📄 register.php
字号:
<?php
error_reporting(7);
$templatesused = "signupadult,signupverify,modifyoptions_maxposts,register_birthday,modifyoptions_styleset,register_stylecell,register_customfields,registeradult,registercoppa,email_newuser,emailsubject_newuser,email_activateaccount,emailsubject_activateaccount,redirect_registerthanks";
require("./global.php");
if ((!isset($action) or $action=="") and (!isset($a) or $a=="")) {
$action="signup";
}
if ($url==$HTTP_REFERER) {
$url=urlencode($url);
}
// ############################### start signup ###############################
if ($action=="signup") {
if (!$allowregistration) {
eval("standarderror(\"".gettemplate("error_noregister")."\");");
exit;
}
if ($bbuserinfo[userid]!=0 and !$allowmultiregs) {
$getuser=$DB_site->query_first("SELECT username FROM ".$table["user"]." WHERE userid='$bbuserinfo[userid]'");
$username=$getuser[username];
eval("standarderror(\"".gettemplate("error_alreadyregistered")."\");");
exit;
}
$coppadate=vbdate($dateformat,mktime(0,0,0,date("m"),date("d"),date("Y")-13));
eval("dooutput(\"".gettemplate("signupadult")."\");");
}
// ############################### start register ###############################
if ($action=="register") {
if (!$allowregistration) {
eval("standarderror(\"".gettemplate("error_noregister")."\");");
exit;
}
if ($bbuserinfo[userid]!=0 and !$allowmultiregs) {
$getuser=$DB_site->query_first("SELECT username FROM ".$table["user"]." WHERE userid='$bbuserinfo[userid]'");
$username=$getuser[username];
eval("standarderror(\"".gettemplate("error_alreadyregistered")."\");");
exit;
}
// Referrer
if ($usereferrer and $bbuserinfo['userid']==0) {
if ($bbreferrerid) {
if ($referrername=$DB_site->query_first("SELECT username FROM ".$table["user"]." WHERE userid = '".addslashes($bbreferrerid)."'")) {
$referrername = $referrername['username'];
}
}
eval("\$referrer = \"".gettemplate("register_referrer")."\";");
} else {
$referrer = '';
}
eval("dooutput(\"".gettemplate("registeradult")."\");");
}
// ############################### start add member ###############################
if ($HTTP_POST_VARS['action']=="addmember") {
if (!$allowregistration) {
eval("standarderror(\"".gettemplate("error_noregister")."\");");
exit;
}
if ($bbuserinfo[userid]!=0 and !$allowmultiregs) {
$getuser=$DB_site->query_first("SELECT username FROM ".$table["user"]." WHERE userid='$bbuserinfo[userid]'");
$username=$getuser[username];
eval("standarderror(\"".gettemplate("error_alreadyregistered")."\");");
exit;
}
$username = trim($username);
$username = eregi_replace("( ){2,}", " ", $username);
$email = trim($email);
$emailconfirm = trim($emailconfirm);
$password = trim($password);
$passwordconfirm = trim($passwordconfirm);
// do add user
if ($checkuser=$DB_site->query_first("SELECT username FROM ".$table["user"]." WHERE username='".addslashes(htmlspecialchars($username))."' OR username='".addslashes(eregi_replace("[^A-Za-z0-9]","",$username))."'")) {
eval("standarderror(\"".gettemplate("error_usernametaken")."\");");
exit;
}
if (!preg_match('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_`{|}~]+@([-0-9A-Z]+\.)+([0-9A-Z]){2,4}$/i', $email)) {
eval("standarderror(\"".gettemplate("error_bademail")."\");");
}
if ($requireuniqueemail and $checkuser=$DB_site->query_first("SELECT username,email FROM ".$table["user"]." WHERE email='".addslashes($email)."'")) {
eval("standarderror(\"".gettemplate("error_emailtaken")."\");");
exit;
}
if ($username=="" or $email=="" or $emailconfirm=="" or $password=="" or $passwordconfirm=="") {
eval("standarderror(\"".gettemplate("error_fieldmissing")."\");");
exit;
}
if (strlen($password)<$minpasswordlength) {
eval("standarderror(\"".gettemplate("error_passwordtooshort")."\");");
exit;
}
if ($password!=$passwordconfirm) {
