//<ADD>
if (isset($_POST['nacl'])) {
if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) {
//authentication verified, continue.
$user_login = $db->escape($_POST['user_login']);
$user_email = $db->escape($_POST['user_email']);
//check email exists
$num = $db->get_var("select count(user_email) from site_users where (user_email = '{$user_email}');");
if ($num > 0) {
echo "<div class='alert alert-danger'><strong>Error:</strong> that email address is already in use.</div>";
include "ncl/footer.php";
exit;
}
//password function here
if (strlen($_POST['user_password']) > 4) {
$user_password = makepwd(trim($db->escape($_POST['user_password'])));
} else {
echo "<div class='alert alert-danger'><strong>Error:</strong> password to short.</div>";
include "ncl/footer.php";
exit;
}
$user_name = $db->escape($_POST['user_name']);
$user_phone = $db->escape($_POST['user_phone']);
$user_address = $db->escape($_POST['user_address']);
$user_city = $db->escape($_POST['user_city']);
$user_state = $db->escape($_POST['user_state']);
$user_zip = $db->escape($_POST['user_zip']);
$user_country = $db->escape($_POST['user_country']);
$db->query("INSERT INTO site_users(user_login,user_email,user_password,user_name,user_phone,user_address,user_city,user_state,user_zip,user_country,user_level,user_status)VALUES('{$user_login}','{$user_email}','{$user_password}','{$user_name}','{$user_phone}','{$user_address}','{$user_city}','{$user_state}','{$user_zip}','{$user_country}',1,1);");
//$db->debug();
$actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 250px;\">\n <button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button>\n User Added.\n </div>";
//if STEP 2 of the process
if (isset($_GET['action'])) {
$action = $db->escape($_GET['action']);
$key = $db->escape($_GET['key']);
//check if action is to reset password and that the key is not blank.
if ($action == "rp") {
if (!empty($key)) {
$myquery = "SELECT user_id,user_email FROM site_users WHERE user_im_other = '{$key}' limit 1;";
$resets = $db->get_row($myquery);
// if a record is returned then continue
if ($db->num_rows == 1) {
$user_email = $resets->user_email;
$user_id = $resets->user_id;
//generage a new password, set resetcode to blank so link cannot be used again.
$user_password_plain = generatePassword(8, 9);
$user_password = makepwd(trim($db->escape($user_password_plain)));
//update the password in the database.
$db->query("UPDATE site_users set user_password = '******',user_im_other = '' WHERE user_id = {$user_id} limit 1;");
//send out the message
$from = FROM_EMAIL;
$to = $user_email;
$subject = 'Your new password';
// message
$message = '
<html>
<body>
<p>HelpDesk New Password</p>
<p>Email: ' . $user_email . '</p>
<p>Password: '******'</p>
</body>
</html>
echo "<input type=\"hidden\" name=\"return\" value=\"a=taskdetail&task={$task}\">";
echo "<input type=\"hidden\" name=\"chunk\" value=\"{$id}\">";
echo "<input type=\"submit\" value=\"Abort\"></form>";
}
echo "</td></tr>";
}
}
echo "</table>";
break;
case "config":
// show/update server config
echo "Server configuration:<br>";
if (isset($_POST["password"])) {
$pwd = $_POST["password"];
if (strlen($pwd) > 0) {
$mpwd = makepwd($pwd);
mysqli_query_wrapper($dblink, "INSERT INTO config (item, value) VALUES ('password','{$mpwd}') ON DUPLICATE KEY UPDATE value='{$mpwd}'");
echo "New password set.";
}
break;
}
if (isset($_POST["setconfig"])) {
foreach ($_POST as $item => $val) {
if (substr($item, 0, 7) == "config_") {
$item = substr($item, 7);
mysqli_query_wrapper($dblink, "INSERT INTO config (item, value) VALUES ('{$item}','" . mysqli_real_escape_string($dblink, $val) . "') ON DUPLICATE KEY UPDATE value='" . mysqli_real_escape_string($dblink, $val) . "'");
}
}
echo "Configured server variables.";
break;
}
include "includes/footer.php";
exit;
}
//check if login name is unique.
$num = $db->get_var("select count(user_login) from site_users where user_login = '******';");
if ($num > 0) {
echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">That login name has already registered.</div>";
include "includes/footer.php";
exit;
}
//PASSWORD FIELD
$password = $db->escape(trim(strip_tags($_POST['password'])));
if ($password) {
$passwordlength = strlen($password);
if ($passwordlength >= 5) {
$user_password = makepwd(trim($db->escape($password)));
} else {
echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">Password must be at least 5 characters.</div>";
include "includes/footer.php";
exit;
}
}
//pending
if (REGISTER_APPROVAL == "yes") {
$user_pending = 1;
} else {
$user_pending = 0;
}
//user_msg_send
$user_msg_send = 1;
$query = "INSERT into site_users(user_login,user_email,user_name,user_password,last_ip,user_status,user_level,user_pending,user_msg_send)VALUES('{$login}','{$email}','{$name}','{$user_password}','{$ip}',1,1,{$user_pending},{$user_msg_send});";
