * 3600;
            }
        }
        // Change the number of posts.
        if (isset($_POST['posts']) && allowedTo('moderate_forum')) {
            $profile_vars['posts'] = $_POST['posts'] != '' ? (int) strtr($_POST['posts'], array(',' => '', '.' => '', ' ' => '')) : '\'\'';
        }
        // This block is only concerned with email address validation..
        if (isset($_POST['emailAddress']) && strtolower($_POST['emailAddress']) != strtolower($old_profile['emailAddress'])) {
            $_POST['emailAddress'] = strtr($_POST['emailAddress'], array('&#039;' => '\\\''));
            // Prepare the new password, or check if they want to change their own.
            if (!empty($modSettings['send_validation_onChange']) && !allowedTo('moderate_forum')) {
                require_once $sourcedir . '/Subs-Members.php';
                $validationCode = generateValidationCode();
                $profile_vars['validation_code'] = '\'' . $validationCode . '\'';
                $profile_vars['is_activated'] = '2';
                $newpassemail = true;
            }
            // Check the name and email for validity.
            if (trim($_POST['emailAddress']) == '') {
                $post_errors[] = 'no_email';
            }
            if (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', stripslashes($_POST['emailAddress'])) == 0) {
                $post_errors[] = 'bad_email';
            }
            // Email addresses should be and stay unique.
            $request = db_query("\n\t\t\t\tSELECT ID_MEMBER\n\t\t\t\tFROM {$db_prefix}members\n\t\t\t\tWHERE ID_MEMBER != {$memID}\n\t\t\t\t\tAND emailAddress = '{$_POST['emailAddress']}'\n\t\t\t\tLIMIT 1", __FILE__, __LINE__);
            if (mysql_num_rows($request) > 0) {
                $post_errors[] = 'email_taken';
            }
            mysql_free_result($request);
            $profile_vars['emailAddress'] = '\'' . $_POST['emailAddress'] . '\'';
        }
        // Hide email address?
        if (isset($_POST['hideEmail']) && (!empty($modSettings['allow_hideEmail']) || allowedTo('moderate_forum'))) {
            $profile_vars['hideEmail'] = empty($_POST['hideEmail']) ? '0' : '1';
        }
        // Are they allowed to change their hide status?
        if (isset($_POST['showOnline']) && (!empty($modSettings['allow_hideOnline']) || allowedTo('moderate_forum'))) {
            $profile_vars['showOnline'] = empty($_POST['showOnline']) ? '0' : '1';
        }
        // If they're trying to change the password, let's check they pick a sensible one.
        if (isset($_POST['passwrd1']) && $_POST['passwrd1'] != '') {
            // Do the two entries for the password even match?
            if ($_POST['passwrd1'] != $_POST['passwrd2']) {
                $post_errors[] = 'bad_new_password';
            }
            // Let's get the validation function into play...
            require_once $sourcedir . '/Subs-Auth.php';
            $passwordErrors = validatePassword($_POST['passwrd1'], $user_info['username'], array($user_info['name'], $user_info['email']));
            // Were there errors?
            if ($passwordErrors != null) {
                $post_errors[] = 'password_' . $passwordErrors;
            }
            // Set up the new password variable... ready for storage.
            $profile_vars['passwd'] = '\'' . sha1(strtolower($old_profile['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . '\'';
        }
        if (isset($_POST['secretQuestion'])) {
            $profile_vars['secretQuestion'] = '\'' . $_POST['secretQuestion'] . '\'';
        }
        // Do you have a *secret* password?
        if (isset($_POST['secretAnswer']) && $_POST['secretAnswer'] != '') {
            $profile_vars['secretAnswer'] = '\'' . md5($_POST['secretAnswer']) . '\'';
        }
    }
    // Things they can do if they are a forum moderator.
    if (allowedTo('moderate_forum')) {
        if (($_REQUEST['sa'] == 'activateAccount' || !empty($_POST['is_activated'])) && isset($old_profile['is_activated']) && $old_profile['is_activated'] != 1) {
            // If we are approving the deletion of an account, we do something special ;)
            if ($old_profile['is_activated'] == 4) {
                require_once $sourcedir . '/Subs-Members.php';
                deleteMembers($memID);
                redirectexit();
            }
            if (isset($modSettings['integrate_activate']) && function_exists($modSettings['integrate_activate'])) {
                call_user_func($modSettings['integrate_activate'], $old_profile['memberName']);
            }
            // Actually update this member now, as it guarantees the unapproved count can't get corrupted.
            updateMemberData($memID, array('is_activated' => $old_profile['is_activated'] >= 10 ? '11' : '1', 'validation_code' => '\'\''));
            // If we are doing approval, update the stats for the member just incase.
            if (in_array($old_profile['is_activated'], array(3, 4, 13, 14))) {
                updateSettings(array('unapprovedMembers' => $modSettings['unapprovedMembers'] > 1 ? $modSettings['unapprovedMembers'] - 1 : 0));
            }
            // Make sure we update the stats too.
            updateStats('member', false);
        }
        if (isset($_POST['karmaGood'])) {
            $profile_vars['karmaGood'] = $_POST['karmaGood'] != '' ? (int) $_POST['karmaGood'] : '\'\'';
        }
        if (isset($_POST['karmaBad'])) {
            $profile_vars['karmaBad'] = $_POST['karmaBad'] != '' ? (int) $_POST['karmaBad'] : '\'\'';
        }
    }
    // Assigning membergroups (you need admin_forum permissions to change an admins' membergroups).
