<?php
// [user operations module v.1.2.1]
// xantis.warp.cms - version 1.2
// (c) 2002 xantis - all rights reserved
// this code is registered and protected by international copyrights laws
//####### Register Globals !
extract($HTTP_ENV_VARS);
extract($HTTP_GET_VARS);
extract($HTTP_POST_VARS);
extract($HTTP_COOKIE_VARS);
extract($HTTP_SERVER_VARS);
//#########################
$ysecure = rawurldecode($ysecure);
$ysecure = base64_decode ($ysecure);
if ($ysecure == 'usr_frm-ok') {
$xnt_control_var = 'xnt2002warp.cms';
} //end if
if (empty($yfilename)) {
$yfilename = 'usr_op.php';
} //end if
require("lib_adv.php");
//##################################################
function xuser_operate () {
global $wxu, $wxp;
//in vars
global $usr_id_var, $usr_pass_var, $usr_repass_var, $op_var,
$fname_var, $sname_var, $company_var, $addr_var, $city_var,
$region_var, $zipcode_var, $phone_var, $country_nam_var,
$country_idx_var, $email_var, $ywusr_register_title, $ywebsite_name,
$subscr_var ;
//main vars
global $arr_var_result, $ywebsite_addr, $y_warp_xdate, $y_warp_xtime;
//cfg vars
global $warp_user_can_register, $warp_user_cannot_reg_msg, $ywusr_xok_03,
$ywusr_err_01, $ywusr_err_02, $ywusr_err_03, $ywusr_err_04, $ywusr_err_05,
$ywusr_xok_01, $ywusr_xok_02, $ywusr_user_id, $ywusr_user_pass, $ywusr_err_07,
$y_warp_err_data_failure, $warp_user_min_len, $ywusr_err_06, $ywusr_send_by_mail,
$ywusr_adm_bad_words_list, $ywusr_err_08, $ywusr_thecompany_isneeded ;
global $REQUEST_METHOD, $QUERY_STRING, $y_warp_direct_file_acc_msg_reff ;
$email_var = trim ($email_var);
//check request method
if ( ($REQUEST_METHOD <> 'POST') OR (!empty($QUERY_STRING)) ) {
die (
"&xcheck_load_controlvar=".rawurlencode('ok').
"&xcheck_data_controlvar=".rawurlencode('notok').
"&flash_form_text_err=".rawurlencode($y_warp_direct_file_acc_msg_reff).
"&flash_form_text_oky=".rawurlencode("XXX").
"&"
) ;
} //end if
//################################ user add (no email)
if ($op_var == 'uaddx') {
$y_process_usr_err = 'ok';
//check if user can register
if ($warp_user_can_register <> 'y') {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $warp_user_cannot_reg_msg;
} //end if
$y_process_usr_err = 'notok';
} //end if
//check if not empty vars
if ( (strlen($usr_id_var) < $warp_user_min_len) OR (strlen($usr_pass_var) < $warp_user_min_len) OR (strlen($usr_repass_var) < $warp_user_min_len) ) {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_05;
} //end if
$y_process_usr_err = 'notok';
} //end if
//check username bad words list
$hlx_tmpx_badds_wds_arr = array();
$hlx_tmpx_badds_wds_arr = explode(",", $ywusr_adm_bad_words_list);
for ($uy=0; $uy < count($hlx_tmpx_badds_wds_arr); $uy++) {
if ($usr_id_var == trim($hlx_tmpx_badds_wds_arr[$uy])) {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_08;
} //end if
$y_process_usr_err = 'notok';
$uy = count($hlx_tmpx_badds_wds_arr); //stop
} //end if
} //end for
//check if passwords match
if ($usr_pass_var <> $usr_repass_var) {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_02;
} //end if
$y_process_usr_err = 'notok';
} //end if
//check email
if (!stristr($email_var, '@')) {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_04;
} //end if
$y_process_usr_err = 'notok';
} //end if
if (!stristr($email_var, '.')) {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_04;
} //end if
$y_process_usr_err = 'notok';
} //end if
//get e-mail in use
if ($y_process_usr_err == 'ok') {
xmysql_read_data_fl ("SELECT id FROM users WHERE (usr_email='$email_var') ");
} //end if
//check e-mail in use
if ($arr_var_result[0] <> '') {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_07;
} //end if
$y_process_usr_err = 'notok';
} //end if
//get user ID in use
if ($y_process_usr_err == 'ok') {
xmysql_read_data_fl ("SELECT id FROM users WHERE (usr_name='$usr_id_var') ");
} //end if
//check user ID in use
if ($arr_var_result[0] <> '') {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_03;
} //end if
$y_process_usr_err = 'notok';
} //end if
//if ok all write data
if ($y_process_usr_err == 'ok') {
$y_xenc_pass = base64_encode ($usr_pass_var);
xmysql_write_data_fl ("INSERT INTO users (usr_name, usr_pass, usr_email, w_date, w_time) VALUES ('$usr_id_var', '$y_xenc_pass', '$email_var', '$y_warp_xdate', '$y_warp_xtime') ");
xmysql_read_data_fl ("SELECT id FROM users WHERE ( (usr_name='$usr_id_var') AND (usr_pass='$y_xenc_pass') ) ");
} //end if
//check if write successfull
if ($arr_var_result[0] == '') {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $y_warp_err_data_failure;
} //end if
$y_process_usr_err = 'notok';
} //end if
echo(
"&xcheck_load_controlvar=".rawurlencode('ok').
"&xcheck_data_controlvar=".rawurlencode($y_process_usr_err).
"&flash_form_text_err=".rawurlencode($xcheck_var_xerr).
"&flash_form_text_oky=".rawurlencode("$ywusr_xok_01")."\n".rawurlencode("[ $ywusr_user_id : $usr_id_var ; $ywusr_user_pass : ******** ]").
"&"
);
} //end if
//################################ user add (email)
if ($op_var == 'uadde') {
$y_process_usr_err = 'ok';
//check if user can register
if ($warp_user_can_register <> 'y') {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $warp_user_cannot_reg_msg;
} //end if
$y_process_usr_err = 'notok';
} //end if
//check if not empty vars
if (strlen($usr_id_var) < $warp_user_min_len) {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_05;
} //end if
$y_process_usr_err = 'notok';
} //end if
//check username bad words list
$hlx_tmpx_badds_wds_arr = array();
$hlx_tmpx_badds_wds_arr = explode(",", $ywusr_adm_bad_words_list);
for ($uy=0; $uy < count($hlx_tmpx_badds_wds_arr); $uy++) {
if ($usr_id_var == trim($hlx_tmpx_badds_wds_arr[$uy])) {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_08;
} //end if
$y_process_usr_err = 'notok';
$uy = count($hlx_tmpx_badds_wds_arr); //stop
} //end if
} //end for
//check email
if (!stristr($email_var, '@')) {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_04;
} //end if
$y_process_usr_err = 'notok';
} //end if
if (!stristr($email_var, '.')) {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_04;
} //end if
$y_process_usr_err = 'notok';
} //end if
//get e-mail in use
if ($y_process_usr_err == 'ok') {
xmysql_read_data_fl ("SELECT id FROM users WHERE (usr_email='$email_var') ");
} //end if
//check e-mail in use
if ($arr_var_result[0] <> '') {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_07;
} //end if
$y_process_usr_err = 'notok';
} //end if
//get user ID in use
if ($y_process_usr_err == 'ok') {
xmysql_read_data_fl ("SELECT id FROM users WHERE (usr_name='$usr_id_var') ");
} //end if
//check user ID in use
if ($arr_var_result[0] <> '') {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_03;
} //end if
$y_process_usr_err = 'notok';
} //end if
//if ok all write data
if ($y_process_usr_err == 'ok') {
$yx_rand_passw = substr(md5(uniqid(rand(),1)),0,5);
$y_xenc_pass = base64_encode ($yx_rand_passw);
xmysql_write_data_fl ("INSERT INTO users (usr_name, usr_pass, usr_email, w_date, w_time) VALUES ('$usr_id_var', '$y_xenc_pass', '$email_var', '$y_warp_xdate', '$y_warp_xtime') ");
xmysql_read_data_fl ("SELECT id FROM users WHERE ( (usr_name='$usr_id_var') AND (usr_pass='$y_xenc_pass') ) ");
} //end if
//check if write successfull
if ($arr_var_result[0] == '') {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $y_warp_err_data_failure;
} //end if
$y_process_usr_err = 'notok';
} //end if
//if ok all mail data
if ($y_process_usr_err == 'ok') {
mail("$email_var",
"$ywebsite_name : $ywusr_register_title",
"$ywusr_xok_01"."\n".
"$ywusr_user_id : $usr_id_var"."\n".
"$ywusr_user_pass : $yx_rand_passw"."\n".
'-----------------------------------'."\n".
"$y_warp_xdate".' - '."$y_warp_xtime"."\n".
'-----------------------------------'."\n".
"$ywebsite_addr"."\n".
'-----------------------------------'."\n"
);
} //end if
echo(
"&xcheck_load_controlvar=".rawurlencode('ok').
"&xcheck_data_controlvar=".rawurlencode($y_process_usr_err).
"&flash_form_text_err=".rawurlencode($xcheck_var_xerr).
"&flash_form_text_oky=".rawurlencode("$ywusr_xok_03").
"&"
);
} //end if
//################################
//################################ user edit info
if ($op_var == 'uedx') {
$y_process_usr_err = 'ok';
// check if country exists
$hlocal_country_list_chkx = '';
xmysql_read_data_fl ("SELECT id FROM country_list WHERE ( (c_id='$country_idx_var') AND (c_name='$country_nam_var') ) ");
$hlocal_country_list_chkx = $arr_var_result[0] ;
//check if not empty vars
if ( (empty($fname_var)) OR (empty($sname_var)) OR (empty($addr_var)) OR
(empty($city_var)) OR (empty($region_var)) OR (empty($zipcode_var)) OR
(empty($hlocal_country_list_chkx)) OR (empty($phone_var)) OR (empty($email_var)) ) {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_01;
} //end if
$y_process_usr_err = 'notok';
} //end if
//check empty company if required
if ($ywusr_thecompany_isneeded == 'y') {
if (empty($company_var)) {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_01;
} //end if
$y_process_usr_err = 'notok';
} //end if
} //end if
//check email
if (!stristr($email_var, '@')) {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_04;
} //end if
$y_process_usr_err = 'notok';
} //end if
if (!stristr($email_var, '.')) {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_04;
} //end if
$y_process_usr_err = 'notok';
} //end if
//get e-mail in use
if ($y_process_usr_err == 'ok') {
xmysql_read_data_fl ("SELECT id FROM users WHERE ( (usr_email='$email_var') AND (MD5(usr_name)<>'$wxu') ) ");
} //end if
//check e-mail in use
if ($arr_var_result[0] <> '') {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_07;
} //end if
$y_process_usr_err = 'notok';
} //end if
//if ok all update data
if ($y_process_usr_err == 'ok') {
$y_xquer_usr_upd_ninfo = " UPDATE users SET ".
" usr_fname='$fname_var', ".
" usr_sname='$sname_var', ".
" usr_company='$company_var', ".
" usr_addr='$addr_var', ".
" usr_city='$city_var', ".
" usr_reg_st='$region_var', ".
" usr_zip='$zipcode_var', ".
" usr_country='$country_nam_var', ".
" usr_countr_id='$country_idx_var', ".
" usr_phone='$phone_var', ".
" usr_email='$email_var', ".
" w_subscr='$subscr_var' ".
" WHERE ( (MD5(usr_name)='$wxu') AND (MD5(usr_pass)='$wxp') ) " ;
xmysql_write_data_fl ($y_xquer_usr_upd_ninfo);
xmysql_read_data_fl ("SELECT id FROM users WHERE ( (MD5(usr_name)='$wxu') AND (MD5(usr_pass)='$wxp') AND (usr_fname='$fname_var') ) ");
} //end if
//check if write successfull
if ($arr_var_result[0] == '') {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $y_warp_err_data_failure;
} //end if
$y_process_usr_err = 'notok';
} //end if
echo(
"&xcheck_load_controlvar=".rawurlencode('ok').
"&xcheck_data_controlvar=".rawurlencode($y_process_usr_err).
"&flash_form_text_err=".rawurlencode($xcheck_var_xerr).
"&flash_form_text_oky=".rawurlencode("$ywusr_xok_02").
"&"
);
} //end if
//################################
//################################ user edit info login
if ($op_var == 'uedy') {
$y_process_usr_err = 'ok';
//check if not empty vars
if ( (strlen($usr_pass_var) < $warp_user_min_len) OR (strlen($usr_repass_var) < $warp_user_min_len) ) {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_05;
} //end if
$y_process_usr_err = 'notok';
} //end if
//check if passwords match
if ($usr_pass_var <> $usr_repass_var) {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_02;
} //end if
$y_process_usr_err = 'notok';
} //end if
//if ok all update data
if ($y_process_usr_err == 'ok') {
$y_xenc_pass = base64_encode ($usr_pass_var);
xmysql_write_data_fl ("UPDATE users SET usr_pass='$y_xenc_pass' WHERE ( (MD5(usr_name)='$wxu') AND (MD5(usr_pass)='$wxp') ) ");
xmysql_read_data_fl ("SELECT id FROM users WHERE ( (MD5(usr_name)='$wxu') AND (usr_pass='$y_xenc_pass') ) ");
} //end if
//check if write successfull
if ($arr_var_result[0] == '') {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $y_warp_err_data_failure;
} //end if
$y_process_usr_err = 'notok';
} //end if
echo(
"&xcheck_load_controlvar=".rawurlencode('ok').
"&xcheck_data_controlvar=".rawurlencode($y_process_usr_err).
"&flash_form_text_err=".rawurlencode($xcheck_var_xerr).
"&flash_form_text_oky=".rawurlencode("$ywusr_xok_02")."\n".rawurlencode("[ $ywusr_user_id : $usr_id_var ; $ywusr_user_pass : ******** ]").
"&"
);
} //end if
//################################
//################################ user forget
if ($op_var == 'ufgt') {
$y_process_usr_err = 'ok';
//check email
if (!stristr($email_var, '@')) {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_04;
} //end if
$y_process_usr_err = 'notok';
} //end if
if (!stristr($email_var, '.')) {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_04;
} //end if
$y_process_usr_err = 'notok';
} //end if
//get e-mail in use
if ($y_process_usr_err == 'ok') {
xmysql_read_data_fl ("SELECT id, usr_name, usr_pass FROM users WHERE (usr_email='$email_var') ");
} //end if
//check e-mail in use
if ($arr_var_result[0] == '') {
if ($y_process_usr_err == 'ok') {
$xcheck_var_xerr = $ywusr_err_06;
} //end if
$y_process_usr_err = 'notok';
} //end if
//if ok all send data
if ($y_process_usr_err == 'ok') {
$WARP_B64_DEC_AUTH_PASSW = base64_decode($arr_var_result[2]);
mail("$email_var",
"$ywebsite_name : $ywusr_send_by_mail",
"$ywusr_user_id : $arr_var_result[1]"."\n".
"$ywusr_user_pass : $WARP_B64_DEC_AUTH_PASSW"."\n".
'-----------------------------------'."\n".
"$y_warp_xdate".' - '."$y_warp_xtime"."\n".
'-----------------------------------'."\n".
"$ywebsite_addr"."\n".
'-----------------------------------'."\n"
);
} //end if
echo(
"&xcheck_load_controlvar=".rawurlencode('ok').
"&xcheck_data_controlvar=".rawurlencode($y_process_usr_err).
"&flash_form_text_err=".rawurlencode($xcheck_var_xerr).
"&flash_form_text_oky=".rawurlencode("$ywusr_xok_03").
"&"
);
} //end if
//################################
} //end function
//------------------------------------------------
if ($ysecure == 'usr_frm-ok') {
xuser_operate ();
} //end if
//------------------------------------------------
// end of php code
?>