$sql = "UPDATE prochatrooms_users\n\t\t\t\t\tSET avatar = '" . makeSafe($_POST['uavatar']) . "'\n\t\t\t\t\tWHERE username = '******'username']) . "'"; mysql_query($sql) or die(mysql_error()); } } // add user room if (isset($_POST['addRoom'])) { // password encryption if (!empty($_POST['newRoomPass'])) { $_POST['newRoomPass'] = md5($_POST['newRoomPass']); } // check room exists $tmp = mysql_query("\n\t\t\tSELECT roomname \n\t\t\tFROM prochatrooms_rooms \n\t\t\tWHERE roomname = '" . makeSafe($_POST['newRoomName']) . "' \n\t\t\tLIMIT 1\n\t\t\t") or die(mysql_error()); if (!mysql_num_rows($tmp)) { // if room name if ($_POST['newRoomName']) { if (validChars($_POST['newRoomName'])) { die("invalid room name"); } // send message $sql = "INSERT INTO prochatrooms_rooms\n\t\t\t\t\t(\n\t\t\t\t\t\tid,\n\t\t\t\t\t\troomname,\n\t\t\t\t\t\troomowner, \n\t\t\t\t\t\troompassword, \n\t\t\t\t\t\troomusers, \n\t\t\t\t\t\troomcreated\n\t\t\t\t\t) \t\n\t\t\t\t\tVALUES \n\t\t\t\t\t(\n\t\t\t\t\t\t'" . getTime() . "', \n\t\t\t\t\t\t'" . makeSafe($_POST['newRoomName']) . "', \n\t\t\t\t\t\t'" . makeSafe($_POST['newRoomOwner']) . "', \n\t\t\t\t\t\t'" . makeSafe($_POST['newRoomPass']) . "', \n\t\t\t\t\t\t'0', \n\t\t\t\t\t\t'" . getTime() . "' \n\t\t\t\t\t)"; mysql_query($sql) or die(mysql_error()); } } else { $sql = "UPDATE prochatrooms_rooms \n\t\t\t\t\tSET roomcreated = '" . getTime() . "' \n\t\t\t\t\tWHERE roomname = '" . makeSafe($_POST['newRoomName']) . "'"; mysql_query($sql) or die(mysql_error()); } } // update webcam status if (isset($_POST['myWebcamIs'])) { $result = '0'; if ($_POST['myWebcamIs'] == 'on') {
} // Check if username already exists $stmt = $db->prepare('SELECT uid FROM ' . DB_PREFIX_ . 'users WHERE uid = ?'); $stmt->execute(array($username)); $count = $stmt->rowCount(); if ($count >= 1) { $err .= ' User already exists.'; } // Check if group names are valid. Also trim and put them into new array $length = strlen($group); if ($length >= 1) { $groups = explode(GROUPS_, $group); unset($group); foreach ($groups as $tmp) { $tmp = trim($tmp); $groupcheck = validChars($tmp); if ($groupcheck == 0) { $err .= ' Invalid characters in group name.'; } $group[] = $tmp; } } // Check if email is valid if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $err .= ' Invalid email address.'; } // Check if there was an error, if not, add data if (!isset($err)) { // Generate random password and hash it $passwd = randString(10); //$hash = $hasher->HashPassword($passwd);
*/ if (!$_REQUEST['roomID'][0]) { include "templates/" . $CONFIG['template'] . "/login.php"; die; } /* * check username is valid * */ if (empty($_REQUEST['userName']) && isset($_REQUEST['login'])) { $loginError = C_LANG1; include "templates/" . $CONFIG['template'] . "/login.php"; die; } if (isset($_REQUEST['userName'])) { $loginError = validChars($_REQUEST['userName']); if ($loginError) { include "templates/" . $CONFIG['template'] . "/login.php"; die; } } if ($_POST['userName']) { unset($_SESSION['guest']); } /* * if user is not guest and password is empty * */ if (!$_POST['isGuest'] && isset($_POST['userPass']) && empty($_POST['userPass'])) { $loginError = C_LANG6; include "templates/" . $CONFIG['template'] . "/login.php";