-<?php\r
-/************************************************************************\r
- * MXChange v0.2.1 Start: 10/10/2003 *\r
- * =============== Last change: 11/26/2004 *\r
- * *\r
- * -------------------------------------------------------------------- *\r
- * File : what-register.php *\r
- * -------------------------------------------------------------------- *\r
- * Short description : Registration form *\r
- * -------------------------------------------------------------------- *\r
- * Kurzbeschreibung : Anmeldeformular *\r
- * -------------------------------------------------------------------- *\r
- * *\r
- * -------------------------------------------------------------------- *\r
- * Copyright (c) 2003 - 2008 by Roland Haeder *\r
- * For more information visit: http://www.mxchange.org *\r
- * *\r
- * This program is free software; you can redistribute it and/or modify *\r
- * it under the terms of the GNU General Public License as published by *\r
- * the Free Software Foundation; either version 2 of the License, or *\r
- * (at your option) any later version. *\r
- * *\r
- * This program is distributed in the hope that it will be useful, *\r
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *\r
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *\r
- * GNU General Public License for more details. *\r
- * *\r
- * You should have received a copy of the GNU General Public License *\r
- * along with this program; if not, write to the Free Software *\r
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *\r
- * MA 02110-1301 USA *\r
- ************************************************************************/\r
-\r
-// Some security stuff...\r
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))\r
-{\r
- $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";\r
- require($INC);\r
-}\r
- elseif ((!EXT_IS_ACTIVE("register")))\r
-{\r
- if (IS_ADMIN()) {\r
- ADD_FATAL(sprintf(EXTENSION_PROBLEM_NOT_INSTALLED, "register"));\r
- } else {\r
- ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "register");\r
- }\r
- return;\r
-}\r
-\r
-// Add description as navigation point\r
-ADD_DESCR("guest", basename(__FILE__));\r
-\r
-OPEN_TABLE("100%", "guest_content_align", "");\r
-global $CONFIG, $DATA;\r
-\r
-// Initialize variables\r
-$FAILED = false; $SHORT_PASS = false; $cats = 0; $IP_TIMEOUT = false;\r
-if (!isset($_POST['ok'])) unset($_POST['ok']);\r
-if (empty($_POST['agree'])) $_POST['agree'] = "";\r
-if (empty($_POST['addy'])) $_POST['addy'] = "";\r
-if (empty($_POST['surname'])) $_POST['surname'] = "";\r
-if (empty($_POST['family_name'])) $_POST['family_name'] = "";\r
-if (empty($_POST['pass1'])) $_POST['pass1'] = "";\r
-if (empty($_POST['pass2'])) $_POST['pass2'] = "";\r
-if (empty($_POST['day'])) $_POST['day'] = "";\r
-if (empty($_POST['month'])) $_POST['month'] = "";\r
-if (empty($_POST['year'])) $_POST['year'] = "";\r
-if (empty($_POST['max_mails'])) $_POST['max_mails'] = "";\r
-if (empty($_POST['street_nr'])) $_POST['street_nr'] = "";\r
-if (empty($_POST['zip'])) $_POST['zip'] = "";\r
-if (empty($_POST['city'])) $_POST['city'] = "";\r
-if (empty($_POST['cntry'])) $_POST['cntry'] = "";\r
-if (empty($_POST['country_code'])) $_POST['country_code'] = "1";\r
-\r
-if (isset($_POST['ok']))\r
-{\r
- // First we only check the submitted data then we continue... :)\r
- //\r
- // Did he agree to our Terms Of Usage?\r
- if ($_POST['agree'] != "Y")\r
- {\r
- $_POST['agree'] = "!";\r
- $FAILED = true;\r
- }\r
-\r
- // Did he enter a valid email address? (we really don't care about\r
- // that, he has to click on a confirmation link :P )\r
- if ((empty($_POST['addy'])) || (!VALIDATE_EMAIL($_POST['addy'])))\r
- {\r
- $_POST['addy'] = "!";\r
- $FAILED = true;\r
- }\r
-\r
- // And what about surname and family's name?\r
- if (empty($_POST['surname']))\r
- {\r
- $_POST['surname'] = "!";\r
- $FAILED = true;\r
- }\r
- if (empty($_POST['family_name']))\r
- {\r
- $_POST['family_name'] = "!";\r
- $FAILED = true;\r
- }\r
-\r
- // Check for required fields\r
- if (!$FAILED) $FAILED = REGISTER_CHECK_REQUIRED_FIELDS($_POST);\r
-\r
- // Did he enter his password twice?\r
