signup.php

一个全功能的国外博客商业程序

<?
include "header.php";
if(isset($_POST['task'])) { $task = $_POST['task']; } elseif(isset($_GET['task'])) { $task = $_GET['task']; } else { $task = "step_one"; }




// SHOW IMAGE
if($task == "image") {

if($admin_info[signup_image] != 1 OR !function_exists('gd_info')) { exit(); }

$code = $_GET['code'];
$code = strrev($code);
$code = preg_replace("([a-zA-Z])", "-", $code); 
$number = explode("-", $code);
for($c = 0; $c < 7; $c++) {
$d = $c + 5;
$mul[$c] = $number[$d];
}
for($c = 0; $c < 7; $c++) {
$d = $c - 1;
$num[$c] = $number[$d] / $mul[$c];
}
for($c = 1; $c < 7; $c++) {
if(!is_int($num[$c])) { exit(); }
}

header("Content-type: image/png"); 
$img_handle = @ImageCreate(67, 20); 
$back_color = @ImageColorAllocate($img_handle, 246, 246, 246); 

$count = 0;
while($count < 6) {
$count++;
$x_axis = -5 + ($count * 10);
$color1 = rand(001, 150);
$color2 = rand(001, 150);
$color3 = rand(001, 150);
$txt_color[$count] = @ImageColorAllocate($img_handle, $color1, $color2, $color3); 
$size = 5;
@ImageString($img_handle, $size, $x_axis, 2, "$num[$count]", $txt_color[$count]); 
}

$pixel_color = @ImageColorAllocate($img_handle, 100, 100, 100); 

$count = 0;
while($count < 20) {
$count++;
$randx = rand(1,67);
$randy = rand(1,20);
@ImageSetPixel($img_handle, $randx, $randy, $pixel_color);
}

@ImagePng($img_handle); 

exit();
}



// SHOW TERMS
if($task == "terms") {
echo $head;
echo $admin_info[signup_termstext];
echo $foot;
exit();
}



$is_error1 = "no";
$is_error2 = "no";
$error1 = "";
$error2 = "";
$username = "";
$password1 = "";
$password2 = "";
$fname = "";
$lname = "";
$email = "";
$display_name = "";
$title = "";
$description = "";
$website = "";
$screenname = "";
$screenname_type = "";
$gender = "";
$birthday = "";
$city = "";
$state = "";
$country = "";



// STEP FOUR
if($task == "step_four") {

// CREATE BAD WORD ARRAYS
$bad_words = explode(",", trim($admin_info[banned_badwords]));
$bad_words_replace = explode(",", trim($admin_info[banned_badwords_replace]));

$username = $_POST['username'];
$password1 = base64_decode($_POST['password1']);
$fname = str_replace("'", "&#39;", $_POST['fname']);
$lname = str_replace("'", "&#39;", $_POST['lname']);
$email = $_POST['email'];
$display_name = str_replace($bad_words, $bad_words_replace, str_replace("'", "&#39;", stripslashes($_POST['display_name'])));
$title = str_replace($bad_words, $bad_words_replace, str_replace("'", "&#39;", stripslashes($_POST['title'])));
$description = str_replace($bad_words, $bad_words_replace, str_replace("'", "&#39;", stripslashes($_POST['description'])));
$wc_id = $_POST['wc_id'];
$website = $_POST['website'];
$screenname = $_POST['screenname'];
$screenname_type = $_POST['screenname_type'];
$gender = $_POST['gender'];
$birthday_month = $_POST['birthday_month'];
$birthday_day = $_POST['birthday_day'];
$birthday_year = $_POST['birthday_year'];
$birthday = MakeTime("0", "0", "0", "$birthday_month", "$birthday_day", "$birthday_year");

$city = $_POST['city'];
$state = $_POST['state'];
$country = $_POST['country'];
$template = $_POST['template'];

// BE SURE THAT THE USER DID NOT REFRESH THE PAGE AFTER A SUCCESSFUL SIGNUP
$duplicates = mysql_num_rows(mysql_query("SELECT * FROM bhost_users WHERE username='$username'"));
if($duplicates != 0) { header("Location: login.php"); exit(); }

