Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > Template Shares
Reply
  #1  
Old 5th August 2011, 16:53
smoky28's Avatar
smoky28 smoky28 is offline
Senior Member
 
Join Date: Aug 2010
Hungary
Posts: 82
Red face recover.php white page
Pils help tsse 5.6 nulled by Danix recover.php white page.

PHP Code:
<?
/***********************************************/
/*=========[TS Special Edition v.5.6]==========*/
/*=============[Special Thanks To]=============*/
/*        DrNet - wWw.SpecialCoders.CoM        */
/*          Vinson - wWw.Decode4u.CoM          */
/*    MrDecoder - wWw.Fearless-Releases.CoM    */
/*           Fynnon - wWw.BvList.CoM           */
/***********************************************/

  
  
function hash_pad ($hash)
  {
    return 
str_pad ($hash20);
  }

  require_once 
'global.php';
  include_once 
INC_PATH '/functions_security.php';
  
gzip ();
  
dbconn ();
  
failedloginscheck ('Recover');
  
$lang->load ('recover');
  
define ('R_VERSION''1.3.4 by xam');
  
  if (
$CURUSER)
  {
    
stderr ($lang->global['error'], $lang->recover['error']);
  }

  
$act = (isset ($_GET['act']) ? $_GET['act'] : (isset ($_POST['act']) ? $_POST['act'] : ''));
  if (
$act == 'manual')
  {
    if (
strtoupper ($_SERVER['REQUEST_METHOD']) == 'POST')
    {
      
$_GET['id'] = $_POST['id'];
      
$_GET['secret'] = $_POST['secret'];
    }
    else
    {
      
$lang->load ('confirm');
      
$form '
        <form method="post" action="' 
$_SERVER['SCRIPT_NAME'] . '?act=manual">
        <input type="hidden" name="act" value="manual" />
        <table border="0" cellspacing="0" cellpadding="5" width="100%">
            <tr>
                <td colspan="2" class="thead">' 
$lang->confirm['manual1'] . '</td>
            </tr>
            <tr>
                <td colspan="2" class="subheader">' 
$lang->confirm['manual4'] . '</td>
            </tr>
            <tr>
                <td align="right">' 
$lang->confirm['manual2'] . '</td>
                <td align="left"><input type="text" name="id" value="" size="32" /></td>
            </tr>
            <tr>
                <td align="right">' 
$lang->confirm['manual3'] . '</td>
                <td align="left"><input type="text" name="secret" value="" size="32" /></td>
            </tr>
            <tr>
            <td colspan="2" align="center"><input type="submit" value="' 
$lang->confirm['manual5'] . '" /></td>
            </tr>
        </table>
        </form>
        '
;
      
stdhead ($lang->confirm['manual1'], false);
      echo 
$form;
      
stdfoot ();
      exit ();
    }
  }
 
  if ((
$_SERVER['REQUEST_METHOD'] == 'POST' AND empty ($act)))
  {
    function 
safe_email ($email)
    {
      return 
str_replace (array ('<''>''\\\'''\\"''\\\\'), ''$email);
    }

    function 
unesc ($x)
    {
      if (
get_magic_quotes_gpc ())
      {
        return 
stripslashes ($x);
      }

      return 
$x;
    }

    if ((
$iv == 'yes' OR $iv == 'reCAPTCHA'))
    {
      
check_code ($_POST['imagestring'], 'recover.php'true);
    }

    
$email unesc (htmlspecialchars (trim ($_POST['email'])));
    
$email safe_email ($email);
    if (!
$email)
    {
      
failedlogins ($lang->global['dontleavefieldsblank'], true);
    }

    if (!
check_email ($email))
    {
      
failedlogins ($lang->recover['error2'], true);
    }

    (
$res sql_query ('SELECT id, passhash, email FROM users WHERE email=' sqlesc ($email) . ' LIMIT 1') OR sqlerr (__FILE__100));
    (
$arr mysql_fetch_assoc ($res) OR failedlogins ($lang->recover['error3'], true));
    
$sec mksecret ();
    
sql_query ('DELETE FROM ts_user_validation WHERE userid = ' sqlesc ($arr['id']));
    (
sql_query ('INSERT INTO ts_user_validation (editsecret, userid) VALUES (' sqlesc ($sec) . ', ' sqlesc ($arr['id']) . ')') OR sqlerr (__FILE__104));
    if (!
mysql_affected_rows ())
    {
      
stderr ($lang->global['error'], $lang->global['dberror']);
    }

    
$hash md5 ($sec $email $arr['passhash'] . $sec);
    
$ip getip ();
    
$body sprintf ($lang->recover['body'], $email$ip$BASEURL$arr['id'], $hash$SITENAME'recover');
    
sent_mail ($arr['email'], sprintf ($lang->recover['subject'], $SITENAME), $body'recover');
    
stdhead ($lang->recover['head']);
    
stdmsg ($lang->recover['head'], $lang->recover['msent'], true'success');
    
stdfoot ();
    exit ();
    return 
1;
  }

  if ((
$_GET['id'] AND $_GET['secret']))
  {
    
$id = (int)$_GET['id'];
    
