From 574e7b06a697f0b23fc95177090d5883d08c9373 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Sun, 30 Nov 2008 23:44:48 +0000 Subject: [PATCH] Fix for ZIP code --- inc/databases.php | 2 +- inc/modules/guest/what-register.php | 126 ++++++++++++++++------------ 2 files changed, 72 insertions(+), 56 deletions(-) diff --git a/inc/databases.php b/inc/databases.php index d0c971e66f..13ef62e381 100644 --- a/inc/databases.php +++ b/inc/databases.php @@ -114,7 +114,7 @@ define('USAGE_BASE', "usage"); define('SERVER_URL', "http://www.mxchange.org"); // This current patch level -define('CURR_SVN_REVISION', "579"); +define('CURR_SVN_REVISION', "580"); // Take a prime number which is long (if you know a longer one please try it out!) define('_PRIME', 591623); diff --git a/inc/modules/guest/what-register.php b/inc/modules/guest/what-register.php index c54d32d7ce..0971631783 100644 --- a/inc/modules/guest/what-register.php +++ b/inc/modules/guest/what-register.php @@ -94,86 +94,83 @@ if (isset($_POST['ok'])) { if ($_POST['agree'] != "Y") { $_POST['agree'] = "!"; $FAILED = true; - } + } // END - if // Did he enter a valid email address? (we really don't care about // that, he has to click on a confirmation link :P ) if ((empty($_POST['addy'])) || (!VALIDATE_EMAIL($_POST['addy']))) { $_POST['addy'] = "!"; $FAILED = true; - } + } // END - if // And what about surname and family's name? if (empty($_POST['surname'])) { $_POST['surname'] = "!"; $FAILED = true; - } + } // END - if if (empty($_POST['family_name'])) { $_POST['family_name'] = "!"; $FAILED = true; - } + } // END - if // Check for required fields if (!$FAILED) $FAILED = REGISTER_CHECK_REQUIRED_FIELDS($_POST); // Did he enter his password twice? - if (((empty($_POST['pass1'])) || (empty($_POST['pass2']))) || (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))) - { - if (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2']))) - { + if (((empty($_POST['pass1'])) || (empty($_POST['pass2']))) || (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))) { + if (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2']))) { $_POST['pass1'] = "!"; $_POST['pass2'] = "!"; - } - else - { + } else { if (empty($_POST['pass1'])) { $_POST['pass1'] = "!"; } else { $_POST['pass1'] = ""; } if (empty($_POST['pass2'])) { $_POST['pass2'] = "!"; } else { $_POST['pass2'] = ""; } } $FAILED = true; - } + } // END - if + // Is the password long enouth? - if ((strlen($_POST['pass1']) < $_CONFIG['pass_len']) && (!$FAILED) && (!IS_ADMIN())) - { + if ((strlen($_POST['pass1']) < $_CONFIG['pass_len']) && (!$FAILED)) { $SHORT_PASS = true; $FAILED = true; - } - // Did he select enougth categories? - if (!IS_ADMIN()) - { + } // END - if + + // No admin? Admins can always register! + if (!IS_ADMIN()) { // Do this check only when no admin is logged in - foreach ($_POST['cat'] as $id => $answer) - { + foreach ($_POST['cat'] as $id => $answer) { if ($answer == "Y") $cats++; - } - if ($cats < $_CONFIG['least_cats']) - { + } // END - foreach + + if ($cats < $_CONFIG['least_cats']) { // ... nope! $FAILED = true; - } - } - if (($_POST['addy'] != "!") && ($_CONFIG['check_double_email'] == "Y") && (!IS_ADMIN())) - { + } // END - if + } // END - if + + if (($_POST['addy'] != "!") && ($_CONFIG['check_double_email'] == "Y")) { // Does the email address already exists in our database? $CHK = SEARCH_EMAIL_USERTAB($_POST['addy']); if ($CHK) { $_POST['addy'] = "?"; $FAILED = true; } - } + } // END - if - // Check his IP number - $result = SQL_QUERY_ESC("SELECT joined, last_update FROM "._MYSQL_PREFIX."