$crypto = new phpFreaksCrypto();
include 'includes/classes/class.phpmailer.php';
if ($_GET['reset'] == 'true') {
$display = '<div class="responseOk">Your password has been reset, and has been sent to you.</div><br/>';
}
if (isset($_POST['submit'])) {
//create new user, disabled
$sql = "SELECT * FROM " . $db_prefix . "users WHERE firstname='" . $_POST['firstname'] . "' and email = '" . $_POST['email'] . "';";
$query = mysql_query($sql);
if (mysql_numrows($query) == 0) {
$display = '<div class="responseError">No account matched, please try again.</div><br/>';
} else {
$result = mysql_fetch_array($query);
//generate random password and update the db
$password = randomString(10);
$salt = substr($crypto->encrypt(uniqid(mt_rand(), true)), 0, 10);
$secure_password = $crypto->encrypt($salt . $crypto->encrypt($password));
$sql = "update " . $db_prefix . "users set salt = '" . $salt . "', password = '******' where firstname='" . $_POST['firstname'] . "' and email = '" . $_POST['email'] . "';";
mysql_query($sql) or die(mysql_error());
//send confirmation email
$mail = new PHPMailer();
$mail->IsHTML(true);
$mail->From = $adminUser->email;
// the email field of the form
$mail->FromName = 'NFL Pick \'Em Admin';
// the name field of the form
$mail->AddAddress($_POST['email']);
// the form will be sent to this address
$mail->Subject = 'NFL Pick \'Em Password';
// the subject of email
// html text block
if ($my_form->validate_fields('firstname,lastname,email,username,password')) {
// comma delimited list of the required form fields
if ($password == $password2) {
//create new user, disabled
$username = mysql_real_escape_string(str_replace(' ', '_', $username));
$sql = "SELECT userName FROM " . $db_prefix . "users WHERE userName='******';";
$result = mysql_query($sql);
if (mysql_numrows($result) > 0) {
$display = '<div class="responseError">User already exists, please try another username.</div><br/>';
} else {
$sql = "SELECT email FROM " . $db_prefix . "users WHERE email='" . mysql_real_escape_string($email) . "';";
$result = mysql_query($sql);
if (mysql_numrows($result) > 0) {
$display = '<div class="responseError">Email address already exists. If this is your email account, please log in or reset your password.</div><br/>';
} else {
$salt = substr($crypto->encrypt(uniqid(mt_rand(), true)), 0, 10);
$secure_password = $crypto->encrypt($salt . $crypto->encrypt($password));
$sql = "INSERT INTO " . $db_prefix . "users (userName, password, salt, firstname, lastname, email, status) \n\t\t\t\t\t\t\tVALUES ('" . $username . "', '" . $secure_password . "', '" . $salt . "', '" . $firstname . "', '" . $lastname . "', '" . mysql_real_escape_string($email) . "', 1);";
mysql_query($sql) or die(mysql_error());
//send confirmation email
$mail->IsHTML(true);
$mail->From = $user->email;
// the email field of the form
$mail->FromName = 'NFL Pick \'Em Admin';
// the name field of the form
$mail->AddAddress($_POST['email']);
// the form will be sent to this address
$mail->Subject = 'NFL Pick \'Em Confirmation';
// the subject of email
// html text block
$mail->Body = '<p>Thank you for signing up for the NFL Pick \'Em Pool. Please click the below link to confirm your account:<br />' . "\n" . $siteUrl . 'signup.php?confirm=' . $crypto->encrypt($username) . '</p>';
