$userId = preg_match("#(=|'|\")#", test_input($_REQUEST["userId"]));
$flag1 = preg_match("#(=|'|\")#", test_input($_REQUEST["username"]));
$flag2 = preg_match("#(=|'|\")#", test_input($_REQUEST["userEmail"]));
$flag3 = preg_match("#(=|'|\")#", test_input($_REQUEST["userPassword"]));
$flag4 = preg_match("#(=|'|\")#", test_input($_REQUEST["roleTitle"]));
if (!$userId && !$flag1 && !$flag2 && !$flag3 && !$flag4) {
//you can use userId for check that current user is Admin that want register new user.
if (isAdmin($userId)) {
$username = $_REQUEST['username'];
$userEmail = $_REQUEST['userEmail'];
$userPassword = $_REQUEST['userPassword'];
$userRole = $_REQUEST['roleTitle'];
//check that data is unique
if (isUniqueUsername($username, 'tblUsers')) {
if (isUniqueUserEmail($userEmail, 'tblUsers')) {
if (registerNewUser($username, $userEmail, $userPassword, $userRole)) {
//user detail saved successfully;
successRegisterMessage($successRegisterMessage);
} else {
failedRegisterMessage($failedRegisterMessage);
}
} else {
failedRegisterMessage($notUniqueInputMessage);
}
} else {
failedRegisterMessage($notUniqueInputMessage);
}
} else {
failedRegisterMessage($notValidUserMessage);
}
} else {
*/
$action = "";
$get = "";
$post = "";
$response = "";
if (isset($_GET["action"])) {
$action = $_GET["action"];
}
$get = json_encode($_GET);
$post = json_encode($_POST);
$message = array();
if (isset($_GET["action"]) && $_GET["action"] == "login" && isset($_POST["username"]) && isset($_POST["password"])) {
$message = checkLogin($conn, $_POST["username"], $_POST["password"], $passwordSalt);
} else {
if (isset($_GET["action"]) && $_GET["action"] == "register" && isset($_POST["username"]) && isset($_POST["password"]) && isset($_POST["firstname"]) && isset($_POST["lastname"]) && isset($_POST["email"]) && isset($_POST["terms"])) {
$message = registerNewUser($conn, $_POST["username"], $_POST["password"], $_POST["firstname"], $_POST["lastname"], $_POST["email"], $_POST["terms"], $passwordSalt);
} else {
if (isset($_GET["action"]) && isset($_POST["code"]) && $_GET["action"] == "verification") {
$message["message"] = verifyCode($conn, $_POST["code"], $verificationValid);
if (stripos($message["message"], "success") !== false) {
$message["status"] = "OK";
} else {
$message["status"] = "Fail";
}
} else {
if (isset($_GET["token"]) && isset($_GET["action"])) {
$userID = getUserFromToken($conn, $_GET["token"]);
if ($userID != null) {
$message["status"] = "OK";
switch ($_GET["action"]) {
case "insert":
<?php
require_once "header.php";
if (isset($_POST['register'])) {
if (registerNewUser($_POST['username'], $_POST['password'], $_POST['password2'], $_POST['email'])) {
echo "Thank you for registering, an email has been sent to your inbox, Please activate your account.\n\t\t<a href='./index.php'>Click here to login.</a>\n\t\t";
} else {
echo "Registration failed! Please try again.";
show_registration_form();
}
} else {
// has not pressed the register button
show_registration_form();
}
require_once "footer.php";
insertIntoPanelLog(1, "fa-check", "Installed ServerPanel 2.0", 1);
}
if (isset($_POST['ips']) && isset($_POST["host"]) && isset($_POST["username"]) && isset($_POST["password"]) && isset($_POST["db"]) && isset($_POST["prefix"]) && (isset($_SESSION['loggedin']) && isset($_SESSION['superadmin']) || isset($_SESSION['installer']))) {
ips4Connection();
}
if (isset($_POST['mail']) && isset($_POST['sgUser']) && isset($_POST['sgPassword']) && isset($_POST['sgEmail']) && (isset($_SESSION['loggedin']) && isset($_SESSION['superadmin']) || isset($_SESSION['installer']))) {
sendgridIntegration();
}
