Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- require('../../../includes/config.php');
- require('../../../structure/database.php');
- require('../../../structure/base.php');
- require('../../../structure/user.php');
- $database = new database($db_host, $db_name, $db_user, $db_password);
- $base = new base($database);
- $user = new user($database);
- //set some basic vars
- $username = $user->getUsername($_COOKIE['user'], 2);
- $rank = $user->getRank($username);
- //no errors prevalent
- $err = 0;
- if(isset($_POST['password']) || isset($_POST['password2'])) {
- if($_POST['password'] != $_POST['password2'])
- {
- $err = 1;
- }
- if($err == 0)
- {
- //generate a salt
- $salt = substr(hash(sha256, sha1(time())), 10);
- $requested_password = $salt.hash(sha256, md5(sha1($_POST['password']))).substr($salt, 0, -51);
- $_SESSION['salt'] = $salt;
- $_SESSION['password'] = $requested_password;
- }
- }
- ?>
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
- <html xmlns:IE>
- <head>
- <meta http-equiv="Expires" content="0">
- <meta http-equiv="Pragma" content="no-cache">
- <meta http-equiv="Cache-Control" content="no-cache">
- <meta name="MSSmartTagsPreventParsing" content="TRUE">
- <meta http-equiv="Content-Type" content="text/html; charset=EUC-JP">
- <title><?php echo $data['wb_title']; ?></title>
- <link href="../../../css/basic-3.css" rel="stylesheet" type="text/css" media="all">
- <link href="../../../css/main/title-5.css" rel="stylesheet" type="text/css" media="all">
- <script src="http://code.jquery.com/jquery-latest.min.js"></script>
- <link rel="shortcut icon" href="../../../img/favicon.ico"/>
- <?php include('../../../includes/google_analytics.html'); ?>
- <style>
- fieldset {
- text-align: left;
- border: 2px solid #625437;
- width: 95%;
- position: relative;
- margin: 10px;
- padding-left: 10px;
- background-color: transparent;
- }
- legend {
- color: #625437;
- font-weight: bold;
- font-size: 15px;
- }
- label {
- display: block;
- height: 20px;
- text-align: center;
- }
- textarea {
- display: block;
- width: 200px;
- height: 100px;
- }
- </style>
- <script type="text/javascript">
- function goBack() {
- window.history.back();
- }
- </script>
- </head>
- <div id="body">
- <?php //$base->getNavBar($username, $path, $rank); ?>
- <div style="text-align: center; background: none;">
- <div class="titleframe e">
- <b>Password Support</b><br/>
- <a href="../../../index">Main Menu</a>
- </div>
- </div>
- </div>
- <div class="frame e" style="overflow:auto;">
- <?php
- //get the users registration date
- $reg_date = $_POST['month'] . '-' . $_POST['year'];
- //get the contents of the messages
- $content = nl2br($_POST['message']);
- if (isset($_POST['message'])) {
- if (strlen($_POST['message']) > 300) {
- $content = 'Your entry can\'t be longer than 300 characters!';
- } else {
- }
- }
- //make sure user doesn't already have a recovery request submitted
- $database->processQuery("SELECT * FROM `tracking` WHERE " . time() . " - `time` < 7200 AND `ip` = ? LIMIT 1", array($_SERVER['REMOTE_ADDR']), false);
- if ($database->getRowCount() >= 1) {
- echo '<center>Oops! You have already submitted a recovery request.<br /><br /> <a href="../../../index"Main Menu</a></center>';
- } elseif (!isset($_POST['username'])) {
- ?>
- <form action="recover_password.php" method="POST">
- <input type="text" name="username" maxlength="12"><input type="submit" value="Continue">
- </form>
- <?php
- } elseif (!$user->doesExist($_POST['username'])) {
- echo 'No user exists with that username!<br /> <input type="button" value="Back" onclick="goBack()" />';
- } else {
- $questions[1] = 'Where was your first vacation? ';
- $questions[2] = 'Who was your first bestfriend? ';
- $questions[3] = 'Where were you born? ';
- $questions[4] = 'What was your first pets name? ';
- $questions[5] = 'Who was your first boyfriend/girlfriend? ';
- //extract data
- $data = $database->processQuery("SELECT * FROM `recoveries` WHERE `id` = ? LIMIT 1", array($user->getIdByName($_POST['username'])), false);
- if ($database->getRowCount() == 0 || $user->getUsername($_COOKIE['user'], 2) == $_POST['username']) {
- echo 'Temporarily disabled! <input type="button" value="Back" onclick="goBack()" />';
- } elseif (!isset($_POST['answer']) && !isset($_POST['bypass'])) {
- ?>
- <fieldset class="question">
- <legend>Important Information</legend>
- This form will allow you to request that a new password is set for the account:
- <b><?php echo '"' . $_POST['username'] . '"'; ?></b>.