- if (((empty($_POST['pass1'])) || (empty($_POST['pass2']))) || (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2']))))\r
- {\r
- if (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))\r
- {\r
- $_POST['pass1'] = "!";\r
- $_POST['pass2'] = "!";\r
- }\r
- else\r
- {\r
- if (empty($_POST['pass1'])) { $_POST['pass1'] = "!"; } else { $_POST['pass1'] = ""; }\r
- if (empty($_POST['pass2'])) { $_POST['pass2'] = "!"; } else { $_POST['pass2'] = ""; }\r
- }\r
- $FAILED = true;\r
- }\r
- // Is the password long enouth?\r
- if ((strlen($_POST['pass1']) < $CONFIG['pass_len']) && (!$FAILED) && (!IS_ADMIN()))\r
- {\r
- $SHORT_PASS = true;\r
- $FAILED = true;\r
- }\r
- // Did he select enougth categories?\r
- if (!IS_ADMIN())\r
- {\r
- // Do this check only when no admin is logged in\r
- foreach ($_POST['cat'] as $id=>$answer)\r
- {\r
- if ($answer == "Y") $cats++;\r
- }\r
- if ($cats < $CONFIG['least_cats'])\r
- {\r
- // ... nope!\r
- $FAILED = true;\r
- }\r
- }\r
- if (($_POST['addy'] != "!") && ($CONFIG['check_double_email'] == "Y") && (!IS_ADMIN()))\r
- {\r
- // Does the email address already exists in our database?\r
- $CHK = SEARCH_EMAIL_USERTAB($_POST['addy']);\r
- if ($CHK) { $_POST['addy'] = "?"; $FAILED = true; }\r
- }\r
-\r
- // Check his IP number\r
- $to = bigintval(time() - $CONFIG['ip_timeout']);\r
- $result = SQL_QUERY_ESC("SELECT joined, last_update FROM "._MYSQL_PREFIX."_user_data WHERE REMOTE_ADDR='%s' AND (joined > %s OR last_update > %s) LIMIT 1",\r
- array(getenv('REMOTE_ADDR'), $to, $to), __FILE__, __LINE__);\r
- if ((SQL_NUMROWS($result) == 1) && (!IS_ADMIN()))\r
- {\r
- // Same IP in timeout range and different email address entered... Eat this, faker! ;-)\r
- // But admins are allowed to fake their own exchange service.\r
- $IP_TIMEOUT = true;\r
- $FAILED = true;\r
- }\r
-\r
- // Test the refid (because some strange hackers... :-P)\r
- $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",\r
- array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);\r
- if (SQL_NUMROWS($result) == 0)\r
- {\r
- // Not found so we set your refid!\r
- $_POST['refid'] = $CONFIG['def_refid'];\r
- @setcookie("refid", $CONFIG['def_refid'], (time() + $CONFIG['online_timeout']), COOKIE_PATH);\r
- }\r
-\r
- // Free memory\r
- SQL_FREERESULT($result);\r
-}\r
-\r
-if ((isset($_POST['ok'])) && (!$FAILED))\r
-{\r
- // Save the registration\r
- if (strlen($_POST['day']) == 1) $_POST['day'] = "0".$_POST['day'];\r
- if (strlen($_POST['month']) == 1) $_POST['month'] = "0".$_POST['month'];\r
-\r
- // Hash = MM-DD-YYYY:IP:USER_AGENT:TIMEMARK\r
- $hash = generateHash($_POST['month']."-".$_POST['day']."-".$_POST['year'].":".getenv('SERVER_NAME').":".getenv('REMOTE_ADDR').":".getenv('HTTP_USER_AGENT').":".time());\r
-\r
- // Add design when extension sql_patches is v0.2.7 or greater\r
- $ADD1 = ""; $ADD2 = "";\r
- if (GET_EXT_VERSION("sql_patches") >= "0.2.7")\r
- {\r
- // Okay, add design here\r
- $ADD1 = ", curr_theme";\r
- $ADD2 = ", '".GET_CURR_THEME()."'";\r
- }\r
-\r
- // Check if I shall disable sending mail to newly registered members out about active/begging rallye\r
- //\r
- // First comes first: begging rallye\r
- if (GET_EXT_VERSION("beg") >= "0.1.7")\r
- {\r
- // Okay, shall I disable now?\r
- if ($CONFIG['beg_new_mem_notify'] == "N")\r
- {\r
- $ADD1 .= ", beg_ral_notify, beg_ral_en_notify";\r
- $ADD2 .= ", UNIX_TIMESTAMP(), UNIX_TIMESTAMP()";\r
- }\r
- }\r
-\r
- // Second: active rallye\r
- if (GET_EXT_VERSION("bonus") >= "0.7.7")\r
- {\r
- // Okay, shall I disable now?\r
- if ($CONFIG['bonus_new_mem_notify'] == "N")\r
- {\r
- $ADD1 .= ", bonus_ral_notify, bonus_ral_en_notify";\r
- $ADD2 .= ", UNIX_TIMESTAMP(), UNIX_TIMESTAMP()";\r
- }\r
- }\r
-\r
- // Write user data to table\r
- if (EXT_IS_ACTIVE("country"))\r
- {\r
- // Save with new selectable country code\r
- $countryRow = "country_code";\r
- $countryData = bigintval($_POST['country_code']);\r
- }\r
- else\r
- {\r
- // Old way with enterable two-char-code\r
- $countryRow = "country";\r
- $countryData = addslashes(substr($_POST['cntry'], 0, 2));\r
- }\r
-\r
- //////////////////////////////\r
- // Create user's account... //\r
- //////////////////////////////\r
- //\r
