<?php include_once dirname(__FILE__) . '/config/variables.php'; include_once dirname(__FILE__) . '/config/authpostmaster.php'; include_once dirname(__FILE__) . '/config/functions.php'; include_once dirname(__FILE__) . '/config/httpheaders.php'; check_user_exists($dbh, $_POST['localpart'], $_SESSION['domain_id'], 'adminfail.php'); if (preg_match("/['@%!\\/\\| ']/", $_POST['localpart'])) { header("Location: adminfail.php?badname={$_POST['localpart']}"); die; } $query = "INSERT INTO users (localpart, username, domain_id, smtp, pop,\n uid, gid, type, realname) SELECT :localpart,\n :username, :domain_id, ':fail:', ':fail:', uid, gid, 'fail',\n 'Fail' FROM domains WHERE domain_id=:domain_id"; $sth = $dbh->prepare($query); $success = $sth->execute(array(':localpart' => $_POST['localpart'], ':username' => $_POST['localpart'] . '@' . $_SESSION['domain'], ':domain_id' => $_SESSION['domain_id'])); if ($success) { header("Location: adminfail.php?added={$_POST['localpart']}"); } else { header("Location: adminfail.php?failadded={$_POST['localpart']}"); } ?> <!-- Layout and CSS tricks obtained from http://www.bluerobot.com/web/layouts/ -->
<?php include 'include/database.class.php'; /*If any registration is invalid, / set up error message in error string / to inform to the other page.error.php */ if (isset($_GET['uname'], $_GET['uemail'], $_GET['upassword'])) { $uname = filter_input(INPUT_GET, 'uname', FILTER_SANITIZE_STRING); // $uemail = $_GET['uemail']; $uemail = filter_input(INPUT_GET, 'uemail', FILTER_SANITIZE_EMAIL); $upassword = $_GET['upassword']; check_email($uemail); check_user_exists($uname, $uemail); check_password($upassword); insert_user($uname, $uemail, $upassword); } else { $mgs = "INFORMATION NOT PROPERLY SET"; send_error($mgs); } function check_email($uemail) { if (!filter_var($uemail, FILTER_VALIDATE_EMAIL)) { $mgs = "INVALID EMAIL"; send_error($mgs); } else { if (check_email_exists($uemail)) { $mgs = "EMAIL ALREADY REGISTERED"; send_error($mgs); exit; } else {
<?php # Resets user password # Generates a random string as new password and emails it. include "../includes/db_lib.php"; include "../includes/user_lib.php"; # Helper function to check email address validity function check_valid_email($email) { # TODO: # The following works for only >= PHP 5.2.0, hence not working on arc server. //return filter_var($email, FILTER_VALIDATE_EMAIL); return true; } $username = $_REQUEST['username']; $user_exists = check_user_exists($username); if ($user_exists == false) { $msg = "User <b>{$username}</b> not found. Please check the username entered."; } else { $user_profile = get_user_by_name($username); $email = $user_profile->email; # Remove the following line once get_user_profile works if (trim($email) == "") { $msg = "Email address not present for <b>{$username}</b>. Please contact sysadmin to reset your password."; } else { if (check_valid_email($email) === false) { $msg = "Email address <b>{$email}</b> not valid. Please contact sysadmin to reset your password."; } else { $new_password = get_random_password(); $password_changed = change_user_password($username, $new_password); if ($password_changed === false) {
