| 6 |
kaklik |
1 |
<?php
|
|
|
2 |
/*************************
|
|
|
3 |
Coppermine Photo Gallery
|
|
|
4 |
************************
|
|
|
5 |
Copyright (c) 2003-2005 Coppermine Dev Team
|
|
|
6 |
v1.1 originaly written by Gregory DEMAR
|
|
|
7 |
|
|
|
8 |
This program is free software; you can redistribute it and/or modify
|
|
|
9 |
it under the terms of the GNU General Public License as published by
|
|
|
10 |
the Free Software Foundation; either version 2 of the License, or
|
|
|
11 |
(at your option) any later version.
|
|
|
12 |
********************************************
|
|
|
13 |
Coppermine version: 1.3.3
|
|
|
14 |
$Source: /cvsroot/coppermine/stable/register.php,v $
|
|
|
15 |
$Revision: 1.11 $
|
|
|
16 |
$Author: gaugau $
|
|
|
17 |
$Date: 2005/04/19 03:17:11 $
|
|
|
18 |
**********************************************/
|
|
|
19 |
|
|
|
20 |
define('IN_COPPERMINE', true);
|
|
|
21 |
define('REGISTER_PHP', true);
|
|
|
22 |
|
|
|
23 |
require('include/init.inc.php');
|
|
|
24 |
require('include/mailer.inc.php');
|
|
|
25 |
|
|
|
26 |
if (!$CONFIG['allow_user_registration'] || USER_ID) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
|
|
|
27 |
|
|
|
28 |
if (defined('UDB_INTEGRATION')) udb_register_page();
|
|
|
29 |
// Display the disclaimer
|
|
|
30 |
function display_disclaimer()
|
|
|
31 |
{
|
|
|
32 |
global $CONFIG, $PHP_SELF;
|
|
|
33 |
global $lang_register_disclamer, $lang_register_php;
|
|
|
34 |
|
|
|
35 |
starttable(-1, $lang_register_php['term_cond']);
|
|
|
36 |
echo <<<EOT
|
|
|
37 |
<form method="post" action="$PHP_SELF">
|
|
|
38 |
<tr>
|
|
|
39 |
<td class="tableb" style="padding: 10px;">
|
|
|
40 |
|
|
|
41 |
EOT;
|
|
|
42 |
echo str_replace('{SITE_NAME}', $CONFIG['gallery_name'], $lang_register_disclamer);
|
|
|
43 |
|
|
|
44 |
echo <<<EOT
|
|
|
45 |
</td>
|
|
|
46 |
</tr>
|
|
|
47 |
<tr>
|
|
|
48 |
<td colspan="2" align="center" class="tablef">
|
|
|
49 |
<input type="submit" name="agree" value="{$lang_register_php['i_agree']}" class="button">
|
|
|
50 |
</td>
|
|
|
51 |
</tr>
|
|
|
52 |
</form>
|
|
|
53 |
|
|
|
54 |
EOT;
|
|
|
55 |
endtable();
|
|
|
56 |
}
|
|
|
57 |
|
|
|
58 |
function input_user_info($errors = '')
|
|
|
59 |
{
|
|
|
60 |
global $CONFIG, $PHP_SELF, $HTTP_POST_VARS;
|
|
|
61 |
global $lang_register_php;
|
|
|
62 |
|
|
|
63 |
starttable(-1, $lang_register_php['enter_info'], 2);
|
|
|
64 |
echo <<<EOT
|
|
|
65 |
<form method="post" action="$PHP_SELF">
|
|
|
66 |
|
|
|
67 |
EOT;
|
|
|
68 |
|
|
|
69 |
$form_data = array(
|
|
|
70 |
array('label', $lang_register_php['required_info']),
|
|
|
71 |
array('input', 'username', $lang_register_php['username'], 25),
|
|
|
72 |
array('password', 'password', $lang_register_php['password'], 25),
|
|
|
73 |
array('password', 'password_verification', $lang_register_php['password_again'], 25),
|
|
|
74 |
array('input', 'email', $lang_register_php['email'], 255),
|
|
|
75 |
array('label', $lang_register_php['optional_info']),
|
|
|
