<?php
/************************************************************************
 * MXChange v0.2.1                                    Start: 10/10/2003 *
 * ===============                              Last change: 11/26/2004 *
 *                                                                      *
 * -------------------------------------------------------------------- *
 * File              : what-register.php                                *
 * -------------------------------------------------------------------- *
 * Short description : Registration form                                *
 * -------------------------------------------------------------------- *
 * Kurzbeschreibung  : Anmeldeformular                                  *
 * -------------------------------------------------------------------- *
 * $Revision::                                                        $ *
 * $Date::                                                            $ *
 * $Tag:: 0.2.1-FINAL                                                 $ *
 * $Author::                                                          $ *
 * Needs to be in all Files and every File needs "svn propset           *
 * svn:keywords Date Revision" (autoprobset!) at least!!!!!!            *
 * -------------------------------------------------------------------- *
 * Copyright (c) 2003 - 2008 by Roland Haeder                           *
 * For more information visit: http://www.mxchange.org                  *
 *                                                                      *
 * This program is free software; you can redistribute it and/or modify *
 * it under the terms of the GNU General Public License as published by *
 * the Free Software Foundation; either version 2 of the License, or    *
 * (at your option) any later version.                                  *
 *                                                                      *
 * This program is distributed in the hope that it will be useful,      *
 * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
 * GNU General Public License for more details.                         *
 *                                                                      *
 * You should have received a copy of the GNU General Public License    *
 * along with this program; if not, write to the Free Software          *
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
 * MA  02110-1301  USA                                                  *
 ************************************************************************/

// Some security stuff...
if (!defined('__SECURITY')) {
	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), '/inc') + 4) . '/security.php';
	require($INC);
} elseif ((!EXT_IS_ACTIVE('register'))) {
	addFatalMessage(__FILE__, __LINE__, generateExtensionInactiveNotInstalledMessage('register'));
	return;
}

// Add description as navigation point
ADD_DESCR('guest', __FILE__);

global $DATA;

// Initialize variables
$isFailed   = false;
$shortPass = false;
$cats       = 0;
$ipTimedOut = false;

/**
 * @TODO Commented out, do we need this ugly code?
if (!isFormSent()) REQUEST_UNSET_POST('ok');

if (!REQUEST_ISSET_POST('agree'))        REQUEST_SET_POST('agree'       , '');
if (!REQUEST_ISSET_POST('addy'))         REQUEST_SET_POST('addy'        , '');
if (!REQUEST_ISSET_POST('surname'))      REQUEST_SET_POST('surname'     , '');
if (!REQUEST_ISSET_POST('family'))       REQUEST_SET_POST('family'      , '');
if (!REQUEST_ISSET_POST('pass1'))        REQUEST_SET_POST('pass1'       , '');
if (!REQUEST_ISSET_POST('pass2'))        REQUEST_SET_POST('pass2'       , '');
if (!REQUEST_ISSET_POST('day'))          REQUEST_SET_POST('day'         , '');
if (!REQUEST_ISSET_POST('month'))        REQUEST_SET_POST('month'       , '');
if (!REQUEST_ISSET_POST('year'))         REQUEST_SET_POST('year'        , '');
if (!REQUEST_ISSET_POST('max_mails'))    REQUEST_SET_POST('max_mails'   , '');
if (!REQUEST_ISSET_POST('street_nr'))    REQUEST_SET_POST('street_nr'   , '');
if (!REQUEST_ISSET_POST('zip'))          REQUEST_SET_POST('zip'         , '');
if (!REQUEST_ISSET_POST('city'))         REQUEST_SET_POST('city'        , '');
if (!REQUEST_ISSET_POST('cntry'))        REQUEST_SET_POST('cntry'       , '');
if (!REQUEST_ISSET_POST('country_code')) REQUEST_SET_POST('country_code', '1');
*/

