WB 2.11.0

<?php

/**

 *

 * @category        frontend

 * @package         account

 * @author          WebsiteBaker Project

 * @copyright       2004-2009, Ryan Djurovich

 * @copyright       2009-2011, Website Baker Org. e.V.

 * @link            http://www.websitebaker2.org/

 * @license         http://www.gnu.org/licenses/gpl.html

 * @platform        WebsiteBaker 2.8.3

 * @requirements    PHP 5.3.6 and higher

 * @version         $Id: signup2.php 2 2017-07-02 15:14:29Z Manuela $

 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb/2.10.x/trunk/account/signup2.php $

 * @lastmodified    $Date: 2017-07-02 17:14:29 +0200 (Sun, 02 Jul 2017) $

 *

 */

// Must include code to stop this file being access directly

if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }

// Create new frontend object

if (!isset($wb) || !($wb instanceof frontend)) {

    if( !class_exists('wb', false) ){ require(WB_PATH."/framework/class.wb.php"); }

    $wb = new frontend();

}

/*

if (!$wb->checkFTAN())

{

    $sInfo = strtoupper(basename(__DIR__).'_'.basename(__FILE__, '.'.PAGE_EXTENSION)).'::';

    $sDEBUG=(@DEBUG?$sInfo:'');

    $error[] =  $sDEBUG.$MESSAGE['GENERIC_SECURITY_ACCESS']."\n";

    return;

}

*/

// Get details entered

$groups_id = FRONTEND_SIGNUP;

$active = 1;

$username = strtolower(strip_tags($wb->get_post('username')));

$display_name = strip_tags($wb->get_post('display_name'));

$email = $wb->get_post('email');

/*

// Check values

if($groups_id == "") {

    $wb->print_error($MESSAGE['USERS_NO_GROUP'], $js_back, false);

}

*/

// Check if username already exists

$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` '

     . 'WHERE `username` = \''.$database->escapeString($username).'\'';

if ($database->get_one($sql)) {

    $error[] = $MESSAGE['USERS_USERNAME_TAKEN']."\n";

}

if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) {

    $error[] =  $MESSAGE['USERS_NAME_INVALID_CHARS']."\n";

}

$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '

     . 'WHERE  `display_name` LIKE \''.$database->escapeString(addcslashes($display_name, '_%')).'\'';

if ($database->get_one($sql) > 0) {

    $error[] = $MESSAGE['USERS_DISPLAYNAME_TAKEN'].'';

}

if($email != "") {

    if($wb->validate_email($email) == false) {

        $error[] = $MESSAGE['USERS_INVALID_EMAIL']."\n";

    }

} else {

    $error[] = $MESSAGE['SIGNUP_NO_EMAIL']."\n";

}

$search = array('{SERVER_EMAIL}');

$replace = array( SERVER_EMAIL);

// Captcha

if(ENABLED_CAPTCHA) {

    $MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'] = str_replace($search,$replace,$MESSAGE['MOD_FORM_INCORRECT_CAPTCHA']);

    if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){

        // Check for a mismatch

        if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {

            $error[] = $MESSAGE['MOD_FORM_INCORRECT_CAPTCHA']."\n";

        }

    } else {

        $error[] = $MESSAGE['MOD_FORM_INCORRECT_CAPTCHA']."\n";

    }

}

if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }

// Generate a random password then update the database with it

$new_pass = '';

$salt = "abchefghjkmnpqrstuvwxyz0123456789";

srand((double)microtime()*1000000);

$i = 0;

while ($i <= 7) {

    $num = rand() % 33;

    $tmp = substr($salt, $num, 1);

    $new_pass = $new_pass . $tmp;

    $i++;

}

$md5_password = md5($new_pass);

// Check if the email already exists

$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` '

     . 'WHERE `email` = \''.$database->escapeString($email).'\'';

if ($database->get_one($sql)) {

    if(isset($MESSAGE['USERS_EMAIL_TAKEN'])) {

        $error[] = $MESSAGE['USERS_EMAIL_TAKEN']."\n";

    } else {

        $error[] = $MESSAGE['USERS_INVALID_EMAIL']."\n";

    }

}

if(sizeof($error)==0){

    // MD5 supplied password

    $md5_password = md5($new_pass);

    // Insert the user into the database

    $sql  = 'INSERT INTO `'.TABLE_PREFIX.'users` SET '

          . '`group_id` = '.$database->escapeString($groups_id).', '

          . '`groups_id` = \''.$database->escapeString($groups_id).'\', '

          . '`active` = '.$database->escapeString($active).', '

          . '`username` = \''.$database->escapeString($username).'\', '

          . '`password` = \''.$database->escapeString($md5_password).'\', '

          . '`display_name` = \''.$database->escapeString($display_name).'\', '

          . '`home_folder` = \'\', '

          . '`email` = \''.$database->escapeString($email).'\', '

          . '`timezone` = \''.$database->escapeString(DEFAULT_TIMEZONE).'\', '

          . '`language` = \''.$database->escapeString(DEFAULT_LANGUAGE).'\''

          .'';

    $database->query($sql);

    if($database->is_error()) {

        // Error updating database

        $message = $database->get_error();

    } else {

        // Setup email to send

        $mail_to = $email;

        $mail_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO'];

        // Replace placeholders from language variable with values

        $search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');

        $replace = array($display_name, WEBSITE_TITLE, $username, $new_pass);

        $mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_INFO']);

        // Try sending the email

        if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) {

            $display_form = false;

            $success[] = $MESSAGE['FORGOT_PASS_PASSWORD_RESET'];

        } else {

            $sql = 'DELETE FROM `'.TABLE_PREFIX.'users` '

                 . 'WHERE `username` = \''.$database->escapeString($username).'\'';

            $database->query($sql);

            $error[] = $MESSAGE['FORGOT_PASS_CANNOT_EMAIL']."\n";

        }

    }

}