<?phprequire('../../../includes/config.php');require('../../../structure/dat

1. <?php
2. require('../../../includes/config.php');
3. require('../../../structure/database.php');
4. require('../../../structure/base.php');
5. require('../../../structure/user.php');
6.  
7. $database = new database($db_host, $db_name, $db_user, $db_password);
8. $base = new base($database);
9. $user = new user($database);
10.  
11. //set some basic vars
12. $username = $user->getUsername($_COOKIE['user'], 2);
13. $rank = $user->getRank($username);
14. ?>
15. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
16. <html xmlns:IE>
17.  
18. <head>
19. <meta http-equiv="Expires" content="0">
20. <meta http-equiv="Pragma" content="no-cache">
21. <meta http-equiv="Cache-Control" content="no-cache">
22. <meta name="MSSmartTagsPreventParsing" content="TRUE">
23. <meta http-equiv="Content-Type" content="text/html; charset=EUC-JP">
24. <title><?php echo $data['wb_title']; ?></title>
25. <link href="../../../css/basic-3.css" rel="stylesheet" type="text/css" media="all">
26. <link href="../../../css/main/title-5.css" rel="stylesheet" type="text/css" media="all">
27. <script src="http://code.jquery.com/jquery-latest.min.js"></script>
28. <link rel="shortcut icon" href="../../../img/favicon.ico"/>
29. <?php include('../../../includes/google_analytics.html'); ?>
30. <style>
31. fieldset {
32. text-align: left;
33. border: 2px solid #625437;
34. width: 95%;
35. position: relative;
36. margin: 10px;
37. padding-left: 10px;
38. background-color: transparent;
39. }
40.  
41. legend {
42. color: #625437;
43. font-weight: bold;
44. font-size: 15px;
45. }
46.  
47. label {
48. display: block;
49. height: 20px;
50. text-align: center;
51. }
52.  
53. textarea {
54. display: block;
55. width: 200px;
56. height: 100px;
57. }
58.  
59. </style>
60. <script type="text/javascript">
61. function goBack() {
62. window.history.back();
63. }
64. </script>
65. </head>
66.  
67. <div id="body">
68. <?php //$base->getNavBar($username, $path, $rank); ?>
69.  
70. <div style="text-align: center; background: none;">
71. <div class="titleframe e">
72. <b>Password Support</b><br/>
73. <a href="../../../index">ScapeRune Home</a>
74. </div>
75. </div>
76. </div>
77.  
78. <div class="frame e" style="overflow:auto;">
79. <?php
80. $content = nl2br($_POST['message']);
81. if(isset($POST['message'])) {
82. if(strlen($_POST['message']) > 300) {
83. $content = 'Your entry can\'t be longer than 300 characters!';
84. } else {
85.  
86. }
87. }
88. //make sure user doesn't already have a recovery request submitted
89. $database->processQuery("SELECT * FROM `tracking` WHERE " . time() . " - `time` < 7200 AND `ip` = ? LIMIT 1", array($_SERVER['REMOTE_ADDR']), false);
90.  
91. if ($database->getRowCount() >= 1) {
92. echo '<center>Oops! You have already submitted a recovery request.<br /><br /> <a href="../../../index"Main Menu</a></center>';
93.  
94. } elseif (!isset($_POST['username'])) {
95. ?>
96.  
97. <form action="recover_password.php" method="POST">
98. <input type="text" name="username" maxlength="12"><input type="submit" value="Continue">
99. </form>
100.  
101. <?php
102. } elseif (!$user->doesExist($_POST['username'])) {
103. echo 'No user exists with that username!<br /> <input type="button" value="Back" onclick="goBack()" />';
104. } else {
105.  
106. $questions[] = array();
107. $questions[0] = 'Where was your first vacation?:';
108. $questions[1] = 'Who was your first best friend?:';
109. $questions[2] = 'What was your first pets name?:';
110. $questions[3] = 'Who was your first boyfriend/girlfriend?:';
111. $questions[4] = 'What color was your first bedroom?:';
112. $questions[5] = 'Who is your favorite musical artist?';
113.  
114. //extract data
115. $data = $database->processQuery("SELECT * FROM `recoveries` WHERE `id` = ? LIMIT 1", array($user->getIdByName($_POST['username'])), false);
116.  
117. if ($database->getRowCount() == 0 || $user->getUsername($_COOKIE['user'], 2) == $_POST['username']) {
118. echo 'Temporarily disabled! <input type="button" value="Back" onclick="goBack()" />';
119. } elseif (!isset($_POST['answer']) && !isset($_POST['bypass'])) {
120. ?>
121. <fieldset class="question">
122. <legend>Important Information</legend>
123. This form will allow you to request that a new password is set for the account: <b><?php echo '"'.$_POST['username']. '"'; ?></b>.
124. <br /><br />
125. <img style="float: left" src="/img/title2/lock.gif">
126. <span style="font-weight: bold; color: rgb(255, 187, 34);">Want to be back in game sooner? If you want to get back in game quickly, here are a few tips:</span><br/><br/>
127.  
