$username = c_trim(strtolower($_POST['username'])); $email = c_trim(strtolower($_POST['email'])); if ($username == "") { show_error("REGISTER_ERROR_2", $modul_name); exit; } if (!preg_match("/^[0-9a-z_-]{3,15}\$/i", $username)) { show_error("REGISTER_ERROR_4", $modul_name); exit; } if ($email == "") { show_error("REGISTER_ERROR_2", $modul_name); exit; } $result = $db->query("SELECT username,email,password FROM cc" . $n . "_users WHERE username='******'"); $row = $db->fetch_array($result); if ($row['username'] != $username) { show_error("LN_NOTE_REGISTER_FOROTT_2", $modul_name); exit; } if ($row['email'] != $email) { show_error("LN_NOTE_REGISTER_FOROTT_3", $modul_name); exit; } $new_password = password(8); $md5_pw = md5($new_password); $db->query("UPDATE cc" . $n . "_users SET password='******' WHERE username='******'"); send_register_mail($email, "mail_register_forgott.html", $modul_name, $username, $new_password, 0, 0); show_error("LN_NOTE_REGISTER_FOROTT_4", $modul_name); exit; }
function add_user($email, $user, $lvl, $password = null) { $conf = configurations(); //verif erreur if (is_array($email)) { return 'attack'; } if (is_array($user)) { return 'attack'; } //si l'utilisateur existe if (check_user(array('email' => $email))) { return 'userexist'; } if ($lvl == 'vip') { $lvl = 'user'; $vip = true; } else { $vip = false; } if (isset($_POST['project']) && is_array($_POST['project']) && $lvl !== 'admin') { foreach ($_POST['project'] as $value) { if (!is_array(myfilter($value, '_id'))) { $projects[] = myfilter($value, '_id'); } } } else { $projects[] = null; } if (!$password) { $password = random_password(); } $hash = crypt($password); $reset = uniqid('', true); $con = new Mongo(); $db = $con->{$conf}['base']->{$conf}['user']; try { $db->insert(array('email' => $email, 'user' => $user, 'password' => $hash, 'lvl' => $lvl, 'reset' => $reset, 'projects' => $projects, 'vip' => $vip, 'notification' => true), array('safe' => true)); } catch (MongoCursorException $e) { trigger_error("Insert failed " . $e->getMessage()); return 'db_error'; } send_register_mail($email, $user, $password, $conf['lang']); return 'useradded'; }
<?php include_once 'functions.php'; if (!$_POST) { print html5_admin_adduser('fr', null, 'adduser.php'); } else { $test = add_user($_POST['usr_email'], $_POST['username'], 'admin'); if ($test[0] === true) { send_register_mail($_POST['usr_email'], $_POST['username'], $test[1], 'fr'); echo 'ok'; } else { echo $test[1]; } }