Example #1
0
     $design->footer();
     break;
     // mal kurz nen neuen user anlegen
 // mal kurz nen neuen user anlegen
 case 'createNewUser':
     $msg = '';
     if (!empty($_POST['name']) and !empty($_POST['pass']) and !empty($_POST['email']) and chk_antispam('adminuser_create', true)) {
         $_POST['name'] = escape($_POST['name'], 'string');
         $_POST['recht'] = escape($_POST['recht'], 'integer');
         $_POST['email'] = escape($_POST['email'], 'string');
         $erg = db_query("SELECT id FROM prefix_user WHERE name = BINARY '" . $_POST['name'] . "'");
         if (db_num_rows($erg) > 0) {
             $msg = 'Der Name ist leider schon vorhanden!';
         } else {
             $new_pass = $_POST['pass'];
             $passwordHash = user_pw_crypt($new_pass);
             db_query("INSERT INTO prefix_user (name,pass,recht,regist,llogin,email)\r\n\t\t    VALUES('" . $_POST['name'] . "','" . $passwordHash . "'," . $_POST['recht'] . ",'" . time() . "','" . time() . "','" . $_POST['email'] . "')");
             $userid = db_last_id();
             db_query("INSERT INTO prefix_userfields (uid,fid,val) VALUES (" . $userid . ",2,'1')");
             db_query("INSERT INTO prefix_userfields (uid,fid,val) VALUES (" . $userid . ",3,'1')");
             if (isset($_POST['info'])) {
                 $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
                 $page = str_replace('admin.php', 'index.php', $page);
                 $tpl = new tpl('user/new_user_email', 1);
                 $tpl->set('name', $_POST['name']);
                 $tpl->set('pass', $_POST['pass']);
                 $tpl->set('page', $page);
                 $txt = $tpl->get(0);
                 unset($tpl);
                 icmail($_POST['email'], 'Admin hat dich angelegt', $txt);
             }
Example #2
0
         }
         $tpl->set_ar_out($row, 2);
         profilefields_change($_SESSION['authid']);
         $tpl->out(3);
     } else {
         $tpl = new tpl('user/login.htm');
         $tpl->set_out('WDLINK', 'index.php', 0);
     }
 } elseif ($csrfCheck) {
     # submit
     # change poassword
     if (!empty($_POST['np1']) and !empty($_POST['np2']) and !empty($_POST['op'])) {
         if ($_POST['np1'] == $_POST['np2']) {
             $akpw = db_result(db_query("SELECT pass FROM prefix_user WHERE id = " . $_SESSION['authid']), 0);
             if (user_pw_check($_POST['op'], $akpw)) {
                 $newpw = user_pw_crypt($_POST['np1']);
                 db_query("UPDATE prefix_user SET pass = '******' WHERE id = " . $_SESSION['authid']);
                 user_set_cookie($_SESSION['authid'], $newpw);
                 $fmsg = $lang['passwortchanged'];
             } else {
                 $fmsg = $lang['passwortwrong'];
             }
         } else {
             $fmsg = $lang['passwortnotequal'];
         }
     }
     # avatar speichern START
     $avatar_sql_update = '';
     if (!empty($_FILES['avatarfile']['name']) and $allgAr['forum_avatar_upload']) {
         $file_tmpe = $_FILES['avatarfile']['tmp_name'];
         $rile_type = ic_mime_type($_FILES['avatarfile']['tmp_name']);
Example #3
0
function user_regist($name, $mail, $pass)
{
    global $allgAr, $lang;
    $erg = db_query("SELECT id FROM prefix_user WHERE name = BINARY '" . $name . "'");
    if (db_num_rows($erg) > 0) {
        return false;
    }
    if ($allgAr['forum_regist_user_pass'] == 0) {
        $new_pass = genkey(8);
    } else {
        $new_pass = $pass;
    }
    $passwordHash = user_pw_crypt($new_pass);
    $confirmlinktext = '';
    # confirm insert in confirm tb not confirm insert in user tb
    if ($allgAr['forum_regist_confirm_link'] == 1) {
        # confirm link + text ... bit of shit put it in languages file
        $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
        $id = md5(uniqid(rand()));
        $confirmlinktext = "\n" . $lang['registconfirm'] . "\n\n" . sprintf($lang['registconfirmlink'], $page, $id);
        db_query("INSERT INTO prefix_usercheck (`check`,name,email,pass,datime,ak)\n\t\tVALUES ('" . $id . "','" . $name . "','" . $mail . "','" . $passwordHash . "',NOW(),1)");
    } else {
        db_query("INSERT INTO prefix_user (name,pass,recht,regist,llogin,email,status,opt_mail,opt_pm)\n\t\tVALUES('" . $name . "','" . $passwordHash . "',-1,'" . time() . "','" . time() . "','" . $mail . "',1,1,1)");
        $userid = db_last_id();
    }
    $regmail = sprintf($lang['registemail'], $name, $confirmlinktext, $name, $new_pass);
    icmail($mail, 'Anmeldung', $regmail);
    # email an user
    return true;
}