<div id="centredDiv"> <h2>Create New User</h2> <?php if (isset($_SESSION['user']) && $_SESSION['user'] != '') { // Check if user is logged in if (isset($_SESSION['type']) && $_SESSION['type'] == 3) { // Check if user can create other users $errors = array(); // Check if register values are set. If false, user has opened page the first time if (isset($_POST["email"]) && isset($_POST["pass"]) && isset($_POST["cnfrmPass"]) && isset($_POST["fname"]) && isset($_POST["lname"]) && isset($_POST["type"])) { require $relative . 'data/php/user/validate.inc'; validate_email($errors, $_POST['email']); validate_and_confirm_pass($errors, $_POST["pass"], $_POST["cnfrmPass"]); validate_name($errors, $_POST["fname"], 'fname', 'a valid first name'); validate_name($errors, $_POST["mnames"], 'mnames', 'valid middle name(s)'); validate_name($errors, $_POST["lname"], 'lname', 'a valid last name'); validate_phone($errors, $_POST["phone"]); if (!isset($_POST['type']) || $_POST['type'] == '') { $errors['type'] = 'Please select a user type'; } if (!isset($errors['email']) && !isset($errors['pass']) && !isset($errors['cnfrmPass']) && !isset($errors['fname']) && !isset($errors['mnames']) && !isset($errors['lname']) && !isset($errors['phone']) && !isset($errors['type'])) { // No errors, form is valid $password = $_POST["pass"]; $salt = uniqid(); // Check if email exists in user table require $relative . 'data/php/database/pdo.inc'; $email = trim($_POST["email"]); $fname = trim($_POST["fname"]); $mnames = trim($_POST['mnames']); $lname = trim($_POST["lname"]); $phone = trim($_POST['phone']);
setcookie('edituser', $selectuser, time() + 3600); } // the conditional below validates that the form // was really submitted. if (isset($_POST['edituser'])) { $selectuser = $_COOKIE['edituser']; //validate form and add to the DB //if validation is successful if (!validate_name(htmlspecialchars($_POST['firstname']))) { error_message("Check entry for first name<br/>"); $valid_fname = 0; } else { $firstname = htmlspecialchars($_POST['firstname']); $valid_fname = 1; } if (!validate_name(htmlspecialchars($_POST['lastname']))) { error_message("Check entry for last name<br/>"); $valid_lname = 0; } else { $lastname = htmlspecialchars($_POST['lastname']); $valid_lname = 1; } if (!validate_text(0, htmlspecialchars($_POST['logonName']))) { error_message("Check entry for Logon Username<br/>"); $valid_logonName = 0; } else { $logonName = htmlspecialchars($_POST['logonName']); $valid_logonName = 1; } if (!empty($_POST['password'])) { if ($_POST['password'] != $_POST['confirmpassword']) {
/** * Validates the comment. */ private function validate() { $this->errors = array(); // Validate values. if (!validate_name($this->user)) { $this->errors['name'] = TRUE; } if (!validate_url($this->website)) { $this->errors['website'] = TRUE; } if (!validate_email($this->email)) { $this->errors['email'] = TRUE; } if (count($this->errors) == 0) { $this->is_valid = TRUE; } }
public function config_site() { global $LANG; if (empty($_SESSION['step4'])) { if (!empty($_SESSION['step3']) && is_file(PH7_ROOT_PUBLIC . '_constants.php')) { session_regenerate_id(true); if (empty($_SESSION['val'])) { $_SESSION['val']['site_name'] = 'My Own Social/Dating Site!'; $_SESSION['val']['admin_login_email'] = ''; $_SESSION['val']['admin_email'] = ''; $_SESSION['val']['admin_feedback_email'] = ''; $_SESSION['val']['admin_return_email'] = ''; $_SESSION['val']['admin_username'] = '******'; $_SESSION['val']['admin_first_name'] = ''; $_SESSION['val']['admin_last_name'] = ''; } if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['config_site_submit'])) { if (filled_out($_POST)) { foreach ($_POST as $sKey => $sVal) { $_SESSION['val'][$sKey] = trim($sVal); } if (validate_email($_SESSION['val']['admin_login_email']) && validate_email($_SESSION['val']['admin_email']) && validate_email($_SESSION['val']['admin_feedback_email']) && validate_email($_SESSION['val']['admin_return_email'])) { if (validate_username($_SESSION['val']['admin_username']) == 0) { if (validate_password($_SESSION['val']['admin_password']) == 0) { if (validate_identical($_SESSION['val']['admin_password'], $_SESSION['val']['admin_passwords'])) { if (!find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_username']) && !find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_first_name']) && !find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_last_name'])) { if (validate_name($_SESSION['val']['admin_first_name'])) { if (validate_name($_SESSION['val']['admin_last_name'])) { @(require_once PH7_ROOT_PUBLIC . '_constants.php'); @(require_once PH7_PATH_APP . 'configs/constants.php'); require PH7_PATH_FRAMEWORK . 'Loader/Autoloader.php'; // To load "Security" class. Framework\Loader\Autoloader::getInstance()->init(); try { require_once PH7_ROOT_INSTALL . 'inc/_db_connect.inc.php'; // SQL EXECUTE $oSqlQuery = $DB->prepare('INSERT INTO ' . $_SESSION['db']['prefix'] . 'Admins (profileId , username, password, email, firstName, lastName, joinDate, lastActivity, ip) VALUES (1, :username, :password, :email, :firstName, :lastName, :joinDate, :lastActivity, :ip)'); $sCurrentDate = date('Y-m-d H:i:s'); $oSqlQuery->execute(array('username' => $_SESSION['val']['admin_username'], 'password' => Framework\Security\Security::hashPwd($_SESSION['val']['admin_password']), 'email' => $_SESSION['val']['admin_login_email'], 'firstName' => $_SESSION['val']['admin_first_name'], 'lastName' => $_SESSION['val']['admin_last_name'], 'joinDate' => $sCurrentDate, 'lastActivity' => $sCurrentDate, 'ip' => client_ip())); $oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :siteName WHERE name = \'siteName\''); $oSqlQuery->execute(array('siteName' => $_SESSION['val']['site_name'])); $oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :adminEmail WHERE name = \'adminEmail\''); $oSqlQuery->execute(array('adminEmail' => $_SESSION['val']['admin_email'])); $oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :feedbackEmail WHERE name = \'feedbackEmail\''); $oSqlQuery->execute(array('feedbackEmail' => $_SESSION['val']['admin_feedback_email'])); $oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :returnEmail WHERE name = \'returnEmail\''); $oSqlQuery->execute(array('returnEmail' => $_SESSION['val']['admin_return_email'])); // We finalise by putting the correct permission to the config files $this->_chmodConfigFiles(); $_SESSION['step4'] = 1; redirect(PH7_URL_SLUG_INSTALL . 'service'); } catch (\PDOException $oE) { $aErrors[] = $LANG['database_error'] . escape($oE->getMessage()); } } else { $aErrors[] = $LANG['bad_last_name']; } } else { $aErrors[] = $LANG['bad_first_name']; } } else { $aErrors[] = $LANG['insecure_password']; } } else { $aErrors[] = $LANG['passwords_different']; } } elseif (validate_password($_SESSION['val']['admin_password']) == 1) { $aErrors[] = $LANG['password_too_short']; } elseif (validate_password($_SESSION['val']['admin_password']) == 2) { $aErrors[] = $LANG['password_too_long']; } elseif (validate_password($_SESSION['val']['admin_password']) == 3) { $aErrors[] = $LANG['password_no_number']; } elseif (validate_password($_SESSION['val']['admin_password']) == 4) { $aErrors[] = $LANG['password_no_upper']; } } elseif (validate_username($_SESSION['val']['admin_username']) == 1) { $aErrors[] = $LANG['username_too_short']; } elseif (validate_username($_SESSION['val']['admin_username']) == 2) { $aErrors[] = $LANG['username_too_long']; } elseif (validate_username($_SESSION['val']['admin_username']) == 3) { $aErrors[] = $LANG['bad_username']; } } else { $aErrors[] = $LANG['bad_email']; } } else { $aErrors[] = $LANG['all_fields_mandatory']; } } } else { redirect(PH7_URL_SLUG_INSTALL . 'config_system'); } } else { redirect(PH7_URL_SLUG_INSTALL . 'service'); } $this->oView->assign('sept_number', 4); $this->oView->assign('errors', @$aErrors); unset($aErrors); $this->oView->display('config_site.tpl'); }
