<?php
- include "./config.php";
+ require "./config.php";
include $DIR_LIBS."ACTION.php";
if (isset ($_POST['showform'])&&$_POST['showform']==1) {
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html>
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja-JP" lang="ja-JP">
<head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Create Member Account</title>
<style type="text/css">@import url(nucleus/styles/manual.css);</style>
</head>
// if createAccount fails it returns an error message
$message = $a->createAccount();
- echo '<span style="font-weight:bold; color:red;">'.$message.'</span><br /><br />';
+ echo '<span style="font-weight:bold; color:red;">'.htmlspecialchars($message).'</span><br /><br />';
?>
<form method="post" action="createaccount.php">
Login Name (required):
<br />
- <input name="name" size="20" <?php if(isset($_POST['name'])){echo 'value="'.$_POST['name'].'"';}?>/> <small>(only a-z, 0-9)</small>
+ <input name="name" size="20" <?php if(isset($_POST['name'])){echo 'value="'.htmlspecialchars($_POST['name']).'"';}?>/> <small>(only a-z, 0-9)</small>
<br />
<br />
Real Name (required):
<br />
- <input name="realname" size="40" <?php if(isset($_POST['realname'])){echo 'value="'.$_POST['realname'].'"';}?>/>
+ <input name="realname" size="40" <?php if(isset($_POST['realname'])){echo 'value="'.htmlspecialchars($_POST['realname']).'"';}?>/>
<br />
<br />
Email (required):
<br />
- <input name="email" size="40" <?php if(isset($_POST['email'])){echo 'value="'.$_POST['email'].'"';}?>/> <small>(must be valid, because an activation link will be sent over there)</small>
+ <input name="email" size="40" <?php if(isset($_POST['email'])){echo 'value="'.htmlspecialchars($_POST['email']).'"';}?>/> <small>(must be valid, because an activation link will be sent over there)</small>
<br />
<br />
URL:
<br />
- <input name="url" size="60" <?php if(isset($_POST['url'])){echo 'value="'.$_POST['url'].'"';}?>/>
+ <input name="url" size="60" <?php if(isset($_POST['url'])){echo 'value="'.htmlspecialchars($_POST['url']).'"';}?>/>
<br />
<?php
// add a Captcha challenge or something else