2 /************************************************************************
\r
3 * MXChange v0.2.1 Start: 10/10/2003 *
\r
4 * =============== Last change: 11/26/2004 *
\r
6 * -------------------------------------------------------------------- *
\r
7 * File : what-register.php *
\r
8 * -------------------------------------------------------------------- *
\r
9 * Short description : Registration form *
\r
10 * -------------------------------------------------------------------- *
\r
11 * Kurzbeschreibung : Anmeldeformular *
\r
12 * -------------------------------------------------------------------- *
\r
14 * -------------------------------------------------------------------- *
\r
15 * Copyright (c) 2003 - 2008 by Roland Haeder *
\r
16 * For more information visit: http://www.mxchange.org *
\r
18 * This program is free software; you can redistribute it and/or modify *
\r
19 * it under the terms of the GNU General Public License as published by *
\r
20 * the Free Software Foundation; either version 2 of the License, or *
\r
21 * (at your option) any later version. *
\r
23 * This program is distributed in the hope that it will be useful, *
\r
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
\r
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
\r
26 * GNU General Public License for more details. *
\r
28 * You should have received a copy of the GNU General Public License *
\r
29 * along with this program; if not, write to the Free Software *
\r
30 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
\r
31 * MA 02110-1301 USA *
\r
32 ************************************************************************/
\r
34 // Some security stuff...
\r
35 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
\r
37 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
\r
40 elseif ((!EXT_IS_ACTIVE("register")))
\r
43 ADD_FATAL(sprintf(EXTENSION_PROBLEM_NOT_INSTALLED, "register"));
\r
45 ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "register");
\r
50 // Add description as navigation point
\r
51 ADD_DESCR("guest", basename(__FILE__));
\r
53 OPEN_TABLE("100%", "guest_content_align", "");
\r
54 global $CONFIG, $DATA;
\r
56 // Initialize variables
\r
57 $FAILED = false; $SHORT_PASS = false; $cats = 0; $IP_TIMEOUT = false;
\r
58 if (!isset($_POST['ok'])) unset($_POST['ok']);
\r
59 if (empty($_POST['agree'])) $_POST['agree'] = "";
\r
60 if (empty($_POST['addy'])) $_POST['addy'] = "";
\r
61 if (empty($_POST['surname'])) $_POST['surname'] = "";
\r
62 if (empty($_POST['family_name'])) $_POST['family_name'] = "";
\r
63 if (empty($_POST['pass1'])) $_POST['pass1'] = "";
\r
64 if (empty($_POST['pass2'])) $_POST['pass2'] = "";
\r
65 if (empty($_POST['day'])) $_POST['day'] = "";
\r
66 if (empty($_POST['month'])) $_POST['month'] = "";
\r
67 if (empty($_POST['year'])) $_POST['year'] = "";
\r
68 if (empty($_POST['max_mails'])) $_POST['max_mails'] = "";
\r
69 if (empty($_POST['street_nr'])) $_POST['street_nr'] = "";
\r
70 if (empty($_POST['zip'])) $_POST['zip'] = "";
\r
71 if (empty($_POST['city'])) $_POST['city'] = "";
\r
72 if (empty($_POST['cntry'])) $_POST['cntry'] = "";
\r
73 if (empty($_POST['country_code'])) $_POST['country_code'] = "1";
\r
75 if (isset($_POST['ok']))
\r
77 // First we only check the submitted data then we continue... :)
\r
79 // Did he agree to our Terms Of Usage?
\r
80 if ($_POST['agree'] != "Y")
\r
82 $_POST['agree'] = "!";
\r
86 // Did he enter a valid email address? (we really don't care about
\r
87 // that, he has to click on a confirmation link :P )
\r
88 if ((empty($_POST['addy'])) || (!VALIDATE_EMAIL($_POST['addy'])))
\r
90 $_POST['addy'] = "!";
\r
94 // And what about surname and family's name?