128. Please answer all the questions below to confirm that you are the real owner of the account.<br/><br/>
129. Enter the earliest and most specific information about the account that you can.<br/><br/>
130. Take the time to remember as much detail as possible. The more detail you give us, <b>the quicker you
131. can be
132. back in game</b>
133. <br/><br/>
134. If you really don't know the answer to a question, leave the answer box blank.<br/><br/>
135. <b>Remember:</b> The more questions you answer correctly, the sooner you can be back in game!
136. </fieldset>
137. <br/>
138.  
139. <fieldset class="question">
140. <legend>Answer Recovery Questions</legend>
141. <p style="text-align: center">If you have set these, you must try to answer at least three. Recovery
142. answers
143. have a minimum length of 3 characters.
144. Recovery answers can only contain the characters A-Z, 0-9 and accented characters such as &#233; or
145. &#252;.
146. Other characters will not count towards the length.</p>
147.  
148. <label><b>I have not set any recovery questions</b>
149. <input type="checkbox" class="input_control" value="subject"/></label>
150.  
151. <form action="recover_password.php" method="POST">
152. <input type="hidden" name="username" value="<?php echo $_POST['username']; ?>">
153. <table cellpadding="6" style="margin-left:auto;margin-right:auto;">
154. <?php
155. $i = 0;
156. foreach ($questions as $question) {
157. $i++;
158. ?>
159. <tr>
160. </tr>
161. <tr>
162. <td><?php echo $question; ?>&ensp;
163. <input type="text" class="textbox" name="answer[]" maxlength="40"
164. style="display: block;"></td>
165. </tr>
166. <?php
167. }
168. ?>
169. </table>
170. </form>
171. </fieldset>
172.  
173. <fieldset class="question">
174. <legend>Your New Password</legend>
175. <p style="text-align: center">These must match exactly for the appeal to proceed.<br/>
176. For advice on setting a good password, please click <a style="color: rgb(255, 187, 34);"
177. target="_blank"
178. href="/kbase/viewarticle7564.html?article_id=2087">here</a>
179. (Opens in a new window).</p>
180. <table>
181. <tr>
182. <td style="vertical-align: middle"><b>Enter a new password for your account: <input type="text"
183. name="username"></b>
184. </td>
185. </tr>
186. <tr>
187. <td style="vertical-align: middle"><b>&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&emsp;&ensp;&ensp;Please
188. enter it again: <input type="text" name="username"></b></td>
189. </tr>
190. </table>
191. </fieldset>
192.  
193. <form action="recover_password.php" method="POST">
194. <input type="hidden" name="username" value="<?php echo $_POST['username']; ?>">
195. <input type="hidden" name="bypass">
196. <fieldset class="question">
197. <legend>Other Details</legend>
198. When did you create this account?
199. <table>
200. <tr>
201. <td style="vertical-align: middle">
202. If you have any other details which would help you prove your ownership of this
203. account, please enter them here.<br/>
204. Please <b>do not</b> provide us with any of this following personal information, your full
205. name, home
206. address, email address or telephone number.<br/><br/>
207. <span class='textcounter' id="counter1">You have 300 characters remaining</span>
208. </td>
209. <td>
210. <textarea style="height: 120px; width: 450px;" name="message" class="textlimited"
211. data-textcounterid="counter1" maxlength="300" rows="4" cols="50"></textarea><br/>
212. <input type="submit" value="Submit"/>
213. </td>
214. </tr>
215. </table>
216. </form>
217. </fieldset>
218. <?php
219. } else if(isset($_POST['answers'])) {
220. //validate answers
221. $errors = array();
222. $answers = $_POST['answer'];
223. $i = 0;
224.  
225. foreach ($answers as $answer) {
226. $i++;
227.  
228. if (strlen($answer) < 3 || strlen($answer) > 35) {
229. $errors[] = 'Question #' . $i . ' must be at least three characters and no more than 26 characters.';
230. }
231.  
232. if (preg_match('#[^a-zA-Z0-9$/^[\p{L}-]*$/u ]#', $answer)) {
233. $errors[] = 'Question #' . $i . ' contains illegal characters.';
234. }
235. }
236.  
237. if (count($errors) >= 1) {
238. //back button
239. ?>
240. <center><input type="button" value="Back" onclick="goBack()"/></center> <?php
241.  
242. //display errors
243. foreach ($errors as $error) {
244. echo $error . '<br/>';
245. }
246. } else {
247. //generate a tracking ID
248. $rand_hash = $base->randomString(11);
249. $tracking_id = substr($rand_hash, 0, 3) . '-' . substr($rand_hash, 4, 3) . '-' . substr($rand_hash, 7, 3);
250.  
251. //create the recovery request
252. $database->processQuery("INSERT INTO `tracking` VALUES (null, ?, ?, NOW(), ?, ?, 0, ?, ?, ?, ?, ?, ?, ?)", array($content, $user->getIdByName($_POST['username']), $_SERVER['REMOTE_ADDR'], time(), $tracking_id, $answers[0], $answers[1], $answers[2], $answers[3], $answers[4], $answers[5], $content), false);
253.  