    if (allowedTo('manage_membergroups')) {
        // The account page allows the change of your ID_GROUP - but not to admin!.
        if (isset($_POST['ID_GROUP']) && (allowedTo('admin_forum') || (int) $_POST['ID_GROUP'] != 1 && $old_profile['ID_GROUP'] != 1)) {
            $profile_vars['ID_GROUP'] = (int) $_POST['ID_GROUP'];
        }
        // Find the additional membergroups (if any)
        if (isset($_POST['additionalGroups']) && is_array($_POST['additionalGroups'])) {
            foreach ($_POST['additionalGroups'] as $i => $group_id) {
                if ((int) $group_id == 0 || !allowedTo('admin_forum') && (int) $group_id == 1) {
                    unset($_POST['additionalGroups'][$i], $_POST['additionalGroups'][$i]);
                } else {
                    $_POST['additionalGroups'][$i] = (int) $group_id;
                }
            }
            // Put admin back in there if you don't have permission to take it away.
            if (!allowedTo('admin_forum') && in_array(1, explode(',', $old_profile['additionalGroups']))) {
                $_POST['additionalGroups'][] = 1;
            }
            $profile_vars['additionalGroups'] = '\'' . implode(',', $_POST['additionalGroups']) . '\'';
        }
        // Too often, people remove delete their own account, or something.
        if (in_array(1, explode(',', $old_profile['additionalGroups'])) || $old_profile['ID_GROUP'] == 1) {
            $stillAdmin = !isset($profile_vars['ID_GROUP']) || $profile_vars['ID_GROUP'] == 1 || isset($_POST['additionalGroups']) && in_array(1, $_POST['additionalGroups']);
            // If they would no longer be an admin, look for any other...
            if (!$stillAdmin) {
                $request = db_query("\n\t\t\t\t\tSELECT ID_MEMBER\n\t\t\t\t\tFROM {$db_prefix}members\n\t\t\t\t\tWHERE (ID_GROUP = 1 OR FIND_IN_SET(1, additionalGroups))\n\t\t\t\t\t\tAND ID_MEMBER != {$memID}\n\t\t\t\t\tLIMIT 1", __FILE__, __LINE__);
                list($another) = mysql_fetch_row($request);
                mysql_free_result($request);
                if (empty($another)) {
                    fatal_lang_error('at_least_one_admin');
                }
            }
        }
    }
    // Validate the language file...
    if (($changeIdentity || $changeOther) && isset($_POST['lngfile']) && !empty($modSettings['userLanguage'])) {
        $language_directories = array($settings['default_theme_dir'] . '/languages', $settings['actual_theme_dir'] . '/languages');
        if (!empty($settings['base_theme_dir'])) {
            $language_directories[] = $settings['base_theme_dir'] . '/languages';
        }
        $language_directories = array_unique($language_directories);
        foreach ($language_directories as $language_dir) {
            if (!file_exists($language_dir)) {
                continue;
            }
            $dir = dir($language_dir);
            while ($entry = $dir->read()) {
                if (preg_match('~^index\\.(.+)\\.php$~', $entry, $matches) && $matches[1] == $_POST['lngfile']) {
                    $profile_vars['lngfile'] = "'{$_POST['lngfile']}'";
                    // If they are the owner, make this persist even after they log out.
                    if ($context['user']['is_owner']) {
                        $_SESSION['language'] = $_POST['lngfile'];
                    }
                }
            }
            $dir->close();
        }
    }
    // Here's where we sort out all the 'other' values...
    if ($changeOther) {
        makeThemeChanges($memID, isset($_POST['ID_THEME']) ? (int) $_POST['ID_THEME'] : $old_profile['ID_THEME']);
        makeAvatarChanges($memID, $post_errors);
        makeNotificationChanges($memID);
        foreach ($profile_bools as $var) {
            if (isset($_POST[$var])) {
                $profile_vars[$var] = empty($_POST[$var]) ? '0' : '1';
            }
        }
        foreach ($profile_ints as $var) {
            if (isset($_POST[$var])) {
                $profile_vars[$var] = $_POST[$var] != '' ? (int) $_POST[$var] : '\'\'';
            }
        }
        foreach ($profile_floats as $var) {
            if (isset($_POST[$var])) {
                $profile_vars[$var] = (double) $_POST[$var];
            }
        }
        foreach ($profile_strings as $var) {
            if (isset($_POST[$var])) {
                $profile_vars[$var] = '\'' . $_POST[$var] . '\'';
            }
        }
    }
    if (isset($profile_vars['ICQ']) && $profile_vars['ICQ'] == '0') {
        $profile_vars['ICQ'] = '\'\'';
    }
}
示例#21
0
require_once '../Includes/database.php';
if (isset($_SESSION['username'])) {
    redirect('../');
}
require_once '../Includes/header.php';
require_once '../Includes/formvalidation.php';
?>
<script src="../Scripts/formHandling.js" type="text/javascript"></script>
<?php 
if (isset($_POST['submit'])) {
    $formFields = array('Email', 'FirstName', 'LastName', 'Password1');
    $errors = array();
    $errors['Email'] = validateEmail($_POST['Email']);
    $errors['FirstName'] = validateName($_POST['FirstName']);
    $errors['LastName'] = validateName($_POST['LastName']);
    $errors['Password1'] = validatePassword($_POST['Password1']);
    //$errors['Password2'] = validatePassword($_POST['Password2']);
    if ($errors['Password1'] == "") {
        if ($_POST['Password1'] != $_POST['Password2']) {
            $errors['Password1'] = "Values don't match";
        }
    }
    $totalErrors = "";
    foreach ($formFields as $fields) {
        $totalErrors .= $errors[$fields];
        echo $totalErrors;
        //echo "error :{$fields}".$errors[$fields]."<br/>";
        //echo $totalErrors;
    }
    if ($totalErrors == "") {
        //No error, proceed with insertion
示例#22
0
function SecretAnswer2()
{
    global $txt, $context, $modSettings, $smcFunc, $sourcedir;
    checkSession();
    // Hacker?  How did you get this far without an email or username?
