$design->footer(); break; // mal kurz nen neuen user anlegen // mal kurz nen neuen user anlegen case 'createNewUser': $msg = ''; if (!empty($_POST['name']) and !empty($_POST['pass']) and !empty($_POST['email']) and chk_antispam('adminuser_create', true)) { $_POST['name'] = escape($_POST['name'], 'string'); $_POST['recht'] = escape($_POST['recht'], 'integer'); $_POST['email'] = escape($_POST['email'], 'string'); $erg = db_query("SELECT id FROM prefix_user WHERE name = BINARY '" . $_POST['name'] . "'"); if (db_num_rows($erg) > 0) { $msg = 'Der Name ist leider schon vorhanden!'; } else { $new_pass = $_POST['pass']; $passwordHash = user_pw_crypt($new_pass); db_query("INSERT INTO prefix_user (name,pass,recht,regist,llogin,email)\r\n\t\t VALUES('" . $_POST['name'] . "','" . $passwordHash . "'," . $_POST['recht'] . ",'" . time() . "','" . time() . "','" . $_POST['email'] . "')"); $userid = db_last_id(); db_query("INSERT INTO prefix_userfields (uid,fid,val) VALUES (" . $userid . ",2,'1')"); db_query("INSERT INTO prefix_userfields (uid,fid,val) VALUES (" . $userid . ",3,'1')"); if (isset($_POST['info'])) { $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"]; $page = str_replace('admin.php', 'index.php', $page); $tpl = new tpl('user/new_user_email', 1); $tpl->set('name', $_POST['name']); $tpl->set('pass', $_POST['pass']); $tpl->set('page', $page); $txt = $tpl->get(0); unset($tpl); icmail($_POST['email'], 'Admin hat dich angelegt', $txt); }
} $tpl->set_ar_out($row, 2); profilefields_change($_SESSION['authid']); $tpl->out(3); } else { $tpl = new tpl('user/login.htm'); $tpl->set_out('WDLINK', 'index.php', 0); } } elseif ($csrfCheck) { # submit # change poassword if (!empty($_POST['np1']) and !empty($_POST['np2']) and !empty($_POST['op'])) { if ($_POST['np1'] == $_POST['np2']) { $akpw = db_result(db_query("SELECT pass FROM prefix_user WHERE id = " . $_SESSION['authid']), 0); if (user_pw_check($_POST['op'], $akpw)) { $newpw = user_pw_crypt($_POST['np1']); db_query("UPDATE prefix_user SET pass = '******' WHERE id = " . $_SESSION['authid']); user_set_cookie($_SESSION['authid'], $newpw); $fmsg = $lang['passwortchanged']; } else { $fmsg = $lang['passwortwrong']; } } else { $fmsg = $lang['passwortnotequal']; } } # avatar speichern START $avatar_sql_update = ''; if (!empty($_FILES['avatarfile']['name']) and $allgAr['forum_avatar_upload']) { $file_tmpe = $_FILES['avatarfile']['tmp_name']; $rile_type = ic_mime_type($_FILES['avatarfile']['tmp_name']);
function user_regist($name, $mail, $pass) { global $allgAr, $lang; $erg = db_query("SELECT id FROM prefix_user WHERE name = BINARY '" . $name . "'"); if (db_num_rows($erg) > 0) { return false; } if ($allgAr['forum_regist_user_pass'] == 0) { $new_pass = genkey(8); } else { $new_pass = $pass; } $passwordHash = user_pw_crypt($new_pass); $confirmlinktext = ''; # confirm insert in confirm tb not confirm insert in user tb if ($allgAr['forum_regist_confirm_link'] == 1) { # confirm link + text ... bit of shit put it in languages file $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"]; $id = md5(uniqid(rand())); $confirmlinktext = "\n" . $lang['registconfirm'] . "\n\n" . sprintf($lang['registconfirmlink'], $page, $id); db_query("INSERT INTO prefix_usercheck (`check`,name,email,pass,datime,ak)\n\t\tVALUES ('" . $id . "','" . $name . "','" . $mail . "','" . $passwordHash . "',NOW(),1)"); } else { db_query("INSERT INTO prefix_user (name,pass,recht,regist,llogin,email,status,opt_mail,opt_pm)\n\t\tVALUES('" . $name . "','" . $passwordHash . "',-1,'" . time() . "','" . time() . "','" . $mail . "',1,1,1)"); $userid = db_last_id(); } $regmail = sprintf($lang['registemail'], $name, $confirmlinktext, $name, $new_pass); icmail($mail, 'Anmeldung', $regmail); # email an user return true; }