register.php

jsp程序开发系统

<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: register.php,v $
// | $Date: 2004/02/10 01:34:25 $
// | $Revision: 1.33 $
// +-------------------------------------------------------------+
// | File Details:
// | - User registration pages.
// +-------------------------------------------------------------+

error_reporting(E_ALL & ~E_NOTICE);
require_once('./global.php');
//Nullify WTN-WDYL Team

$template_cache = templatecache('REG_register,HF_footer,HF_header');

// default do
$_REQUEST['do'] = trim($_REQUEST['do']);
if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
	$_REQUEST['do'] = "start";
}

$page = 'register';
$navigation = ' // ' . "<a class=\"light\" href=\"register.php\">$dplang[register]</a>";

############################### BASIC CHECKS ###############################

// check registering is enabled
if (!($settings['allow_registration'])) {
	error("error_no_registration");
}

user_p_checks();

if ($user) {
	error("error_already_registered");
}

###############################  PROCESS FORM ###############################	

if ($_REQUEST['do'] == "submit") {	
	
	//////////////// password ////////////////

	// check non match / too short
	if ($_REQUEST[password] != $_REQUEST[password2]) {
		$error_match_password = 1;
		$error_password = 1;
		$stop = 1;
		unset($_REQUEST[password], $_REQUEST[password2]);
	} elseif (strlen($_REQUEST[password]) < 5) {
		$error_short_password = 1;
		$error_password = 1;
		$stop = 1;
		unset($_REQUEST[password], $_REQUEST[password2]);
	}
	
	//////////////// username ////////////////

	// check length/invalid characters and current use

	if (!validate_username($_REQUEST[username])) {
		$stop = 1;
		$error_bad_username = 1;
		$error_username = 1;
	} elseif (!unique_username($_REQUEST[username])) {
		// $stop = 1;
		$error_duplicate_username = 1;
		$error_username = 1;
		$stop = 1;
	}

	//////////////// email ////////////////

	// check valid email, non duplicated and not banned

	if (!validate_email($_REQUEST[email])) {
		$stop = 1;
		$error_bad_email = 1;
		$error_email = 1;
	} elseif (!unique_email($_REQUEST[email])) {
		$stop = 1;
		$error_duplicate_email = 1;
		$error_email = 1;
	} elseif (banned_email($_REQUEST[email])) {
		$stop = 1;
		$error_banned_email = 1;
		$error_email = 1;
	}

	//////////////// custom fields ////////////////
	
	// get the fields that we are expecting to be created
	$db->query("SELECT * from user_def WHERE user_start");

	while ($result = $db->row_array()) {

		$data = field_def_val($result, $_REQUEST[custom_fields][$result[name]], $_REQUEST[custom_fields]["extra" . $result[name]]);

		if ($data === NULL) {
			
			$tmp = unserialize($result[error_message]);
			$error_message = $tmp[$session[language]];

			// form errors;
			$custom_error[] = array('error' => $error_message);

			// for form design
			$custom_errors[] = $result[name];
	
			$stop = 1;
	
		} else {

			$query2 .= " $result[name] = '" . mysql_escape_string($data) . "', ";
		
		}
	}

	if ($stop) {
		$_REQUEST['do'] = "start";
		$redo = 1;
	} else {
		$create_user = 1;
	}

}

############################### PAGE 1: START PAGE ###############################

if ($_REQUEST['do'] == "start") {

	// get user data
	$db->query("SELECT * from user_def WHERE user_start ORDER BY displayorder");

	$custom = array();
	while ($result = $db->row_array()) {

		unset($name, $description, $error, $html);

		$tmp = unserialize($result[display_name]);
		$name = $tmp[$session[language]];

		$tmp = unserialize($result[description]);
		$description = $tmp[$session[language]];

		if ($stop) {
			$html = field_def($result, iff($redo, 'redo', 'default'), $_REQUEST[custom_fields][$result[name]], $_REQUEST[custom_fields]["extra" . $result[name]]);
		} else {
			$html = field_def($result);
		}

