4images PHP Cross Reference Image Galleries

Source: /register.php - 362 lines - 16340 bytes - Summary - Text - Print

   1  <?php
   2  /**************************************************************************
   3   *                                                                        *
   4   *    4images - A Web Based Image Gallery Management System               *
   5   *    ----------------------------------------------------------------    *
   6   *                                                                        *
   7   *             File: register.php                                         *
   8   *        Copyright: (C) 2002-2012 Jan Sorgalla                           *
   9   *            Email: jan@4homepages.de                                    * 
  10   *              Web: http://www.4homepages.de                             * 
  11   *    Scriptversion: 1.7.11                                               *
  12   *                                                                        *
  13   *    Never released without support from: Nicky (http://www.nicky.net)   *
  14   *                                                                        *
  15   **************************************************************************
  16   *                                                                        *
  17   *    Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz-       *
  18   *    bedingungen (Lizenz.txt) für weitere Informationen.                 *
  19   *    ---------------------------------------------------------------     *
  20   *    This script is NOT freeware! Please read the Copyright Notice       *
  21   *    (Licence.txt) for further information.                              *
  22   *                                                                        *
  23   *************************************************************************/
  24  
  25  $main_template = 'register';
  26  
  27  define('GET_CACHES', 1);
  28  define('ROOT_PATH', './');
  29  define('MAIN_SCRIPT', __FILE__);
  30  include (ROOT_PATH.'global.php');
  31  require (ROOT_PATH.'includes/sessions.php');
  32  $user_access = get_permission();
  33  include (ROOT_PATH.'includes/page_header.php');
  34  
  35  if ($action == "") {
  36    $action = "signup";
  37  }
  38  
  39  if ($user_info['user_level'] != GUEST && $action != "activate") {
  40    show_error_page($lang['already_registered']);
  41  }
  42  $content = "";
  43  
  44  //-----------------------------------------------------
  45  //--- Signup ------------------------------------------
  46  //-----------------------------------------------------
  47  if ($action == "signup") {
  48    $site_template->register_vars(array(
  49      "lang_agreement" => $lang['agreement'],
  50      "lang_agreement_terms" => $lang['agreement_terms'],
  51      "lang_agree" => $lang['agree'],
  52      "lang_agree_not" => $lang['agree_not']
  53    ));
  54    $content = $site_template->parse_template("register_signup");
  55  }
  56  
  57  //-----------------------------------------------------
  58  //--- Add New User ------------------------------------
  59  //-----------------------------------------------------
  60  if ($action == "register") {
  61    if (!isset($HTTP_POST_VARS['user_name'])) {
  62      if ($config['activation_time'] != 0) {
  63        $expiry = time() - 60 * 60 * 24 * $config['activation_time'];
  64        $sql = "DELETE FROM ".USERS_TABLE."
  65                WHERE (".get_user_table_field("", "user_lastaction")." < $expiry) AND ".get_user_table_field("", "user_level")." = ".USER_AWAITING;
  66        $site_db->query($sql);
  67      }
  68    }
  69    $user_name = (isset($HTTP_POST_VARS['user_name'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_name'])) : "";
  70    $user_name = preg_replace("/( ){2,}/", " ", $user_name);
  71    $user_password = (isset($HTTP_POST_VARS['user_password'])) ? trim($HTTP_POST_VARS['user_password']) : "";
  72    $user_email = (isset($HTTP_POST_VARS['user_email'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_email'])) : "";
  73    $user_showemail = (isset($HTTP_POST_VARS['user_showemail'])) ? intval($HTTP_POST_VARS['user_showemail']) : 0;
  74    $user_allowemails = (isset($HTTP_POST_VARS['user_allowemails'])) ? intval($HTTP_POST_VARS['user_allowemails']) : 1;
  75    $user_invisible = (isset($HTTP_POST_VARS['user_invisible'])) ? intval($HTTP_POST_VARS['user_invisible']) : 0;
