Mini Shell Moded By TiGER HeX
Home
||
Turbo Force
||
B-F Config_Cpanel
Current Path :
/
var
/
www
/
ridazz
/
admin
/
Linux midnightridazz 4.19.0-11-cloud-amd64 #1 SMP Debian 4.19.146-1 (2020-09-17) x86_64
Upload File :
New :
File
Dir
//var/www/ridazz/admin/userAdd.php
<? include_once('../includes/static/configure.php'); include_once('../includes/static/util.php'); include_once('../includes/static/dbcon2.php'); include_once('../includes/static/gdimg.php'); include_once('../includes/static/sessions.php'); include_once('includes/static/util.php'); include_once('includes/appTop2.php'); $page_id = str_replace(".php","",basename($_SERVER['PHP_SELF'])); if(!has_permission($page_id)){ die("You don't have permission to view this page!"); } ?> <? $html = ""; if(isset($_REQUEST['register'])){ $email = $db->sanitize_input(addslashes($_REQUEST['email'])); $url = $db->sanitize_input($_REQUEST['website']); $uname = $db->sanitize_input(sanitize_title($_REQUEST['username'])); $password = $db->sanitize_input($_REQUEST['password']); $user_type = $db->sanitize_input($_REQUEST['userType']); $profile = $db->sanitize_input(sanitize_body(get_html_text($_REQUEST['profile']))); $ip = get_client_ip(); $cur_file = $_FILES['file']['name']; $cur_temp = $_FILES['file']['tmp_name']; $cur_mime = $_FILES['file']['type']; $cur_size = $_FILES['file']['size']; $cur_error = $_FILES['file']['error']; //first check for unique name $sql = "SELECT user_id FROM 50mm_users WHERE username ='$uname'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } if($db->sql_numrows($result) < 1){ //username is unique so add this user //store profile image on the server $unique_name = ""; $valid = validate_content($cur_error,$cur_mime,$cur_size,$cur_file,PROFILE_MAX_KB); if($valid['result']){ $type = explode("/",$cur_mime); $cur_type = trim($type[0]); $unique_name = $db->sanitize_input(get_unique_filename($cur_file)); $image_info = getimagesize($cur_temp); //check to see if image needs resizing if(($image_info[0] > PROFILE_IMG_WIDTH) || ($image_info[1] > PROFILE_IMG_HEIGHT)){ //create image res $gd = new gd_img($cur_mime,$cur_temp); if(!$gd->img_id){ die($gd->gd_error);} //scale image $id = $gd->gd_scale_img(PROFILE_IMG_WIDTH,PROFILE_IMG_WIDTH,IMG_QUALITY); if(!$id){ die($gd->gd_error);} //create image $res = $gd->gd_create_img($id,ROOT_DIR.PROFILE_IMG_DIR.$unique_name); if(!$res){ die($gd->gd_error);} }else{ if (!copy($cur_temp, ROOT_DIR.PROFILE_IMG_DIR.$unique_name)) { die("Failed Image Upload"); } } } $sql = "INSERT INTO 50mm_users (user_type,email,username,password,image,profile,url,ip,verified,entry_time) VALUES ('$user_type','$email','$uname','$password','$unique_name','$profile','$url','$ip',1,NOW())"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } if($user_type != 'WEB'){ $sql = "SELECT LAST_INSERT_ID() AS id"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $row = $db->sql_fetchrow($result); $id = $row['id']; $sql = "INSERT INTO 50mm_permissions (user_id) VALUES ('$id')"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } } $html = "<div class=\"hilite\">operation successful</div>"; }else{ $html = "<div class=\"error\">username is not unique</div>"; } } ?> <? include_once('includes/header.php'); //content ?> <br> <script>registerDivs = new Array('username','email','password');</script> <form action="<?echo $_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data" onSubmit="return validateForm(this,registerDivs,'errorRegister');"> <table cellspacing="0" cellpadding="4" border="0"> <tr> <td colspan="2"><span class="title">New user? Register for free</span><br> (you will be registered to post in the forum as well)</td> </tr> <tr> <td>User Type</td> <td> <select name="userType"> <option value="WEB">WEB</option> <option value="EDITOR">EDITOR</option> <option value="ADMIN">ADMIN</option> </select> </td> </tr> <tr> <td>Email<span id="erremail" class="error" style="visibility:hidden;"> *</span></td> <td><input type="text" name="email" value="" class="field" maxlength="120"></td> </tr> <tr> <td>Username<span id="errusername" class="error" style="visibility:hidden;"> *</span></td> <td><input type="text" name="username" value="" class="field" maxlength="30"></td> </tr> <tr> <td>Password<span id="errpassword" class="error" style="visibility:hidden;"> *</span></td> <td><input type="password" name="password" value="" class="field" maxlength="30"></td> </tr> <tr> <td>Website <em>(optional)</em></td> <td><input type="text" name="website" value="http://" class="field"></td> </tr> <tr> <td>Profile Image <em>(optional)</em></td> <td><input type="file" name="file" class="field"></td> </tr> <tr valign="top"> <td>Profile Text <em>(optional)</em></td> <td><textarea class="body" name="profile" style="width: 400px; height: 200px;"></textarea></td> </tr> <tr> <td> </td> <td> <input name="register" type="submit" class="button" value="Regsiter"><br> <div id="errorRegister" class="error" style="visibility:hidden;">Please correct the fields marked by *</div> </td> </tr> </table> </form> <?echo $html?> <? /* //set active $sql = "SELECT user_id,username,password,email,image,profile,url,banned,ip,entry_time FROM 50mm_users WHERE user_type='$user_type'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $modrows = Array(); while ($row = $db->sql_fetchrow($result)){ $id = $row['user_id']; $row['url'] = get_trim_string($row['url'],30); $xtras = Array( "edit"=>"<a href=\"".$_SERVER['PHP_SELF']."?userId=$id&action=edit\">edit</a>", "delete"=>"<a href=\"".$_SERVER['PHP_SELF']."?userId=$id&action=delete\">delete</a>" ); unset($row['user_id']); $all = array_merge($row,$xtras); array_push($modrows, $all); } echo(get_table($modrows)); */ ?> <? include_once('includes/footer.php'); include_once('includes/appBottom.php'); ?>