function addUser($username, $password) { global $dbh; global $db; // Check to see if the password is being stored using an encryption function, and if so add that function around the password. $password_value = pw_encode($password); if (!empty($db['password_encryption_function'])) { $password_value = $db['password_encryption_function'] . "('" . mysql_escape_string($password_value) . "')"; } else { $password_value = "'" . mysql_escape_string($password_value) . "'"; } $notYetSet = true; while ($notYetSet) { $id = generate256BitUniqueID(); $queryResults = mysql_query("SELECT uid FROM user WHERE uid='{$id}'", $dbh); if ($queryResults[0][0] != $id) { $notYetSet = false; } } $sql = "REPLACE INTO " . $db['table'] . " (" . $db['username_column'] . ", " . $db['password_column'] . ", uid) VALUES ('" . mysql_escape_string($username) . "', " . $password_value . ", '" . $id . "')"; $res = mysql_query($sql, $dbh) or die("Couldn't add user."); return $res; }
if(mail($to, $subject, $message, $headers)) { $success = true; } else { $success = false; } return $success; } $username = $_POST['username']; $email = $_POST['email']; $password = $_POST['password']; $notYetSet = true; while ($notYetSet) { $id = generate256BitUniqueID(); $queryResults = $mysqlConnection->processQuery("SELECT uid FROM user WHERE uid='$id'"); if ($queryResults[0][0] != $id) { $notYetSet = false; } } send_mail($email, $admin_email, $registration_subject, $registration_body.$username.$registration_body_2.$password.$registration_body_3.$activateURL.$id); send_mail($supervisor_email, $admin_email, $user_registration_subject.$username, $username.$user_registration_body.$email); $password = pw_encode($password); $mysqlConnection->processQuery("INSERT INTO user (uid, username, password, email) VALUES ('".$id."','".$username."','".$password."','".$email."')");