File: /home/httpd/html/nyloncams.com/public_html/controllers/control.signup.php
<?php
if($redirectSignupURL) {
header("Location: $redirectSignupURL");
exit();
}
if (isset($_POST) && count($_POST) > 0) {
$errors = array();
$thisusername = htmlentities($_POST['signup_username']);
$thisemail = htmlentities($_POST['signup_email']);
$checkName = dbQuery("SELECT * FROM users WHERE username = '" . mysqli_real_escape_string($dblink, $thisusername) . "'",false);
if (isset($_POST['signup_username']) && strlen($_POST['signup_username']) == 0) {
setMessage(_t("Username is required field."), "error");
} elseif (isset($_POST['signup_username']) && !ctype_alnum($_POST['signup_username'])) {
setMessage(_t("Username contains invalid characters. Please use only A-Z and 0-9, no spaces are special characters"), 'error');
} elseif (isset($_POST['signup_username']) && strlen($_POST['signup_username']) < $config['username_min_length'] || strlen($_POST['signup_username']) > $config['username_max_length']) {
setMessage(_t("Username must be between %username_min_len and %username_max_len characters long", array("%username_min_len" => $config['username_min_length'], "%username_max_len" => $config['username_max_length'])),'error');
} elseif(is_array($checkName)) {
setMessage(_t("This username already exists in our system."), 'error');
}
if (strlen($_POST['signup_email']) == 0) {
setMessage(_t("Email is required field."),'error');
} elseif (!filter_var($_POST['signup_email'], FILTER_VALIDATE_EMAIL)) {
setMessage(_t("Invalid Email Address"),'error');
} elseif (is_array(dbQuery("SELECT * FROM users WHERE email = '" . mysqli_real_escape_string($dblink, $thisemail) . "'",false))) {
setMessage(_t("This email already exists in our system."),'error');
}
if (strlen($_POST['signup_password']) < $config['password_min_length']) {
setMessage(_t("Password must be at least %pass_min_len characters long", array("%pass_min_len" => $config['password_min_length'])),'error');
}
if (strlen($_POST['signup_tos']) == 0) {
setMessage(_t("You must agree to our terms of service and privacy policy."), "error");
}
if (isset($enable_signup_captcha) && isset($_SESSION['captcha']) && isset($_POST['captchaaa']) && strtolower($_POST['captchaaa']) != strtolower($_SESSION['captcha'])) {
setMessage(_t("Incorrect CAPTCHA Response"),'error');
}
if (!getMessages(false,'error')) {
$emailVerified = 1;
$validationCode = '';
if ($require_account_confirmation) {
$emailVerified = 0;
$validationCode = substr(number_format(time() * rand(), 0, '', ''), 0, 20);
}
$time = date("Y-m-d H:i:s");
$salt = generateSalt(rand(5, 10));
dbQuery("INSERT INTO users (username, password, salt, email, registration_ip, email_verified, validate, date_joined) VALUES ('" . mysqli_real_escape_string($dblink, $thisusername) . "',MD5('" . $_POST['signup_password'] . $salt . "'), '" . mysqli_real_escape_string($dblink, $salt) . "', '" . mysqli_real_escape_string($dblink, $thisemail) . "', '" . $_SERVER['REMOTE_ADDR'] . "', '$emailVerified', '$validationCode', '$time')");
$insert_id = mysqli_insert_id($dblink);
if ($require_account_confirmation) {
sendEmail('email-verification', $insert_id, array('%validationCode' => $validationCode));
} else {
sendEmail('email-welcome', $insert_id);
}
header("Location: $basehttp/signup?done=true");exit();
}
} else if ($_GET['panel'] == 1) {
$thisusername = $_GET['panel_username'];
$thisemail = $_GET['panel_email'];
}
?>