<?php
/************************************************************************
 * MXChange v0.2.1                                    Start: 10/10/2003 *
 * ===============                              Last change: 11/26/2004 *
 *                                                                      *
 * -------------------------------------------------------------------- *
 * File              : what-register.php                                *
 * -------------------------------------------------------------------- *
 * Short description : Registration form                                *
 * -------------------------------------------------------------------- *
 * Kurzbeschreibung  : Anmeldeformular                                  *
 * -------------------------------------------------------------------- *
 *                                                                      *
 * -------------------------------------------------------------------- *
 * Copyright (c) 2003 - 2008 by Roland Haeder                           *
 * For more information visit: http://www.mxchange.org                  *
 *                                                                      *
 * This program is free software; you can redistribute it and/or modify *
 * it under the terms of the GNU General Public License as published by *
 * the Free Software Foundation; either version 2 of the License, or    *
 * (at your option) any later version.                                  *
 *                                                                      *
 * This program is distributed in the hope that it will be useful,      *
 * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
 * GNU General Public License for more details.                         *
 *                                                                      *
 * You should have received a copy of the GNU General Public License    *
 * along with this program; if not, write to the Free Software          *
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
 * MA  02110-1301  USA                                                  *
 ************************************************************************/

// Some security stuff...
if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
{
	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
	require($INC);
}
 elseif ((!EXT_IS_ACTIVE("register")))
{
	if (IS_ADMIN()) {
		ADD_FATAL(sprintf(EXTENSION_PROBLEM_NOT_INSTALLED, "register"));
	} else {
		ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "register");
	}
	return;
}

// Add description as navigation point
ADD_DESCR("guest", basename(__FILE__));

OPEN_TABLE("100%", "guest_content_align", "");
global $CONFIG, $DATA;

// Initialize variables
$FAILED = false; $SHORT_PASS = false; $cats = 0; $IP_TIMEOUT = false;
if (!isset($_POST['ok']))          unset($_POST['ok']);
if (empty($_POST['agree']))        $_POST['agree']        = "";
if (empty($_POST['addy']))         $_POST['addy']         = "";
if (empty($_POST['surname']))      $_POST['surname']      = "";
if (empty($_POST['family_name']))  $_POST['family_name']  = "";
if (empty($_POST['pass1']))        $_POST['pass1']        = "";
if (empty($_POST['pass2']))        $_POST['pass2']        = "";
if (empty($_POST['day']))          $_POST['day']          = "";
if (empty($_POST['month']))        $_POST['month']        = "";
if (empty($_POST['year']))         $_POST['year']         = "";
if (empty($_POST['max_mails']))    $_POST['max_mails']    = "";
if (empty($_POST['street_nr']))    $_POST['street_nr']    = "";
if (empty($_POST['zip']))          $_POST['zip']          = "";
if (empty($_POST['city']))         $_POST['city']         = "";
if (empty($_POST['cntry']))        $_POST['cntry']        = "";
if (empty($_POST['country_code'])) $_POST['country_code'] = "1";

if (isset($_POST['ok']))
{
	// First we only check the submitted data then we continue... :)
	//
	// Did he agree to our Terms Of Usage?
	if ($_POST['agree'] != "Y")
	{
		$_POST['agree'] = "!";
		$FAILED = true;
	}

	// Did he enter a valid email address? (we really don't care about
	// that, he has to click on a confirmation link :P )
	if ((empty($_POST['addy'])) || (!VALIDATE_EMAIL($_POST['addy'])))
	{
		$_POST['addy'] = "!";
		$FAILED = true;
	}

	// And what about surname and family's name?
	if (empty($_POST['surname']))
	{
		$_POST['surname'] = "!";
		$FAILED = true;
	}
	if (empty($_POST['family_name']))
	{
		$_POST['family_name'] = "!";
		$FAILED = true;
	}

	// Check for required fields
	if (!$FAILED) $FAILED = REGISTER_CHECK_REQUIRED_FIELDS($_POST);