    if (empty($_REQUEST['uid'])) {
        fatal_lang_error('username_no_exist', false);
    }
    loadLanguage('Login');
    // Get the information from the database.
    $request = $smcFunc['db_query']('', '
		SELECT id_member, real_name, member_name, secret_answer, secret_question, openid_uri, email_address
		FROM {db_prefix}members
		WHERE id_member = {int:id_member}
		LIMIT 1', array('id_member' => $_REQUEST['uid']));
    if ($smcFunc['db_num_rows']($request) == 0) {
        fatal_lang_error('username_no_exist', false);
    }
    $row = $smcFunc['db_fetch_assoc']($request);
    $smcFunc['db_free_result']($request);
    // Check if the secret answer is correct.
    if ($row['secret_question'] == '' || $row['secret_answer'] == '' || md5($_POST['secret_answer']) != $row['secret_answer']) {
        log_error(sprintf($txt['reminder_error'], $row['member_name']), 'user');
        fatal_lang_error('incorrect_answer', false);
    }
    // If it's OpenID this is where the music ends.
    if (!empty($row['openid_uri'])) {
        $context['sub_template'] = 'sent';
        $context['description'] = sprintf($txt['reminder_openid_is'], $row['openid_uri']);
        return;
    }
    // You can't use a blank one!
    if (strlen(trim($_POST['passwrd1'])) === 0) {
        fatal_lang_error('no_password', false);
    }
    // They have to be the same too.
    if ($_POST['passwrd1'] != $_POST['passwrd2']) {
        fatal_lang_error('passwords_dont_match', false);
    }
    // Make sure they have a strong enough password.
    require_once $sourcedir . '/Subs-Auth.php';
    $passwordError = validatePassword($_POST['passwrd1'], $row['member_name'], array($row['email_address']));
    // Invalid?
    if ($passwordError != null) {
        fatal_lang_error('profile_error_password_' . $passwordError, false);
    }
    // Alright, so long as 'yer sure.
    updateMemberData($row['id_member'], array('passwd' => sha1(strtolower($row['member_name']) . $_POST['passwrd1'])));
    call_integration_hook('integrate_reset_pass', array($row['member_name'], $row['member_name'], $_POST['passwrd1']));
    // Tell them it went fine.
    loadTemplate('Login');
    $context += array('page_title' => $txt['reminder_password_set'], 'sub_template' => 'login', 'default_username' => $row['member_name'], 'default_password' => $_POST['passwrd1'], 'never_expire' => false, 'description' => $txt['reminder_password_set']);
}
示例#23
0
                                   AND `lastreplier`="1"');
    $awaitingtickets = $opentickets['count'];
    $awaitingtickets_text = '';
    if ($opentickets > 0) {
        $awaitingtickets_text = strtr($lng['ticket']['awaitingticketreply'], array('%s' => '<a href="customer_tickets.php?page=tickets&amp;s=' . $s . '">' . $opentickets['count'] . '</a>'));
    }
    eval("echo \"" . getTemplate("index/index") . "\";");
} elseif ($page == 'change_password') {
    if (isset($_POST['send']) && $_POST['send'] == 'send') {
        $old_password = validate($_POST['old_password'], 'old password');
        if (md5($old_password) != $userinfo['password']) {
            standard_error('oldpasswordnotcorrect');
            exit;
        }
        $new_password = validatePassword($_POST['new_password'], 'new password');
        $new_password_confirm = validatePassword($_POST['new_password_confirm'], 'new password confirm');
        if ($old_password == '') {
            standard_error(array('stringisempty', 'oldpassword'));
        } elseif ($new_password == '') {
            standard_error(array('stringisempty', 'newpassword'));
        } elseif ($new_password_confirm == '') {
            standard_error(array('stringisempty', 'newpasswordconfirm'));
        } elseif ($new_password != $new_password_confirm) {
            standard_error('newpasswordconfirmerror');
        } else {
            $db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `password`='" . md5($new_password) . "' WHERE `customerid`='" . (int) $userinfo['customerid'] . "' AND `password`='" . md5($old_password) . "'");
            $log->logAction(USR_ACTION, LOG_NOTICE, 'changed password');
            if (isset($_POST['change_main_ftp']) && $_POST['change_main_ftp'] == 'true') {
                $db->query("UPDATE `" . TABLE_FTP_USERS . "` SET `password`=ENCRYPT('" . $db->escape($new_password) . "') WHERE `customerid`='" . (int) $userinfo['customerid'] . "' AND `username`='" . $db->escape($userinfo['loginname']) . "'");
                $log->logAction(USR_ACTION, LOG_NOTICE, 'changed main ftp password');
            }
function install()
{
    global $PGHBA, $gforge_lib_dir, $gforge_etc_dir, $tsearch2_sql, $pgservice, $STDIN, $STDOUT;
    show("\n * Enter the Database Name (gforge): ");
    if (getenv('FFORGE_DB')) {
        $gforge_db = getenv('FFORGE_DB');
    } else {
        $gforge_db = trim(fgets($STDIN));
        if (strlen($gforge_db) == 0) {
            $gforge_db = 'gforge';
        }
    }
    show(" ...using '{$gforge_db}'");
    show(' * Enter the Database Username (gforge): ');
    if (getenv('FFORGE_USER')) {
        $gforge_user = getenv('FFORGE_USER');
    } else {
        $gforge_user = trim(fgets($STDIN));
        if (strlen($gforge_user) == 0) {
            $gforge_user = '******';
        }
    }
    show(" ...using '{$gforge_user}'");
    show(" * Modifying DB Access Permissions...");
    if (!file_exists("{$PGHBA}.fforge.backup")) {
        run("cp {$PGHBA} {$PGHBA}.fforge.backup", true);
    }
    run("echo \"# GFORGE\nlocal all all trust\" > {$PGHBA}");
    show(' * Restarting PostgreSQL...');
    run("{$pgservice} stop", true);
    run("{$pgservice} start");
    show(" * Creating '{$gforge_user}' Group...");
    run("/usr/sbin/groupadd {$gforge_user}", true);
    show(" * Creating '{$gforge_user}' User...");
    run("/usr/sbin/useradd -g {$gforge_user} {$gforge_user}", true);
    show(" * Creating Database User '{$gforge_user}'...");
    run("su - postgres -c \"createuser -A -R -d -E {$gforge_user}\"", true);
    show(' * Creating Language...');
    run("su - postgres -c \"createlang plpgsql template1\"", true);
    if (!is_dir("/home/{$gforge_user}")) {
        $susufix = '';
    } else {
        $susufix = '-';
    }
    show(" * Creating '{$gforge_db}' Database...");
    run("su {$susufix} {$gforge_user} -c \"createdb {$gforge_db}\"", true);
    //	# Detect postgresql version, load tsearch2 for pg < 8.3
    //	$pg_version = explode(' ', shell_exec("postgres --version"));
    //	$pgv = $pg_version[2];
    //
    //	if (preg_match('/^(7\.|8\.1|8\.2)/', $pgv)) {
    //		show(" * Dumping tsearch2 Database Into '$gforge_db' DB");
    //		run("su - postgres -c \"psql $gforge_db < $tsearch2_sql\" >> /tmp/gforge-import.log");
    //
    //		$tables = array('pg_ts_cfg', 'pg_ts_cfgmap', 'pg_ts_dict', 'pg_ts_parser');
    //		foreach ($tables as $table) {
    //			run('su - postgres -c "psql '.$gforge_db.' -c \\"GRANT ALL on '.$table.' TO '.$gforge_user.';\\""');
    //		}
    //	} else {
    //		show(" * Creating FTS default configuation (Full Text Search)");
    //		run("su - postgres -c \"psql $gforge_db < $gforge_lib_dir/db/FTS-20081108.sql\" >> /tmp/gforge-import.log");
    //	}
    show(' * Dumping FusionForge DB');
    run("su {$susufix} {$gforge_user} -c \"psql {$gforge_db} < {$gforge_lib_dir}/db/gforge.sql\" >> /tmp/gforge-import.log");
    //	show(' * Dumping FusionForge FTI DB');
    //	run("su $susufix $gforge_user -c \"psql $gforge_db < $gforge_lib_dir/db/FTI.sql\" >> /tmp/gforge-import.log");
    //	run("su $susufix $gforge_user -c \"psql $gforge_db < $gforge_lib_dir/db/FTI-20050315.sql\" >> /tmp/gforge-import.log");
    //	run("su $susufix $gforge_user -c \"psql $gforge_db < $gforge_lib_dir/db/FTI-20050401.sql\" >> /tmp/gforge-import.log");
    //	run("su $susufix $gforge_user -c \"psql $gforge_db < $gforge_lib_dir/db/FTI-20050530.sql\" >> /tmp/gforge-import.log");
    //	run("su $susufix $gforge_user -c \"psql $gforge_db < $gforge_lib_dir/db/FTI-20060130.sql\" >> /tmp/gforge-import.log");
    //	run("su $susufix $gforge_user -c \"psql $gforge_db < $gforge_lib_dir/db/FTI-20061025.sql\" >> /tmp/gforge-import.log");
    show(" * Enter the Admin Username (fforgeadmin): ");
    if (getenv('FFORGE_ADMIN_USER')) {
        $admin_user = getenv('FFORGE_ADMIN_USER');
    } else {
        $admin_user = trim(fgets($STDIN));
        if (strlen($admin_user) == 0) {
            $admin_user = '******';
        }
    }
    show(" ...using '{$admin_user}'");
    if (getenv('FFORGE_ADMIN_PASSWORD')) {
        $bad_pwd = false;
        $pwd1 = getenv('FFORGE_ADMIN_PASSWORD');
    } else {
        $retries = 0;
        $bad_pwd = true;
        $pwd1 = '';
        $pwd2 = '';
        $error = '';
        while ($bad_pwd && $retries < 5) {
            if ($bad_pwd && $retries > 0) {
                show(' * ' . $error);
            }
            $pwd1 = readMasked(" * Enter the Site Admin Password:"******" * Please enter it again: \n");
                if ($pwd1 == $pwd2) {
                    $bad_pwd = false;
                } else {
                    $error = 'Passwords don\'t match. Please try again.';
                }
            }
            $retries++;
        }
    }
    if ($bad_pwd) {
        show('Passwords didn\'t match! Aborting.');
        die;
    } else {
        $pw_md5 = md5($pwd1);
        $pw_crypt = crypt($pwd1);
        $pw_crypt = str_replace('$', '\\\\\\$', $pw_crypt);
        //run(	'su - postgres -c "psql ' .