function saveUberProject() { //Let's check to make sure everything is correct & there are no errors if (empty($_POST['up_nameofwork'])) { $errormsg .= "Overall Name of Uber Project is required.<br>"; } if (!empty($_POST['checkedoutby'])) { $checkedoutby = $_POST['checkedoutby']; $errormsg .= check_user_exists($checkedoutby, 'PPer/PPVer'); } /* if (!empty($_POST['up_topic_id'])) { $up_topic_id = $_POST['up_topic_id']; $result = mysql_query("SELECT forum_id FROM phpbb_topics WHERE topic_id = '$up_topic_id'"); if (mysql_num_rows($result) == 0) { $errormsg .= "Uber Project Topic must already exist - check topic id.<br>"; } } `up_topic_id` int(10) default NULL, `up_contents_post_id` int(10) default NULL, */ if (!empty($_POST['special'])) { $special = $_POST['special']; if (strncmp($special, 'Birthday', 8) == 0 or strncmp($special, 'Otherday', 8) == 0) { if (empty($_POST['bdayday']) or empty($_POST['bdaymonth'])) { $errormsg .= "Month and Day are required for Default Special of Birthday or Otherday.<br>"; } else { $bdaymonth = $_POST['bdaymonth']; $bdayday = $_POST['bdayday']; if (!checkdate($bdaymonth, $bdayday, 2000)) { $errormsg .= "Invalid date supplied for Default Special of Birthday or Otherday.<br>"; } else { if (strlen($special) == 8) { $special = $special . " " . $bdaymonth . $bdayday; } } } } } if (!empty($_POST['image_preparer'])) { $image_preparer = $_POST['image_preparer']; $errormsg .= check_user_exists($image_preparer, 'Image Preparer'); } if (!empty($_POST['text_preparer'])) { $text_preparer = $_POST['text_preparer']; $errormsg .= check_user_exists($text_preparer, 'Text Preparer'); } if (isset($errormsg)) { return $errormsg; exit; } //Format the language as pri_language with sec_language if pri_language is set //Otherwise set just the pri_language if (!empty($_POST['sec_language'])) { $language = $_POST['pri_language'] . " with " . $_POST['sec_language']; } else { $language = $_POST['pri_language']; } //If we are just updating an already existing uber project if (isset($_POST['up_projectid'])) { //Update the uber project database table with the updated info mysql_query("\n UPDATE uber_projects\n SET\n up_nameofwork='{$_POST['up_nameofwork']}',\n up_topic_id='{$_POST['up_topic_id']}',\n up_contents_post_id='{$_POST['up_contents_post_id']}',\n up_modifieddate=UNIX_TIMESTAMP(),\n up_description='{$_POST['up_description']}',\n d_nameofwork='{$_POST['nameofwork']}',\n d_authorsname='{$_POST['authorsname']}',\n d_checkedoutby='{$_POST['checkedoutby']}',\n d_language='{$language}',\n d_genre='{$_POST['genre']}',\n d_year='{$_POST['year']}',\n d_difficulty='{$_POST['difficulty_level']}',\n d_comments='{$_POST['comments']}',\n d_scannercredit='{$_POST['scannercredit']}',\n d_clearance='{$_POST['clearance']}',\n d_special='{$special}',\n d_image_source = '{$_POST['image_source']},\n d_image_preparer = '{$image_preparer}',\n d_text_preparer = '{$text_preparer}',\n d_extra_comments = '{$_POST['extra_comments']}'\n WHERE up_projectid='{$_POST['up_projectid']}'\n "); } else { global $up_projectid; //Insert a new row into the uber projects table mysql_query("\n INSERT INTO uber_projects\n (up_nameofwork, up_topic_id, up_contents_post_id, up_modifieddate, up_enabled, up_description,\n d_nameofwork, d_authorsname, d_language, d_comments, d_special, d_checkedoutby, d_scannercredit,\n d_clearance, d_year, d_genre, d_difficulty, d_image_source, d_image_preparer, d_text_preparer,\n d_extra_credits)\n VALUES (\n '{$_POST['up_nameofwork']}',\n '{$_POST['up_topic_id']}',\n '{$_POST['up_comments_post_id']}',\n UNIX_TIMESTAMP(),\n 1,\n '{$_POST['up_description']}',\n '{$_POST['nameofwork']}',\n '{$_POST['authorsname']}',\n '{$language}',\n '{$_POST['comments']}',\n '{$special}',\n '{$_POST['checkedoutby']}',\n '{$_POST['scannercredit']}',\n '{$_POST['clearance']}',\n '{$_POST['year']}',\n '{$_POST['genre']}',\n '{$_POST['difficulty_level']}',\n '{$_POST['image_source']},\n {$image_preparer},\n {$text_preparer},\n '{$_POST['extra_credits']}\n )\n "); $up_projectid = mysql_insert_id(); // '{$GLOBALS['pguser']}' // if topic / post IDs are blank : // create the auto uber post and/or the auto contents post ? // update uber_projects table with topic and/or post IDs } }
