Project

General

Profile

1 1673 Luisehahne
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         account
6
 * @author          WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link            http://www.websitebaker.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id$
13
 * @filesource      $HeadURL$
14
 * @lastmodified    $Date$
15
 *
16
 */
17
18
/* -------------------------------------------------------- */
19
if(defined('WB_PATH') == false)
20
{
21
	// Stop this file being access directly
22
		die('<head><title>Access denied</title></head><body><h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2></body></html>');
23
}
24
/* -------------------------------------------------------- */
25
26
27
if (!function_exists('emailAdmin')) {
28
	function emailAdmin() {
29
		global $database,$admin;
30
        $retval = $admin->get_email();
31
        if($admin->get_user_id()!='1') {
32
			$sql  = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
33
			$sql .= 'WHERE `user_id`=\'1\' ';
34
	        $retval = $database->get_one($sql);
35
36
        }
37
		return $retval;
38
	}
39
}
40
41
$_SESSION['username'] = '';
42
$_SESSION['DISPLAY_NAME'] = '';
43
$_SESSION['email'] = '';
44
$_SESSION['display_form'] = true;
45
46
if(isset($_POST['action']) && $_POST['action']=='send') {
47
	$_SESSION['username'] = strtolower(strip_tags($wb->get_post_escaped('username')));
48
	$_SESSION['DISPLAY_NAME'] = strip_tags($wb->get_post_escaped('display_name'));
49
	$_SESSION['email'] = $wb->get_post('email');
50
51
	$aErrorMsg = array();
52
53
	if($_SESSION['username'] != "")
54
	{
55
		// Check if username already exists
56
		$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `username` = \''.$_SESSION['username'].'\'';
57
		if($database->get_one($sql)){
58
			$aErrorMsg[] = $MESSAGE['USERS_USERNAME_TAKEN'];
59
			$_SESSION['username'] = '';
60
		} else {
61
			if(!preg_match('/^[a-z]{1}[a-z0-9_-]{3,}$/i', $_SESSION['username'])) {
62
				$aErrorMsg[] = $MESSAGE['USERS_NAME_INVALID_CHARS'];
63
				$_SESSION['username'] = '';
64
		 	}
65
		}
66
	} else {
67
		$aErrorMsg[] = $MESSAGE['LOGIN_USERNAME_BLANK'];
68
	}
69
70
	if($_SESSION['DISPLAY_NAME'] == "") {
71
		$aErrorMsg[] = $MESSAGE['GENERIC_FILL_IN_ALL'];
72
	}
73
74
	if($_SESSION['email'] != "") {
75
		// Check if the email already exists
76
		$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `email` = \''.mysql_escape_string($_SESSION['email']).'\'';
77
		if($database->get_one($sql)){
78
			$aErrorMsg[] = $MESSAGE['USERS_EMAIL_TAKEN'];
79
			$_SESSION['email'] = '';
80
		} else {
81
			if(!$wb->validate_email($_SESSION['email'])){
82
				$aErrorMsg[] = $MESSAGE['USERS_INVALID_EMAIL'];
83
				$_SESSION['email'] = '';
84
			}
85
		}
86
	} else {
87
		$aErrorMsg[] = $MESSAGE['SIGNUP_NO_EMAIL'];
88
	}
89
90
	$sServerEmail = (defined('SERVER_EMAIL') && SERVER_EMAIL != '' ? SERVER_EMAIL : emailAdmin());
91
	// Captcha
92
	if(ENABLED_CAPTCHA) {
93
		if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
94
			// Check for a mismatch get email user_id
95
			if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
96
				$replace = array('SERVER_EMAIL' => emailAdmin() );
97
				$aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'], $replace);
98
			}
99
		} else {
100
			$replace = array('SERVER_EMAIL'=>emailAdmin() );
101
			$aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'],$replace );
102
		}
103
104
	}
105
	if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
106
107
	if (sizeof($aErrorMsg)) {
108
		$aTmp = array_unshift ($aErrorMsg,'');
109
		$sMessage = implode('<li>',$aErrorMsg);
110
?><div style="width: 100%; overflow: hidden; border: 2px #990000 solid; background-color: #ffb9b9;">