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_data (sex, surname, family, street_nr, %s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.")\r
-VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', %d, %d, %d, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",\r
-array(\r
- $countryRow,\r
- addslashes(substr($_POST['sex'], 0, 1)),\r
- addslashes($_POST['surname']),\r
- addslashes($_POST['family_name']),\r
- addslashes($_POST['street_nr']),\r
- $countryData,\r
- bigintval($_POST['zip']),\r
- addslashes($_POST['city']),\r
- addslashes($_POST['addy']),\r
- bigintval($_POST['day']),\r
- bigintval($_POST['month']),\r
- bigintval($_POST['year']),\r
- generateHash($_POST['pass1']),\r
- bigintval($_POST['max_mails']),\r
- bigintval($_POST['max_mails']),\r
- bigintval($_POST['refid']),\r
- $hash,\r
- getenv('REMOTE_ADDR'),\r
-), __FILE__, __LINE__);\r
-\r
- // Get his userid\r
- $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE user_hash='%s' LIMIT 1",\r
- array($hash), __FILE__, __LINE__);\r
- list($userid) = SQL_FETCHROW($result);\r
-\r
- // Secure userid (we have a little paranoia ;-) )\r
- $userid = bigintval($userid);\r
-\r
- // Write his welcome-points\r
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=0 LIMIT 1",\r
- array(bigintval($userid)), __FILE__, __LINE__);\r
- if (SQL_NUMROWS($result) == 0)\r
- {\r
- // Add only when the line was not found (maybe some more secure?)\r
- $locked = "points";\r
- if ($CONFIG['ref_payout'] > 0) $locked = "locked_points"; // Pay him later. First he has to confirm some mails!\r
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, ".$locked.") VALUES(%d, 0, '%s')",\r
- array(bigintval($userid), $CONFIG['points_register']), __FILE__, __LINE__);\r
-\r
- // Update mediadata as well\r
- if ((GET_EXT_VERSION("mediadata") >= "0.0.4") && ($locked == "points")) {\r
- // Update database\r
- MEDIA_UPDATE_ENTRY(array("total_points"), "add", $CONFIG['points_register']);\r
- }\r
- }\r
-\r
- // Write catgories\r
- if ((is_array($_POST['cat'])) && (count($_POST['cat']))) {\r
- foreach ($_POST['cat'] as $cat=>$joined) {\r
- if ($joined == "Y") {\r
- // Insert category entry\r
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_cats (userid, cat_id) VALUES (%d, %d)",\r
- array(bigintval($userid), bigintval($cat)), __FILE__, __LINE__);\r
- }\r
- }\r
- }\r
-\r
- // Rewrite sex\r
- $sex = TRANSLATE_SEX($_POST['sex']);\r
-\r
- // ... rewrite a zero referral ID to the main title\r
- if ($_POST['refid'] == "0") $_POST['refid'] = MAIN_TITLE;\r
-\r
- // Prepare data array for the email template\r
- // Start with the salutation...\r
- $DATA = array(\r
- 'hash' => $hash,\r
- 'uid' => $userid,\r
- 'salut' => $sex,\r
- 'surname' => $_POST['surname'],\r
- 'family' => $_POST['family_name'],\r
- 'email' => $_POST['addy'],\r
- 'street' => $_POST['street_nr'],\r
- 'city' => $_POST['city'],\r
- 'zip' => bigintval($_POST['zip']),\r
- 'country' => $countryData,\r
- 'refid' => $_POST['refid'],\r
- 'pass' => $_POST['pass1'],\r
- );\r
-\r
- // Continue with birthday...\r
- switch (GET_LANGUAGE())\r
- {\r
- case "de":\r
- $DATA['birthday'] = $_POST['day'].".".$_POST['month'].".".$_POST['year'];\r
- break;\r
-\r
- default:\r
- $DATA['birthday'] = $_POST['month']."/".$_POST['day']."/".$_POST['year'];\r
- break;\r
- }\r
-\r
- // Display information to the user that he got mail and send it away\r
- $msg_guest = LOAD_EMAIL_TEMPLATE("register-member", $DATA, $userid);\r
-\r
- // Send mail to user (confirmation link!)\r
- $EMAIL = $DATA['email'];\r
- SEND_EMAIL ($DATA['email'], GUEST_CONFIRM_LINK, $msg_guest);\r
- $DATA['email'] = $EMAIL;\r
-\r
- // Send mail to admin\r
- if (GET_EXT_VERSION("admins") >= "0.4.1")\r
- {\r
- // Use new system\r
- SEND_ADMIN_EMAILS_PRO(ADMIN_NEW_ACCOUNT, "register-admin", $DATA, $userid);\r
- }\r
- else\r
- {\r
- // Use old system\r
- $msg_admin = LOAD_EMAIL_TEMPLATE("register-admin", $DATA, $userid);\r
- SEND_ADMIN_EMAILS (ADMIN_NEW_ACCOUNT, $msg_admin);\r
- }\r
-\r
- // Output success registration\r
- LOAD_TEMPLATE("admin_settings_saved", false, REGISTRATION_DONE);\r
-}\r
- else\r
-{\r
- if ($_POST['agree'] == "!")\r
- {\r
- OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".HAVE_TO_AGREE."</SPAN></STRONG><BR><BR>");\r
- }\r
- if ($_POST['addy'] == "!")\r
- {\r
- OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_EMAIL."</SPAN></STRONG><BR><BR>");\r
- $_POST['addy'] = "";\r
- }\r
- elseif ($_POST['addy'] == "?")\r
- {\r
- OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".EMAIL_ALREADY_DB."</SPAN></STRONG><BR><BR>");\r
- $_POST['addy'] = "";\r
- }\r
- if ($_POST['surname'] == "!")\r
- {\r
- OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_SURNAME."</SPAN></STRONG><BR><BR>");\r
- $_POST['surname'] = "";\r
- }\r
- if ($_POST['family_name'] == "!")\r
- {\r
- OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_FAMILY."</SPAN></STRONG><BR><BR>");\r
- $_POST['family_name'] = "";\r
- }\r
- if (($_POST['pass1'] == "!") && ($_POST['pass2'] == "!"))\r
- {\r
- OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_BOTH_PASSWORDS."</SPAN></STRONG><BR><BR>");\r
- }\r
- elseif ($_POST['pass1'] == "!")\r
- {\r
- OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_PASS1."</SPAN></STRONG><BR><BR>");\r
- }\r
- elseif ($_POST['pass2'] == "!")\r
- {\r
- OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_PASS2."</SPAN></STRONG><BR><BR>");\r
- }\r
- if ($SHORT_PASS)\r
- {\r
- OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".SHORT_PASS.": ".$CONFIG['pass_len']."</SPAN></STRONG><BR><BR>");\r
- }\r
- if ($IP_TIMEOUT)\r
- {\r
- OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".REMOTE_ADDR_TIMEOUT."</SPAN></STRONG><BR><BR>");\r
- }\r
- if ((!empty($cats)) && ($cats < $CONFIG['least_cats']))\r
- {\r
- OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".CATS_LEAST.": ".$CONFIG['least_cats']."</SPAN></STRONG><BR><BR>");\r
- }\r
-\r
- // Generate birthday selection\r
- switch (GET_LANGUAGE())\r
- {\r
- case "de": // German date format\r
- define('BIRTHDAY_SELECTION', ADD_SELECTION("day", $_POST['day']).ADD_SELECTION("month", $_POST['month']).ADD_SELECTION("year", $_POST['year']));\r
- break;\r
-\r
- default: // Default is the US date format... :)\r
- break;\r
- }\r
-\r
- // Adds a table for the guests with all visible categories\r
- define ('CATEGORY_SELECTION', REGISTER_ADD_CATEGORY_TABLE("guest", true));\r
-\r
- // Adds maximum receiveable mails list... :)\r
- define ('MAX_RECEIVE_LIST', ADD_MAX_RECEIVE_LIST("guest", "", true));\r
-\r
- // Check if nickname extension is active and get state if nickname is selected or userid\r
- $nick = false;\r
- if (EXT_IS_ACTIVE("nickname")) $nick = NICKNAME_IS_ACTIVE($GLOBALS['refid']);\r
-\r
- // Is the nickname valid?\r
- if (!$nick) {\r
- // Nope, disable it\r
- if (GET_EXT_VERSION("sql_patches") != "") {\r
- // Use default refid\r
- $GLOBALS['refid'] = $CONFIG['def_refid'];\r
- } else {\r
- // Set zero\r
- $GLOBALS['refid'] = 0;\r
- }\r
- }\r
-\r
- // Shall I display the refid or shall I make it editable?\r
- if ($CONFIG['display_refid'] == "Y") {\r
- // Load template to enter it\r
- define('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid", true, $GLOBALS['refid']));\r
- } else {\r
- // Load "hide" form template\r
- define ('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid_hide", true, $GLOBALS['refid']));\r
- }\r
-\r
- // You may want to modify the register_header.tpl.xx file and not this script when you add your scripts etc. :-)\r
- define('REGISTER_HEADER_CONTENT', LOAD_TEMPLATE("register_header", true));\r
-\r
- // Please select at least x categories\r
- define('LEAST_CATS_VALUE', $CONFIG['least_cats']);\r
-\r
- // Other values\r
- define('__SURNAME', $_POST['surname']); define('__FAMILY', $_POST['family_name']);\r
- define('__STREET', $_POST['street_nr']); define('__COUNTRY', $_POST['cntry']);\r
- define('__ZIP', $_POST['zip']); define('__CITY', $_POST['city']);\r
- define('__ADDY', $_POST['addy']);\r
-\r
- // Shall I add a counrty selection box or the old input box?\r
- if (EXT_IS_ACTIVE("country"))\r
- {\r
- // New variant, good!\r
- $OUT = "<SELECT name=\"country_code\" class=\"guest_select\" size=\"1\">\n";\r
- $WHERE = "WHERE is_active='Y'";\r
- if (IS_ADMIN()) $WHERE = "";\r
- $OUT .= ADD_OPTION_LINES("countries", "id", "descr", $_POST['country_code'], "code", $WHERE);\r