$md5 $_GET['secret'];
    if (((empty (
$id) OR !is_valid_id ($id)) OR strlen ($md5) != 32))
    {
      
stderr ($lang->global['error'], $lang->recover['invalidcodeorid']);
    }

    
$res sql_query ('SELECT u.username, u.email, u.passhash, e.editsecret FROM users u LEFT JOIN ts_user_validation e ON (u.id=e.userid) WHERE u.id = ' sqlesc ($id));
    (
$arr mysql_fetch_assoc ($res) OR stderr ($lang->global['error'], $lang->global['nouserid']));
    
$email $arr['email'];
    
$sec hash_pad ($arr['editsecret']);
    if (
preg_match ('/^ *$/s'$sec))
    {
      
stderr ($lang->global['error'], $lang->recover['invalidcodeorid']);
    }

    if (
$md5 != md5 ($sec $email $arr['passhash'] . $sec))
    {
      
stderr ($lang->global['error'], $lang->recover['invalidcode3']);
    }

    
$newpassword mksecret (10);
    
$sec mksecret ();
    
$newpasshash md5 ($sec $newpassword $sec);
    (
sql_query ('UPDATE users SET secret=' sqlesc ($sec) . ', passhash=' sqlesc ($newpasshash) . ' WHERE id=' sqlesc ($id)) OR stderr ($lang->global['error'], $lang->global['dberror']));
    if (!
mysql_affected_rows ())
    {
      
stderr ($lang->global['error'], $lang->global['dberror']);
    }

    
sql_query ('DELETE FROM ts_user_validation WHERE userid = ' sqlesc ($id));
    
$body sprintf ($lang->recover['body2'], $arr['username'], $newpassword$BASEURL$SITENAME);
    
sent_mail ($emailsprintf ($lang->recover['subject2'], $SITENAME), $body'details');
    return 
1;
  }

  
define ('SKIP_RELOAD_CODE'true);
  
stdhead ($lang->recover['head'], false);
  
$error '';
  if (!empty (
$_GET['error']))
  {
    if (
$_GET['error'] == 1)
    {
      
$error '<tr><td colspan="2"><div class="error">' sprintf ($lang->recover['errortype1'], remaining ()) . '</div></td></tr>';
    }
    else
    {
      if (
$_GET['error'] == 2)
      {
        
$error '<tr><td colspan="2"><div class="error">' sprintf ($lang->global['invalidimagecode'], remaining ()) . '</div></td></tr>';
      }
    }
  }

  echo 
'    
    <form method="post" action="' 
$_SERVER['SCRIPT_NAME'] . '" name="recover" onsubmit="document.forms[\'recover\'].elements[\'send\'].disabled=true; document.forms[\'recover\'].elements[\'send\'].value=\'' $lang->global['pleasewait'] . '\';">    
    <table width="100%" border="1" cellspacing="0" cellpadding="5">
        <tr>
            <td align="center" class="thead">' 
$lang->recover['head'] . '</td>
        </tr>
        <tr>
            <td>' 
sprintf ($lang->recover['info'], $maxloginattempts) . '</td>
        </tr>
    </table>
    <br />
    <table width="100%" border="1" cellspacing="0" cellpadding="5">        
    <tr>
        <td colspan="2" align="center" class="thead">' 
$lang->recover['head'] . '</td>
    </tr>'
;
  if (isset (
$error))
  {
    echo 
$error;
  }

  echo 
'
    <tr>
        <td class="rowhead" style="vertical-align: middle;">' 
$lang->recover['fieldemail'] . '</td>
        <td><input type="text" size="26" name="email" id="email" class="inputUsername" />
        ' 
. ($iv == 'no' 
        <input type="submit" value="' 
$lang->global['buttonrecover'] . '" class="button" name="send" />' '') . '</td>
    </tr>'
;
  
show_image_code (true$lang->global['buttonrecover'], 'name="send" ');
  echo 
'
    </table>
    </form>
    <script type="text/javascript">
        //<![CDATA[
        reload();
        function reload ()
        {
            TSGetID(\'regimage\').src = "' 
$BASEURL '/include/class_tscaptcha.php?" + (new Date()).getTime();
            return;
        };
        //]]>
    </script>
    '
;
  
stdfoot ();
?>
__________________
Sky-Tech Developer Team Hungary

Reply With Quote
  #2  
Old 5th August 2011, 19:27
x360zone's Avatar
x360zone x360zone is offline
Senior Member
 
Join Date: Jul 2011
United Kingdom
Posts: 915
Default logs
have you checked your error logs pal and if so what do they say?
__________________

7.5 tsse
future tracker source & hosting, vps
trackers installs + Themes
http://www.foxyhosting.co.uk
http://www.downmy.top testing zone
offshore vps & cpanel hosting & Shoutcast & VPN
STOP cyberbullying
any setups tracker installs vps hosting vps setups themes mods hit me up
over the last three months ive become a snake breeder,pythons,hogs,boa,corn,rat,king,carpet and what joy it is


Reply With Quote
  #3  
Old 6th August 2011, 07:55
smoky28's Avatar
smoky28 smoky28 is offline
Senior Member
 
Join Date: Aug 2010
Hungary
Posts: 82
Default
Error with tracker response.
__________________
Sky-Tech Developer Team Hungary

Reply With Quote
Reply

Tags
page , recoverphp , white

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 02:50. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.