register.php
上传用户:gzy2002
上传日期:2010-02-11
资源大小:1785k
文件大小:8k
- <?php
- // +-------------------------------------------------------------+
- // | DeskPRO v [2.0.1 Production]
- // | Copyright (C) 2001 - 2004 Headstart Solutions Limited
- // | Supplied by WTN-WDYL
- // | Nullified by WTN-WDYL
- // | Distribution via WebForum, ForumRU and associated file dumps
- // +-------------------------------------------------------------+
- // | DESKPRO IS NOT FREE SOFTWARE
- // +-------------------------------------------------------------+
- // | License ID : Full Enterprise License =) ...
- // | License Owner : WTN-WDYL Team
- // +-------------------------------------------------------------+
- // | $RCSfile: register.php,v $
- // | $Date: 2004/02/10 01:34:25 $
- // | $Revision: 1.33 $
- // +-------------------------------------------------------------+
- // | File Details:
- // | - User registration pages.
- // +-------------------------------------------------------------+
- error_reporting(E_ALL & ~E_NOTICE);
- require_once('./global.php');
- //Nullify WTN-WDYL Team
- $template_cache = templatecache('REG_register,HF_footer,HF_header');
- // default do
- $_REQUEST['do'] = trim($_REQUEST['do']);
- if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
- $_REQUEST['do'] = "start";
- }
- $page = 'register';
- $navigation = ' // ' . "<a class="light" href="register.php">$dplang[register]</a>";
- ############################### BASIC CHECKS ###############################
- // check registering is enabled
- if (!($settings['allow_registration'])) {
- error("error_no_registration");
- }
- user_p_checks();
- if ($user) {
- error("error_already_registered");
- }
- ############################### PROCESS FORM ###############################
- if ($_REQUEST['do'] == "submit") {
-
- //////////////// password ////////////////
- // check non match / too short
- if ($_REQUEST[password] != $_REQUEST[password2]) {
- $error_match_password = 1;
- $error_password = 1;
- $stop = 1;
- unset($_REQUEST[password], $_REQUEST[password2]);
- } elseif (strlen($_REQUEST[password]) < 5) {
- $error_short_password = 1;
- $error_password = 1;
- $stop = 1;
- unset($_REQUEST[password], $_REQUEST[password2]);
- }
-
- //////////////// username ////////////////
- // check length/invalid characters and current use
- if (!validate_username($_REQUEST[username])) {
- $stop = 1;
- $error_bad_username = 1;
- $error_username = 1;
- } elseif (!unique_username($_REQUEST[username])) {
- // $stop = 1;
- $error_duplicate_username = 1;
- $error_username = 1;
- $stop = 1;
- }
- //////////////// email ////////////////
- // check valid email, non duplicated and not banned
- if (!validate_email($_REQUEST[email])) {
- $stop = 1;
- $error_bad_email = 1;
- $error_email = 1;
- } elseif (!unique_email($_REQUEST[email])) {
- $stop = 1;
- $error_duplicate_email = 1;
- $error_email = 1;
- } elseif (banned_email($_REQUEST[email])) {
- $stop = 1;
- $error_banned_email = 1;
- $error_email = 1;
- }
- //////////////// custom fields ////////////////
-
- // get the fields that we are expecting to be created
- $db->query("SELECT * from user_def WHERE user_start");
- while ($result = $db->row_array()) {
- $data = field_def_val($result, $_REQUEST[custom_fields][$result[name]], $_REQUEST[custom_fields]["extra" . $result[name]]);
- if ($data === NULL) {
-
- $tmp = unserialize($result[error_message]);
- $error_message = $tmp[$session[language]];
- // form errors;
- $custom_error[] = array('error' => $error_message);
- // for form design
- $custom_errors[] = $result[name];
-
- $stop = 1;
-
- } else {
- $query2 .= " $result[name] = '" . mysql_escape_string($data) . "', ";
-
- }
- }
- if ($stop) {
- $_REQUEST['do'] = "start";
- $redo = 1;
- } else {
- $create_user = 1;
- }
- }
- ############################### PAGE 1: START PAGE ###############################
- if ($_REQUEST['do'] == "start") {
- // get user data
- $db->query("SELECT * from user_def WHERE user_start ORDER BY displayorder");
- $custom = array();
- while ($result = $db->row_array()) {
- unset($name, $description, $error, $html);
