Esempio n. 1
0
        $password = $_POST['password'];
        $info = $_POST['info'];
        $email = $_POST['email'];
        // To protect MySQL injection for Security purpose
        $username = stripslashes($username);
        $name = stripslashes($name);
        $password = stripslashes($password);
        $email = stripslashes($email);
        $username = mysql_real_escape_string($username);
        $name = mysql_real_escape_string($name);
        $password = mysql_real_escape_string($password);
        $email = mysql_real_escape_string($email);
        //SQL to check if user is already existing
        $row = checkAndGetBackUsername($username);
        $existing = $row['username'];
        echo "<b></b>";
        if (!isset($existing)) {
            $hashedPassword = md5($password);
            if (addNewLoginUser($username, $hashedPassword, 'admin')) {
                addNewAdmin($username, $name, $info, $email);
                echo '<script>showSuccess("New Admin Added!");</script>';
            } else {
                echo '<script>showError("Error while adding user!");</script>';
            }
        } else {
            echo '<script>showError("ERROR: User alreay exists!");</script>';
        }
        mysql_close($connection);
        // Closing Connection
    }
}
<?php

require_once "../../../include/config.php";
require_once $basedir . "/admin/include/functions.php";
$private_key = $config['private_key'];
$hash = isset($_POST['hash']) ? $_POST['hash'] : 0;
$public_key = isset($_POST['public']) ? $_POST['public'] : 0;
$time = isset($_POST['t']) ? $_POST['t'] : 0;
$myhash = md5($public_key . $private_key . $time);
if ($hash != $myhash) {
    echo json_encode(array('error' => 1, 'status' => 'Hash is invalid'));
    exit;
}
/*
uri += '&sn=' + site_name + '&sd=' + site_desc + '&sk=' + site_keywords;
uri += '&sl=' + select_lang + '&tz=' = timezone + '&cu=' + currency;
uri += '&co=' + commission + '&rgr=' + recgameresult + '&rds=' + recdaisal + '&rud=' recuserdeposit;
*/
$data = array('name' => $_POST['name'], 'email' => $_POST['email'], 'nick' => $_POST['nick'], 'password1' => $_POST['p1'], 'password2' => $_POST['p2']);
if ($data['password1'] != $data['password2']) {
    echo json_encode(array('error' => 'Password did not match'));
    exit;
}
$bool = addNewAdmin($data);
if ($bool) {
    echo json_encode(array('error' => '', 'status' => 'success'));
    exit;
} else {
    echo json_encode(array('error' => 1, 'status' => 'fail'));
    exit;
}
Esempio n. 3
0
$page_content='';
switch ($cmd) {
	case 'new' :
		$page_content=addNewAdmin();
		break;
	case 'edit' :
		if (isset($_GET['username']) && array_get($_GET, 'aid', 0) == 0){
			$db = new DBConnection();
			$query = 'SELECT id FROM ul_logins WHERE username="******" LIMIT 1';
			$res = $db->rq($query);
			$row = $db->fetch($res);
            
			$_GET['aid'] = $row['id'];
		}
		$page_content = addNewAdmin($_GET['aid']+0);
		break;
	case 'delete' :
		if (isAppLoggedIn()){
            $db = new DBConnection();
			$currentData = $db->getRow('ul_logins', 'id='.($_GET['aid']+0).'');
            
            $ulogin->DeleteUser($_GET['aid']);
			
			addLog('Back-end','Back-end users',''.$currentData['name'].' ('.$currentData['ref'].')',''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')','Admin deleted');
			
			$db->close();
			header('Location: users_admins.php');
			exit();
		}
		break;