示例#1
0
function aggiungiutente()
{
    global $SITENAME, $SITEEMAIL, $db, $BASEURL, $VALIDATION, $USERLANG, $USE_IMAGECODE;
    $utente = $db->real_escape_string($_POST["user"]);
    $pwd = $db->real_escape_string($_POST["pwd"]);
    $pwd1 = $db->real_escape_string($_POST["pwd1"]);
    $email = $db->real_escape_string($_POST["email"]);
    $idlangue = intval($_POST["language"]);
    $idstyle = intval($_POST["style"]);
    $idflag = intval($_POST["flag"]);
    $timezone = intval($_POST["timezone"]);
    if (utf8::strtoupper($utente) == utf8::strtoupper("Guest")) {
        print ERROR . " " . ERR_GUEST_EXISTS . "<br />\n";
        print "<a href='account.php'>" . BACK . "</a>";
        block_end();
        stdfoot();
        exit;
    }
    if ($pwd != $pwd1) {
        print ERROR . " " . DIF_PASSWORDS . "<br />\n";
        print "<a href='account.php'>" . BACK . "</a>";
        block_end();
        stdfoot();
        exit;
    }
    if ($VALIDATION == "none") {
        $idlevel = 3;
    } else {
        $idlevel = 2;
    }
    # Create Random number
    $floor = 100000;
    $ceiling = 999999;
    srand((double) microtime() * 1000000);
    $random = mt_rand($floor, $ceiling);
    if ($utente == "" || $pwd == "" || $email == "") {
        return -1;
        exit;
    }
    $res = $db->query("SELECT email FROM users WHERE email = '" . $email . "'");
    if ($res->num_rows > 0) {
        return -2;
        exit;
    }
    if (!security::valid_email($email)) {
        return -3;
        exit;
    }
    // duplicate username
    $res = $db->query("SELECT username FROM users WHERE username = '******'");
    if ($res->num_rows > 0) {
        return -4;
        exit;
    }
    // duplicate username
    if (strpos($db->real_escape_string($utente), " ") == true) {
        return -7;
        exit;
    }
    if ($USE_IMAGECODE) {
        if (extension_loaded('gd')) {
            $arr = gd_info();
            if ($arr['FreeType Support'] == 1) {
                $public = $_POST['public_key'];
                $private = $_POST['private_key'];
                $p = new ocr_captcha();
                if ($p->check_captcha($public, $private) != true) {
                    err_msg(ERROR, ERR_IMAGE_CODE);
                    block_end();
                    stdfoot();
                    exit;
                }
            }
        }
    }
    $bannedchar = array("\\", "/", ":", "*", "?", "\"", "@", "\$", "'", "`", ",", ";", ".", "<", ">", "!", "£", "%", "^", "&", "(", ")", "+", "=", "#", "~");
    if (straipos($db->real_escape_string($utente), $bannedchar) == true) {
        return -8;
        exit;
    }
    if (utf8::strlen($db->real_escape_string($pwd)) < 4) {
        return -9;
        exit;
    }
    @$db->query("INSERT INTO users (username, password, random, id_level, email, style, language, flag, joined, lastconnect, pid, time_offset) VALUES ('" . $utente . "', '" . md5($pwd) . "', " . $random . ", " . $idlevel . ", '" . $email . "', " . $idstyle . ", " . $idlangue . ", " . $idflag . ", NOW(), NOW(), '" . md5(uniqid(mt_rand(), true)) . "', '" . $timezone . "')");
    if ($VALIDATION == "user") {
        ini_set("sendmail_from", "");
        if ($db->errno == 0) {
            mail($email, ACCOUNT_CONFIRM, ACCOUNT_MSG . "\n\n" . $BASEURL . "/account.php?act=confirm&confirm=" . $random . "&language=" . $idlangue . "", "From: " . $SITENAME . " <" . $SITEEMAIL . ">");
            write_log("Signup new User " . $utente . " (" . $email . ")", "add");
        } else {
            die($db->error);
        }
    }
    return $db->errno;
}