111
	<div style="width: 100%; padding: 5px;">
112
<ul style="list-style-type: decimal-leading-zero;">
113
	<?php print $sMessage ?></li>
114
</ul>
115
	</div>
116
</div>
117
118
<?php
119
120
	} else {
121
		// Generate a random password then update the database with it
122
		$new_pass = '';
123
		$salt = "abchefghjkmnpqrstuvwxyz0123456789";
124
		srand((double)microtime()*1000000);
125
		$i = 0;
126
		while ($i <= 7) {
127
			$num = rand() % 33;
128
			$tmp = substr($salt, $num, 1);
129
			$new_pass = $new_pass . $tmp;
130
			$i++;
131
		}
132
		$md5_password = md5($new_pass);
133
134
		$sLoginName = $_SESSION['username'];
135
		$sDisplayName = $_SESSION['DISPLAY_NAME'];
136
		$groups_id = FRONTEND_SIGNUP;
137
		$email_to = $_SESSION['email'];
138
		$get_ts = time();
139
		$get_ip = $_SERVER['REMOTE_ADDR'];
140
141
		$email_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO'];
142
		$search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
143
		$replace = array($sDisplayName, WEBSITE_TITLE, $sLoginName, $new_pass);
144
		$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_INFO']);
145
146
		$email_body = '';
147
		$recipient = preg_replace( "/[^a-z0-9 !?:;,.\/_\-=+@#$&\*\(\)]/im", "", $sDisplayName );
148
		$email_fromname = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $recipient );
149
		$email_body = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $mail_message );
150
151
		if($email_to != '') {
152
// 	if($wb->mail(SERVER_EMAIL,$mail_to,$email_subject,$email_body)) { }
153
			$success = false;
154
			if(	$wb->mail($sServerEmail,$email_to,$email_subject,$email_body,WB_MAILER) ) {
155
				$sql  = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` ';
156
				$sql .= 'ORDER BY `user_id` DESC ';
157
		        $user_id = $database->get_one($sql)+1;
158
159
				$email_subject = $MESSAGE['SIGNUP2_NEW_USER'];
160
				$search = array('{LOGIN_EMAIL}','{LOGIN_ID}', '{SIGNUP_DATE}', '{LOGIN_NAME}', '{LOGIN_IP}');
161
				$replace = array($email_to, $email_fromname.' ('.$user_id.')', date(DATE_FORMAT.' '.TIME_FORMAT,$get_ts ), $sLoginName, $get_ip);
162
				$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_ADMIN_INFO']);
163
				$email_body = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $mail_message );
164
				$success_email_to = emailAdmin();
165
 				$success = $wb->mail($sServerEmail,$success_email_to,$email_subject,$email_body,$email_fromname);
166
			}
167
		}
168
169
		if($success) {
170
171
			$sql  = 'INSERT INTO `'.TABLE_PREFIX.'users` SET ';
172
			$sql .= 'group_id = \''.$groups_id.'\', ';
173
			$sql .= 'groups_id = \''.$groups_id.'\', ';
174
			$sql .= 'active = \'1\', ';
175
			$sql .= 'username = \''.$sLoginName.'\', ';
176
			$sql .= 'password = \''.$md5_password.'\', ';
177
			$sql .= 'display_name = \''.$sDisplayName.'\', ';
178
			$sql .= 'email = \''.$email_to.'\', ';
179
			$sql .= 'login_when = \''.$get_ts.'\', ';
180
			$sql .= 'login_ip = \''.$get_ip.'\' ';
181
			if($database->query($sql)) {
182
				$_SESSION['display_form'] = false;
183
				unset($_SESSION['username']);
184
				unset($_SESSION['DISPLAY_NAME']);
185
				unset($_SESSION['email']);
186
				unset($_POST);
187
// send msgbox
188
?><div style="width: 100%; overflow: hidden; border: 2px #336600 solid; background-color: #ccff99;">
189
	<div style="width: 100%; padding: 5px; text-align:center;">
190
		<?php print $MESSAGE['SIGNUP2_SUBJECT_NEW_USER'] ?>
191
		<div style="margin: 5px auto;"><br />
192
		<button type="button" value="cancel" onClick="javascript: window.location = '<?php print $_SESSION['HTTP_REFERER'] ?>';"><?php print $TEXT['BACK'] ?></button>
193
		</div>
194
	</div>
195
</div>
196
<?php
197
			}
198
		}
199
	}
200
}