updates
This commit is contained in:
root
parent
3af71ece2a
commit
81ef702a6c
8 changed files with 78 additions and 80 deletions
|
|
@ -56,9 +56,7 @@
|
||||||
showfooter();
|
showfooter();
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
$rnd = fopen("/dev/urandom", "r");
|
$hash = make_hash();
|
||||||
$hash = md5(fgets($rnd, 64));
|
|
||||||
fclose($rnd);
|
|
||||||
$query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
|
$query = "insert into `email` set `email`='".$_REQUEST['email']."',`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
|
||||||
mysql_query($query);
|
mysql_query($query);
|
||||||
$emailid = mysql_insert_id();
|
$emailid = mysql_insert_id();
|
||||||
|
|
@ -438,10 +436,7 @@
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$rnd = fopen("/dev/urandom", "r");
|
$hash = make_hash();
|
||||||
$hash = md5(fgets($rnd, 64));
|
|
||||||
fclose($rnd);
|
|
||||||
|
|
||||||
$query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
|
$query = "insert into `domains` set `domain`='".mysql_real_escape_string($_SESSION['_config']['domain'])."',
|
||||||
`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
|
`memid`='".$_SESSION['profile']['id']."',`created`=NOW(),`hash`='$hash'";
|
||||||
mysql_query($query);
|
mysql_query($query);
|
||||||
|
|
@ -883,23 +878,23 @@
|
||||||
|
|
||||||
if($oldid == 13 && $_REQUEST['process'] != "")
|
if($oldid == 13 && $_REQUEST['process'] != "")
|
||||||
{
|
{
|
||||||
$_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes($fname)));
|
$_SESSION['_config']['user']['fname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($fname))));
|
||||||
$_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes($mname)));
|
$_SESSION['_config']['user']['mname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($mname))));
|
||||||
$_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes($lname)));
|
$_SESSION['_config']['user']['lname'] = trim(mysql_real_escape_string(stripslashes(strip_tags($lname))));
|
||||||
$_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes($suffix)));
|
$_SESSION['_config']['user']['suffix'] = trim(mysql_real_escape_string(stripslashes(strip_tags($suffix))));
|
||||||
$_SESSION['_config']['user']['day'] = intval($day);
|
$_SESSION['_config']['user']['day'] = intval($day);
|
||||||
$_SESSION['_config']['user']['month'] = intval($month);
|
$_SESSION['_config']['user']['month'] = intval($month);
|
||||||
$_SESSION['_config']['user']['year'] = intval($year);
|
$_SESSION['_config']['user']['year'] = intval($year);
|
||||||
$_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes($Q1)));
|
$_SESSION['_config']['user']['Q1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($Q1))));
|
||||||
$_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes($Q2)));
|
$_SESSION['_config']['user']['Q2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($Q2))));
|
||||||
$_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes($Q3)));
|
$_SESSION['_config']['user']['Q3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($Q3))));
|
||||||
$_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes($Q4)));
|
$_SESSION['_config']['user']['Q4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($Q4))));
|
||||||
$_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes($Q5)));
|
$_SESSION['_config']['user']['Q5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($Q5))));
|
||||||
$_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes($A1)));
|
$_SESSION['_config']['user']['A1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($A1))));
|
||||||
$_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes($A2)));
|
$_SESSION['_config']['user']['A2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($A2))));
|
||||||
$_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes($A3)));
|
