function addUser($username, $password)
{
global $dbh;
global $db;
// Check to see if the password is being stored using an encryption function, and if so add that function around the password.
$password_value = pw_encode($password);
if (!empty($db['password_encryption_function'])) {
$password_value = $db['password_encryption_function'] . "('" . mysql_escape_string($password_value) . "')";
} else {
$password_value = "'" . mysql_escape_string($password_value) . "'";
}
$notYetSet = true;
while ($notYetSet) {
$id = generate256BitUniqueID();
$queryResults = mysql_query("SELECT uid FROM user WHERE uid='{$id}'", $dbh);
if ($queryResults[0][0] != $id) {
$notYetSet = false;
}
}
$sql = "REPLACE INTO " . $db['table'] . " (" . $db['username_column'] . ", " . $db['password_column'] . ", uid) VALUES ('" . mysql_escape_string($username) . "', " . $password_value . ", '" . $id . "')";
$res = mysql_query($sql, $dbh) or die("Couldn't add user.");
return $res;
}
if(mail($to, $subject, $message, $headers)) {
$success = true;
} else {
$success = false;
}
return $success;
}
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$notYetSet = true;
while ($notYetSet) {
$id = generate256BitUniqueID();
$queryResults = $mysqlConnection->processQuery("SELECT uid FROM user WHERE uid='$id'");
if ($queryResults[0][0] != $id) {
$notYetSet = false;
}
}
send_mail($email, $admin_email, $registration_subject, $registration_body.$username.$registration_body_2.$password.$registration_body_3.$activateURL.$id);
send_mail($supervisor_email, $admin_email, $user_registration_subject.$username, $username.$user_registration_body.$email);
$password = pw_encode($password);
$mysqlConnection->processQuery("INSERT INTO user (uid, username, password, email) VALUES ('".$id."','".$username."','".$password."','".$email."')");