eval("standarderror(\"".gettemplate("error_passwordmismatch")."\");");
exit;
}
if ($email!=$emailconfirm) {
eval("standarderror(\"".gettemplate("error_emailmismatch")."\");");
exit;
}
if (strlen($username)<$minuserlength) {
eval("standarderror(\"".gettemplate("error_usernametooshort")."\");");
exit;
} elseif (strlen($username)>$maxuserlength) {
eval("standarderror(\"".gettemplate("error_usernametoolong")."\");");
exit;
}
$testreferrerid['userid'] = 0;
if ($usereferrer and $bbuserinfo['userid']==0) {
if ($referrername) {
if (!$testreferrerid=$DB_site->query_first("SELECT userid FROM ".$table["user"]." WHERE username = '".addslashes($referrername)."'")) {
eval("standarderror(\"".gettemplate("error_badreferrer")."\");");
exit;
}
}
}
if ($verifyemail) {
$newusergroupid=3;
} else {
if ($moderatenewmembers) {
$newusergroupid=4;
} else {
$newusergroupid=2;
}
}
$adminemail=iif($allowmail=="yes",1,0);
$cookieuser=iif($cookieuser=="yes",1,0);
$nosessionhash=iif($nosessionhash=="yes",1,0);
$icq=intval($icq);
if ($icq==0) {
$icq="";
}
$oicq=intval($oicq);
if ($oicq==0) {
$oicq="";
}
// $timezoneoffset=intval($timezoneoffset); -- not needed
// check that nothing illegal is in the username/biography/signature
if ($illegalusernames!="") {
$usernames=explode(" ",$illegalusernames);
while (list($key,$val)=each($usernames)) {
if ($val!="") {
if (strstr(strtolower($username),strtolower($val))!="") {
eval("standarderror(\"".gettemplate("error_usernametaken")."\");");
exit;
}
}
}
}
$homepage = trim($homepage);
if ($homepage) {
if (preg_match('#^www\.#si', $homepage)) {
$homepage = "http://$homepage";
} else if (!preg_match('#^[a-z0-9]+://#si', $homepage)) {
// homepage doesn't match the http://-style format in the beginning -- possible attempted exploit
$homepage = '';
}
}
$DB_site->query("INSERT INTO ".$table["user"]." (userid,username,password,email,
homepage,icq,oicq,adminemail,joindate,
cookieuser,lastvisit,lastactivity,usergroupid,
ipaddress,referrerid,
nosessionhash) VALUES (NULL,'".addslashes(htmlspecialchars($username))."','".addslashes(md5($password))."','".addslashes(htmlspecialchars($email))."',
'".addslashes(htmlspecialchars($homepage))."','".addslashes(htmlspecialchars($icq))."','".addslashes(htmlspecialchars($oicq))."','$adminemail','".time()."',
'$cookieuser','".time()."','".time()."','$newusergroupid',
'".addslashes($ipaddress)."','".addslashes($testreferrerid['userid'])."','$nosessionhash')");
$userid=$DB_site->insert_id();
// initialise cookies
if ($cookieuser==1) {
vbsetcookie("bbuserid",$userid);
vbsetcookie("bbpassword",md5($password));
}
$DB_site->query("UPDATE ".$table["session"]." SET userid=$userid WHERE sessionhash='".addslashes($session['dbsessionhash'])."'");
// sort out emails and usergroups
if ($verifyemail) {
// make random number
mt_srand ((double) microtime() * 1000000);
$activateid=mt_rand(0,100000000);
//save to DB
$DB_site->query("INSERT INTO ".$table["useractivation"]." VALUES (NULL,'$userid','".time()."','$activateid',0)");
eval("\$message = \"".gettemplate("email_activateaccount",1,0)."\";");
eval("\$subject = \"".gettemplate("emailsubject_activateaccount",1,0)."\";");
mail ($email,$subject,$message,"From: \"$webtitle Mailer\" <$webmasteremail>");
}
$username=htmlspecialchars($username);
$url=urldecode($url);
if ($verifyemail) {
eval("standarderror(\"".gettemplate("error_registeremail")."\");");
} else {
if ($moderatenewmembers) {
eval("standarderror(\"".gettemplate("error_moderateuser")."\");");
} else {
$url = str_replace("\"", "", $url);
if (!$url) {
$url = "index.php?s=$session[sessionhash]";
}
eval("standardredirect(\"".gettemplate("redirect_registerthanks")."\",\"".iif(strpos($url,"register")>0,"index.php?s=$session[sessionhash]",$url)."\");");
}
}
}