  76    $user_homepage = (isset($HTTP_POST_VARS['user_homepage'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['user_homepage'])) : "";
  77    $user_icq = (isset($HTTP_POST_VARS['user_icq'])) ? ((intval(trim($HTTP_POST_VARS['user_icq']))) ? intval(trim($HTTP_POST_VARS['user_icq'])) : "") : "";
  78  
  79    $captcha = (isset($HTTP_POST_VARS['captcha'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['captcha'])) : "";
  80  
  81    $error = 0;
  82    if (isset($HTTP_POST_VARS['user_name'])) {
  83      if ($user_name != "") {
  84        $sql = "SELECT ".get_user_table_field("", "user_name")."
  85                FROM ".USERS_TABLE."
  86                WHERE ".get_user_table_field("", "user_name")." = '".strtolower($user_name)."'";
  87        if ($site_db->not_empty($sql)) {
  88          $msg .= (($msg != "") ? "<br />" : "").$lang['username_exists'];
  89          $error = 1;
  90        }
  91      }
  92      else {
  93        $msg .= (($msg != "") ? "<br />" : "").$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['user_name']), $lang['field_required']);
  94        $error = 1;
  95      }
  96  
  97      if ($user_password == "") {
  98        $msg .= (($msg != "") ? "<br />" : "").$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['password']), $lang['field_required']);
  99        $error = 1;
 100      }
 101  
 102      if ($user_email != "") {
 103        if (check_email($user_email)) {
 104          $sql = "SELECT ".get_user_table_field("", "user_email")."
 105                  FROM ".USERS_TABLE."
 106                  WHERE ".get_user_table_field("", "user_email")." = '".strtolower($user_email)."'";
 107          if ($site_db->not_empty($sql)) {
 108            $msg .= (($msg != "") ? "<br />" : "").$lang['email_exists'];
 109            $error = 1;
 110          }
 111        }
 112        else {
 113          $msg .= (($msg != "") ? "<br />" : "").$lang['invalid_email_format'];
 114          $error = 1;
 115        }
 116      }
 117      else {
 118        $msg .= (($msg != "") ? "<br />" : "").$field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $lang['email']), $lang['field_required']);
 119        $error = 1;
 120      }
 121  
 122      if ($captcha_enable_registration && !captcha_validate($captcha)) {
 123        $msg .= (($msg != "") ? "<br />" : "").$lang['captcha_required'];
 124        $error = 1;
 125      }
 126  
 127      if (!empty($additional_user_fields)) {
 128        foreach ($additional_user_fields as $key => $val) {
 129          if (isset($HTTP_POST_VARS[$key]) && intval($val[2]) == 1 && trim($HTTP_POST_VARS[$key]) == "") {
 130            $error = 1;
 131            $field_error = preg_replace("/".$site_template->start."field_name".$site_template->end."/siU", str_replace(":", "", $val[0]), $lang['field_required']);
 132            $msg .= (($msg != "") ? "<br />" : "").$field_error;
 133          }
 134        }
 135      }
 136    } // end if
 137    else {
 138      $error = 1;
 139    }
 140  
 141    if (!$error) {
 142      $additional_field_sql = "";
 143      $additional_value_sql = "";
 144      if (!empty($additional_user_fields)) {
 145        $table_fields = $site_db->get_table_fields(USERS_TABLE);
 146        foreach ($additional_user_fields as $key => $val) {
 147          if (isset($HTTP_POST_VARS[$key]) && isset($table_fields[$key])) {
 148            $additional_field_sql .= ", $key";
 149            $additional_value_sql .= ", '".un_htmlspecialchars(trim($HTTP_POST_VARS[$key]))."'";
 150          }
 151        }
 152      }
 153      $activationkey = get_random_key(USERS_TABLE, get_user_table_field("", $user_table_fields['user_activationkey']));
 154      $user_id = $site_db->get_next_id($user_table_fields['user_id'], USERS_TABLE);
 155  
 156      $current_time = time();
 157      $user_level = ($config['account_activation'] == 0) ? USER : USER_AWAITING;
 158      $user_password_hashed = salted_hash($user_password);
 159      $sql = "INSERT INTO ".USERS_TABLE."
 160              (".get_user_table_field("", "user_id").get_user_table_field(", ", "user_level").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_showemail").get_user_table_field(", ", "user_allowemails").get_user_table_field(", ", "user_invisible").get_user_table_field(", ", "user_joindate").get_user_table_field(", ", "user_activationkey").get_user_table_field(", ", "user_lastaction").get_user_table_field(", ", "user_lastvisit").get_user_table_field(", ", "user_comments").get_user_table_field(", ", "user_homepage").get_user_table_field(", ", "user_icq").$additional_field_sql.")
 161              VALUES