$_POST['on_avscan'] = 1; } else { $_POST['on_avscan'] = 0; } if (isset($_POST['on_spamassassin']) && $row['spamassassin'] == 1) { $_POST['on_spamassassin'] = 1; } else { $_POST['on_spamassassin'] = 0; } // Don't accept blank passwords if ($_POST['clear'] == "" && $_POST['vclear'] == "") { $junk = md5(time()); $_POST['clear'] = $junk; $_POST['vclear'] = $junk; } check_user_exists($db, $_POST['localpart'], $_SESSION['domain_id'], 'adminalias.php'); if (preg_match("/['@%!\\/\\|\" ']/", $_POST['localpart']) || preg_match("/^\\s*\$/", $_POST['realname'])) { header("Location: adminalias.php?badname={$_POST['localpart']}"); die; } $aliasto = preg_replace("/[', ']+/", ",", $_POST['smtp']); if (alias_validate_password($_POST['clear'], $_POST['vclear'])) { $query = "INSERT INTO users\n (localpart, username, domain_id, clear, smtp, pop, uid,\n gid, realname, type, admin, on_avscan, on_spamassassin, enabled)\n SELECT '{$_POST['localpart']}',\n '{$_POST['localpart']}@{$_SESSION['domain']}',\n '{$_SESSION['domain_id']}',\n '{$_POST['clear']}',\n '{$aliasto}',\n '{$aliasto}',\n uid,\n gid,\n '{$_POST['realname']}',\n 'alias',\n {$_POST['admin']},\n {$_POST['on_avscan']},\n {$_POST['on_spamassassin']},\n {$_POST['enabled']} from domains\n WHERE domains.domain_id={$_SESSION['domain_id']}"; $result = $db->query($query); if (!DB::isError($result)) { header("Location: adminalias.php?added={$_POST['localpart']}"); } else { header("Location: adminalias.php?failadded={$_POST['localpart']}"); } } else { header("Location: adminalias.php?badaliaspass={$_POST['localpart']}");
function add_user($name, $uname, $pass, $dpt, $level) { global $lse_db; $name = $lse_db->real_escape_string($name); $uname = $lse_db->real_escape_string($uname); $pass = $lse_db->real_escape_string($pass); $dpt = $lse_db->real_escape_string($dpt); $level = $lse_db->real_escape_string($level); $pass = md5($pass); $query = "INSERT INTO `users`(`user_name`,`user_uname`, `user_pass`, `user_dpt`,`user_level`)\n VALUES ('{$name}', '{$uname}', '{$pass}', '{$dpt}', {$level});"; if (!check_user_exists($uname)) { $res = $lse_db->query($query); if ($res) { $r['message'] = "Ok"; $r['type'] = 1; echo json_encode($r); } else { $r['message'] = "Eroare"; $r['type'] = 0; echo json_encode($r); } } else { $r['message'] = "Userul Exista"; $r['type'] = 0; echo json_encode($r); } }
function set_from_post() { if (get_magic_quotes_gpc()) { // Values in $_POST come with backslashes added. // We want the fields of $this to be unescaped strings, // so we strip the slashes. $_POST = array_map('stripslashes', $_POST); } $errors = ''; if (isset($_POST['projectid'])) { $projectid = validate_projectID('projectid', @$_POST['projectid']); $this->projectid = $projectid; $ucep_result = user_can_edit_project($this->projectid); if ($ucep_result == PROJECT_DOES_NOT_EXIST) { return _("parameter 'projectid' is invalid: no such project") . ": '{$this->projectid}'"; } else { if ($ucep_result == USER_CANNOT_EDIT_PROJECT) { return _("You are not authorized to manage this project.") . ": '{$this->projectid}'"; } else { if ($ucep_result == USER_CAN_EDIT_PROJECT) { // fine } else { return _("unexpected return value from user_can_edit_project") . ": '{$ucep_result}'"; } } } } else { if (isset($_POST['clone_projectid'])) { // we're creating a clone $clone_projectid = validate_projectID('clone_projectid', @$_POST['clone_projectid']); $this->clone_projectid = $clone_projectid; } } $this->nameofwork = @$_POST['nameofwork']; // we're using preg_match as this field will be space-normalised later if (preg_match('/^\\s*$/', $this->nameofwork)) { $errors .= "Name of work is required.<br>"; } $this->authorsname = @$_POST['authorsname']; if (preg_match('/^\\s*$/', $this->authorsname)) { $errors .= "Author is required.<br>"; } if (user_is_a_sitemanager()) { $this->projectmanager = @$_POST['username']; if ($this->projectmanager == '') { $errors .= _("Project manager is required.") . "<br>"; } else { $errors .= check_user_exists($this->projectmanager, 'Project manager'); } if (empty($errors) && !that_user_is_PM($this->projectmanager)) { $errors .= sprintf(_("%s is not a PM."), $this->projectmanager) . "<br>"; } } else { $this->projectmanager = ''; } $pri_language = @$_POST['pri_language']; if ($pri_language == '') { $errors .= _("Primary Language is required.") . "<br>"; } $sec_language = @$_POST['sec_language']; $this->language = $sec_language != '' ? "{$pri_language} with {$sec_language}" : $pri_language; $this->genre = @$_POST['genre']; if ($this->genre == '') { $errors .= _("Genre is required.") . "<br>"; } $this->image_source = @$_POST['image_source']; if ($this->image_source == '') { $errors .= _("Image Source is required. If the one you want isn't in list, you can propose to add it.") . "<br>"; $this->image_source = '_internal'; } /* else { if ($this->image_source == 'OTHER') { if (empty($_POST['imso_other'])) { $errors .= "When Image Source is OTHER, details must be supplied.<br>"; } else { $imso_other = $_POST['imso_other']; $this->image_source = "O:".$imso_other; } } } */ $this->special_code = @$_POST['special_code']; if ($this->special_code != '') { if (startswith($this->special_code, 'Birthday') || startswith($this->special_code, 'Otherday')) { if (empty($_POST['bdayday']) or empty($_POST['bdaymonth'])) { $errors .= _("Month and Day are required for Birthday or Otherday Specials.") . "<br>"; } else { $bdaymonth = $_POST['bdaymonth']; $bdayday = $_POST['bdayday']; if (!checkdate($bdaymonth, $bdayday, 2000)) { $errors .= _("Invalid date supplied for Birthday or Otherday Special.") . "<br>"; } else { if (strlen($this->special_code) == 8) { $this->special_code .= " " . $bdaymonth . $bdayday; } } } } } $this->checkedoutby = @$_POST['checkedoutby']; // if it's an existing project, we want to know its state if (isset($this->projectid)) { // Somewhat kludgey to have to do this query here. $res = mysql_query("\n SELECT state, checkedoutby, username\n FROM projects\n WHERE projectid='{$this->projectid}'\n ") or die(mysql_error()); list($state, $PPer, $PM) = mysql_fetch_row($res); $this->state = $state; // don't allow an empty PPer/PPVer if the project is checked out if (($this->state == PROJ_POST_FIRST_CHECKED_OUT || $this->state == PROJ_POST_SECOND_CHECKED_OUT) && $this->checkedoutby == '') { $errors .= _("This project is checked out: you must specify a PPer/PPVer"); $this->checkedoutby = $PPer; } if ($this->projectmanager == '') { $this->projectmanager = $PM; } } else { $this->state = ''; } if ($this->checkedoutby != '') { // make sure the named PPer/PPVer actually exists $errors .