X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fguest%2Fwhat-register.php;h=542db3ef969f75038831abe7f647f9f1d265d874;hb=d0c792100bf4b67acd1824860204929c1540f6fb;hp=b020a6d4e26017d01af5040efa916513fb9210c2;hpb=831c60d4cec333ea95e0ce23d9e53fd5d8133ce6;p=mailer.git

diff --git a/inc/modules/guest/what-register.php b/inc/modules/guest/what-register.php
index b020a6d4e2..542db3ef96 100644
--- a/inc/modules/guest/what-register.php
+++ b/inc/modules/guest/what-register.php
@@ -45,7 +45,7 @@ if (!defined('__SECURITY')) {
 }
 
 // Add description as navigation point
-ADD_DESCR("guest", basename(__FILE__));
+ADD_DESCR("guest", __FILE__);
 
 global $_CONFIG, $DATA;
 
@@ -74,6 +74,9 @@ if ($GLOBALS['refid'] > 0) {
 	// Test if the refid is valid
 	$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
 		array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
+
+	// Userid found?
+	//* DEBUG: */ die("refid={$GLOBALS['refid']}/numRows=".SQL_NUMROWS($result)."");
 	if (SQL_NUMROWS($result) == 0) {
 		// Not found so we set your refid!
 		$_POST['refid'] = $_CONFIG['def_refid'];
@@ -88,28 +91,24 @@ if (isset($_POST['ok'])) {
 	// First we only check the submitted data then we continue... :)
 	//
 	// Did he agree to our Terms Of Usage?
-	if ($_POST['agree'] != "Y")
-	{
+	if ($_POST['agree'] != "Y") {
 		$_POST['agree'] = "!";
 		$FAILED = true;
 	}
 
 	// Did he enter a valid email address? (we really don't care about
 	// that, he has to click on a confirmation link :P )
-	if ((empty($_POST['addy'])) || (!VALIDATE_EMAIL($_POST['addy'])))
-	{
+	if ((empty($_POST['addy'])) || (!VALIDATE_EMAIL($_POST['addy']))) {
 		$_POST['addy'] = "!";
 		$FAILED = true;
 	}
 
 	// And what about surname and family's name?
-	if (empty($_POST['surname']))
-	{
+	if (empty($_POST['surname'])) {
 		$_POST['surname'] = "!";
 		$FAILED = true;
 	}
-	if (empty($_POST['family_name']))
-	{
+	if (empty($_POST['family_name'])) {
 		$_POST['family_name'] = "!";
 		$FAILED = true;
 	}
@@ -161,7 +160,7 @@ if (isset($_POST['ok'])) {
 
 	// Check his IP number
 	$result = SQL_QUERY_ESC("SELECT joined, last_update FROM "._MYSQL_PREFIX."_user_data WHERE REMOTE_ADDR='%s' AND (joined > (UNIX_TIMESTAMP() - %s) OR last_update > (UNIX_TIMESTAMP() - %s)) LIMIT 1",
-	 array(getenv('REMOTE_ADDR'), $_CONFIG['ip_timeout'], $_CONFIG['ip_timeout']), __FILE__, __LINE__);
+	 array(GET_REMOTE_ADDR(), $_CONFIG['ip_timeout'], $_CONFIG['ip_timeout']), __FILE__, __LINE__);
 	if ((SQL_NUMROWS($result) == 1) && (!IS_ADMIN()))
 	{
 		// Same IP in timeout range and different email address entered... Eat this, faker! ;-)
@@ -174,14 +173,21 @@ if (isset($_POST['ok'])) {
 	SQL_FREERESULT($result);
 }
 
-if ((isset($_POST['ok'])) && (!$FAILED))
-{
-	// Save the registration
+if ((isset($_POST['ok'])) && (!$FAILED)) {
+	// Prepapre month and day of birth
 	if (strlen($_POST['day'])   == 1) $_POST['day']   = "0".$_POST['day'];
 	if (strlen($_POST['month']) == 1) $_POST['month'] = "0".$_POST['month'];
 