$_SESSION['_config']['user']['A3'] = trim(mysql_real_escape_string(stripslashes(strip_tags($A3))));
|
||||||
$_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes($A4)));
|
$_SESSION['_config']['user']['A4'] = trim(mysql_real_escape_string(stripslashes(strip_tags($A4))));
|
||||||
$_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes($A5)));
|
$_SESSION['_config']['user']['A5'] = trim(mysql_real_escape_string(stripslashes(strip_tags($A5))));
|
||||||
|
|
||||||
if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
|
if($_SESSION['_config']['user']['Q1'] == "" || $_SESSION['_config']['user']['Q2'] == "" ||
|
||||||
$_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
|
$_SESSION['_config']['user']['Q3'] == "" || $_SESSION['_config']['user']['Q4'] == "" ||
|
||||||
|
|
@ -973,9 +968,9 @@
|
||||||
|
|
||||||
if($oldid == 14 && $_REQUEST['process'] != "")
|
if($oldid == 14 && $_REQUEST['process'] != "")
|
||||||
{
|
{
|
||||||
$_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes($oldpassword)));
|
$_SESSION['_config']['user']['oldpass'] = trim(mysql_real_escape_string(stripslashes(strip_tags($oldpassword))));
|
||||||
$_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes($pword1)));
|
$_SESSION['_config']['user']['pword1'] = trim(mysql_real_escape_string(stripslashes(strip_tags($pword1))));
|
||||||
$_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes($pword2)));
|
$_SESSION['_config']['user']['pword2'] = trim(mysql_real_escape_string(stripslashes(strip_tags($pword2))));
|
||||||
|
|
||||||
$id = 14;
|
$id = 14;
|
||||||
showheader(_("My CAcert.org Account!"));
|
showheader(_("My CAcert.org Account!"));
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,9 @@
|
||||||
session_register("signup");
|
session_register("signup");
|
||||||
session_register("lostpw");
|
session_register("lostpw");
|
||||||
|
|
||||||
|
if($_SESSION['profile']['id'] > 0)
|
||||||
|
session_regenerate_id();
|
||||||
|
|
||||||
$junk = array(_("Face to Face Meeting"), _("Trusted Third Parties"), _("Thawte Points Transfer"), _("Administrative Increase"),
|
$junk = array(_("Face to Face Meeting"), _("Trusted Third Parties"), _("Thawte Points Transfer"), _("Administrative Increase"),
|
||||||
_("CT Magazine - Germany"), _("Temporary Increase"), _("Unknown"));
|
_("CT Magazine - Germany"), _("Temporary Increase"), _("Unknown"));
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -71,6 +71,7 @@ google_color_border = "FFFFFF";
|
||||||
<div class="relatedLinks">
|
<div class="relatedLinks">
|
||||||
<h3><?=_("Join CAcert.org")?></h3>
|
<h3><?=_("Join CAcert.org")?></h3>
|
||||||
<a href="https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=1"><?=_("Join")?></a>
|
<a href="https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=1"><?=_("Join")?></a>
|
||||||
|
<a href="index.php?id=3"><?=_("Root Certificate")?></a>
|
||||||
</div>
|
</div>
|
||||||
<div class="relatedLinks">
|
<div class="relatedLinks">
|
||||||
<h3><?=_("My Account")?></h3>
|
<h3><?=_("My Account")?></h3>
|
||||||
|
|
@ -80,7 +81,7 @@ google_color_border = "FFFFFF";
|
||||||
</div>
|
</div>
|
||||||
<div class="relatedLinks">
|
<div class="relatedLinks">
|
||||||
<h3 onclick="explode('misc')"><?=_("Miscellaneous")?></h3>
|
<h3 onclick="explode('misc')"><?=_("Miscellaneous")?></h3>
|
||||||
<ul class="menu" id="misc"><li><a href="news.php"><?=_("CAcert News")?></a></li><li><a href="help.php"><?=_("Howto Information")?></a></li><li><a href="http://wiki.CAcert.org"><?=_("Wiki Documentation")?></li><li><a href="http://bugs.CAcert.org"><?=_("Bug Database")?></a></li><li><a href="logos.php"><?=_("CAcert Logos")?></a></li><li><a href="stats.php"><?=_("CAcert Statistics")?></a></li><li><a href="index.php?id=3"><?=_("Root Certificate")?></a></li><li><a href="revoke.crl"><?=_("CRL")?></a></li><li><a href="http://my.rsscache.com/blog.CAcert.org/feed/"><?=_("RSS News Feed")?></a></li><li><? if($_SESSION['profile']['admin'] == 1) { ?><a href="index.php?id=5"><?=_("OCSP Details")?></a><? } ?></li><li><a href="index.php?id=7"><?=_("Credits")?></a></li><li><a href="index.php?id=8"><?=_("CAcert Board")?></a></li></ul>
