2 /************************************************************************
3 * MXChange v0.2.1 Start: 10/10/2003 *
4 * =============== Last change: 11/26/2004 *
6 * -------------------------------------------------------------------- *
7 * File : what-register.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Registration form *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Anmeldeformular *
12 * -------------------------------------------------------------------- *
14 * -------------------------------------------------------------------- *
15 * Copyright (c) 2003 - 2008 by Roland Haeder *
16 * For more information visit: http://www.mxchange.org *
18 * This program is free software; you can redistribute it and/or modify *
19 * it under the terms of the GNU General Public License as published by *
20 * the Free Software Foundation; either version 2 of the License, or *
21 * (at your option) any later version. *
23 * This program is distributed in the hope that it will be useful, *
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
26 * GNU General Public License for more details. *
28 * You should have received a copy of the GNU General Public License *
29 * along with this program; if not, write to the Free Software *
30 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
32 ************************************************************************/
34 // Some security stuff...
35 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
37 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
40 elseif ((!EXT_IS_ACTIVE("register")))
43 ADD_FATAL(sprintf(EXTENSION_PROBLEM_NOT_INSTALLED, "register"));
45 ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "register");
50 // Add description as navigation point
51 ADD_DESCR("guest", basename(__FILE__));
53 OPEN_TABLE("100%", "guest_content_align", "");
54 global $_CONFIG, $DATA;
56 // Initialize variables
57 $FAILED = false; $SHORT_PASS = false; $cats = 0; $IP_TIMEOUT = false;
58 if (!isset($_POST['ok'])) unset($_POST['ok']);
59 if (empty($_POST['agree'])) $_POST['agree'] = "";
60 if (empty($_POST['addy'])) $_POST['addy'] = "";
61 if (empty($_POST['surname'])) $_POST['surname'] = "";
62 if (empty($_POST['family_name'])) $_POST['family_name'] = "";
63 if (empty($_POST['pass1'])) $_POST['pass1'] = "";
64 if (empty($_POST['pass2'])) $_POST['pass2'] = "";
65 if (empty($_POST['day'])) $_POST['day'] = "";
66 if (empty($_POST['month'])) $_POST['month'] = "";
67 if (empty($_POST['year'])) $_POST['year'] = "";
68 if (empty($_POST['max_mails'])) $_POST['max_mails'] = "";
69 if (empty($_POST['street_nr'])) $_POST['street_nr'] = "";
70 if (empty($_POST['zip'])) $_POST['zip'] = "";
71 if (empty($_POST['city'])) $_POST['city'] = "";
72 if (empty($_POST['cntry'])) $_POST['cntry'] = "";
73 if (empty($_POST['country_code'])) $_POST['country_code'] = "1";
75 if (isset($_POST['ok']))
77 // First we only check the submitted data then we continue... :)
79 // Did he agree to our Terms Of Usage?
80 if ($_POST['agree'] != 'Y')
82 $_POST['agree'] = "!";
86 // Did he enter a valid email address? (we really don't care about
87 // that, he has to click on a confirmation link :P )
88 if ((empty($_POST['addy'])) || (!VALIDATE_EMAIL($_POST['addy'])))
94 // And what about surname and family's name?
95 if (empty($_POST['surname']))
97 $_POST['surname'] = "!";
100 if (empty($_POST['family_name']))
102 $_POST['family_name'] = "!";
106 // Check for required fields
107 if (!$FAILED) $FAILED = REGISTER_CHECK_REQUIRED_FIELDS($_POST);
109 // Did he enter his password twice?
110 if (((empty($_POST['pass1'])) || (empty($_POST['pass2']))) || (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2']))))
112 if (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))
114 $_POST['pass1'] = "!";
115 $_POST['pass2'] = "!";
119 if (empty($_POST['pass1'])) { $_POST['pass1'] = "!"; } else { $_POST['pass1'] = ""; }
120 if (empty($_POST['pass2'])) { $_POST['pass2'] = "!"; } else { $_POST['pass2'] = ""; }
124 // Is the password long enouth?
125 if ((strlen($_POST['pass1']) < $_CONFIG['pass_len']) && (!$FAILED) && (!IS_ADMIN()))
130 // Did he select enougth categories?