// Default refid is zero
REQUEST_SET_POST('refid', 0);
if ($GLOBALS['refid'] > 0) {
	// Test if the refid is valid
	$result = SQL_QUERY_ESC("SELECT `userid` FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `userid`=%s LIMIT 1",
		array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);

	// Userid found?
	//* DEBUG: */ die("refid={$GLOBALS['refid']}/numRows=".SQL_NUMROWS($result)."");
	if (SQL_NUMROWS($result) == 0) {
		// Not found so we set your refid!
		REQUEST_SET_POST('refid', getConfig('def_refid'));
		setSession('refid', getConfig('def_refid'));
	} else {
		// Use the refid here
		REQUEST_SET_POST('refid', $GLOBALS['refid']);
	}
} // END - if

if (isFormSent()) {
	// First we only check the submitted data then we continue... :)
	//
	// Did he agree to our Terms Of Usage?
	if (REQUEST_POST('agree') != 'Y') {
		REQUEST_SET_POST('agree', '!');
		$isFailed = true;
	} // END - if

	// Did he enter a valid email address? (we really don't care about
	// that, he has to click on a confirmation link :P )
	if ((!REQUEST_ISSET_POST('addy')) || (!isEmailValid(REQUEST_POST('addy')))) {
		REQUEST_SET_POST('addy', '!');
		$isFailed = true;
	} // END - if

	// And what about surname and family's name?
	if (!REQUEST_ISSET_POST('surname')) {
		REQUEST_SET_POST('surname', '!');
		$isFailed = true;
	} // END - if
	if (!REQUEST_ISSET_POST('family')) {
		REQUEST_SET_POST('family', '!');
		$isFailed = true;
	} // END - if

	// Get temporary array for modification
	$postArray = REQUEST_POST_ARRAY();

	// Check for required fields
	if ($isFailed === false) $isFailed = ifRequiredRegisterFieldsAreSet($postArray);

	// Set it back in request
	REQUEST_SET_POST_ARRAY($postArray);

	// Did he enter his password twice?
	if (((!REQUEST_ISSET_POST('pass1')) || (!REQUEST_ISSET_POST('pass2'))) || ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) && (REQUEST_ISSET_POST('pass1')) && (REQUEST_ISSET_POST('pass2')))) {
		if ((REQUEST_POST('pass1') != REQUEST_POST('pass2')) && (REQUEST_ISSET_POST('pass1')) && (REQUEST_ISSET_POST('pass2'))) {
			REQUEST_SET_POST('pass1', '!');
			REQUEST_SET_POST('pass2', '!');
		} else {
			if (!REQUEST_ISSET_POST('pass1')) { REQUEST_SET_POST('pass1', '!'); } else { REQUEST_SET_POST('pass1', ''); }
			if (!REQUEST_ISSET_POST('pass2')) { REQUEST_SET_POST('pass2', '!'); } else { REQUEST_SET_POST('pass2', ''); }
		}
		$isFailed = true;
	} // END - if

	// Is the password long enouth?
	if ((strlen(REQUEST_POST('pass1')) < getConfig('pass_len')) && ($isFailed === false)) {
		$shortPass = true;
		$isFailed = true;
	} // END - if

	// No admin? Admins can always register!
	if (!IS_ADMIN()) {
		// Do this check only when no admin is logged in
		foreach (REQUEST_POST('cat') as $id => $answer) {
			if ($answer == 'Y') $cats++;
		} // END - foreach

		if ($cats < getConfig('least_cats')) {
			// ... nope!
			$isFailed = true;
		} // END - if
	} // END - if

	if ((REQUEST_POST('addy') != '!') && (getConfig('check_double_email') == 'Y')) {
		// Does the email address already exists in our database?
		$CHK = isEmailTaken(REQUEST_POST('addy'));
		if ($CHK === true) {
			REQUEST_SET_POST('addy', '?');
			$isFailed = true;
		} // END - if
	} // END - if

