Ejemplo n.º 1
0
 public static function add_user($opt = array())
 {
     global $db, $LANG;
     if (!ab_to(array('users' => 'add'))) {
         return false;
     }
     $opt = \site\utils::array_map_recursive('trim', $opt);
     if (empty($opt['name']) || empty($opt['email']) || empty($opt['password'])) {
         return false;
     }
     $stmt = $db->stmt_init();
     $stmt->prepare("INSERT INTO " . DB_TABLE_PREFIX . "users (name, email, password, avatar, points, credits, privileges, erole, subscriber, valid, date) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())");
     $avatar = \site\images::upload(@$_FILES['logo'], 'avatar_', array('path' => DIR . '/', 'max_size' => 1024, 'max_width' => 500, 'max_height' => 600, 'current' => ''));
     $password = md5($opt['password']);
     $stmt->bind_param("ssssiiisii", $opt['name'], $opt['email'], $password, $avatar, $opt['points'], $opt['credits'], $opt['privileges'], @serialize($opt['erole']), $opt['subscriber'], $opt['confirm']);
     if ($stmt->execute()) {
         if (!$opt['confirm']) {
             $stmt->prepare("SELECT id FROM " . DB_TABLE_PREFIX . "users WHERE email = ?");
             $stmt->bind_param("s", $opt['email']);
             $stmt->execute();
             $stmt->bind_result($id);
             $stmt->fetch();
             $stmt->close();
             $cofirm_session = md5(\site\utils::str_random(15));
             if (\user\mail_sessions::insert('confirmation', array('user' => $id, 'session' => $cofirm_session))) {
                 \site\mail::send($opt['email'], $LANG['email_acc_title'] . ' - ' . \query\main::get_option('sitename'), array('template' => 'account_confirmation', 'path' => '../'), array('hello_name' => sprintf($LANG['email_text_hello'], $opt['name']), 'confirmation_main_text' => $LANG['email_acc_maintext'], 'confirmation_button' => $LANG['email_acc_button'], 'link' => \site\utils::update_uri($GLOBALS['siteURL'] . 'verify.php', array('user' => $id, 'token' => $cofirm_session))));
             }
         }
         return true;
     }
     $stmt->close();
     return false;
 }
Ejemplo n.º 2
0
<h2>' . $LANG['users_add_title'] . '</h2>

<div style="float:right; margin: 0 2px 0 0;">
<a href="?route=users.php&amp;action=list" class="btn">' . $LANG['users_view'] . '</a>
</div>';
        if (!empty($LANG['users_add_subtitle'])) {
            echo '<span>' . $LANG['users_add_subtitle'] . '</span>';
        }
        echo '</div>';
        if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'users_csrf')) {
            if (isset($_POST['name']) && isset($_POST['email']) && isset($_POST['password']) && isset($_POST['points']) && (!$GLOBALS['me']->is_admin || isset($_POST['privileges']) && in_array($_POST['privileges'], array(0, 1, 2)))) {
                if (actions::add_user(array('name' => $_POST['name'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'points' => $_POST['points'], 'credits' => $GLOBALS['me']->is_admin && isset($_POST['credits']) ? $_POST['credits'] : 0, 'privileges' => $GLOBALS['me']->is_admin ? $_POST['privileges'] : '', 'erole' => $GLOBALS['me']->is_admin ? isset($_POST['erole']) && (int) $_POST['privileges'] === 1 ? $_POST['erole'] : '' : '', 'subscriber' => isset($_POST['subscriber']) ? 1 : 0, 'confirm' => isset($_POST['confirm']) ? 1 : 0))) {
                    echo '<div class="a-success">' . $LANG['msg_added'] . '</div>';
                    if (isset($_POST['send_copy'])) {
                        \site\mail::send($_POST['email'], $LANG['email_ac_title'] . ' - ' . \query\main::get_option('sitename'), array('template' => 'account_creation', 'path' => '../'), array('ac_main_text' => sprintf($LANG['email_ac_maintext'], \query\main::get_option('sitename')), 'form_email' => $LANG['email_ac_email'], 'form_password' => $LANG['email_ac_password'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'link' => \query\main::get_option('siteurl')));
                    }
                } else {
                    echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
                }
            }
        }
        $csrf = $_SESSION['users_csrf'] = \site\utils::str_random(10);
        echo '<div class="form-table">

<form action="#" method="POST" enctype="multipart/form-data" autocomplete="off">

<div class="row"><span>' . $LANG['form_name'] . ':</span><div><input type="text" name="name" value="" /></div></div>
<div class="row"><span>' . $LANG['form_email'] . ':</span><div><input type="email" name="email" value="" /></div></div>
<div class="row"><div><input type="checkbox" name="send_copy" id="send_copy" checked /> <label for="send_copy">' . $LANG['msg_sendcacc'] . '</label></div></div>
<div class="row"><span>' . $LANG['form_password'] . ':</span><div><input type="password" name="password" value="" /></div></div>
Ejemplo n.º 3
0
 public static function send_contact($post)
 {
     global $db, $LANG;
     if (empty($post['name'])) {
         throw new \Exception($LANG['sendcontact_complete_name']);
     } else {
         if (!isset($post['email']) || !filter_var($post['email'], FILTER_VALIDATE_EMAIL)) {
             throw new \Exception($LANG['sendcontact_usevalide']);
         } else {
             if (!isset($post['message']) || strlen($post['message']) < 10) {
                 throw new \Exception($LANG['sendcontact_writemsg']);
             } else {
                 // send email
                 if (\site\mail::send(\query\main::get_option('email_contact'), $LANG['email_sec_title'] . ' - ' . \query\main::get_option('sitename'), array('template' => 'contact_form', 'reply_name' => $post['name'], 'reply_to' => $post['email']), array('name' => $LANG['email_sec_name'], 'c_name' => $post['name'], 'email' => $LANG['email_sec_email'], 'c_email' => $post['email'], 'c_msg' => $post['message']))) {
                     return true;
                 }
                 throw new \Exception($LANG['msg_error']);
             }
         }
     }
 }