76 |
array('input', 'location', $lang_register_php['location'], 255),
|
|
|
77 |
array('input', 'interests', $lang_register_php['interests'], 255),
|
|
|
78 |
array('input', 'website', $lang_register_php['website'], 255),
|
|
|
79 |
array('input', 'occupation', $lang_register_php['occupation'], 255),
|
|
|
80 |
);
|
|
|
81 |
|
|
|
82 |
foreach ($form_data as $element) switch ($element[0]) {
|
|
|
83 |
case 'label' :
|
|
|
84 |
echo <<<EOT
|
|
|
85 |
<tr>
|
|
|
86 |
<td colspan="2" class="tableh2">
|
|
|
87 |
<b>{$element[1]}<b>
|
|
|
88 |
</td>
|
|
|
89 |
</tr>
|
|
|
90 |
|
|
|
91 |
EOT;
|
|
|
92 |
break;
|
|
|
93 |
|
|
|
94 |
case 'input' :
|
|
|
95 |
if (isset($HTTP_POST_VARS[$element[1]])) {
|
|
|
96 |
$value = $HTTP_POST_VARS[$element[1]];
|
|
|
97 |
} else {
|
|
|
98 |
$value = '';
|
|
|
99 |
}
|
|
|
100 |
echo <<<EOT
|
|
|
101 |
<tr>
|
|
|
102 |
<td width="40%" class="tableb" height="25">
|
|
|
103 |
{$element[2]}
|
|
|
104 |
</td>
|
|
|
105 |
<td width="60%" class="tableb" valign="top">
|
|
|
106 |
<input type="text" style="width: 100%" name="{$element[1]}" maxlength="{$element[3]}" value="$value" class="textinput">
|
|
|
107 |
</td>
|
|
|
108 |
</tr>
|
|
|
109 |
|
|
|
110 |
EOT;
|
|
|
111 |
break;
|
|
|
112 |
|
|
|
113 |
case 'password' :
|
|
|
114 |
echo <<<EOT
|
|
|
115 |
<tr>
|
|
|
116 |
<td width="40%" class="tableb" height="25">
|
|
|
117 |
{$element[2]}
|
|
|
118 |
</td>
|
|
|
119 |
<td width="60%" class="tableb" valign="top">
|
|
|
120 |
<input type="password" style="width: 100%" name="{$element[1]}" maxlength="{$element[3]}" value="" class="textinput">
|
|
|
121 |
</td>
|
|
|
122 |
</tr>
|
|
|
123 |
|
|
|
124 |
EOT;
|
|
|
125 |
break;
|
|
|
126 |
|
|
|
127 |
default:
|
|
|
128 |
cpg_die(CRITICAL_ERROR, 'Invalid action for form creation ' . $element[0], __FILE__, __LINE__);
|
|
|
129 |
}
|
|
|
130 |
|
|
|
131 |
if ($errors) {
|
|
|
132 |
echo <<<EOT
|
|
|
133 |
<tr>
|
|
|
134 |
<td colspan="2" class="tableh2" align="center">
|
|
|
135 |
<b>• • • {$lang_register_php['error']} • • •</b>
|
|
|
136 |
</td>
|
|
|
137 |
</tr>
|
|
|
138 |
<tr>
|
|
|
139 |
<td colspan="2" class="tableb">
|
|
|
140 |
<b><ul>$errors</ul><b>
|
|
|
141 |
</td>
|
|
|
142 |
</tr>
|
|
|
143 |
|
|
|
144 |
EOT;
|
|
|
145 |
}
|
|
|
146 |
echo <<<EOT
|
|
|
147 |
<tr>
|
|
|
148 |
<td colspan="2" align="center" class="tablef">
|
|
|
149 |
<input type="submit" name="submit" value="{$lang_register_php['submit']}" class="button">
|
|
|
150 |
</td>
|
|
|
151 |
</tr>
|
|
|
152 |
</form>
|
|
|
153 |
|
|
|
154 |
EOT;
|
|
|
155 |
endtable();
|
|
|
156 |
}
|
|
|
157 |
|
|
|
158 |
function get_post_var($var)
|
|
|
159 |
{
|
|
|
160 |
global $HTTP_POST_VARS, $lang_errors;
|
|
|
161 |
|
|
|
162 |
if (!isset($HTTP_POST_VARS[$var])) cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'] . " ($var)", __FILE__, __LINE__);
|
|
|
163 |
return trim($HTTP_POST_VARS[$var]);
|
|
|
164 |
}
|
|
|
165 |
|
|
|
166 |
function check_user_info(&$error)
|
|
|
