Subversion Repositories svnkaklik

Rev

Details | Last modification | View Log

Rev Author Line No. Line
6 kaklik 1
<?php
2
/*************************
3
  Coppermine Photo Gallery
4
  ************************
5
  Copyright (c) 2003-2005 Coppermine Dev Team
6
  v1.1 originaly written by Gregory DEMAR
7
 
8
  This program is free software; you can redistribute it and/or modify
9
  it under the terms of the GNU General Public License as published by
10
  the Free Software Foundation; either version 2 of the License, or
11
  (at your option) any later version.
12
  ********************************************
13
  Coppermine version: 1.3.3
14
  $Source: /cvsroot/coppermine/stable/register.php,v $
15
  $Revision: 1.11 $
16
  $Author: gaugau $
17
  $Date: 2005/04/19 03:17:11 $
18
**********************************************/
19
 
20
define('IN_COPPERMINE', true);
21
define('REGISTER_PHP', true);
22
 
23
require('include/init.inc.php');
24
require('include/mailer.inc.php');
25
 
26
if (!$CONFIG['allow_user_registration'] || USER_ID) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
27
 
28
if (defined('UDB_INTEGRATION')) udb_register_page();
29
// Display the disclaimer
30
function display_disclaimer()
31
{
32
    global $CONFIG, $PHP_SELF;
33
    global $lang_register_disclamer, $lang_register_php;
34
 
35
    starttable(-1, $lang_register_php['term_cond']);
36
    echo <<<EOT
37
        <form method="post" action="$PHP_SELF">
38
        <tr>
39
                <td class="tableb" style="padding: 10px;">
40
 
41
EOT;
42
    echo str_replace('{SITE_NAME}', $CONFIG['gallery_name'], $lang_register_disclamer);
43
 
44
    echo <<<EOT
45
                </td>
46
        </tr>
47
        <tr>
48
                <td colspan="2" align="center" class="tablef">
49
                        <input type="submit" name="agree" value="{$lang_register_php['i_agree']}" class="button">
50
                </td>
51
        </tr>
52
        </form>
53
 
54
EOT;
55
    endtable();
56
}
57
 
58
function input_user_info($errors = '')
59
{
60
    global $CONFIG, $PHP_SELF, $HTTP_POST_VARS;
61
    global $lang_register_php;
62
 
63
    starttable(-1, $lang_register_php['enter_info'], 2);
64
    echo <<<EOT
65
        <form method="post" action="$PHP_SELF">
66
 
67
EOT;
68
 
69
    $form_data = array(
70
        array('label', $lang_register_php['required_info']),
71
        array('input', 'username', $lang_register_php['username'], 25),
72
        array('password', 'password', $lang_register_php['password'], 25),
73
        array('password', 'password_verification', $lang_register_php['password_again'], 25),
74
        array('input', 'email', $lang_register_php['email'], 255),
75
        array('label', $lang_register_php['optional_info']),
76
        array('input', 'location', $lang_register_php['location'], 255),
77
        array('input', 'interests', $lang_register_php['interests'], 255),
78
        array('input', 'website', $lang_register_php['website'], 255),
79
        array('input', 'occupation', $lang_register_php['occupation'], 255),
80
        );
81
 
82
    foreach ($form_data as $element) switch ($element[0]) {
83
        case 'label' :
84
            echo <<<EOT
85
        <tr>
86
            <td colspan="2" class="tableh2">
87
                        <b>{$element[1]}<b>
88
        </td>
89
        </tr>
90
 
91
EOT;
92
            break;
93
 
94
        case 'input' :
95
            if (isset($HTTP_POST_VARS[$element[1]])) {
96
                $value = $HTTP_POST_VARS[$element[1]];
97
            } else {
98
                $value = '';
99
            }
100
            echo <<<EOT
101
        <tr>
102
            <td width="40%" class="tableb"  height="25">
103
                        {$element[2]}
104
        </td>
105
        <td width="60%" class="tableb" valign="top">
106
                <input type="text" style="width: 100%" name="{$element[1]}" maxlength="{$element[3]}" value="$value" class="textinput">
107
                </td>
108
        </tr>
109
 
