<div id="centredDiv">
<h2>Create New User</h2>
<?php
if (isset($_SESSION['user']) && $_SESSION['user'] != '') {
// Check if user is logged in
if (isset($_SESSION['type']) && $_SESSION['type'] == 3) {
// Check if user can create other users
$errors = array();
// Check if register values are set. If false, user has opened page the first time
if (isset($_POST["email"]) && isset($_POST["pass"]) && isset($_POST["cnfrmPass"]) && isset($_POST["fname"]) && isset($_POST["lname"]) && isset($_POST["type"])) {
require $relative . 'data/php/user/validate.inc';
validate_email($errors, $_POST['email']);
validate_and_confirm_pass($errors, $_POST["pass"], $_POST["cnfrmPass"]);
validate_name($errors, $_POST["fname"], 'fname', 'a valid first name');
validate_name($errors, $_POST["mnames"], 'mnames', 'valid middle name(s)');
validate_name($errors, $_POST["lname"], 'lname', 'a valid last name');
validate_phone($errors, $_POST["phone"]);
if (!isset($_POST['type']) || $_POST['type'] == '') {
$errors['type'] = 'Please select a user type';
}
if (!isset($errors['email']) && !isset($errors['pass']) && !isset($errors['cnfrmPass']) && !isset($errors['fname']) && !isset($errors['mnames']) && !isset($errors['lname']) && !isset($errors['phone']) && !isset($errors['type'])) {
// No errors, form is valid
$password = $_POST["pass"];
$salt = uniqid();
// Check if email exists in user table
require $relative . 'data/php/database/pdo.inc';
$email = trim($_POST["email"]);
$fname = trim($_POST["fname"]);
$mnames = trim($_POST['mnames']);
$lname = trim($_POST["lname"]);
$phone = trim($_POST['phone']);
setcookie('edituser', $selectuser, time() + 3600);
}
// the conditional below validates that the form
// was really submitted.
if (isset($_POST['edituser'])) {
$selectuser = $_COOKIE['edituser'];
//validate form and add to the DB
//if validation is successful
if (!validate_name(htmlspecialchars($_POST['firstname']))) {
error_message("Check entry for first name<br/>");
$valid_fname = 0;
} else {
$firstname = htmlspecialchars($_POST['firstname']);
$valid_fname = 1;
}
if (!validate_name(htmlspecialchars($_POST['lastname']))) {
error_message("Check entry for last name<br/>");
$valid_lname = 0;
} else {
$lastname = htmlspecialchars($_POST['lastname']);
$valid_lname = 1;
}
if (!validate_text(0, htmlspecialchars($_POST['logonName']))) {
error_message("Check entry for Logon Username<br/>");
$valid_logonName = 0;
} else {
$logonName = htmlspecialchars($_POST['logonName']);
$valid_logonName = 1;
}
if (!empty($_POST['password'])) {
if ($_POST['password'] != $_POST['confirmpassword']) {
/**
* Validates the comment.
*/
private function validate()
{
$this->errors = array();
// Validate values.
if (!validate_name($this->user)) {
$this->errors['name'] = TRUE;
}
if (!validate_url($this->website)) {
$this->errors['website'] = TRUE;
}
if (!validate_email($this->email)) {
$this->errors['email'] = TRUE;
}
if (count($this->errors) == 0) {
$this->is_valid = TRUE;
}
}
public function config_site()
{
global $LANG;
if (empty($_SESSION['step4'])) {
if (!empty($_SESSION['step3']) && is_file(PH7_ROOT_PUBLIC . '_constants.php')) {
session_regenerate_id(true);
if (empty($_SESSION['val'])) {
$_SESSION['val']['site_name'] = 'My Own Social/Dating Site!';
$_SESSION['val']['admin_login_email'] = '';
$_SESSION['val']['admin_email'] = '';
$_SESSION['val']['admin_feedback_email'] = '';
$_SESSION['val']['admin_return_email'] = '';
$_SESSION['val']['admin_username'] = '******';
$_SESSION['val']['admin_first_name'] = '';
$_SESSION['val']['admin_last_name'] = '';
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['config_site_submit'])) {
if (filled_out($_POST)) {
foreach ($_POST as $sKey => $sVal) {
$_SESSION['val'][$sKey] = trim($sVal);
}
if (validate_email($_SESSION['val']['admin_login_email']) && validate_email($_SESSION['val']['admin_email']) && validate_email($_SESSION['val']['admin_feedback_email']) && validate_email($_SESSION['val']['admin_return_email'])) {
if (validate_username($_SESSION['val']['admin_username']) == 0) {
if (validate_password($_SESSION['val']['admin_password']) == 0) {
if (validate_identical($_SESSION['val']['admin_password'], $_SESSION['val']['admin_passwords'])) {
if (!find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_username']) && !find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_first_name']) && !find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_last_name'])) {
if (validate_name($_SESSION['val']['admin_first_name'])) {
if (validate_name($_SESSION['val']['admin_last_name'])) {
@(require_once PH7_ROOT_PUBLIC . '_constants.php');
@(require_once PH7_PATH_APP . 'configs/constants.php');
require PH7_PATH_FRAMEWORK . 'Loader/Autoloader.php';
// To load "Security" class.