- $tmp = unserialize($result[display_name]);
- $name = $tmp[$session[language]];
- $tmp = unserialize($result[description]);
- $description = $tmp[$session[language]];
- if ($stop) {
- $html = field_def($result, iff($redo, 'redo', 'default'), $_REQUEST[custom_fields][$result[name]], $_REQUEST[custom_fields]["extra" . $result[name]]);
- } else {
- $html = field_def($result);
- }
- $tmp = unserialize($result[error_message]);
- $error_message = $tmp[$session[language]];
- if (@in_array($result[name], $custom_errors)) {
- $error = $tmp[$session[language]];
- give_default($error, ' ');
- }
- // two arrays, one for loop and one to allow custom form design
- $custom[] = array(
- 'name' => $name,
- 'description' => $description,
- 'html' => $html,
- 'error' => $error
- );
- ${$result[name]} = array(
- 'name' => $name,
- 'description' => $description,
- 'html' => $html,
- 'error' => $error
- );
-
- }
- // sanitize variables
- $_REQUEST['email'] = htmlspecialchars($_REQUEST['email']);
- $_REQUEST['username'] = htmlspecialchars($_REQUEST['username']);
- $_REQUEST['password'] = htmlspecialchars($_REQUEST['password1']);
- $_REQUEST['password'] = htmlspecialchars($_REQUEST['password2']);
- // display the page
- eval(makeeval('header', 'HF_header'));
- eval(makeeval('footer', 'HF_footer'));
- eval(makeeval('echo', 'REG_register'));
- }
- ############################### CREATE THE USER ###############################
- if ($create_user == '1') {
- // start the sql statment
- $query = "INSERT into user SET
- password = '" . mysql_escape_string($_REQUEST[password]) . "' ,
- name = '" . mysql_escape_string($_REQUEST[name]) . "',
- username = '" . mysql_escape_string($_REQUEST[username]) . "',
- email = '" . mysql_escape_string($_REQUEST[email]) . "',
- timezone = '" . mysql_escape_string($settings['timezone']) . "',
- date_registered = '" . mktime() . "',
- ";
- // add custom fields
- $query .= $query2;
- // passwords
- $password_cookie = md5($session[sessionid] . $_REQUEST['password1'] . uniqid(rand(),1));
- $password_cookie = substr($password_cookie, 0, 8);
- $password_url = md5($_REQUEST['password1'] . uniqid(rand(),1) . $session[sessionid]);
- $password_url = substr($password_url, 0, 8);
-
- $query .= "password_url = '" . mysql_escape_string($password_url) . "', password_cookie = '" . mysql_escape_string($password_cookie) . "',";
- $validate_number = substr(md5(time()),0,6);
- $query .= " validate_key = '" . mysql_escape_string($validate_number) . "', ";
- // require email validation
- if ($settings[validate_email]) {
- $query .= " awaiting_validation = '1', ";
- }
- if ($settings[manual_validation]) {
- $query .= " awaiting_manual_validation = '1', ";
- }
- // language
- $query .= " language = '$session[language]' ";
- // add new user to database and get back id
- $db->query($query);
- $id = $db->last_id();
- // get user information into array for emailing
- $user_details = $db->query_return("SELECT * FROM user WHERE id = '$id'");
- // update session
- $session = update_session('user', $id);
- $user_details = update_user_details($user_details);;
- // need to validate email
- if ($settings[validate_email]) {
- eval(makeemaileval('message', 'BODY_register_confirm', $subject));
- dp_mail($_REQUEST['email'], $subject, $message);
- } elseif ($settings[manual_validation]) {
- eval(makeemaileval('message', 'BODY_register', $subject));
- dp_mail($_REQUEST['email'], $subject, $message);
- // general email welcome
- } elseif ($settings[register_welcome]) {
- eval(makeemaileval('message', 'BODY_register', $subject));
- dp_mail($_REQUEST['email'], $subject, $message);
- }
-
- // email admins if wanted
- $send_emails = explode(',', $settings[email_registeradmin]);
- if (is_array($send_emails)) {
- foreach ($send_emails AS $key => $var) {
- $var = trim($var);
- if (validate_email($var)) {
- $toemail = $var;
- eval(makeemaileval('message', 'TECHBODY_newuser', $subject));
- dp_mail($var, $subject, $message);
- }
- }
- }
-
- // redirect to control panel
- jump("newticket.php", "redirect_registered");
-
- }
- ?>