📄 index.php
字号:
<?phpob_start();session_start();// Include required files.require("../conf/mysql.inc.php");require_once("../classes/class.mysql.php");if(!$sql = new mysql()) { echo "Unable to initialize mysql class!<br/>\n";}if(!empty($sql->error)) { echo implode("<br/>\n",$sql->error)."<br/>\n"; exit;}require("../conf/cpanel.inc.php");require("../conf/conf.inc.php");require("../conf/access.inc.php");require("../conf/states.inc.php");require("../conf/countries.inc.php");require_once("../classes/class.mail.php");//define("TPL_INC", "../tpl/order/");$orderform = true;include("../tpl/main/header.inc");/** Modified: 11/23/05* Justin Osterholt* Block IP addon*/$blockIPCount = $sql->getResult("SELECT COUNT(*) FROM `ipBlock` WHERE `IP` = '".ip2long($_SERVER['REMOTE_ADDR'])."';");if($blockIPCount !=0) { unset($_POST); unset($_GET); unset($_REQUEST); $_SERVER['REQUEST_METHOD'] = "GET";}/** Justin Osterholt* 11/28/05* Invisible package addon*/if(!empty($_SESSION['order']['step']) && ($_SESSION['order']['step'] > 1) && empty($_SESSION['order']['package'])) { unset($_SESSION['order']['step']); header("LOCATION: {$_SERVER['PHP_SELF']}"); exit;}if(isset($_SESSION['order']['package'])) { $tmpInv = $sql->getResult("SELECT `invisible` FROM `packages` WHERE `id` = '{$_SESSION['order']['package']}';"); if($tmpInv == 1) { $_SESSION['error']['package'] = TRUE; $_SESSION['error']['msg']['package'] = "An invalid package ID has been selected!"; unset($_SESSION['order']); header("LOCATION: {$_SERVER['PHP_SELF']}"); exit; }}if($_SERVER['REQUEST_METHOD'] == "POST"){ // UNSET previous errors! unset($_SESSION['error']); // $_required array with non-required POST key values. $_required = array ( 1 => array(), 2 => array(), 3 => array(), 5 => array('company', 'fax_num', 'referrer'), 6 => array('password'), 7 => array(), 8 => array(), 10 => array() ); // loop through $_POST array and collect empty errors. foreach($_POST as $k => $v) { if(empty($v) && !in_array($k, $_required[$_POST['step']])) { $_SESSION['error'][$k] = TRUE; $_SESSION['error']['msg'][$k] = ucfirst($k) . " is required!"; } else { if(!is_array($v)) { $_SESSION['order'][$k] = mysql_real_escape_string($v); } } } switch($_POST['step']) { case 1: $packageID = mysql_escape_string($_SESSION['order']['package']); /* * Modified: 11/21/05 * Justin Osterholt * SQL class integration */ $_SESSION['order']['server_id'] = $server = $sql->getResult("SELECT `sid` FROM `packages` WHERE `id` = '$packageID}';"); $skip_num = ($_SESSION['order']['packages'][$_SESSION['order']['package']]['type'] == 1) ? 1 : 0; break; case 2: break; case 3: break; case 4: $pckNum = $_SESSION['order']['package']; /* * Justin Osterholt * 11/27/05 * server id fix */ $sid = $sql->getResult("SELECT `sid` FROM `packages` WHERE `id` = '$pckNum';"); $srvData = $sql->getAssocRow("SELECT * FROM `servers` WHERE `id` = '$sid';"); $acctArr = listaccts(long2ip($srvData['inet']), $srvData['username'],$srvData['access_key'],$srvData['usessl']); /* * Justin Osterholt * 12/06/05 * Subdomain fix */ $domain = $_SESSION['order']['domain']; if($_SESSION['order']['domain_type'] == 1) { if(!$curSubdomain = $sql->getResult("SELECT `domain` FROM `subdomains` WHERE `id` = '{$_SESSION['order']['subdomain']}';")) { $error[] = "Internal error: unable to retrieve subdomain"; } else { $domain .= ".".