//from DB--> if it has been previously instantiated by someone from another session. instantiate_email_presets($_POST['15_days_overdue'], $_POST['30_days_overdue']); } //include 'dump_all_page_contents.php'; if (isset($_POST['_submit_check']) && $_POST['_submit_check'] != "" && $_POST['_submit_check'] != NULL) { //check for errors if (validateNewUser() == 'valid') { //create user in db $encrypted_passwd = crypt($_POST['password']); $query = "INSERT INTO users (first_name, last_name, access_lvl, dept_id, password, username) VALUES ('{$_POST['first_name']}','{$_POST['last_name']}','{$_POST['access']}','{$_POST['department']}','{$encrypted_passwd}','{$_POST['username']}')"; $result = mysqli_query($db, $query); //show success message print '<h3 align="center"> User ' . $_POST['username'] . ' (' . $_POST['first_name'] . ' ' . $_POST['last_name'] . ') created!</h3>'; print '<h4 align="center"><a href="admin.php">Return to Admin Page</a></h4>'; } else { showPage($_SESSION['username'], $_SESSION['access'], validateNewUser()); } //if errors exist, show page again & fill in values } else { //form has not been submitted showPage($_SESSION['username'], $_SESSION['access']); //show page only if user is a super user } } else { showLogin('The current user is not authorized to view this page.'); //all other users types OWNED!! } } elseif ($_POST['username']) { //if user has attempted to login, validate login if (validateLogin($_POST['username'], $_POST['password'])) { showPage($_SESSION['username'], $_SESSION['access']);
} } } } else { if ($_POST["submit"] == "Register") { $sql = "SELECT * FROM `users`"; $result = mysql_query($sql); if (mysql_num_rows($result) == 0) { registerNewUser(); } } else { if ($_POST["submit"] == "Verification") { $sql = "SELECT * FROM `users`"; $result = mysql_query($sql); if (mysql_num_rows($result) == 0) { validateNewUser(); } } else { die('<p>You must be logged in to perform any operations. If you once were logged in, your session probably timed out meaning that you have to log in again before you try to perform any administrational operations. <br /> <br /> Click <a href="../pages/login.php">here</a> to go to the login page.</p>'); } } } function reportError($sql) { echo '<p>Följande indata gavs: <br />'; print_r($_POST); echo "<br /><br />A tiny tiny error accured when trying to add the new entry: <br /><br /><b>" . mysql_error() . ': </b><br /><br />' . $sql;
<?php // Get fileds entered by user $username = stripslashes(trim($_POST['username'])); $name = stripslashes(trim($_POST['name'])); $school = stripslashes(trim($_POST['school'])); $picture = stripslashes(trim($_POST['picture'])); $password = stripslashes(trim($_POST['password'])); $description = stripslashes(trim($_POST['description'])); require_once 'functions.php'; // Validate inputed fields validateNewUser($username, $name, $school, $password); // Set default icon if ($picture == "") { $picture = 'pictures/icon_default.png'; } require_once 'connect.php'; require_once 'passwordLib.php'; // Encrypt the password $hash = password_hash($password, PASSWORD_BCRYPT); // Create connection global $conn; $result = checkUniqueUsername($conn, $username); if ($result == 0) { // Unique user // Register the user registerUser($conn, $username, $name, $school, $picture, $hash, $description); $response = ["success" => "User registered"]; echo json_encode($response); } else { $response = ["Error" => "Username taken"];
<?php // This page is for the serverside operations required to create accounts. require_once $_SERVER['DOCUMENT_ROOT'] . '/tnelat/components/SQL_Operation.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/tnelat/components/formatting.php'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $vars = process_request($_POST); if (validateNewUser($vars['username'], $vars['password'], $vars['password_confirm'], $vars['email'], $vars['first_name'], $vars['last_name'], $vars['phone'])) { // Generate a random salt $salt = hash('sha256', uniqid(mt_rand(), true)); // Apply salt before hashing $salted_password = hash('sha256', $salt . $vars['password']); // Store the salt with the password, so we can apply it again and check the result $user = (new InsertUser($vars['username'], $vars['email'], $salted_password, $vars['first_name'], $vars['last_name'], intval($vars['phone']), $salt))->execute(); // Reset the post so we don't make a post request to authentication $_SERVER['REQUEST_METHOD'] = null; include $_SERVER['DOCUMENT_ROOT'] . "/tnelat/handlers/authentication.php"; login($vars['username']); echo 'User created successfully. Redirecting...'; } } function validateNewUser($username, $password, $password_confirm, $email, $first_name, $last_name, $phone) { $err = ''; // Check that all fields are filled in if (empty($username) || empty($password) || empty($password_confirm) || empty($email) || empty($first_name) || empty($last_name)) { $err = 'Please fill in all required fields.'; } else { if (strlen($username) < 3 || !ctype_alnum($username)) { $err = 'A valid username is at least three characters. Only alphanumeric characteres are allowed.'; } else {