X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fguest%2Fwhat-register.php;h=71f2c4443984099982cbea6686b98a58a0aa66e0;hp=eaad356ca9084a95b3ff98adae6550de714d7ffa;hb=143e78d4231adddd9e706cbf55ec5dd8c1651890;hpb=a2c2e0711e61b8ba5f3ee1fd4b3958d9014669a6

diff --git a/inc/modules/guest/what-register.php b/inc/modules/guest/what-register.php
index eaad356ca9..71f2c44439 100644
--- a/inc/modules/guest/what-register.php
+++ b/inc/modules/guest/what-register.php
@@ -32,13 +32,10 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
-}
- elseif ((!EXT_IS_ACTIVE("register")))
-{
+} elseif ((!EXT_IS_ACTIVE("register"))) {
 	if (IS_ADMIN()) {
 		ADD_FATAL(sprintf(EXTENSION_PROBLEM_NOT_INSTALLED, "register"));
 	} else {
@@ -50,7 +47,6 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 // Add description as navigation point
 ADD_DESCR("guest", basename(__FILE__));
 
-OPEN_TABLE("100%", "guest_content_align", "");
 global $_CONFIG, $DATA;
 
 // Initialize variables
@@ -77,7 +73,7 @@ if (isset($_POST['ok']))
 	// First we only check the submitted data then we continue... :)
 	//
 	// Did he agree to our Terms Of Usage?
-	if ($_POST['agree'] != 'Y')
+	if ($_POST['agree'] != "Y")
 	{
 		$_POST['agree'] = "!";
 		$FAILED = true;
@@ -131,9 +127,9 @@ if (isset($_POST['ok']))
 	if (!IS_ADMIN())
 	{
 		// Do this check only when no admin is logged in
-		foreach ($_POST['cat'] as $id=>$answer)
+		foreach ($_POST['cat'] as $id => $answer)
 		{
-			if ($answer == 'Y') $cats++;
+			if ($answer == "Y") $cats++;
 		}
 		if ($cats < $_CONFIG['least_cats'])
 		{
@@ -141,7 +137,7 @@ if (isset($_POST['ok']))
 			$FAILED = true;
 		}
 	}
-	if (($_POST['addy'] != "!") && ($_CONFIG['check_double_email'] == 'Y') && (!IS_ADMIN()))
+	if (($_POST['addy'] != "!") && ($_CONFIG['check_double_email'] == "Y") && (!IS_ADMIN()))
 	{
 		// Does the email address already exists in our database?
 		$CHK = SEARCH_EMAIL_USERTAB($_POST['addy']);
@@ -149,9 +145,8 @@ if (isset($_POST['ok']))
 	}
 
 	// Check his IP number
-	$to = bigintval(time() - $_CONFIG['ip_timeout']);
-	$result = SQL_QUERY_ESC("SELECT joined, last_update FROM "._MYSQL_PREFIX."_user_data WHERE REMOTE_ADDR='%s' AND (joined > %s OR last_update > %s) LIMIT 1",
-	 array(getenv('REMOTE_ADDR'), $to, $to), __FILE__, __LINE__);
+	$result = SQL_QUERY_ESC("SELECT joined, last_update FROM "._MYSQL_PREFIX."_user_data WHERE REMOTE_ADDR='%s' AND (joined > (UNIX_TIMESTAMP() - %s) OR last_update > (UNIX_TIMESTAMP() - %s)) LIMIT 1",
+	 array(getenv('REMOTE_ADDR'), $_CONFIG['ip_timeout'], $_CONFIG['ip_timeout']), __FILE__, __LINE__);
 	if ((SQL_NUMROWS($result) == 1) && (!IS_ADMIN()))
 	{
 		// Same IP in timeout range and different email address entered... Eat this, faker! ;-)
@@ -160,15 +155,18 @@ if (isset($_POST['ok']))
 		$FAILED = true;
 	}
 
-	// Test the refid (because some strange hackers... :-P)
-	$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
-	 array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
-	if (SQL_NUMROWS($result) == 0)
-	{
-		// Not found so we set your refid!
-		$_POST['refid'] = $_CONFIG['def_refid'];
-		set_session("refid", $_CONFIG['def_refid']);
-	}
+	// Default refid is zero
+	$_POST['refid'] = 0;
+	if ($GLOBALS['refid'] > 0) {
+		// Test if the refid is valid
+		$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
+			array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
+		if (SQL_NUMROWS($result) == 0) {
+			// Not found so we set your refid!
+			$_POST['refid'] = $_CONFIG['def_refid'];
+			set_session("refid", $_CONFIG['def_refid']);
+		} // END - if
+	} // END - if
 
