Code:
$subject="Failed login";
$msg = "Security alert\n Account: ID=".$row['id']." Somebody (probably you, ".$username." !) tried to login but failed!". "\nTheir Ip Address was : ". $ip . "\n If this wasn't you please report this event to a {$TBDEV['site_name']} staff member\n - Thank you.\n";
$sql = "INSERT INTO messages (sender, receiver, msg, subject, added) VALUES('System', '$to', ". sqlesc($msg).", ". sqlesc($subject).", $added);";
$res = sql_query($sql) or sqlerr(__FILE__, __LINE__);
stderr("Login failed !", "<b>Error</b>: Username or password entry incorrect <br />Have you forgotten your password? <a href='{$TBDEV['baseurl']}/resetpw.php'><b>Recover</b></a> your password !");
bark();
Code:
if ($fail[0] == 0)
sql_query("INSERT INTO failedlogins (ip, added, attempts) VALUES ($ip, $added, 1)") or sqlerr(__FILE__, __LINE__);
else
sql_query("UPDATE failedlogins SET attempts = attempts + 1 where ip=$ip") or sqlerr(__FILE__, __LINE__);
Code:
// check if email addy is already in use
$a = (@mysql_fetch_row(@sql_query("select count(*) from users where email='$email'"))) or die(mysql_error());
if ($a[0] != 0)
stderr($lang['takesignup_user_error'], $lang['takesignup_email_used']);
Code:
$res = @mysql_query("SELECT passhash, editsecret, status FROM users WHERE id = $id");
$row = @mysql_fetch_assoc($res);
if (!$row)
stderr("{$lang['confirm_user_error']}", "{$lang['confirm_invalid_id']}");
if ($row['status'] != 'pending')
{
header("Refresh: 0; url={$TBDEV['baseurl']}/ok.php?type=confirmed");
exit();
}
Code:
@mysql_query("UPDATE users SET status='confirmed', editsecret='' WHERE id=$id AND status='pending'");
Code:
$pmcount = mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM messages WHERE receiver=".$CURUSER['id']." AND location >= '1' || sender=".$CURUSER['id']." AND saved = 'yes' ")) or sqlerr(__FILE__,__LINE__);
Code:
if ($pm_id)
{
// Move a single message
@sql_query("UPDATE messages SET location=" . sqlesc($pm_box) . " WHERE id=" . sqlesc($pm_id) . " AND receiver=" . $CURUSER['id'] . " LIMIT 1");
}