        //	$gforge_db .
        //	' -c \\"UPDATE \\\\\"user\\\\\" SET unix_name=\'' .
        //	$admin_user . '\', password_md5=\'' .
        //	$pw_md5 . '\', password_crypt=\'' .
        //	$pw_crypt . '\' WHERE user_id=101;\\""'); // MODIFIQUE ESTO
        //run(	'su - postgres -c "psql ' .
        //	$gforge_db .
        //	' -c \\"UPDATE \\\\\"users\\\\\" SET user_name=\'' .
        //	$admin_user . '\', user_pw=\'' .
        //	$pw_md5 . '\', unix_pw=\'' .
        //	$pw_crypt . '\' WHERE user_id=101;\\""');
        //echo "BREAKPOINT 1\n";
        //$t = trim(fgets($STDIN));
        //	run("su - postgres -c \"psql $gforge_db -c \\\"INSERT INTO users (user_name, user_pw, unix_pw) VALUES ('$admin_user', '$pw_md5', '$pw_crypt')\\\"\"");
        run("su - postgres -c \"psql {$gforge_db} -c \\\"INSERT INTO users (user_name, email, user_pw, unix_pw, status, theme_id) VALUES ('{$admin_user}', '*****@*****.**', '{$pw_md5}', '{$pw_crypt}', 'A', 1); INSERT INTO user_group (user_id, group_id, admin_flags) VALUES (currval('users_pk_seq'), 1, 'A')\\\"\"");
        //echo "BREAKPOINT 2\n";
        //$t = trim(fgets($STDIN));
        //	run("su - postgres -c \"psql $gforge_db -c \\\"INSERT INTO user_group (user_id, group_id, admin_flags) VALUES (currval('users_pk_seq'), 1, 'A')\\\"\"" );
        //echo "BREAKPOINT 3\n";
        //$t = trim(fgets($STDIN));
    }
    if (!is_dir($gforge_etc_dir)) {
        mkdir($gforge_etc_dir);
    }
    show(' * Saving database configuration in FForge config file');
    $data = file_get_contents("{$gforge_etc_dir}/local.inc");
    $lines = explode("\n", $data);
    $config = '';
    foreach ($lines as $l) {
        $l = preg_replace("/^.sys_dbname\\s*=\\s*'(.*)'/", "\$sys_dbname='{$gforge_db}'", $l);
        $l = preg_replace("/^.sys_dbuser\\s*=\\s*'(.*)'/", "\$sys_dbuser='******'", $l);
        $config .= $l . "\n";
    }
    if ($fp = fopen("{$gforge_etc_dir}/local.inc", "w")) {
        fwrite($fp, $config);
        fclose($fp);
    }
    show(' * Saving installation log in /tmp/gforge-import.log');
}
示例#25
0
 function changePasswordEmail()
 {
     global $config;
     $updateData = array();
     // Are we setting a new password?
     if (!empty($_POST["settingsPasswordEmail"]["new"])) {
         // Make a copy of the password; the validatePassword() function will automatically format it into a hash.
         $hash = $_POST["settingsPasswordEmail"]["new"];
         if ($error = validatePassword($hash)) {
             $this->messages["new"] = $error;
         } elseif ($_POST["settingsPasswordEmail"]["new"] != $_POST["settingsPasswordEmail"]["confirm"]) {
             $this->messages["confirm"] = "passwordsDontMatch";
         } else {
             $updateData["password"] = "******";
             $this->messages["confirm"] = "reenterInformation";
             // Just in case we fail later on.
         }
         $this->messages["current"] = "reenterInformation";
     }
     // Are we setting a new email?
     if (!empty($_POST["settingsPasswordEmail"]["email"])) {
         // Validate the email address. If it's ok, add the updating part to the query.
         if ($error = validateEmail($_POST["settingsPasswordEmail"]["email"])) {
             $this->messages["email"] = $error;
         } else {
             $updateData["email"] = "'{$_POST["settingsPasswordEmail"]["email"]}'";
         }
         $this->messages["current"] = "reenterInformation";
     }
     // Check the user's old password.
     if (!$this->esoTalk->db->result("SELECT 1 FROM {$config["tablePrefix"]}members WHERE memberId={$this->esoTalk->user["memberId"]} AND password='******'", 0)) {
         $this->messages["current"] = "incorrectPassword";
     } elseif (count($updateData)) {
         $query = $this->esoTalk->db->constructUpdateQuery("members", $updateData, array("memberId" => $this->esoTalk->user["memberId"]));
         $this->esoTalk->db->query($query);
         $this->messages = array();
         return true;
     }
 }
示例#26
0
 /**
  * Verify the answer to the secret question.
