";
$more="";
$nextpage="member.php";
$nextval="Member Page";
$backtostr="";
$backtoonload="";
$dbname="users";
$utable="rusers"; //"musers";
$ucolumn="username";
function get_random_word($min_length, $max_length) {
// grab a random word from dictionary between the two lengths
// and return it
// generate a random word
$word = '';
// remember to change this path to suit your system
$dictionary = '/usr/share/dict/words'; // the ispell dictionary
$fp = @fopen($dictionary, 'r');
if(!$fp) {
if ($_SERVER['SERVER_PORT'] == "youllneverfindthis8888") {
return "pork";
} else {
return false;
}
}
$size = filesize($dictionary);
// go to a random location in dictionary
$rand_location = rand(0, $size);
fseek($fp, $rand_location);
// get the next whole word of the right length in the file
while ((strlen($word) < $min_length) || (strlen($word)>$max_length) || (strstr($word, "'"))) {
if (feof($fp)) {
fseek($fp, 0); // if at end, go to start
}
$word = fgets($fp, 80); // skip first word as it could be partial
$word = fgets($fp, 80); // the potential password
}
$word = trim($word); // trim the trailing \n from fgets
return $word;
}
function reset_password($username) {
global $utable, $msg;
// set password for username to a random value
// return the new password or false on failure
// get a random dictionary word b/w 6 and 13 chars in length
$new_password = get_random_word(6, 13);
if($new_password == false) {
$msg='Could not generate new password.';
throw new Exception('Could not generate new password.');
}
// add a number between 0 and 999 to it
// to make it a slightly better password
$rand_number = rand(0, 999);
$new_password .= $rand_number;
// set user's password to this in database or return false
$conn = db_connect();
$result = mysql_query("update " . $utable . "
set password = sha1('".$new_password."')
where username = '".$username."'");
if (!$result) {
$msg='Could not change password.';
throw new Exception('Could not change password.'); // not changed
} else {
return $new_password; // changed successfully
}
}
function notify_password($username, $password) {
// notify the user that their password has been changed
global $utable, $msg;
$conn = db_connect();
$result = mysql_query("select * from " . $utable . "
where username='".$username."'");
if (!$result) {
$msg='Could not find email address.';
throw new Exception('Could not find email address.');
} else if (mysql_num_rows($result) == 0) {
$msg='Could not find email address.';
throw new Exception('Could not find email address.');
// username not in db
} else {
$row = mysql_fetch_row($result, MYSQL_NUM);
$email = $row[2];
$from = "From: rmetcalfe@rjmprogramming.com.au \r\n";
$mesg = "Your Things That We Have in Common password has been changed to ".$password."\r\n";
if (mail($email, 'Things That We Have in Common login information', $mesg, $from)) {
return true;
} else {
$msg='Could not send email.';
throw new Exception('Could not send email.');
}
}
}
if (isset($_POST['username']) || isset($_POST['rusername']) || isset($_POST['fusername'])) {
session_start();
if ($_POST['captcha'] != $_SESSION['digit']) {
$msg="Sorry, the CAPTCHA code entered was incorrect!";
} else if (isset($_POST['rusername'])) {
insertuser();
} else if (isset($_POST['fusername'])) {
$nextpage="login.php";
$nextval="Login Page";
$fusername = $_POST['fusername'];
try {
$fpassword = reset_password($fusername);
try {
notify_password($fusername, $fpassword);
$msg="Your new password has been emailed to you.";
} catch (Exception $ee1) {
$msg="Your password could not be notified - please try again later.";
}
} catch (Exception $ee2) {
$msg="Your password could not be notified - please try again later.";
}
}
session_destroy();
}
session_start();
if( isset( $_GET['utable'] ) ) {
$utable=$_GET['utable'];
}
if( isset( $_POST['utable'] ) ) {
$utable=$_POST['utable'];
}
if( isset( $_GET['dbname'] ) ) {
$dbname=$_GET['dbname'];
}
if( isset( $_POST['dbname'] ) ) {
$dbname=$_POST['dbname'];
}
if( isset( $_GET['ucolumn'] ) ) {
$ucolumn=$_GET['ucolumn'];
}
if( isset( $_POST['ucolumn'] ) ) {
$ucolumn=$_POST['ucolumn'];
}
function insertuser() {
global $dbname, $link, $utable;
$pusername="";
if ( isset( $_POST['rusername'] ) ) {
$pusername=urldecode($_POST['rusername']);
}
$ppassword="";
if ( isset( $_POST['rpassword'] ) ) {
$ppassword=urldecode($_POST['rpassword']);
}
$remail="";
if ( isset( $_POST['email'] ) ) {
$remail=urldecode($_POST['email']);
}
$pstatus="registered";
if ( isset( $_POST['usertype'] ) ) {
$pstatus=urldecode($_POST['usertype']);
}
try {
if (!$link) $link = db_connect();
if (!$link) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db($dbname);
$result = mysql_query("insert into " . $utable . " values ('".$pusername."', '".$ppassword."', '".$remail."', '".$pstatus."')");
} catch (Exception $e) {
die('Could not connect: ' . mysql_error());
}
}
if (!isset($_SERVER["PHP_AUTH_USER"]) && !isset($_GET['use401']) && !isset($_GET['donotuse401']) && !isset($_POST['donotuse401'])) {
if (isset($_GET["backto"])) {
echo "";
} else {
echo "";
}
exit;
}
if( isset( $_GET['logout'] ) ) {
session_destroy();
header('Location: ' . $_SERVER['PHP_SELF'] . '?' . urldecode($_GET['logout']));
exit;
}
if( !isset( $_SESSION['login'] ) || isset($_GET['donotuse401']) || isset($_POST['donotuse401'])) {
if ((!isset($_SERVER["PHP_AUTH_USER"]) || isset($_GET['donotuse401']) || isset($_POST['donotuse401'])) && ($_GET['donotuse401'] != "form" && $_POST['donotuse401'] != "form")) {
if (isset($_GET['use401'])) {
header("WWW-authenticate: basic realm=\"authorized usage\"");
header("HTTP/1.0 401 Unauthorized");
echo "Your username/password is incorrect ...";
exit;
} else {
if ($msg == "") $msg="Please log in here:";
if ($_GET['donotuse401'] == "Error") $msg="Cannot reach database. Please log in here:";
if ($_GET['donotuse401'] == "error") $msg="Wrong username/password. Please log in here:";
if ($_POST['donotuse401'] == "Error") $msg="Cannot reach database. Please log in here:";
if ($_POST['donotuse401'] == "error") $msg="Wrong username/password. Please log in here:";
if (isset($_GET["backto"])) {
$backtostr='';
} else if (isset($_POST["backto"])) {
$backtostr='';
}
echo 'Registration or login