$email = $_POST['email'];
} else {
$email = "";
}
if ($_POST['submit'] && !$create_disabled && !$banned_ip) {
$name = striptag($name, $no_tags);
$name = trim($name);
/* Filter out bad characters. Do the & first to catch SGML entities */
$name = preg_replace("/&/", "&#" . ord('&') . ";", $name);
$name = preg_replace("/</", "<", $name);
$name = preg_replace("/>/", ">", $name);
if (empty($name)) {
$error .= "Name is required\n";
} else {
/* FIXME: More error codes (empty shortname, etc) */
if (!$user->name($name)) {
$error .= "Name '{$name}' is invalid\n";
}
}
/* We do some sanitizing of the email address first */
$email = trim($email);
if (empty($email)) {
$error .= "Email address is required\n";
} else {
if (!$user->email($email)) {
$error .= "Email address '{$email}' is invalid\n";
}
}
if (isset($_POST['password1'])) {
$password1 = $_POST['password2'];
} else {
} else {
$password2 = "";
}
if (isset($_POST['submit'])) {
if (!$user->is_valid_token($_POST['token'])) {
err_not_found('Invalid token');
}
if (!empty($name)) {
$name = striptag($name, $no_tags);
$name = trim($name);
/* Filter out bad characters. Do the & first to catch SGML entities */
$name = preg_replace("/&/", "&#" . ord('&') . ";", $name);
$name = preg_replace("/</", "<", $name);
$name = preg_replace("/>/", ">", $name);
if (!empty($name)) {
$user->name($name);
}
}
if (!empty($email)) {
$email = trim($email);
if (is_valid_email($email)) {
$update_email = $email;
} else {
$error .= "Please supply a valid email address\n";
}
}
if (!empty($password1) || !empty($password2)) {
if (empty($password1) || empty($password2)) {
$error .= "Please fill in both passwords\n";
} else {
if ($password1 != $password2) {
