File: /home/httpd/html/freecams1.com/public_html/admin/add_user.php
<?php
require "db.php";
if (isset($_POST['formSubmit'])) {
$_POST = array_map_array('trim', $_POST);
$_POST = array_map_array('strip_tags', $_POST, array('description', 'freeform'));
if ($_POST['username'] == '') {
setMessage('Username is required!', 'error');
} else if (is_array(dbQuery("SELECT `record_num` FROM `users` WHERE `username` = '" . mysqli_real_escape_string($dbconn, $_POST['username']) . "'", false))) {
setMessage('This username is already taken!', 'error');
}
if ($_POST['email'] == '') {
setMessage('E-mail is required!', 'error');
} else if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
setMessage('Invalid e-mail address', 'error');
} else if (is_array(dbQuery("SELECT `record_num` FROM `users` WHERE `email` = '" . mysqli_real_escape_string($dbconn, $_POST['email']) . "'", false))) {
setMessage('This e-mail is not available!', 'error');
}
if ($_FILES['file']['tmp_name']) {
if (filesize($_FILES['file']['tmp_name']) > $config['max_avatar_size'] * 1024) {
setMessage('Avatar is too big. It can be a maximum of %sizekB in GIF, JPG, or PNG format.', array('%size' => $config['max_avatar_size']), 'error');
} else {
$ext = explode(".", strtolower($_FILES['file']['name']));
$ext = array_reverse($ext);
if (!in_array($ext[0], array('jpg', 'jpeg', 'png', 'gif'))) {
setMessage('You may only upload image files for "Avatar"', 'error');
}
}
}
if ($_FILES['banner']['tmp_name']) {
$ext = explode(".", strtolower($_FILES['banner']['name']));
$ext = array_reverse($ext);
if (!in_array($ext[0], array('jpg', 'jpeg', 'png', 'gif'))) {
setMessage('You may only upload image files for "Banner"', 'error');
}
}
if (!getMessages(false, 'error')) {
$salt = generateSalt(rand(5, 10));
$profile = array(
'username' => $_POST['username'],
'password' => md5($_POST['password'] . $salt),
'salt' => $salt,
'is_admin' => (int) $_POST['is_admin'],
'email' => $_POST['email'],
'user_level' => (int) $_POST['user_level'],
'location' => $_POST['location'],
'age' => $_POST['age'],
'gender' => $_POST['gender'],
'description' => strip_tags($_POST['description']),
'name' => $_POST['name'],
'phone' => $_POST['phone'],
'im' => $_POST['im'],
'im_type' => $_POST['im_type'],
'backlink' => $_POST['backlink'],
'program_name' => $_POST['program_name'],
'program_url' => $_POST['program_url'],
'premium' => (int) $_POST['premium'],
'tokens' => (int) $_POST['tokens'],
'freeform' => strip_tags($_POST['freeform']),
'custom' => serialize($_POST['custom']),
'enabled' => (int) $_POST['enabled'],
);
$insert_id = dbInsert('users', $profile);
if (is_numeric($insert_id)) {
dbInsert('users_notifications', array(
'new_message' => 1,
'new_comment' => 1,
'new_post' => 1,
'friend_request' => 1,
'user_id' => $insert_id,
));
if ($_FILES['file']['tmp_name']) {
$ext = explode(".", strtolower($_FILES['file']['name']));
$ext = array_reverse($ext);
$filename = uniqid() . '.' . $ext[0];
$target = "$misc_path/$filename";
$target_big = "$misc_path/big-$filename";
move_uploaded_file($_FILES['file']['tmp_name'], $target_big);
makeImageThumbnail($target_big, $target, 800, 600, 'mogrify');
makeImageThumbnail($target_big, $target, 170, 130);
dbQuery("UPDATE `users` SET `avatar` = '$filename' WHERE `record_num` = '$insert_id'", false);
}
if ($_FILES['banner']['tmp_name']) {
$filename = uniqid() . trim($_FILES['banner']['name']);
$target = "$misc_path/$filename";
move_uploaded_file($_FILES['banner']['tmp_name'], $target);
dbQuery("UPDATE `users` SET `banner` = '$filename' WHERE `record_num` = '$insert_id'");
}
setMessage('New user added. <a href="' . $basehttp . '/admin/users.php"><b>Click here to return to Users List</b></a>');
} else {
setMessage('Cannot create new user', 'error');
}
header("Location: $_SERVER[REQUEST_URI]");
exit;
} else {
entities_walk($_POST);
}
}
?>
<? require "header.php"; ?>
<div class="content-page">
<div class="header-area">
<div class="breadcrumbs">
<a href="index.php">Admin Home</a>
<span><a href="add_user.php">Add User</a></span>
</div>
</div>
<div class="content-outer">
<h2>Add<strong>User</strong></h2>
<div class="notification info">Please use the form to create users on the website.</div>
<div class="content-inner">
<? echo getMessages(); ?>
<form action="" method="POST" enctype="multipart/form-data" class="form" novalidate autocomplete="off">
<input type="hidden" name="sponsor" value="<?php echo $_GET['id']; ?>" />
<table class="pagetable">
<thead>
<tr>
<th colspan="2">Add New User</th>
</tr>
</thead>
<tr>
<td>Username</td>
<td><input name="username" type="text" value="<?php echo $_POST['username']; ?>" required data-min-length="3" data-max-length="20" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="password" type="text" value="<?php echo $_POST['password']; ?>" required data-min-length="5" /></td>
</tr>
<tr>
<td>Email</td>
<td><input name="email" type="email" value="<?php echo $_POST['email']; ?>" required /></td>
</tr>
<tr>
<td>Admin Account</td>
<td>
<select name="is_admin">
<option<?php echo ($_POST['is_admin'] == '0') ? ' selected' : ''; ?> value="0">No</option>
<option<?php echo ($_POST['is_admin'] == '1') ? ' selected' : ''; ?> value="1">Yes</option>
</select>
</td>
</tr>
<tr>
<td>Location</td>
<td><input name="location" type="text" value="<?php echo $_POST['location']; ?>" /></td>
</tr>
<tr>
<td>Age</td>
<td><input name="age" type="number" value="<?php echo $_POST['age']; ?>" min="0" class="short" /></td>
</tr>
<tr>
<td>Gender</td>
<td>
<select name="gender">
<option<?php echo ($_POST['gender'] == 'Male') ? ' selected' : ''; ?> value="Male">Male</option>
<option<?php echo ($_POST['gender'] == 'Female') ? ' selected' : ''; ?> value="Female">Female</option>
</select>
</td>
</tr>
<tr>
<td>Description</td>
<td>
<textarea name="description" cols="45" rows="8"><?php echo $_POST['description']; ?></textarea>
<div class="hint">Allowed HTML tags: <b>, <i>, <em>, <strong>, <a>, <img></div>
</td>
</tr>
<tr>
<td>User Type</td>
<td>
<select name="user_level">
<option<?php echo ($_POST['user_level'] == 0) ? ' selected' : ''; ?> value="0">Normal</option>
<option<?php echo ($_POST['user_level'] == 2) ? ' selected' : ''; ?> value="2">Partner</option>
</select>
</td>
</tr>
<tr>
<td>Backlink URL</td>
<td><input name="backlink" type="text" value='<?php echo $_POST['backlink']; ?>' /></td>
</tr>
<tr>
<td>Backlink Banner</td>
<td><input type="file" name="banner" /></td>
</tr>
<tr>
<td>Contact Name</td>
<td><input name="name" type="text" value="<?php echo $_POST['name']; ?>" /></td>
</tr>
<tr>
<td>Contact Phone</td>
<td><input name="phone" type="text" value="<?php echo $_POST['phone']; ?>" /></td>
</tr>
<tr>
<td>IM</td>
<td><input name="im" type="text" value="<?php echo $_POST['im']; ?>" /></td>
</tr>
<tr>
<td>IM Type</td>
<td>
<select name="im_type">
<option<?php echo ($_POST['im_type'] == 'ICQ') ? ' selected' : ''; ?>>ICQ</option>
<option<?php echo ($_POST['im_type'] == 'AIM') ? ' selected' : ''; ?>>AIM</option>
<option<?php echo ($_POST['im_type'] == 'MSN') ? ' selected' : ''; ?>>MSN</option>
<option<?php echo ($_POST['im_type'] == 'Y!M') ? ' selected' : ''; ?>>Y!M</option>
</select>
</td>
</tr>
<tr>
<td>Site Name</td>
<td><input name="program_name" type="text" value="<?php echo $_POST['program_name']; ?>" /></td>
</tr>
<tr>
<td>Site URL</td>
<td><input name="program_url" type="text" value="<?php echo $_POST['program_url']; ?>" /></td>
</tr>
<tr>
<td>Comments/Info</td>
<td>
<textarea name="freeform" cols="45" rows="8"><?php echo $_POST['freeform']; ?></textarea>
<div class="hint">Allowed HTML tags: <b>, <i>, <em>, <strong>, <a>, <img></div>
</td>
</tr>
<tr>
<td>Premium</td>
<td>
<select name="premium">
<option<?php echo ($_POST['premium'] == '0') ? ' selected' : ''; ?> value="0">No</option>
<option<?php echo ($_POST['premium'] == '1') ? ' selected' : ''; ?> value="1">Yes</option>
</select>
</td>
</tr>
<tr>
<td>Tokens</td>
<td><input name="tokens" type="number" value="<?php echo $_POST['tokens']; ?>" min="0" class="short" /></td>
</tr>
<tr>
<td>Account Enabled</td>
<td>
<select name="enabled">
<option<? echo ($_POST['enabled'] == '0') ? ' selected' : ''; ?> value="0">No</option>
<option<? echo ($_POST['enabled'] == '1') ? ' selected' : ''; ?> value="1">Yes</option>
</select>
</td>
</tr>
<tr>
<td>Avatar</td>
<td><input type="file" name="file" /></td>
</tr>
<?php foreach ($custom_user_fields as $k => $v) { ?>
<tr>
<td><?php echo $k; ?></td>
<td>
<?php if (is_array($v)) { ?>
<select name="custom[<?php echo $k; ?>]">
<?php foreach ($v as $i) { ?>
<option<?php echo ($custom[$k] == $i) ? ' selected' : ''; ?>><?php echo $i; ?></option>
<?php } ?>
</select>
<?php } else { ?>
<input type="text" name="custom[<?php echo $k; ?>]" value="<?php echo $_POST['custom'][$k]; ?>" />
<?php } ?>
</td>
</tr>
<?php } ?>
<tr class="item submit">
<td colspan="2">
<input type="hidden" name="formSubmit" value="1">
<button type="submit" class="btn action-save">Submit</button>
</td>
</tr>
</table>
</form>
</div>
</div>
</div>
<?php require "footer.php"; ?>