* workshop and some code inspired from PHP manual and W3SCHOOL * * * This page allow a new user to register * --> <?php session_start(); require_once "utilities/functions.php"; //new array error_messages declared $error_messages = array(); //returning either error message or validated details if (isset($_POST['submit'])) { $error_messages_username = validate_userName($_POST['username']); $error_messages_name = validate_name($_POST['fullname']); $error_messages_email = validate_email($_POST['email']); $error_messages_password = validate_password($_POST['password']); //if error_messages is empty, a member is registered and go to the index page if (!returns_array($error_messages_username, $error_messages_name, $error_messages_email, $error_messages_password)) { register($error_messages_username, $error_messages_name, $error_messages_email, $error_messages_password); header('location:index.php?message="You are registered as a member"'); exit; } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8">
} // Check if user is online if ($player['online'] == 1) { $errors[] = 'Character must be offline first.'; } // Check if player has bough ticket $accountId = $player['account_id']; $order = mysql_select_single("SELECT `id`, `account_id` FROM `znote_shop_orders` WHERE `type`='4' AND `account_id` = '{$accountId}' LIMIT 1;"); if ($order === false) { $errors[] = 'Did not find any name change tickets, buy them in our <a href="shop.php">shop!</a>'; } // Check if player and account matches if ($session_user_id != $accountId || $session_user_id != $order['account_id']) { $errors[] = 'Failed to sync your account. :|'; } $newname = validate_name($newname); if ($newname === false) { $errors[] = 'Your name can not contain more than 2 words.'; } else { if (empty($newname)) { $errors[] = 'Please enter a name!'; } else { if (user_character_exist($newname) !== false) { $errors[] = 'Sorry, that character name already exist.'; } else { if (!preg_match("/^[a-zA-Z_ ]+\$/", $newname)) { $errors[] = 'Your name may only contain a-z, A-Z and spaces.'; } else { if (strlen($newname) < $config['minL'] || strlen($newname) > $config['maxL']) { $errors[] = 'Your character name must be between ' . $config['minL'] . ' - ' . $config['maxL'] . ' characters long.'; } else {
function rr_set_warnings($soa, $rr, &$widget, &$widget_text) { global $rr_table_name, $ignore_minimum_ttl; $glue = NULL; if ($widget) { return; } $errors = array(); /* Make sure the RR has some data */ if (!strlen($rr['data'])) { $widget = "ErrorSmall.png"; $widget_text = "This resource record does not have any data associated with it."; return; } /* Check 'name' data */ if (validate_name($rr['name'], "Name", $errors, 1, $soa['origin'])) { $widget = "ErrorSmall.png"; $widget_text = $errors[0]; return; } /* Check for "probably a missing dot" on data and name. */ if (rr_looks_incomplete($rr['data'])) { $widget = "WarnSmall.png"; $widget_text = "The data associated with this resource record looks incomplete." . " Does the data need a dot at the end?"; } if (rr_looks_incomplete($rr['name'])) { $widget = "WarnSmall.png"; $widget_text = "The name associated with this resource record looks incomplete." . " Does the name need a dot at the end?"; } /* Set $fqdn_name and $fqdn_data */ $fqdn_name = !strlen($rr['name']) ? $soa['origin'] : (ends_with_dot($rr['name']) ? $rr['name'] : $rr['name'] . "." . $soa['origin']); $fqdn_data = !strlen($rr['data']) ? $soa['origin'] : (ends_with_dot($rr['data']) ? $rr['data'] : $rr['data'] . "." . $soa['origin']); /* Is the 'name' out of zone? */ if (strcasecmp($soa['origin'], substr($fqdn_name, strlen($fqdn_name) - strlen($soa['origin'])))) { /* See if this is DEFINITELY glue from a delegation */ if (sql_count("SELECT COUNT(*) FROM {$rr_table_name} WHERE zone=" . (int) $soa['id'] . " AND type='NS' AND data='" . esc($fqdn_name) . "'", "delegation records for glue detection")) { $glue = 1; } else { $widget = "WarnSmall.png"; $widget_text = "Record contains out-of-zone name."; return; } } /* Warn against bad TTL */ if (!