<?phperror_reporting(E_ALL)/** * Copyright (c) 2006, 2007 * * Florian

1. <?php
2. error_reporting(E_ALL)
3. /**
4. * Copyright (c) 2006, 2007
5. *
6. * Florian Schreier. All rights reserved.
7. *
8. * Redistribution and use in source and binary forms, with or without modification,
9. * are permitted provided that the following conditions are met:
10. *
11. * 1. Redistributions of source code must retain the above copyright notice,
12. * this list of conditions and the following disclaimer.
13. * 2. Redistributions in binary form must reproduce the above copyright notice,
14. * this list of conditions and the following disclaimer in the documentation
15. * and/or other materials provided with the distribution.
16. * 3. The names of its contributors may never be used to endorse or promote
17. * products derived from this software without specific prior written permission.
18. *
19. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20. * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22. * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
23. * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
25. * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
26. * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
27. * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29. *
30. * @author tomilo <tomilo@gmx.net>
31. * @author waRhawK <whk@gmx.de>
32. * @package trooptool
33. * @subpackage rtwwmod
34. */
35. require_once "config.php";
36.  
37. if (isset($_POST['action']) AND ($_POST['action'] == text('pw_submit')) AND !empty($_POST['lostpw_name'])) {
38. //---neues Passwort erstellen!
39. $sql="SELECT
40. name,
41. email
42. FROM
43. ".PREFIX."spieler
44. WHERE
45. name = '".$_POST['lostpw_name']."'";
46. $result = mysql_query($sql) OR die(mysql_error());
47. $row = mysql_fetch_assoc($result);
48. if ($row['email'] == $_POST['lostpw_email']) { //wenn email gleich, generiere neues Passwort
49. //Zufallsgenerator für neues Passwort
50. $zeichen="abcdefghijlmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
51. $passwort="";
52. mt_srand((double)microtime()*1000000);
53. for ($i=0; $i<8; $i++) {
54. $passwort .= $zeichen{mt_rand(0,(mb_strlen($zeichen)-1))};
55. }
56.  
57. //speichert neues Passwort in die Datenbank
58. $sql="UPDATE
59. ".PREFIX."spieler
60. SET
61. pass = '".md5($passwort)."'
62. WHERE
63. name = '".$_POST['lostpw_name']."'";
64. mysql_query($sql) OR die(mysql_error());
65.  
66. //versendet neues Passwort an den Spieler
67. $headers = "From:".$row['email']."\n";
68. $headers .= 'X-Mailer: PHP/' . phpversion() . "\n";
69. $headers .= 'X-Sender-IP: ' . $_SERVER['REMOTE_ADDR'] . "\n";
70. $headers .= "Content-type: text\n";
71.  
72. $subject="Truppentool: New Password";
73.  
74. $message="Hello ".$_POST['lostpw_name']."\n
75. a new password has been generated for you:\n
76. ".$passwort."\n
77. you can log in with this password.";
78.  
79. mail($row['email'], $subject, $message, $headers);
80.  
81. //erfolgreich
82. $fehler = "The new pasword will be mailed to you in a short time.";
83. } else { //wenn emails nicht gleich, Fehlermeldung ausgeben
84. $fehler = "Your E-Mail did not match, please give the mail provided with the registration.";
85. }
86. }
87.  
88. write_header(text('login_header'));
89. ?>
90.  
91. <div class="oben"><?php include "oben.php"; ?></div>
92. <div class="menu"><?php include "menu2.php"; ?></div>
93. <div class="mitte2">
94.  
95. <?php
96. if(isset($_GET['action']) AND $_GET['action']=="lostpw") {
97. ?>
98. <form action="index.php?action=lostpw" method="post" accept-charset="utf-8">
99. <table class="itable" cellpadding="2" cellspacing="1" width="500">
100. <tr>
101. <td colspan="4" class="header1"><?php echo text('pw_header')?></td>
102. </tr>
103. <tr>
104. <td colspan="4" class="header2"><?php echo text('pw_text')?></td>
105. </tr>
106. <tr>
107. <td class="zeile2"><nobr><label class="fieldLabel"><?php echo text('pw_name')?></label></nobr></td>
108. <td><input class="ibox f100" type="text" name="lostpw_name"></td>
109. <td class="zeile2"><nobr><label class="fieldLabel"><?php echo text('pw_email')?></label></nobr></td>
110. <td><input class="ibox f200" type="text" name="lostpw_email"></td>
111. </tr>
112. <tr>
113. <td colspan="4"><input class="submit" type="submit" name="action" value="<?php echo text('pw_submit')?>"></td>
114. </tr>
115. </table>
116. </form>
117. <?php
118. } else {
119. ?>
120. <form action="index.php" method="post" accept-charset="utf-8">
121. <table class="itable" cellpadding="2" cellspacing="1">
122. <tr>
123. <td colspan="2" class="header1"><?php echo text('login_header')?></td>
124. </tr>
125. <tr>
126. <td class="zeile2" width="100"><label class="fieldLabel"><?php echo text('login_name')?></label></td>
127. <td><input class="ibox f100" type="text" name="name"></td>
128. </tr>
129. <tr>
130. <td class="zeile2" width="100"><label class="fieldLabel"><?php echo text('login_pass')?></label></td>
131. <td><input class="ibox f100" type="password" name="pass"></td>
132. </tr>
133. <tr>
134. <td colspan="2"><input class="submit" type="submit" value="<?php echo text('login_submit')?>"></td>
135. </tr>
136. </table>
137. </form>
138. <?php
139. }
140. if (isset($fehler)) {
141. ?>
142. <div style="border:solid 1px #C0C0C0; width:400px; text-align:center;"><?php echo $fehler?></div>
143. <?php
144. }
145. ?>
146. </div>
147.  
148. </body>
149. </html>