Framework\Loader\Autoloader::getInstance()->init();
try {
require_once PH7_ROOT_INSTALL . 'inc/_db_connect.inc.php';
// SQL EXECUTE
$oSqlQuery = $DB->prepare('INSERT INTO ' . $_SESSION['db']['prefix'] . 'Admins
(profileId , username, password, email, firstName, lastName, joinDate, lastActivity, ip)
VALUES (1, :username, :password, :email, :firstName, :lastName, :joinDate, :lastActivity, :ip)');
$sCurrentDate = date('Y-m-d H:i:s');
$oSqlQuery->execute(array('username' => $_SESSION['val']['admin_username'], 'password' => Framework\Security\Security::hashPwd($_SESSION['val']['admin_password']), 'email' => $_SESSION['val']['admin_login_email'], 'firstName' => $_SESSION['val']['admin_first_name'], 'lastName' => $_SESSION['val']['admin_last_name'], 'joinDate' => $sCurrentDate, 'lastActivity' => $sCurrentDate, 'ip' => client_ip()));
$oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :siteName WHERE name = \'siteName\'');
$oSqlQuery->execute(array('siteName' => $_SESSION['val']['site_name']));
$oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :adminEmail WHERE name = \'adminEmail\'');
$oSqlQuery->execute(array('adminEmail' => $_SESSION['val']['admin_email']));
$oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :feedbackEmail WHERE name = \'feedbackEmail\'');
$oSqlQuery->execute(array('feedbackEmail' => $_SESSION['val']['admin_feedback_email']));
$oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :returnEmail WHERE name = \'returnEmail\'');
$oSqlQuery->execute(array('returnEmail' => $_SESSION['val']['admin_return_email']));
// We finalise by putting the correct permission to the config files
$this->_chmodConfigFiles();
$_SESSION['step4'] = 1;
redirect(PH7_URL_SLUG_INSTALL . 'service');
} catch (\PDOException $oE) {
$aErrors[] = $LANG['database_error'] . escape($oE->getMessage());
}
} else {
$aErrors[] = $LANG['bad_last_name'];
}
} else {
$aErrors[] = $LANG['bad_first_name'];
}
} else {
$aErrors[] = $LANG['insecure_password'];
}
} else {
$aErrors[] = $LANG['passwords_different'];
}
} elseif (validate_password($_SESSION['val']['admin_password']) == 1) {
$aErrors[] = $LANG['password_too_short'];
} elseif (validate_password($_SESSION['val']['admin_password']) == 2) {
$aErrors[] = $LANG['password_too_long'];
} elseif (validate_password($_SESSION['val']['admin_password']) == 3) {
$aErrors[] = $LANG['password_no_number'];
} elseif (validate_password($_SESSION['val']['admin_password']) == 4) {
$aErrors[] = $LANG['password_no_upper'];
}
} elseif (validate_username($_SESSION['val']['admin_username']) == 1) {
$aErrors[] = $LANG['username_too_short'];
} elseif (validate_username($_SESSION['val']['admin_username']) == 2) {
$aErrors[] = $LANG['username_too_long'];
} elseif (validate_username($_SESSION['val']['admin_username']) == 3) {
$aErrors[] = $LANG['bad_username'];
}
} else {
$aErrors[] = $LANG['bad_email'];
}
} else {
$aErrors[] = $LANG['all_fields_mandatory'];
}
}
} else {
redirect(PH7_URL_SLUG_INSTALL . 'config_system');
}
} else {
redirect(PH7_URL_SLUG_INSTALL . 'service');
}
$this->oView->assign('sept_number', 4);
$this->oView->assign('errors', @$aErrors);
unset($aErrors);
$this->oView->display('config_site.tpl');
}
* workshop and some code inspired from PHP manual and W3SCHOOL
*
*
* This page allow a new user to register
*
-->
<?php
session_start();
require_once "utilities/functions.php";
//new array error_messages declared
$error_messages = array();
//returning either error message or validated details
if (isset($_POST['submit'])) {
$error_messages_username = validate_userName($_POST['username']);
$error_messages_name = validate_name($_POST['fullname']);
$error_messages_email = validate_email($_POST['email']);
$error_messages_password = validate_password($_POST['password']);
//if error_messages is empty, a member is registered and go to the index page
if (!returns_array($error_messages_username, $error_messages_name, $error_messages_email, $error_messages_password)) {
register($error_messages_username, $error_messages_name, $error_messages_email, $error_messages_password);
header('location:index.php?message="You are registered as a member"');
exit;
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
}
// Check if user is online
if ($player['online'] == 1) {
$errors[] = 'Character must be offline first.';
}
// Check if player has bough ticket
$accountId = $player['account_id'];
$order = mysql_select_single("SELECT `id`, `account_id` FROM `znote_shop_orders` WHERE `type`='4' AND `account_id` = '{$accountId}' LIMIT 1;");
if ($order === false) {
$errors[] = 'Did not find any name change tickets, buy them in our <a href="shop.php">shop!</a>';
}
// Check if player and account matches
if ($session_user_id != $accountId || $session_user_id != $order['account_id']) {
$errors[] = 'Failed to sync your account. :|';
}
$newname = validate_name($newname);
if ($newname === false) {
$errors[] = 'Your name can not contain more than 2 words.';
} else {
if (empty($newname)) {
$errors[] = 'Please enter a name!';
} else {
if (user_character_exist($newname) !== false) {
$errors[] = 'Sorry, that character name already exist.';
} else {
if (!preg_match("/^[a-zA-Z_ ]+\$/", $newname)) {
$errors[] = 'Your name may only contain a-z, A-Z and spaces.';
} else {
if (strlen($newname) < $config['minL'] || strlen($newname) > $config['maxL']) {
$errors[] = 'Your character name must be between ' . $config['minL'] . ' - ' . $config['maxL'] . ' characters long.';
} else {
function rr_set_warnings($soa, $rr, &$widget, &$widget_text)
{
global $rr_table_name, $ignore_minimum_ttl;
$glue = NULL;
if ($widget) {
return;
}
$errors = array();
/* Make sure the RR has some data */
if (!strlen($rr['data'])) {
$widget = "ErrorSmall.png";
$widget_text = "This resource record does not have any data associated with it.";
return;
}
/* Check 'name' data */
if (validate_name($rr['name'], "Name", $errors, 1, $soa['origin'])) {
$widget = "ErrorSmall.png";
$widget_text = $errors[0];
return;
}
/* Check for "probably a missing dot" on data and name. */
if (rr_looks_incomplete($rr['data'])) {
$widget = "WarnSmall.png";
$widget_text = "The data associated with this resource record looks incomplete." . " Does the data need a dot at the end?";
}
if (rr_looks_incomplete($rr['name'])) {
$widget = "WarnSmall.png";
$widget_text = "The name associated with this resource record looks incomplete." . " Does the name need a dot at the end?";
}
/* Set $fqdn_name and $fqdn_data */
$fqdn_name = !strlen($rr['name']) ? $soa['origin'] : (ends_with_dot($rr['name']) ? $rr['name'] : $rr['name'] . "." . $soa['origin']);
$fqdn_data = !strlen($rr['data']) ? $soa['origin'] : (ends_with_dot($rr['data']) ? $rr['data'] : $rr['data'] . "." . $soa['origin']);
/* Is the 'name' out of zone? */
if (strcasecmp($soa['origin'], substr($fqdn_name, strlen($fqdn_name) - strlen($soa['origin'])))) {
/* See if this is DEFINITELY glue from a delegation */
