if (!empty($emailmatches[1])) { // Check if username is taken $form->errors[] = "Email already taken."; $form->valid = false; } $username = $form->getElement("username"); $unvalue = $username->value; $unmatches = db_get("SELECT 1 FROM login_user WHERE upper(username) = upper('{$unvalue}')", 'column'); if (!empty($unmatches[1])) { // Check if email is taken $form->errors[] = "Username already taken."; $form->valid = false; } if ($form->valid == true) { // Hash the password $hash = db_hash_password($_REQUEST['password1']); if ($hash) { // Insert the values $firstname = $_REQUEST["firstname"]; $lastname = $_REQUEST["lastname"]; $insertfields = array("username" => $unvalue, "pass" => $hash, "email" => $emailvalue, "firstname" => $firstname, "lastname" => $lastname, "pending" => 1); $ins = new SQLInsert("login_user", $insertfields); $ins->execute(); //db_execute("INSERT INTO login_user (username, pass, email, firstname, lastname) VALUES('$unvalue', '$hash', '$emailvalue','".$_REQUEST["firstname"]."','".$_REQUEST["lastname"]."')"); //die("Created user $unvalue"); $subject = "Access Request for {$unvalue}"; $url = "http://" . $_SERVER["SERVER_NAME"] . "/shared/login/approveordeny.php?username="******"{$firstname} {$lastname} has requested access to the " . $system_name . ". <br><br><a href='" . $url . "'>Approve or deny</a> {$url}"; $headers = "From: " . $admin_email . "\r\n"; $headers .= "Reply-To: " . $admin_email . "\r\n"; $headers .= "MIME-Version: 1.0\r\n";
if (!empty($emailmatches[1])) { $field = 'email'; } else { $form->errors[] = "No user found with username or email <strong>" . $unvalue . "</strong>"; $form->valid = false; } } if (isset($field)) { $userinfo = db_get("SELECT id,email FROM login_user WHERE {$field} = '{$unvalue}'", 'row'); $email = $userinfo[0]["EMAIL"]; $userid = $userinfo[0]["ID"]; $length = 10; $randomString = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length); //$randomString = "TestPassword1"; $newpassword = $randomString; $hash = db_hash_password($newpassword); db_execute("UPDATE login_user SET pass = "******" WHERE id = " . dbize($userid)); $to = $email; $subject = "New Password for RMV Data System"; $message = "Your new password is: {$newpassword}"; $headers = 'From: ' . $admin_email . "\r\n" . 'Reply-To: ' . $admin_email . "\r\n" . 'X-Mailer: PHP/' . phpversion(); $sent = mail($to, $subject, $message, $headers, "-f" . $admin_email); if ($sent) { $status = "<div class='success status'>An email has been sent to your email address on file, " . $email . ", with your new password.</div>"; $form->valid = true; } else { $form->errors[] = "Could not send mail."; $form->valid = false; } } }