function aggiungiutente()
{
global $SITENAME, $SITEEMAIL, $db, $BASEURL, $VALIDATION, $USERLANG, $USE_IMAGECODE;
$utente = $db->real_escape_string($_POST["user"]);
$pwd = $db->real_escape_string($_POST["pwd"]);
$pwd1 = $db->real_escape_string($_POST["pwd1"]);
$email = $db->real_escape_string($_POST["email"]);
$idlangue = intval($_POST["language"]);
$idstyle = intval($_POST["style"]);
$idflag = intval($_POST["flag"]);
$timezone = intval($_POST["timezone"]);
if (utf8::strtoupper($utente) == utf8::strtoupper("Guest")) {
print ERROR . " " . ERR_GUEST_EXISTS . "<br />\n";
print "<a href='account.php'>" . BACK . "</a>";
block_end();
stdfoot();
exit;
}
if ($pwd != $pwd1) {
print ERROR . " " . DIF_PASSWORDS . "<br />\n";
print "<a href='account.php'>" . BACK . "</a>";
block_end();
stdfoot();
exit;
}
if ($VALIDATION == "none") {
$idlevel = 3;
} else {
$idlevel = 2;
}
# Create Random number
$floor = 100000;
$ceiling = 999999;
srand((double) microtime() * 1000000);
$random = mt_rand($floor, $ceiling);
if ($utente == "" || $pwd == "" || $email == "") {
return -1;
exit;
}
$res = $db->query("SELECT email FROM users WHERE email = '" . $email . "'");
if ($res->num_rows > 0) {
return -2;
exit;
}
if (!security::valid_email($email)) {
return -3;
exit;
}
// duplicate username
$res = $db->query("SELECT username FROM users WHERE username = '******'");
if ($res->num_rows > 0) {
return -4;
exit;
}
// duplicate username
if (strpos($db->real_escape_string($utente), " ") == true) {
return -7;
exit;
}
if ($USE_IMAGECODE) {
if (extension_loaded('gd')) {
$arr = gd_info();
if ($arr['FreeType Support'] == 1) {
$public = $_POST['public_key'];
$private = $_POST['private_key'];
$p = new ocr_captcha();
if ($p->check_captcha($public, $private) != true) {
err_msg(ERROR, ERR_IMAGE_CODE);
block_end();
stdfoot();
exit;
}
}
}
}
$bannedchar = array("\\", "/", ":", "*", "?", "\"", "@", "\$", "'", "`", ",", ";", ".", "<", ">", "!", "£", "%", "^", "&", "(", ")", "+", "=", "#", "~");
if (straipos($db->real_escape_string($utente), $bannedchar) == true) {
return -8;
exit;
}
if (utf8::strlen($db->real_escape_string($pwd)) < 4) {
return -9;
exit;
}
@$db->query("INSERT INTO users (username, password, random, id_level, email, style, language, flag, joined, lastconnect, pid, time_offset) VALUES ('" . $utente . "', '" . md5($pwd) . "', " . $random . ", " . $idlevel . ", '" . $email . "', " . $idstyle . ", " . $idlangue . ", " . $idflag . ", NOW(), NOW(), '" . md5(uniqid(mt_rand(), true)) . "', '" . $timezone . "')");
if ($VALIDATION == "user") {
ini_set("sendmail_from", "");
if ($db->errno == 0) {
mail($email, ACCOUNT_CONFIRM, ACCOUNT_MSG . "\n\n" . $BASEURL . "/account.php?act=confirm&confirm=" . $random . "&language=" . $idlangue . "", "From: " . $SITENAME . " <" . $SITEEMAIL . ">");
write_log("Signup new User " . $utente . " (" . $email . ")", "add");
} else {
die($db->error);
}
}
return $db->errno;
}