if (sql_count("SELECT COUNT(*) FROM {$rr_table_name} WHERE zone=" . (int) $soa['id'] . " AND type='NS' AND data='" . esc($fqdn_name) . "'", "delegation records for glue detection")) {
$glue = 1;
} else {
$widget = "WarnSmall.png";
$widget_text = "Record contains out-of-zone name.";
return;
}
}
/* Warn against bad TTL */
if (!$ignore_minimum_ttl && !$widget && $rr['ttl'] < $soa['minimum']) {
$widget = "WarnSmall.png";
$widget_text = "TTL for this record is below the zone's minimum.";
return;
}
/* Type-specific data checks */
if (rr_validate_type($soa, $rr, $errors)) {
$widget = "ErrorSmall.png";
$widget_text = $errors[0];
return;
}
/* If this record was glue, report it as info */
if ($glue) {
$widget = "InfoSmall.png";
$widget_text = "This record appears to be glue.";
return;
}
}
include 'layout/overall/header.php';
if (empty($_POST) === false) {
// $_POST['']
$required_fields = array('name', 'selected_town');
foreach ($_POST as $key => $value) {
if (empty($value) && in_array($key, $required_fields) === true) {
$errors[] = 'You need to fill in all fields.';
break 1;
}
}
// check errors (= user exist, pass long enough
if (empty($errors) === true) {
if (!Token::isValid($_POST['token'])) {
$errors[] = 'Token is invalid.';
}
$_POST['name'] = validate_name($_POST['name']);
if ($_POST['name'] === false) {
$errors[] = 'Your name can not contain more than 2 words.';
} else {
if (user_character_exist($_POST['name']) !== false) {
$errors[] = 'Sorry, that character name already exist.';
}
if (!preg_match("/^[a-zA-Z_ ]+\$/", $_POST['name'])) {
$errors[] = 'Your name may only contain a-z, A-Z and spaces.';
}
if (strlen($_POST['name']) < $config['minL'] || strlen($_POST['name']) > $config['maxL']) {
$errors[] = 'Your character name must be between 4 - 20 characters long.';
}
// name restriction
$resname = explode(" ", $_POST['name']);
foreach ($resname as $res) {
function process_form()
{
// INITIAL DATA FETCHING
global $name, $email, $grade;
// so that the show_form function can use these values later
$name = htmlentities(ucwords(trim($_POST['name'])));
$name = preg_replace('/\\s\\s+/', ' ', $name);
$name = preg_replace('/\\-+/', '-', $name);
$email = htmlentities($_POST['email']);
$grade = $_POST['grade'];
$name_msg = validate_name($name);
if ($name_msg !== true) {
show_form($name_msg, 'name');
}
$grade_msg = validate_grade($grade);
if ($grade_msg !== true) {
show_form($grade_msg, 'grade');
}
$recaptcha_msg = validate_recaptcha();
if ($recaptcha_msg !== true) {
show_form($recaptcha_msg, 'recaptcha_response_field');
}
$email_msg = validate_email($email);
if ($email_msg !== true) {
show_form($email_msg, 'email');
}
// ** All information has been validated at this point **
// Create database entry
DB::insert('individuals', array('name' => $name, 'grade' => $grade, 'email' => $email));
$id = DB::insertId();
//Get AUTO_INCREMENT id
// Start outputting the top part of the page, to make it seem responsive while we send the email
lmt_page_header('Individual Registration');
// Send the email
$lmt_year = htmlentities(map_value('year'));
$lmt_date = htmlentities(map_value('date'));
$cost = htmlentities(map_value('indiv_cost'));
$url = get_site_url() . '/LMT';
global $LMT_EMAIL;
$subject = "LMT {$lmt_year} Registration Receipt";
$body = <<<HEREDOC
Hi {$name},
You have successfully registered as an individual for LMT {$lmt_year}!
[b]Please print out this email and bring it to the competition
along with the registration fee of {$cost}[/b].
