$password = $_POST['password']; $info = $_POST['info']; $email = $_POST['email']; // To protect MySQL injection for Security purpose $username = stripslashes($username); $name = stripslashes($name); $password = stripslashes($password); $email = stripslashes($email); $username = mysql_real_escape_string($username); $name = mysql_real_escape_string($name); $password = mysql_real_escape_string($password); $email = mysql_real_escape_string($email); //SQL to check if user is already existing $row = checkAndGetBackUsername($username); $existing = $row['username']; echo "<b></b>"; if (!isset($existing)) { $hashedPassword = md5($password); if (addNewLoginUser($username, $hashedPassword, 'admin')) { addNewAdmin($username, $name, $info, $email); echo '<script>showSuccess("New Admin Added!");</script>'; } else { echo '<script>showError("Error while adding user!");</script>'; } } else { echo '<script>showError("ERROR: User alreay exists!");</script>'; } mysql_close($connection); // Closing Connection } }
<?php require_once "../../../include/config.php"; require_once $basedir . "/admin/include/functions.php"; $private_key = $config['private_key']; $hash = isset($_POST['hash']) ? $_POST['hash'] : 0; $public_key = isset($_POST['public']) ? $_POST['public'] : 0; $time = isset($_POST['t']) ? $_POST['t'] : 0; $myhash = md5($public_key . $private_key . $time); if ($hash != $myhash) { echo json_encode(array('error' => 1, 'status' => 'Hash is invalid')); exit; } /* uri += '&sn=' + site_name + '&sd=' + site_desc + '&sk=' + site_keywords; uri += '&sl=' + select_lang + '&tz=' = timezone + '&cu=' + currency; uri += '&co=' + commission + '&rgr=' + recgameresult + '&rds=' + recdaisal + '&rud=' recuserdeposit; */ $data = array('name' => $_POST['name'], 'email' => $_POST['email'], 'nick' => $_POST['nick'], 'password1' => $_POST['p1'], 'password2' => $_POST['p2']); if ($data['password1'] != $data['password2']) { echo json_encode(array('error' => 'Password did not match')); exit; } $bool = addNewAdmin($data); if ($bool) { echo json_encode(array('error' => '', 'status' => 'success')); exit; } else { echo json_encode(array('error' => 1, 'status' => 'fail')); exit; }
$page_content=''; switch ($cmd) { case 'new' : $page_content=addNewAdmin(); break; case 'edit' : if (isset($_GET['username']) && array_get($_GET, 'aid', 0) == 0){ $db = new DBConnection(); $query = 'SELECT id FROM ul_logins WHERE username="******" LIMIT 1'; $res = $db->rq($query); $row = $db->fetch($res); $_GET['aid'] = $row['id']; } $page_content = addNewAdmin($_GET['aid']+0); break; case 'delete' : if (isAppLoggedIn()){ $db = new DBConnection(); $currentData = $db->getRow('ul_logins', 'id='.($_GET['aid']+0).''); $ulogin->DeleteUser($_GET['aid']); addLog('Back-end','Back-end users',''.$currentData['name'].' ('.$currentData['ref'].')',''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')','Admin deleted'); $db->close(); header('Location: users_admins.php'); exit(); } break;