|
<ul class="menu" id="misc"><li><a href="news.php"><?=_("CAcert News")?></a></li><li><a href="help.php"><?=_("Howto Information")?></a></li><li><a href="http://wiki.CAcert.org"><?=_("Wiki Documentation")?></li><li><a href="index.php?id=19"><?=_("Point System")?></a></li><li><a href="http://bugs.CAcert.org"><?=_("Bug Database")?></a></li><li><a href="logos.php"><?=_("CAcert Logos")?></a></li><li><a href="stats.php"><?=_("CAcert Statistics")?></a></li><li><a href="revoke.crl"><?=_("CRL")?></a></li><li><a href="http://my.rsscache.com/blog.CAcert.org/feed/"><?=_("RSS News Feed")?></a></li><li><? if($_SESSION['profile']['admin'] == 1) { ?><a href="index.php?id=5"><?=_("OCSP Details")?></a><? } ?></li><li><a href="index.php?id=7"><?=_("Credits")?></a></li><li><a href="index.php?id=8"><?=_("CAcert Board")?></a></li></ul>
|
||||||
</div>
|
</div>
|
||||||
<div class="relatedLinks">
|
<div class="relatedLinks">
|
||||||
<h3 onclick="explode('trans')"><?=_("Translations")?></h3>
|
<h3 onclick="explode('trans')"><?=_("Translations")?></h3>
|
||||||
|
|
@ -116,7 +117,7 @@ if(!function_exists("showfooter"))
|
||||||
<a href="index.php?id=12"><?=_("About Us")?></a> | <a href="index.php?id=13"><?=_("Donations")?></a> |
|
<a href="index.php?id=12"><?=_("About Us")?></a> | <a href="index.php?id=13"><?=_("Donations")?></a> |
|
||||||
<a href="index.php?id=10"><?=_("Privacy Policy")?></a> |
|
<a href="index.php?id=10"><?=_("Privacy Policy")?></a> |
|
||||||
<a href="index.php?id=51"><?=_("Mission Statement")?></a> | <a href="index.php?id=11"><?=_("Contact Us")?></a> |
|
<a href="index.php?id=51"><?=_("Mission Statement")?></a> | <a href="index.php?id=11"><?=_("Contact Us")?></a> |
|
||||||
<a href="index.php?id=19"><?=_("Further Information")?></a> | ©2002-2005 by CAcert</div>
|
©2002-2005 by CAcert</div>
|
||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
</html><?
|
</html><?
|
||||||
|
|
|
||||||
|
|
@ -64,4 +64,18 @@
|
||||||
fclose($smtp);
|
fclose($smtp);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function make_hash()
|
||||||
|
{
|
||||||
|
if(function_exists("dio_open"))
|
||||||
|
{
|
||||||
|
$rnd = dio_open("/dev/urandom",O_RDONLY);
|
||||||
|
$hash = md5(dio_read($rnd,64));
|
||||||
|
dio_close($rnd);
|
||||||
|
} else {
|
||||||
|
$rnd = fopen("/dev/urandom", "r");
|
||||||
|
$hash = md5(fgets($rnd, 64));
|
||||||
|
fclose($rnd);
|
||||||
|
}
|
||||||
|
}
|
||||||
?>
|
?>
|
||||||
|
|
|
||||||
|
|
@ -124,12 +124,7 @@ GetProviderList()
|
||||||
<p>
|
<p>
|
||||||
<form method="post" action="account.php">
|
<form method="post" action="account.php">
|
||||||
<input type="hidden" name="keytype" value="NS">
|
<input type="hidden" name="keytype" value="NS">
|
||||||
<?
|
<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<?=make_hash()?>">
|
||||||
$rnd = fopen("/dev/urandom", "r");
|
|
||||||
$hash = md5(fgets($rnd, 64));
|
|
||||||
fclose($rnd);
|
|
||||||
?>
|
|
||||||
<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<?=$hash?>">
|
|
||||||
|
|
||||||
<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
|
<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
|
||||||
<input type="hidden" name="oldid" value="<?=$id?>">
|
<input type="hidden" name="oldid" value="<?=$id?>">
|
||||||
|
|
|
||||||
|
|
@ -123,12 +123,7 @@ GetProviderList()
|
||||||
<p>
|
<p>
|
||||||
<form method="post" action="account.php">
|
<form method="post" action="account.php">
|
||||||
<input type="hidden" name="keytype" value="NS">
|
<input type="hidden" name="keytype" value="NS">
|
||||||
<?