Date: [b]{$lmt_date}[/b]
Location: Lexington High School [url]http://www.lhsmath.org/LMT/Location[/url]
If you have any questions, please contact us at [email]{$LMT_EMAIL}[/email].
______________________________________________________________
Registration: [b]Individual[/b]
ID: [b]{$id}[/b]
Name: [b]{$name}[/b]
Email: [b]{$email}[/b]
Grade: [b]{$grade}[/b]
______________________________________________________________
HEREDOC;
lmt_send_email(array($email => $name), $subject, $body);
// Show the post-registration message
echo <<<HEREDOC
<h1>Individual Registration</h1>
<div class="text-centered">
You have successfully registered for LMT {$lmt_year}! An email has been sent with more information.
</div>
HEREDOC;
}
/**
* Create player.
*
* @param none
* @access public
* @return bool $status
**/
public function create()
{
// If player already have an id, the player already exist.
if (is_null($this->_playerdata['id']) && is_string($this->_playerdata['name'])) {
// Confirm player does not exist
$name = format_character_name($this->_playerdata['name']);
$name = validate_name($name);
$name = sanitize($name);
$exist = mysql_select_single("SELECT `id` FROM `players` WHERE `name`='{$name}' LIMIT 1;");
if ($exist !== false) {
$this->errors[] = "A player with the name [{$name}] already exist.";
return false;
}
$config = fullConfig();
if (user_character_exist($_POST['name']) !== false) {
$errors[] = 'Sorry, that character name already exist.';
}
if (!preg_match("/^[a-zA-Z_ ]+\$/", $_POST['name'])) {
$errors[] = 'Your name may only contain a-z, A-Z and spaces.';
}
if (strlen($_POST['name']) < $config['minL'] || strlen($_POST['name']) > $config['maxL']) {
$errors[] = 'Your character name must be between ' . $config['minL'] . ' - ' . $config['maxL'] . ' characters long.';
}
// name restriction
$resname = explode(" ", $_POST['name']);
foreach ($resname as $res) {
if (in_array(strtolower($res), $config['invalidNameTags'])) {
$errors[] = 'Your username contains a restricted word.';
} else {
if (strlen($res) == 1) {
$errors[] = 'Too short words in your name.';
}
}
}
// Validate vocation id
if (!in_array((int) $_POST['selected_vocation'], $config['available_vocations'])) {
$errors[] = 'Permission Denied. Wrong vocation.';
}
// Validate town id
if (!in_array((int) $_POST['selected_town'], $config['available_towns'])) {
$errors[] = 'Permission Denied. Wrong town.';
}
// Validate gender id
if (!in_array((int) $_POST['selected_gender'], array(0, 1))) {
$errors[] = 'Permission Denied. Wrong gender.';
}
if (vocation_id_to_name($_POST['selected_vocation']) === false) {
$errors[] = 'Failed to recognize that vocation, does it exist?';
}
if (town_id_to_name($_POST['selected_town']) === false) {
$errors[] = 'Failed to recognize that town, does it exist?';
}
if (gender_exist($_POST['selected_gender']) === false) {
$errors[] = 'Failed to recognize that gender, does it exist?';
}
// Char count
$char_count = user_character_list_count($session_user_id);
if ($char_count >= $config['max_characters']) {
$errors[] = 'Your account is not allowed to have more than ' . $config['max_characters'] . ' characters.';
}
if (validate_ip(getIP()) === false && $config['validate_IP'] === true) {
$errors[] = 'Failed to recognize your IP address. (Not a valid IPv4 address).';
}
echo "create player";
// Make sure all neccesary values are set
//Register
$character_data = array('name' => format_character_name($_POST['name']), 'account_id' => $session_user_id, 'vocation' => $_POST['selected_vocation'], 'town_id' => $_POST['selected_town'], 'sex' => $_POST['selected_gender'], 'lastip' => ip2long(getIP()), 'created' => time());
array_walk($character_data, 'array_sanitize');
$cnf = fullConfig();
if ($character_data['sex'] == 1) {
$outfit_type = $cnf['maleOutfitId'];
} else {
$outfit_type = $cnf['femaleOutfitId'];
}
// Create the player
} else {
echo "Player already exist.";
return false;
}
}