  * Accessed with sa=secret2
  */
 public function action_secret2()
 {
     global $txt, $context;
     checkSession();
     validateToken('remind-sai');
     // Hacker?  How did you get this far without an email or username?
     if (empty($_REQUEST['uid'])) {
         fatal_lang_error('username_no_exist', false);
     }
     loadLanguage('Login');
     // Get the information from the database.
     require_once SUBSDIR . '/Members.subs.php';
     $member = getBasicMemberData((int) $_REQUEST['uid'], array('authentication' => true));
     if (empty($member)) {
         fatal_lang_error('username_no_exist', false);
     }
     // Check if the secret answer is correct.
     if ($member['secret_question'] == '' || $member['secret_answer'] == '' || md5($_POST['secret_answer']) !== $member['secret_answer']) {
         log_error(sprintf($txt['reminder_error'], $member['member_name']), 'user');
         fatal_lang_error('incorrect_answer', false);
     }
     // If it's OpenID this is where the music ends.
     if (!empty($member['openid_uri'])) {
         $context['sub_template'] = 'sent';
         $context['description'] = sprintf($txt['reminder_openid_is'], $member['openid_uri']);
         return;
     }
     // You can't use a blank one!
     if (strlen(trim($_POST['passwrd1'])) === 0) {
         fatal_lang_error('no_password', false);
     }
     // They have to be the same too.
     if ($_POST['passwrd1'] != $_POST['passwrd2']) {
         fatal_lang_error('passwords_dont_match', false);
     }
     // Make sure they have a strong enough password.
     require_once SUBSDIR . '/Auth.subs.php';
     $passwordError = validatePassword($_POST['passwrd1'], $member['member_name'], array($member['email_address']));
     // Invalid?
     if ($passwordError != null) {
         fatal_lang_error('profile_error_password_' . $passwordError, false);
     }
     // Alright, so long as 'yer sure.
     require_once SUBSDIR . '/Auth.subs.php';
     $sha_passwd = $_POST['passwrd1'];
     updateMemberData($member['id_member'], array('passwd' => validateLoginPassword($sha_passwd, '', $member['member_name'], true)));
     call_integration_hook('integrate_reset_pass', array($member['member_name'], $member['member_name'], $_POST['passwrd1']));
     // Tell them it went fine.
     loadTemplate('Login');
     loadJavascriptFile('sha256.js', array('defer' => true));
     $context += array('page_title' => $txt['reminder_password_set'], 'sub_template' => 'login', 'default_username' => $member['member_name'], 'default_password' => $_POST['passwrd1'], 'never_expire' => false, 'description' => $txt['reminder_password_set']);
     createToken('login');
 }
示例#27
0
        }
    }
    return true;
}
//Form data validation
if (isset($_POST['register'])) {
    $strEmail = "";
    $strProfile = "";
    $strPassqord = "";
    $strConPassword = "";
    $strEmail = $_POST["email"];
    $strProfile = $_POST["name"];
    $strPassword = $_POST["password"];
    $strConPassword = $_POST["confirmPassword"];
    //$_SESSION["email"] = $strEmail;
    if (validateProfile($strProfile, "Profile Name") && validatePassword($strPassword, "Password")) {
        if ($strPassword != $strConPassword) {
            echo "The password can not match.";
        } else {
            //Connect to database server and table
            include "connection.php";
            @mysqli_select_db($conn, "cl56-henningdb") or die("Database not available");
            /*
            $strSql = "INSERT INTO friends (friend_email, password, profile_name, date_started, num_of_friends) values ('$strEmail', '$strPassword', '$strProfile', CURDATE(), 0)";
            $Result = mysqli_query($conn, $strSql)
            	or die("Problem reading table");
            
            if($Result){
            	echo "Register successfully!";
            	header("location:friendadd.php");
            }
示例#28
0
文件: Users.php 项目: VSG24/ccms
 static function submitNewUser($username, $password, $email, $password2 = null)
 {
     if (!registerUsers()) {
         return 5;
     }
     // admin has disabled registering new users
     $email = filter_var($email, FILTER_SANITIZE_EMAIL);
     $username = validateUserName($username) ? $username : false;
     $password = validatePassword($password) ? $password : false;
     if (!$username || !$password) {
         return 1;
         // username or password does not meet the requirements
     }
     if (isset($password2)) {
         $password2 = validatePassword($password2) ? $password2 : false;
         if ($password2 != false) {
             //$password2 = passwordHash($password2);
             if ($password2 != $password) {
                 return 4;
                 // passwords do not match
             }
         } else {
             return 4;
         }
     }
     $password = passwordHash($password);
     $current_datetime = jDateTime::gdate('Y-m-d H:i:s');
     if (Users::userExists($username)) {
         return 2;
         // username already exist
     }
     $activate = md5($email . time());
     $conn = MySQL::open_conn();
     $query = "INSERT INTO c_users (user_login, user_pass, user_email, user_registered, activate) ";
     $query .= "VALUES ('{$username}', '{$password}', '{$email}', '{$current_datetime}', '{$activate}')";
     $res = $conn->query($query);
     if (!$res) {
         return 3;
     }
     // unknown error while creating new user
     $row = $conn->query("SELECT MAX(ID) AS max FROM c_users")->fetch_array();
     if ($row) {
         $id = $row['max'];
     }
     if (shouldConfMail()) {
         $mail_content = replace_template(getDefaultEmailTemplateContent(), getConfEmailTemplateVars($id));
         Email::sendMail($email, $username, getConfMailSubject(), $mail_content);
     }
     return 0;
 }
示例#29
0
function net2ftp_module_printBody()
{
    // --------------
    // This function prints the login screen
    // --------------
    // -------------------------------------------------------------------------
    // Global variables
    // -------------------------------------------------------------------------
    global $net2ftp_settings, $net2ftp_globals, $net2ftp_messages, $net2ftp_result, $net2ftp_output;
    // The 2 go_to_state variables come from the bookmark, or from registerglobals.inc.php
    if (isset($_GET["go_to_state"]) == true) {
        $go_to_state = validateGenericInput($_GET["go_to_state"]);
    } else {
        $go_to_state = $net2ftp_globals["go_to_state"];
    }
    if (isset($_GET["go_to_state2"]) == true) {
        $go_to_state2 = validateGenericInput($_GET["go_to_state2"]);
    } else {
        $go_to_state2 = $net2ftp_globals["go_to_state2"];
    }
    if (isset($_GET["errormessage"]) == true) {
        $errormessage = validateGenericInput($_GET["errormessage"]);
    }
    // Most actions
    if (isset($_POST["list"]) == true) {
        $list = getSelectedEntries($_POST["list"]);
    } else {
        $list = "";
    }
    // Bookmark
    if (isset($_POST["url"]) == true) {
        $url = validateGenericInput($_POST["url"]);
    } else {
        $url = "";
    }
    if (isset($_POST["text"]) == true) {
        $text = validateGenericInput($_POST["text"]);
    } else {
        $text = "";
    }
    // Copy, move, delete
    if (isset($_POST["ftpserver2"]) == true) {
        $net2ftp_globals["ftpserver2"] = validateFtpserver($_POST["ftpserver2"]);
    } else {
        $net2ftp_globals["ftpserver2"] = "";
    }
    if (isset($_POST["ftpserverport2"]) == true) {
        $net2ftp_globals["ftpserverport2"] = validateFtpserverport($_POST["ftpserverport2"]);
    } else {
        $net2ftp_globals["ftpserverport2"] = "";
    }
    if (isset($_POST["username2"]) == true) {
        $net2ftp_globals["username2"] = validateUsername($_POST["username2"]);
    } else {
        $net2ftp_globals["username2"] = "";
    }
    if (isset($_POST["password2"]) == true) {
        $net2ftp_globals["password2"] = validatePassword($_POST["password2"]);
    } else {
        $net2ftp_globals["password2"] = "";
    }
    // Edit
    if (isset($_POST["textareaType"]) == true) {
        $textareaType = validateTextareaType($_POST["textareaType"]);
    } else {
        $textareaType = "";
    }
    if (isset($_POST["text"]) == true) {
        $text = $_POST["text"];
    } else {
        $text = "";
    }
    if (isset($_POST["text_splitted"]) == true) {
        $text_splitted = $_POST["text_splitted"];
    } else {
        $text_splitted = "";
    }
    // Find string
    if (isset($_POST["searchoptions"]) == true) {
        $searchoptions = $_POST["searchoptions"];
    }
    // New directory
    // Rename
    if (isset($_POST["newNames"]) == true) {
        $newNames = validateEntry($_POST["newNames"]);
    } else {
        $newNames = "";
    }
    // Raw FTP command
    if (isset($_POST["command"]) == true) {
        $command = $_POST["command"];
    } else {
        $command = "CWD {$directory_html}\nPWD\n";
    }
    // Zip
    if (isset($_POST["zipactions"]) == true) {
        $zipactions = $_POST["zipactions"];
    } else {
        $zipactions = "";
    }
    // -------------------------------------------------------------------------
    // Variables for all screens
    // -------------------------------------------------------------------------
    $formname = "LoginForm";
    $enctype = "";
    if ($net2ftp_globals["state2"] == "admin") {
        $message = __("Please enter your Administrator username and password.");
        $button_text = __("Login");
        $username_fieldname = "input_admin_username";
        $password_fieldname = "input_admin_password";
        $username_value = "";
        $password_value = "";
        $focus = $username_fieldname;
    } elseif ($net2ftp_globals["state2"] == "bookmark") {
        $message = __("Please enter your username and password for FTP server <b>%1\$s</b>.", htmlEncode2($net2ftp_globals["ftpserver"]));
        $button_text = __("Login");
        $username_fieldname = "username";
        $password_fieldname = "password";
        if (isset($net2ftp_globals["username"]) == true) {
            $username_value = htmlEncode2($net2ftp_globals["username"]);
            $focus = $password_fieldname;
        } else {
            $username_value = "";
            $focus = $username_fieldname;
        }
        $password_value = "";
    } elseif ($net2ftp_globals["state2"] == "session_expired") {
        $message = __("Your session has expired; please enter your password for FTP server <b>%1\$s</b> to continue.", htmlEncode2($net2ftp_globals["ftpserver"]));
        $button_text = __("Continue");
        $username_fieldname = "username";
        $password_fieldname = "password";
        if (isset($net2ftp_globals["username"]) == true) {
            $username_value = htmlEncode2($net2ftp_globals["username"]);
            $focus = $password_fieldname;
        } else {
            $username_value = "";
            $focus = $username_fieldname;
        }
        $password_value = "";
    } elseif ($net2ftp_globals["state2"] == "session_ipchange") {
        $message = __("Your IP address has changed; please enter your password for FTP server <b>%1\$s</b> to continue.", htmlEncode2($net2ftp_globals["ftpserver"]));
        $button_text = __("Continue");
        $username_fieldname = "username";
        $password_fieldname = "password";
        if (isset($net2ftp_globals["username"]) == true) {
            $username_value = htmlEncode2($net2ftp_globals["username"]);
            $focus = $password_fieldname;
        } else {
            $username_value = "";
            $focus = $username_fieldname;
        }
        $password_value = "";
    }
    // -------------------------------------------------------------------------
    // Print the output
    // -------------------------------------------------------------------------
    require_once $net2ftp_globals["application_skinsdir"] . "/" . $net2ftp_globals["skin"] . "/login_small.template.php";
}
function net2ftp_module_printBody()
{
    // --------------
    // This function prints the copy/move/delete screen
    // --------------
    // -------------------------------------------------------------------------
    // Global variables
    // -------------------------------------------------------------------------
    global $net2ftp_settings, $net2ftp_globals, $net2ftp_messages, $net2ftp_result, $net2ftp_output;
    if (isset($_POST["list"]) == true) {
        $list = getSelectedEntries($_POST["list"]);
    } else {
        $list = "";
    }
    if (isset($_POST["ftpserver2"]) == true) {
        $net2ftp_globals["ftpserver2"] = validateFtpserver($_POST["ftpserver2"]);
    } else {
        $net2ftp_globals["ftpserver2"] = "";
    }
    if (isset($_POST["ftpserverport2"]) == true) {
        $net2ftp_globals["ftpserverport2"] = validateFtpserverport($_POST["ftpserverport2"]);
    } else {
        $net2ftp_globals["ftpserverport2"] = "";
    }
    if (isset($_POST["username2"]) == true) {
        $net2ftp_globals["username2"] = validateUsername($_POST["username2"]);
    } else {
        $net2ftp_globals["username2"] = "";
    }
    if (isset($_POST["password2"]) == true) {
        $net2ftp_globals["password2"] = validatePassword($_POST["password2"]);
    } else {
        $net2ftp_globals["password2"] = "";
    }
    // -------------------------------------------------------------------------
    // Variables for all screens
    // -------------------------------------------------------------------------
    // Title
    if ($net2ftp_globals["state2"] == "copy") {
        $title = __("Copy directories and files");
    } elseif ($net2ftp_globals["state2"] == "move") {
        $title = __("Move directories and files");
    } elseif ($net2ftp_globals["state2"] == "delete") {
        $title = __("Delete directories and files");
    }
    // Form name, back and forward buttons
    $formname = "CopyMoveDeleteForm";
    $back_onclick = "document.forms['" . $formname . "'].state.value='browse';document.forms['" . $formname . "'].state2.value='main';document.forms['" . $formname . "'].submit();";
    $forward_onclick = "document.forms['" . $formname . "'].submit();";
    // -------------------------------------------------------------------------
    // Variables for screen 1
    // -------------------------------------------------------------------------
    if ($net2ftp_globals["screen"] == 1) {
        // Next screen
        $nextscreen = 2;
    } elseif ($net2ftp_globals["screen"] == 2) {
        // ---------------------------------------
        // Open connection to the source server
        // ---------------------------------------
        setStatus(2, 10, __("Connecting to the FTP server"));
        $conn_id_source = ftp_openconnection();
        if ($net2ftp_result["success"] == false) {
            return false;
        }
        // ---------------------------------------
        // Open connection to the target server, if it is different from the source server, or if the username
        // is different (different users may have different authorizations on the same FTP server)
        // ---------------------------------------
        if (($net2ftp_globals["ftpserver2"] != "" || $net2ftp_globals["username2"] != "") && ($net2ftp_globals["ftpserver2"] != $net2ftp_globals["ftpserver"] || $net2ftp_globals["username2"] != $net2ftp_globals["username"])) {
            $conn_id_target = ftp_openconnection2();
            // Note: ftp_openconnection2 cleans the input values
            if ($net2ftp_result["success"] == false) {
                return false;
            }
        } else {
            $conn_id_target = $conn_id_source;
        }
        // ---------------------------------------
        // Copy, move or delete the files and directories
        // ---------------------------------------
        ftp_copymovedelete($conn_id_source, $conn_id_target, $list, $net2ftp_globals["state2"], 0);
        // ---------------------------------------
        // Close the connection to the source server
        // ---------------------------------------
        ftp_closeconnection($conn_id_source);
        // ---------------------------------------
        // Close the connection to the target server, if it is different from the source server
        // ---------------------------------------
        if ($conn_id_source != $conn_id_target) {
            ftp_closeconnection($conn_id_target);
        }
    }
    // end elseif
    // -------------------------------------------------------------------------
    // Print the output
    // -------------------------------------------------------------------------
    require_once $net2ftp_globals["application_skinsdir"] . "/" . $net2ftp_globals["skin"] . "/manage.template.php";
}