= check_user_exists($this->checkedoutby, 'PPer/PPVer'); } $this->image_preparer = @$_POST['image_preparer']; if ($this->image_preparer != '') { $errors .= check_user_exists($this->image_preparer, 'Image Preparer'); } $this->text_preparer = @$_POST['text_preparer']; if ($this->text_preparer != '') { $errors .= check_user_exists($this->text_preparer, 'Text Preparer'); } $this->posted = @$_POST['posted']; $this->postednum = @$_POST['postednum']; if ($this->posted) { // We are in the process of marking this project as posted. if ($this->postednum == '') { $errors .= _("Posted Number is required.") . "<br>"; } else { if (!preg_match('/^[1-9][0-9]*$/', $this->postednum)) { $errors .= sprintf(_("Posted Number \"%s\" is not of the correct format."), $this->postednum) . "<br>"; // You'll sometimes see PG etext numbers with a 'C' appended. // The 'C' is not part of the etext number // (e.g., it does not appear in PG's RDF catalog), // rather it's a bit of information about the identified text, // namely that it's still under (US) copyright. // Anyhow, the 'C' should not be included here. } } } $this->scannercredit = @$_POST['scannercredit']; $this->comments = @$_POST['comments']; $this->clearance = @$_POST['clearance']; $this->difficulty_level = @$_POST['difficulty_level']; $this->up_projectid = intval(@$_POST['up_projectid']); $this->original_marc_array_encd = @$_POST['rec']; $this->extra_credits = @$_POST['extra_credits']; $this->deletion_reason = @$_POST['deletion_reason']; if ($this->difficulty_level == '') { global $pguser; $this->difficulty_level = $pguser == "BEGIN" ? "beginner" : "average"; } return $errors; }
function add_user($user) { # Adds a new user account if (!check_user_exists($user->username)) { $saved_db = DbUtil::switchToGlobal(); $password = encrypt_password($user->password); $rwoptions = $user->rwoptions; if ($user->level == 17) { $user->rwoptions = LabConfig::getDoctorUserOptions(); } $query_string = "INSERT INTO user(username, password, actualname, level, created_by, lab_config_id, email, phone, lang_id, rwoptions) " . "VALUES ('{$user->username}', '{$password}', '{$user->actualName}', {$user->level}, {$user->createdBy}, '{$user->labConfigId}', '{$user->email}', '{$user->phone}', '{$user->langId}','{$user->rwoptions}')"; query_insert_one($query_string); DbUtil::switchRestore($saved_db); $saved_db = DbUtil::switchToGlobal(); $query_string = "SELECT user_id FROM user WHERE username='******' LIMIT 1"; $record = query_associative_one($query_string); $query_string = "INSERT INTO user_config(user_id, level, parameter, value, created_by, created_on, modified_by, modified_on) " . "VALUES ('" . $record['user_id'] . "',{$user->level}, 'rwoptions', '{$rwoptions}', {$user->createdBy}, curdate(), {$user->createdBy}, curdate())"; query_insert_one($query_string); DbUtil::switchRestore($saved_db); return true; } return false; }
if ($user_loggedin) { render_page('Registration', phtml('logged-in-reg', [], false), $script_path); } else { render_page('Registration', phtml('registration', ['script_path' => $script_path], false), $script_path); } }); map('POST', '/register', function ($conn) use(&$script_path, &$user_loggedin) { $is_error = false; $error_msg = ''; if (!empty($_POST['txtFullName']) && !empty($_POST['txtUsername']) && !empty($_POST['txtPassword']) && !empty($_POST['txtPseudoName'])) { if (strlen($_POST['txtUsername']) > 2 && $_POST['txtUsername'] != 'asthra' && $_POST['txtUsername'] != 