-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathadd_user.php
More file actions
60 lines (47 loc) · 1.86 KB
/
add_user.php
File metadata and controls
60 lines (47 loc) · 1.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?php
require_once "config.php";
require_once "functions.php";
if(logged_in()){
redirect("home/");
}
$error="";
$suc="";
$iserror = false;
if(!isset($_GET["code1"]) || !isset($_GET["code2"])){
$iserror = true;
}else{
$code1 = $_GET["code1"];
$code2 = $_GET["code2"];
$query = "SELECT * FROM `create_users` WHERE `code1`='".mysqli_real_escape_string($con, $code1)."' AND `code2`='".mysqli_real_escape_string($con, $code2)."' AND `time` > ".(time()-(30*60))." ORDER BY `time` DESC LIMIT 1";
$result = mysqli_query($con, $query) or die(mysqli_error($con));
if(mysqli_num_rows($result) > 0){
$data = mysqli_fetch_array($result);
$role = 1;
if(is_numeric($data["userid"])){
$role = 2;
}
$query = "INSERT INTO `users` (`id`,`firstname`, `lastname`, `password`, `role`, `firsttime`) VALUES('".mysqli_real_escape_string($con, $data["userid"])."' ,'".mysqli_real_escape_string($con, $data["firstname"])."', '".mysqli_real_escape_string($con, $data["lastname"])."', '".mysqli_real_escape_string($con, $data["password"])."', ".mysqli_real_escape_string($con, $role).", 1)";
mysqli_query($con, $query) or die(mysqli_error($con));
$query = "DELETE FROM `create_users` WHERE `code1`='".mysqli_real_escape_string($con, $code1)."' AND `code2`='".mysqli_real_escape_string($con, $code2)."'";
mysqli_query($con, $query) or die(mysqli_error($con));
$_SESSION["userid"] = $data["userid"];
$_SESSION["role"] = $role;
$_SESSION["firsttime"] = 1;
redirect("home/interests.php");
}else{
$iserror = true;
}
}
?>
<!DOCTYPE html>
<html lang="en" >
<head>
</head>
<body>
<?php
if($iserror){
die("Invalid request");
}
?>
</body>
</html>