//<ADD> if (isset($_POST['nacl'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $user_login = $db->escape($_POST['user_login']); $user_email = $db->escape($_POST['user_email']); //check email exists $num = $db->get_var("select count(user_email) from site_users where (user_email = '{$user_email}');"); if ($num > 0) { echo "<div class='alert alert-danger'><strong>Error:</strong> that email address is already in use.</div>"; include "ncl/footer.php"; exit; } //password function here if (strlen($_POST['user_password']) > 4) { $user_password = makepwd(trim($db->escape($_POST['user_password']))); } else { echo "<div class='alert alert-danger'><strong>Error:</strong> password to short.</div>"; include "ncl/footer.php"; exit; } $user_name = $db->escape($_POST['user_name']); $user_phone = $db->escape($_POST['user_phone']); $user_address = $db->escape($_POST['user_address']); $user_city = $db->escape($_POST['user_city']); $user_state = $db->escape($_POST['user_state']); $user_zip = $db->escape($_POST['user_zip']); $user_country = $db->escape($_POST['user_country']); $db->query("INSERT INTO site_users(user_login,user_email,user_password,user_name,user_phone,user_address,user_city,user_state,user_zip,user_country,user_level,user_status)VALUES('{$user_login}','{$user_email}','{$user_password}','{$user_name}','{$user_phone}','{$user_address}','{$user_city}','{$user_state}','{$user_zip}','{$user_country}',1,1);"); //$db->debug(); $actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 250px;\">\n <button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button>\n User Added.\n </div>";
//if STEP 2 of the process if (isset($_GET['action'])) { $action = $db->escape($_GET['action']); $key = $db->escape($_GET['key']); //check if action is to reset password and that the key is not blank. if ($action == "rp") { if (!empty($key)) { $myquery = "SELECT user_id,user_email FROM site_users WHERE user_im_other = '{$key}' limit 1;"; $resets = $db->get_row($myquery); // if a record is returned then continue if ($db->num_rows == 1) { $user_email = $resets->user_email; $user_id = $resets->user_id; //generage a new password, set resetcode to blank so link cannot be used again. $user_password_plain = generatePassword(8, 9); $user_password = makepwd(trim($db->escape($user_password_plain))); //update the password in the database. $db->query("UPDATE site_users set user_password = '******',user_im_other = '' WHERE user_id = {$user_id} limit 1;"); //send out the message $from = FROM_EMAIL; $to = $user_email; $subject = 'Your new password'; // message $message = ' <html> <body> <p>HelpDesk New Password</p> <p>Email: ' . $user_email . '</p> <p>Password: '******'</p> </body> </html>
echo "<input type=\"hidden\" name=\"return\" value=\"a=taskdetail&task={$task}\">"; echo "<input type=\"hidden\" name=\"chunk\" value=\"{$id}\">"; echo "<input type=\"submit\" value=\"Abort\"></form>"; } echo "</td></tr>"; } } echo "</table>"; break; case "config": // show/update server config echo "Server configuration:<br>"; if (isset($_POST["password"])) { $pwd = $_POST["password"]; if (strlen($pwd) > 0) { $mpwd = makepwd($pwd); mysqli_query_wrapper($dblink, "INSERT INTO config (item, value) VALUES ('password','{$mpwd}') ON DUPLICATE KEY UPDATE value='{$mpwd}'"); echo "New password set."; } break; } if (isset($_POST["setconfig"])) { foreach ($_POST as $item => $val) { if (substr($item, 0, 7) == "config_") { $item = substr($item, 7); mysqli_query_wrapper($dblink, "INSERT INTO config (item, value) VALUES ('{$item}','" . mysqli_real_escape_string($dblink, $val) . "') ON DUPLICATE KEY UPDATE value='" . mysqli_real_escape_string($dblink, $val) . "'"); } } echo "Configured server variables."; break; }
include "includes/footer.php"; exit; } //check if login name is unique. $num = $db->get_var("select count(user_login) from site_users where user_login = '******';"); if ($num > 0) { echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">That login name has already registered.</div>"; include "includes/footer.php"; exit; } //PASSWORD FIELD $password = $db->escape(trim(strip_tags($_POST['password']))); if ($password) { $passwordlength = strlen($password); if ($passwordlength >= 5) { $user_password = makepwd(trim($db->escape($password))); } else { echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">Password must be at least 5 characters.</div>"; include "includes/footer.php"; exit; } } //pending if (REGISTER_APPROVAL == "yes") { $user_pending = 1; } else { $user_pending = 0; } //user_msg_send $user_msg_send = 1; $query = "INSERT into site_users(user_login,user_email,user_name,user_password,last_ip,user_status,user_level,user_pending,user_msg_send)VALUES('{$login}','{$email}','{$name}','{$user_password}','{$ip}',1,1,{$user_pending},{$user_msg_send});";