110
EOT;
111
            break;
112
 
113
        case 'password' :
114
            echo <<<EOT
115
        <tr>
116
            <td width="40%" class="tableb"  height="25">
117
                        {$element[2]}
118
        </td>
119
        <td width="60%" class="tableb" valign="top">
120
                <input type="password" style="width: 100%" name="{$element[1]}" maxlength="{$element[3]}" value="" class="textinput">
121
                </td>
122
        </tr>
123
 
124
EOT;
125
            break;
126
 
127
        default:
128
            cpg_die(CRITICAL_ERROR, 'Invalid action for form creation ' . $element[0], __FILE__, __LINE__);
129
    }
130
 
131
    if ($errors) {
132
        echo <<<EOT
133
        <tr>
134
                <td colspan="2" class="tableh2" align="center">
135
                        <b>&#149;&nbsp;&#149;&nbsp;&#149;&nbsp;{$lang_register_php['error']}&nbsp;&#149;&nbsp;&#149;&nbsp;&#149;</b>
136
                </td>
137
        </tr>
138
        <tr>
139
                <td colspan="2" class="tableb">
140
                        <b><ul>$errors</ul><b>
141
                </td>
142
        </tr>
143
 
144
EOT;
145
    }
146
    echo <<<EOT
147
        <tr>
148
                <td colspan="2" align="center" class="tablef">
149
                        <input type="submit" name="submit" value="{$lang_register_php['submit']}" class="button">
150
                </td>
151
        </tr>
152
        </form>
153
 
154
EOT;
155
    endtable();
156
}
157
 
158
function get_post_var($var)
159
{
160
    global $HTTP_POST_VARS, $lang_errors;
161
 
162
    if (!isset($HTTP_POST_VARS[$var])) cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'] . " ($var)", __FILE__, __LINE__);
163
    return trim($HTTP_POST_VARS[$var]);
164
}
165
 
166
function check_user_info(&$error)
167
{
168
    global $CONFIG, $HTTP_SERVER_VARS, $PHP_SELF;
169
    global $lang_register_php, $lang_register_confirm_email, $lang_continue;
170
 
171
    $user_name = trim(get_post_var('username'));
172
    $password = trim(get_post_var('password'));
173
    $password_again = trim(get_post_var('password_verification'));
174
    $email = trim(get_post_var('email'));
175
 
176
    $location = addslashes(get_post_var('location'));
177
    $interests = addslashes(get_post_var('interests'));
178
    $website = addslashes(get_post_var('website'));
179
    $occupation = addslashes(get_post_var('occupation'));
180
 
181
    $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . addslashes($user_name) . "'";
182
    $result = db_query($sql);
183
 
184
    if (mysql_num_rows($result)) {
185
        $error = '<li>' . $lang_register_php['err_user_exists'];
186
        return false;
187
    }
188
    mysql_free_result($result);
189
 
190
    if (strlen($user_name) < 2) {
191
        $error .= '<li>' . $lang_register_php['err_uname_short'];
192
    }
193
    if (strlen($password) < 2) {
194
        $error .= '<li>' . $lang_register_php['err_password_short'];
195
    }
196
    if ($password == $user_name) {
197
        $error .= '<li>' . $lang_register_php['err_uname_pass_diff'];
198
    }
199
    if ($password != $password_again) {
200
        $error .= '<li>' . $lang_register_php['err_password_mismatch'];
201
    }
202
    if (strlen(htmlspecialchars($user_name)) > 25)
203
    {
204
        $error .= '<li>Your name is to long to be stored in the database. Choose a shorter one.';
205
    }
206
 