	// Did he enter his password twice?
	if (((empty($_POST['pass1'])) || (empty($_POST['pass2']))) || (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2']))))
	{
		if (($_POST['pass1'] != $_POST['pass2']) && (!empty($_POST['pass1'])) && (!empty($_POST['pass2'])))
		{
			$_POST['pass1'] = "!";
			$_POST['pass2'] = "!";
		}
		 else
		{
			if (empty($_POST['pass1'])) { $_POST['pass1'] = "!"; } else { $_POST['pass1'] = ""; }
			if (empty($_POST['pass2'])) { $_POST['pass2'] = "!"; } else { $_POST['pass2'] = ""; }
		}
		$FAILED = true;
	}
	// Is the password long enouth?
	if ((strlen($_POST['pass1']) < $CONFIG['pass_len']) && (!$FAILED) && (!IS_ADMIN()))
	{
		$SHORT_PASS = true;
		$FAILED = true;
	}
	// Did he select enougth categories?
	if (!IS_ADMIN())
	{
		// Do this check only when no admin is logged in
		foreach ($_POST['cat'] as $id=>$answer)
		{
			if ($answer == "Y") $cats++;
		}
		if ($cats < $CONFIG['least_cats'])
		{
			// ... nope!
			$FAILED = true;
		}
	}
	if (($_POST['addy'] != "!") && ($CONFIG['check_double_email'] == "Y") && (!IS_ADMIN()))
	{
		// Does the email address already exists in our database?
		$CHK = SEARCH_EMAIL_USERTAB($_POST['addy']);
		if ($CHK) { $_POST['addy'] = "?"; $FAILED = true; }
	}

	// Check his IP number
	$to = bigintval(time() - $CONFIG['ip_timeout']);
	$result = SQL_QUERY_ESC("SELECT joined, last_update FROM "._MYSQL_PREFIX."_user_data WHERE REMOTE_ADDR='%s' AND (joined > %s OR last_update > %s) LIMIT 1",
	 array(getenv('REMOTE_ADDR'), $to, $to), __FILE__, __LINE__);
	if ((SQL_NUMROWS($result) == 1) && (!IS_ADMIN()))
	{
		// Same IP in timeout range and different email address entered... Eat this, faker! ;-)
		// But admins are allowed to fake their own exchange service.
		$IP_TIMEOUT = true;
		$FAILED = true;
	}

	// Test the refid (because some strange hackers... :-P)
	$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
	 array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
	if (SQL_NUMROWS($result) == 0)
	{
		// Not found so we set your refid!
		$_POST['refid'] = $CONFIG['def_refid'];
		@setcookie("refid", $CONFIG['def_refid'], (time() + $CONFIG['online_timeout']), COOKIE_PATH);
	}

	// Free memory
	SQL_FREERESULT($result);
}

if ((isset($_POST['ok'])) && (!$FAILED))
{
	// Save the registration
	if (strlen($_POST['day'])   == 1) $_POST['day']   = "0".$_POST['day'];
	if (strlen($_POST['month']) == 1) $_POST['month'] = "0".$_POST['month'];

	// Hash = MM-DD-YYYY:IP:USER_AGENT:TIMEMARK
	$hash = generateHash($_POST['month']."-".$_POST['day']."-".$_POST['year'].":".getenv('SERVER_NAME').":".getenv('REMOTE_ADDR').":".getenv('HTTP_USER_AGENT').":".time());

	// Add design when extension sql_patches is v0.2.7 or greater
	$ADD1 = ""; $ADD2 = "";
	if (GET_EXT_VERSION("sql_patches") >= "0.2.7")
	{
		// Okay, add design here
		$ADD1 = ", curr_theme";
		$ADD2 = ", '".GET_CURR_THEME()."'";
	}

	// Check if I shall disable sending mail to newly registered members out about active/begging rallye
	//
	// First comes first: begging rallye
	if (GET_EXT_VERSION("beg") >= "0.1.7")
	{
		// Okay, shall I disable now?
		if ($CONFIG['beg_new_mem_notify'] == "N")
		{
			$ADD1 .= ", beg_ral_notify, beg_ral_en_notify";
			$ADD2 .= ", UNIX_TIMESTAMP(), UNIX_TIMESTAMP()";
		}
	}

	// Second: active rallye
	if (GET_EXT_VERSION("bonus") >= "0.7.7")
	{
		// Okay, shall I disable now?
		if ($CONFIG['bonus_new_mem_notify'] == "N")
		{
			$ADD1 .= ", bonus_ral_notify, bonus_ral_en_notify";
			$ADD2 .= ", UNIX_TIMESTAMP(), UNIX_TIMESTAMP()";
		}
	}

	// Write user data to table
	if (EXT_IS_ACTIVE("country"))
	{
		// Save with new selectable country code
		$countryRow = "country_code";
		$countryData = bigintval($_POST['country_code']);
	}
	 else
	{
		// Old way with enterable two-char-code
		$countryRow = "country";
		$countryData = addslashes(substr($_POST['cntry'], 0, 2));
	}

	//////////////////////////////
	// Create user's account... //
	//////////////////////////////
	//
	$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_data (sex, surname, family, street_nr, %s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.")
VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', %d, %d, %d, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
array(
	$countryRow,
	addslashes(substr($_POST['sex'], 0, 1)),
	addslashes($_POST['surname']),
	addslashes($_POST['family_name']),
	addslashes($_POST['street_nr']),
	$countryData,
	bigintval($_POST['zip']),
	addslashes($_POST['city']),
	addslashes($_POST['addy']),
	bigintval($_POST['day']),
	bigintval($_POST['month']),
	bigintval($_POST['year']),
	generateHash($_POST['pass1']),
	bigintval($_POST['max_mails']),
	bigintval($_POST['max_mails']),
	bigintval($_POST['refid']),
	$hash,
	getenv('REMOTE_ADDR'),
), __FILE__, __LINE__);

	// Get his userid
	$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE user_hash='%s' LIMIT 1",
	 array($hash), __FILE__, __LINE__);
	list($userid) = SQL_FETCHROW($result);

	// Secure userid (we have a little paranoia ;-) )
	$userid = bigintval($userid);

	// Write his welcome-points
	$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=0 LIMIT 1",
	 array(bigintval($userid)), __FILE__, __LINE__);
	if (SQL_NUMROWS($result) == 0)
	{
		// Add only when the line was not found (maybe some more secure?)
		$locked = "points";
		if ($CONFIG['ref_payout'] > 0) $locked = "locked_points"; // Pay him later. First he has to confirm some mails!
		$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, ".$locked.") VALUES(%d, 0, '%s')",
		 array(bigintval($userid), $CONFIG['points_register']), __FILE__, __LINE__);

		// Update mediadata as well
		if ((GET_EXT_VERSION("mediadata") >= "0.0.4") && ($locked == "points")) {
			// Update database
			MEDIA_UPDATE_ENTRY(array("total_points"), "add", $CONFIG['points_register']);
		}
	}

	// Write catgories
	if ((is_array($_POST['cat'])) && (count($_POST['cat']))) {
		foreach ($_POST['cat'] as $cat=>$joined) {
			if ($joined == "Y") {
				// Insert category entry
				$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_cats (userid, cat_id) VALUES (%d, %d)",
				 array(bigintval($userid), bigintval($cat)), __FILE__, __LINE__);
			}
		}
	}

	// Rewrite sex
	$sex = TRANSLATE_SEX($_POST['sex']);

	// ... rewrite a zero referral ID to the main title
	if ($_POST['refid'] == "0") $_POST['refid'] = MAIN_TITLE;

	// Prepare data array for the email template
	// Start with the salutation...
	$DATA = array(
		'hash'    => $hash,
		'uid'     => $userid,
		'salut'   => $sex,
		'surname' => $_POST['surname'],
		'family'  => $_POST['family_name'],
		'email'   => $_POST['addy'],
		'street'  => $_POST['street_nr'],
		'city'    => $_POST['city'],
		'zip'     => bigintval($_POST['zip']),
		'country' => $countryData,
		'refid'   => $_POST['refid'],
		'pass'    => $_POST['pass1'],
	);

	// Continue with birthday...
	switch (GET_LANGUAGE())
	{
	case "de":
		$DATA['birthday'] = $_POST['day'].".".$_POST['month'].".".$_POST['year'];
		break;

	default:
		$DATA['birthday'] = $_POST['month']."/".$_POST['day']."/".$_POST['year'];
		break;
	}

	// Display information to the user that he got mail and send it away
	$msg_guest = LOAD_EMAIL_TEMPLATE("register-member", $DATA, $userid);

	// Send mail to user (confirmation link!)
	$EMAIL = $DATA['email'];
	SEND_EMAIL ($DATA['email'], GUEST_CONFIRM_LINK, $msg_guest);
	$DATA['email'] = $EMAIL;

	// Send mail to admin
	if (GET_EXT_VERSION("admins") >= "0.4.1")
	{
		// Use new system
		SEND_ADMIN_EMAILS_PRO(ADMIN_NEW_ACCOUNT, "register-admin", $DATA, $userid);
	}
	 else
	{
		// Use old system
		$msg_admin = LOAD_EMAIL_TEMPLATE("register-admin", $DATA, $userid);
		SEND_ADMIN_EMAILS (ADMIN_NEW_ACCOUNT, $msg_admin);
	}