// ERRORS
if(str_replace(" ", "", $display_name) == "" OR str_replace(" ", "", $title) == "" OR str_replace(" ", "", $description) == "" OR $wc_id == "") { echo $head; error(34); }
if($admin_info[field_website] == "3" & str_replace(" ", "", $website) == "") { echo $head; error(34); }
if($admin_info[field_screenname] == "3" & str_replace(" ", "", $screenname) == "") { echo $head; error(34); }
if($admin_info[field_gender] == "3" & str_replace(" ", "", $gender) == "") { echo $head; error(34); }
if($admin_info[field_birthday] == "3" & str_replace(" ", "", $birthday) == "") { echo $head; error(34); }

if($admin_info[field_city] == "3" & str_replace(" ", "", $city) == "") { echo $head; error(34); }
if($admin_info[field_state] == "3" & str_replace(" ", "", $state) == "") { echo $head; error(34); }
if($admin_info[field_country] == "3" & str_replace(" ", "", $country) == "") { echo $head; error(34); }

$custom_fields = mysql_query("SHOW COLUMNS FROM bhost_profile FROM `$mysql_database`");
while($custom = mysql_fetch_assoc($custom_fields)) {
 if($custom[Field] != "p_id" & $custom[Field] != "u_id") {
  $custom_name = str_replace("_", " ", substr($custom[Field], 0, -2));
  $custom_required = substr($custom[Field], -2);
  $custom_field = $custom[Field];
  $custom_field_value = str_replace("'", "&#39;", stripslashes($_POST[$custom_field]));
  if($custom_required == "_3" & str_replace(" ", "", $custom_field_value) == "") { 
  echo $head; error(34);
  }
 }


$template_info = mysql_fetch_assoc(mysql_query("SELECT * FROM bhost_templates WHERE t_id='$template'"));
$template_html = str_replace("'", "\\'", $template_info[html]);

$signup_date = time();
$signup_ip = $_SERVER['REMOTE_ADDR'];

if($admin_info[signup_emailverify] == 1) {
$verified = "0";
} else {
$verified = "1";
}


// GENERATE CODE
$code = randomcode();

// SET PASSWORD
$password = crypt($password1, $code);

// SELECT DEFAULT USER GROUP
$group = mysql_fetch_assoc(mysql_query("SELECT g_id, default_group FROM bhost_groups WHERE default_group='1'"));

// ADD NEW USER
mysql_query("INSERT INTO bhost_users (
g_id,
wc_id,
username, 
password, 
enabled,
code,
email, 
fname, 
lname, 
signup_date,
signup_ip,
verified, 
display_name, 
title, 
description, 
website, 
screenname, 
screenname_type, 
gender, 
birthday, 
city, 
state, 
country, 
template, 
show_comments, 
who_comments, 
default_comments, 
notify_comments, 
logip_comments, 
manage_comments, 
default_privacy, 
entries_per_page, 
recent_entries, 
timezone, 
format_date, 
format_time, 
showtitle, 
entry_default, 
show_name, 
show_email, 
show_memberlist, 
show_userstats,
rss_on,
rss_entries,
rss_html
) VALUES (
'$group[g_id]',
'$wc_id',
'$username', 
'$password',
'1', 
'$code',
'$email', 
'$fname', 
'$lname', 
'$signup_date', 
'$signup_ip',
'$verified',
'$display_name', 
'$title', 
'$description', 
'$website', 
'$screenname', 
'$screenname_type', 
'$gender', 
'$birthday', 
'$city', 
'$state', 
'$country', 
'$template_html', 
'3', 
'3', 
'1', 
'0', 
'0', 
'3', 
'3', 
'20', 
'5', 
'$admin_info[signup_timezone]', 
'$admin_info[signup_format_date]', 
'$admin_info[signup_format_time]', 
'1', 
'', 
'1', 
'0', 
'1', 
'1',
'0',
'10',
'0')");

$user_info = mysql_fetch_assoc(mysql_query("SELECT * FROM bhost_users WHERE username='$username' AND password='$password' ORDER BY u_id DESC LIMIT 1"));
mysql_query("INSERT INTO bhost_profile (u_id) VALUES ('$user_info[u_id]')");

$custom_fields = mysql_query("SHOW COLUMNS FROM bhost_profile FROM `$mysql_database`");
while($custom = mysql_fetch_assoc($custom_fields)) {
 if($custom[Field] != "p_id" & $custom[Field] != "u_id") {
  $custom_name = str_replace("_", " ", substr($custom[Field], 0, -2));
  $custom_required = substr($custom[Field], -2);
  $custom_field = $custom[Field];
  $custom_field_value = str_replace($bad_words, $bad_words_replace, $_POST[$custom_field]);
  if($custom_required == "_3" | $custom_required == "_2") { 
   mysql_query("UPDATE bhost_profile SET $custom_field='$custom_field_value' WHERE u_id='$user_info[u_id]'");
  }
 }
}

if($admin_info[allow_password] == 0) {
$subject = $admin_info[user_password_subject];
$subject = str_replace("<username>", "$username", $subject);
$subject = str_replace("<password>", "$password1", $subject);
$subject = str_replace("<fname>", $fname, $subject);
$subject = str_replace("<lname>", $lname, $subject);
$message = $admin_info[user_password_email];
$message = str_replace("<username>", "$username", $message);
$message = str_replace("<password>", "$password1", $message);
$message = str_replace("<fname>", $fname, $message);
$message = str_replace("<lname>", $lname, $message);
mail("$email", "$subject", "$message", "From: $admin_info[email]");
}