\r
95 if (empty($_POST['surname']))
\r
97 $_POST['surname'] = "!";
\r
100 if (empty($_POST['family_name']))
\r
102 $_POST['family_name'] = "!";
\r
106 // Check for required fields
\r
107 if (!$FAILED) $FAILED = REGISTER_CHECK_REQUIRED_FIELDS($_POST);
\r
109 // Did he enter his password twice?
\r
110 if (((empty($_POST['pass1'])) || (empty($_POST['pass2']))) || (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2']))))
\r
112 if (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))
\r
114 $_POST['pass1'] = "!";
\r
115 $_POST['pass2'] = "!";
\r
119 if (empty($_POST['pass1'])) { $_POST['pass1'] = "!"; } else { $_POST['pass1'] = ""; }
\r
120 if (empty($_POST['pass2'])) { $_POST['pass2'] = "!"; } else { $_POST['pass2'] = ""; }
\r
124 // Is the password long enouth?
\r
125 if ((strlen($_POST['pass1']) < $CONFIG['pass_len']) && (!$FAILED) && (!IS_ADMIN()))
\r
127 $SHORT_PASS = true;
\r
130 // Did he select enougth categories?
\r
133 // Do this check only when no admin is logged in
\r
134 foreach ($_POST['cat'] as $id=>$answer)
\r
136 if ($answer == "Y") $cats++;
\r
138 if ($cats < $CONFIG['least_cats'])
\r
144 if (($_POST['addy'] != "!") && ($CONFIG['dbl_email'] == "Y") && (!IS_ADMIN()))
\r
146 // Does the email address already exists in our database?
\r
147 $CHK = SEARCH_EMAIL_USERTAB($_POST['addy']);
\r
148 if ($CHK) { $_POST['addy'] = "?"; $FAILED = true; }
\r
151 // Check his IP number
\r
152 $to = bigintval(time() - $CONFIG['ip_timeout']);
\r
153 $result = SQL_QUERY_ESC("SELECT joined, last_update FROM "._MYSQL_PREFIX."_user_data WHERE REMOTE_ADDR='%s' AND (joined > %s OR last_update > %s) LIMIT 1",
\r
154 array(getenv('REMOTE_ADDR'), $to, $to), __FILE__, __LINE__);
\r
155 if ((SQL_NUMROWS($result) == 1) && (!IS_ADMIN()))
\r
157 // Same IP in timeout range and different email address entered... Eat this, faker! ;-)
\r
158 // But admins are allowed to fake their own exchange service.
\r
159 $IP_TIMEOUT = true;
\r
163 // Test the refid (because some strange hackers... :-P)
\r
164 $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
\r
165 array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
\r
166 if (SQL_NUMROWS($result) == 0)
\r
168 // Not found so we set your refid!
\r
169 $_POST['refid'] = $CONFIG['def_refid'];
\r
170 @setcookie("refid", $CONFIG['def_refid'], (time() + $CONFIG['online_timeout']), COOKIE_PATH);
\r
174 SQL_FREERESULT($result);
\r
177 if ((isset($_POST['ok'])) && (!$FAILED))
\r
179 // Save the registration
\r
180 if (strlen($_POST['day']) == 1) $_POST['day'] = "0".$_POST['day'];
\r
181 if (strlen($_POST['month']) == 1) $_POST['month'] = "0".$_POST['month'];
\r
183 // Hash = MM-DD-YYYY:IP:USER_AGENT:TIMEMARK
\r
184 $hash = generateHash($_POST['month']."-".$_POST['day']."-".$_POST['year'].":".getenv('SERVER_NAME').":".getenv('REMOTE_ADDR').":".getenv('HTTP_USER_AGENT').":".time());
\r
186 // Add design when extension sql_patches is v0.2.7 or greater
\r
187 $ADD1 = ""; $ADD2 = "";
\r
188 if (GET_EXT_VERSION("sql_patches") >= "0.2.7")
\r
190 // Okay, add design here
\r
191 $ADD1 = ", curr_theme";
\r
192 $ADD2 = ", '".GET_CURR_THEME()."'";
\r
195 // Check if I shall disable sending mail to newly registered members out about active/begging rallye
\r
197 // First comes first: begging rallye
\r
198 if (GET_EXT_VERSION("beg") >= "0.1.7")
\r
200 // Okay, shall I disable now?
