<?php require 'includes/application_top.php'; require 'includes/classes/crypto.php'; $crypto = new phpFreaksCrypto(); include 'includes/classes/class.phpmailer.php'; if ($_GET['reset'] == 'true') { $display = '<div class="responseOk">Your password has been reset, and has been sent to you.</div><br/>'; } if (isset($_POST['submit'])) { //create new user, disabled $sql = "SELECT * FROM " . $db_prefix . "users WHERE firstname='" . $_POST['firstname'] . "' and email = '" . $_POST['email'] . "';"; $query = mysql_query($sql); if (mysql_numrows($query) == 0) { $display = '<div class="responseError">No account matched, please try again.</div><br/>'; } else { $result = mysql_fetch_array($query); //generate random password and update the db $password = randomString(10); $salt = substr($crypto->encrypt(uniqid(mt_rand(), true)), 0, 10); $secure_password = $crypto->encrypt($salt . $crypto->encrypt($password)); $sql = "update " . $db_prefix . "users set salt = '" . $salt . "', password = '******' where firstname='" . $_POST['firstname'] . "' and email = '" . $_POST['email'] . "';"; mysql_query($sql) or die(mysql_error()); //send confirmation email $mail = new PHPMailer(); $mail->IsHTML(true); $mail->From = $adminUser->email; // the email field of the form $mail->FromName = 'NFL Pick \'Em Admin'; // the name field of the form $mail->AddAddress($_POST['email']);
<?php require 'includes/application_top.php'; require 'includes/classes/crypto.php'; include 'includes/classes/class.formvalidation.php'; include 'includes/classes/class.phpmailer.php'; if (!$allow_signup) { header('location: login.php?signup=no'); exit; } if (isset($_POST['submit'])) { $my_form = new validator(); $mail = new PHPMailer(); $crypto = new phpFreaksCrypto(); $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $email = $_POST['email']; $username = $_POST['username']; $password = $_POST['password']; $password2 = $_POST['password2']; if ($my_form->checkEmail($email)) { // check for good mail if ($my_form->validate_fields('firstname,lastname,email,username,password')) { // comma delimited list of the required form fields if ($password == $password2) { //create new user, disabled $username = mysql_real_escape_string(str_replace(' ', '_', $username)); $sql = "SELECT userName FROM " . $db_prefix . "users WHERE userName='******';"; $result = mysql_query($sql); if (mysql_numrows($result) > 0) { $display = '<div class="responseError">User already exists, please try another username.</div><br/>';