// SEND NOTIFICATION EMAIL TO ADMIN IF TURNED ON
if($admin_info[signup_notify] == 1) {
$notify_subject = "$signup1 $username";
$notify_message = "$signup2\n\n$signup3 $username\n$signup5 $fname\n$signup6 $lname";
$notify_headers = "From: BlogHoster System <$admin_info[email]>";
mail($admin_info[email], $notify_subject, $notify_message, $notify_headers);
}

// SEND WELCOME EMAIL TO USER IF TURNED ON IF EMAIL VERIFICATION IS TURNED OFF
if($admin_info[signup_sendemail] == 1 & $admin_info[signup_emailverify] != 1) {
$welcome_subject = $admin_info[welcome_subject];
$welcome_subject = str_replace("<fname>", $fname, $welcome_subject);
$welcome_subject = str_replace("<lname>", $lname, $welcome_subject);
$welcome_subject = str_replace("<link>", url("index", "$username"), $welcome_subject);
$welcome_message = $admin_info[welcome_message];
$welcome_message = str_replace("<fname>", $fname, $welcome_message);
$welcome_message = str_replace("<lname>", $lname, $welcome_message);
$welcome_message = str_replace("<link>", url("index", "$username"), $welcome_message);
$welcome_headers = "From: $admin_info[fname] $admin_info[lname] <$admin_info[email]>";
mail($email, $welcome_subject, $welcome_message, $welcome_headers);
}

// SEND VERIFICATION EMAIL TO USER IF TURNED ON
if($admin_info[signup_emailverify] == 1) {
$server_array = explode("/", $_SERVER['PHP_SELF']);
$server_array_mod = array_pop($server_array);
$server_info = implode("/", $server_array);
$server = "http://".$_SERVER['HTTP_HOST'].$server_info;
$verify_subject = $admin_info[verify_subject];
$verify_subject = str_replace("<fname>", $fname, $verify_subject);
$verify_subject = str_replace("<lname>", $lname, $verify_subject);
$verify_subject = str_replace("<link>", "$server/verify.php?u=$user_info[u_id]", $verify_subject);
$verify_message = $admin_info[verify_message];
$verify_message = str_replace("<fname>", $fname, $verify_message);
$verify_message = str_replace("<lname>", $lname, $verify_message);
$verify_message = str_replace("<link>", "$server/verify.php?u=$user_info[u_id]&c=$user_info[code]", $verify_message);
$verify_headers = "From: $admin_info[fname] $admin_info[lname] <$admin_info[email]>";
mail($email, $verify_subject, $verify_message, $verify_headers);
}

echo $head;
echo "
<table width='100%' cellpadding='0' cellspacing='0'>
<tr>
<td valign='top' class='box'>
<h2>$signup7</h2>
$signup8<br>";
if($admin_info[allow_password] != 1) { echo "$signup9<br>"; }
if($admin_info[signup_emailverify] == 1) { echo "$signup10<br>"; }
echo "
<br>
<form action='login.php' method='POST'>
<input type='submit' class='button' value='$signup11'>
</form>
</td>
</tr>
</table>
";
echo $foot;

}}












// STEP THREE
if($task == "step_three") {
$username = $_POST['username'];
$password1 = $_POST['password1'];
$fname = str_replace("'", "&#39;", $_POST['fname']);
$lname = str_replace("'", "&#39;", $_POST['lname']);
$email = $_POST['email'];
$display_name = str_replace("'", "&#39;", stripslashes($_POST['display_name']));
$title = str_replace("'", "&#39;", stripslashes($_POST['title']));
$description = str_replace("'", "&#39;", stripslashes($_POST['description']));
$wc_id = $_POST['wc_id'];
$website = $_POST['website'];
$screenname = $_POST['screenname'];
$screenname_type = $_POST['screenname_type'];
$gender = $_POST['gender'];
$city = $_POST['city'];
$state = $_POST['state'];
$country = $_POST['country'];

$birthday_month = $_POST['birthday_month'];
$birthday_day = $_POST['birthday_day'];