\r
201 if ($CONFIG['beg_new_mem_notify'] == "N")
\r
203 $ADD1 .= ", beg_ral_notify, beg_ral_en_notify";
\r
204 $ADD2 .= ", UNIX_TIMESTAMP(), UNIX_TIMESTAMP()";
\r
208 // Second: active rallye
\r
209 if (GET_EXT_VERSION("bonus") >= "0.7.7")
\r
211 // Okay, shall I disable now?
\r
212 if ($CONFIG['bonus_new_mem_notify'] == "N")
\r
214 $ADD1 .= ", bonus_ral_notify, bonus_ral_en_notify";
\r
215 $ADD2 .= ", UNIX_TIMESTAMP(), UNIX_TIMESTAMP()";
\r
219 // Write user data to table
\r
220 if (EXT_IS_ACTIVE("country"))
\r
222 // Save with new selectable country code
\r
223 $countryRow = "country_code";
\r
224 $countryData = bigintval($_POST['country_code']);
\r
228 // Old way with enterable two-char-code
\r
229 $countryRow = "country";
\r
230 $countryData = addslashes(substr($_POST['cntry'], 0, 2));
\r
233 //////////////////////////////
\r
234 // Create user's account... //
\r
235 //////////////////////////////
\r
237 $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_data (sex, surname, family, street_nr, %s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.")
\r
238 VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', %d, %d, %d, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
\r
241 addslashes(substr($_POST['sex'], 0, 1)),
\r
242 addslashes($_POST['surname']),
\r
243 addslashes($_POST['family_name']),
\r
244 addslashes($_POST['street_nr']),
\r
246 bigintval($_POST['zip']),
\r
247 addslashes($_POST['city']),
\r
248 addslashes($_POST['addy']),
\r
249 bigintval($_POST['day']),
\r
250 bigintval($_POST['month']),
\r
251 bigintval($_POST['year']),
\r
252 generateHash($_POST['pass1']),
\r
253 bigintval($_POST['max_mails']),
\r
254 bigintval($_POST['max_mails']),
\r
255 bigintval($_POST['refid']),
\r
257 getenv('REMOTE_ADDR'),
\r
258 ), __FILE__, __LINE__);
\r
261 $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE user_hash='%s' LIMIT 1",
\r
262 array($hash), __FILE__, __LINE__);
\r
263 list($userid) = SQL_FETCHROW($result);
\r
265 // Secure userid (we have a little paranoia ;-) )
\r
266 $userid = bigintval($userid);
\r
268 // Write his welcome-points
\r
269 $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=0 LIMIT 1",
\r
270 array(bigintval($userid)), __FILE__, __LINE__);
\r
271 if (SQL_NUMROWS($result) == 0)
\r
273 // Add only when the line was not found (maybe some more secure?)
\r
274 $locked = "points";
\r
275 if ($CONFIG['ref_payout'] > 0) $locked = "locked_points"; // Pay him later. First he has to confirm some mails!
\r
276 $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, ".$locked.") VALUES(%d, 0, '%s')",
\r
277 array(bigintval($userid), $CONFIG['points_register']), __FILE__, __LINE__);
\r
279 // Update mediadata as well
\r
280 if ((GET_EXT_VERSION("mediadata") >= "0.0.4") && ($locked == "points")) {
\r
282 MEDIA_UPDATE_ENTRY(array("total_points"), "add", $CONFIG['points_register']);
\r
287 if ((is_array($_POST['cat'])) && (count($_POST['cat']))) {
\r
288 foreach ($_POST['cat'] as $cat=>$joined) {
\r
289 if ($joined == "Y") {
\r
290 // Insert category entry
\r
291 $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_cats (userid, cat_id) VALUES (%d, %d)",
\r
292 array(bigintval($userid), bigintval($cat)), __FILE__, __LINE__);
\r
298 $sex = TRANSLATE_SEX($_POST['sex']);
\r
300 // ... rewrite a zero referral ID to the main title
\r
301 if ($_POST['refid'] == "0") $_POST['refid'] = MAIN_TITLE;
\r
303 // Prepare data array for the email template
\r
304 // Start with the salutation...
