gitphp 0.2.9.1 :: contractdashboard.git/blob

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211	<?PHP error_reporting (E_ALL ^E_NOTICE); require_once("./inc/functions.inc.php"); require_once("./data/config.php"); require_once("./skins/${config_skin}.skin.php"); // Check if CuteNews is not installed $all_users_db = file("./data/users.db.php"); $check_users = $all_users_db; $check_users[1] = trim($check_users[1]); $check_users[2] = trim($check_users[2]); if((!$check_users[2] or $check_users[2] == "") and (!$check_users[1] or $check_users[1] == "")){ if(!file_exists("./inc/install.mdu")){ die('<h2>Error!</h2>CuteNews detected that you do not have users in your users.db.php file and wants to run the install module.<br> However, the install module (<b>./inc/install.mdu</b>) can not be located, please reupload this file and make sure you set the proper permissions so the installation can continue.'); } msg("info", "CuteNews Not Installed", "CuteNews is not properly installed (users missing) <a href=index.php>go to index.php</a>"); } $register_level = $config_registration_level; if($action == "doregister"){ if($config_allow_registration != "yes"){ msg("error","Error", "User registration is Disabled"); } if(!$regusername){ msg("error","Error !!!", "Username can not be blank"); } if(!$regpassword){ msg("error","Error !!!", "Password can not be blank"); } if(!$regemail) { msg("error","Error !!!", "Email can not be blank"); } $regusername = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\\|'"), array("", "", "", "", ""), $regusername); $regnickname = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\\|'"), array("", "", "", "", ""), $regnickname); $regemail = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\\|'"), array("", "", "", "", ""), $regemail); $regpassword = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\\|'"), array("", "", "", "", ""), $regpassword); if(!preg_match("/^[\.A-z0-9_\-]{1,15}$/i", $regusername)){ msg("error","Error !!!", "$regusername Your username must only contain valid characters, numbers and the symbol '_'"); } if(!preg_match("/^[\.A-z0-9_\-]{1,15}$/i", $regnickname)){ msg("error","Error !!!", "Your nickname must only contain valid characters, numbers and the symbol '_'"); } if(!preg_match("/^[\.A-z0-9_\-]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[A-z]{1,4}$/", $regemail)){ msg("error","Error !!!", "Not valid Email."); } if(!preg_match("/^[\.A-z0-9_\-]{1,15}$/i", $regpassword)){ msg("error","Error !!!", "Your password must conatain only valid characters and numbers"); } $all_users = file("./data/users.db.php"); foreach($all_users as $user_line) { $user_arr = explode("\|", $user_line); if($user_arr[2] == $regusername){ msg("error", "Error", "This username is already taken"); } } $add_time = time()+($config_date_adjust60); $regpassword = md5($regpassword); $old_users_file = file("./data/users.db.php"); $new_users_file = fopen("./data/users.db.php", "a"); fwrite($new_users_file, "$add_time\|$register_level\|$regusername\|$regpassword\|$regnickname\|$regemail\|0\|0\|\|\|\|\n"); fclose($new_users_file); if($config_notify_registration == "yes" and $config_notify_status == "active"){ send_mail("$config_notify_email", "CuteNews - New User Registered", "New user ($regusername) has just registered:\nUsername: $regusername\nNickname: $regnickname\nEmail: $regemail\n "); } msg("user", "User Added", "You were successfully added to users database.<br>You can now login <a href=index.php>here</a>"); }elseif($action == "lostpass"){ echoheader("user","Lost Password"); echo"<form method=post action=\"$PHP_SELF\"><table border=0 cellpading=0 cellspacing=0 width=\"654\" height=\"59\" > <td width=\"18\" height=\"11\"> <td width=\"71\" height=\"11\" align=\"left\"> Username<td width=\"203\" height=\"11\" align=\"left\"> <input type=text name=user seize=20> <td width=\"350\" height=\"26\" align=\"left\" rowspan=\"2\" valign=\"middle\"> If the username and email match in our users database,<br> and email with furher instructions will be sent to you. <tr> <td width=\"18\" valign=\"top\" height=\"15\"> <td