$crypto = new phpFreaksCrypto(); include 'includes/classes/class.phpmailer.php'; if ($_GET['reset'] == 'true') { $display = '<div class="responseOk">Your password has been reset, and has been sent to you.</div><br/>'; } if (isset($_POST['submit'])) { //create new user, disabled $sql = "SELECT * FROM " . $db_prefix . "users WHERE firstname='" . $_POST['firstname'] . "' and email = '" . $_POST['email'] . "';"; $query = mysql_query($sql); if (mysql_numrows($query) == 0) { $display = '<div class="responseError">No account matched, please try again.</div><br/>'; } else { $result = mysql_fetch_array($query); //generate random password and update the db $password = randomString(10); $salt = substr($crypto->encrypt(uniqid(mt_rand(), true)), 0, 10); $secure_password = $crypto->encrypt($salt . $crypto->encrypt($password)); $sql = "update " . $db_prefix . "users set salt = '" . $salt . "', password = '******' where firstname='" . $_POST['firstname'] . "' and email = '" . $_POST['email'] . "';"; mysql_query($sql) or die(mysql_error()); //send confirmation email $mail = new PHPMailer(); $mail->IsHTML(true); $mail->From = $adminUser->email; // the email field of the form $mail->FromName = 'NFL Pick \'Em Admin'; // the name field of the form $mail->AddAddress($_POST['email']); // the form will be sent to this address $mail->Subject = 'NFL Pick \'Em Password'; // the subject of email // html text block
if ($my_form->validate_fields('firstname,lastname,email,username,password')) { // comma delimited list of the required form fields if ($password == $password2) { //create new user, disabled $username = mysql_real_escape_string(str_replace(' ', '_', $username)); $sql = "SELECT userName FROM " . $db_prefix . "users WHERE userName='******';"; $result = mysql_query($sql); if (mysql_numrows($result) > 0) { $display = '<div class="responseError">User already exists, please try another username.</div><br/>'; } else { $sql = "SELECT email FROM " . $db_prefix . "users WHERE email='" . mysql_real_escape_string($email) . "';"; $result = mysql_query($sql); if (mysql_numrows($result) > 0) { $display = '<div class="responseError">Email address already exists. If this is your email account, please log in or reset your password.</div><br/>'; } else { $salt = substr($crypto->encrypt(uniqid(mt_rand(), true)), 0, 10); $secure_password = $crypto->encrypt($salt . $crypto->encrypt($password)); $sql = "INSERT INTO " . $db_prefix . "users (userName, password, salt, firstname, lastname, email, status) \n\t\t\t\t\t\t\tVALUES ('" . $username . "', '" . $secure_password . "', '" . $salt . "', '" . $firstname . "', '" . $lastname . "', '" . mysql_real_escape_string($email) . "', 1);"; mysql_query($sql) or die(mysql_error()); //send confirmation email $mail->IsHTML(true); $mail->From = $user->email; // the email field of the form $mail->FromName = 'NFL Pick \'Em Admin'; // the name field of the form $mail->AddAddress($_POST['email']); // the form will be sent to this address $mail->Subject = 'NFL Pick \'Em Confirmation'; // the subject of email // html text block $mail->Body = '<p>Thank you for signing up for the NFL Pick \'Em Pool. Please click the below link to confirm your account:<br />' . "\n" . $siteUrl . 'signup.php?confirm=' . $crypto->encrypt($username) . '</p>';