Navigation

← Previous Changeset
Next Changeset →

Changeset 109

Timestamp:

10/09/08 23:02:52 (4 years ago)

Author:

Nafania

Message:

Files:

include/secrets.php (modified) (1 diff)
languages/lang_english/lang_faq.php (modified) (1 diff)
languages/lang_russian/lang_faq.php (modified) (1 diff)
login.php (modified) (1 diff)
recover.php (deleted)
signup.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

include/secrets.php

r93	r109
3	3	$db_host = 'localhost';
4	4	$db_port = 3306;
5		$db_user = '';
	5	$db_user = 'root';
6	6	$db_pass = '';
7		$db_name = '';
	7	$db_name = 'bt';
8	8	$db_persistency = false;
9	9

languages/lang_english/lang_faq.php

r9	r109
33	33	array(
34	34	0 => 'I\'ve forgotten my account name and\or password, can you remind me please?',
35		1 => 'Use <a href="~~recover.php~~">this form</a>, please, to get your registration data on the e-mail.'
	35	1 => 'Use <a href="' . append_sid('signup.php?type=recover') . '">this form</a>, please, to get your registration data on the e-mail.'
36	36	),
37	37	array(

languages/lang_russian/lang_faq.php

r9	r109
33	33	array(
34	34	0 => '�� , ��',
35		1 => '��a href="~~recover.php~~">��/a>, �� .'
	35	1 => '��a href="' . append_sid('signup.php?type=recover') . '">��/a>, �� .'
36	36	),
37	37	array(

login.php

r27	r109
17	17	'REDIRECT' => $redirect,
18	18	'ADMIN' => ( get_user_class() >= UC_ADMINISTRATOR ? $admin : 0 ),
19		'LOST_PASS_RECOVER' => sprintf($lang['lost_pass_recover'], append_sid('~~recover.php~~')),
	19	'LOST_PASS_RECOVER' => sprintf($lang['lost_pass_recover'], append_sid('signup.php?type=recover')),
20	20	'NO_ACC_REGISTER' => sprintf($lang['no_account_register'], append_sid('signup.php'))
21	21	));