'f**k' && $_POST['txtUsername'] != 'shit' && $_POST['txtUsername'] != 'house') { $user_fullname = process_form($conn->escape_string($_POST['txtFullName']), 's'); $pseudoname = process_form($conn->escape_string($_POST['txtPseudoName']), 's'); $username = process_form($conn->escape_string($_POST['txtUsername'])); $pswd = sha1(process_form($conn->escape_string($_POST['txtPassword']))); if (!check_user_exists($username)) { $pwdsetz = rand(0, 5); $query = "INSERT INTO " . USER_TABLE . " " . "(user_name, user_pswd, user_pseudoname, user_fullname, user_pwdset) VALUES " . "('" . $username . "', '" . $pswd . "', '" . $pseudoname . "', '" . $user_fullname . "', " . $pwdsetz . ")"; $result = $conn->query($query) or die($conn->error); if ($conn->affected_rows == 1) { render_page('Registration', phtml('registration-success', ['username' => $username], false), $script_path); } else { msg_die('Something went, not wrong, but not right either', 'D'); } } else { $is_error = true; $error_msg = 'Username Already Exists. Please choose another one'; } } else { $is_error = true; $error_msg = 'Invalid Username! (needs atleast 3 characters and CANNOT be "house")';
<?php # # Adds a new lab user account to DB # Called via Ajax from lab_user_new.php # include "../includes/db_lib.php"; $saved_session = SessionUtil::save(); $user_list = $_REQUEST['userlist']; $user_list_arr = explode(',', $user_list); $error_flag = 0; $msg = ""; for ($i = 0; $i <= count($user_list_arr); $i++) { if (check_user_exists($user_list_arr[$i])) { $error_flag = 1; $msg .= $user_list_arr[$i] . ","; } } if ($error_flag == 1) { $msg = rtrim($msg, ','); $msg = "The following username(s) are already taken. Please try a different value - " . $msg; } else { $msg = "success"; } echo $msg; SessionUtil::restore($saved_session);
} else { if (empty($last_name)) { $_SESSION['add_user_error'] = "Please enter the users surname."; header('Location: ../add_user_gui.php'); } else { if (empty($email)) { $_SESSION['add_user_error'] = "Please enter the users email."; header('Location: ../add_user_gui.php'); } else { if (empty($phone_number)) { $_SESSION['add_user_error'] = "Please enter the users contact number."; header('Location: ../add_user_gui.php'); } else { if (empty($gender)) { $_SESSION['add_user_error'] = "Please enter the users gender."; header('Location: ../add_user_gui.php'); } else { if (empty($access_level)) { $_SESSION['add_user_error'] = "Please enter the users user type."; header('Location: ../add_user_gui.php'); } } } } } } } $new_user = new User($student_id, $first_name, $last_name, $email, $phone_number, $gpa, $gender, $access_level); $new_user . check_user_exists($DB_con); $new_user . add_user($DB_con); }
{ $u_handler =& xoonips_getormhandler('xoonips', 'xoops_users'); $criteria = new Criteria('uname', addslashes($uname)); $u_count = $u_handler->getCount($criteria); if ($u_count != 0) { xoops_cp_header(); echo 'User name ' . $uname . ' already exists'; xoops_cp_footer(); exit; } } // check variables check_variables($vals); // check user exists if ($uid == 0) { check_user_exists($vals['xoops']['uname']); } // update db values // >> xoops user information $u_handler =& xoonips_getormhandler('xoonips', 'xoops_users'); if ($uid == 0) { $u_obj =& $u_handler->create(); } else { $u_obj =& $u_handler->get($uid); } if (!is_object($u_obj)) { redirect_header($xoonips_admin['mypage_url'], 3, _AM_XOONIPS_MSG_UNEXPECTED_ERROR); exit; } foreach ($vals['xoops'] as $key => $val) { $u_obj->set($key, $val);