	// Check for IP timeout?
	if (getConfig('ip_timeout') > 0) {
		// Check his IP number
		$result = SQL_QUERY_ESC("SELECT joined, last_update FROM `{!_MYSQL_PREFIX!}_user_data` WHERE REMOTE_ADDR='%s' AND (joined > (UNIX_TIMESTAMP() - %s) OR last_update > (UNIX_TIMESTAMP() - %s)) LIMIT 1",
		array(detectRemoteAddr(), getConfig('ip_timeout'), getConfig('ip_timeout')), __FILE__, __LINE__);
		if (SQL_NUMROWS($result) == 1) {
			// Same IP in timeout range and different email address entered... Eat this, faker! ;-)
			// But admins are allowed to fake their own exchange service.
			$ipTimedOut = true;
			$isFailed = true;
		} // END - if
	} // END - if

	// Free memory
	SQL_FREERESULT($result);
}

if ((isFormSent()) && (($isFailed === false) || (IS_ADMIN()))) {
	// Prepapre month and day of birth
	if (strlen(REQUEST_POST('day'))   == 1) REQUEST_SET_POST('day'  , '0'.REQUEST_POST('day'));
	if (strlen(REQUEST_POST('month')) == 1) REQUEST_SET_POST('month', '0'.REQUEST_POST('month'));

	// Get total ...
	// ... confirmed, ...
	$confirmedUsers   = GET_TOTAL_DATA('CONFIRMED'  , 'user_data', 'userid', 'status', true);
	// ... unconfirmed ...
	$unconfirmedUsers = GET_TOTAL_DATA('UNCONFIRMED', 'user_data', 'userid', 'status', true);
	// ... and locked users!
	$lockedUsers      = GET_TOTAL_DATA('LOCKED'     , 'user_data', 'userid', 'status', true);

	// Generate hash which will be inserted into confirmation mail
	$hash = generateHash(sha1($confirmedUsers.getConfig('ENCRYPT_SEPERATOR').$unconfirmedUsers.getConfig('ENCRYPT_SEPERATOR').$lockedUsers.getConfig('ENCRYPT_SEPERATOR').REQUEST_POST('month') . '-'.REQUEST_POST('day') . '-'.REQUEST_POST('year').getConfig('ENCRYPT_SEPERATOR').getenv('SERVER_NAME').getConfig('ENCRYPT_SEPERATOR').detectRemoteAddr().getConfig('ENCRYPT_SEPERATOR').detectUserAgent() . '/' . getConfig('SITE_KEY') . '/' . getConfig('DATE_KEY') . '/'. constant('RAND_NUMBER')));

	// Add design when extension sql_patches is v0.2.7 or greater
	// @TODO Rewrite these all to a single filter
	$ADD1 = '';
	$ADD2 = '';
	if (GET_EXT_VERSION('theme') >= '0.0.8') {
		// Okay, add design here
		$ADD1 = ", `curr_theme`";
		$ADD2 = ", '".getCurrentTheme()."'";
	} // END - if

	// Check if I shall disable sending mail to newly registered members out about active/begging rallye
	//
	// First comes first: begging rallye
	if (GET_EXT_VERSION('beg') >= '0.1.7') {
		// Okay, shall I disable now?
		if (getConfig('beg_new_mem_notify') != 'Y') {
			$ADD1 .= ", `beg_ral_notify`, `beg_ral_en_notify`";
			$ADD2 .= ", UNIX_TIMESTAMP(), UNIX_TIMESTAMP()";
		} // END - if
	} // END - if

	// Second: active rallye
	if (GET_EXT_VERSION('bonus') >= '0.7.7') {
		// Okay, shall I disable now?
		if (getConfig('bonus_new_mem_notify') != 'Y') {
			$ADD1 .= ", `bonus_ral_notify`, `bonus_ral_en_notify`";
			$ADD2 .= ", UNIX_TIMESTAMP(), UNIX_TIMESTAMP()";
		} // END - if
	} // END - if

