forked from yunasc/tbdev
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrecover.php
More file actions
163 lines (136 loc) · 7.64 KB
/
Copy pathrecover.php
File metadata and controls
163 lines (136 loc) · 7.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
<?
/*
// +--------------------------------------------------------------------------+
// | Project: TBDevYSE - TBDev Yuna Scatari Edition |
// +--------------------------------------------------------------------------+
// | This file is part of TBDevYSE. TBDevYSE is based on TBDev, |
// | originally by RedBeard of TorrentBits, extensively modified by |
// | Gartenzwerg. |
// | |
// | TBDevYSE is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation; either version 2 of the License, or |
// | (at your option) any later version. |
// | |
// | TBDevYSE is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with TBDevYSE; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
// +--------------------------------------------------------------------------+
// | Do not remove above lines! |
// +--------------------------------------------------------------------------+
*/
require "include/bittorrent.php";
dbconn();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($use_captcha) {
$b = get_row_count("captcha", "WHERE imagehash = ".sqlesc($_POST["imagehash"], true)." AND imagestring = ".sqlesc($_POST["imagestring"], true));
sql_query("DELETE FROM captcha WHERE imagehash = ".sqlesc($_POST["imagehash"], true)) or sqlerr(__FILE__,__LINE__);
if ($b == 0)
stderr("Îøèáêà", "Âû ââåëè íåïðàâèëüíûé êîä ïîäòâåðæäåíèÿ.");
}
$email = trim($_POST["email"]);
if (!$email)
stderr($tracker_lang['error'], "Âû äîëæíû ââåñòè email àäðåñ");
$res = sql_query("SELECT * FROM users WHERE email = " . sqlesc($email) . " LIMIT 1") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res) or stderr($tracker_lang['error'], "Email àäðåñ íå íàéäåí â áàçå äàííûõ.\n");
$sec = mksecret();
sql_query("UPDATE users SET editsecret = " . sqlesc($sec) . " WHERE id = " . $arr["id"]) or sqlerr(__FILE__, __LINE__);
if (!mysql_affected_rows())
stderr($tracker_lang['error'], "Îøèáêà áàçû äàííûõ. Ñâÿæèòåñü ñ àäìèíèñòðàòîðîì îòíîñèòåëüíî ýòîé îøèáêè.");
// Çàùèòà îò êîçëîâ ÷òî ââåëè ïî÷òó ñ ðàçíûì ðåãèñòðîì ò.å íå ïðîõîäèëî âîññòàíîâëåíèå ïàðîëÿ åñëè ó ïîëüçîâàòåëÿ â áàçå ïî÷òà íàïðèìåð
// Kabum@gmail.com
// òîãäà êàê ïðè âîññòàíîâëåíèè îí ââîäèë kabum@gmail.com
// ðåçóëüòàòîì áûëî íåâîçìîæíîñòü âîññòàíîâèòü ïàðîëü
$email = $arr['email'];
$hash = md5($sec . $email . $arr["passhash"] . $sec);
$body = <<<EOD
Âû, èëè êòî-òî äðóãîé, çàïðîñèëè íîâûé ïàðîëü ê àêêàóíòó ñâÿçàíîìó ñ ýòèì àäðåñîì ($email).
Çàïðîñ áûë ïîñëàí ÷åëîâåêîì ñ IP àäðåñîì {$_SERVER["REMOTE_ADDR"]}.
Åñëè ýòî áûëè íå âû, ïðîèãíîðèðóéòå ýòî ïèñüìî. Ïîæàëóñòà íå îòâå÷àéòå.
Åñëè âû ïîäòâåðæäàåòå ýòîò çàïðîñ, ïåðåéäèòå ïî ñëåäóþùåé ññûëêå:
$DEFAULTBASEURL/recover.php?id={$arr["id"]}&secret=$hash
Ïîñëå òîãî êàê âû ýòî ñäåëàåòå, âàø ïàðîëü áóäåò ñáðîøåí è íîâûé ïàðîëü áóäåò îòïðàâëåí âàì íà E-Mail.
--
$SITENAME
EOD;
sent_mail($arr["email"],$SITENAME,$SITEEMAIL,"Ïîäòâåðæäåíèå âîññòàíîâëåíèÿ ïàðîëÿ íà $SITENAME",$body)
or stderr($tracker_lang['error'], "Íåâîçìîæíî îòïðàâèòü E-mail. Ïîæàëóñòà ñîîáùèòå àäìèíèñòðàöèè îá îøèáêå.");
stderr($tracker_lang['success'], "Ïîäòâåðæäàþùåå ïèñüìî áûëî îòïðàâëåíî.\n" .
" ×åðåç íåñêîëüêî ìèíóò (îáû÷íî ñðàçó) âàì ïðèéäåò ïèñüìî ñ äàëüíåéøèìè óêàçàíèÿìè.");
} elseif ($_GET) {
$id = intval($_GET["id"]);
$md5 = $_GET["secret"];
if (!$id)
httperr();
$res = sql_query("SELECT username, email, passhash, editsecret FROM users WHERE id = $id");
$arr = mysql_fetch_array($res) or httperr();
$email = $arr["email"];
$sec = $arr["editsecret"];
if (preg_match('/^ *$/s', $sec))
httperr();
if ($md5 != md5($sec . $email . $arr["passhash"] . $sec))
httperr();
// generate new password;
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$newpassword = "";
for ($i = 0; $i < 10; $i++)
$newpassword .= $chars[mt_rand(0, strlen($chars) - 1)];
$sec = mksecret();
$newpasshash = md5($sec . $newpassword . $sec);
sql_query("UPDATE users SET secret = " . sqlesc($sec) . ", editsecret = '', passhash= " . sqlesc($newpasshash) . " WHERE id = $id AND editsecret = " . sqlesc($arr["editsecret"]));
if (!mysql_affected_rows())
stderr($tracker_lang['error'], "Íåâîçìîæíî îáíîâèòü äàííûå ïîëüçîâàòåëÿ. Ïîæàëóñòà ñâÿæèòåñü ñ àäìèíèñòðàòîðîì îòíîñèòåëüíî ýòîé îøèáêè.");
$body = <<<EOD
Ïî âàøåìó çàïðîñó íà âîññòàíîâëåíèå ïàðîëÿ, âû ñãåíåðèðîâàëè âàì íîâûé ïàðîëü.
Âîò âàøè íîâûå äàííûå äëÿ ýòîãî àêêàóíòà:
Ïîëüçîâàòåëü: {$arr["username"]}
Ïàðîëü: $newpassword
Âû ìîæåòå âîéòè íà ñàéò òóò: $DEFAULTBASEURL/login.php
--
$SITENAME
EOD;
sent_mail($email,$SITENAME,$SITEEMAIL,"Äàííûå àêêàóíòà íà $SITENAME",$body)
or stderr($tracker_lang['error'], "Íåâîçìîæíî îòïðàâèòü E-mail. Ïîæàëóñòà ñîîáùèòå àäìèíèñòðàöèè îá îøèáêå.");
stderr($tracker_lang['success'], "Íîâûå äàííûå ïî àêêàóíòó îòïðàâëåíû íà E-Mail <b>$email</b>.\n" .
"×åðåç íåñêîëüêî ìèíóò (îáû÷íî ñðàçó) âû ïîëó÷èòå âàøè íîâûå äàííûå.");
} else {
stdhead("Âîññòàíîâëåíèå ïàðîëÿ");
?>
<form method="post" action="recover.php">
<table border="1" cellspacing="0" cellpadding="5">
<tr><td class="colhead" colspan="2">Âîññòàíîâëåíèå èìåíè ïîëüçîâàòåëÿ èëè ïàðîëÿ</td></tr>
<tr><td colspan="2">Èñïîëüçóéòå ôîðìó íèæå äëÿ âîñòàíîâëåíèÿ ïàðîëÿ<br /> è âàøè äàííûå áóäóò îòïðàâëåíû âàì íà ïî÷òó.<br /><br />
Âû äîëæíû áóäåòå ïîäòâåðäèòü çàïðîñ.</td></tr>
<tr><td class="rowhead">Çàðåãèñòðèðîâàíûé email</td>
<td><input type="text" size="40" name="email"></td></tr>
<?
if ($use_captcha) {
include_once("include/captcha.php");
$hash = create_captcha();
tr("Êîä ïîäòâåðæäåíèÿ", "<input type=\"text\" name=\"imagestring\" size=\"20\" value=\"\" />
<p>Ïîæàëóéñòà, ââåäèòå òåêñò èçîáðàæåííûé íà êàðòèíêå âíèçó.<br />Ýòîò ïðîöåññ ïðåäîòâðàùàåò àâòîìàòè÷åñêóþ ðåãèñòðàöèþ.</p>
<table>
<tr>
<td class=\"block\" rowspan=\"2\">
<img id=\"captcha\" src=\"captcha.php?imagehash=$hash\" alt=\"Captcha\" ondblclick=\"document.getElementById('captcha').src = 'captcha.php?imagehash=$hash&' + Math.random();\" />
</td>
<td class=\"block\"><img src=\"themes/$ss_uri/images/reload.gif\" style=\"cursor: pointer;\" onclick=\"document.getElementById('captcha').src = 'captcha.php?imagehash=$hash&' + Math.random();\" /></td>
</tr>
<tr>
<td class=\"block\"><a href=\"captcha_mp3.php?imagehash=$hash\"><img src=\"themes/$ss_uri/images/listen.gif\" style=\"cursor: pointer;\" border=\"0\" /></a></td>
</tr>
</table>
<font color=\"red\">Êîä ÷óâñòâèòåëåí ê ðåãèñòðó</font><br />Êëèêíèòå äâà ðàçà íà êàðòèíêå, ÷òî-áû îáíîâèòü êàðòèíêó.<input type=\"hidden\" name=\"imagehash\" value=\"$hash\" />", 1);
}
?>
<tr><td colspan="2" align="center"><input type="submit" value="Âîññòàíîâèòü"></td></tr>
</table>
<?
stdfoot();
}
?>