if (!empty($_POST["change"])) {
if (!verifyToken()) {
## csrf check, should be added in more places
print Error($GLOBALS['I18N']->get('No Access'));
return;
}
if (empty($_POST["id"])) {
# Check if fields login name and email are present
if (!is_null($_POST["loginname"]) && $_POST["loginname"] !== '' && !is_null($_POST["email"]) && $_POST["email"] !== '') {
if (validateEmail($_POST["email"])) {
# new one
$result = Sql_query(sprintf('SELECT count(*) FROM %s WHERE namelc="%s" OR email="%s"', $tables["admin"], strtolower(normalize($_POST["loginname"])), strtolower(normalize($_POST["email"]))));
$totalres = Sql_fetch_Row($result);
$total = $totalres[0];
if (!$total) {
Sql_Query(sprintf('insert into %s (loginname,namelc,password,created) values("%s","%s","%s",current_timestamp)', $tables["admin"], strtolower(normalize($_POST["loginname"])), strtolower(normalize($_POST["loginname"])), encryptPass(md5(rand(0, 1000)))));
$id = Sql_Insert_Id($tables['admin'], 'id');
} else {
$id = 0;
}
} else {
## email doesn't validate
$id = 0;
}
} else {
$id = 0;
}
} else {
$id = sprintf('%d', $_POST["id"]);
}
if ($id) {
if (isset($_GET['p']) && $_GET["p"] == "subscribe") {
$_SESSION["userloggedin"] = 0;
$_SESSION["userdata"] = array();
}
$login_required = ASKFORPASSWORD && $userpassword && $_GET["p"] == "preferences" || ASKFORPASSWORD && UNSUBSCRIBE_REQUIRES_PASSWORD && $userpassword && $_GET["p"] == "unsubscribe";
if ($login_required && empty($_SESSION["userloggedin"])) {
$canlogin = 0;
if (!empty($_POST["login"])) {
# login button pushed, let's check formdata
if (empty($_POST["email"])) {
$msg = $strEnterEmail;
} elseif (empty($_POST["password"])) {
$msg = $strEnterPassword;
} else {
if (ENCRYPTPASSWORD) {
$encP = encryptPass($_POST["password"]);
$canlogin = false;
$canlogin = !empty($encP) && !empty($_POST['password']) && !empty($emailcheck) && $encP == $userpassword && $_POST["email"] == $emailcheck;
# print $_POST['password'].' '.$encP.' '.$userpassword.' '.$canlogin; exit;
} else {
$canlogin = $_POST["password"] == $userpassword && $_POST["email"] == $emailcheck;
}
}
if (!$canlogin) {
$msg = '<p class="error">' . $strInvalidPassword . '</p>';
} else {
loadUser($emailcheck);
$_SESSION["userloggedin"] = $_SERVER["REMOTE_ADDR"];
}
} elseif (!empty($_POST["forgotpassword"])) {
# forgot password button pushed
if ($row[0] != $_GET['uid']) {
Fatal_Error('Cannot change to that email address.
<br/>This email already exists.
<br/>Please use the preferences URL for this email to make updates.