if (isset($_POST['panelName']) && (isset($_SESSION['loggedin']) && isset($_SESSION['superadmin']) || isset($_SESSION['installer']))) {
setPanelName();
}
if (isset($_POST['getIpsUser']) && isset($_POST['ipsUserName']) && (isset($_SESSION['loggedin']) && (isset($_SESSION['superadmin']) || isset($_SESSION['admin'])) || isset($_SESSION['installer']))) {
getIpsUser();
}
if (isset($_POST['register']) && isset($_POST['name']) && isset($_POST['origin']) && (isset($_SESSION['loggedin']) && (isset($_SESSION['superadmin']) || isset($_SESSION['admin'])) || isset($_SESSION['installer']))) {
echo registerNewUser();
}
if (isset($_POST['disableAccount'])) {
disableAccount();
}
if (isset($_POST['deleteAccount'])) {
deleteAcc();
}
if (isset($_SESSION['loggedin']) && isset($_POST['getServers']) && isset($_POST['server'])) {
die(getSelect2Server());
}
function deleteAcc()
{
$id = intval($_POST['deleteAccount']);
if ($id == 0) {
die("error");
}
}
echo json_encode($result);
});
$app->post("/register", function () {
global $app;
$result = new stdClass();
$result->status = false;
$user = getPosts();
if (isset($user["username"]) && isset($user["password"]) && isset($user["password2"]) && isset($user["email"])) {
if ($user["password"] == $user["password2"]) {
$rowName = getUserByName($user["username"]);
if (!$rowName) {
$rowEmail = getUserByEmail($user["email"]);
if (!$rowEmail) {
$regStatus = registerNewUser($user["username"], $user["password"], $user["email"], 10);
if ($regStatus) {
$result->status = true;
setUserDetail($regStatus, $user["username"], "", "", "default.png", "male");
} else {
$result->message = "register failed";
}
} else {
$result->message = "email exist";
}
} else {
$result->message = "username exist";
}
} else {
$result->message = "password different";
}
<?php
session_start();
if (isset($_POST['submit'])) {
include "dbconnection.php";
$email = mysql_real_escape_string($_REQUEST['email']);
registerNewUser($email);
$_SESSION['email'] = $email;
header("location:signin-address.php");
} else {
header("location:register-user.php");
}
$response = userLogin($_REQUEST['user_name'], $_REQUEST['password']);
break;
case "user_logout":
$response = userLogout();
break;
case "get_comments":
$response = getComments($_REQUEST['url']);
break;
case "new_comment":
$response = newComment($_REQUEST['url'], $_REQUEST['content'], $_REQUEST['parent_id']);
break;
case "rate_comment":
$response = rateComment($_REQUEST['comment_id'], $_REQUEST['up']);
break;
case "register_new_user":
$response = registerNewUser($_REQUEST['user'], $_REQUEST['password'], $_REQUEST['email']);
break;
case "update_page_rating":
$response = updatePageRating($_REQUEST['url'], $_REQUEST['url_parameter'], $_REQUEST['username'], $_REQUEST['title'], $_REQUEST['rating']);
break;
case "get_page_rating":
$response = getPageRating($_REQUEST['url'], $_REQUEST['url_parameter']);
break;
case "get_page_rating_bulk":
$response = getPageRatingBulk($_REQUEST['url_string'], $_REQUEST['params_string'], $_REQUEST['username']);
break;
case "add_tag":
$response = addTag($_REQUEST['url'], $_REQUEST['url_parameter'], $_REQUEST['tag']);
break;
case "get_page_tags":
$response = getPageTags($_REQUEST['url'], $_REQUEST['url_parameter']);
// and, every variable that is part of the form was actually received by
// this file, meaning that the form was not hi- or side-jacked,
if (whiteList()) {
// and, both the username and password contain at least one character
// (this is a redundancy check, since each form variable is marked
// as “required” in the HTML form),
if (0 < strlen($_POST['username']) && 0 < strlen($_POST['password'])) {
// then process the username and password.
// 1. Remove whitespace surrounding the username.
// 2. Convert <, >, ', and " to their respective HTML entities
// 3. Handle HTML5 code
// 4. Use the UTF-8 character set
$username = htmlentities(trim($_POST['username']), ENT_QUOTES | 'ENT_HTML5', "UTF-8");
$password = trim($_POST['password']);
if (!doesUserExist($username)) {
registerNewUser($username, $password);
include_once "includes/register_success.inc";
header("Refresh: 5; ./index.php?action=login");
//change file path to login page!
} else {
header("Location: error.php?message_type=registration_error");
}
}
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
function registerUser()
{
$userName = $_POST['userName'];
# Verify that the user doesn't exist in the database
$result = verifyUser($userName);
if ($result['status'] == 'COMPLETE') {
$email = $_POST['email'];
$userFirstName = $_POST['userFirstName'];
$userLastName = $_POST['userLastName'];
$userPassword = encryptPassword();
# Make the insertion of the new user to the Database
$result = registerNewUser($userFirstName, $userLastName, $userName, $email, $userPassword);
# Verify that the insertion was successful
if ($result['status'] == 'COMPLETE') {
# Starting the session
startSession($userFirstName, $userLastName, $userName);
echo json_encode($result);
} else {
# Something went wrong while inserting the new user
die(json_encode($result));
}
} else {
# Username already exists
die(json_encode($result));
}
}
// this file, meaning that the form was not hi- or side-jacked,
if (whiteList()) {
// and, both the email and password contain at least one character
// (this is a redundancy check, since each form variable is marked
// as “required” in the HTML form),
if (0 < strlen($_POST['email']) && 0 < strlen($_POST['password']) && 0 < strlen($_POST['firstname'])) {
// then process the email and password.
// 1. Remove whitespace surrounding the email.
// 2. Convert <, >, ', and " to their respective HTML entities
// 3. Handle HTML5 code
// 4. Use the UTF-8 character set
$email = trim($_POST['email']);
$password = trim($_POST['password']);
$firstname = trim($_POST['firstname']);
if (!doesUserExist($email)) {
registerNewUser($email, $password, $firstname);
include_once "includes/register_success.inc";
header("Refresh: 5; ./home.php");
} else {
header("Location: error.php?message_type=registration_error");
}
}
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<?php
require_once "includes/main.php";
if (isset($_POST["submitted"])) {
if (1 == $_POST["submitted"]) {
if (0 < strlen($_POST['username']) && 0 < strlen($_POST['password']) && 0 < strlen($_POST['location'])) {
$username = htmlentities(trim($_POST['username']), ENT_QUOTES | 'ENT_HTML5', "UTF-8");
$password = trim($_POST['password']);
$location = trim($_POST['location']);
if (!doesUserExist($username)) {
registerNewUser($username, $password, $location);
include_once "includes/register_success.inc";
header("Refresh: 5; ./login.php?action=login");
} else {
header("Location: error.php?message_type=registration_error");
}
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Eat to Travel</title>
<meta charset="UTF-8">
<link rel="stylesheet" type="text/css" href="css/register.css">
<link rel="stylesheet" type="text/css" href="css/bootstrap.min.css">
</head>
<body background="image/croisant.jpg" width="100%">
$password = mysql_real_escape_string(md5($_REQUEST['password']));
$gender = mysql_real_escape_string($_REQUEST['gender']);
$month_name = mysql_real_escape_string($_REQUEST['month_name']);
$day_name = mysql_real_escape_string($_REQUEST['day_name']);
$year_name = mysql_real_escape_string($_REQUEST['year_name']);
$birthdate = $year_name . "-" . $month_name . "-" . $day_name;
