7c7 < include "db_connect.php"; --- > session_start(); 9,16d8 < $ut="registered"; < $msg=""; < $captcha_bit=" <

CAPTCHA

<


< copy the digits from the image into this box

< "; < $more=""; 22c14 < $utable="rusers"; //"musers"; --- > $utable="musers"; 24,148d15 < < < function get_random_word($min_length, $max_length) { < // grab a random word from dictionary between the two lengths < // and return it < < // generate a random word < $word = ''; < // remember to change this path to suit your system < $dictionary = '/usr/share/dict/words'; // the ispell dictionary < $fp = @fopen($dictionary, 'r'); < if(!$fp) { < if ($_SERVER['SERVER_PORT'] == "youllneverfindthis8888") { < return "pork"; < } else { < return false; < } < } < $size = filesize($dictionary); < < // go to a random location in dictionary < $rand_location = rand(0, $size); < fseek($fp, $rand_location); < < // get the next whole word of the right length in the file < while ((strlen($word) < $min_length) || (strlen($word)>$max_length) || (strstr($word, "'"))) { < if (feof($fp)) { < fseek($fp, 0); // if at end, go to start < } < $word = fgets($fp, 80); // skip first word as it could be partial < $word = fgets($fp, 80); // the potential password < } < $word = trim($word); // trim the trailing \n from fgets < return $word; < } < < function reset_password($username) { < global $utable, $msg; < // set password for username to a random value < // return the new password or false on failure < // get a random dictionary word b/w 6 and 13 chars in length < $new_password = get_random_word(6, 13); < < if($new_password == false) { < $msg='Could not generate new password.'; < throw new Exception('Could not generate new password.'); < } < < // add a number between 0 and 999 to it < // to make it a slightly better password < $rand_number = rand(0, 999); < $new_password .= $rand_number; < < // set user's password to this in database or return false < $conn = db_connect(); < $result = mysql_query("update " . $utable . " < set password = sha1('".$new_password."') < where username = '".$username."'"); < if (!$result) { < $msg='Could not change password.'; < throw new Exception('Could not change password.'); // not changed < } else { < return $new_password; // changed successfully < } < } < < < < function notify_password($username, $password) { < // notify the user that their password has been changed < global $utable, $msg; < < $conn = db_connect(); < $result = mysql_query("select * from " . $utable . " < where username='".$username."'"); < if (!$result) { < $msg='Could not find email address.'; < throw new Exception('Could not find email address.'); < } else if (mysql_num_rows($result) == 0) { < $msg='Could not find email address.'; < throw new Exception('Could not find email address.'); < // username not in db < } else { < $row = mysql_fetch_row($result, MYSQL_NUM); < $email = $row[2]; < $from = "From: rmetcalfe@rjmprogramming.com.au \r\n"; < $mesg = "Your Things That We Have in Common password has been changed to ".$password."\r\n"; < < < if (mail($email, 'Things That We Have in Common login information', $mesg, $from)) { < return true; < } else { < $msg='Could not send email.'; < throw new Exception('Could not send email.'); < } < } < } < < if (isset($_POST['username']) || isset($_POST['rusername']) || isset($_POST['fusername'])) { < session_start(); < if ($_POST['captcha'] != $_SESSION['digit']) { < $msg="Sorry, the CAPTCHA code entered was incorrect!"; < } else if (isset($_POST['rusername'])) { < insertuser(); < } else if (isset($_POST['fusername'])) { < $nextpage="login.php"; < $nextval="Login Page"; < $fusername = $_POST['fusername']; < try { < $fpassword = reset_password($fusername); < try { < notify_password($fusername, $fpassword); < $msg="Your new password has been emailed to you."; < } catch (Exception $ee1) { < $msg="Your password could not be notified - please try again later."; < } < } catch (Exception $ee2) { < $msg="Your password could not be notified - please try again later."; < } < } < session_destroy(); < } < session_start(); < < 168,197d34 < function insertuser() { < global $dbname, $link, $utable; < $pusername=""; < if ( isset( $_POST['rusername'] ) ) { < $pusername=urldecode($_POST['rusername']); < } < $ppassword=""; < if ( isset( $_POST['rpassword'] ) ) { < $ppassword=urldecode($_POST['rpassword']); < } < $remail=""; < if ( isset( $_POST['email'] ) ) { < $remail=urldecode($_POST['email']); < } < $pstatus="registered"; < if ( isset( $_POST['usertype'] ) ) { < $pstatus=urldecode($_POST['usertype']); < } < try { < if (!$link) $link = db_connect(); < if (!$link) { < die('Could not connect: ' . mysql_error()); < } < mysql_select_db($dbname); < $result = mysql_query("insert into " . $utable . " values ('".$pusername."', '".$ppassword."', '".$remail."', '".$pstatus."')"); < } catch (Exception $e) { < die('Could not connect: ' . mysql_error()); < } < } < 222c59 < if ($msg == "") $msg="Please log in here:"; --- > $msg="Please log in here:"; 232,292c69,70 < echo 'Registration or login
<
--- > echo '
> 305c83 <
' . $captcha_bit . '
--- >
309,347c87 <
Register
< <

Forgot password?
< <


--- >
352c92 < //include "db_connect.php"; --- > include "db_connect.php"; 387c127 < if (urldecode($_POST['password']) != $row[1]) { //$ip]) { --- > if (urldecode($_POST['password']) != $row[$ip]) { 390,402d129 < } else if ($row[3] == "registered") { < $ut="registered"; < $_SESSION['usertype']="registered"; < $nextpage="registered.php"; < $nextval="Registered User Page"; < } else if ($row[3] == "subscriber") { < $ut="subscriber"; < $_SESSION['usertype']="subscriber"; < $nextpage="subscriber.php"; < $nextval="Subscriber Page"; < } else { < $ut="admin"; < $_SESSION['usertype']="admin"; 433c160 < } --- > } 441c168 <
--- >