// ############################### start activate form ###############################
if ($a=="ver") {
// get username and password
if ($bbuserinfo[userid]==0) {
$bbuserinfo[username]="";
}
eval("dooutput(\"".gettemplate("activateform")."\");");
}
// ############################### start activate ###############################
if ($action=="activate") {
if ($userinfo=$DB_site->query_first("SELECT userid FROM ".$table["user"]." WHERE username='".addslashes(htmlspecialchars($username))."'")) {
$u=$userinfo[userid];
$a="act";
$i=$activateid;
} else {
eval("standarderror(\"".gettemplate("error_wrongusername")."\");");
}
}
if ($a=="act") {
// do activate account
$u = intval($u);
$userinfo=verifyid("user",$u,1,1);
if ($userinfo[usergroupid]==3) {
$user=$DB_site->query_first("SELECT activationid FROM ".$table["useractivation"]." WHERE userid='$userinfo[userid]' AND type=0");
if ($i!=$user[activationid]) {
// send email again
eval("standarderror(\"".gettemplate("error_invalidactivateid")."\");");
exit;
}
// delete activationid
$DB_site->query("DELETE FROM ".$table["useractivation"]." WHERE userid='$userinfo[userid]' AND type=0");
if ($moderatenewmembers) {
// put user in moderated group
$DB_site->query("UPDATE ".$table["user"]." SET usergroupid=4 WHERE userid='$u'");
eval("standarderror(\"".gettemplate("error_moderateuser")."\");");
} else {
// activate account
$DB_site->query("UPDATE ".$table["user"]." SET usergroupid=2 WHERE userid='$u'");
$username=$userinfo[username];
eval("standarderror(\"".gettemplate("error_activatedthanks")."\");");
}
} else {
if ($userinfo[usergroupid]==4) {
// In Moderation Queue
eval("standarderror(\"".gettemplate("error_activate_moderation")."\");");
exit;
} else {
// Already activated
eval("standarderror(\"".gettemplate("error_activate_wrongusergroup")."\");");
exit;
}
}
}
// ############################### start request activation email ###############################
if ($action=="requestemail") {
eval("dooutput(\"".gettemplate("activate_requestemail")."\");");
}
if ($HTTP_POST_VARS['action']=="emailcode") {
$users=$DB_site->query("SELECT ".$table["user"].".userid,usergroupid,username,email,password,activationid,dateline
FROM ".$table["user"]."
LEFT JOIN ".$table["useractivation"]." ON (".$table["user"].".userid=".$table["useractivation"].".userid AND type=0)
WHERE email='".addslashes(htmlspecialchars($email))."'");
if ($DB_site->num_rows($users)) {
while ($user=$DB_site->fetch_array($users)) {
if ($user[usergroupid]==3) { // only do it if the user is in the correct usergroup
if ($user[activationid]=="") {
// generate new one!
// delete old activation id
$DB_site->query("DELETE FROM ".$table["useractivation"]." WHERE userid='$user[userid]' AND type=0");
// make random number
mt_srand ((double) microtime() * 1000000);
$user[activationid]=mt_rand(0,100000000);
//save to DB
$DB_site->query("INSERT INTO ".$table["useractivation"]." VALUES (NULL,'$user[userid]','".time()."','$user[activationid]',0)");
}
if($ourtimenow-$user['dateline'] <= 60) {
eval("standarderror(\"".gettemplate("error_emailflood")."\");");
}
$userid=$user[userid];
$username=$user[username];
$password=$user[password];
$activateid=$user[activationid];
eval("\$message = \"".gettemplate("email_activateaccount",1,0)."\";");
eval("\$subject = \"".gettemplate("emailsubject_activateaccount",1,0)."\";");
mail ($user[email],$subject,$message,"From: \"$webtitle Mailer\" <$webmasteremail>");
}
}
$url=urldecode($url);
if ($url=="") {
$url="index.php?s=$session[sessionhash]";
}
$url = str_replace("\"", "", $url);
eval("standardredirect(\"".gettemplate("redirect_lostactivatecode")."\",\"\$url\");");
} else {
eval("standarderror(\"".gettemplate("error_invalidemail")."\");");
}
}
?>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -