header('location: login.php?signup=no'); exit; } if (isset($_POST['submit'])) { $my_form = new validator(); $mail = new PHPMailer(); $crypto = new phpFreaksCrypto(); $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $email = $_POST['email']; $username = $_POST['username']; $password = $_POST['password']; $password2 = $_POST['password2']; if ($my_form->checkEmail($email)) { // check for good mail if ($my_form->validate_fields('firstname,lastname,email,username,password')) { // comma delimited list of the required form fields if ($password == $password2) { //create new user, disabled $username = mysql_real_escape_string(str_replace(' ', '_', $username)); $sql = "SELECT userName FROM " . $db_prefix . "users WHERE userName='******';"; $result = mysql_query($sql); if (mysql_numrows($result) > 0) { $display = '<div class="responseError">User already exists, please try another username.</div><br/>'; } else { $sql = "SELECT email FROM " . $db_prefix . "users WHERE email='" . mysql_real_escape_string($email) . "';"; $result = mysql_query($sql); if (mysql_numrows($result) > 0) { $display = '<div class="responseError">Email address already exists. If this is your email account, please log in or reset your password.</div><br/>'; } else { $salt = substr($crypto->encrypt(uniqid(mt_rand(), true)), 0, 10);
} } else { $display = '<div class="responseError">Invalid email address, please try again.</div><br/>'; } $action = 'add'; break; case 'edit_action': $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $email = $_POST['email']; $userName = $_POST['userName']; $userID = (int) $_POST['userID']; $my_form = new validator(); if ($my_form->checkEmail($_POST['email'])) { // check for good mail if ($my_form->validate_fields('firstname,lastname,email,userName')) { // comma delimited list of the required form fields //form is valid, perform update $sql = "update " . DB_PREFIX . "users "; $sql .= "set firstname = '" . $firstname . "', lastname = '" . $lastname . "', email = '" . $email . "', userName = '******' "; $sql .= "where userID = " . $userID . ";"; $mysqli->query($sql) or die('error updating user'); $display = '<div class="responseOk">User ' . $userName . ' Updated</div><br/>'; /* if ($_POST['password'] == $_POST['password2']) { } else { $display = '<div class="responseError">Passwords do not match, please try again.</div><br/>'; }*/ } else { $display = '<div class="responseError">' . $my_form->error . '</div><br/>'; }