smoky28 |
5th August 2011 16:53 |
recover.php white page
Pils help tsse 5.6 nulled by Danix recover.php white page.
PHP Code:
<? /***********************************************/ /*=========[TS Special Edition v.5.6]==========*/ /*=============[Special Thanks To]=============*/ /* DrNet - wWw.SpecialCoders.CoM */ /* Vinson - wWw.Decode4u.CoM */ /* MrDecoder - wWw.Fearless-Releases.CoM */ /* Fynnon - wWw.BvList.CoM */ /***********************************************/
function hash_pad ($hash) { return str_pad ($hash, 20); }
require_once 'global.php'; include_once INC_PATH . '/functions_security.php'; gzip (); dbconn (); failedloginscheck ('Recover'); $lang->load ('recover'); define ('R_VERSION', '1.3.4 by xam'); if ($CURUSER) { stderr ($lang->global['error'], $lang->recover['error']); }
$act = (isset ($_GET['act']) ? $_GET['act'] : (isset ($_POST['act']) ? $_POST['act'] : '')); if ($act == 'manual') { if (strtoupper ($_SERVER['REQUEST_METHOD']) == 'POST') { $_GET['id'] = $_POST['id']; $_GET['secret'] = $_POST['secret']; } else { $lang->load ('confirm'); $form = ' <form method="post" action="' . $_SERVER['SCRIPT_NAME'] . '?act=manual"> <input type="hidden" name="act" value="manual" /> <table border="0" cellspacing="0" cellpadding="5" width="100%"> <tr> <td colspan="2" class="thead">' . $lang->confirm['manual1'] . '</td> </tr> <tr> <td colspan="2" class="subheader">' . $lang->confirm['manual4'] . '</td> </tr> <tr> <td align="right">' . $lang->confirm['manual2'] . '</td> <td align="left"><input type="text" name="id" value="" size="32" /></td> </tr> <tr> <td align="right">' . $lang->confirm['manual3'] . '</td> <td align="left"><input type="text" name="secret" value="" size="32" /></td> </tr> <tr> <td colspan="2" align="center"><input type="submit" value="' . $lang->confirm['manual5'] . '" /></td> </tr> </table> </form> '; stdhead ($lang->confirm['manual1'], false); echo $form; stdfoot (); exit (); } } if (($_SERVER['REQUEST_METHOD'] == 'POST' AND empty ($act))) { function safe_email ($email) { return str_replace (array ('<', '>', '\\\'', '\\"', '\\\\'), '', $email); }
function unesc ($x) { if (get_magic_quotes_gpc ()) { return stripslashes ($x); }
return $x; }
if (($iv == 'yes' OR $iv == 'reCAPTCHA')) { check_code ($_POST['imagestring'], 'recover.php', true); }
$email = unesc (htmlspecialchars (trim ($_POST['email']))); $email = safe_email ($email); if (!$email) { failedlogins ($lang->global['dontleavefieldsblank'], true); }
if (!check_email ($email)) { failedlogins ($lang->recover['error2'], true); }
($res = sql_query ('SELECT id, passhash, email FROM users WHERE email=' . sqlesc ($email) . ' LIMIT 1') OR sqlerr (__FILE__, 100)); ($arr = mysql_fetch_assoc ($res) OR failedlogins ($lang->recover['error3'], true)); $sec = mksecret (); sql_query ('DELETE FROM ts_user_validation WHERE userid = ' . sqlesc ($arr['id'])); (sql_query ('INSERT INTO ts_user_validation (editsecret, userid) VALUES (' . sqlesc ($sec) . ', ' . sqlesc ($arr['id']) . ')') OR sqlerr (__FILE__, 104)); if (!mysql_affected_rows ()) { stderr ($lang->global['error'], $lang->global['dberror']); }
$hash = md5 ($sec . $email . $arr['passhash'] . $sec); $ip = getip (); $body = sprintf ($lang->recover['body'], $email, $ip, $BASEURL, $arr['id'], $hash, $SITENAME, 'recover'); sent_mail ($arr['email'], sprintf ($lang->recover['subject'], $SITENAME), $body, 'recover'); stdhead ($lang->recover['head']); stdmsg ($lang->recover['head'], $lang->recover['msent'], true, 'success'); stdfoot (); exit (); return 1; }
if (($_GET['id'] AND $_GET['secret'])) { $id = (int)$_GET['id']; $md5 = $_GET['secret']; if (((empty ($id) OR !is_valid_id ($id)) OR strlen ($md5) != 32)) { stderr ($lang->global['error'], $lang->recover['invalidcodeorid']); }
$res = sql_query ('SELECT u.username, u.email, u.passhash, e.editsecret FROM users u LEFT JOIN ts_user_validation e ON (u.id=e.userid) WHERE u.id = ' . sqlesc ($id)); ($arr = mysql_fetch_assoc ($res) OR stderr ($lang->global['error'], $lang->global['nouserid'])); $email = $arr['email']; $sec = hash_pad ($arr['editsecret']); if (preg_match ('/^ *$/s', $sec)) { stderr ($lang->global['error'], $lang->recover['invalidcodeorid']); }
if ($md5 != md5 ($sec . $email . $arr['passhash'] . $sec)) { stderr ($lang->global['error'], $lang->recover['invalidcode3']); }
$newpassword = mksecret (10); $sec = mksecret (); $newpasshash = md5 ($sec . $newpassword . $sec); (sql_query ('UPDATE users SET secret=' . sqlesc ($sec) . ', passhash=' . sqlesc ($newpasshash) . ' WHERE id=' . sqlesc ($id)) OR stderr ($lang->global['error'], $lang->global['dberror'])); if (!mysql_affected_rows ()) { stderr ($lang->global['error'], $lang->global['dberror']); }
sql_query ('DELETE FROM ts_user_validation WHERE userid = ' . sqlesc ($id)); $body = sprintf ($lang->recover['body2'], $arr['username'], $newpassword, $BASEURL, $SITENAME); sent_mail ($email, sprintf ($lang->recover['subject2'], $SITENAME), $body, 'details'); return 1; }
define ('SKIP_RELOAD_CODE', true); stdhead ($lang->recover['head'], false); $error = ''; if (!empty ($_GET['error'])) { if ($_GET['error'] == 1) { $error = '<tr><td colspan="2"><div class="error">' . sprintf ($lang->recover['errortype1'], remaining ()) . '</div></td></tr>'; } else { if ($_GET['error'] == 2) { $error = '<tr><td colspan="2"><div class="error">' . sprintf ($lang->global['invalidimagecode'], remaining ()) . '</div></td></tr>'; } } }
echo ' <form method="post" action="' . $_SERVER['SCRIPT_NAME'] . '" name="recover" onsubmit="document.forms[\'recover\'].elements[\'send\'].disabled=true; document.forms[\'recover\'].elements[\'send\'].value=\'' . $lang->global['pleasewait'] . '\';"> <table width="100%" border="1" cellspacing="0" cellpadding="5"> <tr> <td align="center" class="thead">' . $lang->recover['head'] . '</td> </tr> <tr> <td>' . sprintf ($lang->recover['info'], $maxloginattempts) . '</td> </tr> </table> <table width="100%" border="1" cellspacing="0" cellpadding="5"> <tr> <td colspan="2" align="center" class="thead">' . $lang->recover['head'] . '</td> </tr>'; if (isset ($error)) { echo $error; }
echo ' <tr> <td class="rowhead" style="vertical-align: middle;">' . $lang->recover['fieldemail'] . '</td> <td><input type="text" size="26" name="email" id="email" class="inputUsername" /> ' . ($iv == 'no' ? ' <input type="submit" value="' . $lang->global['buttonrecover'] . '" class="button" name="send" />' : '') . '</td> </tr>'; show_image_code (true, $lang->global['buttonrecover'], 'name="send" '); echo ' </table> </form> <script type="text/javascript"> //<![CDATA[ reload(); function reload () { TSGetID(\'regimage\').src = "' . $BASEURL . '/include/class_tscaptcha.php?" + (new Date()).getTime(); return; }; //]]> </script> '; stdfoot (); ?>
|