function add_user($values) { if (!isset($values['name'], $values['login'], $values['email'], $values['level'])) { return '$scadmin->add_user() must be called with an array containing the name, login, email, and level values!'; } $name = safe_text($values['name'], 150); $login = safe_text($values['login'], 50); if (strlen($name) > 1 && strlen($login) > 4) { $pass = $values['pass'] == $values['pass2'] ? pwhash($values['pass']) : false; if ($pass === false) { return 'Your passwords don't match!'; } else { $datetime = NOW; $insert = $scdb->query("INSERT INTO `{$scdb->users}` (login, pass, name, level, join_date) VALUES ('{$login}','{$pass}','{$name}','1','{$datetime}')"); if (!$insert) { return 'Failed to add the user to the DB!<br />' . mysql_error(); } else { return 'Added User: <em>' . $login . '</em> !'; } } } else { return 'Your name or login is too short!'; } return false; // this is actually means all went okay }
//changes password if (isset($_POST['changepw'])) { if ($_POST['password1'] != '' and $_POST['password2'] != '' and $_POST['password3'] != '') { $password1 = $_POST["password1"]; $password2 = $_POST["password2"]; $password3 = $_POST["password3"]; $email = $_SESSION["email"]; if ($password2 != $password3) { $_SESSION["error"] = "newpwmatch"; header("Location:settings.php"); } else { if (pwcheck($password1, mysqli_fetch_assoc(mysqli_query($con, "SELECT passwordHash FROM owner WHERE email='{$email}'"))['passwordHash']) != 1) { $_SESSION["error"] = "oldpwmatch"; header('Location:settings.php'); } else { $hash = pwhash($password2); mysqli_query($con, "UPDATE owner SET passwordHash='{$hash}' WHERE email='{$email}'"); $_SESSION["error"] = "pwupdated"; header("Location:settings.php"); } } } else { $_SESSION["error"] = "pwsnotthere"; header("Location:settings.php"); } } if (isset($_POST['addurl'])) { echo checkadmin($_SESSION["userid"], $con); if (checkadmin($_SESSION["userid"], $con) == true) { header('Location:home.php'); } else {
} } } } //redirects users to the registry page if (isset($_POST['registryform'])) { header("Location:registry.php"); } //registers the users on the DB, does all the appropriate checks. if (isset($_POST['register'])) { if ($_POST['email'] != '' and $_POST['password'] != '') { $email = $_POST["email"]; $password = $_POST["password"]; $query = mysqli_num_rows(mysqli_query($con, "SELECT email FROM owner WHERE email='{$email}'")); if ($query == 0) { $password = pwhash($password); mysqli_query($con, "INSERT INTO owner (email,passwordHash) VALUES ('{$email}','{$password}' )"); $_SESSION["error"] = "none"; $_SESSION["userid"] = mysqli_fetch_assoc(mysqli_query($con, "SELECT ownerid FROM owner WHERE email={$email}"))['ownerid']; header('Location:index.php'); } else { if ($query != 0) { $_SESSION["error"] = "emailexist"; header('Location:registry.php'); } } } else { $_SESSION["error"] = "fieldcheck"; header('Location:registry.php'); } }
<?php require '../config.php'; require PHP_DIR . 'functions.php'; $message = ''; if (isset($_POST['submit'])) { if (preg_match('/\\W/', $_POST['form_login']) || isset($_POST['form_login'][99])) { $message .= '<p class="error">Invalid Username: Must be between 6 & 100 alphanumeric characters!</p>'; } if (preg_match('/\\W/', $_POST['form_password']) || isset($_POST['form_password'][99])) { $message .= '<p class="error">Invalid Password: Must be between 6 & 100 alphanumeric characters!</p>'; } if ('' == $message) { $user = safe_text($_POST['form_login']); $pass = pwhash($_POST['form_password']); $info = $scdb->get_row("SELECT level, email, nicename, ID FROM `{$scdb->users}` WHERE `login` = '{$user}' && `pass` = '" . $pass . "' LIMIT 1", ARRAY_A); if ($scdb->num_rows == 1) { $_SESSION['user'] = $user; $_SESSION['uid'] = (int) $info['uid']; $_SESSION['email'] = $info['email']; $_SESSION['name'] = $info['nicename']; $_SESSION['level'] = (int) $info['level']; $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; $_HOST = parse_url(DOMAIN, PHP_URL_HOST); setcookie('user', $_SESSION['user'], TIME + COOKIE_EXPIRES, '/', $_HOST); setcookie('email', $_SESSION['email'], TIME + COOKIE_EXPIRES, '/', $_HOST); setcookie('name', $_SESSION['name'], TIME + COOKIE_EXPIRES, '/', $_HOST); if (!isset($_SESSION['redirect'])) { $_SESSION['redirect'] = 'index.php'; } header('Location: ' . $_SESSION['redirect']);