require "include/bittorrent.php"; dbconn(); loggedinorreturn(); if( get_user_class() < UC_MODERATOR) stderr( _("Error"), "Access denied."); if ($_SERVER["REQUEST_METHOD"] == "POST") { if ($_POST["username"] == "" || $_POST["password"] == "" || $_POST["email"] == "") stderr( _("Error"), _("Missing form data.") ); if ($_POST["password"] != $_POST["password2"]) stderr( _("Error"), _("Passwords mismatch.") ); $username = sqlesc($_POST["username"]); $password = $_POST["password"]; $email = sqlesc($_POST["email"]); $secret = mksecret(); $passhash = sqlesc(md5($secret . $password . $secret)); $passkey= sqlesc(md5($username.get_date_time().$passhash)); $secret = sqlesc($secret); do_mysql_query("INSERT INTO users (inverted_added,added, last_access, secret, username, passhash, status, email, passkey, last_check) VALUES(4294967295 - UNIX_TIMESTAMP(), NOW(), NOW(), $secret, $username, $passhash, 'confirmed', $email, $passkey, NOW())") or sqlerr(__FILE__, __LINE__); $res = do_mysql_query("SELECT id FROM users WHERE username=$username"); $arr = mysql_fetch_row($res); if (!$arr) stderr(_("Error"), _("Unable to create the account. The user name is possibly already taken.") ); header("Location: userdetails.php?id=$arr[0]"); die; } stdhead( _("Add user") ); ?>