$ignore_minimum_ttl && !$widget && $rr['ttl'] < $soa['minimum']) { $widget = "WarnSmall.png"; $widget_text = "TTL for this record is below the zone's minimum."; return; } /* Type-specific data checks */ if (rr_validate_type($soa, $rr, $errors)) { $widget = "ErrorSmall.png"; $widget_text = $errors[0]; return; } /* If this record was glue, report it as info */ if ($glue) { $widget = "InfoSmall.png"; $widget_text = "This record appears to be glue."; return; } }
include 'layout/overall/header.php'; if (empty($_POST) === false) { // $_POST[''] $required_fields = array('name', 'selected_town'); foreach ($_POST as $key => $value) { if (empty($value) && in_array($key, $required_fields) === true) { $errors[] = 'You need to fill in all fields.'; break 1; } } // check errors (= user exist, pass long enough if (empty($errors) === true) { if (!Token::isValid($_POST['token'])) { $errors[] = 'Token is invalid.'; } $_POST['name'] = validate_name($_POST['name']); if ($_POST['name'] === false) { $errors[] = 'Your name can not contain more than 2 words.'; } else { if (user_character_exist($_POST['name']) !== false) { $errors[] = 'Sorry, that character name already exist.'; } if (!preg_match("/^[a-zA-Z_ ]+\$/", $_POST['name'])) { $errors[] = 'Your name may only contain a-z, A-Z and spaces.'; } if (strlen($_POST['name']) < $config['minL'] || strlen($_POST['name']) > $config['maxL']) { $errors[] = 'Your character name must be between 4 - 20 characters long.'; } // name restriction $resname = explode(" ", $_POST['name']); foreach ($resname as $res) {
function process_form() { // INITIAL DATA FETCHING global $name, $email, $grade; // so that the show_form function can use these values later $name = htmlentities(ucwords(trim($_POST['name']))); $name = preg_replace('/\\s\\s+/', ' ', $name); $name = preg_replace('/\\-+/', '-', $name); $email = htmlentities($_POST['email']); $grade = $_POST['grade']; $name_msg = validate_name($name); if ($name_msg !== true) { show_form($name_msg, 'name'); } $grade_msg = validate_grade($grade); if ($grade_msg !== true) { show_form($grade_msg, 'grade'); } $recaptcha_msg = validate_recaptcha(); if ($recaptcha_msg !== true) { show_form($recaptcha_msg, 'recaptcha_response_field'); } $email_msg = validate_email($email); if ($email_msg !== true) { show_form($email_msg, 'email'); } // ** All information has been validated at this point ** // Create database entry DB::insert('individuals', array('name' => $name, 'grade' => $grade, 'email' => $email)); $id = DB::insertId(); //Get AUTO_INCREMENT id // Start outputting the top part of the page, to make it seem responsive while we send the email lmt_page_header('Individual Registration'); // Send the email $lmt_year = htmlentities(map_value('year')); $lmt_date = htmlentities(map_value('date')); $cost = htmlentities(map_value('indiv_cost')); $url = get_site_url() . '/LMT'; global $LMT_EMAIL; $subject = "LMT {$lmt_year} Registration Receipt"; $body = <<<HEREDOC Hi {$name}, You have successfully registered as an individual for LMT {$lmt_year}! [b]Please print out this email and bring it to the competition along with the registration fee of {$cost}[/b]. Date: [b]{$lmt_date}[/b] Location: Lexington High School [url]http://www.lhsmath.org/LMT/Location[/url] If