}
$errors = array();
if (isset($_POST["register"])) {
// keep it atomic
db()->exec("BEGIN TRANSACTION;");
// check input
if (!isset($_POST["username"]) || empty($_POST["username"])) {
$errors[] = "You need to specify a username";
} else {
if (preg_match('%^[^_0-9]%', $_POST["username"]) && !preg_match('%^\\w%', $_POST["username"])) {
$errors[] = "Your username must start with an alphanumeric character";
} else {
if (!preg_match('%^[\\w.-]+$%', $_POST["username"])) {
$errors[] = "Your username can only contain alphanumeric characters, dots, underscores and hyphens";
} else {
if (userexists($_POST["username"])) {
$errors[] = "This username has already been taken";
}
}
}
}
if ($_POST["password"] != $_POST["password2"]) {
$errors[] = "The passwords you entered didn't match";
} else {
if (!isset($_POST["password"]) || empty($_POST["password"])) {
$errors[] = "You need to specify a password";
}
}
// grant privileges if this is the first user
$privileges = db()->querySingle("SELECT COUNT(*) FROM users;") == 0 ? 1 : 0;
if (empty($errors)) {
login($con, @$_REQUEST['username'], @$_REQUEST['password'], $ip);
} else {
if ($ask == "logout") {
logout($con, $token, $ip);
} else {
if ($ask == "register") {
register($con, $ip);
} else {
if ($ask == "boardcast") {
boardcast($con, $token, $text);
} else {
if ($ask == "getuser") {
getuser($con, $token);
} else {
if ($ask == "userexists") {
userexists($con);
} else {
if ($ask == "hot") {
hot($con, $token);
} else {
if ($ask == "news") {
news($con, $token);
} else {
if ($ask == "tidinfo") {
tidinfo($con, $bid, $tid);
} else {
if ($ask == "recentpost") {
recentpost($con, $view);
} else {
if ($ask == "recentreply") {
recentreply($con, $view);
function loggedin()
{
return isset($_SESSION[SITE_TITLE . "_username"]) && isset($_SESSION[SITE_TITLE . "_passwordhash"]) && userexists($_SESSION[SITE_TITLE . "_username"], $_SESSION[SITE_TITLE . "_passwordhash"], true);
}
* Question Bank
*/
/*------------------------------------------------------------------------------
(c) 2010 JISC-funded EASiHE project, University of Southampton
Licensed under the Creative Commons 'Attribution non-commercial share alike'
licence -- see the LICENCE file for more details
------------------------------------------------------------------------------*/
if (!userhasprivileges()) {
forbidden();
}
$message = null;
if (isset($_REQUEST["action"])) {
if (!isset($_REQUEST["user"])) {
badrequest("no user specified");
}
if (!userexists($_REQUEST["user"])) {
badrequest("user doesn't exist");
}
switch ($_REQUEST["action"]) {
case "delete":
if ($_REQUEST["user"] == username()) {
badrequest("you can't delete yourself");
}
db()->exec("UPDATE users SET deleted=1 WHERE username='******';");
$message = "User <strong>" . htmlspecialchars($_REQUEST["user"]) . "</strong> has been deleted";
break;
case "undelete":
db()->exec("UPDATE users SET deleted=0 WHERE username='******';");
$message = "User <strong>" . htmlspecialchars($_REQUEST["user"]) . "</strong> has been undeleted";
break;
case "grant":
public function setpass($newpass)
{
if (!userexists()) {
return FALSE;
}
global $USERSTABLE;
$newpass = hashpass($newpass);
if (isset($_SESSION['granted'])) {
$sql = "UPDATE `{$USERSTABLE}` SET pass='******' WHERE `userID`={$_SESSION['granted']};";
db_uquery($sql);
}
}
//รูปรวมพาธ ไอคอนของสมาชิก
if ($field_usericon != '' && $listmember[$field_usericon] != '') {
//รูปรวมพาธ ไอคอนของสมาชิก ถ้าไม่มีให้ลบออก
$membericon = $usericon_path . $listmember[$field_usericon];
//$membericon = "http://localhost/gcdnew/uploads/users/4cca6f7f26c04.jpg";
//if (file_exists($membericon)) {
$userdata = $membericon;
//รูปรวมพาธ ไอคอนของสมาชิก
//}
}
}
@mysql_close($dbconnection);
//ยกเลิกการติดต่อกับฐานข้อมูล
} elseif (stristr(",{$forbidden},", ",{$user},") === FALSE) {
//ตรวจสอบชื่อสงวน ไม่ให้ใช้ชื่อสงวน และชื่อคนที่ online อยู่แล้ว
$useronline = userexists($user);
}
if (!$useronline) {
//login สำเร็จ
//บันทึกลง session สำหรับ sticker
$_SESSION[sticker_user] = $user;
$_SESSION[sticker_password] = $passwd;
//บันทึกลง cookie
setCookie("chatuser", $user, time() + 3600 * 24 * 365);
setCookie("chatpasswd", $passwd, time() + 3600 * 24 * 365);
setCookie("chaticon", $usericon, time() + 3600 * 24 * 365);
setCookie("chatcolor", $usercolor, time() + 3600 * 24 * 365);
//บันทึกลง session id|username|userdata|usercolor|displayname|userid
$_SESSION[chatuserdata] = session_id() . "|{$user}|{$userdata}|{$usercolor}|{$displayname}|{$memberid}";
//บันทึกลง session = ชื่อห้อง
$_SESSION[chatroom] = urlencode($rooms[0]);