<br/>Click <a href="' . getConfig('preferencesurl') . "&email={$email}\">here</a> to request your personal location");
exit;
}
}
# read the current values to compare changes
$old_data = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d', $GLOBALS['tables']['user'], $userid));
$old_data = array_merge($old_data, getUserAttributeValues('', $userid));
$history_entry = '';
#'http://'.getConfig("website").$GLOBALS["adminpages"].'/?page=user&id='.$userid."\n\n";
if (ASKFORPASSWORD && $_POST['password']) {
if (ENCRYPTPASSWORD) {
$newpassword = encryptPass($_POST['password']);
} else {
$newpassword = sprintf('%s', $_POST['password']);
}
# see whether is has changed
$curpwd = Sql_Fetch_Row_Query("select password from {$GLOBALS['tables']['user']} where id = {$userid}");
if ($_POST['password'] != $curpwd[0]) {
$storepassword = '******' . $newpassword . '",';
Sql_query("update {$GLOBALS['tables']['user']} set passwordchanged = now() where id = {$userid}");
$history_entry .= "\nUser has changed their password\n";
addSubscriberStatistics('password change', 1);
} else {
$storepassword = '';
}
} else {
$storepassword = '';
$req = Sql_Query("select uniqid from {$GLOBALS["tables"]["user"]} where email = \"{$email}\"");
if (Sql_Affected_Rows()) {
$row = Sql_Fetch_Row($req);
if ($row[0] != $_GET["uid"]) {
Fatal_Error("Cannot change to that email address.\n <br/>This email already exists.\n <br/>Please use the preferences URL for this email to make updates.\n <br/>Click <a href=\"" . getConfig("preferencesurl") . "&email={$email}\">here</a> to request your personal location");
exit;
}
}
# read the current values to compare changes
$old_data = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d', $GLOBALS["tables"]["user"], $userid));
$old_data = array_merge($old_data, getUserAttributeValues('', $userid));
$history_entry = '';
#'http://'.getConfig("website").$GLOBALS["adminpages"].'/?page=user&id='.$userid."\n\n";
if (ASKFORPASSWORD && $_POST["password"]) {
if (ENCRYPTPASSWORD) {
$newpassword = encryptPass($_POST["password"]);
} else {
$newpassword = sprintf('%s', $_POST["password"]);
}
# see whether is has changed
$curpwd = Sql_Fetch_Row_Query("select password from {$GLOBALS["tables"]["user"]} where id = {$userid}");
if ($_POST["password"] != $curpwd[0]) {
$storepassword = '******' . $newpassword . '",';
Sql_query("update {$GLOBALS["tables"]["user"]} set passwordchanged = current_timestamp where id = {$userid}");
$history_entry .= "\nUser has changed their password\n";
addSubscriberStatistics('password change', 1);
} else {
$storepassword = "";
}
} else {
$storepassword = "";
$old_listmembership = array();
$req = Sql_Query("select * from {$tables['listuser']} where userid = {$id}");
while ($row = Sql_Fetch_Array($req)) {
$old_listmembership[$row['listid']] = listName($row['listid']);
}
while (list($key, $val) = each($struct)) {
if (is_array($val)) {
if (isset($val[1]) && strpos($val[1], ':')) {
list($a, $b) = explode(':', $val[1]);
} else {
$a = $b = '';
}
if (strpos($a, 'sys') === false && $val[1]) {
if ($key == 'password') {
if (!empty($_POST[$key])) {
Sql_Query("update {$tables['user']} set {$key} = \"" . encryptPass($_POST[$key]) . "\" where id = {$id}");
}
} else {
if ($key != 'password' || !empty($_POST[$key])) {
if ($key == 'password') {
$_POST[$key] = hash('sha256', $_POST[$key]);
}
Sql_Query("update {$tables['user']} set {$key} = \"" . sql_escape($_POST[$key]) . "\" where id = {$id}");
}
}
} elseif ((!$require_login || $require_login && isSuperUser()) && $key == 'confirmed') {
Sql_Query("update {$tables['user']} set {$key} = \"" . sql_escape($_POST[$key]) . "\" where id = {$id}");
}
}
}
if (!empty($_FILES) && is_array($_FILES)) {
if (!$error || $force) {
if ($table == 'admin') {
# create a default admin
$_SESSION['firstinstall'] = 1;
if (isset($_REQUEST['adminemail'])) {
$adminemail = $_REQUEST['adminemail'];
} else {
$adminemail = '';
}
if (isset($_REQUEST['adminpassword'])) {
