<input type="text" id="root" name="root" value="' . $config['root'] . '" />
<label for="dir_img">Image directory:</label>
<input type="text" id="dir_img" name="dir[img]" value="' . $config['dir']['img'] . '" />
<label for="dir_thumb">Thumbnail directory:</label>
<input type="text" id="dir_thumb" name="dir[thumb]" value="' . $config['dir']['thumb'] . '" />
<label for="dir_res">Thread directory:</label>
<input type="text" id="dir_res" name="dir[res]" value="' . $config['dir']['res'] . '" />
</fieldset>
<fieldset>
<legend>Miscellaneous</legend>
<label for="secure_trip_salt">Secure trip (##) salt:</label>
<input type="text" id="secure_trip_salt" name="secure_trip_salt" value="' . create_salt() . '" size="40" />
</fieldset>
<p style="text-align:center">
<input type="submit" value="Complete installation" />
</p>
</form>
';
echo Element('page.html', $page);
} elseif ($step == 3) {
$instance_config = '<?php
/*
* Instance Configuration
* ----------------------
* Edit this file and not config.php for imageboard configuration.
} else {
$_SESSION['error'] = message_error(pg_last_error($db_connection));
header("Location: ../showcase/php/php_showcase_data_manipulation.php");
}
} else {
header("Location: ../showcase/php/php_showcase_data_manipulation.php");
}
} else {
if (isset($_POST['edit_mode'])) {
if (!isset($_POST['password']) || isset($_POST['password']) && strlen($_POST['password']) == 0) {
$password = null;
}
if (strlen(create_error_string($login, $password, $email, $gender)) == 0) {
$update_user_sql = "UPDATE users SET superuser = '******', email = '{$email}', note = '{$note}', gender = '{$gender}'";
if (isset($_POST['password']) && strlen($password) > 0) {
$salt_hash = create_salt();
$password_hash = create_password_hash($password, $salt_hash);
$update_user_sql .= ", password_hash = '{$password_hash}', salt_hash = '{$salt_hash}' ";
}
$update_user_sql .= "WHERE login LIKE '{$login}'";
if ($update_user_sql_result = pg_query($db_connection, $update_user_sql)) {
$_SESSION['info'] = message_info("User " . $login . " updated successfully.");
header("Location: ../showcase/php/php_showcase_db_diagnostics.php");
} else {
$_SESSION['error'] = message_error(pg_last_error($db_connection));
header("Location: ../showcase/php/php_showcase_data_manipulation.php");
}
} else {
header("Location: ../showcase/php/php_showcase_data_manipulation.php");
}
} else {
function md5crypt($pw, $salt = "", $magic = "")
{
$MAGIC = "\$1\$";
if ($magic == "") {
$magic = $MAGIC;
}
if ($salt == "") {
$salt = create_salt();
}
$slist = explode("\$", $salt);
if ($slist[0] == "1") {
$salt = $slist[1];
}
$salt = substr($salt, 0, 8);
$ctx = $pw . $magic . $salt;
$final = hex2bin(md5($pw . $salt . $pw));
for ($i = strlen($pw); $i > 0; $i -= 16) {
if ($i > 16) {
$ctx .= substr($final, 0, 16);
} else {
$ctx .= substr($final, 0, $i);
}
}
$i = strlen($pw);
while ($i > 0) {
if ($i & 1) {
$ctx .= chr(0);
} else {
$ctx .= $pw[0];
}
$i = $i >> 1;
}
$final = hex2bin(md5($ctx));
for ($i = 0; $i < 1000; $i++) {
$ctx1 = "";
if ($i & 1) {
$ctx1 .= $pw;
} else {
$ctx1 .= substr($final, 0, 16);
}
if ($i % 3) {
$ctx1 .= $salt;
}
if ($i % 7) {
$ctx1 .= $pw;
}
if ($i & 1) {
$ctx1 .= substr($final, 0, 16);
} else {
$ctx1 .= $pw;
}
$final = hex2bin(md5($ctx1));
}
$passwd = "";
$passwd .= to64(ord($final[0]) << 16 | ord($final[6]) << 8 | ord($final[12]), 4);
$passwd .= to64(ord($final[1]) << 16 | ord($final[7]) << 8 | ord($final[13]), 4);
$passwd .= to64(ord($final[2]) << 16 | ord($final[8]) << 8 | ord($final[14]), 4);
$passwd .= to64(ord($final[3]) << 16 | ord($final[9]) << 8 | ord($final[15]), 4);
$passwd .= to64(ord($final[4]) << 16 | ord($final[10]) << 8 | ord($final[5]), 4);
$passwd .= to64(ord($final[11]), 2);
return "{$magic}{$salt}\${$passwd}";
}
function register_user($username, $password, $firstname, $lastname)
{
$username = strtolower($username);
$hash = hash("sha256", $password);
$salt = create_salt();
$hash = hash("sha256", $salt . $hash);
$mysqli = new mysqli($GLOBALS["dbhost"], $GLOBALS["dbuser"], $GLOBALS["dbpass"], $GLOBALS["dbname"]);
if (mysqli_connect_errno()) {
return mysqli_connect_error();
}
// sanitize username
$username = $mysqli->real_escape_string($username);
// check if user is registered
$query = "SELECT * FROM Users WHERE Username = '******';";
$result = $mysqli->query($query);
if ($result->num_rows > 0) {
// if they are, close the connection and result and return
$result->close();
$mysqli->close();
return "Username already registered!";
}
// close the result
$result->close();
// insert user into database
$query = "INSERT INTO Users ( Username, FirstName, LastName, Password, Salt ) VALUES ( '{$username}' , '{$firstname}' , '{$lastname}', '{$hash}', '{$salt}' );";
$result = $mysqli->query($query);
if (!$result) {
$mysqli->close();
return "Could not insert user.";
}
// Close the connection
$mysqli->close();
// Return Successful
return "Successful";
}