\r
309 'surname' => $_POST['surname'],
\r
310 'family' => $_POST['family_name'],
\r
311 'email' => $_POST['addy'],
\r
312 'street' => $_POST['street_nr'],
\r
313 'city' => $_POST['city'],
\r
314 'zip' => bigintval($_POST['zip']),
\r
315 'country' => $countryData,
\r
316 'refid' => $_POST['refid'],
\r
317 'pass' => $_POST['pass1'],
\r
320 // Continue with birthday...
\r
321 switch (GET_LANGUAGE())
\r
324 $DATA['birthday'] = $_POST['day'].".".$_POST['month'].".".$_POST['year'];
\r
328 $DATA['birthday'] = $_POST['month']."/".$_POST['day']."/".$_POST['year'];
\r
332 // Display information to the user that he got mail and send it away
\r
333 $msg_guest = LOAD_EMAIL_TEMPLATE("register-member", $DATA, $userid);
\r
335 // Send mail to user (confirmation link!)
\r
336 $EMAIL = $DATA['email'];
\r
337 SEND_EMAIL ($DATA['email'], GUEST_CONFIRM_LINK, $msg_guest);
\r
338 $DATA['email'] = $EMAIL;
\r
340 // Send mail to admin
\r
341 if (GET_EXT_VERSION("admins") >= "0.4.1")
\r
344 SEND_ADMIN_EMAILS_PRO(ADMIN_NEW_ACCOUNT, "register-admin", $DATA, $userid);
\r
349 $msg_admin = LOAD_EMAIL_TEMPLATE("register-admin", $DATA, $userid);
\r
350 SEND_ADMIN_EMAILS (ADMIN_NEW_ACCOUNT, $msg_admin);
\r
353 // Output success registration
\r
354 LOAD_TEMPLATE("admin_settings_saved", false, REGISTRATION_DONE);
\r
358 if ($_POST['agree'] == "!")
\r
360 OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".HAVE_TO_AGREE."</SPAN></STRONG><BR><BR>");
\r
362 if ($_POST['addy'] == "!")
\r
364 OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_EMAIL."</SPAN></STRONG><BR><BR>");
\r
365 $_POST['addy'] = "";
\r
367 elseif ($_POST['addy'] == "?")
\r
369 OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".EMAIL_ALREADY_DB."</SPAN></STRONG><BR><BR>");
\r
370 $_POST['addy'] = "";
\r
372 if ($_POST['surname'] == "!")
\r
374 OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_SURNAME."</SPAN></STRONG><BR><BR>");
\r
375 $_POST['surname'] = "";
\r
377 if ($_POST['family_name'] == "!")
\r
379 OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_FAMILY."</SPAN></STRONG><BR><BR>");
\r
380 $_POST['family_name'] = "";
\r
382 if (($_POST['pass1'] == "!") && ($_POST['pass2'] == "!"))
\r
384 OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_BOTH_PASSWORDS."</SPAN></STRONG><BR><BR>");
\r
386 elseif ($_POST['pass1'] == "!")
\r
388 OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_PASS1."</SPAN></STRONG><BR><BR>");
\r
390 elseif ($_POST['pass2'] == "!")