133 // Do this check only when no admin is logged in
134 foreach ($_POST['cat'] as $id=>$answer)
136 if ($answer == 'Y') $cats++;
138 if ($cats < $_CONFIG['least_cats'])
144 if (($_POST['addy'] != "!") && ($_CONFIG['check_double_email'] == 'Y') && (!IS_ADMIN()))
146 // Does the email address already exists in our database?
147 $CHK = SEARCH_EMAIL_USERTAB($_POST['addy']);
148 if ($CHK) { $_POST['addy'] = "?"; $FAILED = true; }
151 // Check his IP number
152 $to = bigintval(time() - $_CONFIG['ip_timeout']);
153 $result = SQL_QUERY_ESC("SELECT joined, last_update FROM "._MYSQL_PREFIX."_user_data WHERE REMOTE_ADDR='%s' AND (joined > %s OR last_update > %s) LIMIT 1",
154 array(getenv('REMOTE_ADDR'), $to, $to), __FILE__, __LINE__);
155 if ((SQL_NUMROWS($result) == 1) && (!IS_ADMIN()))
157 // Same IP in timeout range and different email address entered... Eat this, faker! ;-)
158 // But admins are allowed to fake their own exchange service.
163 // Test the refid (because some strange hackers... :-P)
164 $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
165 array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
166 if (SQL_NUMROWS($result) == 0)
168 // Not found so we set your refid!
169 $_POST['refid'] = $_CONFIG['def_refid'];
170 set_session("refid", $_CONFIG['def_refid']);
174 SQL_FREERESULT($result);
177 if ((isset($_POST['ok'])) && (!$FAILED))
179 // Save the registration
180 if (strlen($_POST['day']) == 1) $_POST['day'] = "0".$_POST['day'];
181 if (strlen($_POST['month']) == 1) $_POST['month'] = "0".$_POST['month'];
183 // Hash = MM-DD-YYYY:IP:USER_AGENT:TIMEMARK
184 $hash = generateHash($_POST['month']."-".$_POST['day']."-".$_POST['year'].":".getenv('SERVER_NAME').":".getenv('REMOTE_ADDR').":".getenv('HTTP_USER_AGENT').":".time());
186 // Add design when extension sql_patches is v0.2.7 or greater
187 $ADD1 = ""; $ADD2 = "";
188 if (GET_EXT_VERSION("sql_patches") >= "0.2.7")
190 // Okay, add design here
191 $ADD1 = ", curr_theme";
192 $ADD2 = ", '".GET_CURR_THEME()."'";
195 // Check if I shall disable sending mail to newly registered members out about active/begging rallye
197 // First comes first: begging rallye
198 if (GET_EXT_VERSION("beg") >= "0.1.7")
200 // Okay, shall I disable now?
201 if ($_CONFIG['beg_new_mem_notify'] == 'N')
203 $ADD1 .= ", beg_ral_notify, beg_ral_en_notify";
204 $ADD2 .= ", UNIX_TIMESTAMP(), UNIX_TIMESTAMP()";
208 // Second: active rallye
209 if (GET_EXT_VERSION("bonus") >= "0.7.7")
211 // Okay, shall I disable now?
212 if ($_CONFIG['bonus_new_mem_notify'] == 'N')
214 $ADD1 .= ", bonus_ral_notify, bonus_ral_en_notify";
215 $ADD2 .= ", UNIX_TIMESTAMP(), UNIX_TIMESTAMP()";
219 // Write user data to table
220 if (EXT_IS_ACTIVE("country"))
222 // Save with new selectable country code
223 $countryRow = "country_code";
224 $countryData = bigintval($_POST['country_code']);
228 // Old way with enterable two-char-code
229 $countryRow = "country";
230 $countryData = addslashes(substr($_POST['cntry'], 0, 2));
233 //////////////////////////////
234 // Create user's account... //
235 //////////////////////////////
237 $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_data (sex, surname, family, street_nr, %s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.")
238 VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', %d, %d, %d, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
241 SQL_ESCAPE(substr($_POST['sex'], 0, 1)),
242 SQL_ESCAPE($_POST['surname']),
243 SQL_ESCAPE($_POST['family_name']),
244 SQL_ESCAPE($_POST['street_nr']),
246 bigintval($_POST['zip']),
247 SQL_ESCAPE($_POST['city']),
248 SQL_ESCAPE($_POST['addy']),
249 bigintval($_POST['day']),
250 bigintval($_POST['month']),
251 bigintval($_POST['year']),
252 generateHash($_POST['pass1']),
253 bigintval($_POST['max_mails']),
254 bigintval($_POST['max_mails']),
255 bigintval($_POST['refid']),
257 getenv('REMOTE_ADDR'),
258 ), __FILE__, __LINE__);
261 $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE user_hash='%s' LIMIT 1",
262 array($hash), __FILE__, __LINE__);
263 list($userid) = SQL_FETCHROW($result);
265 // Secure userid (we have a little paranoia ;-) )
266 $userid = bigintval($userid);
268 // Write his welcome-points
269 $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=0 LIMIT 1",
270 array(bigintval($userid)), __FILE__, __LINE__);
271 if (SQL_NUMROWS($result) == 0)
273 // Add only when the line was not found (maybe some more secure?)
275 if ($_CONFIG['ref_payout'] > 0) $locked = "locked_points"; // Pay him later. First he has to confirm some mails!
276 $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, ".$locked.") VALUES(%d, 0, '%s')",
277 array(bigintval($userid), $_CONFIG['points_register']), __FILE__, __LINE__);
279 // Update mediadata as well
280 if ((GET_EXT_VERSION("mediadata") >= "0.0.4") && ($locked == "points")) {
282 MEDIA_UPDATE_ENTRY(array("total_points"), "add", $_CONFIG['points_register']);
287 if ((is_array($_POST['cat'])) && (count($_POST['cat']))) {
288 foreach ($_POST['cat'] as $cat=>$joined) {
289 if ($joined == 'Y') {
290 // Insert category entry
291 $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_cats (userid, cat_id) VALUES (%d, %d)",
292 array(bigintval($userid), bigintval($cat)), __FILE__, __LINE__);
298 $sex = TRANSLATE_SEX($_POST['sex']);
300 // ... rewrite a zero referral ID to the main title
301 if ($_POST['refid'] == "0") $_POST['refid'] = MAIN_TITLE;
303 // Prepare data array for the email template
304 // Start with the salutation...
309 'surname' => SQL_ESCAPE($_POST['surname']),
310 'family' => SQL_ESCAPE($_POST['family_name']),
311 'email' => SQL_ESCAPE($_POST['addy']),
312 'street' => SQL_ESCAPE($_POST['street_nr']),
313 'city' => SQL_ESCAPE($_POST['city']),
314 'zip' => bigintval($_POST['zip']),
315 'country' => $countryData,
316 'refid' => SQL_ESCAPE($_POST['refid']),
317 'pass' => SQL_ESCAPE($_POST['pass1']),
320 // Continue with birthday...
321 switch (GET_LANGUAGE())
324 $DATA['birthday'] = bigintval($_POST['day']).".".bigintval($_POST['month']).".".bigintval($_POST['year']);
328 $DATA['birthday'] = bigintval($_POST['month'])."/".bigintval($_POST['day'])."/".bigintval($_POST['year']);
332 // Display information to the user that he got mail and send it away
333 $msg_guest = LOAD_EMAIL_TEMPLATE("register-member", $DATA, $userid);
335 // Send mail to user (confirmation link!)
336 $EMAIL = $DATA['email'];
337 SEND_EMAIL ($DATA['email'], GUEST_CONFIRM_LINK, $msg_guest);
338 $DATA['email'] = $EMAIL;
340 // Send mail to admin
341 if (GET_EXT_VERSION("admins") >= "0.4.1")
344 SEND_ADMIN_EMAILS_PRO(ADMIN_NEW_ACCOUNT, "register-admin", $DATA, $userid);
349 $msg_admin = LOAD_EMAIL_TEMPLATE("register-admin", $DATA, $userid);
350 SEND_ADMIN_EMAILS (ADMIN_NEW_ACCOUNT, $msg_admin);
353 // Output success registration
354 LOAD_TEMPLATE("admin_settings_saved", false, REGISTRATION_DONE);
358 if ($_POST['agree'] == "!")
360 OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".HAVE_TO_AGREE."</SPAN></STRONG><br /><br />");
362 if ($_POST['addy'] == "!")
364 OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".ENTER_EMAIL."</SPAN></STRONG><br /><br />");
367 elseif ($_POST['addy'] == "?")
369 OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".EMAIL_ALREADY_DB."</SPAN></STRONG><br /><br />");
372 if ($_POST['surname'] == "!")
374 OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".ENTER_SURNAME."</SPAN></STRONG><br /><br />");
375 $_POST['surname'] = "";
377 if ($_POST['family_name'] == "!")
379 OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".ENTER_FAMILY."</SPAN></STRONG><br /><br />");
380 $_POST['family_name'] = "";
382 if (($_POST['pass1'] == "!") && ($_POST['pass2'] == "!"))
384 OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".ENTER_BOTH_PASSWORDS."</SPAN></STRONG><br /><br />");
386 elseif ($_POST['pass1'] == "!")
388 OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".ENTER_PASS1."</SPAN></STRONG><br /><br />");
390 elseif ($_POST['pass2'] == "!")
392 OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".ENTER_PASS2."</SPAN></STRONG><br /><br />");
396 OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".SHORT_PASS.": ".$_CONFIG['pass_len']."</SPAN></STRONG><br /><br />");
400 OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".REMOTE_ADDR_TIMEOUT."</SPAN></STRONG><br /><br />");
402 if ((!empty($cats)) && ($cats < $_CONFIG['least_cats']))
404 OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".CATS_LEAST.": ".$_CONFIG['least_cats']."</SPAN></STRONG><br /><br />");
407 // Generate birthday selection
408 switch (GET_LANGUAGE())
410 case "de": // German date format
411 define('BIRTHDAY_SELECTION', ADD_SELECTION("day", $_POST['day']).ADD_SELECTION("month", $_POST['month']).ADD_SELECTION("year", $_POST['year']));
414 default: // Default is the US date format... :)
418 // Adds a table for the guests with all visible categories
419 define('CATEGORY_SELECTION', REGISTER_ADD_CATEGORY_TABLE("guest", true));
421 // Adds maximum receiveable mails list... :)
422 define('MAX_RECEIVE_LIST', ADD_MAX_RECEIVE_LIST("guest", "", true));
424 // Check if nickname extension is active and get state if nickname is selected or userid
426 if (EXT_IS_ACTIVE("nickname")) $nick = NICKNAME_IS_ACTIVE($GLOBALS['refid']);
428 // Is the nickname valid?
431 if (GET_EXT_VERSION("sql_patches") != '') {
433 $GLOBALS['refid'] = $_CONFIG['def_refid'];
436 $GLOBALS['refid'] = 0;
440 // Shall I display the refid or shall I make it editable?
441 if ($_CONFIG['display_refid'] == 'Y') {
442 // Load template to enter it
443 define('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid", true, $GLOBALS['refid']));
445 // Load "hide" form template
446 define('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid_hide", true, $GLOBALS['refid']));
449 // You may want to modify the register_header.tpl.xx file and not this script when you add your scripts etc. :-)
450 define('REGISTER_HEADER_CONTENT', LOAD_TEMPLATE("register_header", true));
452 // Please select at least x categories
453 define('LEAST_CATS_VALUE', $_CONFIG['least_cats']);
456 define('__SURNAME', $_POST['surname']); define('__FAMILY', $_POST['family_name']);
457 define('__STREET', $_POST['street_nr']); define('__COUNTRY', $_POST['cntry']);
458 define('__ZIP', $_POST['zip']); define('__CITY', $_POST['city']);
459 define('__ADDY', $_POST['addy']);
461 // Shall I add a counrty selection box or the old input box?
462 if (EXT_IS_ACTIVE("country"))
464 // New variant, good!
465 $OUT = "<SELECT name=\"country_code\" class=\"guest_select\" size=\"1\">\n";
466 $whereStatement = "WHERE is_active='Y'";
467 if (IS_ADMIN()) $whereStatement = "";
468 $OUT .= ADD_OPTION_LINES("countries", "id", "descr", $_POST['country_code'], "code", $whereStatement);
470 define('__COUNTRY_CONTENT', $OUT);
474 // Old out-dated variant
475 define('__COUNTRY_CONTENT', "<INPUT type=\"text\" name=\"cntry\" class=\"guest_normal\" size=\"2\" maxlength=\"3\" value=\"".__COUNTRY."\">");
478 // Set MUST_??? constants
479 if ((EXT_IS_ACTIVE("register")) && (GET_EXT_VERSION("register") > "0.0")) REGISTER_FILL_MUST_CONSTANTS();
481 // Display registration form
482 LOAD_TEMPLATE("guest_register");