207
    if (!eregi("^[_\.0-9a-z\-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,6}$", $email)) $error .= '<li>' . $lang_register_php['err_invalid_email'];
208
 
209
    if ($error != '') return false;
210
 
211
    if (!$CONFIG['allow_duplicate_emails_addr']) {
212
        $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_email = '" . addslashes($email) . "'";
213
        $result = db_query($sql);
214
 
215
        if (mysql_num_rows($result)) {
216
            $error = '<li>' . $lang_register_php['err_duplicate_email'];
217
            return false;
218
        }
219
 
220
        mysql_free_result($result);
221
    }
222
 
223
    if ($CONFIG['reg_requires_valid_email']) {
224
        $active = 'NO';
225
        list($usec, $sec) = explode(' ', microtime());
226
        $seed = (float) $sec + ((float) $usec * 100000);
227
        srand($seed);
228
        $act_key = md5(uniqid(rand(), 1));
229
    } else {
230
        $active = 'YES';
231
        $act_key = '';
232
    }
233
 
234
    $sql = "INSERT INTO {$CONFIG['TABLE_USERS']} " . "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_location, user_interests, user_website, user_occupation) " . "VALUES (NOW(), '$active', '$act_key', '" . addslashes($user_name) . "', '" . addslashes($password) . "', '" . addslashes($email) . "', '$location', '$interests', '$website', '$occupation' )";
235
    $result = db_query($sql);
236
 
237
    if ($CONFIG['reg_requires_valid_email']) {
238
        $act_link = $CONFIG['ecards_more_pic_target'] . 'register.php?activate=' . $act_key;
239
        $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'],
240
            '{USER_NAME}' => $user_name,
241
            '{PASSWORD}' => $password,
242
            '{ACT_LINK}' => $act_link
243
            );
244
        if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), strtr($lang_register_confirm_email, $template_vars))) {
245
            cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
246
        }
247
        msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_continue, 'index.php');
248
    } else {
249
        msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_continue, 'index.php');
250
    }
251
 
252
    // email notification to admin
253
        if ($CONFIG['reg_notify_admin_email'])
254
        {
255
        cpg_mail($CONFIG['gallery_admin_email'], sprintf($lang_register_php['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php['notify_admin_email_body'], $user_name));
256
        }
257
 
258
    return true;
259
}
260
 
261
pageheader($lang_register_php['page_title']);
262
if (isset($HTTP_POST_VARS['agree'])) {
263
    input_user_info();
264
} elseif (isset($HTTP_POST_VARS['submit'])) {
265
    $errors = '';
266
    if (!check_user_info($errors)) {
267
        input_user_info($errors);
268
    }
269
} elseif (isset($HTTP_GET_VARS['activate'])) {
270
    $act_key = addslashes(substr($HTTP_GET_VARS['activate'], 0 , 32));
271
    if (strlen($act_key) != 32) cpg_die(ERROR, $lang_register_php['acct_act_failed'], __FILE__, __LINE__);
272
 
273
    $sql = "SELECT user_active " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_actkey = '$act_key' " . "LIMIT 1";
274
    $result = db_query($sql);
275
    if (!mysql_num_rows($result)) cpg_die(ERROR, $lang_register_php['acct_act_failed'], __FILE__, __LINE__);
276
 
277
    $row = mysql_fetch_array($result);
278
    mysql_free_result($result);
279
 
280
    if ($row['user_active'] == 'YES') cpg_die(ERROR, $lang_register_php['acct_already_act'], __FILE__, __LINE__);
281
 
282
    $sql = "UPDATE {$CONFIG['TABLE_USERS']} " . "SET user_active = 'YES' " . "WHERE user_actkey = '$act_key' " . "LIMIT 1";
283
    $result = db_query($sql);
284
 
285
    msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_continue, 'index.php');
286
} else {
287
    display_disclaimer();
288
}
289
pagefooter();
290
ob_end_flush();
291
 
292
?>