|
<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<?=make_hash()?>">
|
||||||
$rnd = fopen("/dev/urandom", "r");
|
|
||||||
$hash = md5(fgets($rnd, 64));
|
|
||||||
fclose($rnd);
|
|
||||||
?>
|
|
||||||
<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<?=$hash?>">
|
|
||||||
|
|
||||||
<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
|
<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
|
||||||
<input type="hidden" name="oldid" value="<?=$id?>">
|
<input type="hidden" name="oldid" value="<?=$id?>">
|
||||||
|
|
|
||||||
|
|
@ -271,9 +271,7 @@
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$rnd = fopen("/dev/urandom", "r");
|
$hash = make_hash();
|
||||||
$hash = md5(fgets($rnd, 64));
|
|
||||||
fclose($rnd);
|
|
||||||
$query = "insert into `disputeemail` set `email`='$email',`memid`='".$_SESSION['profile']['id']."',
|
$query = "insert into `disputeemail` set `email`='$email',`memid`='".$_SESSION['profile']['id']."',
|
||||||
`oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='$emailid',
|
`oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='$emailid',
|
||||||
`IP`='".$_SERVER['REMOTE_ADDR']."'";
|
`IP`='".$_SERVER['REMOTE_ADDR']."'";
|
||||||
|
|
@ -407,9 +405,8 @@
|
||||||
$memid = intval($_SESSION['_config']['memid']);
|
$memid = intval($_SESSION['_config']['memid']);
|
||||||
$oldmemid = intval($_SESSION['_config']['oldmemid']);
|
$oldmemid = intval($_SESSION['_config']['oldmemid']);
|
||||||
$domain = mysql_escape_string($_SESSION['_config']['domain']);
|
$domain = mysql_escape_string($_SESSION['_config']['domain']);
|
||||||
$rnd = fopen("/dev/urandom", "r");
|
|
||||||
$hash = md5(fgets($rnd, 64));
|
$hash = make_hash();
|
||||||
fclose($rnd);
|
|
||||||
$query = "insert into `disputedomain` set `domain`='$domain',`memid`='".$_SESSION['profile']['id']."',
|
$query = "insert into `disputedomain` set `domain`='$domain',`memid`='".$_SESSION['profile']['id']."',
|
||||||
`oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='$domainid'";
|
`oldmemid`='$oldmemid',`created`=NOW(),`hash`='$hash',`id`='$domainid'";
|
||||||
mysql_query($query);
|
mysql_query($query);
|
||||||
|
|
|
||||||
|
|
@ -45,47 +45,47 @@
|
||||||
unset($_REQUEST['oldid']);
|
unset($_REQUEST['oldid']);
|
||||||
if($Q1)
|
if($Q1)
|
||||||
{
|
{
|
||||||
$_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes($A1)));
|
$_SESSION['lostpw']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($A1))));
|
||||||
|
|
||||||
if(stripslashes(strtolower($_SESSION['lostpw']['A1'])) == strtolower($_SESSION['lostpw']['user']['A1']))
|
if(stripslashes(strtolower($_SESSION['lostpw']['A1'])) == strtolower($_SESSION['lostpw']['user']['A1']))
|
||||||
$answers++;
|
$answers++;
|
||||||
$body .= "System: ".$_SESSION['lostpw']['user']['A1']."\nEntered: ".stripslashes($_SESSION['lostpw']['A1'])."\n";
|
$body .= "System: ".$_SESSION['lostpw']['user']['A1']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A1']))."\n";
|
||||||
}
|
}
|
||||||
if($Q2)
|
if($Q2)
|
||||||
{
|
{
|
||||||
$_SESSION['lostpw']['A2'] = trim(mysql_escape_string(stripslashes($A2)));
|
$_SESSION['lostpw']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($A2))));
|
||||||
|
|
||||||
if(stripslashes(strtolower($_SESSION['lostpw']['A2'])) == strtolower($_SESSION['lostpw']['user']['A2']))
|
if(stripslashes(strtolower($_SESSION['lostpw']['A2'])) == strtolower($_SESSION['lostpw']['user']['A2']))
|
||||||
$answers++;
|
$answers++;
|
||||||
$body .= "System: ".$_SESSION['lostpw']['user']['A2']."\nEntered: ".stripslashes($_SESSION['lostpw']['A2'])."\n";
|
$body .= "System: ".$_SESSION['lostpw']['user']['A2']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A2']))."\n";
|
||||||
}
|
}
|
||||||
if($Q3)
|
if($Q3)
|
||||||
{
|
{
|
||||||
$_SESSION['lostpw']['A3'] = trim(mysql_escape_string(stripslashes($A3)));
|
$_SESSION['lostpw']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($A3))));
|
||||||
|
|
||||||
if(stripslashes(strtolower($_SESSION['lostpw']['A3'])) == strtolower($_SESSION['lostpw']['user']['A3']))
|
if(stripslashes(strtolower($_SESSION['lostpw']['A3'])) == strtolower($_SESSION['lostpw']['user']['A3']))
|
||||||
$answers++;
|
$answers++;
|
||||||
$body .= "System: ".$_SESSION['lostpw']['user']['A3']."\nEntered: ".stripslashes($_SESSION['lostpw']['A3'])."\n";
|
$body .= "System: ".$_SESSION['lostpw']['user']['A3']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A3']))."\n";
|
||||||
}
|
}
|
||||||
if($Q4)
|
if($Q4)
|
||||||
{
|
{
|
||||||
$_SESSION['lostpw']['A4'] = trim(mysql_escape_string(stripslashes($A4)));
|
$_SESSION['lostpw']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($A4))));
|
||||||
|
|
||||||
if(stripslashes(strtolower($_SESSION['lostpw']['A4'])) == strtolower($_SESSION['lostpw']['user']['A4']))
|
if(stripslashes(strtolower($_SESSION['lostpw']['A4'])) == strtolower($_SESSION['lostpw']['user']['A4']))
|
||||||
$answers++;
|
$answers++;
|
||||||
$body .= "System: ".$_SESSION['lostpw']['user']['A4']."\nEntered: ".stripslashes($_SESSION['lostpw']['A4'])."\n";
|
$body .= "System: ".$_SESSION['lostpw']['user']['A4']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A4']))."\n";
|
||||||
}
|
}
|
||||||
if($Q5)
|
if($Q5)
|
||||||
{
|
{
|
||||||
$_SESSION['lostpw']['A5'] = trim(mysql_escape_string(stripslashes($A5)));
|
$_SESSION['lostpw']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($A5))));
|
||||||
|
|
||||||
if(stripslashes(strtolower($_SESSION['lostpw']['A5'])) == strtolower($_SESSION['lostpw']['user']['A5']))
|
if(stripslashes(strtolower($_SESSION['lostpw']['A5'])) == strtolower($_SESSION['lostpw']['user']['A5']))
|
||||||
$answers++;
|
$answers++;
|
||||||
$body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".stripslashes($_SESSION['lostpw']['A5'])."\n";
|
$body .= "System: ".$_SESSION['lostpw']['user']['A5']."\nEntered: ".stripslashes(strip_tags($_SESSION['lostpw']['A5']))."\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
$_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes($_REQUEST['newpass1'])));
|
$_SESSION['lostpw']['pw1'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass1']))));
|
||||||
$_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes($_REQUEST['newpass2'])));
|
$_SESSION['lostpw']['pw2'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['newpass2']))));
|
||||||
|
|
||||||
if($answers < $_SESSION['lostpw']['total'] || $answers < 1)
|
if($answers < $_SESSION['lostpw']['total'] || $answers < 1)
|
||||||
{
|
{
|
||||||
|
|
@ -123,7 +123,7 @@
|
||||||
|
|
||||||
if($_REQUEST['oldid'] == 5 && $_REQUEST['process'] != "")
|
if($_REQUEST['oldid'] == 5 && $_REQUEST['process'] != "")
|
||||||
{
|
{
|
||||||
$email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes($_REQUEST['email'])));
|
$email = $_SESSION['lostpw']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
|
||||||
$_SESSION['lostpw']['day'] = intval($day);
|
$_SESSION['lostpw']['day'] = intval($day);
|
||||||
$_SESSION['lostpw']['month'] = intval($month);
|
$_SESSION['lostpw']['month'] = intval($month);
|
||||||
$_SESSION['lostpw']['year'] = intval($year);
|
$_SESSION['lostpw']['year'] = intval($year);
|
||||||
|
|
@ -174,8 +174,8 @@
|
||||||
|
|
||||||
$_SESSION['_config']['errmsg'] = "";
|
$_SESSION['_config']['errmsg'] = "";
|
||||||
|
|
||||||
$email = mysql_escape_string(stripslashes(trim($_REQUEST['email'])));
|
$email = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['email']))));
|
||||||
$pword = mysql_escape_string(stripslashes(trim($_REQUEST['pword'])));
|
$pword = mysql_escape_string(stripslashes(strip_tags(trim($_REQUEST['pword']))));
|
||||||
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
|
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
|
||||||
`password`=password('$pword')) and `verified`=1 and `deleted`=0";
|
`password`=password('$pword')) and `verified`=1 and `deleted`=0";
|
||||||
$res = mysql_query($query);
|
$res = mysql_query($query);
|
||||||
|
|
@ -231,26 +231,26 @@
|
||||||
|
|
||||||
$_SESSION['_config']['errmsg'] = "";
|
$_SESSION['_config']['errmsg'] = "";
|
||||||
|
|
||||||
$_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes($_REQUEST['email'])));
|
$_SESSION['signup']['email'] = trim(mysql_escape_string(stripslashes(strip_tags($_REQUEST['email']))));
|
||||||
$_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes($fname)));
|
$_SESSION['signup']['fname'] = trim(mysql_escape_string(stripslashes(strip_tags($fname))));
|
||||||
$_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes($mname)));
|
$_SESSION['signup']['mname'] = trim(mysql_escape_string(stripslashes(strip_tags($mname))));
|
||||||
$_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes($lname)));
|
$_SESSION['signup']['lname'] = trim(mysql_escape_string(stripslashes(strip_tags($lname))));
|
||||||
$_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes($suffix)));
|
$_SESSION['signup']['suffix'] = trim(mysql_escape_string(stripslashes(strip_tags($suffix))));
|
||||||
$_SESSION['signup']['day'] = intval($day);
|
$_SESSION['signup']['day'] = intval($day);
|
||||||
$_SESSION['signup']['month'] = intval($month);
|
$_SESSION['signup']['month'] = intval($month);
|
||||||
$_SESSION['signup']['year'] = intval($year);
|
$_SESSION['signup']['year'] = intval($year);
|
||||||
$_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes($pword1)));
|
$_SESSION['signup']['pword1'] = trim(mysql_escape_string(stripslashes(strip_tags($pword1))));
|
||||||
$_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes($pword2)));
|
$_SESSION['signup']['pword2'] = trim(mysql_escape_string(stripslashes(strip_tags($pword2))));
|
||||||
$_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes($Q1)));
|
$_SESSION['signup']['Q1'] = trim(mysql_escape_string(stripslashes(strip_tags($Q1))));
|
||||||
$_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes($Q2)));
|
$_SESSION['signup']['Q2'] = trim(mysql_escape_string(stripslashes(strip_tags($Q2))));
|
||||||
$_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes($Q3)));
|
$_SESSION['signup']['Q3'] = trim(mysql_escape_string(stripslashes(strip_tags($Q3))));
|
||||||
$_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes($Q4)));
|
$_SESSION['signup']['Q4'] = trim(mysql_escape_string(stripslashes(strip_tags($Q4))));
|
||||||
$_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes($Q5)));
|
$_SESSION['signup']['Q5'] = trim(mysql_escape_string(stripslashes(strip_tags($Q5))));
|
||||||
$_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes($A1)));
|
$_SESSION['signup']['A1'] = trim(mysql_escape_string(stripslashes(strip_tags($A1))));
|
||||||
$_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes($A2)));
|
$_SESSION['signup']['A2'] = trim(mysql_escape_string(stripslashes(strip_tags($A2))));
|
||||||
$_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes($A3)));
|
$_SESSION['signup']['A3'] = trim(mysql_escape_string(stripslashes(strip_tags($A3))));
|
||||||
$_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes($A4)));
|
$_SESSION['signup']['A4'] = trim(mysql_escape_string(stripslashes(strip_tags($A4))));
|
||||||
$_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes($A5)));
|
$_SESSION['signup']['A5'] = trim(mysql_escape_string(stripslashes(strip_tags($A5))));
|
||||||
$_SESSION['signup']['general'] = intval($_POST['general']);
|
$_SESSION['signup']['general'] = intval($_POST['general']);
|
||||||
$_SESSION['signup']['country'] = intval($_POST['country']);
|
$_SESSION['signup']['country'] = intval($_POST['country']);
|
||||||
$_SESSION['signup']['regional'] = intval($_POST['regional']);
|
$_SESSION['signup']['regional'] = intval($_POST['regional']);
|
||||||
|
|
@ -333,9 +333,7 @@
|
||||||
|
|
||||||
if($id == 2)
|
if($id == 2)
|
||||||
{
|
{
|
||||||
$rnd = fopen("/dev/urandom", "r");
|
$hash = make_hash();
|
||||||
$hash = md5(fgets($rnd, 64));
|
|
||||||
fclose($rnd);
|
|
||||||
|
|
||||||
$query = "insert into `users` set `email`='".$_SESSION['signup']['email']."',
|
$query = "insert into `users` set `email`='".$_SESSION['signup']['email']."',
|
||||||
`password`=sha1('".$_SESSION['signup']['pword1']."'),
|
`password`=sha1('".$_SESSION['signup']['pword1']."'),
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue