|
|
@ -45,47 +45,47 @@
|
|
|
|
unset($_REQUEST['oldid']);
|
|
|
|
unset($_REQUEST['oldid']);
|
|
|
|
if($Q1)
|
|
|
|
if($Q1)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
$_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes($A1)));
|
|
|
|
$_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($A1))));
|
|
|
|
|
|
|
|
|
|
|
|
if(stripslashes(strtolower($_SESSION['lostpw']['A1'])) == strtolower($_SESSION['lostpw']['user']['A1']))
|
|
|
|
if(stripslashes(strtolower($_SESSION['lostpw']['A1'])) == strtolower($_SESSION['lostpw']['user']['A1']))
|
|
|
|
$answers++;
|
|
|
|
$answers++;
|
|
|
|
$body .= "System: ".$_SESSION['lostpw']['user']['A1']."\nEntered: ".stripslashes($_SESSION['lostpw']['A1'])."\n";
|
|
|
|
$body .= "System: ".$_SESSION['lostpw']['user']['A1']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A1']))."\n";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if($Q2)
|
|
|
|
if($Q2)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
$_SESSION['lostpw']['A2'] = trim(mysql_escape_string(stripslashes($A2)));
|
|
|
|
$_SESSION['lostpw']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($A2))));
|
|
|
|
|
|
|
|
|
|
|
|
if(stripslashes(strtolower($_SESSION['lostpw']['A2'])) == strtolower($_SESSION['lostpw']['user']['A2']))
|
|
|
|
if(stripslashes(strtolower($_SESSION['lostpw']['A2'])) == strtolower($_SESSION['lostpw']['user']['A2']))
|
|
|
|
$answers++;
|
|
|
|
$answers++;
|
|
|
|
$body .= "System: ".$_SESSION['lostpw']['user']['A2']."\nEntered: ".stripslashes($_SESSION['lostpw']['A2'])."\n";
|
|
|
|
$body .= "System: ".$_SESSION['lostpw']['user']['A2']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A2']))."\n";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if($Q3)
|
|
|
|
if($Q3)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
$_SESSION['lostpw']['A3'] = trim(mysql_escape_string(stripslashes($A3)));
|
|
|
|
$_SESSION['lostpw']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($A3))));
|
|
|
|
|
|
|
|
|
|
|
|
if(stripslashes(strtolower($_SESSION['lostpw']['A3'])) == strtolower($_SESSION['lostpw']['user']['A3']))
|
|
|
|
if(stripslashes(strtolower($_SESSION['lostpw']['A3'])) == strtolower($_SESSION['lostpw']['user']['A3']))
|
|
|
|
$answers++;
|
|
|
|
$answers++;
|
|
|
|
$body .= "System: ".$_SESSION['lostpw']['user']['A3']."\nEntered: ".stripslashes($_SESSION['lostpw']['A3'])."\n";
|
|
|
|
$body .= "System: ".$_SESSION['lostpw']['user']['A3']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A3']))."\n";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if($Q4)
|
|
|
|
if($Q4)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
$_SESSION['lostpw']['A4'] = trim(mysql_escape_string(stripslashes($A4)));
|
|
|
|
$_SESSION['lostpw']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($A4))));
|
|
|
|
|
|
|
|
|
|
|
|
if(stripslashes(strtolower($_SESSION['lostpw']['A4'])) == strtolower($_SESSION['lostpw']['user']['A4']))
|
|
|
|
if(stripslashes(strtolower($_SESSION['lostpw']['A4'])) == strtolower($_SESSION['lostpw']['user']['A4']))
|
|
|
|
$answers++;
|
|
|
|
$answers++;
|
|
|
|
$body .= "System: ".$_SESSION['lostpw']['user']['A4']."\nEntered: ".stripslashes($_SESSION['lostpw']['A4'])."\n";
|
|
|
|
$body .= "System: ".$_SESSION['lostpw']['user']['A4']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A4']))."\n";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if($Q5)
|
|
|
|
if($Q5)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
$_SESSION['lostpw']['A5'] = trim(mysql_escape_string(stripslashes($A5)));
|
|
|
|
$_SESSION['lostpw']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($A5))));
|
|
|
|
|
|
|
|
|
|
|
|
if(stripslashes(strtolower($_SESSION['lostpw']['A5'])) == strtolower($_SESSION['lostpw']['user']['A5']))
|
|
|
|
if(stripslashes(strtolower($_SESSION['lostpw']['A5'])) == strtolower($_SESSION['lostpw']['user']['A5']))
|
|
|
|
$answers++;
|
|
|
|
$answers++;
|
|
|
|
$body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".stripslashes($_SESSION['lostpw']['A5'])."\n";
|
|
|
|
$body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A5']))."\n";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes($_REQUEST['newpass1'])));
|
|
|
|
$_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass1']))));
|
|
|
|
$_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes($_REQUEST['newpass2'])));
|
|
|
|
$_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass2']))));
|
|
|
|
|
|
|
|
|
|
|
|
if($answers < $_SESSION['lostpw']['total'] || $answers < 1)
|
|
|
|
if($answers < $_SESSION['lostpw']['total'] || $answers < 1)
|
|
|
|
{
|
|
|
|
{
|
|
|
@ -123,7 +123,7 @@
|
|
|
|
|
|
|
|
|
|
|
|
if($_REQUEST['oldid'] == 5 && $_REQUEST['process'] != "")
|
|
|
|
if($_REQUEST['oldid'] == 5 && $_REQUEST['process'] != "")
|
|
|
|
{
|
|
|
|
{
|
|
|
|
$email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes($_REQUEST['email'])));
|
|
|
|
$email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
|
|
|
|
$_SESSION['lostpw']['day'] = intval($day);
|
|
|
|
$_SESSION['lostpw']['day'] = intval($day);
|
|
|
|
$_SESSION['lostpw']['month'] = intval($month);
|
|
|
|
$_SESSION['lostpw']['month'] = intval($month);