	// Write user data to table
	if (EXT_IS_ACTIVE('country')) {
		// Save with new selectable country code
		$countryRow = "`country_code`";
		$countryData = bigintval(REQUEST_POST('country_code'));
	} else {
		// Old way with enterable two-char-code
		$countryRow = "`country`";
		$countryData = substr(REQUEST_POST('cntry'), 0, 2);
	}

	//////////////////////////////
	// Create user's account... //
	//////////////////////////////
	//
	SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_data` (gender, surname, family, street_nr,%s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.")
VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONFIRMED','%s','%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
	array(
		$countryRow,
		substr(REQUEST_POST('gender'), 0, 1),
		REQUEST_POST('surname'),
		REQUEST_POST('family'),
		REQUEST_POST('street_nr'),
		$countryData,
		bigintval(REQUEST_POST('zip')),
		REQUEST_POST('city'),
		REQUEST_POST('addy'),
		bigintval(REQUEST_POST('day')),
		bigintval(REQUEST_POST('month')),
		bigintval(REQUEST_POST('year')),
		generateHash(REQUEST_POST('pass1')),
		bigintval(REQUEST_POST('max_mails')),
		bigintval(REQUEST_POST('max_mails')),
		bigintval(REQUEST_POST('refid')),
		$hash,
		detectRemoteAddr(),
	), __FILE__, __LINE__);

	// Get his userid
	$userid = SQL_INSERTID();

	// Did this work?
	if ($userid == 0) {
		// Something bad happened!
		LOAD_TEMPLATE('admin_settings_saved', false, getMessage('USER_NOT_REGISTERED'));
		return;
	} // END - if

	// Is the refback extension there?
	// @TODO Rewrite this to a filter
	if (EXT_IS_ACTIVE('refback')) {
		// Update refback table
		updateRefbackTable($userid);
	} // END - if

	// Write his welcome-points
	$result = SQL_QUERY_ESC("SELECT `id` FROM `{!_MYSQL_PREFIX!}_user_points` WHERE userid=%s AND ref_depth=0 LIMIT 1",
		array(bigintval($userid)), __FILE__, __LINE__);
	if (SQL_NUMROWS($result) == 0) {
		// Add only when the line was not found (maybe some more secure?)
		$locked = 'points';
		if (getConfig('ref_payout') > 0) $locked = "locked_points"; // Pay him later. First he has to confirm some mails!
		SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_points` (userid, ref_depth, ".$locked.") VALUES (%s,0,'%s')",
			array(bigintval($userid), getConfig('points_register')), __FILE__, __LINE__);

		// Update mediadata as well
		if ((GET_EXT_VERSION('mediadata') >= '0.0.4') && ($locked == 'points')) {
			// Update database
			MEDIA_UPDATE_ENTRY(array('total_points'), 'add', getConfig('points_register'));
		} // END - if
	} // END - if

	// Write catgories
	if ((is_array(REQUEST_POST('cat'))) && (count(REQUEST_POST('cat')))) {
		foreach (REQUEST_POST('cat') as $cat => $joined) {
			if ($joined == 'Y') {
				// Insert category entry
				SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_cats` (userid, cat_id) VALUES (%s, %s)",
				array(bigintval($userid), bigintval($cat)), __FILE__, __LINE__);
			} // END - if
		} // END - foreach
	} // END - if

	// Rewrite gender
	$gender = translateGender(REQUEST_POST('gender'));

	// ... rewrite a zero referal ID to the main title
	if (REQUEST_POST('refid') == '0') REQUEST_SET_POST('refid', constant('MAIN_TITLE'));