- $OUT .= "</SELECT>";\r
- define('__COUNTRY_CONTENT', $OUT);\r
- }\r
- else\r
- {\r
- // Old out-dated variant\r
- define('__COUNTRY_CONTENT', "<INPUT type=\"text\" name=\"cntry\" class=\"guest_normal\" size=\"2\" maxlength=\"3\" value=\"".__COUNTRY."\">");\r
- }\r
-\r
- // Set MUST_??? constants\r
- if ((EXT_IS_ACTIVE("register")) && (GET_EXT_VERSION("register") > "0.0")) REGISTER_FILL_MUST_CONSTANTS();\r
-\r
- // Display registration form\r
- LOAD_TEMPLATE("guest_register");\r
-}\r
-CLOSE_TABLE();\r
-//\r
-?>\r
+<?php
+/************************************************************************
+ * MXChange v0.2.1 Start: 10/10/2003 *
+ * =============== Last change: 11/26/2004 *
+ * *
+ * -------------------------------------------------------------------- *
+ * File : what-register.php *
+ * -------------------------------------------------------------------- *
+ * Short description : Registration form *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung : Anmeldeformular *
+ * -------------------------------------------------------------------- *
+ * *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder *
+ * For more information visit: http://www.mxchange.org *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
+ * MA 02110-1301 USA *
+ ************************************************************************/
+
+// Some security stuff...
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
+{
+ $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+ require($INC);
+}
+ elseif ((!EXT_IS_ACTIVE("register")))
+{
+ if (IS_ADMIN()) {
+ ADD_FATAL(sprintf(EXTENSION_PROBLEM_NOT_INSTALLED, "register"));
+ } else {
+ ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "register");
+ }
+ return;
+}
+
+// Add description as navigation point
+ADD_DESCR("guest", basename(__FILE__));
+
+OPEN_TABLE("100%", "guest_content_align", "");
+global $CONFIG, $DATA;
+
+// Initialize variables
+$FAILED = false; $SHORT_PASS = false; $cats = 0; $IP_TIMEOUT = false;
+if (!isset($_POST['ok'])) unset($_POST['ok']);
+if (empty($_POST['agree'])) $_POST['agree'] = "";
+if (empty($_POST['addy'])) $_POST['addy'] = "";
+if (empty($_POST['surname'])) $_POST['surname'] = "";
+if (empty($_POST['family_name'])) $_POST['family_name'] = "";
+if (empty($_POST['pass1'])) $_POST['pass1'] = "";
+if (empty($_POST['pass2'])) $_POST['pass2'] = "";
+if (empty($_POST['day'])) $_POST['day'] = "";
+if (empty($_POST['month'])) $_POST['month'] = "";
+if (empty($_POST['year'])) $_POST['year'] = "";
+if (empty($_POST['max_mails'])) $_POST['max_mails'] = "";
+if (empty($_POST['street_nr'])) $_POST['street_nr'] = "";
+if (empty($_POST['zip'])) $_POST['zip'] = "";
+if (empty($_POST['city'])) $_POST['city'] = "";
+if (empty($_POST['cntry'])) $_POST['cntry'] = "";
+if (empty($_POST['country_code'])) $_POST['country_code'] = "1";
+
+if (isset($_POST['ok']))
+{
+ // First we only check the submitted data then we continue... :)
+ //
+ // Did he agree to our Terms Of Usage?
+ if ($_POST['agree'] != "Y")
+ {
+ $_POST['agree'] = "!";
+ $FAILED = true;
+ }
+
+ // Did he enter a valid email address? (we really don't care about
+ // that, he has to click on a confirmation link :P )
+ if ((empty($_POST['addy'])) || (!VALIDATE_EMAIL($_POST['addy'])))
+ {
+ $_POST['addy'] = "!";
+ $FAILED = true;
+ }
+
+ // And what about surname and family's name?
+ if (empty($_POST['surname']))
+ {
+ $_POST['surname'] = "!";
+ $FAILED = true;
+ }
+ if (empty($_POST['family_name']))
+ {
+ $_POST['family_name'] = "!";
+ $FAILED = true;
+ }
+
+ // Check for required fields
+ if (!$FAILED) $FAILED = REGISTER_CHECK_REQUIRED_FIELDS($_POST);
+
+ // Did he enter his password twice?
+ if (((empty($_POST['pass1'])) || (empty($_POST['pass2']))) || (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2']))))
+ {
+ if (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))
+ {
+ $_POST['pass1'] = "!";
+ $_POST['pass2'] = "!";
+ }
+ else
+ {
+ if (empty($_POST['pass1'])) { $_POST['pass1'] = "!"; } else { $_POST['pass1'] = ""; }
+ if (empty($_POST['pass2'])) { $_POST['pass2'] = "!"; } else { $_POST['pass2'] = ""; }
+ }
+ $FAILED = true;
+ }
+ // Is the password long enouth?
+ if ((strlen($_POST['pass1']) < $CONFIG['pass_len']) && (!$FAILED) && (!IS_ADMIN()))
+ {
+ $SHORT_PASS = true;
+ $FAILED = true;
+ }
+ // Did he select enougth categories?
+ if (!IS_ADMIN())
+ {
+ // Do this check only when no admin is logged in
+ foreach ($_POST['cat'] as $id=>$answer)
+ {
+ if ($answer == "Y") $cats++;
+ }
+ if ($cats < $CONFIG['least_cats'])
+ {
+ // ... nope!
+ $FAILED = true;
+ }
+ }
+ if (($_POST['addy'] != "!") && ($CONFIG['check_double_email'] == "Y") && (!IS_ADMIN()))
+ {
+ // Does the email address already exists in our database?
+ $CHK = SEARCH_EMAIL_USERTAB($_POST['addy']);
+ if ($CHK) { $_POST['addy'] = "?"; $FAILED = true; }
+ }
+
+ // Check his IP number
+ $to = bigintval(time() - $CONFIG['ip_timeout']);
+ $result = SQL_QUERY_ESC("SELECT joined, last_update FROM "._MYSQL_PREFIX."_user_data WHERE REMOTE_ADDR='%s' AND (joined > %s OR last_update > %s) LIMIT 1",
+ array(getenv('REMOTE_ADDR'), $to, $to), __FILE__, __LINE__);
+ if ((SQL_NUMROWS($result) == 1) && (!IS_ADMIN()))
+ {
+ // Same IP in timeout range and different email address entered... Eat this, faker! ;-)
+ // But admins are allowed to fake their own exchange service.
+ $IP_TIMEOUT = true;
+ $FAILED = true;
+ }
+
+ // Test the refid (because some strange hackers... :-P)
+ $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 0)
+ {
+ // Not found so we set your refid!
+ $_POST['refid'] = $CONFIG['def_refid'];
+ @setcookie("refid", $CONFIG['def_refid'], (time() + $CONFIG['online_timeout']), COOKIE_PATH);
+ }
+
+ // Free memory
+ SQL_FREERESULT($result);
+}
+
+if ((isset($_POST['ok'])) && (!$FAILED))
+{
+ // Save the registration
+ if (strlen($_POST['day']) == 1) $_POST['day'] = "0".$_POST['day'];
+ if (strlen($_POST['month']) == 1) $_POST['month'] = "0".$_POST['month'];
+
+ // Hash = MM-DD-YYYY:IP:USER_AGENT:TIMEMARK
+ $hash = generateHash($_POST['month']."-".$_POST['day']."-".$_POST['year'].":".getenv('SERVER_NAME').":".getenv('REMOTE_ADDR').":".getenv('HTTP_USER_AGENT').":".time());
+
+ // Add design when extension sql_patches is v0.2.7 or greater
+ $ADD1 = ""; $ADD2 = "";
+ if (GET_EXT_VERSION("sql_patches") >= "0.2.7")
+ {
+ // Okay, add design here
+ $ADD1 = ", curr_theme";
+ $ADD2 = ", '".GET_CURR_THEME()."'";
+ }
+
+ // Check if I shall disable sending mail to newly registered members out about active/begging rallye
+ //
+ // First comes first: begging rallye
+ if (GET_EXT_VERSION("beg") >= "0.1.7")
+ {
+ // Okay, shall I disable now?
+ if ($CONFIG['beg_new_mem_notify'] == "N")
+ {
+ $ADD1 .= ", beg_ral_notify, beg_ral_en_notify";
+ $ADD2 .= ", UNIX_TIMESTAMP(), UNIX_TIMESTAMP()";
+ }
+ }
+
+ // Second: active rallye
+ if (GET_EXT_VERSION("bonus") >= "0.7.7")
+ {
+ // Okay, shall I disable now?
+ if ($CONFIG['bonus_new_mem_notify'] == "N")
+ {
+ $ADD1 .= ", bonus_ral_notify, bonus_ral_en_notify";
+ $ADD2 .= ", UNIX_TIMESTAMP(), UNIX_TIMESTAMP()";
+ }
+ }
+
+ // Write user data to table
+ if (EXT_IS_ACTIVE("country"))
+ {
+ // Save with new selectable country code
+ $countryRow = "country_code";
+ $countryData = bigintval($_POST['country_code']);
+ }
+ else
+ {
+ // Old way with enterable two-char-code
+ $countryRow = "country";
+ $countryData = addslashes(substr($_POST['cntry'], 0, 2));
+ }
+
+ //////////////////////////////
+ // Create user's account... //
+ //////////////////////////////
+ //
+ $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_data (sex, surname, family, street_nr, %s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.")
+VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', %d, %d, %d, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
+array(
+ $countryRow,
+ addslashes(substr($_POST['sex'], 0, 1)),
+ addslashes($_POST['surname']),
+ addslashes($_POST['family_name']),
+ addslashes($_POST['street_nr']),
+ $countryData,
+ bigintval($_POST['zip']),
+ addslashes($_POST['city']),
+ addslashes($_POST['addy']),
+ bigintval($_POST['day']),
+ bigintval($_POST['month']),
+ bigintval($_POST['year']),
+ generateHash($_POST['pass1']),
+ bigintval($_POST['max_mails']),
+ bigintval($_POST['max_mails']),
+ bigintval($_POST['refid']),
+ $hash,
+ getenv('REMOTE_ADDR'),
+), __FILE__, __LINE__);
+
+ // Get his userid
+ $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE user_hash='%s' LIMIT 1",
+ array($hash), __FILE__, __LINE__);
+ list($userid) = SQL_FETCHROW($result);
+
+ // Secure userid (we have a little paranoia ;-) )
+ $userid = bigintval($userid);
+
+ // Write his welcome-points
+ $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=0 LIMIT 1",
+ array(bigintval($userid)), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 0)
+ {
+ // Add only when the line was not found (maybe some more secure?)
+ $locked = "points";
+ if ($CONFIG['ref_payout'] > 0) $locked = "locked_points"; // Pay him later. First he has to confirm some mails!
+ $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, ".$locked.") VALUES(%d, 0, '%s')",
+ array(bigintval($userid), $CONFIG['points_register']), __FILE__, __LINE__);
+
+ // Update mediadata as well
+ if ((GET_EXT_VERSION("mediadata") >= "0.0.4") && ($locked == "points")) {
+ // Update database
+ MEDIA_UPDATE_ENTRY(array("total_points"), "add", $CONFIG['points_register']);
+ }
+ }
+
+ // Write catgories
+ if ((is_array($_POST['cat'])) && (count($_POST['cat']))) {
+ foreach ($_POST['cat'] as $cat=>$joined) {
+ if ($joined == "Y") {
+ // Insert category entry
+ $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_cats (userid, cat_id) VALUES (%d, %d)",
+ array(bigintval($userid), bigintval($cat)), __FILE__, __LINE__);
+ }
+ }
+ }
+
+ // Rewrite sex
+ $sex = TRANSLATE_SEX($_POST['sex']);
+
+ // ... rewrite a zero referral ID to the main title
+ if ($_POST['refid'] == "0") $_POST['refid'] = MAIN_TITLE;
+
+ // Prepare data array for the email template
+ // Start with the salutation...
+ $DATA = array(
+ 'hash' => $hash,
+ 'uid' => $userid,
+ 'salut' => $sex,
+ 'surname' => $_POST['surname'],
+ 'family' => $_POST['family_name'],
+ 'email' => $_POST['addy'],
+ 'street' => $_POST['street_nr'],
+ 'city' => $_POST['city'],
+ 'zip' => bigintval($_POST['zip']),
+ 'country' => $countryData,
+ 'refid' => $_POST['refid'],
+ 'pass' => $_POST['pass1'],
+ );
+
+ // Continue with birthday...
+ switch (GET_LANGUAGE())
+ {
+ case "de":
+ $DATA['birthday'] = $_POST['day'].".".$_POST['month'].".".$_POST['year'];
+ break;
+
+ default:
+ $DATA['birthday'] = $_POST['month']."/".$_POST['day']."/".$_POST['year'];
+ break;
+ }
+
+ // Display information to the user that he got mail and send it away
+ $msg_guest = LOAD_EMAIL_TEMPLATE("register-member", $DATA, $userid);
+
+ // Send mail to user (confirmation link!)
+ $EMAIL = $DATA['email'];
+ SEND_EMAIL ($DATA['email'], GUEST_CONFIRM_LINK, $msg_guest);
+ $DATA['email'] = $EMAIL;
+
+ // Send mail to admin
+ if (GET_EXT_VERSION("admins") >= "0.4.1")
+ {
+ // Use new system
+ SEND_ADMIN_EMAILS_PRO(ADMIN_NEW_ACCOUNT, "register-admin", $DATA, $userid);
+ }
+ else
+ {
+ // Use old system
+ $msg_admin = LOAD_EMAIL_TEMPLATE("register-admin", $DATA, $userid);
+ SEND_ADMIN_EMAILS (ADMIN_NEW_ACCOUNT, $msg_admin);
+ }
+
+ // Output success registration
+ LOAD_TEMPLATE("admin_settings_saved", false, REGISTRATION_DONE);
+}
+ else
+{
+ if ($_POST['agree'] == "!")
+ {
+ OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".HAVE_TO_AGREE."</SPAN></STRONG><BR><BR>");
+ }
+ if ($_POST['addy'] == "!")
+ {
+ OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_EMAIL."</SPAN></STRONG><BR><BR>");
+ $_POST['addy'] = "";
+ }
+ elseif ($_POST['addy'] == "?")
+ {
+ OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".EMAIL_ALREADY_DB."</SPAN></STRONG><BR><BR>");
+ $_POST['addy'] = "";
+ }
+ if ($_POST['surname'] == "!")
+ {
+ OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_SURNAME."</SPAN></STRONG><BR><BR>");
+ $_POST['surname'] = "";
+ }
+ if ($_POST['family_name'] == "!")
+ {
+ OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_FAMILY."</SPAN></STRONG><BR><BR>");
+ $_POST['family_name'] = "";
+ }
+ if (($_POST['pass1'] == "!") && ($_POST['pass2'] == "!"))
+ {
+ OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_BOTH_PASSWORDS."</SPAN></STRONG><BR><BR>");
+ }
+ elseif ($_POST['pass1'] == "!")
+ {
+ OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_PASS1."</SPAN></STRONG><BR><BR>");
+ }
+ elseif ($_POST['pass2'] == "!")
+ {
+ OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_PASS2."</SPAN></STRONG><BR><BR>");
+ }
+ if ($SHORT_PASS)
+ {
+ OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".SHORT_PASS.": ".$CONFIG['pass_len']."</SPAN></STRONG><BR><BR>");
+ }
+ if ($IP_TIMEOUT)
+ {
+ OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".REMOTE_ADDR_TIMEOUT."</SPAN></STRONG><BR><BR>");
+ }
+ if ((!empty($cats)) && ($cats < $CONFIG['least_cats']))
+ {
+ OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".CATS_LEAST.": ".$CONFIG['least_cats']."</SPAN></STRONG><BR><BR>");
+ }
+
+ // Generate birthday selection
+ switch (GET_LANGUAGE())
+ {
+ case "de": // German date format
+ define('BIRTHDAY_SELECTION', ADD_SELECTION("day", $_POST['day']).ADD_SELECTION("month", $_POST['month']).ADD_SELECTION("year", $_POST['year']));
+ break;
+
+ default: // Default is the US date format... :)
+ break;
+ }
+
+ // Adds a table for the guests with all visible categories
+ define ('CATEGORY_SELECTION', REGISTER_ADD_CATEGORY_TABLE("guest", true));
+
+ // Adds maximum receiveable mails list... :)
+ define ('MAX_RECEIVE_LIST', ADD_MAX_RECEIVE_LIST("guest", "", true));
+
+ // Check if nickname extension is active and get state if nickname is selected or userid
+ $nick = false;
+ if (EXT_IS_ACTIVE("nickname")) $nick = NICKNAME_IS_ACTIVE($GLOBALS['refid']);
+
+ // Is the nickname valid?
+ if (!$nick) {
+ // Nope, disable it
+ if (GET_EXT_VERSION("sql_patches") != "") {
+ // Use default refid
+ $GLOBALS['refid'] = $CONFIG['def_refid'];
+ } else {
+ // Set zero
+ $GLOBALS['refid'] = 0;
+ }
+ }
+
+ // Shall I display the refid or shall I make it editable?
+ if ($CONFIG['display_refid'] == "Y") {
+ // Load template to enter it
+ define('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid", true, $GLOBALS['refid']));
+ } else {
+ // Load "hide" form template
+ define ('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid_hide", true, $GLOBALS['refid']));
+ }
+
+ // You may want to modify the register_header.tpl.xx file and not this script when you add your scripts etc. :-)
+ define('REGISTER_HEADER_CONTENT', LOAD_TEMPLATE("register_header", true));
+
+ // Please select at least x categories
+ define('LEAST_CATS_VALUE', $CONFIG['least_cats']);
+
+ // Other values
+ define('__SURNAME', $_POST['surname']); define('__FAMILY', $_POST['family_name']);
+ define('__STREET', $_POST['street_nr']); define('__COUNTRY', $_POST['cntry']);
+ define('__ZIP', $_POST['zip']); define('__CITY', $_POST['city']);
+ define('__ADDY', $_POST['addy']);
+
+ // Shall I add a counrty selection box or the old input box?
+ if (EXT_IS_ACTIVE("country"))
+ {
+ // New variant, good!
+ $OUT = "<SELECT name=\"country_code\" class=\"guest_select\" size=\"1\">\n";
+ $WHERE = "WHERE is_active='Y'";
+ if (IS_ADMIN()) $WHERE = "";
+ $OUT .= ADD_OPTION_LINES("countries", "id", "descr", $_POST['country_code'], "code", $WHERE);
+ $OUT .= "</SELECT>";
+ define('__COUNTRY_CONTENT', $OUT);
+ }
+ else
+ {
+ // Old out-dated variant
+ define('__COUNTRY_CONTENT', "<INPUT type=\"text\" name=\"cntry\" class=\"guest_normal\" size=\"2\" maxlength=\"3\" value=\"".__COUNTRY."\">");
+ }
+
+ // Set MUST_??? constants
+ if ((EXT_IS_ACTIVE("register")) && (GET_EXT_VERSION("register") > "0.0")) REGISTER_FILL_MUST_CONSTANTS();
+
+ // Display registration form
+ LOAD_TEMPLATE("guest_register");
+}
+CLOSE_TABLE();
+//
+?>