 	// Free memory
 	SQL_FREERESULT($result);
@@ -198,7 +196,7 @@ if ((isset($_POST['ok'])) && (!$FAILED))
 	if (GET_EXT_VERSION("beg") >= "0.1.7")
 	{
 		// Okay, shall I disable now?
-		if ($_CONFIG['beg_new_mem_notify'] == 'N')
+		if ($_CONFIG['beg_new_mem_notify'] == "N")
 		{
 			$ADD1 .= ", beg_ral_notify, beg_ral_en_notify";
 			$ADD2 .= ", UNIX_TIMESTAMP(), UNIX_TIMESTAMP()";
@@ -206,25 +204,20 @@ if ((isset($_POST['ok'])) && (!$FAILED))
 	}
 
 	// Second: active rallye
-	if (GET_EXT_VERSION("bonus") >= "0.7.7")
-	{
+	if (GET_EXT_VERSION("bonus") >= "0.7.7") {
 		// Okay, shall I disable now?
-		if ($_CONFIG['bonus_new_mem_notify'] == 'N')
-		{
+		if ($_CONFIG['bonus_new_mem_notify'] == "N") {
 			$ADD1 .= ", bonus_ral_notify, bonus_ral_en_notify";
 			$ADD2 .= ", UNIX_TIMESTAMP(), UNIX_TIMESTAMP()";
-		}
-	}
+		} // END - if
+	} // END - if
 
 	// Write user data to table
-	if (EXT_IS_ACTIVE("country"))
-	{
+	if (EXT_IS_ACTIVE("country")) {
 		// Save with new selectable country code
 		$countryRow = "country_code";
 		$countryData = bigintval($_POST['country_code']);
-	}
-	 else
-	{
+	} else {
 		// Old way with enterable two-char-code
 		$countryRow = "country";
 		$countryData = addslashes(substr($_POST['cntry'], 0, 2));
@@ -234,78 +227,79 @@ if ((isset($_POST['ok'])) && (!$FAILED))
 	// Create user's account... //
 	//////////////////////////////
 	//
-	$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_data (sex, surname, family, street_nr, %s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.")
-VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', %d, %d, %d, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
-array(
-	$countryRow,
-	SQL_ESCAPE(substr($_POST['sex'], 0, 1)),
-	SQL_ESCAPE($_POST['surname']),
-	SQL_ESCAPE($_POST['family_name']),
-	SQL_ESCAPE($_POST['street_nr']),
-	$countryData,
-	bigintval($_POST['zip']),
-	SQL_ESCAPE($_POST['city']),
-	SQL_ESCAPE($_POST['addy']),
-	bigintval($_POST['day']),
-	bigintval($_POST['month']),
-	bigintval($_POST['year']),
-	generateHash($_POST['pass1']),
-	bigintval($_POST['max_mails']),
-	bigintval($_POST['max_mails']),
-	bigintval($_POST['refid']),
-	$hash,
-	getenv('REMOTE_ADDR'),
-), __FILE__, __LINE__);
+	$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_data (gender, surname, family, street_nr,%s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.")
+VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONFIRMED','%s','%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
+	array(
+		$countryRow,
+		SQL_ESCAPE(substr($_POST['gender'], 0, 1)),
+		SQL_ESCAPE($_POST['surname']),
+		SQL_ESCAPE($_POST['family_name']),
+		SQL_ESCAPE($_POST['street_nr']),
+		$countryData,
+		bigintval($_POST['zip']),
+		SQL_ESCAPE($_POST['city']),
+		SQL_ESCAPE($_POST['addy']),
+		bigintval($_POST['day']),
+		bigintval($_POST['month']),
+		bigintval($_POST['year']),
+		generateHash($_POST['pass1']),
+		bigintval($_POST['max_mails']),
+		bigintval($_POST['max_mails']),
+		bigintval($_POST['refid']),
+		$hash,
+		getenv('REMOTE_ADDR'),
+	), __FILE__, __LINE__);
 
 	// Get his userid
-	$result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE user_hash='%s' LIMIT 1",
-	 array($hash), __FILE__, __LINE__);
-	list($userid) = SQL_FETCHROW($result);
+	$userid = SQL_INSERTID();
 
-	// Secure userid (we have a little paranoia ;-) )
-	$userid = bigintval($userid);
+	// Did this work?
+	if ($userid == 0) {
+		// Something bad happened!
+		LOAD_TEMPLATE("admin_settings_saved", false, USER_NOT_REGISTERED);
+		return;
+	} // END - if
 