 162              ($user_id, $user_level, '$user_name', '$user_password_hashed', '$user_email', $user_showemail, $user_allowemails, $user_invisible, $current_time, '$activationkey', $current_time, $current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";
 163      $result = $site_db->query($sql);
 164  
 165      if ($result) {
 166        $activation_url = $script_url."/register.php?action=activate&activationkey=".$activationkey;
 167  
 168        include (ROOT_PATH.'includes/email.php');
 169        $site_email = new Email();
 170        $site_email->set_to($user_email);
 171        $site_email->set_subject($lang['register_success_emailsubject']);
 172        $site_email->register_vars(array(
 173          "activation_url" => $activation_url,
 174          "user_name" => $user_name,
 175          "user_password" => $user_password,
 176          "site_name" => $config['site_name']
 177        ));
 178  
 179        switch($config['account_activation']) {
 180        case 2:
 181          $email_template = "register_activation_admin";
 182          $msg = $lang['register_success_admin'];
 183          break;
 184        case 1:
 185          if ($config['language_dir_default'] != $config['language_dir']) {
 186            $activation_url .= "&l=".$config['language_dir'];
 187          }
 188          $email_template = "register_activation";
 189          $msg = $lang['register_success'];
 190          break;
 191        case 0:
 192        default:
 193          $email_template = "register_activation_none";
 194          $msg = $lang['register_success_none'];
 195          break;
 196        }
 197  
 198        $site_email->set_body($email_template, $config['language_dir']);
 199        $site_email->send_email();
 200        if ($config['account_activation'] == 2) {
 201          $site_email->reset();
 202          $site_email->set_to($config['site_email']);
 203          $site_email->set_subject($lang['admin_activation_emailsubject']);
 204          $user_details_url = $script_url."/admin/index.php?goto=".urlencode("users.php?action=edituser&user_id=".$user_id."&activation=1");
 205          $site_email->register_vars("user_details_url", $user_details_url);
 206          $site_email->set_body("admin_activation", $config['language_dir_default']);
 207          $site_email->send_email();
 208        }
 209      }
 210      else {
 211        $msg = $lang['general_error'];
 212      }
 213    }
 214  
 215    if ($error) {
 216      if ($user_showemail == 1) {
 217        $user_showemail_yes = " checked=\"checked\"";
 218        $user_showemail_no = "";
 219      }
 220      else {
 221        $user_showemail_yes = "";
 222        $user_showemail_no = " checked=\"checked\"";
 223      }
 224      if ($user_allowemails == 1) {
 225        $user_allowemails_yes = " checked=\"checked\"";
 226        $user_allowemails_no = "";
 227      }
 228      else {
 229        $user_allowemails_yes = "";
 230        $user_allowemails_no = " checked=\"checked\"";
 231      }
 232      if ($user_invisible == 1) {
 233        $user_invisible_yes = " checked=\"checked\"";
 234        $user_invisible_no = "";
 235      }
 236      else {
 237        $user_invisible_yes = "";
 238        $user_invisible_no = " checked=\"checked\"";
 239      }
 240      $site_template->register_vars(array(
 241        "user_name" => format_text(stripslashes($user_name), 2),
 242        "user_email" => format_text(stripslashes($user_email), 2),
 243        "user_homepage" => format_text(stripslashes($user_homepage), 2),
 244        "user_icq" => $user_icq,
 245        "user_showemail_yes" => $user_showemail_yes,
 246        "user_showemail_no" => $user_showemail_no,
 247        "user_allowemails_yes" => $user_allowemails_yes,
 248        "user_allowemails_no" => $user_allowemails_no,
 249        "user_invisible_yes" => $user_invisible_yes,
 250        "user_invisible_no" => $user_invisible_no,
 251        "lang_user_name" => $lang['user_name'],
 252        "lang_password" => $lang['password'],
 253        "lang_email" => $lang['email'],
 254        "lang_register_msg" => $lang['register_msg'],
 255        "lang_submit" => $lang['submit'],
 256        "lang_reset" => $lang['reset'],
 257        "lang_email" => $lang['email'],
 258        "lang_show_email" => $lang['show_email'],
 259        "lang_allow_emails" => $lang['allow_emails'],
 260        "lang_invisible" => $lang['invisible'],
 261        "lang_optional_infos" => $lang['optional_infos'],
 262        "lang_homepage" => $lang['homepage'],
