public function execute() { // Check if logged in user has enough permissions to run command $authenticationCenter = LTAuthenticationCenter::sharedCenter(); if (!$authenticationCenter->validate() || 1 > LTAuthenticationCenter::user()->level()) { throw new Exception('You do not have permissions to execute this command'); } $title = strtolower(trim(strip_tags(urldecode(stripslashes($_POST['title']))))); $body = strtolower(trim(strip_tags(urldecode(stripslashes($_POST['body']))))); // Test Title // Test Body $db = new LTMySQL(); $db->connect(LTRWDBConfig::HOST, LTRWDBConfig::USER, LTRWDBConfig::PASS); $db->selectdb(LTRWDBConfig::DB); $db->query('insert into ehead set author=\'' . LTAuthenticationCenter::user()->id() . '\',title=\'' . $title . '\',added=unix_timestamp(),edit=unix_timestamp();'); if (1 !== $db->numrows()) { throw new RuntimeException('Failed to add message. Try later.'); } // Get ID of newly created entry $id = $db->insertid(); $db->query("insert into entry set id={$id},body='{$body}';"); if (1 !== $db->numrows()) { $db->query("delete from ehead where id={$id};"); throw new RuntimeException('Failed to add message. Try later.'); } return new LTJsonMessage('Entry was successfully added.'); }
@(include_once TLDIR_INDEX . '/php/LTMySQL.php'); $pass = trim(strip_tags(urldecode(stripslashes($_GET['pass'])))); try { if (!preg_match('/[a-z0-9]{32}/', $pass)) { throw new RuntimeException('Invalid PASS.'); } $mysql = new LTMySQL(); if (!$mysql->connect(LTRWDBConfig::HOST, LTRWDBConfig::USER, LTRWDBConfig::PASS)) { throw new Exception('DB Connection Failed. Can not register user at the moment. Try later.'); } $mysql->selectdb(LTRWDBConfig::DB); $pass = mysql_real_escape_string($pass, $mysql->link()); $res = $mysql->query("select name,login,email from candidate where pass='******';"); if (!$mysql->numrows()) { throw new RuntimeException('Link is not valid any more.'); } $row = mysql_fetch_assoc($res); if (!$row) { throw new RuntimeException('Failed to find user in DB. Try to re-register.'); } $mysql->query("delete from candidate where pass='******';"); // Generate password for user. $pass = uniqid(); $mysql->query("insert into user set login='******'login']}',pass='******'\';'); $id = $mysql->insertid(); $mysql->query("insert into uinfo set id='{$id}',name='{$row['name']}',email='{$row['email']}',added=unix_timestamp();"); mail($row['email'], '[' . LTConfig::HOST . '] User registration.', $row['name'] . ",\n\nYou have successfuly registered. Your password is: {$pass}", 'From: ' . LTConfig::SUPPORT . "\r\n" . 'Reply-To: ' . LTConfig::SUPPORT); echo "You have successfuly registered with the system. An email with password is sent. You may change password once logged in. Go to User Settings section for this."; } catch (Exception $exception) { echo $exception->getMessage(); }