<? /* this is probably something we shouldn't be exposing so easily */ exit; ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Untitled</title> <meta name="generator" content="BBEdit 8.0"> </head> <body> <? require_once( "assets/activationFunctions.inc" ); echo activationMessageFor( $_REQUEST['userid'], $_REQUEST['email'] ); ?> </body> </html>
function createAccount( $uName, $pw, $referral ) { $returnMessage = "OK"; $referrerId = getReferrerId( $referral ); if( $referrerId == -1 ) { return "Invalid referral code."; } $query = "SELECT count(*) AS theCount FROM users WHERE username = '******'"; $result = tmbo_query($query); // get the results of the query as an associative array, indexed by column name $row = mysql_fetch_array( $result, MYSQL_ASSOC ); if( $row['theCount'] == 0 ) { $encrypted_pw = sha1( $pw ); $query = "INSERT INTO users (username,password,email,created,ip,referred_by) VALUES ( '" . $uName . "','" . $encrypted_pw . "', '" . $_POST['email'] . "', now(), '" . $_SERVER['REMOTE_ADDR']. "', $referrerId )"; tmbo_query($query); $result = tmbo_query("SELECT userid,account_status from users where username = '******'"); $row = mysql_fetch_assoc( $result ); assert($row['account_status'] == 'awaiting activation'); $activationMessage = activationMessageFor( $row['userid'], $_POST['email'] ); mail( $_POST['email'], "[ this might be offensive ] account activation", "$activationMessage", "From: offensive@thismight.be (this might be offensive)"); /* this query not changed to tmbo_query * because it should be non-fatal if the query fails. */ mysql_query( "DELETE FROM referrals WHERE referral_code = '$referral' AND userid=$referrerId LIMIT 1" ) or trigger_error(mysql_error(), E_USER_WARNING); # mail( "*****@*****.**", "[" . $_SERVER["REMOTE_ADDR"] . "] - [ this might be offensive ] account created: $uName", $_POST['email'], "From: offensive@thismight.be (this might be offensive)"); } else { $returnMessage = "The username you've chosen, \"" . $uName . "\", is not available."; } return $returnMessage; }