- <br/><br/>
- <img style="float: left; padding-right: 1px" src="/img/title2/lock.gif">
- <span style="font-weight: bold; color: rgb(255, 187, 34);">
-  Want to be back in game sooner? If you want to get back in game quickly, <br /> here are a few tips:</span><br /><br />
-  Please answer all the questions below to confirm that you are the real owner of the <br /> account.<br /><br />
-  Enter the earliest and most specific information about the account that you can.<br /><br />
-  Take the time to remember as much detail as possible. The more details you give us, <b><br /> the quicker you
- can be
- back in game</b>
- <br/><br/>
-  If you really don't know the answer to a question, leave the answer box blank.<br/><br/>
- <b>Remember:</b> The more questions you answer correctly, the sooner you can be back in game!
- </fieldset>
- <br/>
- <fieldset class="question">
- <legend>Answer Recovery Questions</legend>
- <p style="text-align: center">If you have set these, you must try to answer at least three. Recovery
- answers
- have a minimum length of 3 characters.
- Recovery answers can only contain the characters A-Z, 0-9 and accented characters such as é or
- ü.
- Other characters will not count towards the length.</p>
- <label><b>I have not set any recovery questions</b>
- <input type="checkbox" class="input_control" value="subject"/></label>
- <form action="recover_password.php" method="POST">
- <input type="hidden" name="username" value="<?php echo $_POST['username']; ?>">
- <table cellpadding="6" style="margin-left:auto;margin-right:auto;">
- <?php
- $i = 0;
- foreach ($questions as $question) {
- $i++;
- ?>
- <tr>
- </tr>
- <tr>
- <td><?php echo $question; ?> 
- <input type="text" class="textbox" name="answer[]" maxlength="40" value=""
- style="display: block; vertical-align: middle"></td>
- </tr>
- <?php
- }
- ?>
- </table>
- </form>
- </fieldset>
- <?php
- if($err == 0) {
- ?>
- <form action="recover_password.php" method="POST">
- <fieldset class="password">
- <legend>Your New Password</legend>
- <p style="text-align: center">These must match exactly for the appeal to proceed.<br/>
- For advice on setting a good password, please click <a style="color: rgb(255, 187, 34);"
- target="_blank"
- href="/kbase/viewarticle7564.html?article_id=2087">here</a>
- (Opens in a new window).</p>
- <table>
- <tr>
- <td style="vertical-align: middle"><b>Enter a new password for your account:
- <input id="password1" name="password" type="password" value="">
- </td>
- </tr>
- <tr>
- <td style="vertical-align: middle"d><b>          Please
- enter it again: <input id="password2" name="password2" type="password" value=""></b></td>
- </tr>
- </table>
- </fieldset>
- <input type="hidden" name="username" value="<?php echo $_POST['username']; ?>">
- <input type="hidden" name="bypass">
- <fieldset class="details">
- <legend>Other Details</legend>
- <p style="float: left">When did you create this account? Giving<br/> us both month and year really helps!
- <span style=" position: absolute; top: 30px; left: 265px">
- <!-- Month dropdown -->
- <select name="month" id="reg_date" onchange="" size="1">
- <option value="January">January</option>
- <option value="February">February</option>
- <option value="March">March</option>
- <option value="April">April</option>
- <option value="May">May</option>
- <option value="June">June</option>
- <option value="July">July</option>
- <option value="August">August</option>
- <option value="September">September</option>
- <option value="October">October</option>
- <option value="November">November</option>
- <option value="December">December</option>
- </select>
- <!-- Year dropdown -->
- <select name="year" id="reg_date" onchange="" size="1">
- <option value="2016">2016</option>
- <option value="2015">2015</option>
- </select>
- </span>
- </p>
- <table>
- <tr>
- <td style="vertical-align: middle">
- If you have any other details which would help you prove your ownership of this
- account, please enter them here.<br/>
- Please <b>do not</b> provide us with any of this following personal information, your full
- name, home
- address, email address or telephone number.<br/><br/>
- <span class='textcounter' id="counter1">You have 300 characters remaining</span>
- </td>
- <td>
- <textarea style="height: 120px; width: 450px;" name="message" class="textlimited"
- data-textcounterid="counter1" maxlength="300" rows="4" cols="50"></textarea><br/>
- <input type="submit" value="Submit" id="submit" required/>
- </td>
- </tr>
- </table>
- </form>
- </fieldset>
- <?php
- } else {
- echo '<center>';
- switch($err)
- {
- case 1:
- echo 'The passwords you entered did not match. <input type="button" value="Back" onclick="goBack()" />';
- break;
- default:
- echo 'Undefined error. <input type="button" value="Back" onclick="goBack()" />';
- break;
- }
- echo '</center>';
- }
- } else
- if (isset($_POST['answers'])) {
- //validate answers
- $errors = array();
- $answers = $_POST['answer'];
- $i = 0;
- foreach ($answers as $answer) {
- $i++;
- if (strlen($answer) < 3 || strlen($answer) > 40) {
- $errors[] = 'Question #' . $i . ' must be at least three characters and no more than 26 characters.';
- }
- if (preg_match('#[^a-zA-Z0-9$/^[\p{L}-]*$/u ]#', $answer)) {
- $errors[] = 'Question #' . $i . ' contains illegal characters.';
- }
- }
- if (count($errors) >= 1) {
- //back button
- ?>
- <center><input type="button" value="Back" onclick="goBack()"/></center> <?php
- //display errors
- foreach ($errors as $error) {
- echo $error . '<br/>';
- }
- } else {
- //generate a tracking ID
- $rand_hash = $base->randomString(11);
- $tracking_id = substr($rand_hash, 0, 3) . '-' . substr($rand_hash, 4, 3) . '-' . substr($rand_hash, 7, 3);
- //create the recovery request
- $database->processQuery("INSERT INTO `tracking` VALUES (null, ?, ?, NOW(), ?, ?, 0, ?, ?, ?, ?, ?, ?, ?, ?)", array($user->getIdByName($_POST['username']), $_SERVER['REMOTE_ADDR'], time(), $tracking_id, $answers[1], $answers[2], $answers[3], $answers[4], $answers[5], $content, $reg_date, $requested_password), false);
- ?>
- <fieldset class="question">
- <legend>Success!</legend>
- You have successfully submitted an account recovery request. Your request will be
- reviewed and processed within the next 48 hours. To track your account recovery
- progress you can use the <b>recovery tracking ID</b>.<br><br> <b>Please make
- note</b> of the the tracking ID provided to you and store it in a <b>safe</b>,
- <b>secure</b> location so you don't lose or forget it.</b>
- </fieldset>
- <br/>
- <br/>
- <b>Tracking ID: <?php echo $tracking_id; ?></b>
- <?php
- }
- } else if (isset($_POST['bypass'])) {
- //generate a tracking ID
- $rand_hash = $base->randomString(11);
- $tracking_id = substr($rand_hash, 0, 3) . '-' . substr($rand_hash, 4, 3) . '-' . substr($rand_hash, 7, 3);
- //create the recovery request
- $database->processQuery("INSERT INTO `tracking` VALUES (null, ?, ?, NOW(), ?, ?, 0, ?, ?, ?, ?, ?, ?, ?, ?)", array($user->getIdByName($_POST['username']), $_SERVER['REMOTE_ADDR'], time(), $tracking_id, 'answer1', 'answer2', 'answer3', 'answer4', 'answer5', $content, $reg_date, $requested_password), false);
- ?>
- <fieldset class="question">
- <legend>Success!</legend>
- You have successfully submitted an account recovery request. Your request will be
- reviewed and processed within the next 48 hours. To track your account recovery
- progress you can use the <b>recovery tracking ID</b>.<br><br> <b>Please make
- note</b> of the the tracking ID provided to you and store it in a <b>safe</b>,
- <b>secure</b> location so you don't lose or forget it.</b>
- </fieldset>
- <br/>
- <br/>
- <b>Tracking ID: <?php echo $tracking_id; ?></b>
- <?php
- } else {
- echo 'Error: dead end.';
- }
- }
- ?>
- <br/>
- <br/>
- <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
- <script type="text/javascript">
- //checks how many characters are remaining
- // the selector below will catch the keyup events of elements decorated with class textlimited and have a maxlength
- $('.textlimited[maxlength]').keyup(function () {
- //get the fields limit
- var maxLength = $(this).attr("maxlength");
- // check if the limit is passed
- if (this.value.length > maxLength) {
- return false;
- }
- // find the counter element by the id specified in the source input element
- var counterElement = $(".textcounter#" + $(this).data("textcounterid"));
- // update counter 's text
- counterElement.html("You have " + (maxLength - this.value.length) + " chararacters remaining");
- });
- //checks if the user has selected no recoveries and disables the textareas
- $(document).ready(function () {
- $('.input_control').change(function () {
- $(".textbox").prop('disabled', this.checked);
- $(".textarea").prop('disabled', this.checked);
- });
- $('.input_control').prop('checked', false);
- $('.input_control').trigger('change');
- });
- //limits the characters input in the 'other details' text area
- function charLimit(limitField, limitNum) {
- if (limitField.value.length > limitNum) {
- limitField.value = limitField.value.substring(0, limitNum);
- }
- }
- </script>
- <div style="clear: both;"></div>
- </div>
- </div>
- </div>
- </div>
- <div class="tandc"><?php echo $data['wb_foot']; ?></div>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