	// Output success registration
	LOAD_TEMPLATE("admin_settings_saved", false, REGISTRATION_DONE);
}
 else
{
	if ($_POST['agree'] == "!")
	{
		OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".HAVE_TO_AGREE."</SPAN></STRONG><BR><BR>");
	}
	if ($_POST['addy'] == "!")
	{
		OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_EMAIL."</SPAN></STRONG><BR><BR>");
		$_POST['addy'] = "";
	}
	 elseif ($_POST['addy'] == "?")
	{
		OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".EMAIL_ALREADY_DB."</SPAN></STRONG><BR><BR>");
		$_POST['addy'] = "";
	}
	if ($_POST['surname'] == "!")
	{
		OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_SURNAME."</SPAN></STRONG><BR><BR>");
		$_POST['surname'] = "";
	}
	if ($_POST['family_name'] == "!")
	{
		OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_FAMILY."</SPAN></STRONG><BR><BR>");
		$_POST['family_name'] = "";
	}
	if (($_POST['pass1'] == "!") && ($_POST['pass2'] == "!"))
	{
		OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_BOTH_PASSWORDS."</SPAN></STRONG><BR><BR>");
	}
	 elseif ($_POST['pass1'] == "!")
	{
		OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_PASS1."</SPAN></STRONG><BR><BR>");
	}
	 elseif ($_POST['pass2'] == "!")
	{
		OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".ENTER_PASS2."</SPAN></STRONG><BR><BR>");
	}
	if ($SHORT_PASS)
	{
		OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".SHORT_PASS.": ".$CONFIG['pass_len']."</SPAN></STRONG><BR><BR>");
	}
	if ($IP_TIMEOUT)
	{
		OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".REMOTE_ADDR_TIMEOUT."</SPAN></STRONG><BR><BR>");
	}
	if ((!empty($cats)) && ($cats < $CONFIG['least_cats']))
	{
		OUTPUT_HTML ("<STRONG><SPAN class=\"register_failed\">".CATS_LEAST.": ".$CONFIG['least_cats']."</SPAN></STRONG><BR><BR>");
	}

	// Generate birthday selection
	switch (GET_LANGUAGE())
	{
	case "de": // German date format
		define('BIRTHDAY_SELECTION', ADD_SELECTION("day", $_POST['day']).ADD_SELECTION("month", $_POST['month']).ADD_SELECTION("year", $_POST['year']));
		break;

	default: // Default is the US date format... :)
		break;
	}

	// Adds a table for the guests with all visible categories
	define ('CATEGORY_SELECTION', REGISTER_ADD_CATEGORY_TABLE("guest", true));

	// Adds maximum receiveable mails list... :)
	define ('MAX_RECEIVE_LIST', ADD_MAX_RECEIVE_LIST("guest", "", true));

	// Check if nickname extension is active and get state if nickname is selected or userid
	$nick = false;
	if (EXT_IS_ACTIVE("nickname")) $nick = NICKNAME_IS_ACTIVE($GLOBALS['refid']);

	// Is the nickname valid?
	if (!$nick) {
		// Nope, disable it
		if (GET_EXT_VERSION("sql_patches") != "") {
			// Use default refid
			$GLOBALS['refid'] = $CONFIG['def_refid'];
		} else {
			// Set zero
			$GLOBALS['refid'] = 0;
		}
	}

	// Shall I display the refid or shall I make it editable?
	if ($CONFIG['display_refid'] == "Y") {
		// Load template to enter it
		define('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid", true, $GLOBALS['refid']));
	} else {
		// Load "hide" form template
		define ('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid_hide", true, $GLOBALS['refid']));
	}

	// You may want to modify the register_header.tpl.xx file and not this script when you add your scripts etc. :-)
	define('REGISTER_HEADER_CONTENT', LOAD_TEMPLATE("register_header", true));

	// Please select at least x categories
	define('LEAST_CATS_VALUE', $CONFIG['least_cats']);

	// Other values
	define('__SURNAME', $_POST['surname']);   define('__FAMILY',  $_POST['family_name']);
	define('__STREET',  $_POST['street_nr']); define('__COUNTRY', $_POST['cntry']);
	define('__ZIP',     $_POST['zip']);       define('__CITY',    $_POST['city']);
	define('__ADDY',    $_POST['addy']);

	// Shall I add a counrty selection box or the old input box?
	if (EXT_IS_ACTIVE("country"))
	{
		// New variant, good!
		$OUT  = "<SELECT name=\"country_code\" class=\"guest_select\" size=\"1\">\n";
		$WHERE = "WHERE is_active='Y'";
		if (IS_ADMIN()) $WHERE = "";
		$OUT .= ADD_OPTION_LINES("countries", "id", "descr", $_POST['country_code'], "code", $WHERE);
		$OUT .= "</SELECT>";
		define('__COUNTRY_CONTENT', $OUT);
	}
	 else
	{
		// Old out-dated variant
		define('__COUNTRY_CONTENT', "<INPUT type=\"text\" name=\"cntry\" class=\"guest_normal\" size=\"2\" maxlength=\"3\" value=\"".__COUNTRY."\">");
	}

	// Set MUST_??? constants
	if ((EXT_IS_ACTIVE("register")) && (GET_EXT_VERSION("register") > "0.0")) REGISTER_FILL_MUST_CONSTANTS();

	// Display registration form
	LOAD_TEMPLATE("guest_register");
}
CLOSE_TABLE();
//
?>