X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fguest%2Fwhat-register.php;h=f06e9ee66f391b88623d09c432b36ba1501b20c7;hp=e0e3ca9b3e648fe3fab785df4e4d5d544f7170b6;hb=963e55ca1ea79e255f235e359cde9f7862191dc5;hpb=5ef6ed7373ae85e5635e39e2a0adf9496a8add05 diff --git a/inc/modules/guest/what-register.php b/inc/modules/guest/what-register.php index e0e3ca9b3e..f06e9ee66f 100644 --- a/inc/modules/guest/what-register.php +++ b/inc/modules/guest/what-register.php @@ -32,13 +32,10 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); -} - elseif ((!EXT_IS_ACTIVE("register"))) -{ +} elseif ((!EXT_IS_ACTIVE("register"))) { if (IS_ADMIN()) { ADD_FATAL(sprintf(EXTENSION_PROBLEM_NOT_INSTALLED, "register")); } else { @@ -50,8 +47,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) // Add description as navigation point ADD_DESCR("guest", basename(__FILE__)); -OPEN_TABLE("100%", "guest_content_align", ""); -global $CONFIG, $DATA; +global $_CONFIG, $DATA; // Initialize variables $FAILED = false; $SHORT_PASS = false; $cats = 0; $IP_TIMEOUT = false; @@ -77,7 +73,7 @@ if (isset($_POST['ok'])) // First we only check the submitted data then we continue... :) // // Did he agree to our Terms Of Usage? - if ($_POST['agree'] != 'Y') + if ($_POST['agree'] != "Y") { $_POST['agree'] = "!"; $FAILED = true; @@ -122,7 +118,7 @@ if (isset($_POST['ok'])) $FAILED = true; } // Is the password long enouth? - if ((strlen($_POST['pass1']) < $CONFIG['pass_len']) && (!$FAILED) && (!IS_ADMIN())) + if ((strlen($_POST['pass1']) < $_CONFIG['pass_len']) && (!$FAILED) && (!IS_ADMIN())) { $SHORT_PASS = true; $FAILED = true; @@ -131,17 +127,17 @@ if (isset($_POST['ok'])) if (!IS_ADMIN()) { // Do this check only when no admin is logged in - foreach ($_POST['cat'] as $id=>$answer) + foreach ($_POST['cat'] as $id => $answer) { - if ($answer == 'Y') $cats++; + if ($answer == "Y") $cats++; } - if ($cats < $CONFIG['least_cats']) + if ($cats < $_CONFIG['least_cats']) { // ... nope! $FAILED = true; } } - if (($_POST['addy'] != "!") && ($CONFIG['check_double_email'] == 'Y') && (!IS_ADMIN())) + if (($_POST['addy'] != "!") && ($_CONFIG['check_double_email'] == "Y") && (!IS_ADMIN())) { // Does the email address already exists in our database? $CHK = SEARCH_EMAIL_USERTAB($_POST['addy']); @@ -149,7 +145,7 @@ if (isset($_POST['ok'])) } // Check his IP number - $to = bigintval(time() - $CONFIG['ip_timeout']); + $to = bigintval(time() - $_CONFIG['ip_timeout']); $result = SQL_QUERY_ESC("SELECT joined, last_update FROM "._MYSQL_PREFIX."_user_data WHERE REMOTE_ADDR='%s' AND (joined > %s OR last_update > %s) LIMIT 1", array(getenv('REMOTE_ADDR'), $to, $to), __FILE__, __LINE__); if ((SQL_NUMROWS($result) == 1) && (!IS_ADMIN())) @@ -161,13 +157,13 @@ if (isset($_POST['ok'])) } // Test the refid (because some strange hackers... :-P) - $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { // Not found so we set your refid! - $_POST['refid'] = $CONFIG['def_refid']; - @setcookie("refid", $CONFIG['def_refid'], (time() + $CONFIG['online_timeout']), COOKIE_PATH); + $_POST['refid'] = $_CONFIG['def_refid']; + set_session("refid", $_CONFIG['def_refid']); } // Free memory @@ -198,7 +194,7 @@ if ((isset($_POST['ok'])) && (!$FAILED)) if (GET_EXT_VERSION("beg") >= "0.1.7") { // Okay, shall I disable now? - if ($CONFIG['beg_new_mem_notify'] == 'N') + if ($_CONFIG['beg_new_mem_notify'] == "N") { $ADD1 .= ", beg_ral_notify, beg_ral_en_notify"; $ADD2 .= ", UNIX_TIMESTAMP(), UNIX_TIMESTAMP()"; @@ -209,7 +205,7 @@ if ((isset($_POST['ok'])) && (!$FAILED)) if (GET_EXT_VERSION("bonus") >= "0.7.7") { // Okay, shall I disable now? - if ($CONFIG['bonus_new_mem_notify'] == 'N') + if ($_CONFIG['bonus_new_mem_notify'] == "N") { $ADD1 .= ", bonus_ral_notify, bonus_ral_en_notify"; $ADD2 .= ", UNIX_TIMESTAMP(), UNIX_TIMESTAMP()"; @@ -234,11 +230,11 @@ if ((isset($_POST['ok'])) && (!$FAILED)) // Create user's account... // ////////////////////////////// // - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_data (sex, surname, family, street_nr, %s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.") -VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', %d, %d, %d, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")", + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_data (gender, surname, family, street_nr, %s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.") +VALUES ('%s', '%s', '%s', '%s', '%s', %s, '%s', '%s', %s, %s, %s, '%s', %s, %s, %s, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")", array( $countryRow, - SQL_ESCAPE(substr($_POST['sex'], 0, 1)), + SQL_ESCAPE(substr($_POST['gender'], 0, 1)), SQL_ESCAPE($_POST['surname']), SQL_ESCAPE($_POST['family_name']), SQL_ESCAPE($_POST['street_nr']), @@ -266,66 +262,66 @@ array( $userid = bigintval($userid); // Write his welcome-points - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_points WHERE userid=%d AND ref_depth=0 LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_points WHERE userid=%s AND ref_depth=0 LIMIT 1", array(bigintval($userid)), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 0) { // Add only when the line was not found (maybe some more secure?) $locked = "points"; - if ($CONFIG['ref_payout'] > 0) $locked = "locked_points"; // Pay him later. First he has to confirm some mails! - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, ".$locked.") VALUES(%d, 0, '%s')", - array(bigintval($userid), $CONFIG['points_register']), __FILE__, __LINE__); + if ($_CONFIG['ref_payout'] > 0) $locked = "locked_points"; // Pay him later. First he has to confirm some mails! + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_points (userid, ref_depth, ".$locked.") VALUES(%s, 0, '%s')", + array(bigintval($userid), $_CONFIG['points_register']), __FILE__, __LINE__); // Update mediadata as well if ((GET_EXT_VERSION("mediadata") >= "0.0.4") && ($locked == "points")) { // Update database - MEDIA_UPDATE_ENTRY(array("total_points"), "add", $CONFIG['points_register']); + MEDIA_UPDATE_ENTRY(array("total_points"), "add", $_CONFIG['points_register']); } } // Write catgories if ((is_array($_POST['cat'])) && (count($_POST['cat']))) { - foreach ($_POST['cat'] as $cat=>$joined) { - if ($joined == 'Y') { + foreach ($_POST['cat'] as $cat => $joined) { + if ($joined == "Y") { // Insert category entry - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_cats (userid, cat_id) VALUES (%d, %d)", + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_cats (userid, cat_id) VALUES (%s, %s)", array(bigintval($userid), bigintval($cat)), __FILE__, __LINE__); } } } - // Rewrite sex - $sex = TRANSLATE_SEX($_POST['sex']); + // Rewrite gender + $gender = TRANSLATE_GENDER($_POST['gender']); // ... rewrite a zero referral ID to the main title if ($_POST['refid'] == "0") $_POST['refid'] = MAIN_TITLE; // Prepare data array for the email template - // Start with the salutation... + // Start with the gender... $DATA = array( 'hash' => $hash, 'uid' => $userid, - 'salut' => $sex, - 'surname' => $_POST['surname'], - 'family' => $_POST['family_name'], - 'email' => $_POST['addy'], - 'street' => $_POST['street_nr'], - 'city' => $_POST['city'], + 'gender' => $gender, + 'surname' => SQL_ESCAPE($_POST['surname']), + 'family' => SQL_ESCAPE($_POST['family_name']), + 'email' => SQL_ESCAPE($_POST['addy']), + 'street' => SQL_ESCAPE($_POST['street_nr']), + 'city' => SQL_ESCAPE($_POST['city']), 'zip' => bigintval($_POST['zip']), 'country' => $countryData, - 'refid' => $_POST['refid'], - 'pass' => $_POST['pass1'], + 'refid' => SQL_ESCAPE($_POST['refid']), + 'pass' => SQL_ESCAPE($_POST['pass1']), ); // Continue with birthday... switch (GET_LANGUAGE()) { case "de": - $DATA['birthday'] = $_POST['day'].".".$_POST['month'].".".$_POST['year']; + $DATA['birthday'] = bigintval($_POST['day']).".".bigintval($_POST['month']).".".bigintval($_POST['year']); break; default: - $DATA['birthday'] = $_POST['month']."/".$_POST['day']."/".$_POST['year']; + $DATA['birthday'] = bigintval($_POST['month'])."/".bigintval($_POST['day'])."/".bigintval($_POST['year']); break; } @@ -338,17 +334,7 @@ array( $DATA['email'] = $EMAIL; // Send mail to admin - if (GET_EXT_VERSION("admins") >= "0.4.1") - { - // Use new system - SEND_ADMIN_EMAILS_PRO(ADMIN_NEW_ACCOUNT, "register-admin", $DATA, $userid); - } - else - { - // Use old system - $msg_admin = LOAD_EMAIL_TEMPLATE("register-admin", $DATA, $userid); - SEND_ADMIN_EMAILS (ADMIN_NEW_ACCOUNT, $msg_admin); - } + SEND_ADMIN_NOTIFICATION(ADMIN_NEW_ACCOUNT, "register-admin", $DATA, $userid); // Output success registration LOAD_TEMPLATE("admin_settings_saved", false, REGISTRATION_DONE); @@ -357,51 +343,51 @@ array( { if ($_POST['agree'] == "!") { - OUTPUT_HTML("".HAVE_TO_AGREE."

"); + OUTPUT_HTML("".HAVE_TO_AGREE."

"); } if ($_POST['addy'] == "!") { - OUTPUT_HTML("".ENTER_EMAIL."

"); + OUTPUT_HTML("".ENTER_EMAIL."

"); $_POST['addy'] = ""; } elseif ($_POST['addy'] == "?") { - OUTPUT_HTML("".EMAIL_ALREADY_DB."

"); + OUTPUT_HTML("".EMAIL_ALREADY_DB."

"); $_POST['addy'] = ""; } if ($_POST['surname'] == "!") { - OUTPUT_HTML("".ENTER_SURNAME."

"); + OUTPUT_HTML("".ENTER_SURNAME."

"); $_POST['surname'] = ""; } if ($_POST['family_name'] == "!") { - OUTPUT_HTML("".ENTER_FAMILY."

"); + OUTPUT_HTML("".ENTER_FAMILY."

"); $_POST['family_name'] = ""; } if (($_POST['pass1'] == "!") && ($_POST['pass2'] == "!")) { - OUTPUT_HTML("".ENTER_BOTH_PASSWORDS."

"); + OUTPUT_HTML("".ENTER_BOTH_PASSWORDS."

"); } elseif ($_POST['pass1'] == "!") { - OUTPUT_HTML("".ENTER_PASS1."

"); + OUTPUT_HTML("".ENTER_PASS1."

"); } elseif ($_POST['pass2'] == "!") { - OUTPUT_HTML("".ENTER_PASS2."

"); + OUTPUT_HTML("".ENTER_PASS2."

"); } if ($SHORT_PASS) { - OUTPUT_HTML("".SHORT_PASS.": ".$CONFIG['pass_len']."

"); + OUTPUT_HTML("".SHORT_PASS.": ".$_CONFIG['pass_len']."

"); } if ($IP_TIMEOUT) { - OUTPUT_HTML("".REMOTE_ADDR_TIMEOUT."

"); + OUTPUT_HTML("".REMOTE_ADDR_TIMEOUT."

"); } - if ((!empty($cats)) && ($cats < $CONFIG['least_cats'])) + if ((!empty($cats)) && ($cats < $_CONFIG['least_cats'])) { - OUTPUT_HTML("".CATS_LEAST.": ".$CONFIG['least_cats']."

"); + OUTPUT_HTML("".CATS_LEAST.": ".$_CONFIG['least_cats']."

"); } // Generate birthday selection @@ -416,10 +402,10 @@ array( } // Adds a table for the guests with all visible categories - define ('CATEGORY_SELECTION', REGISTER_ADD_CATEGORY_TABLE("guest", true)); + define('CATEGORY_SELECTION', REGISTER_ADD_CATEGORY_TABLE("guest", true)); // Adds maximum receiveable mails list... :) - define ('MAX_RECEIVE_LIST', ADD_MAX_RECEIVE_LIST("guest", "", true)); + define('MAX_RECEIVE_LIST', ADD_MAX_RECEIVE_LIST("guest", "", true)); // Check if nickname extension is active and get state if nickname is selected or userid $nick = false; @@ -428,9 +414,9 @@ array( // Is the nickname valid? if (!$nick) { // Nope, disable it - if (GET_EXT_VERSION("sql_patches") != "") { + if (GET_EXT_VERSION("sql_patches") != '') { // Use default refid - $GLOBALS['refid'] = $CONFIG['def_refid']; + $GLOBALS['refid'] = $_CONFIG['def_refid']; } else { // Set zero $GLOBALS['refid'] = 0; @@ -438,19 +424,19 @@ array( } // Shall I display the refid or shall I make it editable? - if ($CONFIG['display_refid'] == 'Y') { + if ($_CONFIG['display_refid'] == "Y") { // Load template to enter it define('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid", true, $GLOBALS['refid'])); } else { // Load "hide" form template - define ('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid_hide", true, $GLOBALS['refid'])); + define('REFID_CONTENT', LOAD_TEMPLATE("guest_register_refid_hide", true, $GLOBALS['refid'])); } // You may want to modify the register_header.tpl.xx file and not this script when you add your scripts etc. :-) define('REGISTER_HEADER_CONTENT', LOAD_TEMPLATE("register_header", true)); // Please select at least x categories - define('LEAST_CATS_VALUE', $CONFIG['least_cats']); + define('LEAST_CATS_VALUE', $_CONFIG['least_cats']); // Other values define('__SURNAME', $_POST['surname']); define('__FAMILY', $_POST['family_name']); @@ -463,9 +449,9 @@ array( { // New variant, good! $OUT = ""; define('__COUNTRY_CONTENT', $OUT); } @@ -481,6 +467,6 @@ array( // Display registration form LOAD_TEMPLATE("guest_register"); } -CLOSE_TABLE(); + // ?>