-	// Hash = MM-DD-YYYY:IP:USER_AGENT:TIMEMARK
-	$hash = generateHash($_POST['month']."-".$_POST['day']."-".$_POST['year'].":".getenv('SERVER_NAME').":".getenv('REMOTE_ADDR').":".getenv('HTTP_USER_AGENT').":".time());
+	// Get total ...
+	// ... confirmed, ...
+	$confirmedUsers   = GET_TOTAL_DATA("CONFIRMED", "user_data", "userid", "status", true);
+	// ... unconfirmed ...
+	$unconfirmedUsers = GET_TOTAL_DATA("UNCONFIRMED", "user_data", "userid", "status", true);
+	// ... and locked users!
+	$lockedUsers      = GET_TOTAL_DATA("LOCKED", "user_data", "userid", "status", true);
+
+	// Generate hash which will be inserted into confirmation mail
+	$hash = generateHash(sha1($confirmedUsers.":".$unconfirmedUsers.":".$lockedUsers.":".$_POST['month']."-".$_POST['day']."-".$_POST['year'].":".getenv('SERVER_NAME').":".GET_REMOTE_ADDR().":".GET_USER_AGENT()."/".SITE_KEY."/".DATE_KEY."/".RAND_NUMBER));
 
 	// Add design when extension sql_patches is v0.2.7 or greater
 	$ADD1 = ""; $ADD2 = "";
@@ -219,7 +225,7 @@ if ((isset($_POST['ok'])) && (!$FAILED))
 	} else {
 		// Old way with enterable two-char-code
 		$countryRow = "country";
-		$countryData = addslashes(substr($_POST['cntry'], 0, 2));
+		$countryData = substr($_POST['cntry'], 0, 2);
 	}
 
 	//////////////////////////////
@@ -230,14 +236,14 @@ if ((isset($_POST['ok'])) && (!$FAILED))
 VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONFIRMED','%s','%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
 	array(
 		$countryRow,
-		SQL_ESCAPE(substr($_POST['gender'], 0, 1)),
-		SQL_ESCAPE($_POST['surname']),
-		SQL_ESCAPE($_POST['family_name']),
-		SQL_ESCAPE($_POST['street_nr']),
+		substr($_POST['gender'], 0, 1),
+		$_POST['surname'],
+		$_POST['family_name'],
+		$_POST['street_nr'],
 		$countryData,
 		bigintval($_POST['zip']),
-		SQL_ESCAPE($_POST['city']),
-		SQL_ESCAPE($_POST['addy']),
+		$_POST['city'],
+		$_POST['addy'],
 		bigintval($_POST['day']),
 		bigintval($_POST['month']),
 		bigintval($_POST['year']),
@@ -246,7 +252,7 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF
 		bigintval($_POST['max_mails']),
 		bigintval($_POST['refid']),
 		$hash,
-		getenv('REMOTE_ADDR'),
+		GET_REMOTE_ADDR(),
 	), __FILE__, __LINE__);
 
 	// Get his userid
@@ -259,6 +265,12 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF
 		return;
 	} // END - if
 
+	// Is the refback extension there?
+	if (EXT_IS_ACTIVE("refback")) {
+		// Update refback table
+		UPDATE_REFBACK_TABLE($userid);
+	} // END - if
+
 	// Write his welcome-points
 	$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND ref_depth=0 LIMIT 1",
 	 array(bigintval($userid)), __FILE__, __LINE__);
@@ -266,7 +278,7 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF
 		// Add only when the line was not found (maybe some more secure?)
 		$locked = "points";
 		if ($_CONFIG['ref_payout'] > 0) $locked = "locked_points"; // Pay him later. First he has to confirm some mails!
-		$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, ".$locked.") VALUES(%s,0,'%s')",
+		$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, ".$locked.") VALUES (%s,0,'%s')",
 		 array(bigintval($userid), $_CONFIG['points_register']), __FILE__, __LINE__);
 
 		// Update mediadata as well
@@ -290,7 +302,7 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF
 	// Rewrite gender
 	$gender = TRANSLATE_GENDER($_POST['gender']);
 
-	// ... rewrite a zero referral ID to the main title
+	// ... rewrite a zero referal ID to the main title
 	if ($_POST['refid'] == "0") $_POST['refid'] = MAIN_TITLE;
 
 	// Prepare data array for the email template
@@ -386,6 +398,7 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF
 		break;
 
 	default: // Default is the US date format... :)
+		define('BIRTHDAY_SELECTION', ADD_SELECTION("month", $_POST['month']).ADD_SELECTION("day", $_POST['day']).ADD_SELECTION("year", $_POST['year']));
 		break;
 	}