width=\"71\" height=\"15\" align=\"left\"> Email <td width=\"203\" height=\"15\" align=\"left\"> <input type=text name=email size=\"20\"> </tr> <tr> <td width=\"18\" valign=\"top\" height=\"15\"> <td width=\"628\" height=\"15\" align=\"left\" colspan=\"3\">   </tr> <tr> <td width=\"18\" valign=\"top\" height=\"15\"> <td width=\"628\" height=\"15\" align=\"left\" colspan=\"3\"> <input type=submit value=\"Send me the Confirmation\"> </tr> <input type=hidden name=action value=validate> <input type=hidden name=mod value=lostpass> <tr> <td width=\"18\" height=\"27\"> <td width=\"632\" height=\"27\" colspan=\"3\"> </tr></table></form>"; echofooter(); }elseif($action == "validate"){ if(!isset($user) or !$user or $user == '' or !isset($email) or !$email or $email == ''){ msg("error", "Error !!!", "All the fields are required"); } $found = FALSE; $all_users = file("./data/users.db.php"); foreach($all_users as $user_line){ $user_arr = explode("\|", $user_line); if($user_arr[2] == $user and $user_arr[5] == $email){ $sstring = "${user_arr[0]}${user_arr[3]}"; $found = TRUE; break;} } if(!$found){ msg("error", "Error !!!", "The username/email you enter did not match in our users database"); } else{ $confirm_url = "$config_http_script_dir/register.php?a=dsp&s=$sstring"; $message = "Hi,\n Someone requested your password to be changed, if this is the desired action and you want to change your password please follow this link: $confirm_url ."; mail("$email", "Confirmation ( New Password for CuteNews )", $message, "From: no-reply@$SERVER_NAME\r\n" ."X-Mailer: PHP/" . phpversion()) or die("can not send mail"); msg('info','Confirmation Email',"A confirmation email was sent, please check your inbox for further details."); } //Do Send Password }elseif($a == "dsp"){ if($s == "" or !$s){ msg("error", "Error !!!", "All fields are required"); } $found = FALSE; $all_users = file("./data/users.db.php"); foreach($all_users as $user_line){ $user_arr = explode("\|", $user_line); if($s == "${user_arr[0]}${user_arr[3]}"){ $found = TRUE; break;} } if(!$found){ msg("error", "Error !!!", "invalid string"); } else{ $salt = "abchefghjkmnpqrstuvwxyz0123456789"; srand((double)microtime()1000000); for($i=0;$i<9;$i++){ $new_pass .= $salt{rand(0,33)}; } $md5_pass = md5($new_pass); $old_db = file("./data/users.db.php"); $new_db = fopen("./data/users.db.php", w); foreach($old_db as $old_db_line){ $old_db_arr = explode("\|", $old_db_line); if($s != "${old_db_arr[0]}${old_db_arr[3]}"){ fwrite($new_db,"$old_db_line"); }else{ fwrite($new_db,"$old_db_arr[0]\|$old_db_arr[1]\|$old_db_arr[2]\|$md5_pass\|$old_db_arr[4]\|$old_db_arr[5]\|$old_db_arr[6]\|$old_db_arr[7]\|\|\|\n"); } } fclose($new_db); $message = "Hi $user_arr[2],\n Your new password for CuteNews is $new_pass, please after you login change this password."; mail("$user_arr[5]", "Your New Password for CuteNews", $message, "From: no-reply@$SERVER_NAME\r\n" ."X-Mailer: PHP/" . phpversion()) or die("can not send mail"); msg("info", "Password Sent", "The new password for <b> $user_arr[2]</b> was sent to the email."); } }else{ if($config_allow_registration != "yes"){ msg("error","Error", "User registration is Disabled"); } echoheader("user", "User Registration"); echo<<<HTML <table leftmargin=0 marginheight=0 marginwidth=0 topmargin=0 border=0 height=100% cellspacing=0> <form name=login action="$PHP_SELF" method=post> <tr> <td width=80>Username: </td> <td><input tabindex=1 type=text name=regusername style="width:134" size="20"></td> </tr> <tr> <td width=80>Nickname: </td> <td><input tabindex=1 type=text name=regnickname style="width:134" size="20"></td> </tr> <tr> <td width=80>Password: </td> <td><input tabindex=1 type=text name=regpassword style="width:134" size="20"></td> </tr> <tr> <td width=80>Email: </td> <td><input tabindex=1 type=text name=regemail style="width:134" size="20"></td> </tr> <tr> <td></td> <td ><input accesskey="s" type=submit style="background-color: #F3F3F3;" value='Register'></td> </tr> <tr> <td align=center colspan=2>$result</td> </tr> <input type=hidden name=action value=doregister> </form> </table> HTML; echofooter(); } ?>

