"); if ($act=="mod") block_begin(ACCOUNT_EDIT); elseif ($act=="signup" && isset($CURUSER["uid"]) && $CURUSER["uid"]!=1) { $url="index.php"; redirect($url); } elseif ($act=="signup") block_begin(ACCOUNT_CREATE); elseif ($act=="del") block_begin(ACCOUNT_DELETE); print(""); $res=mysql_query("SELECT count(*) FROM users WHERE id>1"); $nusers=mysql_fetch_row($res); $numusers=$nusers[0]; if ($act=="signup" && $MAX_USERS!=0 && $numusers>=$MAX_USERS) { err_msg(ERROR,REACHED_MAX_USERS); block_end(); exit(); } if ($act=="confirm") { $random=$_GET["confirm"]; $res=mysql_query("UPDATE users SET id_level=3 WHERE id_level=2 AND random=$random"); if (!$res) die("ERROR: " . mysql_error() . "\n"); else { print(ACCOUNT_CONGRATULATIONS); block_end(); exit; //print("".USER_LOGIN."") } } if ($CURUSER["edit_users"]=="yes" || $id=$CURUSER["uid"]) { if (!isset($_POST["elimina"])) $_POST["elimina"] = ""; if ($_POST["elimina"]==FRM_DELETE) { if ($CURUSER["delete_users"]!="yes") { print(CANT_DELETE_USER); print("".BACK.""); block_end(); exit(); } $ret=mysql_query("SELECT predef_level FROM users_level INNER JOIN users ON users.id_level=users_level.id_level WHERE username='".mysql_escape_string($_POST["user"])."'"); $row=@mysql_fetch_array($ret); if ($row && $row["predef_level"]=="admin") { // impossible to delete higher levels print(ERR_NOT_AUTH); print(" ".BACK.""); block_end(); exit(); } @mysql_query("DELETE FROM users WHERE username='".mysql_escape_string($_POST["user"])."'"); write_log("Deleted user ".mysql_escape_string($_POST["user"]),"delete"); print(""); block_end(); exit(); } elseif ($_POST["elimina"]==FRM_CANCEL) print(""); if (!isset($_POST["conferma"])) $_POST["conferma"] = ""; if ($_POST["conferma"]) { if ($act=="signup") { $ret=aggiungiutente(); if ($ret==0) { if ($VALIDATION=="user") { print("

\n"); print("\n"); print("
\n"); print("
".ACCOUNT_CREATED."

".EMAIL_SENT."


\n"); block_end(); exit(); } else if ($VALIDATION=="none") { print("

\n"); print("\n"); print("
\n"); print("
".ACCOUNT_CREATED."

".ACCOUNT_CONGRATULATIONS."


\n"); block_end(); exit(); } else { print("

\n"); print("\n"); print("
\n"); print("
".ACCOUNT_CREATED."

".WAIT_ADMIN_VALID."


\n"); block_end(); exit(); } } elseif ($ret==-1) err_msg(ERROR,ERR_MISSING_DATA); elseif ($ret==-2) err_msg(ERROR,ERR_EMAIL_ALREADY_EXISTS); elseif ($ret==-3) err_msg(ERROR,"Invalid Email!"); // valid email check - by vibes else err_msg(ERROR,ERR_USER_ALREADY_EXISTS); block_end(); exit(); } elseif ($act=="mod") { //$ret=mysql_query("SELECT id_level, id FROM users WHERE username='".mysql_escape_string($_POST["user"])."'"); $ret=mysql_query("SELECT users.*, users_level.id_level as idlevel FROM users INNER JOIN users_level ON users.id_level=users_level.id WHERE username='".mysql_escape_string($_POST["user"])."'"); $row=@mysql_fetch_array($ret); if ($row && $row["idlevel"] > $CURUSER["id_level"] && $CURUSER["uid"]!=$row["id"]){ // impossible to edit higher levels print(ERR_NOT_AUTH); print(" ".BACK.""); block_end(); exit(); } modificautente(); print(""); block_end(); exit(); } } if ($id!=0) { $res=mysql_query("SELECT * FROM users WHERE id=$id"); $num=mysql_num_rows($res); if ($num=0) print("

".ERROR." ".USER_NOT_FOUND."

"); else { $row=mysql_fetch_array($res); tabella($act,$row); } } else { tabella($act); } print("
".BACK."
"); } else { if ($_POST["conferma"]) { if ($act=="signup") { $ret=aggiungiutente(); if ($ret==0) { if ($VALIDATION=="user") { print("

\n"); print("\n"); print("
\n"); print("
".ACCOUNT_CREATED."

".EMAIL_SENT."


\n"); block_end(); exit(); } else if ($VALIDATION=="none") { print("

\n"); print("\n"); print("
\n"); print("
".ACCOUNT_CREATED."

".ACCOUNT_CONGRATULATIONS."


\n"); block_end(); exit(); } else { print("

\n"); print("\n"); print("
\n"); print("
".ACCOUNT_CREATED."

".WAIT_ADMIN_VALID."


\n"); block_end(); exit(); } } elseif ($ret==-1) print("
".ERROR." ".ERR_MISSING_DATA."
"); else print(ERROR.USER_ALREADY_EXISTS); } } elseif ($act=="mod" && $CURUSER["uid"]!=$id) err_msg(ERROR,NOT_AUTH); else tabella($act); } function tabella($action,$dati=array()) { global $idflag,$link, $idlangue, $idstyle, $CURUSER,$USE_IMAGECODE; ?>

"> " /> \n\t"); print("\n\t\n"); $sres=style_list(); print("\n\t"); print("\n\t\n"); $fres=flag_list(); print("\n\t"); print("\n\t\n"); // ----------------------------- // Captcha hack // ----------------------------- // if set to use secure code: try to display imagecode if ($USE_IMAGECODE) { if (extension_loaded('gd')) { $arr = gd_info(); if ($arr['FreeType Support']==1) { $p=new ocr_captcha(); print("\n\t"); print("\n\t\n"); } } } // ----------------------------- // Captcha hack // ----------------------------- } if ($CURUSER['edit_users']=='yes' && $action=="mod") { print("\n\t"); } ?>     "); else print("\n"); ?>
: "); else print("\n"); ?>
:
:
: "/>
".USER_LANGUE.":
".USER_STYLE.":
".PEER_COUNTRY.":
".IMAGE_CODE.":\n"); print($p->display_captcha(true)); $private=$p->generate_private(); print("
". USER_LEVEL .":"); print("
    

check_captcha($public,$private) != true) { print(ERROR." ".ERR_IMAGE_CODE."
"); print("".BACK.""); block_end(); exit; } } } } if ($utente == "Guest") { print(ERROR." ".ERR_GUEST_EXISTS."
"); print("".BACK.""); block_end(); exit; } if ($pwd != $pwd1) { print(ERROR." ".DIF_PASSWORDS."
"); print("".BACK.""); block_end(); exit; } if ($VALIDATION=="none") $idlevel=3; else $idlevel=2; # Create Random number $floor = 100000; $ceiling = 999999; srand((double)microtime()*1000000); $random = rand($floor, $ceiling); if ($utente=="" || $pwd=="" || $email=="") { return -1; exit; } $res=mysql_query("SELECT email FROM users WHERE email='$email'"); if (mysql_num_rows($res)>0) { return -2; exit; } // valid email check - by vibes $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*" ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*" ."\.([a-z]{2,}){1}$"; if(!eregi($regex,$email)) { return -3; exit; } // valid email check end @mysql_query("INSERT INTO users (username, password, random, id_level, email, style, language, flag, joined) VALUES ('$utente', '" . md5($pwd) . "', $random, $idlevel, '$email', $idstyle, $idlangue, $idflag, NOW())"); if ($VALIDATION=="user") { ini_set("sendmail_from",""); if (mysql_errno()==0) mail($email,ACCOUNT_CONFIRM,ACCOUNT_MSG."\n\n".$BASEURL."/account.php?act=confirm&confirm=$random&language=$idlangue","From: $SITENAME <$SITEEMAIL>"); } write_log("Signup new user $utente ($email)","add"); return mysql_errno(); } function modificautente() { $utente=mysql_escape_string($_POST["user"]); if (isset ($_POST["pwd"])) $pwd=mysql_escape_string($_POST["pwd"]); else $pwd=""; $level=max(0,$_POST["level"]); $idlangue=max(0,$_POST["language"]); $idstyle=max(0,$_POST["style"]); $idflag=max(0,$_POST["flag"]); if (isset ($_POST["email"])) $email=mysql_escape_string($_POST["email"]); else $email=""; $set=array(); if ($email!="") $set[]="email='$email'"; if ($level>0) $set[]="id_level='$level'"; if ($idlangue>0) $set[]="language=$idlangue"; if ($idstyle>0) $set[]="style=$idstyle"; if ($pwd!="") $set[]="password=".md5($pwd); if ($idflag>0) $set[]="flag=$idflag"; $updateset=implode(",",$set); if ($updateset!="") @mysql_query("UPDATE users SET $updateset WHERE username='$utente'"); write_log("Modified user $utente","modify"); } block_end(); stdfoot(); ?>