$adminpass = $_REQUEST['adminpassword'];
} else {
$adminpass = '******';
}
Sql_Query(sprintf('insert into %s (loginname,namelc,email,created,modified,password,passwordchanged,superuser,disabled)
values("%s","%s","%s",now(),now(),"%s",now(),%d,0)', $tables['admin'], 'admin', 'admin', $adminemail, encryptPass($adminpass), 1));
## let's add them as a subscriber as well
$userid = addNewUser($adminemail, $adminpass);
Sql_Query(sprintf('update %s set confirmed = 1 where id = %d', $tables['user'], $userid));
/* to send the token at the end, doesn't work yet
$adminid = Sql_Insert_Id();
*/
} elseif ($table == 'task') {
while (list($type, $pages) = each($system_pages)) {
foreach ($pages as $page => $access_level) {
Sql_Query(sprintf('replace into %s (page,type) values("%s","%s")', $tables['task'], $page, $type));
}
}
}
echo '... ' . s('ok') . "<br />\n";
} else {
if (!$error || $force) {
if ($table == "admin") {
# create a default admin
$_SESSION['firstinstall'] = 1;
if (isset($_REQUEST['adminemail'])) {
$adminemail = $_REQUEST['adminemail'];
} else {
$adminemail = '';
}
if (isset($_REQUEST['adminpassword'])) {
$adminpass = $_REQUEST['adminpassword'];
} else {
$adminpass = '******';
}
Sql_Query(sprintf('insert into %s (loginname,namelc,email,created,modified,password,passwordchanged,superuser,disabled)
values("%s","%s","%s",now(),now(),"%s",now(),%d,0)', $tables["admin"], "admin", "admin", $adminemail, encryptPass($adminpass), 1));
## let's add them as a subscriber as well
$userid = addNewUser($adminemail, $adminpass);
Sql_Query(sprintf('update %s set confirmed = 1 where id = %d', $tables['user'], $userid));
/* to send the token at the end, doesn't work yet
$adminid = Sql_Insert_Id();
*/
} elseif ($table == "task") {
while (list($type, $pages) = each($system_pages)) {
foreach ($pages as $page => $access_level) {
Sql_Query(sprintf('replace into %s (page,type) values("%s","%s")', $tables["task"], $page, $type));
}
}
}
echo "... " . s("ok") . "<br />\n";
} else {
$html .= '<tr><td>' . $GLOBALS['I18N']->get('Initialise Database') . '</td>
<td>' . $link . '</td><td>';
if (Sql_Table_Exists($tables['config'], 1)) {
$html .= $GLOBALS['img_tick'];
} else {
$html .= $GLOBALS['img_cross'];
$alldone = 0;
}
$html .= '</td></tr>';
}
$link = PageLink2('admin&id=1', s('Go there'));
if (!empty($link) && $GLOBALS['require_login']) {
$html .= '<tr><td>' . s('Change admin password') . ' </td>
<td>' . $link . '</td><td>';
$curpwd = Sql_Fetch_Row_Query("select password from {$tables['admin']} where loginname = \"admin\"");
if ($curpwd[0] != 'phplist' && $curpwd[0] != encryptPass('phplist')) {
$html .= $GLOBALS['img_tick'];
} else {
$alldone = 0;
$html .= $GLOBALS['img_cross'];
}
$html .= '</td></tr>';
}
$link = PageLink2('configure', $GLOBALS['I18N']->get('Go there'));
if (!empty($link)) {
$html .= '<tr><td>' . $GLOBALS['I18N']->get('Verify Settings') . '</td>
<td>' . $link . '</td><td>';
$data = Sql_Fetch_Row_Query("select value from {$tables['config']} where item = \"subscribeurl\"");
if ($data[0]) {
$html .= $GLOBALS['img_tick'];
} else {
if (!$error || $force) {
if ($table == "admin") {
# create a default admin
$_SESSION['firstinstall'] = 1;
if (isset($_REQUEST['adminemail'])) {
$adminemail = $_REQUEST['adminemail'];
} else {
$adminemail = '';
}
if (isset($_REQUEST['adminpassword'])) {
$adminpass = $_REQUEST['adminpassword'];
} else {
$adminpass = '******';
}
Sql_Query(sprintf('insert into %s (loginname,namelc,email,created,modified,password,passwordchanged,superuser,disabled)
values("%s","%s","%s",current_timestamp,current_timestamp,"%s",current_timestamp,%d,0)', $tables["admin"], "admin", "admin", $adminemail, encryptPass($adminpass), 1));
## let's add them as a subscriber as well
$userid = addNewUser($adminemail, $adminpass);
Sql_Query(sprintf('update %s set confirmed = 1 where id = %d', $tables['user'], $userid));
/* to send the token at the end, doesn't work yet
$adminid = Sql_Insert_Id();
*/
