*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
require_once "inc/toolkit.inc.php";
include_once "inc/header.inc.php";
if (!verify_permission('user_add_new')) {
error(ERR_PERM_ADD_USER);
} else {
if (isset($_POST["commit"])) {
add_new_user($_POST);
success(SUC_USER_ADD);
}
echo " <h2>" . _('Add user') . "</h2>\n";
echo " <form method=\"post\">\n";
echo " <table>\n";
echo " <tr>\n";
echo " <td class=\"n\">" . _('Username') . "</td>\n";
echo " <td class=\"n\"><input type=\"text\" class=\"input\" name=\"username\" value=\"\"></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td class=\"n\">" . _('Fullname') . "</td>\n";
echo " <td class=\"n\"><input type=\"text\" class=\"input\" name=\"fullname\" value=\"\"></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td class=\"n\">" . _('Password') . "</td>\n";
require_once "inc/config.php";
require_once ROOT_PATH . "inc/database.php";
include ROOT_PATH . "inc/header.php";
if (isset($_SESSION['user_id'])) {
header("Location:home.php");
}
$email = "";
$fname = "";
$lname = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (isset($_POST["email"])) {
$email = trim($_POST["email"]);
$password = password_hash($_POST["password"], PASSWORD_DEFAULT);
$fname = trim(ucfirst($_POST["fname"]));
$lname = trim(ucfirst($_POST["lname"]));
$new_user_id = add_new_user($email, $password, $fname, $lname);
$user = get_user($new_user_id);
$_SESSION['user_id'] = $new_user_id;
$_SESSION['fname'] = $fname;
$_SESSION['lname'] = $lname;
$_SESSION['email'] = $email;
$_SESSION['permissions'] = $user["permissions_level"];
$_SESSION['member_level'] = $user["member_level"];
// if the user was sent to register.php from an event page, send them back to that event page
if (isset($_SESSION["event"])) {
header("Location:" . BASE_URL . "events/" . $_SESSION["event"] . "/");
} else {
// otherwise, send them to the home page
header("Location:index.php");
}
}
function take_registration_form()
{
/**
* $username string
* $password string
* $passhash_md5 string
* $email string
*/
$username = $_POST['login']['username'];
$password = $_POST['login']['password'];
$passhash_md5 = hash_password($password);
$email = $_POST['login']['email'];
/**
* Tarkasta annetun datan aitous ja ainutlaatuisuus
* $email string
* $password string
* $username string
*/
if (validate($email, $password, $username)) {
echo "validaatio toimii";
add_new_user($email, $passhash_md5, $username);
$_SESSION['login']['passhash_md5'] = $passhash_md5;
$_SESSION['login']['email'] = $email;
$_SESSION['login']['logged_in'] = 1;
$_SESSION['login']['user_id'] = get_user_id($email);
$_SESSION['login']['username'] = $username;
direct_right();
} else {
direct_wrong();
}
}
$return = "SUCCESS";
} else {
$return = "ERROR";
}
} else {
$return = "EMPTY";
}
} else {
$return = "WRONG";
}
echo $return;
}
if ($_POST['action'] == 'add_new_user') {
if ($login['admin'] == true) {
if (!empty($_POST['useradd']) && !empty($_POST['passadd']) && !empty($_POST['nick']) && !empty($_POST['bbs']) && !empty($_POST['ref']) && !empty($_POST['intro']) && !empty($_POST['email']) && mb_strlen($_POST['passadd']) > 3 && mb_strlen($_POST['passadd']) < 21) {
$add = add_new_user($_POST['useradd'], $_POST['passadd'], $_POST['email'], $_POST['nick'], $_POST['bbs'], $_POST['ref'], $_POST['intro']);
$add ? $return = "SUCCESS" : ($return = "ERROR");
} else {
$return = "EMPTY";
}
} else {
$return = "ERROR";
}
echo $return;
}
// 管理員更改密碼
if ($_POST['action'] == 'adminChangePass') {
$response_array['status'] = false;
$response_array['message'] = "";
if ($login['admin'] == true) {
if (!empty($_POST['user']) && !empty($_POST['pass']) && mb_strlen($_POST['pass']) > 3 && mb_strlen($_POST['pass']) < 21) {
{
if (empty($_POST['name'])) {
deliver_response(400, "No name set", NULL);
return false;
}
if (empty($_POST['password'])) {
deliver_response(400, "No password set", NULL);
return false;
}
if (empty($_POST['email'])) {
deliver_response(400, "No email set", NULL);
return false;
}
return true;
}
function add_new_user()
{
$conn = new mysqli($GLOBALS['db'], $GLOBALS['login'], $GLOBALS['pass'], $GLOBALS['dbname']);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$query = "INSERT INTO GS_USER (NICKNAME, PASSWORD, EMAIL) VALUES (\n '" . $_POST['name'] . "',\n '" . sha1($_POST['password']) . "',\n '" . $_POST['email'] . "'\n )";
if (mysqli_query($conn, $query)) {
deliver_response(201, "Success", 2);
} else {
deliver_response(400, "Query error", 232);
}
}
if (verify_new_user()) {
add_new_user();
}
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
require_once "inc/toolkit.inc.php";
include_once "inc/header.inc.php";
if (!verify_permission('user_add_new')) {
error(ERR_PERM_ADD_USER);
} else {
if (isset($_POST["commit"])) {
if (add_new_user($_POST)) {
success(SUC_USER_ADD);
}
}
echo " <h2>" . _('Add user') . "</h2>\n";
echo " <form method=\"post\" action=\"add_user.php\">\n";
echo " <table>\n";
echo " <tr>\n";
echo " <td class=\"n\">" . _('Username') . "</td>\n";
echo " <td class=\"n\"><input type=\"text\" class=\"input\" name=\"username\" value=\"\"></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td class=\"n\">" . _('Fullname') . "</td>\n";
echo " <td class=\"n\"><input type=\"text\" class=\"input\" name=\"fullname\" value=\"\"></td>\n";
echo " </tr>\n";
echo " <tr>\n";