167 |
{
|
|
|
168 |
global $CONFIG, $HTTP_SERVER_VARS, $PHP_SELF;
|
|
|
169 |
global $lang_register_php, $lang_register_confirm_email, $lang_continue;
|
|
|
170 |
|
|
|
171 |
$user_name = trim(get_post_var('username'));
|
|
|
172 |
$password = trim(get_post_var('password'));
|
|
|
173 |
$password_again = trim(get_post_var('password_verification'));
|
|
|
174 |
$email = trim(get_post_var('email'));
|
|
|
175 |
|
|
|
176 |
$location = addslashes(get_post_var('location'));
|
|
|
177 |
$interests = addslashes(get_post_var('interests'));
|
|
|
178 |
$website = addslashes(get_post_var('website'));
|
|
|
179 |
$occupation = addslashes(get_post_var('occupation'));
|
|
|
180 |
|
|
|
181 |
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . addslashes($user_name) . "'";
|
|
|
182 |
$result = db_query($sql);
|
|
|
183 |
|
|
|
184 |
if (mysql_num_rows($result)) {
|
|
|
185 |
$error = '<li>' . $lang_register_php['err_user_exists'];
|
|
|
186 |
return false;
|
|
|
187 |
}
|
|
|
188 |
mysql_free_result($result);
|
|
|
189 |
|
|
|
190 |
if (strlen($user_name) < 2) {
|
|
|
191 |
$error .= '<li>' . $lang_register_php['err_uname_short'];
|
|
|
192 |
}
|
|
|
193 |
if (strlen($password) < 2) {
|
|
|
194 |
$error .= '<li>' . $lang_register_php['err_password_short'];
|
|
|
195 |
}
|
|
|
196 |
if ($password == $user_name) {
|
|
|
197 |
$error .= '<li>' . $lang_register_php['err_uname_pass_diff'];
|
|
|
198 |
}
|
|
|
199 |
if ($password != $password_again) {
|
|
|
200 |
$error .= '<li>' . $lang_register_php['err_password_mismatch'];
|
|
|
201 |
}
|
|
|
202 |
if (strlen(htmlspecialchars($user_name)) > 25)
|
|
|
203 |
{
|
|
|
204 |
$error .= '<li>Your name is to long to be stored in the database. Choose a shorter one.';
|
|
|
205 |
}
|
|
|
206 |
|
|
|
207 |
if (!eregi("^[_\.0-9a-z\-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,6}$", $email)) $error .= '<li>' . $lang_register_php['err_invalid_email'];
|
|
|
208 |
|
|
|
209 |
if ($error != '') return false;
|
|
|
210 |
|
|
|
211 |
if (!$CONFIG['allow_duplicate_emails_addr']) {
|
|
|
212 |
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_email = '" . addslashes($email) . "'";
|
|
|
213 |
$result = db_query($sql);
|
|
|
214 |
|
|
|
215 |
if (mysql_num_rows($result)) {
|
|
|
216 |
$error = '<li>' . $lang_register_php['err_duplicate_email'];
|
|
|
217 |
return false;
|
|
|
218 |
}
|
|
|
219 |
|
|
|
220 |
mysql_free_result($result);
|
|
|
221 |
}
|
|
|
222 |
|
|
|
223 |
if ($CONFIG['reg_requires_valid_email']) {
|
|
|
224 |
$active = 'NO';
|
|
|
225 |
list($usec, $sec) = explode(' ', microtime());
|
|
|
226 |
$seed = (float) $sec + ((float) $usec * 100000);
|
|
|
227 |
srand($seed);
|
|
|
228 |
$act_key = md5(uniqid(rand(), 1));
|
|
|
229 |
} else {
|
|
|
230 |
$active = 'YES';
|
|
|
231 |
$act_key = '';
|
|
|
232 |
}
|
|
|
233 |
|
|
|
234 |