\r
392 OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_PASS2."</SPAN></STRONG><BR><BR>");
\r
396 OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".SHORT_PASS.": ".$CONFIG['pass_len']."</SPAN></STRONG><BR><BR>");
\r
400 OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".REMOTE_ADDR_TIMEOUT."</SPAN></STRONG><BR><BR>");
\r
402 if ((!empty($cats)) && ($cats < $CONFIG['least_cats']))
\r
404 OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".CATS_LEAST.": ".$CONFIG['least_cats']."</SPAN></STRONG><BR><BR>");
\r
407 // Generate birthday selection
\r
408 switch (GET_LANGUAGE())
\r
410 case "de": // German date format
\r
411 define('BIRTHDAY_SELECTION', ADD_SELECTION("day", $_POST['day']).ADD_SELECTION("month", $_POST['month']).ADD_SELECTION("year", $_POST['year']));
\r
414 default: // Default is the US date format... :)
\r
418 // Adds a table for the guests with all visible categories
\r
419 define ('CATEGORY_SELECTION', REGISTER_ADD_CATEGORY_TABLE("guest", true));
\r
421 // Adds maximum receiveable mails list... :)
\r
422 define ('MAX_RECEIVE_LIST', ADD_MAX_RECEIVE_LIST("guest", "", true));
\r
424 // Check if nickname extension is active and get state if nickname is selected or userid
\r
426 if (EXT_IS_ACTIVE("nickname")) $nick = NICKNAME_IS_ACTIVE($GLOBALS['refid']);
\r
428 // Is the nickname valid?
\r
430 // Nope, disable it
\r
431 if (GET_EXT_VERSION("sql_patches") != "") {
\r
432 // Use default refid
\r
433 $GLOBALS['refid'] = $CONFIG['def_refid'];
\r
436 $GLOBALS['refid'] = 0;
\r
440 // Shall I display the refid or shall I make it editable?
\r
441 if ($CONFIG['display_refid'] == "Y") {
\r
442 // Load template to enter it
\r
443 define('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid", true, $GLOBALS['refid']));
\r
445 // Load "hide" form template
\r
446 define ('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid_hide", true, $GLOBALS['refid']));
\r
449 // You may want to modify the register_header.tpl.xx file and not this script when you add your scripts etc. :-)
\r
450 define('REGISTER_HEADER_CONTENT', LOAD_TEMPLATE("register_header", true));
\r
452 // Please select at least x categories
\r
453 define('LEAST_CATS_VALUE', $CONFIG['least_cats']);
\r
456 define('__SURNAME', $_POST['surname']); define('__FAMILY', $_POST['family_name']);
\r
457 define('__STREET', $_POST['street_nr']); define('__COUNTRY', $_POST['cntry']);
\r
458 define('__ZIP', $_POST['zip']); define('__CITY', $_POST['city']);
\r
459 define('__ADDY', $_POST['addy']);
\r
461 // Shall I add a counrty selection box or the old input box?
\r
462 if (EXT_IS_ACTIVE("country"))
\r
464 // New variant, good!
\r
465 $OUT = "<SELECT name=\"country_code\" class=\"guest_select\" size=\"1\">\n";
\r
466 $WHERE = "WHERE is_active='Y'";
\r
467 if (IS_ADMIN()) $WHERE = "";
\r
468 $OUT .= ADD_OPTION_LINES("countries", "id", "descr", $_POST['country_code'], "code", $WHERE);
\r
469 $OUT .= "</SELECT>";
\r
470 define('__COUNTRY_CONTENT', $OUT);
\r
474 // Old out-dated variant
\r
475 define('__COUNTRY_CONTENT', "<INPUT type=\"text\" name=\"cntry\" class=\"guest_normal\" size=\"2\" maxlength=\"3\" value=\"".__COUNTRY."\">");
\r
478 // Set MUST_??? constants
\r
479 if ((EXT_IS_ACTIVE("register")) && (GET_EXT_VERSION("register") > "0.0")) REGISTER_FILL_MUST_CONSTANTS();
\r
481 // Display registration form
\r
482 LOAD_TEMPLATE("guest_register");
\r