signup.php

r107	r109
23	23	}
24	24
25		if ( isset($_POST['submit']) ) {
26		foreach (array('wantusername','wantpassword','passagain','gender','year', 'month', 'day', 'download', 'upload', 'country') as $x) {
27		$$x = request_var($x, '');
28		}
29		if ( $wantpassword != $passagain ) {
30		trigger_error($lang['passwords_not_the_same']);
31		}
32		if ( strlen($wantpassword) < 6 \|\| strlen($wantpassword) > 40 ) {
33		trigger_error($lang['pass_too_long']);
34		}
35		if ( $wantpassword == $wantusername ) {
36		trigger_error($lang['pass_and_username_are_the_same']);
37		}
38
39		//now we check invite_hash if user invited
40		if ( isset($_POST['invite_hash']) ) {
41		$invite_hash = request_var('invite_hash', '');
42		$sql = 'SELECT invite_email, invite_user FROM ' . INVITES_TABLE . ' WHERE hash = ' . "'" . $db->sql_escape($invite_hash) . "'";
43		$result = $db->sql_query($sql);
	25
	26	$id = request_var('id', 0);
	27	$md5 = request_var('hash', '');
	28	$email = request_var('email', '');
	29
	30	switch ( $type ) {
	31	case 'change_mail':
	32	$sql = 'SELECT editsecret, name FROM ' . USERS_TABLE . ' WHERE uid = ' . $id . ' AND uid <> ' . ANONYMOUS;
	33	$result = $db->sql_query($sql);
44	34	if ( !($row = $db->sql_fetchrow($result)) ) {
45		trigger_error($lang['invalid_invite_hash']);
	35	trigger_error($lang['bad_data']);
	36	}
	37	$db->sql_freeresult($result);
	38
	39	$sec = hash_pad($row['editsecret']);
	40
	41	$sql = 'UPDATE ' . USERS_TABLE . ' SET editsecret=\'\', email=' . "'" . $db->sql_escape($email) . "'" . ' WHERE uid=' . $id . ' AND editsecret=' . "'" . $db->sql_escape($row['editsecret']) . "'";
	42	$db->sql_query($sql);
	43	if ( !$db->sql_affectedrows() ) {
	44	trigger_error($lang['bad_data']);
	45	}
	46	redirect( append_sid('my.php?emailch=1'));
	47	break;
	48
	49	case 'signup':
	50	trigger_error(sprintf($lang['signup_email_sended'], $email));
	51	break;
	52
	53	case 'confirmed':
	54	trigger_error(sprintf($lang['account_already_comfirmed'], 'login.php'));
	55	break;
	56
	57	case 'confirm':
	58	if ( $userdata['session_logged_in'] ) {
	59	trigger_error($lang['account_succefully_comfirmed']);
	60	}
	61	else {
	62	trigger_error($lang['account_succefully_comfirmed_but_cookies_not_on']);
	63	}
	64	break;
	65
	66	case 'register':
	67	$sql = 'SELECT pass, editsecret, email, name, status FROM ' . USERS_TABLE . ' WHERE uid = ' . $id . ' AND uid <> ' . ANONYMOUS;
	68	$result = $db->sql_query($sql);
	69	if ( !($row = $db->sql_fetchrow($result)) ) {
	70	trigger_error(sprintf($lang['invalid_id'], $id));
	71	}
	72	$db->sql_freeresult($result);
	73	if ( $row['status'] ) {
	74	redirect( append_sid('signup.php?type=confirmed'));
	75	}
	76	$sec = str_pad($row['editsecret'], 20);
	77	if ( $md5 != md5($sec) ) {
	78	trigger_error(sprintf($lang['invalid_id'], $id));
	79	}
	80	$sql = 'UPDATE ' . USERS_TABLE . ' SET status = 1, editsecret=\'\' WHERE uid=' . $id . ' AND status = 0';
	81	$db->sql_query($sql);
	82	if (!$db->sql_affectedrows($result)) {
	83	trigger_error(sprintf($lang['invalid_id'], $id));
	84	}
	85	session_begin ($id, $user_ip, FALSE);
	86	redirect( append_sid('signup.php?type=confirm'));
	87	break;
	88
	89	case 'restore':
	90	$sql = 'SELECT name, email, pass, editsecret FROM ' . USERS_TABLE . ' WHERE uid = ' . $id . ' AND uid <> ' . ANONYMOUS;
	91	$result = $db->sql_query($sql);
	92	if ( !($row = $db->sql_fetchrow($result)) ) {
	93	trigger_error(sprintf($lang['invalid_id'], $id));
	94	}
	95
	96	$email = $row['email'];
	97	if ( $md5 != md5($row['editsecret'] . $email . $row['pass'] . $row['editsecret']) ) {
	98	trigger_error($lang['passwords_not_the_same']);
	99	}
	100
	101	$newpassword = mksecret(10);