 	// Write his welcome-points
-	$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=0 LIMIT 1",
+	$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND ref_depth=0 LIMIT 1",
 	 array(bigintval($userid)), __FILE__, __LINE__);
-	if (SQL_NUMROWS($result) == 0)
-	{
+	if (SQL_NUMROWS($result) == 0) {
 		// Add only when the line was not found (maybe some more secure?)
 		$locked = "points";
 		if ($_CONFIG['ref_payout'] > 0) $locked = "locked_points"; // Pay him later. First he has to confirm some mails!
-		$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, ".$locked.") VALUES(%d, 0, '%s')",
+		$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, ".$locked.") VALUES(%s,0,'%s')",
 		 array(bigintval($userid), $_CONFIG['points_register']), __FILE__, __LINE__);
 
 		// Update mediadata as well
 		if ((GET_EXT_VERSION("mediadata") >= "0.0.4") && ($locked == "points")) {
 			// Update database
 			MEDIA_UPDATE_ENTRY(array("total_points"), "add", $_CONFIG['points_register']);
-		}
-	}
+		} // END - if
+	} // END - if
 
 	// Write catgories
 	if ((is_array($_POST['cat'])) && (count($_POST['cat']))) {
-		foreach ($_POST['cat'] as $cat=>$joined) {
-			if ($joined == 'Y') {
+		foreach ($_POST['cat'] as $cat => $joined) {
+			if ($joined == "Y") {
 				// Insert category entry
-				$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_cats (userid, cat_id) VALUES (%d, %d)",
+				$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_cats (userid, cat_id) VALUES (%s, %s)",
 				 array(bigintval($userid), bigintval($cat)), __FILE__, __LINE__);
-			}
-		}
-	}
+			} // END - if
+		} // END - foreach
+	} // END - if
 
-	// Rewrite sex
-	$sex = TRANSLATE_SEX($_POST['sex']);
+	// Rewrite gender
+	$gender = TRANSLATE_GENDER($_POST['gender']);
 
 	// ... rewrite a zero referral ID to the main title
 	if ($_POST['refid'] == "0") $_POST['refid'] = MAIN_TITLE;
 
 	// Prepare data array for the email template
-	// Start with the salutation...
+	// Start with the gender...
 	$DATA = array(
 		'hash'    => $hash,
 		'uid'     => $userid,
-		'salut'   => $sex,
+		'gender'  => $gender,
 		'surname' => SQL_ESCAPE($_POST['surname']),
 		'family'  => SQL_ESCAPE($_POST['family_name']),
 		'email'   => SQL_ESCAPE($_POST['addy']),
@@ -325,7 +319,7 @@ array(
 		break;
 
 	default:
-		$DATA['birthday'] = bigintval($_POST['month']."/".bigintval($_POST['day'])."/".bigintval($_POST['year']);
+		$DATA['birthday'] = bigintval($_POST['month'])."/".bigintval($_POST['day'])."/".bigintval($_POST['year']);
 		break;
 	}
 
@@ -338,71 +332,52 @@ array(
 	$DATA['email'] = $EMAIL;
 
 	// Send mail to admin
-	if (GET_EXT_VERSION("admins") >= "0.4.1")
-	{
-		// Use new system
-		SEND_ADMIN_EMAILS_PRO(ADMIN_NEW_ACCOUNT, "register-admin", $DATA, $userid);
-	}
-	 else
-	{
-		// Use old system
-		$msg_admin = LOAD_EMAIL_TEMPLATE("register-admin", $DATA, $userid);
-		SEND_ADMIN_EMAILS (ADMIN_NEW_ACCOUNT, $msg_admin);
-	}
+	SEND_ADMIN_NOTIFICATION(ADMIN_NEW_ACCOUNT, "register-admin", $DATA, $userid);
 
 	// Output success registration
 	LOAD_TEMPLATE("admin_settings_saved", false, REGISTRATION_DONE);
-}
- else
-{
-	if ($_POST['agree'] == "!")
-	{
+} else {
+	if ($_POST['agree'] == "!") {
 		OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".HAVE_TO_AGREE."</SPAN></STRONG><br /><br />");
-	}
-	if ($_POST['addy'] == "!")
-	{
+	} // END - if
+
+	if ($_POST['addy'] == "!") {
 		OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".ENTER_EMAIL."</SPAN></STRONG><br /><br />");
 		$_POST['addy'] = "";
-	}
-	 elseif ($_POST['addy'] == "?")
-	{
+	} elseif ($_POST['addy'] == "?") {
 		OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".EMAIL_ALREADY_DB."</SPAN></STRONG><br /><br />");
 		$_POST['addy'] = "";
 	}
-	if ($_POST['surname'] == "!")
-	{
+
+	if ($_POST['surname'] == "!") {
 		OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".ENTER_SURNAME."</SPAN></STRONG><br /><br />");
 		$_POST['surname'] = "";
-	}
-	if ($_POST['family_name'] == "!")
-	{
+	} // END - if
+
+	if ($_POST['family_name'] == "!") {
 		OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".ENTER_FAMILY."</SPAN></STRONG><br /><br />");
 		$_POST['family_name'] = "";
-	}
-	if (($_POST['pass1'] == "!") && ($_POST['pass2'] == "!"))
-	{
+	} // END - if
+
+	if (($_POST['pass1'] == "!") && ($_POST['pass2'] == "!")) {
 		OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".ENTER_BOTH_PASSWORDS."</SPAN></STRONG><br /><br />");
-	}
-	 elseif ($_POST['pass1'] == "!")
-	{
+	} elseif ($_POST['pass1'] == "!") {
 		OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".ENTER_PASS1."</SPAN></STRONG><br /><br />");
-	}
-	 elseif ($_POST['pass2'] == "!")
-	{
+	} elseif ($_POST['pass2'] == "!") {
 		OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".ENTER_PASS2."</SPAN></STRONG><br /><br />");
 	}
-	if ($SHORT_PASS)
-	{
+
+	if ($SHORT_PASS) {
 		OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".SHORT_PASS.": ".$_CONFIG['pass_len']."</SPAN></STRONG><br /><br />");
-	}
-	if ($IP_TIMEOUT)
-	{
+	} // END - if
+
+	if ($IP_TIMEOUT) {
 		OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".REMOTE_ADDR_TIMEOUT."</SPAN></STRONG><br /><br />");
-	}
-	if ((!empty($cats)) && ($cats < $_CONFIG['least_cats']))
-	{
+	} // END - if
+
+	if ((!empty($cats)) && ($cats < $_CONFIG['least_cats'])) {
 		OUTPUT_HTML("<STRONG><SPAN class=\"register_failed\">".CATS_LEAST.": ".$_CONFIG['least_cats']."</SPAN></STRONG><br /><br />");
-	}
+	} // END - if
 
 	// Generate birthday selection
 	switch (GET_LANGUAGE())
@@ -416,10 +391,10 @@ array(
 	}
 
 	// Adds a table for the guests with all visible categories
-	define ('CATEGORY_SELECTION', REGISTER_ADD_CATEGORY_TABLE("guest", true));
+	define('CATEGORY_SELECTION', REGISTER_ADD_CATEGORY_TABLE("guest", true));
 
 	// Adds maximum receiveable mails list... :)
-	define ('MAX_RECEIVE_LIST', ADD_MAX_RECEIVE_LIST("guest", "", true));
+	define('MAX_RECEIVE_LIST', ADD_MAX_RECEIVE_LIST("guest", "", true));
 
 	// Check if nickname extension is active and get state if nickname is selected or userid
 	$nick = false;
@@ -435,15 +410,15 @@ array(
 			// Set zero
 			$GLOBALS['refid'] = 0;
 		}
-	}
+	} // END - if
 
 	// Shall I display the refid or shall I make it editable?
-	if ($_CONFIG['display_refid'] == 'Y') {
+	if ($_CONFIG['display_refid'] == "Y") {
 		// Load template to enter it
-		define('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid", true, $GLOBALS['refid']));
+		define('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid_hide", true, $GLOBALS['refid']));
 	} else {
 		// Load "hide" form template
-		define ('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid_hide", true, $GLOBALS['refid']));
+		define('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid", true, $GLOBALS['refid']));
 	}
 
 	// You may want to modify the register_header.tpl.xx file and not this script when you add your scripts etc. :-)
@@ -453,10 +428,13 @@ array(
 	define('LEAST_CATS_VALUE', $_CONFIG['least_cats']);
 
 	// Other values
-	define('__SURNAME', $_POST['surname']);   define('__FAMILY',  $_POST['family_name']);
-	define('__STREET',  $_POST['street_nr']); define('__COUNTRY', $_POST['cntry']);
-	define('__ZIP',     $_POST['zip']);       define('__CITY',    $_POST['city']);
-	define('__ADDY',    $_POST['addy']);
+	define('__SURNAME', SQL_ESCAPE($_POST['surname']));
+	define('__FAMILY',  SQL_ESCAPE($_POST['family_name']));
+	define('__STREET',  SQL_ESCAPE($_POST['street_nr']));
+	define('__COUNTRY', SQL_ESCAPE($_POST['cntry']));
+	define('__ZIP',     bigintval($_POST['zip']));
+	define('__CITY',    SQL_ESCAPE($_POST['city']));
+	define('__ADDY',    SQL_ESCAPE($_POST['addy']));
 
 	// Shall I add a counrty selection box or the old input box?
 	if (EXT_IS_ACTIVE("country"))
@@ -481,6 +459,6 @@ array(
 	// Display registration form
 	LOAD_TEMPLATE("guest_register");
 }
-CLOSE_TABLE();
+
 //
 ?>