//from DB--> if it has been previously instantiated by someone from another session.
instantiate_email_presets($_POST['15_days_overdue'], $_POST['30_days_overdue']);
}
//include 'dump_all_page_contents.php';
if (isset($_POST['_submit_check']) && $_POST['_submit_check'] != "" && $_POST['_submit_check'] != NULL) {
//check for errors
if (validateNewUser() == 'valid') {
//create user in db
$encrypted_passwd = crypt($_POST['password']);
$query = "INSERT INTO users (first_name, last_name, access_lvl, dept_id, password, username) VALUES ('{$_POST['first_name']}','{$_POST['last_name']}','{$_POST['access']}','{$_POST['department']}','{$encrypted_passwd}','{$_POST['username']}')";
$result = mysqli_query($db, $query);
//show success message
print '<h3 align="center"> User ' . $_POST['username'] . ' (' . $_POST['first_name'] . ' ' . $_POST['last_name'] . ') created!</h3>';
print '<h4 align="center"><a href="admin.php">Return to Admin Page</a></h4>';
} else {
showPage($_SESSION['username'], $_SESSION['access'], validateNewUser());
}
//if errors exist, show page again & fill in values
} else {
//form has not been submitted
showPage($_SESSION['username'], $_SESSION['access']);
//show page only if user is a super user
}
} else {
showLogin('The current user is not authorized to view this page.');
//all other users types OWNED!!
}
} elseif ($_POST['username']) {
//if user has attempted to login, validate login
if (validateLogin($_POST['username'], $_POST['password'])) {
showPage($_SESSION['username'], $_SESSION['access']);
}
}
}
} else {
if ($_POST["submit"] == "Register") {
$sql = "SELECT * FROM `users`";
$result = mysql_query($sql);
if (mysql_num_rows($result) == 0) {
registerNewUser();
}
} else {
if ($_POST["submit"] == "Verification") {
$sql = "SELECT * FROM `users`";
$result = mysql_query($sql);
if (mysql_num_rows($result) == 0) {
validateNewUser();
}
} else {
die('<p>You must be logged in to perform any operations. If you once were logged in,
your session probably timed out meaning that you have to log in again before
you try to perform any administrational operations.
<br /> <br />
Click <a href="../pages/login.php">here</a> to go to the login page.</p>');
}
}
}
function reportError($sql)
{
echo '<p>Följande indata gavs: <br />';
print_r($_POST);
echo "<br /><br />A tiny tiny error accured when trying to add the new entry: <br /><br /><b>" . mysql_error() . ': </b><br /><br />' . $sql;
<?php
// Get fileds entered by user
$username = stripslashes(trim($_POST['username']));
$name = stripslashes(trim($_POST['name']));
$school = stripslashes(trim($_POST['school']));
$picture = stripslashes(trim($_POST['picture']));
$password = stripslashes(trim($_POST['password']));
$description = stripslashes(trim($_POST['description']));
require_once 'functions.php';
// Validate inputed fields
validateNewUser($username, $name, $school, $password);
// Set default icon
if ($picture == "") {
$picture = 'pictures/icon_default.png';
}
require_once 'connect.php';
require_once 'passwordLib.php';
// Encrypt the password
$hash = password_hash($password, PASSWORD_BCRYPT);
// Create connection
global $conn;
$result = checkUniqueUsername($conn, $username);
if ($result == 0) {
// Unique user
// Register the user
registerUser($conn, $username, $name, $school, $picture, $hash, $description);
$response = ["success" => "User registered"];
echo json_encode($response);
} else {
$response = ["Error" => "Username taken"];
<?php
// This page is for the serverside operations required to create accounts.
require_once $_SERVER['DOCUMENT_ROOT'] . '/tnelat/components/SQL_Operation.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/tnelat/components/formatting.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$vars = process_request($_POST);
if (validateNewUser($vars['username'], $vars['password'], $vars['password_confirm'], $vars['email'], $vars['first_name'], $vars['last_name'], $vars['phone'])) {
// Generate a random salt
$salt = hash('sha256', uniqid(mt_rand(), true));
// Apply salt before hashing
$salted_password = hash('sha256', $salt . $vars['password']);
// Store the salt with the password, so we can apply it again and check the result
$user = (new InsertUser($vars['username'], $vars['email'], $salted_password, $vars['first_name'], $vars['last_name'], intval($vars['phone']), $salt))->execute();
// Reset the post so we don't make a post request to authentication
$_SERVER['REQUEST_METHOD'] = null;
include $_SERVER['DOCUMENT_ROOT'] . "/tnelat/handlers/authentication.php";
login($vars['username']);
echo 'User created successfully. Redirecting...';
}
}
function validateNewUser($username, $password, $password_confirm, $email, $first_name, $last_name, $phone)
{
$err = '';
// Check that all fields are filled in
if (empty($username) || empty($password) || empty($password_confirm) || empty($email) || empty($first_name) || empty($last_name)) {
$err = 'Please fill in all required fields.';
} else {
if (strlen($username) < 3 || !ctype_alnum($username)) {
$err = 'A valid username is at least three characters. Only alphanumeric characteres are allowed.';
} else {