|
|
|
|
$_SESSION['lostpw']['year'] = intval($year);
|
|
|
|
$_SESSION['lostpw']['year'] = intval($year);
|
|
|
@ -174,8 +174,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
$_SESSION['_config']['errmsg'] = "";
|
|
|
|
$_SESSION['_config']['errmsg'] = "";
|
|
|
|
|
|
|
|
|
|
|
|
$email = mysql_escape_string(stripslashes(trim($_REQUEST['email'])));
|
|
|
|
$email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
|
|
|
|
$pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword'])));
|
|
|
|
$pword = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['pword']))));
|
|
|
|
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
|
|
|
|
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
|
|
|
|
`password`=password('$pword')) and `verified`=1 and `deleted`=0";
|
|
|
|
`password`=password('$pword')) and `verified`=1 and `deleted`=0";
|
|
|
|
$res = mysql_query($query);
|
|
|
|
$res = mysql_query($query);
|
|
|
@ -231,26 +231,26 @@
|
|
|
|
|
|
|
|
|
|
|
|
$_SESSION['_config']['errmsg'] = "";
|
|
|
|
$_SESSION['_config']['errmsg'] = "";
|
|
|
|
|
|
|
|
|
|
|
|
$_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes($_REQUEST['email'])));
|
|
|
|
$_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
|
|
|
|
$_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes($fname)));
|
|
|
|
$_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes(strip_tags($fname))));
|
|
|
|
$_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes($mname)));
|
|
|
|
$_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes(strip_tags($mname))));
|
|
|
|
$_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes($lname)));
|
|
|
|
$_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes(strip_tags($lname))));
|
|
|
|
$_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes($suffix)));
|
|
|
|
$_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes(strip_tags($suffix))));
|
|
|
|
$_SESSION['signup']['day'] = intval($day);
|
|
|
|
$_SESSION['signup']['day'] = intval($day);
|
|
|
|
$_SESSION['signup']['month'] = intval($month);
|
|
|
|
$_SESSION['signup']['month'] = intval($month);
|
|
|
|
$_SESSION['signup']['year'] = intval($year);
|
|
|
|
$_SESSION['signup']['year'] = intval($year);
|
|
|
|
$_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes($pword1)));
|
|
|
|
$_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes(strip_tags($pword1))));
|
|
|
|
$_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes($pword2)));
|
|
|
|
$_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes(strip_tags($pword2))));
|
|
|
|
$_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes($Q1)));
|
|
|
|
$_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes(strip_tags($Q1))));
|
|
|
|
$_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes($Q2)));
|
|
|
|
$_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes(strip_tags($Q2))));
|
|
|
|
$_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes($Q3)));
|
|
|
|
$_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes(strip_tags($Q3))));
|
|
|
|
$_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes($Q4)));
|
|
|
|
$_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes(strip_tags($Q4))));
|
|
|
|
$_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes($Q5)));
|
|
|
|
$_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes(strip_tags($Q5))));
|
|
|
|
$_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes($A1)));
|
|
|
|
$_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($A1))));
|
|
|
|
$_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes($A2)));
|
|
|
|
$_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($A2))));
|
|
|
|
$_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes($A3)));
|
|
|
|
$_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($A3))));
|
|
|
|
$_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes($A4)));
|
|
|
|
$_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($A4))));
|
|
|
|
$_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes($A5)));
|
|
|
|
$_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($A5))));
|
|
|
|
$_SESSION['signup']['general'] = intval($_POST['general']);
|
|
|
|
$_SESSION['signup']['general'] = intval($_POST['general']);
|
|
|
|
$_SESSION['signup']['country'] = intval($_POST['country']);
|
|
|
|
$_SESSION['signup']['country'] = intval($_POST['country']);
|
|
|
|
$_SESSION['signup']['regional'] = intval($_POST['regional']);
|
|
|
|
$_SESSION['signup']['regional'] = intval($_POST['regional']);
|
|
|
@ -333,9 +333,7 @@
|
|
|
|
|
|
|
|
|
|
|
|
if($id == 2)
|
|
|
|
if($id == 2)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
$rnd = fopen("/dev/urandom", "r");
|
|
|
|
$hash = make_hash();
|
|
|
|
$hash = md5(fgets($rnd, 64));
|
|
|
|
|
|
|
|
fclose($rnd);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$query = "insert into `users` set `email`='".$_SESSION['signup']['email']."',
|
|
|
|
$query = "insert into `users` set `email`='".$_SESSION['signup']['email']."',
|
|
|
|
`password`=sha1('".$_SESSION['signup']['pword1']."'),
|
|
|
|
`password`=sha1('".$_SESSION['signup']['pword1']."'),
|
|
|
|