_user_data WHERE REMOTE_ADDR='%s' AND (joined > (UNIX_TIMESTAMP() - %s) OR last_update > (UNIX_TIMESTAMP() - %s)) LIMIT 1", - array(GET_REMOTE_ADDR(), $_CONFIG['ip_timeout'], $_CONFIG['ip_timeout']), __FILE__, __LINE__); - if ((SQL_NUMROWS($result) == 1) && (!IS_ADMIN())) - { - // Same IP in timeout range and different email address entered... Eat this, faker! ;-) - // But admins are allowed to fake their own exchange service. - $IP_TIMEOUT = true; - $FAILED = true; - } + // Check for IP timeout? + if ($_CONFIG['ip_timeout'] > 0) { + // Check his IP number + $result = SQL_QUERY_ESC("SELECT joined, last_update FROM "._MYSQL_PREFIX."_user_data WHERE REMOTE_ADDR='%s' AND (joined > (UNIX_TIMESTAMP() - %s) OR last_update > (UNIX_TIMESTAMP() - %s)) LIMIT 1", + array(GET_REMOTE_ADDR(), $_CONFIG['ip_timeout'], $_CONFIG['ip_timeout']), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { + // Same IP in timeout range and different email address entered... Eat this, faker! ;-) + // But admins are allowed to fake their own exchange service. + $IP_TIMEOUT = true; + $FAILED = true; + } // END - if + } // END - if // Free memory SQL_FREERESULT($result); } -if ((isset($_POST['ok'])) && (!$FAILED)) { +if ((isset($_POST['ok'])) && ((!$FAILED) || (IS_ADMIN()))) { // Prepapre month and day of birth if (strlen($_POST['day']) == 1) $_POST['day'] = "0".$_POST['day']; if (strlen($_POST['month']) == 1) $_POST['month'] = "0".$_POST['month']; @@ -305,22 +302,41 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF // ... rewrite a zero referal ID to the main title if ($_POST['refid'] == "0") $_POST['refid'] = MAIN_TITLE; - // Prepare data array for the email template - // Start with the gender... - $DATA = array( - 'hash' => $hash, - 'uid' => $userid, - 'gender' => $gender, - 'surname' => SQL_ESCAPE($_POST['surname']), - 'family' => SQL_ESCAPE($_POST['family_name']), - 'email' => SQL_ESCAPE($_POST['addy']), - 'street' => SQL_ESCAPE($_POST['street_nr']), - 'city' => SQL_ESCAPE($_POST['city']), - 'zip' => bigintval($_POST['zip']), - 'country' => $countryData, - 'refid' => SQL_ESCAPE($_POST['refid']), - 'pass' => SQL_ESCAPE($_POST['pass1']), - ); + // Is ZIP code set? + if (!empty($_POST['zip'])) { + // Prepare data array for the email template + // Start with the gender... + $DATA = array( + 'hash' => $hash, + 'uid' => $userid, + 'gender' => $gender, + 'surname' => SQL_ESCAPE($_POST['surname']), + 'family' => SQL_ESCAPE($_POST['family_name']), + 'email' => SQL_ESCAPE($_POST['addy']), + 'street' => SQL_ESCAPE($_POST['street_nr']), + 'city' => SQL_ESCAPE($_POST['city']), + 'zip' => bigintval($_POST['zip']), + 'country' => $countryData, + 'refid' => SQL_ESCAPE($_POST['refid']), + 'pass' => SQL_ESCAPE($_POST['pass1']), + ); + } else { + // No ZIP code entered + $DATA = array( + 'hash' => $hash, + 'uid' => $userid, + 'gender' => $gender, + 'surname' => SQL_ESCAPE($_POST['surname']), + 'family' => SQL_ESCAPE($_POST['family_name']), + 'email' => SQL_ESCAPE($_POST['addy']), + 'street' => SQL_ESCAPE($_POST['street_nr']), + 'city' => SQL_ESCAPE($_POST['city']), + 'zip' => "", + 'country' => $countryData, + 'refid' => SQL_ESCAPE($_POST['refid']), + 'pass' => SQL_ESCAPE($_POST['pass1']), + ); + } // Continue with birthday... switch (GET_LANGUAGE()) -- 2.39.5