require "config.php"; function generatecode($length) { $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; $count = mb_strlen($chars); for ($i = 0, $result = ''; $i < $length; $i++) { $index = rand(0, $count - 1); $result .= mb_substr($chars, $index, 1); } return $result; } $length=8; if ($logout) { $WOMloginok="";$WOMuser_id=""; setcookie("WOMloginok",$WOMloginok,1); setcookie("WOMuser_id",$WOMuser_id,1); $login=1; } elseif (!$WOMloginok) { if (!($username&&$password)) {$login=1;if ($submit) {$error="Missing Data";}} else { // check that username and password are legal to avoid MySQL injection if (ereg("[^a-zA-Z0-9]",$username)||ereg("[^a-zA-Z0-9!]",$password)) { $myemail="jan@stuif.com"; $subject="Login attempt with illegal characters"; $content="Login attempt with $username ($password)"; $headers = "From: webmaster@waterfallsofmalaysia.com.com\r\n"; $headers .= "Return-Path: webmaster@waterfallsofmalaysia.com.com\r\n"; mail($myemail,$subject,$content,$headers); $username= "illegal";$password="illegal"; } // else { } $query="SELECT code_id,name FROM commenters WHERE username='$username' AND password='$password'"; $result=mysql_query($query); $num=mysql_num_rows($result); if ($num) { list($WOMuser_id,$name)=mysql_fetch_row($result); $WOMloginok='1'; setcookie("WOMloginok",$WOMloginok); setcookie("WOMuser_id",$WOMuser_id); setcookie("name",$name); } else {$login=1;$error="Wrong Login Info "; $myemail="jan@stuif.com"; $subject="Wrong Login Info"; $content="Login with $username ($password)"; $headers = "From: webmaster@waterfallsofmalaysia.com.com\r\n"; $headers .= "Return-Path: webmaster@waterfallsofmalaysia.com.com\r\n"; mail($myemail,$subject,$content,$headers); } } } if ($send) { if (!$email) {$forgot=1;$warning="Missing E-mail";} else {$query="SELECT name,username,password FROM commenters WHERE email=\"$email\""; $result=mysql_query($query); $num=mysql_num_rows($result); if ($num) {$login=1; list($name,$username,$password)=mysql_fetch_row($result); $subject="You forgot your login info"; $content="Dear $name,\nYour username is: $username\nYour password is: $password\n"; $headers = "From: webmaster@waterfallsofmalaysia.com\r\n"; $headers .= "Cc: webmaster@waterfallsofmalaysia.com\r\n"; $headers .= "Return-Path: webmaster@waterfallsofmalaysia.com\r\n"; mail($email,$subject,$content,$headers); } else {$forgot=1;$warning="Unknown e-mail address";} } } ?>
if ($register) { if ($newname&&$newusername&&$newemail) { if ($mailinglist) {$listtext="Your e-mail address has been added to our mailing list";} $query="SELECT id FROM commenters WHERE BINARY username='$newusername'"; $result=mysql_query($query); $num=mysql_num_rows($result); $query="SELECT id FROM commenters WHERE email='$newemail'"; $result=mysql_query($query); $num1=mysql_num_rows($result); if (ereg("[^a-zA-Z0-9]",$newusername)) {$newuser=1;$warning="Illegal characters in username";} elseif (!ereg('[_a-zA-z0-9\-]+(\.[_a-zA-z0-9\-]+)*\@' . '[_a-zA-z0-9\-]+(\.[a-zA-z]{1,3})+', $newemail)){$newuser=1;$warning="Invalid email address";} elseif ($num) {$newuser=1;$warning="Username exists already";} elseif ($num1) {$newuser=1;$warning="This email address has been registered already";} else { $password=mkpasswd();$code_id=generatecode($length); $query="INSERT INTO commenters (name,email,username,password,mailinglist,code_id) VALUES ('$newname','$newemail','$newusername','$password','$mailinglist','$code_id')"; $result=mysql_query($query); $subject="Welcome to Waterfalls of Malaysia"; $content="Dear $newname,\nYour username is: $newusername\nYour password is: $password\nGo to http://waterfallsofmalaysia.com.com and login\n$listtext"; $headers = "From: webmaster@waterfallsofmalaysia.com.com\r\n"; $headers .= "Cc: webmaster@waterfallsofmalaysia.com.com\r\n"; $headers .= "Return-Path: webmaster@waterfallsofmalaysia.com.com\r\n"; mail($newemail,$subject,$content,$headers); echo" A confirmation mail with your password has been sent to your e-mail address $newemail\n"; } } else {$newuser=1;$warning="Missing Data";} } elseif ($userupdate) { if ($newname&&$newusername&&$newemail&&$newpassword&&$confirmpassword) { $query="SELECT id FROM commenters WHERE BINARY username='$newusername' AND code_id != '$WOMuser_id'"; $result=mysql_query($query); $num=mysql_num_rows($result); $query="SELECT id FROM commenters WHERE email='$newemail' AND code_id != '$WOMuser_id'"; $result=mysql_query($query); $num1=mysql_num_rows($result); if (ereg("[^a-zA-Z0-9]",$newusername)) {$preferences=1;$warning="Illegal characters in username";} elseif (!ereg('[_a-zA-z0-9\-]+(\.[_a-zA-z0-9\-]+)*\@' . '[_a-zA-z0-9\-]+(\.[a-zA-z]{1,3})+', $newemail)){$preferences=1;$warning="Invalid email address";} elseif ($num) {$preferences=1;$warning="Username exists already";} elseif ($num1) {$preferences=1;$warning="This email address has been registered already";} elseif ($newpassword != $confirmpassword) {$preferences=1;$warning="Passwords don't match";} else { $query="UPDATE commenters SET name='$newname',email='$newemail',username='$newusername',password='$newpassword',mailinglist='$mailinglist' WHERE code_id='$WOMuser_id'"; $result=mysql_query($query); echo" Your user data have been updated\n"; } } else {$preferences=1;$warning="Missing Data";} } elseif ($submit1) { if ($comment) { $pos = stripos($comment, ' |