254. ?>
255. <fieldset class="question">
256. <legend>Success!</legend>
257. You have successfully submitted an account recovery request. Your request will be
258. reviewed and processed within the next 48 hours. To track your account recovery
259. progress you can use the <b>recovery tracking ID</b>.<br><br> <b>Please make
260. note</b> of the the tracking ID provided to you and store it in a <b>safe</b>,
261. <b>secure</b> location so you don't lose or forget it.</b>
262. </fieldset>
263. <br/>
264. <br/>
265. <b>Tracking ID: <?php echo $tracking_id; ?></b>
266.  
267. <?php
268. }
269. } else if(isset($_POST['bypass'])) {
270. //generate a tracking ID
271. $rand_hash = $base->randomString(11);
272. $tracking_id = substr($rand_hash, 0, 3) . '-' . substr($rand_hash, 4, 3) . '-' . substr($rand_hash, 7, 3);
273.  
274. //create the recovery request
275. $database->processQuery("INSERT INTO `tracking` VALUES (null, ?, ?, NOW(), ?, ?, 0, ?, ?, ?, ?, ?, ?, ?)", array($user->getIdByName($_POST['username']), $_SERVER['REMOTE_ADDR'], time(), $tracking_id, 'answer0', 'answer1', 'answer2', 'answer3', 'answer4', 'answer5', $content, ), false);
276.  
277. ?>
278. <fieldset class="question">
279. <legend>Success!</legend>
280. You have successfully submitted an account recovery request. Your request will be
281. reviewed and processed within the next 48 hours. To track your account recovery
282. progress you can use the <b>recovery tracking ID</b>.<br><br> <b>Please make
283. note</b> of the the tracking ID provided to you and store it in a <b>safe</b>,
284. <b>secure</b> location so you don't lose or forget it.</b>
285. </fieldset>
286. <br/>
287. <br/>
288. <b>Tracking ID: <?php echo $tracking_id; ?></b>
289.  
290. <?php
291. } else {
292. echo 'Error: dead end.';
293. }
294. }
295. ?>
296. <br/>
297. <br/>
298.  
299. <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
300. <script type="text/javascript">
301. //checks how many characters are remaining
302. // the selector below will catch the keyup events of elements decorated with class textlimited and have a maxlength
303. $('.textlimited[maxlength]').keyup(function () {
304. //get the fields limit
305. var maxLength = $(this).attr("maxlength");
306.  
307. // check if the limit is passed
308. if (this.value.length > maxLength) {
309. return false;
310. }
311.  
312. // find the counter element by the id specified in the source input element
313. var counterElement = $(".textcounter#" + $(this).data("textcounterid"));
314. // update counter 's text
315. counterElement.html("You have " + (maxLength - this.value.length) + " chararacters remaining");
316. });
317.  
318. //checks if the user has selected no recoveries and disables the textareas
319. $(document).ready(function () {
320. $('.input_control').change(function () {
321. $(".textbox").prop('disabled', this.checked);
322. $(".textarea").prop('disabled', this.checked);
323. });
324. $('.input_control').prop('checked', false);
325. $('.input_control').trigger('change');
326. });
327.  
328. // for future development
329. var months = [
330. {DaysInMonth: 31, Name: "January"},
331. {DaysInMonth: 31, Name: "February"},
332. {DaysInMonth: 31, Name: "March"},
333. {DaysInMonth: 31, Name: "April"},
334. {DaysInMonth: 31, Name: "May"},
335. {DaysInMonth: 31, Name: "June"},
336. {DaysInMonth: 31, Name: "July"},
337. {DaysInMonth: 31, Name: "August"},
338. {DaysInMonth: 31, Name: "September"},
339. {DaysInMonth: 31, Name: "October"},
340. {DaysInMonth: 31, Name: "November"},
341. {DaysInMonth: 31, Name: "December"}
342. ];
343. $(function () {
344. var monthSelector = $('select[name=month]');
345. $.each(months, function (index, month) {
346. $('<option></option>')
347. .attr('label', month.Name)
348. .attr('value', index)
349. .html(month.DaysInMonth)
350. .appendTo(monthSelector);
351. });
352.  
353. var yearSelector = $('select[name=ano]');
354. for (var year = 2015; year <= 2016; year++)
355. $('<option></option>')
356. .attr('label', year)
357. .attr('value', year)
358. .html(year)
359. .appendTo(yearSelector);
360. });
361.  
362. //limits the characters input in the 'other details' text area
363. function charLimit(limitField, limitNum) {
364. if (limitField.value.length > limitNum) {
365. limitField.value = limitField.value.substring(0, limitNum);
366. }
367. }
368. </script>
369. <div style="clear: both;"></div>
370. </div>
371. </div>
372. </div>
373. </div>
374.  
375. <div class="tandc"><?php echo $data['wb_foot']; ?></div>
376. </div>
377. </body>
378. </html>