		$tmp = unserialize($result[error_message]);
		$error_message = $tmp[$session[language]];
		if (@in_array($result[name], $custom_errors)) {
			$error = $tmp[$session[language]];
			give_default($error, ' ');
		}

		// two arrays, one for loop and one to allow custom form design
		$custom[] = array(
			'name' => $name,
			'description' => $description,
			'html' => $html,
			'error' => $error
		);

		${$result[name]} = array(
			'name' => $name,
			'description' => $description,
			'html' => $html,
			'error' => $error
		);
	
	}

	// sanitize variables
	$_REQUEST['email'] = htmlspecialchars($_REQUEST['email']);
	$_REQUEST['username'] = htmlspecialchars($_REQUEST['username']);
	$_REQUEST['password'] = htmlspecialchars($_REQUEST['password1']);
	$_REQUEST['password'] = htmlspecialchars($_REQUEST['password2']);

	// display the page
	eval(makeeval('header', 'HF_header'));
	eval(makeeval('footer', 'HF_footer'));
	eval(makeeval('echo', 'REG_register'));

}

############################### CREATE THE USER ###############################

if ($create_user == '1') {

	// start the sql statment
	$query = "INSERT into user SET
		password = '" . mysql_escape_string($_REQUEST[password]) . "' ,
		name = '" . mysql_escape_string($_REQUEST[name]) . "',
		username = '" . mysql_escape_string($_REQUEST[username]) . "',
		email = '" . mysql_escape_string($_REQUEST[email]) . "',
		timezone = '" . mysql_escape_string($settings['timezone']) . "',
		date_registered = '" . mktime() . "',
	";

	// add custom fields
	$query .= $query2;

	// passwords
	$password_cookie = md5($session[sessionid] . $_REQUEST['password1'] . uniqid(rand(),1));
	$password_cookie = substr($password_cookie, 0, 8);
	$password_url = md5($_REQUEST['password1'] . uniqid(rand(),1) . $session[sessionid]);
	$password_url = substr($password_url, 0, 8);
	
	$query .= "password_url = '" . mysql_escape_string($password_url) . "', password_cookie = '" . mysql_escape_string($password_cookie) . "',";

	$validate_number = substr(md5(time()),0,6);
	$query .= " validate_key = '" . mysql_escape_string($validate_number) . "', ";

	// require email validation
	if ($settings[validate_email]) {
		$query .= "	awaiting_validation = '1', ";
	}

	if ($settings[manual_validation]) {
		$query .= " awaiting_manual_validation = '1', ";
	}

	// language
	$query .= " language = '$session[language]' ";

	// add new user to database and get back id
	$db->query($query);
	$id = $db->last_id();

	// get user information into array for emailing
	$user_details = $db->query_return("SELECT * FROM user WHERE id = '$id'");

	// update session
	$session = update_session('user', $id);

	$user_details = update_user_details($user_details);;

	// need to validate email
	if ($settings[validate_email]) {
		eval(makeemaileval('message', 'BODY_register_confirm', $subject));
		dp_mail($_REQUEST['email'], $subject, $message);

	} elseif ($settings[manual_validation]) {
		eval(makeemaileval('message', 'BODY_register', $subject));
		dp_mail($_REQUEST['email'], $subject, $message);

	// general email welcome
	} elseif ($settings[register_welcome]) {
		eval(makeemaileval('message', 'BODY_register', $subject));
		dp_mail($_REQUEST['email'], $subject, $message);
	}
		
	// email admins if wanted
	$send_emails = explode(',', $settings[email_registeradmin]);
	if (is_array($send_emails)) {
		foreach ($send_emails AS $key => $var) {
			$var = trim($var);
			if (validate_email($var)) {
				$toemail = $var;
				eval(makeemaileval('message', 'TECHBODY_newuser', $subject));
				dp_mail($var, $subject, $message);
			}
		}	
	}
		
	// redirect to control panel
	jump("newticket.php", "redirect_registered");
		
}

?>