	// Is ZIP code set?
	if (REQUEST_ISSET_POST('zip')) {
		// Prepare data array for the email template
		// Start with the gender...
		$DATA = array(
			'hash'    => $hash,
			'uid'     => $userid,
			'gender'  => $gender,
			'surname' => SQL_ESCAPE(REQUEST_POST('surname')),
			'family'  => SQL_ESCAPE(REQUEST_POST('family')),
			'email'   => SQL_ESCAPE(REQUEST_POST('addy')),
			'street'  => SQL_ESCAPE(REQUEST_POST('street_nr')),
			'city'    => SQL_ESCAPE(REQUEST_POST('city')),
			'zip'     => bigintval(REQUEST_POST('zip')),
			'country' => $countryData,
			'refid'   => SQL_ESCAPE(REQUEST_POST('refid')),
			'pass'    => SQL_ESCAPE(REQUEST_POST('pass1')),
		);
	} else {
		// No ZIP code entered
		$DATA = array(
			'hash'    => $hash,
			'uid'     => $userid,
			'gender'  => $gender,
			'surname' => SQL_ESCAPE(REQUEST_POST('surname')),
			'family'  => SQL_ESCAPE(REQUEST_POST('family')),
			'email'   => SQL_ESCAPE(REQUEST_POST('addy')),
			'street'  => SQL_ESCAPE(REQUEST_POST('street_nr')),
			'city'    => SQL_ESCAPE(REQUEST_POST('city')),
			'zip'     => "",
			'country' => $countryData,
			'refid'   => SQL_ESCAPE(REQUEST_POST('refid')),
			'pass'    => SQL_ESCAPE(REQUEST_POST('pass1')),
		);
	}

	// Continue with birthday...
	switch (getLanguage()) {
		case 'de':
			$DATA['birthday'] = bigintval(REQUEST_POST('day')) . '.' . bigintval(REQUEST_POST('month')) . '.' . bigintval(REQUEST_POST('year'));
			break;

		default:
			$DATA['birthday'] = bigintval(REQUEST_POST('month')) . '/' . bigintval(REQUEST_POST('day')) . '/' . bigintval(REQUEST_POST('year'));
			break;
	} // END - switch

	// Display information to the user that he got mail and send it away
	$messageGuest = LOAD_EMAIL_TEMPLATE('register-member', $DATA, $userid);

	// Send mail to user (confirmation link!)
	$email = $DATA['email'];
	sendEmail($DATA['email'], getMessage('GUEST_CONFIRM_LINK'), $messageGuest);
	$DATA['email'] = $email;

	// Send mail to admin
	sendAdminNotification(getMessage('ADMIN_NEW_ACCOUNT'), 'register-admin', $DATA, $userid);

	// Output success registration
	LOAD_TEMPLATE('admin_settings_saved', false, getMessage('REGISTRATION_DONE'));
} else {
	if (REQUEST_POST('agree') == '!') {
		registerOutputFailedMessage('HAVE_TO_AGREE');
	} // END - if

	if (REQUEST_POST('addy') == '!') {
		registerOutputFailedMessage('ENTER_EMAIL');
		REQUEST_SET_POST('addy', '');
	} elseif (REQUEST_POST('addy') == '?') {
		registerOutputFailedMessage('EMAIL_ALREADY_DB');
		REQUEST_SET_POST('addy', '');
	}

	if (REQUEST_POST('surname') == '!') {
		registerOutputFailedMessage('ENTER_SURNAME');
		REQUEST_SET_POST('surname', '');
	} // END - if

	if (REQUEST_POST('family') == '!') {
		registerOutputFailedMessage('ENTER_FAMILY');
		REQUEST_SET_POST('family', '');
	} // END - if

	if ((REQUEST_POST('pass1') == '!') && (REQUEST_POST('pass2') == '!')) {
		registerOutputFailedMessage('ENTER_BOTH_PASSWORDS');
	} elseif (REQUEST_POST('pass1') == '!') {
		registerOutputFailedMessage('ENTER_PASS1');
	} elseif (REQUEST_POST('pass2') == '!') {
		registerOutputFailedMessage('ENTER_PASS2');
	}

	if ($shortPass === true) {
		registerOutputFailedMessage('SHORT_PASS', ": ".getConfig('pass_len'));
	} // END - if

	if ($ipTimedOut === true) {
		registerOutputFailedMessage('REMOTE_ADDR_TIMEOUT');
	} // END - if

	if ((!empty($cats)) && ($cats < getConfig('least_cats'))) {
		registerOutputFailedMessage(sprintf(getMessage('CATS_LEAST'), getConfig('least_cats')));
	} // END - if