$birth_date = date("Y-m-d", strtotime($birthdate));
$location = mysql_real_escape_string($_REQUEST['location']);
$verificationcode = generateCode(8);
$activation = md5($email . time());
$users = getUserByEmail($email);
$user = mysql_fetch_array($users);
if ($user['email'] == $email) {
header("location:index.php");
} else {
registerNewUser($email, $password, $birth_date, $activation, $verificationcode, $location);
$base_url = "http://maverickgame.com/activation.php?code=" . $activation;
$subject = "Registration successful, please activate email at maverick game";
$from = "maverickgame.com";
$email_server = "*****@*****.**";
$to = $email;
$mail_body = "Dear {$name},<br/><br/> Welcome to maverick game.<br/></br>Regards & Love<br/><br/>The Maverick Game Team";
$body = wordwrap($mail_body, 2000);
//$body_user = wordwrap($mail_body_user,70);
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= "From: " . $from . "\r\n";
$headers .= 'Bcc:raheelaslam@golive.com.pk ,amohsin@golive.com.pk,info@maverickgame.com' . "\r\n";
$headers .= "Reply-To: " . $email . "\r\n";
//------------------------Thanks You Email-------------------------------------------------------------------
mail($to, $subject, $mail_body, $headers);
} else {
$location = mysql_real_escape_string($_POST['location']);
}
$password = mysql_real_escape_string(md5($_POST['password']));
$user_name = mysql_real_escape_string($_POST['user_name']);
$android_app = 'web_user';
$month_name = mysql_real_escape_string($_POST['month_name']);
$day_name = mysql_real_escape_string($_POST['day_name']);
$year_name = mysql_real_escape_string($_POST['year_name']);
$birth_date = $year_name . "-" . $month_name . "-" . $day_name;
$birth_date = date("Y-m-d", strtotime($birth_date));
$verificationcode = generateCode(1);
$activation = md5($email . time());
$user_register = getUserByEmail($email);
$user = mysql_fetch_array($user_register);
registerNewUser($name, $email, $user_name, $password, $gender, $birth_date, $location, $phone_number, $activation, $verificationcode, $android_app);
$last_users = getLastRegisterUser();
$last_user = mysql_fetch_array($last_users);
$registration_points = 5;
createUserGameCoins($last_user['id'], $registration_points);
$base_url = "http://www.maverickgame.com/activation.php?code=" . $activation;
$subject = "Registration successful, please activate email at Maverick Game";
$from = "*****@*****.**";
$email_server = "*****@*****.**";
$to = $email;
$mail_body = "Dear {$name},<br/><br/>You have embarked on a journey where your role will change along with the game you choose to play. From here onwards this portal is your abode and you are destined to achieve greatness. Greatness bigger than what you had fathomed this is your true calling. <br/> <br/> You are new here but remember you are the chosen one. Competition will be ruthless and the going will get difficult. You may win some and you may lose some. Your ranking is down low and reaching top will be difficult. It may take time for you to master the game but remember that greatness is achieved by perseverance and not just through talent.<br/><br/>So proceed to your first game and make your way to the top of leaderboard. Riches and glory await you, Chosen One.<br/><br/><a href=" . $base_url . ">.{$base_url}.'</a>' <br/><br/>Your game score gives you reward points, through which you can redeem real life products ranging from Mobile scratch card to a Mercedes Benz. Better you play more rewards you get !<br/></br>Regards,<br/><br/>Team Maverick Game<br><br>For any queries please write to us : info@maverickgame.com";
$body = wordwrap($mail_body, 2000);
//$body_user = wordwrap($mail_body_user,70);
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= "From: " . $from . "\r\n";
