OverLord Shell
<?php session_start();
if(!isset($_SESSION['company_id']) || !isset($_SESSION['company_name'])){session_destroy();echo "login.php";exit;}
if(!in_array(2,$_SESSION['role'])){echo "404.php";exit;}
if($_SERVER['REQUEST_METHOD']!='POST' || empty($_POST)){echo "404.php";exit;}
require_once("../db/conn.php");
$username=trim(preg_replace('/[^a-zA-Z0-9]+/','',$_POST['username']));
$password=md5($connection->real_escape_string(trim($_POST['password_confirmation'])));
$password2=md5($connection->real_escape_string(trim($_POST['password'])));
$fullname=trim($_POST['fullname']);
$email=filter_var(filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL), FILTER_VALIDATE_EMAIL);
$phone=trim(preg_replace('/[^0-9]+/','',$_POST['phone']));
$role="";
foreach($_POST['section'] as $secval){
if($secval%2==0)$role.=($secval-1).",";
$role.=$secval.",";
}
$role=rtrim($role,',');
$selr=$connection->query("SELECT usersrno FROM busdir_mst_users WHERE username='".$username."' OR email='".$email."'");
if($selr->num_rows!=0)echo "Duplicate Username or Email";
else{
$addq="INSERT INTO busdir_mst_users(username,password,name,email,phone,role,createdby,createdon) VALUES('$username','$password','$fullname','$email','$phone',";
if(!empty($role))$addq.="'$role',";else $addq.="NULL,";
$addq.="'".$_SESSION['company_id']."',NOW())";
$addr=$connection->query($addq);
if($addr)echo "success";
else echo "An unknown error occured. Please try again.";
}
$selr->free();
$connection->close();
?>
xRyukZ - Copyright 2k19