	// Generate birthday selection
	switch (getLanguage()) {
		case 'de': // German date format
			define('BIRTHDAY_SELECTION', ADD_SELECTION('day', REQUEST_POST('day')).ADD_SELECTION('month', REQUEST_POST('month')).ADD_SELECTION('year', REQUEST_POST('year')));
			break;

		default: // Default is the US date format... :)
			define('BIRTHDAY_SELECTION', ADD_SELECTION('month', REQUEST_POST('month')).ADD_SELECTION('day', REQUEST_POST('day')).ADD_SELECTION('year', REQUEST_POST('year')));
			break;
	}

	// Adds a table for the guests with all visible categories
	define('CATEGORY_SELECTION', registerGenerateCategoryTable('guest', true));

	// Adds maximum receiveable mails list... :)
	define('MAX_RECEIVE_LIST', addMaxReceiveList('guest', '', true));

	// Shall I display the refid or shall I make it editable?
	if (getConfig('display_refid') == 'Y') {
		// Load "hide" form template
		define('REFID_CONTENT', LOAD_TEMPLATE('guest_register_refid_hide', true, $GLOBALS['refid']));
	} else {
		// Load template to enter it
		define('REFID_CONTENT', LOAD_TEMPLATE('guest_register_refid', true, $GLOBALS['refid']));
	}

	// You may want to modify the register_header.tpl.xx file and not this script when you add your scripts etc. :-)
	define('REGISTER_HEADER_CONTENT', LOAD_TEMPLATE('register_header', true));

	// Please select at least x categories
	define('LEAST_CATS_VALUE', getConfig('least_cats'));

	// Other values
	define('__SURNAME', SQL_ESCAPE(REQUEST_POST('surname')));
	define('__FAMILY',  SQL_ESCAPE(REQUEST_POST('family')));
	define('__STREET',  SQL_ESCAPE(REQUEST_POST('street_nr')));
	define('__COUNTRY', SQL_ESCAPE(REQUEST_POST('cntry')));
	if ((REQUEST_ISSET_POST('zip')) && (REQUEST_POST('zip') != '')) {
		define('__ZIP', bigintval(REQUEST_POST('zip')));
	} else {
		define('__ZIP', '');
	}
	define('__CITY',    SQL_ESCAPE(REQUEST_POST('city')));
	define('__ADDY',    SQL_ESCAPE(REQUEST_POST('addy')));

	// Shall I add a counrty selection box or the old input box?
	if (EXT_IS_ACTIVE('country')) {
		// New variant, good!
		$OUT  = "<select name=\"country_code\" class=\"guest_select\" size=\"1\">\n";
		$whereStatement = "WHERE `is_active`='Y'";
		if (IS_ADMIN()) $whereStatement = '';
		$OUT .= generateOptionList('countries', 'id', 'descr', REQUEST_POST('country_code'), 'code', $whereStatement);
		$OUT .= "</select>";
		define('__COUNTRY_CONTENT', $OUT);
	} else {
		// Old out-dated variant
		define('__COUNTRY_CONTENT', "<input type=\"text\" name=\"cntry\" class=\"guest_normal\" size=\"2\" maxlength=\"3\" value=\"{!__COUNTRY!}\" />");
	}

	// Set MUST_??? constants
	if ((EXT_IS_ACTIVE('register')) && (GET_EXT_VERSION('register') > '0.0')) registerMustFillout();

	// Display registration form
	LOAD_TEMPLATE('guest_register');
}

//
?>