} elseif ($table == "task") {
while (list($type, $pages) = each($system_pages)) {
foreach ($pages as $page => $access_level) {
Sql_Query(sprintf('replace into %s (page,type) values("%s","%s")', $tables["task"], $page, $type));
}
}
}
echo "... " . s("ok") . "<br />\n";
} else {
$query = sprintf('update %s
set email = "%s",
loginname = "%s",
namelc = "%s",
modifiedby = "%s",
passwordchanged = current_timestamp,
password = "******",
superuser = 0,
disabled = 0,
privileges = "%s"
where id = %d', $tables["admin"], sql_escape($email), sql_escape($loginname), normalize($loginname), adminName($_SESSION["logindetails"]["id"]), encryptPass($data["password"]), sql_escape(serialize($privs)), $adminid);
$result = Sql_query($query);
} else {
$query = sprintf('INSERT INTO %s
(email,loginname,namelc,created,modifiedby,passwordchanged,password,superuser,disabled,privileges)
values("%s","%s","%s",current_timestamp,"%s",current_timestamp,"%s",0,0,"%s")', $tables["admin"], sql_escape($email), sql_escape($loginname), normalize($loginname), adminName($_SESSION["logindetails"]["id"]), encryptPass($data["password"]), sql_escape(serialize($privs)));
$result = Sql_query($query);
$adminid = Sql_Insert_Id($tables['admin'], 'id');
$count_email_add++;
$some = 1;
}
reset($import_attribute);
foreach ($import_attribute as $item) {
if (!empty($data['values'][$item["index"]])) {
$attribute_index = $item["record"];
$value = $data['values'][$item["index"]];
# check whether this is a textline or a selectable item
$att = Sql_Fetch_Row_Query("select type,tablename,name from " . $tables["adminattribute"] . " where id = {$attribute_index}");
switch ($att[0]) {
case "select":
case "radio":
if (isset($_POST['event']) && $_REQUEST['event'] == 'login_now') {
if (!isset($_POST['email_address']) || !isset($_POST['password'])) {
$tpl->set_msg_err(_('Error: missing fields'));
$tpl->wrap_exit('login.tpl');
}
if (!checkEmailFormat($_POST['email_address'])) {
$tpl->set_msg_err(_('Error: invalid email address format'));
$tpl->wrap_exit('login.tpl');
}
$email_array = explode('@', $_POST['email_address']);
$login_user = $email_array[0];
$login_domain = $email_array[1];
$vp = new vpopmail_admin($login_domain, $login_user, $_POST['password'], $server_ip, $server_port);
if ($vp->Error) {
unset($_SESSION['user']);
unset($_SESSION['domain']);
unset($_SESSION['password']);
unset($_SESSION['email']);
$tpl->set_msg("Unable to open vpopmaild - {$vp->Error}");
$tpl->wrap_exit();
} else {
$_SESSION['user'] = $login_user;
$_SESSION['domain'] = $login_domain;
$_SESSION['password'] = encryptPass($_POST['password'], $mcrypt_key);
$_SESSION['email'] = $_SESSION['user'] . '@' . $_SESSION['domain'];
header("Location: " . $_SERVER['PHP_SELF'] . '?module=Domains');
exit;
}
}
// Else show login screen
$tpl->wrap_exit('login.tpl');
<?php
include_once '../lib/session.inc.php';
include_once '../lib/user.inc.php';
$user = $_POST['user'];
$pass = $_POST['pass'];
$userId = authenticateUser($user, $pass);
if ($userId) {
$_SESSION['user'] = loadUser($userId);
print json_encode(array('success' => true, 'pass' => encryptPass($pass)));
} else {
print json_encode(array('success' => false));
}
function insertUser($data)
{
//random, unique to user salt
@($data['salt'] = randomString(15));
//if no pass available, create a random one
if (!isset($data['pass']) or empty($data['pass'])) {
@($data['pass'] = randomString(15));
}
//now encrypt pass
$clear_pass = $data['pass'];
$encrypted_pass = encryptPass($clear_pass, $data['salt']);
$data['pass'] = $encrypted_pass;
//creation data
@($data['create_date'] = date('Y-m-d H:i:s'));
//insert into db
$db = Database::obtain();
$results = $db->insert('users', $data);
return $results;
}
if (isset($_GET['p']) && $_GET['p'] == 'subscribe') {
$_SESSION['userloggedin'] = 0;
$_SESSION['userdata'] = array();
}
$login_required = ASKFORPASSWORD && $userpassword && $_GET['p'] == 'preferences' || ASKFORPASSWORD && UNSUBSCRIBE_REQUIRES_PASSWORD && $userpassword && $_GET['p'] == 'unsubscribe';
if ($login_required && empty($_SESSION['userloggedin'])) {
$canlogin = 0;
if (!empty($_POST['login'])) {
# login button pushed, let's check formdata
if (empty($_POST['email'])) {
$msg = $strEnterEmail;
} elseif (empty($_POST['password'])) {
$msg = $strEnterPassword;
} else {
if (ENCRYPTPASSWORD) {
$encP = encryptPass($_POST['password']);
$canlogin = false;
$canlogin = !empty($encP) && !empty($_POST['password']) && !empty($emailcheck) && $encP == $userpassword && $_POST['email'] == $emailcheck;
# print $_POST['password'].' '.$encP.' '.$userpassword.' '.$canlogin; exit;
} else {
$canlogin = $_POST['password'] == $userpassword && $_POST['email'] == $emailcheck;
}
}
if (!$canlogin) {
$msg = '<p class="error">' . $strInvalidPassword . '</p>';
} else {
loadUser($emailcheck);
$_SESSION['userloggedin'] = $_SERVER['REMOTE_ADDR'];
}
} elseif (!empty($_POST['forgotpassword'])) {
# forgot password button pushed
$query = sprintf('update %s
set email = "%s",
loginname = "%s",
namelc = "%s",
modifiedby = "%s",
passwordchanged = now(),
password = "******",
superuser = 0,
disabled = 0,
privileges = "%s"
where id = %d', $tables['admin'], sql_escape($email), sql_escape($loginname), normalize($loginname), adminName($_SESSION['logindetails']['id']), encryptPass($data['password']), sql_escape(serialize($privs)), $adminid);
$result = Sql_query($query);
} else {
$query = sprintf('INSERT INTO %s
(email,loginname,namelc,created,modifiedby,passwordchanged,password,superuser,disabled,privileges)
values("%s","%s","%s",now(),"%s",now(),"%s",0,0,"%s")', $tables['admin'], sql_escape($email), sql_escape($loginname), normalize($loginname), adminName($_SESSION['logindetails']['id']), encryptPass($data['password']), sql_escape(serialize($privs)));
$result = Sql_query($query);
$adminid = Sql_insert_id();
++$count_email_add;
$some = 1;
}
reset($import_attribute);
foreach ($import_attribute as $item) {
if (!empty($data['values'][$item['index']])) {
$attribute_index = $item['record'];
$value = $data['values'][$item['index']];
# check whether this is a textline or a selectable item
$att = Sql_Fetch_Row_Query('select type,tablename,name from ' . $tables['adminattribute'] . " where id = {$attribute_index}");
switch ($att[0]) {
case 'select':
case 'radio':
function addNewUser($email, $password = "")
{
if (empty($GLOBALS['tables']['user'])) {
$GLOBALS['tables']['user'] = '******';
}
/*
"id" => array("integer not null primary key auto_increment","sys:ID"),
"email" => array("varchar(255) not null","Email"),
"confirmed" => array("tinyint default 0","sys:Is the email of this user confirmed"),
"entered" => array("datetime","sys:Time Created"),
"modified" => array("timestamp","sys:Time modified"),
"uniqid" => array("varchar(255)","sys:Unique ID for User"),
"unique" => array("(email)","sys:unique"),
"htmlemail" => array("tinyint default 0","Send this user HTML emails"),
"subscribepage" => array("integer","sys:Which page was used to subscribe"),
"rssfrequency" => array("varchar(100)","rss Frequency"), // Leftover from the preplugin era
"password" => array("varchar(255)","Password"),
"passwordchanged" => array("datetime","sys:Last time password was changed"),
"disabled" => array("tinyint default 0","Is this account disabled?"),
"extradata" => array("text","Additional data"),
*/
// insert into user db
$exists = Sql_Fetch_Row_Query(sprintf('select id from %s where email = "%s"', $GLOBALS['tables']['user'], $email));
if ($exists[0]) {
return $exists[0];
}
$passwordEnc = encryptPass($password);
Sql_Query(sprintf('insert into %s set email = "%s",
entered = now(),modified = now(),password = "******",
passwordchanged = now(),disabled = 0,
uniqid = "%s",htmlemail = 1
', $GLOBALS['tables']['user'], $email, $passwordEnc, getUniqid()));
$id = Sql_Insert_Id();
return $id;
}
$html .= '<tr><td>' . $GLOBALS['I18N']->get('Initialise Database') . '</td>
<td>' . $link . '</td><td>';
if (Sql_Table_Exists($tables["config"], 1)) {
$html .= $GLOBALS["img_tick"];
} else {
$html .= $GLOBALS["img_cross"];
$alldone = 0;
}
$html .= '</td></tr>';
}
$link = PageLink2("admin&id=1", s('Go there'));
if (!empty($link) && $GLOBALS["require_login"]) {
$html .= '<tr><td>' . s('Change admin password') . ' </td>
<td>' . $link . '</td><td>';
$curpwd = Sql_Fetch_Row_Query("select password from {$tables["admin"]} where loginname = \"admin\"");
if ($curpwd[0] != "phplist" && $curpwd[0] != encryptPass('phplist')) {
$html .= $GLOBALS["img_tick"];
} else {
$alldone = 0;
$html .= $GLOBALS["img_cross"];
}
$html .= '</td></tr>';
}
$link = PageLink2("configure", $GLOBALS['I18N']->get('Go there'));
if (!empty($link)) {
$html .= '<tr><td>' . $GLOBALS['I18N']->get('Verify Settings') . '</td>
<td>' . $link . '</td><td>';
$data = Sql_Fetch_Row_Query("select value from {$tables["config"]} where item = \"admin_address\"");
if ($data[0]) {
$html .= $GLOBALS["img_tick"];
} else {
$SQLquery = sprintf('delete from %s where date_add( date, INTERVAL %s) < now( )', $GLOBALS['tables']['admin_password_request'], PASSWORD_CHANGE_TIMEFRAME);
$query = Sql_Query($SQLquery);
}
//if (ENCRYPT_PASSWORDS) {
if (isset($_POST['password1']) && isset($_POST['password2'])) {
$SQLquery = sprintf('select date, admin from %s where key_value = "%s" and admin = %d', $GLOBALS['tables']['admin_password_request'], sql_escape($_GET['token']), $_POST['admin']);
$tokenData = Sql_Fetch_Row_Query($SQLquery);
$p1 = $_POST['password1'];
$p2 = $_POST['password2'];
$adminId = $tokenData[1];
$SQLquery = sprintf('select loginname from %s where id = %d;', $GLOBALS['tables']['admin'], $adminId);
$adminData = Sql_Fetch_Row_Query($SQLquery);
$admin = $adminData[0];
if ($p1 == $p2 && !empty($admin)) {
#Database update.
$SQLquery = sprintf("update %s set password='******', passwordchanged=now() where loginname = '%s';", $GLOBALS['tables']['admin'], encryptPass($p1), $admin);
## print $SQLquery;
$query = Sql_Query($SQLquery);
print $GLOBALS['I18N']->get('Your password was changed succesfully') . '<br/>';
print '<p><a href="./" class="action-button">' . $GLOBALS['I18N']->get('Continue') . '</a></p>';
#Token deletion.
$SQLquery = sprintf('delete from %s where admin = %d;', $GLOBALS['tables']['admin_password_request'], $adminId);
$query = Sql_Query($SQLquery);
} else {
print $GLOBALS['I18N']->get('The passwords you entered are not the same.');
}
} elseif (isset($_GET['token'])) {
$SQLquery = sprintf("select date, admin from %s where key_value = '" . sql_escape($_GET['token']) . "';", $GLOBALS['tables']['admin_password_request']);
$row = Sql_Fetch_Row_Query($SQLquery);
$tokenDate = date('U', strtotime($row[0]));
$actualDate = date('U');
if (!empty($_POST['change'])) {
if (!verifyToken()) {
## csrf check, should be added in more places
print Error($GLOBALS['I18N']->get('No Access'));
return;
}
if (empty($_POST['id'])) {
# Check if fields login name and email are present
if (!is_null($_POST['loginname']) && $_POST['loginname'] !== '' && !is_null($_POST['email']) && $_POST['email'] !== '') {
if (validateEmail($_POST['email'])) {
# new one
$result = Sql_query(sprintf('SELECT count(*) FROM %s WHERE namelc="%s" OR email="%s"', $tables['admin'], strtolower(normalize($_POST['loginname'])), strtolower(normalize($_POST['email']))));
$totalres = Sql_fetch_Row($result);
$total = $totalres[0];
if (!$total) {
Sql_Query(sprintf('insert into %s (loginname,namelc,password,email,created) values("%s","%s","%s","%s",now())', $tables['admin'], strtolower(normalize($_POST['loginname'])), strtolower(normalize($_POST['loginname'])), encryptPass(md5(rand(0, 1000))), sql_escape($_POST['email'])));
$id = Sql_Insert_Id($tables['admin'], 'id');
} else {
$id = 0;
}
} else {
## email doesn't validate
$id = 0;
}
} else {
$id = 0;
}
} else {
$id = sprintf('%d', $_POST['id']);
##17388 - disallow changing an admin email to an already existing one
if (!empty($_POST['email'])) {