you have any questions, please contact us at [email]{$LMT_EMAIL}[/email]. ______________________________________________________________ Registration: [b]Individual[/b] ID: [b]{$id}[/b] Name: [b]{$name}[/b] Email: [b]{$email}[/b] Grade: [b]{$grade}[/b] ______________________________________________________________ HEREDOC; lmt_send_email(array($email => $name), $subject, $body); // Show the post-registration message echo <<<HEREDOC <h1>Individual Registration</h1> <div class="text-centered"> You have successfully registered for LMT {$lmt_year}! An email has been sent with more information. </div> HEREDOC; }
/** * Create player. * * @param none * @access public * @return bool $status **/ public function create() { // If player already have an id, the player already exist. if (is_null($this->_playerdata['id']) && is_string($this->_playerdata['name'])) { // Confirm player does not exist $name = format_character_name($this->_playerdata['name']); $name = validate_name($name); $name = sanitize($name); $exist = mysql_select_single("SELECT `id` FROM `players` WHERE `name`='{$name}' LIMIT 1;"); if ($exist !== false) { $this->errors[] = "A player with the name [{$name}] already exist."; return false; } $config = fullConfig(); if (user_character_exist($_POST['name']) !== false) { $errors[] = 'Sorry, that character name already exist.'; } if (!preg_match("/^[a-zA-Z_ ]+\$/", $_POST['name'])) { $errors[] = 'Your name may only contain a-z, A-Z and spaces.'; } if (strlen($_POST['name']) < $config['minL'] || strlen($_POST['name']) > $config['maxL']) { $errors[] = 'Your character name must be between ' . $config['minL'] . ' - ' . $config['maxL'] . ' characters long.'; } // name restriction $resname = explode(" ", $_POST['name']); foreach ($resname as $res) { if (in_array(strtolower($res), $config['invalidNameTags'])) { $errors[] = 'Your username contains a restricted word.'; } else { if (strlen($res) == 1) { $errors[] = 'Too short words in your name.'; } } } // Validate vocation id if (!in_array((int) $_POST['selected_vocation'], $config['available_vocations'])) { $errors[] = 'Permission Denied. Wrong vocation.'; } // Validate town id if (!in_array((int) $_POST['selected_town'], $config['available_towns'])) { $errors[] = 'Permission Denied. Wrong town.'; } // Validate gender id if (!in_array((int) $_POST['selected_gender'], array(0, 1))) { $errors[] = 'Permission Denied. Wrong gender.'; } if (vocation_id_to_name($_POST['selected_vocation']) === false) { $errors[] = 'Failed to recognize that vocation, does it exist?'; } if (town_id_to_name($_POST['selected_town']) === false) { $errors[] = 'Failed to recognize that town, does it exist?'; } if (gender_exist($_POST['selected_gender']) === false) { $errors[] = 'Failed to recognize that gender, does it exist?'; } // Char count $char_count = user_character_list_count($session_user_id); if ($char_count >= $config['max_characters']) { $errors[] = 'Your account is not allowed to have more than ' . $config['max_characters'] . ' characters.'; } if (validate_ip(getIP()) === false && $config['validate_IP'] === true) { $errors[] = 'Failed to recognize your IP address. (Not a valid IPv4 address).'; } echo "create player"; // Make sure all neccesary values are set //Register $character_data = array('name' => format_character_name($_POST['name']), 'account_id' => $session_user_id, 'vocation' => $_POST['selected_vocation'], 'town_id' => $_POST['selected_town'], 'sex' => $_POST['selected_gender'], 'lastip' => ip2long(getIP()), 'created' => time()); array_walk($character_data, 'array_sanitize'); $cnf = fullConfig(); if ($character_data['sex'] == 1) { $outfit_type = $cnf['maleOutfitId']; } else { $outfit_type = $cnf['femaleOutfitId']; } // Create the player } else { echo "Player already exist."; return false; } }