Esempio n. 1
0
function addNewUser($email,$password = "") {
/*
    "id" => array("integer not null primary key auto_increment","sys:ID"),
    "email" => array("varchar(255) not null","Email"),
    "confirmed" => array("tinyint default 0","sys:Is the email of this user confirmed"),
    "entered" => array("datetime","sys:Time Created"),
    "modified" => array("timestamp","sys:Time modified"),
    "uniqid" => array("varchar(255)","sys:Unique ID for User"),
    "unique" => array("(email)","sys:unique"),
    "htmlemail" => array("tinyint default 0","Send this user HTML emails"),
    "subscribepage" => array("integer","sys:Which page was used to subscribe"),
    "rssfrequency" => array("varchar(100)","RSS Frequency"),
    "password" => array("varchar(255)","Password"),
    "passwordchanged" => array("datetime","sys:Last time password was changed"),
    "disabled" => array("tinyint default 0","Is this account disabled?"),
    "extradata" => array("text","Additional data"),
*/
  // insert into user db
  Sql_Query(sprintf('insert into user set email = "%s",
    entered = now(),modified = now(),password = "%s",
    passwordchanged = now(),disabled = 0,
    uniqid = "%s",htmlemail = 1
    ', $email,$password,getUniqid()));
  $id = Sql_Insert_Id();
  return $id;
}
Esempio n. 2
0
 function addEmail($email, $password = "")
 {
     Sql_Query(sprintf('insert into user set email = "%s",
   entered = now(),password = "%s",
   passwordchanged = now(),disabled = 0,
   uniqid = "%s",htmlemail = 1
   ', $email, $password, getUniqid()), 1);
     $id = Sql_Insert_Id();
     if (is_array($_SESSION["userdata"])) {
         saveUserByID($id, $_SESSION["userdata"]);
     }
     $_SESSION["userid"] = $id;
     return $id;
 }
Esempio n. 3
0
<?php

if (empty($_SESSION['last_addemail'])) {
    $_SESSION['last_addemail'] = 0;
}
if (!empty($_GET['email'])) {
    $delay = time() - $_SESSION['last_addemail'];
    if ($delay > ADD_EMAIL_THROTTLE) {
        $_SESSION['last_addemail'] = time();
        Sql_Query(sprintf('insert into %s (email,uniqid,htmlemail,entered) values("%s","%s",1,now())', $GLOBALS['tables']['user'], sql_escape($_GET['email']), getUniqid()), 1);
        addUserHistory($_GET['email'], 'Added by ' . adminName(), '');
        $status = $GLOBALS['I18N']->get('Email address added');
    } else {
        # pluginsCall('processError','Error adding email address, throttled');
        foreach ($GLOBALS['plugins'] as $plname => $plugin) {
            $plugin->processError('Add email throttled ' . $delay);
        }
        $status = $GLOBALS['I18N']->get('Adding email address failed');
    }
}
Esempio n. 4
0
       $result = Sql_query(sprintf('SELECT id,uniqid FROM %s
 WHERE email = "%s"', $tables["user"], $importuser["email"]));
       if (Sql_affected_rows()) {
           // Email exist, remember some values to add them to the lists
           $count_exist++;
           $user = Sql_fetch_array($result);
           $userid = $user["id"];
           $uniqid = $user["uniqid"];
           Sql_Query(sprintf('update %s set htmlemail = %d where id = %d', $tables["user"], $_POST["markhtml"] ? "1" : "0", $userid));
       } else {
           // Email does not exist
           $new = 1;
           // Create unique number
           mt_srand((double) microtime() * 1000000);
           $randval = mt_rand();
           $uniqid = getUniqid();
           $query = sprintf('INSERT INTO %s (email,entered,confirmed,uniqid,htmlemail)
    values("%s",current_timestamp,%d,"%s",%d)', $tables["user"], $importuser["email"], $_POST["notify"] != "yes", $uniqid, $_POST["markhtml"] ? "1" : "0");
           $result = Sql_query($query);
           $userid = Sql_Insert_Id($tables['user'], 'id');
           $count_email_add++;
           $some = 1;
       }
       if ($_POST["overwrite"] == "yes") {
           if ($usetwo) {
               Sql_query(sprintf('replace into %s (attributeid,userid,value) values(%d,%d,"%s")', $tables["user_attribute"], $firstname_att_id, $userid, $importuser["firstname"]));
               Sql_query(sprintf('replace into %s (attributeid,userid,value) values(%d,%d,"%s")', $tables["user_attribute"], $lastname_att_id, $userid, $importuser["lastname"]));
           } else {
               Sql_query(sprintf('replace into %s (attributeid,userid,value) values(%d,%d,"%s")', $tables["user_attribute"], $name_att_id, $userid, $importuser["personal"]));
           }
       }
Esempio n. 5
0
function addNewUser($email, $password = "")
{
    if (empty($GLOBALS['tables']['user'])) {
        $GLOBALS['tables']['user'] = 'user';
    }
    /*
        "id" => array("integer not null primary key auto_increment","sys:ID"),
        "email" => array("varchar(255) not null","Email"),
        "confirmed" => array("tinyint default 0","sys:Is the email of this user confirmed"),
        "entered" => array("datetime","sys:Time Created"),
        "modified" => array("timestamp","sys:Time modified"),
        "uniqid" => array("varchar(255)","sys:Unique ID for User"),
        "unique" => array("(email)","sys:unique"),
        "htmlemail" => array("tinyint default 0","Send this user HTML emails"),
        "subscribepage" => array("integer","sys:Which page was used to subscribe"),
        "rssfrequency" => array("varchar(100)","rss Frequency"), // Leftover from the preplugin era
        "password" => array("varchar(255)","Password"),
        "passwordchanged" => array("datetime","sys:Last time password was changed"),
        "disabled" => array("tinyint default 0","Is this account disabled?"),
        "extradata" => array("text","Additional data"),
    */
    // insert into user db
    $exists = Sql_Fetch_Row_Query(sprintf('select id from %s where email = "%s"', $GLOBALS['tables']['user'], $email));
    if ($exists[0]) {
        return $exists[0];
    }
    $passwordEnc = encryptPass($password);
    Sql_Query(sprintf('insert into %s set email = "%s",
    entered = now(),modified = now(),password = "%s",
    passwordchanged = now(),disabled = 0,
    uniqid = "%s",htmlemail = 1
    ', $GLOBALS['tables']['user'], $email, $passwordEnc, getUniqid()));
    $id = Sql_Insert_Id();
    return $id;
}
Esempio n. 6
0
 # now check whether this user already exists.
 $email = $_POST["email"];
 if (preg_match("/(.*)\n/U", $email, $regs)) {
     $email = $regs[1];
 }
 $result = Sql_query("select * from {$GLOBALS["tables"]["user"]} where email = \"{$email}\"");
 #"
 if (isset($_POST['rssfrequency'])) {
     $rssfrequency = validateRssFrequency($_POST['rssfrequency']);
 } else {
     $rssfrequency = '';
 }
 if (!Sql_affected_rows()) {
     # they do not exist, so add them
     $query = sprintf('insert into %s (email,entered,uniqid,confirmed,
   htmlemail,subscribepage,rssfrequency) values("%s",now(),"%s",0,%d,%d,"%s")', $GLOBALS["tables"]["user"], addslashes($email), getUniqid(), $htmlemail, $id, $rssfrequency);
     $result = Sql_query($query);
     $userid = Sql_Insert_Id();
     addSubscriberStatistics('total users', 1);
 } else {
     # they do exist, so update the existing record
     # read the current values to compare changes
     $old_data = Sql_fetch_array($result);
     if (ASKFORPASSWORD && $old_data["password"]) {
         if (ENCRYPTPASSWORD) {
             $canlogin = md5($_POST["password"]) == $old_data["password"];
         } else {
             $canlogin = $_POST["password"] == $old_data["password"];
         }
         if (!$canlogin) {
             $msg = $GLOBALS["strUserExists"];
Esempio n. 7
0
 function addEmail($email, $password = "")
 {
     ## don't touch the password if it's empty
     if (!empty($password)) {
         $passwordchange = sprintf('password = "%s",
   passwordchanged = current_timestamp,', $password);
     } else {
         $passwordchange = '';
     }
     Sql_Query(sprintf('insert into user set email = "%s",
   entered = current_timestamp,%s disabled = 0,
   uniqid = "%s",htmlemail = 1
   ', $email, $passwordchange, getUniqid()), 1);
     $id = Sql_Insert_Id('user', 'id');
     if (is_array($_SESSION["userdata"])) {
         saveUserByID($id, $_SESSION["userdata"]);
     }
     $_SESSION["userid"] = $id;
     return $id;
 }
Esempio n. 8
0
 # make sure to save the correct data
 if ($subscribepagedata["htmlchoice"] == "checkfortext" && empty($_POST["textemail"])) {
     $htmlemail = 1;
 } else {
     $htmlemail = !empty($_POST["htmlemail"]);
 }
 # now check whether this user already exists.
 $email = $_POST["email"];
 if (preg_match("/(.*)\n/U", $email, $regs)) {
     $email = $regs[1];
 }
 $result = Sql_query(sprintf('select * from %s where email = "%s"', $GLOBALS["tables"]["user"], sql_escape($email)));
 if (!Sql_affected_rows()) {
     # they do not exist, so add them
     $query = sprintf('insert into %s (email,entered,uniqid,confirmed,
 htmlemail,subscribepage) values("%s",current_timestamp,"%s",0,%d,%d)', $GLOBALS["tables"]["user"], sql_escape($email), getUniqid(), $htmlemail, $id);
     $result = Sql_query($query);
     $userid = Sql_Insert_Id($GLOBALS['tables']['user'], 'id');
     addSubscriberStatistics('total users', 1);
 } else {
     # they do exist, so update the existing record
     # read the current values to compare changes
     $old_data = Sql_fetch_array($result);
     if (ASKFORPASSWORD && $old_data["password"]) {
         $encP = encryptPass($_POST["password"]);
         $canlogin = !empty($encP) && !empty($_POST['password']) && $encP == $old_data["password"];
         #     print $canlogin.' '.$_POST['password'].' '.$encP.' '. $old_data["password"];
         if (!$canlogin) {
             $msg = '<p class="error">' . $GLOBALS["strUserExists"] . '</p>';
             $msg .= '<p class="information">' . $GLOBALS["strUserExistsExplanationStart"] . sprintf('<a href="%s&amp;email=%s">%s</a>', getConfig("preferencesurl"), $email, $GLOBALS["strUserExistsExplanationLink"]) . $GLOBALS["strUserExistsExplanationEnd"] . '</p>';
             return;
Esempio n. 9
0
 # make sure to save the correct data
 if ($subscribepagedata['htmlchoice'] == 'checkfortext' && empty($_POST['textemail'])) {
     $htmlemail = 1;
 } else {
     $htmlemail = !empty($_POST['htmlemail']);
 }
 # now check whether this user already exists.
 $email = $_POST['email'];
 if (preg_match("/(.*)\n/U", $email, $regs)) {
     $email = $regs[1];
 }
 $result = Sql_query(sprintf('select * from %s where email = "%s"', $GLOBALS['tables']['user'], sql_escape($email)));
 if (!Sql_affected_rows()) {
     # they do not exist, so add them
     $query = sprintf('insert into %s (email,entered,uniqid,confirmed,
 htmlemail,subscribepage) values("%s",now(),"%s",0,%d,%d)', $GLOBALS['tables']['user'], sql_escape($email), getUniqid(), $htmlemail, $id);
     $result = Sql_query($query);
     $userid = Sql_Insert_Id();
     addSubscriberStatistics('total users', 1);
 } else {
     # they do exist, so update the existing record
     # read the current values to compare changes
     $old_data = Sql_fetch_array($result);
     if (ASKFORPASSWORD && $old_data['password']) {
         $encP = encryptPass($_POST['password']);
         $canlogin = !empty($encP) && !empty($_POST['password']) && $encP == $old_data['password'];
         #     print $canlogin.' '.$_POST['password'].' '.$encP.' '. $old_data["password"];
         if (!$canlogin) {
             $msg = '<p class="error">' . $GLOBALS['strUserExists'] . '</p>';
             $msg .= '<p class="information">' . $GLOBALS['strUserExistsExplanationStart'] . sprintf('<a href="%s&amp;email=%s">%s</a>', getConfig('preferencesurl'), $email, $GLOBALS['strUserExistsExplanationLink']) . $GLOBALS['strUserExistsExplanationEnd'] . '</p>';
             return;
Esempio n. 10
0
"><input type=submit name=subscribe value="<?php 
            echo $GLOBALS['I18N']->get('add user');
            ?>
"></form></td></tr></table>
      <?php 
            return;
        }
    }
}
if (isset($_REQUEST["doadd"])) {
    if ($_POST["action"] == "insert") {
        $email = trim($_POST["email"]);
        print $GLOBALS['I18N']->get("Inserting user") . " {$email}";
        $result = Sql_query(sprintf('
      insert into %s (email,entered,confirmed,htmlemail,uniqid)
       values("%s",now(),1,%d,"%s")', $tables["user"], $email, $htmlemail, getUniqid()));
        $userid = Sql_insert_id();
        $query = "insert into {$tables['listuser']} (userid,listid,entered)\n values({$userid},{$id},now())";
        $result = Sql_query($query);
        # remember the users attributes
        $res = Sql_Query("select * from {$tables['attribute']}");
        while ($row = Sql_Fetch_Array($res)) {
            $fieldname = "attribute" . $row["id"];
            $value = $_POST[$fieldname];
            if (is_array($value)) {
                $newval = array();
                foreach ($value as $val) {
                    array_push($newval, sprintf('%0' . $checkboxgroup_storesize . 'd', $val));
                }
                $value = join(",", $newval);
            }
Esempio n. 11
0
            echo $GLOBALS['I18N']->get('add user');
            ?>
"></form></td></tr></table>
      <?php 
            return;
        }
    }
}
if (isset($_REQUEST["doadd"])) {
    if ($_POST["action"] == "insert") {
        $email = trim($_POST["email"]);
        #TODO validate email address.
        print $GLOBALS['I18N']->get("Inserting user") . " {$email}";
        $result = Sql_query(sprintf('
      insert into %s (email,entered,confirmed,htmlemail,uniqid)
       values("%s",now(),1,%d,"%s")', $tables["user"], $email, !empty($_POST['htmlemail']) ? '1' : '0', getUniqid()));
        $userid = Sql_insert_id();
        $query = "insert into {$tables['listuser']} (userid,listid,entered)\n values({$userid},{$id},now())";
        $result = Sql_query($query);
        # remember the users attributes
        $res = Sql_Query("select * from {$tables['attribute']}");
        while ($row = Sql_Fetch_Array($res)) {
            $fieldname = "attribute" . $row["id"];
            $value = $_POST[$fieldname];
            if (is_array($value)) {
                $newval = array();
                foreach ($value as $val) {
                    array_push($newval, sprintf('%0' . $checkboxgroup_storesize . 'd', $val));
                }
                $value = join(",", $newval);
            }
Esempio n. 12
0
      <tr><td colspan=2><input type=hidden name=action value="insert"><input
 type=hidden name=doadd value="yes"><input type=hidden name=id value="<? echo
 $id ?>"><input type=submit name=subscribe value="Add User"></form></td></tr></table>
      <?
      return;
    }
  }
}
if ($doadd) {
  if ($action == "insert") {
    print "Inserting user $email";
    $result = Sql_query(sprintf('
	    insert into %s (email,entered,confirmed,htmlemail,uniqid)
 			values("%s",now(),1,%d,"%s")',
			$tables["user"],$email,$htmlemail,getUniqid()));
    $userid = Sql_insert_id();
    $query = "insert into $tables[listuser] (userid,listid,entered)
 values($userid,$id,now())";
    $result = Sql_query($query);
    # remember the users attributes
    $res = Sql_Query("select * from $tables[attribute]");
    while ($row = Sql_Fetch_Array($res)) {
      if ($row["tablename"] != "")
        $fieldname = $row["tablename"];
      else
        $fieldname = "attribute" .$row["id"];
      $value = $_POST[$fieldname];
      if (is_array($value)) {
        $newval = array();
        foreach ($value as $val) {
Esempio n. 13
0
function removeItemFromWishlist($username, $iid)
{
    //query creation
    $wishlistQuery = sprintf("select * from wishes_for where username='%s';", $username);
    //query database
    $databaseConnection = GetDatabaseConnection();
    $wishlistResult = $databaseConnection->query($wishlistQuery);
    if ($wishlistResult->num_rows == 0) {
        $wid = getUniqid("wishes_for", "wid");
        $wishlistQuery = sprintf("insert into wishes_for (`wid`,`username`) VALUES ('%s','%s');", $wid, $username);
        //query database
        $databaseConnection = GetDatabaseConnection();
        $wishlistResult = $databaseConnection->query($wishlistQuery);
    } else {
        $wid = $wishlistResult->fetch_assoc()["wid"];
    }
    //query creation
    $itemQuery = sprintf("DELETE FROM filled_with WHERE wid='%s' AND iid='%s';", $wid, $iid);
    //query database
    $databaseConnection = GetDatabaseConnection();
    $itemResult = $databaseConnection->query($itemQuery);
    if ($itemResult) {
        return json_encode(array("success" => "true"));
    } else {
        echo $databaseConnection->error;
    }
}