 263        "lang_icq" => $lang['icq'],
 264        "lang_yes" => $lang['yes'],
 265        "lang_no" => $lang['no'],
 266        "lang_captcha" => $lang['captcha'],
 267        "lang_captcha_desc" => $lang['captcha_desc'],
 268        "captcha_registration" => (bool)$captcha_enable_registration
 269      ));
 270  
 271      if (!empty($additional_user_fields)) {
 272        $additional_field_array = array();
 273        foreach ($additional_user_fields as $key => $val) {
 274          if ($val[1] == "radio") {
 275            $value = (isset($HTTP_POST_VARS[$key])) ? intval($HTTP_POST_VARS[$key]) : 1;
 276            if ($value == 1) {
 277              $additional_field_array[$key.'_yes'] = " checked=\"checked\"";
 278              $additional_field_array[$key.'_no'] = "";
 279            }
 280            else {
 281              $additional_field_array[$key.'_yes'] = "";
 282              $additional_field_array[$key.'_no'] = " checked=\"checked\"";
 283            }
 284          }
 285          else {
 286            $value = (isset($HTTP_POST_VARS[$key])) ? format_text(trim($HTTP_POST_VARS[$key]), 2) : "";
 287          }
 288          $additional_field_array[$key] = $value;
 289          $additional_field_array['lang_'.$key] = $val[0];
 290        }
 291        if (!empty($additional_field_array)) {
 292          $site_template->register_vars($additional_field_array);
 293        }
 294      }
 295  
 296      $content = $site_template->parse_template("register_form");
 297    }
 298  }
 299  
 300  if ($action == "activate") {
 301    if ($config['activation_time'] != 0) {
 302      $expiry = time() - 60 * 60 * 24 * $config['activation_time'];
 303      $sql = "DELETE FROM ".USERS_TABLE."
 304              WHERE (".get_user_table_field("", "user_lastaction")." < $expiry) AND ".get_user_table_field("", "user_level")." = ".USER_AWAITING;
 305      $site_db->query($sql);
 306    }
 307    if (!isset($HTTP_GET_VARS['activationkey'])){
 308      $msg = $lang['missing_activationkey'];
 309    }
 310    else {
 311      if ($config['account_activation'] == 2 && $user_info['user_level'] != ADMIN) {
 312        show_error_page($lang['no_permission']);
 313        exit;
 314      }
 315      $activationkey = trim($HTTP_GET_VARS['activationkey']);
 316      $sql = "SELECT ".get_user_table_field("", "user_name").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_activationkey")."
 317              FROM ".USERS_TABLE."
 318              WHERE ".get_user_table_field("", "user_activationkey")." = '$activationkey'";
 319      $row = $site_db->query_firstrow($sql);
 320      if (!$row) {
 321        $msg = $lang['invalid_activationkey'];
 322      }
 323      else {
 324        $sql = "UPDATE ".USERS_TABLE."
 325                SET ".get_user_table_field("", "user_level")." = ".USER."
 326                WHERE ".get_user_table_field("", "user_activationkey")." = '$activationkey'";
 327        $site_db->query($sql);
 328        $msg = $lang['activation_success'];
 329  
 330        if ($config['account_activation'] == 2) {
 331          include (ROOT_PATH.'includes/email.php');
 332          $site_email = new Email();
 333          $site_email->set_to($row[$user_table_fields['user_email']]);
 334          $site_email->set_subject($lang['activation_success_emailsubject']);
 335          $site_email->register_vars(array(
 336            "user_name" => $row[$user_table_fields['user_name']],
 337            "site_name" => $config['site_name']
 338          ));
 339          $site_email->set_body("activation_success", $config['language_dir']);
 340          $site_email->send_email();
 341        }
 342      }
 343    }
 344  }
 345  
 346  //-----------------------------------------------------
 347  //--- Clickstream -------------------------------------
 348  //-----------------------------------------------------
 349  $clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].$lang['register']."</span>";
 350  
 351  //-----------------------------------------------------
 352  //--- Print Out ---------------------------------------
 353  //-----------------------------------------------------
 354  $site_template->register_vars(array(
 355    "content" => $content,
 356    "msg" => $msg,
 357    "clickstream" => $clickstream,
 358    "lang_register" => $lang['register']
 359  ));
 360  $site_template->print_template($site_template->parse_template($main_template));
 361  include (ROOT_PATH.'includes/page_footer.php');
 362  ?>

title

Description

title

Description

title

Description

title

title

Body