header('location: login.php?signup=no');
exit;
}
if (isset($_POST['submit'])) {
$my_form = new validator();
$mail = new PHPMailer();
$crypto = new phpFreaksCrypto();
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
if ($my_form->checkEmail($email)) {
// check for good mail
if ($my_form->validate_fields('firstname,lastname,email,username,password')) {
// comma delimited list of the required form fields
if ($password == $password2) {
//create new user, disabled
$username = mysql_real_escape_string(str_replace(' ', '_', $username));
$sql = "SELECT userName FROM " . $db_prefix . "users WHERE userName='******';";
$result = mysql_query($sql);
if (mysql_numrows($result) > 0) {
$display = '<div class="responseError">User already exists, please try another username.</div><br/>';
} else {
$sql = "SELECT email FROM " . $db_prefix . "users WHERE email='" . mysql_real_escape_string($email) . "';";
$result = mysql_query($sql);
if (mysql_numrows($result) > 0) {
$display = '<div class="responseError">Email address already exists. If this is your email account, please log in or reset your password.</div><br/>';
} else {
$salt = substr($crypto->encrypt(uniqid(mt_rand(), true)), 0, 10);
}
} else {
$display = '<div class="responseError">Invalid email address, please try again.</div><br/>';
}
$action = 'add';
break;
case 'edit_action':
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$userName = $_POST['userName'];
$userID = (int) $_POST['userID'];
$my_form = new validator();
if ($my_form->checkEmail($_POST['email'])) {
// check for good mail
if ($my_form->validate_fields('firstname,lastname,email,userName')) {
// comma delimited list of the required form fields
//form is valid, perform update
$sql = "update " . DB_PREFIX . "users ";
$sql .= "set firstname = '" . $firstname . "', lastname = '" . $lastname . "', email = '" . $email . "', userName = '******' ";
$sql .= "where userID = " . $userID . ";";
$mysqli->query($sql) or die('error updating user');
$display = '<div class="responseOk">User ' . $userName . ' Updated</div><br/>';
/*
if ($_POST['password'] == $_POST['password2']) {
} else {
$display = '<div class="responseError">Passwords do not match, please try again.</div><br/>';
}*/
} else {
$display = '<div class="responseError">' . $my_form->error . '</div><br/>';
}
