public static function add_user($opt = array()) { global $db, $LANG; if (!ab_to(array('users' => 'add'))) { return false; } $opt = \site\utils::array_map_recursive('trim', $opt); if (empty($opt['name']) || empty($opt['email']) || empty($opt['password'])) { return false; } $stmt = $db->stmt_init(); $stmt->prepare("INSERT INTO " . DB_TABLE_PREFIX . "users (name, email, password, avatar, points, credits, privileges, erole, subscriber, valid, date) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())"); $avatar = \site\images::upload(@$_FILES['logo'], 'avatar_', array('path' => DIR . '/', 'max_size' => 1024, 'max_width' => 500, 'max_height' => 600, 'current' => '')); $password = md5($opt['password']); $stmt->bind_param("ssssiiisii", $opt['name'], $opt['email'], $password, $avatar, $opt['points'], $opt['credits'], $opt['privileges'], @serialize($opt['erole']), $opt['subscriber'], $opt['confirm']); if ($stmt->execute()) { if (!$opt['confirm']) { $stmt->prepare("SELECT id FROM " . DB_TABLE_PREFIX . "users WHERE email = ?"); $stmt->bind_param("s", $opt['email']); $stmt->execute(); $stmt->bind_result($id); $stmt->fetch(); $stmt->close(); $cofirm_session = md5(\site\utils::str_random(15)); if (\user\mail_sessions::insert('confirmation', array('user' => $id, 'session' => $cofirm_session))) { \site\mail::send($opt['email'], $LANG['email_acc_title'] . ' - ' . \query\main::get_option('sitename'), array('template' => 'account_confirmation', 'path' => '../'), array('hello_name' => sprintf($LANG['email_text_hello'], $opt['name']), 'confirmation_main_text' => $LANG['email_acc_maintext'], 'confirmation_button' => $LANG['email_acc_button'], 'link' => \site\utils::update_uri($GLOBALS['siteURL'] . 'verify.php', array('user' => $id, 'token' => $cofirm_session)))); } } return true; } $stmt->close(); return false; }
<h2>' . $LANG['users_add_title'] . '</h2> <div style="float:right; margin: 0 2px 0 0;"> <a href="?route=users.php&action=list" class="btn">' . $LANG['users_view'] . '</a> </div>'; if (!empty($LANG['users_add_subtitle'])) { echo '<span>' . $LANG['users_add_subtitle'] . '</span>'; } echo '</div>'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'users_csrf')) { if (isset($_POST['name']) && isset($_POST['email']) && isset($_POST['password']) && isset($_POST['points']) && (!$GLOBALS['me']->is_admin || isset($_POST['privileges']) && in_array($_POST['privileges'], array(0, 1, 2)))) { if (actions::add_user(array('name' => $_POST['name'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'points' => $_POST['points'], 'credits' => $GLOBALS['me']->is_admin && isset($_POST['credits']) ? $_POST['credits'] : 0, 'privileges' => $GLOBALS['me']->is_admin ? $_POST['privileges'] : '', 'erole' => $GLOBALS['me']->is_admin ? isset($_POST['erole']) && (int) $_POST['privileges'] === 1 ? $_POST['erole'] : '' : '', 'subscriber' => isset($_POST['subscriber']) ? 1 : 0, 'confirm' => isset($_POST['confirm']) ? 1 : 0))) { echo '<div class="a-success">' . $LANG['msg_added'] . '</div>'; if (isset($_POST['send_copy'])) { \site\mail::send($_POST['email'], $LANG['email_ac_title'] . ' - ' . \query\main::get_option('sitename'), array('template' => 'account_creation', 'path' => '../'), array('ac_main_text' => sprintf($LANG['email_ac_maintext'], \query\main::get_option('sitename')), 'form_email' => $LANG['email_ac_email'], 'form_password' => $LANG['email_ac_password'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'link' => \query\main::get_option('siteurl'))); } } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } $csrf = $_SESSION['users_csrf'] = \site\utils::str_random(10); echo '<div class="form-table"> <form action="#" method="POST" enctype="multipart/form-data" autocomplete="off"> <div class="row"><span>' . $LANG['form_name'] . ':</span><div><input type="text" name="name" value="" /></div></div> <div class="row"><span>' . $LANG['form_email'] . ':</span><div><input type="email" name="email" value="" /></div></div> <div class="row"><div><input type="checkbox" name="send_copy" id="send_copy" checked /> <label for="send_copy">' . $LANG['msg_sendcacc'] . '</label></div></div> <div class="row"><span>' . $LANG['form_password'] . ':</span><div><input type="password" name="password" value="" /></div></div>
public static function send_contact($post) { global $db, $LANG; if (empty($post['name'])) { throw new \Exception($LANG['sendcontact_complete_name']); } else { if (!isset($post['email']) || !filter_var($post['email'], FILTER_VALIDATE_EMAIL)) { throw new \Exception($LANG['sendcontact_usevalide']); } else { if (!isset($post['message']) || strlen($post['message']) < 10) { throw new \Exception($LANG['sendcontact_writemsg']); } else { // send email if (\site\mail::send(\query\main::get_option('email_contact'), $LANG['email_sec_title'] . ' - ' . \query\main::get_option('sitename'), array('template' => 'contact_form', 'reply_name' => $post['name'], 'reply_to' => $post['email']), array('name' => $LANG['email_sec_name'], 'c_name' => $post['name'], 'email' => $LANG['email_sec_email'], 'c_email' => $post['email'], 'c_msg' => $post['message']))) { return true; } throw new \Exception($LANG['msg_error']); } } } }