www.dev2.delv-in.com - UnknownSec 403

upload mass deface mass delete console info server
name : v_user_edit.php
 <?php

	$Template = new Template;

	if ($_POST['submitBut'] == 'Edit'){

		$Users = new Users;
		$row = $Users->get($_POST['userID'], '', '');
		$userID = $_POST['userID'];
		$fName = $row['fName'];
		$lName = $row['lName'];
		$email = $row['email'];
		$username = $row['username'];
		$action = 'Edit';

	} else if ($_POST['submitBut'] == 'Save'){
		// return data from form

		$userID = $_POST['userID'];
		$fName = $_POST['fName'];
		$lName = $_POST['lName'];
		$email = $_POST['email'];
		$search_arr = array("'", " ");
		$replace_arr = array("", "");
		$username = str_replace($search_arr, $replace_arr, strtolower($_POST['username']));
		$action = $_POST['action'];

		$error_msg = '';
		if ($_POST['pass1'] != ''){ // changing password

			if ($_POST['pass1'] != $_POST['pass2']){
				$error_msg = "Passwords don't match";
			} else if (strlen($_POST['pass1']) < 8 || strlen($_POST['pass1']) > 12){
				$error_msg = "Password does not meet the length criteria";
			} else if (!preg_match("#[0-9]+#", $_POST['pass1']) || !preg_match("#[a-z]+#", $_POST['pass1']) || !preg_match("#[A-Z]+#", $_POST['pass1']) || !preg_match("#\W+#", $_POST['pass1'])){
				$error_msg = "Password does not contain all the required character types";
			}
		}
		$Template->set_alert($error_msg, 'error');

	} else {
		// initialize variables
		$userID = '';
		$fName = '';
		$lName = '';
		$email = '';
		$username = '';
		$action = 'Add';
	}

	echo $Template->get_alerts();

	echo "<div class='col-12 input_form'>

	<H1>". $action . " User Account</H1>

	<form action='' method='post'>
	<input type='hidden' name='userID' value='".$userID."'>
	<input type='hidden' name='action' value='".$action."'>";

	if ($userID > 0){

		echo "
		<div class='col-12'><b>ID#: </b>".$_POST['userID']."</div>
		";
	}

	echo "
	<div class='col-6 pad_top'><b>First name:</b> <input type='text' name='fName' value='".$fName."' size=12 maxlength=12></div>
	<div class='col-6 pad_top'><b>Last name: </b><input type='text' name='lName' value='".$lName."' size=12 maxlength=12></div>
	<div class='col-12 pad_top'><b>Email address: </b><input type='text' name='email' value='".$email."' size=50 maxlength=50></div>";

	if ($userID > 0){
		echo "
	<div class='col-12 pad_top'><b>Username: </b><input type='text' name='username' value='".$username."' size=12 maxlength=12> <span class='comment'>8 - 12 characters</span>
	</div>

	<div class='col-6 pad_top'><b>Password: </b><input type='password' name='pass1' size=12 maxlength=12>
	</div>
	<div class='col-6 pad_top'><b>Retype Password: </b><input type='password' name='pass2' size=12 maxlength=12></div>
	<div class='col-12 pad_top'><span class='comment'>Min. 8 characters. Must include at least one of each of the following: upper-case letter, lower-case letter, number, symbol</span></div>
";

	} else {

		echo "<div class='col-12 pad_top'>A username will be automatically created and sent the the email address above.
		</div>
		<input type='hidden' name='username' value=''>
		<input type='hidden' name='pass1' value=''>";
	}

	echo "
		<div class='col-12 top_line centre'>

			<input type='submit' name='submitBut' value='Cancel' class='button cancel_but'>
			<input type='submit' name='submitBut' value='Save' class='button edit_save_but'>
		</div>
		</form>
	</div>";
UnknownSec Shell