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} " . "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_location, user_interests, user_website, user_occupation) " . "VALUES (NOW(), '$active', '$act_key', '" . addslashes($user_name) . "', '" . addslashes($password) . "', '" . addslashes($email) . "', '$location', '$interests', '$website', '$occupation' )";
|
|
|
235 |
$result = db_query($sql);
|
|
|
236 |
|
|
|
237 |
if ($CONFIG['reg_requires_valid_email']) {
|
|
|
238 |
$act_link = $CONFIG['ecards_more_pic_target'] . 'register.php?activate=' . $act_key;
|
|
|
239 |
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'],
|
|
|
240 |
'{USER_NAME}' => $user_name,
|
|
|
241 |
'{PASSWORD}' => $password,
|
|
|
242 |
'{ACT_LINK}' => $act_link
|
|
|
243 |
);
|
|
|
244 |
if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), strtr($lang_register_confirm_email, $template_vars))) {
|
|
|
245 |
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
|
|
|
246 |
}
|
|
|
247 |
msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_continue, 'index.php');
|
|
|
248 |
} else {
|
|
|
249 |
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_continue, 'index.php');
|
|
|
250 |
}
|
|
|
251 |
|
|
|
252 |
// email notification to admin
|
|
|
253 |
if ($CONFIG['reg_notify_admin_email'])
|
|
|
254 |
{
|
|
|
255 |
cpg_mail($CONFIG['gallery_admin_email'], sprintf($lang_register_php['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php['notify_admin_email_body'], $user_name));
|
|
|
256 |
}
|
|
|
257 |
|
|
|
258 |
return true;
|
|
|
259 |
}
|
|
|
260 |
|
|
|
261 |
pageheader($lang_register_php['page_title']);
|
|
|
262 |
if (isset($HTTP_POST_VARS['agree'])) {
|
|
|
263 |
input_user_info();
|
|
|
264 |
} elseif (isset($HTTP_POST_VARS['submit'])) {
|
|
|
265 |
$errors = '';
|
|
|
266 |
if (!check_user_info($errors)) {
|
|
|
267 |
input_user_info($errors);
|
|
|
268 |
}
|
|
|
269 |
} elseif (isset($HTTP_GET_VARS['activate'])) {
|
|
|
270 |
$act_key = addslashes(substr($HTTP_GET_VARS['activate'], 0 , 32));
|
|
|
271 |
if (strlen($act_key) != 32) cpg_die(ERROR, $lang_register_php['acct_act_failed'], __FILE__, __LINE__);
|
|
|
272 |
|
|
|
273 |
$sql = "SELECT user_active " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_actkey = '$act_key' " . "LIMIT 1";
|
|
|
274 |
$result = db_query($sql);
|
|
|
275 |
if (!mysql_num_rows($result)) cpg_die(ERROR, $lang_register_php['acct_act_failed'], __FILE__, __LINE__);
|
|
|
276 |
|
|
|
277 |
$row = mysql_fetch_array($result);
|
|
|
278 |
mysql_free_result($result);
|
|
|
279 |
|
|
|
280 |
if ($row['user_active'] == 'YES') cpg_die(ERROR, $lang_register_php['acct_already_act'], __FILE__, __LINE__);
|
|
|
281 |
|
|
|
282 |
$sql = "UPDATE {$CONFIG['TABLE_USERS']} " . "SET user_active = 'YES' " . "WHERE user_actkey = '$act_key' " . "LIMIT 1";
|
|
|
283 |
$result = db_query($sql);
|
|
|
284 |
|
|
|
285 |
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_continue, 'index.php');
|
|
|
286 |
} else {
|
|
|
287 |
display_disclaimer();
|
|
|
288 |
}
|
|
|
289 |
pagefooter();
|
|
|
290 |
ob_end_flush();
|
|
|
291 |
|
|
|
292 |
?>
|