public static function add_user($opt = array())
{
global $db, $LANG;
if (!ab_to(array('users' => 'add'))) {
return false;
}
$opt = \site\utils::array_map_recursive('trim', $opt);
if (empty($opt['name']) || empty($opt['email']) || empty($opt['password'])) {
return false;
}
$stmt = $db->stmt_init();
$stmt->prepare("INSERT INTO " . DB_TABLE_PREFIX . "users (name, email, password, avatar, points, credits, privileges, erole, subscriber, valid, date) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())");
$avatar = \site\images::upload(@$_FILES['logo'], 'avatar_', array('path' => DIR . '/', 'max_size' => 1024, 'max_width' => 500, 'max_height' => 600, 'current' => ''));
$password = md5($opt['password']);
$stmt->bind_param("ssssiiisii", $opt['name'], $opt['email'], $password, $avatar, $opt['points'], $opt['credits'], $opt['privileges'], @serialize($opt['erole']), $opt['subscriber'], $opt['confirm']);
if ($stmt->execute()) {
if (!$opt['confirm']) {
$stmt->prepare("SELECT id FROM " . DB_TABLE_PREFIX . "users WHERE email = ?");
$stmt->bind_param("s", $opt['email']);
$stmt->execute();
$stmt->bind_result($id);
$stmt->fetch();
$stmt->close();
$cofirm_session = md5(\site\utils::str_random(15));
if (\user\mail_sessions::insert('confirmation', array('user' => $id, 'session' => $cofirm_session))) {
\site\mail::send($opt['email'], $LANG['email_acc_title'] . ' - ' . \query\main::get_option('sitename'), array('template' => 'account_confirmation', 'path' => '../'), array('hello_name' => sprintf($LANG['email_text_hello'], $opt['name']), 'confirmation_main_text' => $LANG['email_acc_maintext'], 'confirmation_button' => $LANG['email_acc_button'], 'link' => \site\utils::update_uri($GLOBALS['siteURL'] . 'verify.php', array('user' => $id, 'token' => $cofirm_session))));
}
}
return true;
}
$stmt->close();
return false;
}
<h2>' . $LANG['users_add_title'] . '</h2>
<div style="float:right; margin: 0 2px 0 0;">
<a href="?route=users.php&action=list" class="btn">' . $LANG['users_view'] . '</a>
</div>';
if (!empty($LANG['users_add_subtitle'])) {
echo '<span>' . $LANG['users_add_subtitle'] . '</span>';
}
echo '</div>';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'users_csrf')) {
if (isset($_POST['name']) && isset($_POST['email']) && isset($_POST['password']) && isset($_POST['points']) && (!$GLOBALS['me']->is_admin || isset($_POST['privileges']) && in_array($_POST['privileges'], array(0, 1, 2)))) {
if (actions::add_user(array('name' => $_POST['name'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'points' => $_POST['points'], 'credits' => $GLOBALS['me']->is_admin && isset($_POST['credits']) ? $_POST['credits'] : 0, 'privileges' => $GLOBALS['me']->is_admin ? $_POST['privileges'] : '', 'erole' => $GLOBALS['me']->is_admin ? isset($_POST['erole']) && (int) $_POST['privileges'] === 1 ? $_POST['erole'] : '' : '', 'subscriber' => isset($_POST['subscriber']) ? 1 : 0, 'confirm' => isset($_POST['confirm']) ? 1 : 0))) {
echo '<div class="a-success">' . $LANG['msg_added'] . '</div>';
if (isset($_POST['send_copy'])) {
\site\mail::send($_POST['email'], $LANG['email_ac_title'] . ' - ' . \query\main::get_option('sitename'), array('template' => 'account_creation', 'path' => '../'), array('ac_main_text' => sprintf($LANG['email_ac_maintext'], \query\main::get_option('sitename')), 'form_email' => $LANG['email_ac_email'], 'form_password' => $LANG['email_ac_password'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'link' => \query\main::get_option('siteurl')));
}
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
$csrf = $_SESSION['users_csrf'] = \site\utils::str_random(10);
echo '<div class="form-table">
<form action="#" method="POST" enctype="multipart/form-data" autocomplete="off">
<div class="row"><span>' . $LANG['form_name'] . ':</span><div><input type="text" name="name" value="" /></div></div>
<div class="row"><span>' . $LANG['form_email'] . ':</span><div><input type="email" name="email" value="" /></div></div>
<div class="row"><div><input type="checkbox" name="send_copy" id="send_copy" checked /> <label for="send_copy">' . $LANG['msg_sendcacc'] . '</label></div></div>
<div class="row"><span>' . $LANG['form_password'] . ':</span><div><input type="password" name="password" value="" /></div></div>
public static function send_contact($post)
{
global $db, $LANG;
if (empty($post['name'])) {
throw new \Exception($LANG['sendcontact_complete_name']);
} else {
if (!isset($post['email']) || !filter_var($post['email'], FILTER_VALIDATE_EMAIL)) {
throw new \Exception($LANG['sendcontact_usevalide']);
} else {
if (!isset($post['message']) || strlen($post['message']) < 10) {
throw new \Exception($LANG['sendcontact_writemsg']);
} else {
// send email
if (\site\mail::send(\query\main::get_option('email_contact'), $LANG['email_sec_title'] . ' - ' . \query\main::get_option('sitename'), array('template' => 'contact_form', 'reply_name' => $post['name'], 'reply_to' => $post['email']), array('name' => $LANG['email_sec_name'], 'c_name' => $post['name'], 'email' => $LANG['email_sec_email'], 'c_email' => $post['email'], 'c_msg' => $post['message']))) {
return true;
}
throw new \Exception($LANG['msg_error']);
}
}
}
}
