echo $headerz; $first_error = 0; } echo "<p><font color=\"#" . $cTheme->main_warnmsg . "\">The answer must be at least 4 chars long.</p>"; } if ($email != "" and $username != "" and $failed == 0) { // Sanitise email // $expire = time() + 7 * 24 * 60 * 60; // 7 days - sendmails email timeout $cookie = md5($expire . CRC_SALT_0005 . $username . $email); // special encoding for admin created usernames. $language = intval($language); // Force int // Run any user typed field that hasn't already been sanity checked through the prepare_dbtext() function. $verificationdata = prepare_dbtext($verificationdata); pg_safe_exec("insert into pendingusers (user_name,cookie,expire,email,language,question_id,verificationdata) values ('{$username}','{$cookie}',{$expire},'{$lowemail}',{$language},{$question_id},'{$verificationdata}')"); $boundary = md5(time()); mail($email, $mail_subject_new, "To continue the registration process go to {$confirm_url}?cookie={$cookie}&email={$email}&username={$username}&expire={$expire}", "From: {$mail_from_new}\nReply-To: {$mail_from_new}\nX-Mailer: " . NETWORK_NAME . " Channel Service"); if ($first_error) { std_theme_styles(1); std_theme_body(); echo $headerz; $first_error = 0; } echo "<b>"; echo "The e-mail has been sent to </b>" . $email . "<b>,<br>with confirmation URL = </b>{$confirm_url}?cookie={$cookie}&email={$email}&username={$username}&expire={$expire}<b><br>\n"; echo "The user will have 7 days to click on that link to confirm his new username (email confirmation)<br><br>\n"; echo "The cookie has a special encoding that will allow the user to use the confirmation page in any case of possible lock.\n"; echo "</b>"; echo "<br><br>";
echo "<p><font color=\"#FF0000\">New e-mail address is invalid.</font> It must contain a @, it must be from a valid domain, and it can only contain alpha-numeric "; echo "characters (a-zA-Z0-9) or the . or - character.</p>"; echo "<a href=\"javascript:history.go(-1);\">Go Back</a>.<br></Body></html>\n"; die; } $test = pg_safe_exec("SELECT * FROM users WHERE lower(email)='" . strtolower($email) . "' AND id!={$id}"); if (pg_numrows($test) > 0) { $uuuo = pg_fetch_object($test, 0); std_theme_styles(1); std_theme_body(); echo "<p><font color=\"#FF0000\">E-mail address '{$email}' is already owned by user <b><a href=\"users.php?id=" . $uuuo->id . "\">" . $uuuo->user_name . "</a></b>.</font>"; echo "</p>"; echo "<a href=\"javascript:history.go(-1);\">Go Back</a>.<br></body></html>\n"; die; } $public_key = prepare_dbtext($public_key); $question_id = intval($question_id); $language_id = intval($language_id); //$verificationdata = prepare_dbtext( $verificationdata ); ignore_user_abort(true); pg_safe_exec("BEGIN WORK"); $need_rollback = 1; $query = "UPDATE users "; $query .= "SET "; // Don't allow users to change their own email address // not even admins. if you want to change this, please talk to Isomer first. // // talked to coords, we decided to remove this test. //if ($user_id!=$id) { $query .= "email='{$email}', "; //}