$sql = "UPDATE prochatrooms_users\n\t\t\t\t\tSET avatar = '" . makeSafe($_POST['uavatar']) . "'\n\t\t\t\t\tWHERE username = '******'username']) . "'";
mysql_query($sql) or die(mysql_error());
}
}
// add user room
if (isset($_POST['addRoom'])) {
// password encryption
if (!empty($_POST['newRoomPass'])) {
$_POST['newRoomPass'] = md5($_POST['newRoomPass']);
}
// check room exists
$tmp = mysql_query("\n\t\t\tSELECT roomname \n\t\t\tFROM prochatrooms_rooms \n\t\t\tWHERE roomname = '" . makeSafe($_POST['newRoomName']) . "' \n\t\t\tLIMIT 1\n\t\t\t") or die(mysql_error());
if (!mysql_num_rows($tmp)) {
// if room name
if ($_POST['newRoomName']) {
if (validChars($_POST['newRoomName'])) {
die("invalid room name");
}
// send message
$sql = "INSERT INTO prochatrooms_rooms\n\t\t\t\t\t(\n\t\t\t\t\t\tid,\n\t\t\t\t\t\troomname,\n\t\t\t\t\t\troomowner, \n\t\t\t\t\t\troompassword, \n\t\t\t\t\t\troomusers, \n\t\t\t\t\t\troomcreated\n\t\t\t\t\t) \t\n\t\t\t\t\tVALUES \n\t\t\t\t\t(\n\t\t\t\t\t\t'" . getTime() . "', \n\t\t\t\t\t\t'" . makeSafe($_POST['newRoomName']) . "', \n\t\t\t\t\t\t'" . makeSafe($_POST['newRoomOwner']) . "', \n\t\t\t\t\t\t'" . makeSafe($_POST['newRoomPass']) . "', \n\t\t\t\t\t\t'0', \n\t\t\t\t\t\t'" . getTime() . "' \n\t\t\t\t\t)";
mysql_query($sql) or die(mysql_error());
}
} else {
$sql = "UPDATE prochatrooms_rooms \n\t\t\t\t\tSET roomcreated = '" . getTime() . "' \n\t\t\t\t\tWHERE roomname = '" . makeSafe($_POST['newRoomName']) . "'";
mysql_query($sql) or die(mysql_error());
}
}
// update webcam status
if (isset($_POST['myWebcamIs'])) {
$result = '0';
if ($_POST['myWebcamIs'] == 'on') {
}
// Check if username already exists
$stmt = $db->prepare('SELECT uid FROM ' . DB_PREFIX_ . 'users WHERE uid = ?');
$stmt->execute(array($username));
$count = $stmt->rowCount();
if ($count >= 1) {
$err .= ' User already exists.';
}
// Check if group names are valid. Also trim and put them into new array
$length = strlen($group);
if ($length >= 1) {
$groups = explode(GROUPS_, $group);
unset($group);
foreach ($groups as $tmp) {
$tmp = trim($tmp);
$groupcheck = validChars($tmp);
if ($groupcheck == 0) {
$err .= ' Invalid characters in group name.';
}
$group[] = $tmp;
}
}
// Check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$err .= ' Invalid email address.';
}
// Check if there was an error, if not, add data
if (!isset($err)) {
// Generate random password and hash it
$passwd = randString(10);
//$hash = $hasher->HashPassword($passwd);
*/
if (!$_REQUEST['roomID'][0]) {
include "templates/" . $CONFIG['template'] . "/login.php";
die;
}
/*
* check username is valid
*
*/
if (empty($_REQUEST['userName']) && isset($_REQUEST['login'])) {
$loginError = C_LANG1;
include "templates/" . $CONFIG['template'] . "/login.php";
die;
}
if (isset($_REQUEST['userName'])) {
$loginError = validChars($_REQUEST['userName']);
if ($loginError) {
include "templates/" . $CONFIG['template'] . "/login.php";
die;
}
}
if ($_POST['userName']) {
unset($_SESSION['guest']);
}
/*
* if user is not guest and password is empty
*
*/
if (!$_POST['isGuest'] && isset($_POST['userPass']) && empty($_POST['userPass'])) {
$loginError = C_LANG6;
include "templates/" . $CONFIG['template'] . "/login.php";