<?PHP
 
 
 
error_reporting (E_ALL ^E_NOTICE);
require_once("./inc/functions.inc.php");
require_once("./data/config.php");
require_once("./skins/${config_skin}.skin.php");
 
 
 
// Check if CuteNews is not installed
$all_users_db = file("./data/users.db.php");
$check_users = $all_users_db;
$check_users[1] = trim($check_users[1]);
$check_users[2] = trim($check_users[2]);
if((!$check_users[2] or $check_users[2] == "") and (!$check_users[1] or $check_users[1] == "")){
    if(!file_exists("./inc/install.mdu")){ die('<h2>Error!</h2>CuteNews detected that you do not have users in your users.db.php file and wants to run the install module.<br>
    However, the install module (<b>./inc/install.mdu</b>) can not be located, please reupload this file and make sure you set the proper permissions so the installation can continue.'); }
 
        msg("info", "CuteNews Not Installed", "CuteNews is not properly installed (users missing) <a href=index.php>go to index.php</a>");
}
 
 
$register_level = $config_registration_level;
 
if($action == "doregister"){
        if($config_allow_registration != "yes"){  msg("error","Error", "User registration is Disabled"); }
        if(!$regusername){ msg("error","Error !!!", "Username can not be blank"); }
        if(!$regpassword){ msg("error","Error !!!", "Password can not be blank"); }
        if(!$regemail)         { msg("error","Error !!!", "Email can not be blank"); }
 
    $regusername        = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\|'"), array("", "", "", "", ""), $regusername);
    $regnickname        = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\|'"), array("", "", "", "", ""), $regnickname);
    $regemail           = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\|'"), array("", "", "", "", ""), $regemail);
    $regpassword        = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\|'"), array("", "", "", "", ""), $regpassword);
 
    if(!preg_match("/^[\.A-z0-9_\-]{1,15}$/i", $regusername)){ msg("error","Error !!!", "$regusername Your username must only contain valid characters, numbers and the symbol '_'"); }
    if(!preg_match("/^[\.A-z0-9_\-]{1,15}$/i", $regnickname)){ msg("error","Error !!!", "Your nickname must only contain valid characters, numbers and the symbol '_'"); }
    if(!preg_match("/^[\.A-z0-9_\-]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[A-z]{1,4}$/", $regemail)){ msg("error","Error !!!", "Not valid Email."); }
    if(!preg_match("/^[\.A-z0-9_\-]{1,15}$/i", $regpassword)){ msg("error","Error !!!", "Your password must conatain only valid characters and numbers"); }
 
    $all_users = file("./data/users.db.php");
    foreach($all_users as $user_line)
    {
                $user_arr = explode("|", $user_line);
        if($user_arr[2] == $regusername){ msg("error", "Error", "This username is already taken"); }
    }
 
        $add_time = time()+($config_date_adjust*60);
        $regpassword = md5($regpassword);
 
        $old_users_file = file("./data/users.db.php");
        $new_users_file = fopen("./data/users.db.php", "a");
                fwrite($new_users_file, "$add_time|$register_level|$regusername|$regpassword|$regnickname|$regemail|0|0||||\n");
        fclose($new_users_file);
 
        if($config_notify_registration == "yes" and $config_notify_status == "active"){
           send_mail("$config_notify_email", "CuteNews - New User Registered", "New user ($regusername) has just registered:\nUsername: $regusername\nNickname: $regnickname\nEmail: $regemail\n ");
        }
 
        msg("user", "User Added", "You were successfully added to users database.<br>You can now login <a href=index.php>here</a>");
 
 
}elseif($action == "lostpass"){
 
    echoheader("user","Lost Password");
 
    echo"<form method=post action=\"$PHP_SELF\"><table border=0 cellpading=0 cellspacing=0 width=\"654\" height=\"59\" >
    <td width=\"18\" height=\"11\">
    <td width=\"71\" height=\"11\" align=\"left\">
 
    Username<td width=\"203\" height=\"11\" align=\"left\">
        <input type=text name=user seize=20>
    <td width=\"350\" height=\"26\" align=\"left\" rowspan=\"2\" valign=\"middle\">
        If the username and email match in our users database,<br> and email with furher instructions will be sent to you.
        <tr>
        <td width=\"18\" valign=\"top\" height=\"15\">
          <td width=\"71\" height=\"15\" align=\"left\">
          Email
          <td width=\"203\" height=\"15\" align=\"left\">
 
        <input type=text name=email size=\"20\">
 
        </tr>
        <tr>
          <td width=\"18\" valign=\"top\" height=\"15\">
          <td width=\"628\" height=\"15\" align=\"left\" colspan=\"3\">
          &nbsp;
 
        </tr>
        <tr>
          <td width=\"18\" valign=\"top\" height=\"15\">
          <td         width=\"628\" height=\"15\" align=\"left\" colspan=\"3\">
          <input type=submit value=\"Send me the Confirmation\">
        </tr>
        <input type=hidden name=action value=validate>
        <input type=hidden name=mod value=lostpass>
        <tr>
        <td width=\"18\" height=\"27\">
        <td width=\"632\" height=\"27\" colspan=\"3\">
        </tr></table></form>";
 
    echofooter();
 
}elseif($action == "validate"){
 
if(!isset($user) or !$user or $user == '' or !isset($email) or !$email or $email == ''){ msg("error", "Error !!!", "All the fields are required"); }
 
    $found = FALSE;
    $all_users = file("./data/users.db.php");
    foreach($all_users as $user_line){
            $user_arr = explode("|", $user_line);
            if($user_arr[2] == $user and $user_arr[5] == $email){ $sstring = "${user_arr[0]}${user_arr[3]}"; $found = TRUE; break;}
    }
    if(!$found){ msg("error", "Error !!!", "The username/email you enter did not match in our users database"); }
        else{
 
             $confirm_url = "$config_http_script_dir/register.php?a=dsp&s=$sstring";
             $message = "Hi,\n Someone requested your password to be changed, if this is the desired action and you want to change your password please follow this link: $confirm_url .";
 
 
             mail("$email", "Confirmation ( New Password for CuteNews )", $message,
             "From: no-reply@$SERVER_NAME\r\n"
            ."X-Mailer: PHP/" . phpversion()) or die("can not send mail");
 
             msg('info','Confirmation Email',"A confirmation email was sent, please check your inbox for further details.");
        }
 
 
//Do Send Password
}elseif($a == "dsp"){
 
    if($s == "" or !$s){ msg("error", "Error !!!", "All fields are required"); }
    $found = FALSE;
    $all_users = file("./data/users.db.php");
    foreach($all_users as $user_line){
            $user_arr = explode("|", $user_line);
        if($s == "${user_arr[0]}${user_arr[3]}"){ $found = TRUE; break;}
    }
    if(!$found){ msg("error", "Error !!!", "invalid string"); }
        else{
 
                $salt = "abchefghjkmnpqrstuvwxyz0123456789";
                srand((double)microtime()*1000000);
                for($i=0;$i<9;$i++){
                        $new_pass .= $salt{rand(0,33)};
                }
        $md5_pass = md5($new_pass);
 
        $old_db = file("./data/users.db.php");
            $new_db = fopen("./data/users.db.php", w);
            foreach($old_db as $old_db_line){
                $old_db_arr = explode("|", $old_db_line);
                if($s != "${old_db_arr[0]}${old_db_arr[3]}"){
                        fwrite($new_db,"$old_db_line");
                }else{
                        fwrite($new_db,"$old_db_arr[0]|$old_db_arr[1]|$old_db_arr[2]|$md5_pass|$old_db_arr[4]|$old_db_arr[5]|$old_db_arr[6]|$old_db_arr[7]|||\n");
                }
            }
            fclose($new_db);
 
        $message = "Hi $user_arr[2],\n Your new password for CuteNews is $new_pass, please after you login change this password.";
 
        mail("$user_arr[5]", "Your New Password for CuteNews", $message,
             "From: no-reply@$SERVER_NAME\r\n"
            ."X-Mailer: PHP/" . phpversion()) or die("can not send mail");
 
 
        msg("info", "Password Sent", "The new password for <b> $user_arr[2]</b> was sent to the email.");
    }
 
}else{
if($config_allow_registration != "yes"){  msg("error","Error", "User registration is Disabled"); }
        echoheader("user", "User Registration");
 
echo<<<HTML
    <table leftmargin=0 marginheight=0 marginwidth=0 topmargin=0 border=0 height=100% cellspacing=0>
     <form  name=login action="$PHP_SELF" method=post>
     <tr>
       <td width=80>Username: </td>
       <td><input tabindex=1 type=text name=regusername  style="width:134" size="20"></td>
     </tr>
     <tr>
       <td width=80>Nickname: </td>
       <td><input tabindex=1 type=text name=regnickname  style="width:134" size="20"></td>
     </tr>
     <tr>
       <td width=80>Password: </td>
       <td><input tabindex=1 type=text name=regpassword  style="width:134" size="20"></td>
     </tr>
     <tr>
       <td width=80>Email: </td>
       <td><input tabindex=1 type=text name=regemail  style="width:134" size="20"></td>
     </tr>
      <tr>
       <td></td>
       <td ><input accesskey="s" type=submit style="background-color: #F3F3F3;" value='Register'></td>
      </tr>
      <tr>
       <td align=center colspan=2>$result</td>
      </tr>
     <input type=hidden name=action value=doregister>
     </form>
    </table>
HTML;
 
        echofooter();
 
}
?>