	102	$sec = mksecret();
	103	$newpasshash = md5($sec . $newpassword . $sec);
	104
	105	$sql = 'UPDATE ' . USERS_TABLE . ' SET secret=' . "'" . $db->sql_escape($sec) . "'" . ', editsecret=\'\', pass=' . "'" . $db->sql_escape($newpasshash) . "'" . ' WHERE uid=' . $id . ' AND editsecret=' . "'" . $db->sql_escape($row['editsecret']) . "'";
	106	$db->sql_query($sql);
	107
	108	include_once($tracker_root_path . 'include/functions_messenger.php');
	109	$messenger = new messenger(false);
	110	$messenger->template('recover_password_step_2', $config['default_lang']);
	111	$messenger->replyto($email);
	112	$messenger->to($email, $row['name']);
	113
	114	$messenger->assign_vars(array(
	115	'USERNAME' => $row['name'],
	116	'PASSWORD' => $newpassword,
	117	'U_LINK' => generate_tracker_url() . '/login.php' )
	118	);
	119	$messenger->send(NOTIFY_EMAIL);
	120	$messenger->reset();
	121	trigger_error(sprintf($lang['email_sended'], $email));
	122	break;
	123
	124	case 'recover':
	125	if ( isset($_POST['submit']) ) {
	126	$email = request_var('email', '');
	127	if (!$email \|\| !preg_match('/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+$/is', $email) ) {
	128	trigger_error($lang['email_invalid']);
	129	}
	130	$sql = 'SELECT uid, pass, name FROM ' . USERS_TABLE . ' WHERE email=' . "'" . $db->sql_escape($email) . "'";
	131	$result = $db->sql_query_limit($sql, 1);
	132	if ( !($row = $db->sql_fetchrow($result)) ) {
	133	trigger_error(sprintf($lang['email_adress_not_found'], $email));
	134	}
	135	$sec = mksecret();
	136	$sql = 'UPDATE ' . USERS_TABLE . ' SET editsecret=' . "'" . $db->sql_escape($sec) . "'" . ' WHERE uid=' . $row['uid'];
	137	$db->sql_query($sql);
	138	$hash = md5($sec . $email . $row['pass'] . $sec);
	139
	140	include_once($tracker_root_path . 'include/functions_messenger.php');
	141	$messenger = new messenger(false);
	142	$messenger->template('recover_password_step_1', $config['default_lang']);
	143	$messenger->replyto($email);
	144	$messenger->to($email, $row['name']);
	145
	146	$messenger->assign_vars(array(
	147	'EMAIL' => $email,
	148	'IP' => $user_ip,
	149	'U_LINK' => generate_tracker_url() . '/signup.php?id=' . $row['uid'] . '&type=recover&hash=' . $hash )
	150	);
	151	$messenger->send(NOTIFY_EMAIL);
	152	$messenger->reset();
	153
	154	trigger_error(sprintf($lang['email_sended'], $email));
46	155	}
47		$db->sql_freeresult($result);
48		$email = $row['invite_email'];
49		$inviter = $row['invite_user'];
50		}
51		else {
52		$email = request_var('email', '');
53		if ( $error = check_email($email) ) {
54		trigger_error($error['error_msg']);
55		}
56		}
57		if ( $error = check_username($wantusername) ) {
58		trigger_error($error['error_msg']);
59		}
60
61		$download = request_var('download', '');
62		$upload = request_var('upload', '');
63		if ( !check_internet_speed($upload) \|\| !check_internet_speed($download) ) {
64		trigger_error($lang['speed_invalid']);
65		}
66
67		$gender = ( $gender ? 1 : 0 );
68
69		if ( !check_country_id($country) ) {
70		trigger_error($lang['invalid_country']);
71		}
72
73		if ( !checkdate($month, $day, $year) ) {
74		trigger_error($lang['birthday_invalid']);
75		}
76		$birthday = $year . '-' . $month . '-' . $day;
77
78		if ( $config['enable_confirm'] && $gd_enabled )
79		{
80		$confirm_code = request_var('captcha_code', '');
81		$confirm_id = request_var('confirm_id', '');
82		if (empty($confirm_id)) {
83		trigger_error($lang['invalid_verify_image_code']);
	156	else {
	157	$template->assign_vars(array(
	158	'S_FORM_ACTION' => append_sid('signup.php?type=recover')
	159	));
	160	stdhead($lang['pass_recover']);
	161	$template->set_filenames(array(
	162	'body' => 'recover.html'
	163	));
	164	stdfoot();
84	165	}
85		else
86		{
87		if (!preg_match('/^[[:alnum:]]+$/', $confirm_id))
	166	break;
	167
	168	default:
	169	if ( isset($_POST['submit']) ) {
	170	foreach (array('wantusername','wantpassword','passagain','gender','year', 'month', 'day', 'download', 'upload', 'country') as $x) {
	171	$$x = request_var($x, '');
	172	}
	173	if ( $wantpassword != $passagain ) {
	174	trigger_error($lang['passwords_not_the_same']);
	175	}
	176	if ( strlen($wantpassword) < 6 \|\| strlen($wantpassword) > 40 ) {
	177	trigger_error($lang['pass_too_long']);
	178	}
	179	if ( $wantpassword == $wantusername ) {
	180	trigger_error($lang['pass_and_username_are_the_same']);
	181	}
	182
	183	//now we check invite_hash if user invited
	184	if ( isset($_POST['invite_hash']) ) {
	185	$invite_hash = request_var('invite_hash', '');
	186	$sql = 'SELECT invite_email, invite_user FROM ' . INVITES_TABLE . ' WHERE hash = ' . "'" . $db->sql_escape($invite_hash) . "'";
	187	$result = $db->sql_query($sql);
	188	if ( !($row = $db->sql_fetchrow($result)) ) {
	189	trigger_error($lang['invalid_invite_hash']);
	190	}
	191	$db->sql_freeresult($result);
	192	$email = $row['invite_email'];
	193	$inviter = $row['invite_user'];
	194	}
	195	else {
	196	$email = request_var('email', '');
	197	if ( $error = check_email($email) ) {
	198	trigger_error($error['error_msg']);
	199	}
	200	}
	201	if ( $error = check_username($wantusername) ) {
	202	trigger_error($error['error_msg']);
	203	}
	204
	205	$download = request_var('download', '');
	206	$upload = request_var('upload', '');
	207	if ( !check_internet_speed($upload) \|\| !check_internet_speed($download) ) {
	208	trigger_error($lang['speed_invalid']);
	209	}
	210
	211	$gender = ( $gender ? 1 : 0 );
	212
	213	if ( !check_country_id($country) ) {
	214	trigger_error($lang['invalid_country']);
	215	}
	216
	217	if ( !checkdate($month, $day, $year) ) {
	218	trigger_error($lang['birthday_invalid']);
	219	}
	220	$birthday = $year . '-' . $month . '-' . $day;
	221
	222	if ( $config['enable_confirm'] && $gd_enabled )
88	223	{
89		$confirm_id = '';
90		}
91
92		$sql = 'SELECT code
93		FROM ' . CONFIRM_TABLE . "
94		WHERE confirm_id = '$confirm_id'
95		AND session_id = '" . $userdata['session_id'] . "'";
96		$result = $db->sql_query($sql);
97
98		if ( $row = $db->sql_fetchrow($result) )
99		{
100		if ($row['code'] != $confirm_code)
101		{
	224	$confirm_code = request_var('captcha_code', '');
	225	$confirm_id = request_var('confirm_id', '');
	226	if (empty($confirm_id)) {
102	227	trigger_error($lang['invalid_verify_image_code']);
103	228	}
104	229	else
105	230	{
106		$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
	231	if (!preg_match('/^[[:alnum:]]+$/', $confirm_id))
	232	{
	233	$confirm_id = '';
	234	}
	235
	236	$sql = 'SELECT code
	237	FROM ' . CONFIRM_TABLE . "
107	238	WHERE confirm_id = '$confirm_id'
108	239	AND session_id = '" . $userdata['session_id'] . "'";
109		$db->sql_query($sql);
110		}
111		}
112		else
113		{
114		trigger_error($lang['invalid_verify_image_code']);
115		}
116		$db->sql_freeresult($result);
	240	$result = $db->sql_query($sql);
	241
	242	if ( $row = $db->sql_fetchrow($result) )
	243	{
	244	if ($row['code'] != $confirm_code)
	245	{
	246	trigger_error($lang['invalid_verify_image_code']);
	247	}
	248	else
	249	{
	250	$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
	251	WHERE confirm_id = '$confirm_id'
	252	AND session_id = '" . $userdata['session_id'] . "'";
	253	$db->sql_query($sql);
	254	}
	255	}
	256	else
	257	{
	258	trigger_error($lang['invalid_verify_image_code']);
	259	}
	260	$db->sql_freeresult($result);
	261	}
	262	}
	263
	264	// make sure user agrees to everything...
	265	if ( !isset($_POST['rulesverify']) \|\| !isset($_POST['faqverify']) \|\| !isset($_POST['ageverify']) ){
	266	trigger_error($lang['you_cant_be_registered']);
	267	}
	268
	269	if ( !($config['allow_clons']) ) {
	270	// check if ip is already in use
	271	$sql = 'SELECT COUNT(*) AS count FROM ' . USERS_TABLE . ' WHERE ip=' . "'" . $db->sql_escape($user_ip) . "'";
	272	$result = $db->sql_query($sql);
	273	$ip_check = ( $row = $db->sql_fetchrow($result) ) ? intval($row['count']) : 0;
	274	$db->sql_freeresult($result);
	275	if ( $ip_check ) {
	276	trigger_error(sprintf($lang['ip_already_in_use'], $user_ip));
	277	}
	278	}
	279
	280	if ( $config['check_dnsbl'] ) {
	281	if ( ($dnsbl = check_dnsbl('register')) !== false ) {
	282	trigger_error($lang['you_been_banned']);
	283	}
	284	}
	285
	286	$secret = mksecret();
	287	$wantpasshash = md5($secret . $wantpassword . $secret);
	288	$editsecret = mksecret();
	289
	290	$torrent_pass = md5($wantusername . time() . $wantpasshash);
	291
	292	$user_limit_ary_allow_download = unserialize($config['user_limit_ary_allow_download']);
	293	$user_limit_ary_torrents = unserialize($config['user_limit_ary_torrents']);
	294
	295	$result = $db->sql_query('SELECT MAX(uid) AS max_uid FROM ' . USERS_TABLE);
	296	$id = ( $row = $db->sql_fetchrow($result) ) ? intval($row['max_uid']) + 1 : 1;
	297
	298	//now we generate insert sql
	299	$sql_ary = array('uid' => $id,
	300	'name' => $wantusername,
	301	'pass' => $wantpasshash,
	302	'secret' => $secret,
	303	'editsecret' => $editsecret,
	304	'email' => $email,
	305	'ip' => $user_ip,
	306	'country' => $country,
	307	'torrent_pass' => $torrent_pass,
	308	'status' => ( $config['activate_via_email'] ? 0 : 1 ),
	309	'added' => time(),
	310	'upload' => $upload,
	311	'download' => $download,
	312	'gender' => $gender,
	313	'birthday' => $birthday,
	314	'user_style' => $config['default_style'],
	315	'language' => $config['default_lang'],
	316	'tzoffset' => doubleval($config['board_timezone']),
	317	'user_dst' => $config['board_dst'],
	318	'can_leech' => ( isset($user_limit_ary_allow_download[UC_USER]) ? 1 : 0 ),
	319	'torrents_limit' => $user_limit_ary_torrents[UC_USER],
	320	'invited_by' => ( isset($inviter) ? $inviter : 0 )
	321	);
	322
	323	$db->sql_query('INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
	324
	325	$db->sql_query('INSERT INTO ' . GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', array('group_name' => '',
	326	'group_description' => 'Personal User',
	327	'group_single_user' => 1,
	328	'group_moderator' => 0)));
	329	$group_id = $db->sql_nextid();
	330	$db->sql_query('INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array('user_id' => $id,
	331	'group_id' => $group_id,
	332	'user_pending' => 0)));
	333	$db->sql_query('INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array('user_id' => $id,
	334	'group_id' => $phpbb_class[UC_USER],
	335	'user_pending' => 0)));
	336	if ( isset($_POST['invite_hash']) ) {
	337	$sql = 'DELETE FROM ' . INVITES_TABLE . ' WHERE hash = ' . "'" . $db->sql_escape($invite_hash) . "'";
	338	$db->sql_query($sql);
	339	}
	340	$psecret = md5($editsecret);
	341
	342	if ( $config['activate_via_email'] && $config['email_enable'] ) {
	343	include_once($tracker_root_path . 'include/functions_messenger.php');
	344	$messenger = new messenger(false);
	345	$messenger->template('signup_confimation', $config['default_lang']);
	346	$messenger->replyto($email);
	347	$messenger->to($email, $wantusername);
	348
	349	$messenger->assign_vars(array(
	350	'EMAIL' => $email,
	351	'IP' => $user_ip,
	352	'U_LINK' => generate_tracker_url() . '/signup.php?type=register&id=' . $id . '&secret=' . $psecret )
	353	);
	354	$messenger->send(NOTIFY_EMAIL);
	355	$messenger->reset();
	356	redirect( append_sid('signup.php?type=signup&email=' . urlencode($email)));
	357	}
	358	else {
	359	$sql = 'UPDATE ' . USERS_TABLE . ' SET status = 1, editsecret=\'\' WHERE uid=' . $id . ' AND status = 0';
	360	$db->sql_query($sql);
	361	session_begin ($id, $user_ip, false);
	362	redirect( append_sid('signup.php?type=confirm'));
	363	}
117	364	}
118		}
119
120		// make sure user agrees to everything...
121		if ( !isset($_POST['rulesverify']) \|\| !isset($_POST['faqverify']) \|\| !isset($_POST['ageverify']) ){
122		trigger_error($lang['you_cant_be_registered']);
123		}
124
125		if ( !($config['allow_clons']) ) {
126		// check if ip is already in use
127		$sql = 'SELECT COUNT(*) AS count FROM ' . USERS_TABLE . ' WHERE ip=' . "'" . $db->sql_escape($user_ip) . "'";
128		$result = $db->sql_query($sql);
129		$ip_check = ( $row = $db->sql_fetchrow($result) ) ? intval($row['count']) : 0;
130		$db->sql_freeresult($result);
131		if ( $ip_check ) {
132		trigger_error(sprintf($lang['ip_already_in_use'], $user_ip));
133		}
134		}
135
136		if ( $config['check_dnsbl'] ) {
137		if ( ($dnsbl = check_dnsbl('register')) !== false ) {
138		trigger_error($lang['you_been_banned']);
139		}
140		}
141
142		$secret = mksecret();
143		$wantpasshash = md5($secret . $wantpassword . $secret);
144		$editsecret = mksecret();
145
146		$torrent_pass = md5($wantusername . time() . $wantpasshash);
147
148		$user_limit_ary_allow_download = unserialize($config['user_limit_ary_allow_download']);
149		$user_limit_ary_torrents = unserialize($config['user_limit_ary_torrents']);
150
151		$result = $db->sql_query('SELECT MAX(uid) AS max_uid FROM ' . USERS_TABLE);
152		$id = ( $row = $db->sql_fetchrow($result) ) ? intval($row['max_uid']) + 1 : 1;
153
154		//now we generate insert sql
155		$sql_ary = array('uid' => $id,
156		'name' => $wantusername,
157		'pass' => $wantpasshash,
158		'secret' => $secret,
159		'editsecret' => $editsecret,
160		'email' => $email,
161		'ip' => $user_ip,
162		'country' => $country,
163		'torrent_pass' => $torrent_pass,
164		'status' => ( $config['activate_via_email'] ? 0 : 1 ),
165		'added' => time(),
166		'upload' => $upload,
167		'download' => $download,
168		'gender' => $gender,
169		'birthday' => $birthday,
170		'user_style' => $config['default_style'],
171		'language' => $config['default_lang'],
172		'tzoffset' => doubleval($config['board_timezone']),
173		'user_dst' => $config['board_dst'],
174		'can_leech' => ( isset($user_limit_ary_allow_download[UC_USER]) ? 1 : 0 ),
175		'torrents_limit' => $user_limit_ary_torrents[UC_USER],
176		'invited_by' => ( isset($inviter) ? $inviter : 0 )
177		);
178
179		$db->sql_query('INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
180
181		$db->sql_query('INSERT INTO ' . GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', array('group_name' => '',
182		'group_description' => 'Personal User',
183		'group_single_user' => 1,
184		'group_moderator' => 0)));
185		$group_id = $db->sql_nextid();
186		$db->sql_query('INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array('user_id' => $id,
187		'group_id' => $group_id,
188		'user_pending' => 0)));
189		$db->sql_query('INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array('user_id' => $id,
190		'group_id' => $phpbb_class[UC_USER],
191		'user_pending' => 0)));
192		if ( isset($_POST['invite_hash']) ) {
193		$sql = 'DELETE FROM ' . INVITES_TABLE . ' WHERE hash = ' . "'" . $db->sql_escape($invite_hash) . "'";
194		$db->sql_query($sql);
195		}
196		$psecret = md5($editsecret);
197
198		if ( $config['activate_via_email'] && $config['email_enable'] ) {
199		include_once($tracker_root_path . 'include/functions_messenger.php');
200		$messenger = new messenger(false);
201		$messenger->template('signup_confimation', $config['default_lang']);
202		$messenger->replyto($email);
203		$messenger->to($email, $wantusername);
204
205		$messenger->assign_vars(array(
206		'EMAIL' => $email,
207		'IP' => $user_ip,
208		'U_LINK' => generate_tracker_url() . '/signup.php?type=register&id=' . $id . '&secret=' . $psecret )
209		);
210		$messenger->send(NOTIFY_EMAIL);
211		$messenger->reset();
212		redirect( append_sid('signup.php?type=signup&email=' . urlencode($email)));
213		}
214		else {
215		$sql = 'UPDATE ' . USERS_TABLE . ' SET status = 1, editsecret=\'\' WHERE uid=' . $id . ' AND status = 0';
216		$db->sql_query($sql);
217		session_begin ($id, $user_ip, false);
218		redirect( append_sid('signup.php?type=confirm'));
219		}
220		}
221		else {
222		$id = request_var('id', 0);
223		$md5 = request_var('hash', '');
224		$email = request_var('email', '');
225
226		switch ( $type ) {
227		case 'change_mail':
228		$sql = 'SELECT editsecret, name FROM ' . USERS_TABLE . ' WHERE uid = ' . $id . ' AND uid <> ' . ANONYMOUS;
229		$result = $db->sql_query($sql);
230
231		if ( !($row = $db->sql_fetchrow($result)) ) {
232		trigger_error($lang['bad_data']);
233		}
234		$db->sql_freeresult($result);
235
236		$sec = hash_pad($row['editsecret']);
237
238		$sql = 'UPDATE ' . USERS_TABLE . ' SET editsecret=\'\', email=' . "'" . $db->sql_escape($email) . "'" . ' WHERE uid=' . $id . ' AND editsecret=' . "'" . $db->sql_escape($row['editsecret']) . "'";
239		$db->sql_query($sql);
240		if ( !$db->sql_affectedrows() ) {
241		trigger_error($lang['bad_data']);
242		}
243		redirect( append_sid('my.php?emailch=1'));
244		break;
245
246		case 'signup':
247		trigger_error(sprintf($lang['signup_email_sended'], $email));
248		break;
249
250		case 'confirmed':
251		trigger_error(sprintf($lang['account_already_comfirmed'], 'login.php'));
252		break;
253
254		case 'confirm':
255		if ( $userdata['session_logged_in'] ) {
256		trigger_error($lang['account_succefully_comfirmed']);
257		}
258		else {
259		trigger_error($lang['account_succefully_comfirmed_but_cookies_not_on']);
260		}
261		break;
262
263		case 'register':
264
265		$sql = 'SELECT pass, editsecret, email, name, status FROM ' . USERS_TABLE . ' WHERE uid = ' . $id . ' AND uid <> ' . ANONYMOUS;
266		$result = $db->sql_query($sql);
267		if ( !($row = $db->sql_fetchrow($result)) ) {
268		trigger_error(sprintf($lang['invalid_id'], $id));
269		}
270		$db->sql_freeresult($result);
271		if ( $row['status'] ) {
272		redirect( append_sid('signup.php?type=confirmed'));
273		}
274		$sec = str_pad($row['editsecret'], 20);
275		if ( $md5 != md5($sec) ) {
276		trigger_error(sprintf($lang['invalid_id'], $id));
277		}
278		$sql = 'UPDATE ' . USERS_TABLE . ' SET status = 1, editsecret=\'\' WHERE uid=' . $id . ' AND status = 0';
279		$db->sql_query($sql);
280		if (!$db->sql_affectedrows($result)) {
281		trigger_error(sprintf($lang['invalid_id'], $id));
282		}
283		session_begin ($id, $user_ip, FALSE);
284		redirect( append_sid('signup.php?type=confirm'));
285		break;
286
287		default:
	365	else {
288	366	if ( $userdata['session_logged_in'] ) {
289	367	redirect( append_sid($tracker_root_path));
…	…
367	445	));
368	446	stdfoot();
369		~~break;~~
370		}
	447	}
	448	break;
371	449	}
372	450

Navigation

Changeset 109

Legend:

include/secrets.php

languages/lang_english/lang_faq.php

languages/lang_russian/lang_faq.php

login.php

signup.php

Download in other formats: