Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- * DEPRECATED
- * This api creates users for a Wordpress + phpBB integrated site.
- */
- // Check that we have the required url parameters
- if (!array_key_exists ('username',$_GET) || !array_key_exists ('email',$_GET) || !array_key_exists ('api_key',$_GET)) {
- header("HTTP/1.0 400 Bad Request");
- echo "Required URL parameter is missing";
- exit;
- }
- // Validate API key
- if ($_GET['api_key'] != "durktyde") {
- header("HTTP/1.0 401 Unauthorized");
- echo "Bad API key";
- exit;
- }
- // Sanitize inputs
- $_GET['email'] = strtolower($_GET['email']);
- // Set up phpBB stuff
- define('IN_PHPBB', true);
- $phpbb_root_path = '/home/128108/domains/thedarktide.net/html/forum/';
- $phpEx = substr(strrchr(__FILE__, '.'), 1);
- require($phpbb_root_path . 'common.' . $phpEx);
- require($phpbb_root_path . 'includes/functions_user.' . $phpEx);
- require($phpbb_root_path . 'includes/functions_module.' . $phpEx);
- // If this isn't an update, create a new user
- if (!array_key_exists('update',$_GET)) {
- // Make sure the username isn't already registered
- if (validate_username($_GET['username']) !== false) {
- header("HTTP/1.0 500 Internal Server Error");
- echo "Username is already registered.";
- exit;
- }
- // Create user
- $user = array(
- 'username' => $_GET['username'],
- 'user_email' => $_GET['email'],
- 'group_id' => 2, // Registered Users group
- 'user_type' => 0,
- );
- $id = user_add($user);
- // Check that the ID was created successfully
- if ($id === false) {
- header("HTTP/1.0 503 Service Unavailable");
- echo "user_add returned false";
- exit;
- }
- } else {
- // Update the user's email
- $sql = 'SELECT user_id
- FROM ' . USERS_TABLE . "
- WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($_GET['username'])) . "'";
- $result = $db->sql_query($sql);
- $user_row = $db->sql_fetchrow($result);
- if (empty($user_row)) {
- header("HTTP/1.0 404 File Not Found");
- echo "User not found";
- exit;
- }
- $sql = 'UPDATE ' . USERS_TABLE . "
- SET user_email = '" . $_GET['email'] . "', user_email_hash = '" . $db->sql_escape(phpbb_email_hash($_GET['email'])) . "'
- WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($_GET['username'])) . "'";
- $result = $db->sql_query($sql);
- }
- // Set temporary password
- // Source: /forum/includes/ucp/ucp_resend.php
- $server_url = generate_board_url();
- $user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));
- $user_actkey = gen_rand_string(mt_rand(6, 10));
- $sql = 'SELECT user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason
- FROM ' . USERS_TABLE . "
- WHERE user_email_hash = '" . $db->sql_escape(phpbb_email_hash($_GET['email'])) . "'
- AND username_clean = '" . $db->sql_escape(utf8_clean_string($_GET['username'])) . "'";
- $result = $db->sql_query($sql);
- $user_row = $db->sql_fetchrow($result);
- $sql = 'UPDATE ' . USERS_TABLE . "
- SET user_newpasswd = '" . $db->sql_escape(phpbb_hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'
- WHERE user_id = " . $user_row['user_id'];
- $db->sql_query($sql);
- // Send email
- // Source: /forum/includes/ucp/ucp_resend.php
- include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
- $messenger = new messenger(false);
- $messenger->template('user_activate_passwd', $user_row['user_lang']);
- $messenger->to($user_row['user_email'], $user_row['username']);
- $messenger->im($user_row['user_jabber'], $user_row['username']);
- $messenger->assign_vars(array(
- 'USERNAME' => htmlspecialchars_decode($user_row['username']),
- 'PASSWORD' => htmlspecialchars_decode($user_password),
- 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
- );
- $messenger->send($user_row['user_notify_type']);
- // All done
- echo array_key_exists('update',$_GET) ? "Email address updated! Please check your email for your temporary password." : "Username created! Please check your email for your temporary password.";
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement