Email Challenge

Email Challenge

Email Challenge

"; } if(!$username) $_SESSION['username']="tempuser"; include("$path"."/admin/conf/connection-database-admin.php"); $id =$_POST['id']; if(!$id){$id=$_GET['id']; if($id) $nomessage=1; }; $code =$_POST['code']; $control=$_POST['control']; $session_email=$_SESSION['session_email']; if($debug>0) echo "code database= $code_database, received code $code"; if(!$session_email) { // get username $result=mysql_query("SELECT username FROM $database.users WHERE id='$id' "); $row=mysql_fetch_array($result); $user=$row['username']; if($debug>0) echo "user: $user"; if(!$user) { $user="contact"; // get id of "contact" $result=mysql_query("SELECT id FROM $database.users WHERE username='contact' "); $row=mysql_fetch_array($result); $id=$row['id']; } } /* echo "
";*/ // get the code if(!$session_email) { $condition=" type='image_code' AND tablename='users' AND record_id='$id' "; $result=mysql_query("SELECT * FROM $database.scms_tmp WHERE $condition "); $row=mysql_fetch_array($result); $tmp_id=$row['id']; $code_database=$row['content']; } else $code_database=$_SESSION['image_code']; // display challenge and store the code for the user if($code_database!=$code or !$code) { $status=0; $self=$_SERVER['REQUEST_URI']; if(!preg_match("/\&\;/is",$self)) $self=preg_replace("/&/","&",$self); $timestamp=time(); echo "
"; if($session_email) echo "\"\""; else echo "\"\""; //include("$path"."/image/form-security-image.php"); /* if(eregi("FR",$language)) { echo "
Pour afficher l'email, recopier le code en caractères gras et bleu dans l'image ci-dessus:"; } else echo "
To display the email, please copy only characters in bold blue font of the code displayed above:";*/ echo "
"; if($language=="DE") echo "Sicherheitscode: bitte übertragen Sie die farbige fette Schriftzeichen im angezeigten Bild in das nebenstehende Eingabefeld."; elseif($language=="FR") echo "Code de sécurité: recopier SVP les caractères gras et en couleur dans le champ suivant"; else echo "Security check: please copy the bold and colored characters of the code displayed above:"; echo " "; flush(); sleep(1); // wait 1 second to prevent attempt echo "

"; } if( $control) { if($code_database!=$code or !$code) { if($debug==1) echo "code db=$code_database!=$code=received code
user id: $id, username: $user "; echo "The code is wrong. Try again.
"; $log_message="[WARNING: wrong challenge code]"; $_SESSION['email_challenge']=0; } else { if($session_email) $email=$session_email; elseif($user) { $result =mysql_query("SELECT * FROM $database.users WHERE username='$user' "); $row =mysql_fetch_array($result); $email =$row['email']; $lastname =$row['lastname']; $firstname =$row['firstname']; } echo "

Access OK

"; echo "
Email: $email"; if($firstname) echo " ($firstname $lastname)"; $_SESSION['email_challenge']=1; // show all emails from now on //remove code in database to prevent reload if(!$session_email) mysql_query("UPDATE $database.scms_tmp SET content='' WHERE $condition ") or die("\n UPDATE Error: ".mysql_error()); else {$_SESSION['image_code']="";$_SESSION['session_email']="";} $log_message="[challenge code OK] "; } } /* echo "
"; */ if($direct_access) {echo " "; } if($_SESSION['username']=="tempuser") { $_SESSION['username']=""; $username="";} if($turn_log_on==1) log_event($log_message); ?>

This site uses cookies and analysis tools to improve the usability of the site. More information. |