function add_user($values)
{
if (!isset($values['name'], $values['login'], $values['email'], $values['level'])) {
return '$scadmin->add_user() must be called with an array containing the name, login, email, and level values!';
}
$name = safe_text($values['name'], 150);
$login = safe_text($values['login'], 50);
if (strlen($name) > 1 && strlen($login) > 4) {
$pass = $values['pass'] == $values['pass2'] ? pwhash($values['pass']) : false;
if ($pass === false) {
return 'Your passwords don't match!';
} else {
$datetime = NOW;
$insert = $scdb->query("INSERT INTO `{$scdb->users}` (login, pass, name, level, join_date) VALUES ('{$login}','{$pass}','{$name}','1','{$datetime}')");
if (!$insert) {
return 'Failed to add the user to the DB!<br />' . mysql_error();
} else {
return 'Added User: <em>' . $login . '</em> !';
}
}
} else {
return 'Your name or login is too short!';
}
return false;
// this is actually means all went okay
}
//changes password
if (isset($_POST['changepw'])) {
if ($_POST['password1'] != '' and $_POST['password2'] != '' and $_POST['password3'] != '') {
$password1 = $_POST["password1"];
$password2 = $_POST["password2"];
$password3 = $_POST["password3"];
$email = $_SESSION["email"];
if ($password2 != $password3) {
$_SESSION["error"] = "newpwmatch";
header("Location:settings.php");
} else {
if (pwcheck($password1, mysqli_fetch_assoc(mysqli_query($con, "SELECT passwordHash FROM owner WHERE email='{$email}'"))['passwordHash']) != 1) {
$_SESSION["error"] = "oldpwmatch";
header('Location:settings.php');
} else {
$hash = pwhash($password2);
mysqli_query($con, "UPDATE owner SET passwordHash='{$hash}' WHERE email='{$email}'");
$_SESSION["error"] = "pwupdated";
header("Location:settings.php");
}
}
} else {
$_SESSION["error"] = "pwsnotthere";
header("Location:settings.php");
}
}
if (isset($_POST['addurl'])) {
echo checkadmin($_SESSION["userid"], $con);
if (checkadmin($_SESSION["userid"], $con) == true) {
header('Location:home.php');
} else {
}
}
}
}
//redirects users to the registry page
if (isset($_POST['registryform'])) {
header("Location:registry.php");
}
//registers the users on the DB, does all the appropriate checks.
if (isset($_POST['register'])) {
if ($_POST['email'] != '' and $_POST['password'] != '') {
$email = $_POST["email"];
$password = $_POST["password"];
$query = mysqli_num_rows(mysqli_query($con, "SELECT email FROM owner WHERE email='{$email}'"));
if ($query == 0) {
$password = pwhash($password);
mysqli_query($con, "INSERT INTO owner (email,passwordHash) VALUES ('{$email}','{$password}' )");
$_SESSION["error"] = "none";
$_SESSION["userid"] = mysqli_fetch_assoc(mysqli_query($con, "SELECT ownerid FROM owner WHERE email={$email}"))['ownerid'];
header('Location:index.php');
} else {
if ($query != 0) {
$_SESSION["error"] = "emailexist";
header('Location:registry.php');
}
}
} else {
$_SESSION["error"] = "fieldcheck";
header('Location:registry.php');
}
}
<?php
require '../config.php';
require PHP_DIR . 'functions.php';
$message = '';
if (isset($_POST['submit'])) {
if (preg_match('/\\W/', $_POST['form_login']) || isset($_POST['form_login'][99])) {
$message .= '<p class="error">Invalid Username: Must be between 6 & 100 alphanumeric characters!</p>';
}
if (preg_match('/\\W/', $_POST['form_password']) || isset($_POST['form_password'][99])) {
$message .= '<p class="error">Invalid Password: Must be between 6 & 100 alphanumeric characters!</p>';
}
if ('' == $message) {
$user = safe_text($_POST['form_login']);
$pass = pwhash($_POST['form_password']);
$info = $scdb->get_row("SELECT level, email, nicename, ID FROM `{$scdb->users}` WHERE `login` = '{$user}' && `pass` = '" . $pass . "' LIMIT 1", ARRAY_A);
if ($scdb->num_rows == 1) {
$_SESSION['user'] = $user;
$_SESSION['uid'] = (int) $info['uid'];
$_SESSION['email'] = $info['email'];
$_SESSION['name'] = $info['nicename'];
$_SESSION['level'] = (int) $info['level'];
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
$_HOST = parse_url(DOMAIN, PHP_URL_HOST);
setcookie('user', $_SESSION['user'], TIME + COOKIE_EXPIRES, '/', $_HOST);
setcookie('email', $_SESSION['email'], TIME + COOKIE_EXPIRES, '/', $_HOST);
setcookie('name', $_SESSION['name'], TIME + COOKIE_EXPIRES, '/', $_HOST);
if (!isset($_SESSION['redirect'])) {
$_SESSION['redirect'] = 'index.php';
}
header('Location: ' . $_SESSION['redirect']);