$curSubdomain; } } for($i=0;$i < count($acctArr);$i++) { $curKey = key($acctArr); if($acctArr[$curKey][0] == $domain) { $_SESSION['error']['domain'] = TRUE; $_SESSION['error']['msg']['domain'] = "Domain already exists!"; } next($acctArr); } switch($_SESSION['order']['domain_type']) { case 1: /* * Modified: 11/21/05 * Justin Osterholt * SQL class integration */ $query = $sql->query("SELECT * FROM accounts WHERE domain = '" . $_SESSION['order']['domain'] . "' AND sdid = '" . $_SESSION['order']['subdomain'] . "'"); break; case 2: case 3: $tmpArr = explode(".",$_SESSION['order']['domain']); if(count($tmpArr) < 2) { $_SESSION['error']['domain'] = TRUE; $_SESSION['error']['msg']['domain'] = "Invalid domain name!"; } /* * Modified: 11/21/05 * Justin Osterholt * SQL class integration */ $query = $sql->query("SELECT * FROM `accounts` WHERE `domain` = '{$_SESSION['order']['domain']}'"); } if(mysql_num_rows($query)>0) { $_SESSION['error']['domain'] = TRUE; $_SESSION['error']['msg']['domain'] = "Domain already exists!"; } break; case 5: if(!empty($_POST['country']) && $_POST['country'] == 1) { if(!is_numeric($_POST['zip']) || strlen($_POST['zip']) != 5) { $_SESSION['error']['zip'] = TRUE; $_SESSION['error']['msg']['zip'] = "Please verify your zip code!"; } } else { $_SESSION['order']['zip'] = mysql_real_escape_string($_POST['zip']); } if(!empty($_POST['country']) && $_POST['country'] == 1) { if(!preg_match("/^[0-9]{3,3}[-]{1,1}[0-9]{3,3}[-]{1,1}[0-9]{4,4}$/", $_POST['phone_num'])) { $_SESSION['error']['phone_num'] = TRUE; $_SESSION['error']['msg']['phone_num'] = "Please verify your phone number is in the following format: xxx-xxx-xxxx!"; } else { $_SESSION['order']['phone_num'] = mysql_real_escape_string($_POST['phone_num']); } } if(!empty($_POST['fax_num']) && $_POST['country'] == 1) { if(!preg_match("/^[0-9]{3,3}[-]{1,1}[0-9]{3,3}[-]{1,1}[0-9]{4,4}$/", $_POST['fax_num'])) { $_SESSION['error']['fax_num'] = TRUE; $_SESSION['error']['msg']['fax_num'] = "Please verify your fax number is in the following format: xxx-xxx-xxxx!"; } else { $_SESSION['order']['fax_num'] = mysql_real_escape_string($_POST['fax_num']); } } if(!preg_match("/^[A-Z0-9._-]+@[A-Z0-9][A-Z0-9.-]{0,61}[A-Z0-9]\.[A-Z.]{2,6}$/i", $_POST['email'])) { $_SESSION['error']['email'] = TRUE; $_SESSION['error']['msg']['email'] = "Please verify your email address is correct!"; } else { /* * Justin Osterholt * 11/26/05 * Block email addon */ $account['email'] = mysql_real_escape_string($_POST['email']); $tmpArr = explode("@", $account['email']); $account['domain'] = $tmpArr[1]; $tmpCount = $sql->getResult("SELECT COUNT(*) FROM `emailBlock` WHERE `email` = '{$account['domain']}';"); if($tmpCount !=0) { /* * Justin Osterholt * 12/03/05 * email block fix */ $_SESSION['error']['email'] = TRUE; $_SESSION['error']['msg'][] = "We do not accept sign ups from that email domain please try another email address"; } else { $_SESSION['order']['email'] = $account['email']; } } // fix state, province vica-versa error. if(!isset($_SESSION['error']['state'])) { unset($_SESSION['error']['province'], $_SESSION['error']['msg']['province']); } elseif(!isset($_SESSION['error']['province'])) { unset($_SESSION['error']['state'], $_SESSION['error']['msg']['state']); } if($_POST['agree'] != 1) { $_SESSION['error']['terms'] = TRUE; $_SESSION['error']['msg'][] = "You must agree to the terms of service!"; } break; case 6: /* * Modified: 11/23/05 * Justin Osterholt * Alphanumeric string check */ if(empty($_SESSION['error']['username']) && !ctype_alnum($_POST['username'])) { $_SESSION['error']['username'] = 1; $_SESSION['error']['msg']['username'] = "Username must be alphanumeric!"; } // check user name is alpha chars, check passwords match, check len of username. if(!$_SESSION['error']['username']) { if(strlen($_POST['username']) < 4 || strlen($_POST['username']) > 8) { $_SESSION['error']['username'] = TRUE; $_SESSION['error']['msg']['username'] = "Please verify that your username is a min. of 4 characters, while a max. of 8!"; unset($_SESSION['order']['username']); } else { /* * Modified: 11/23/05 * Justin Osterholt * Username check fix */ if(is_numeric(substr($_POST['username'],0,1))) { $_SESSION['error']['username'] = TRUE; $_SESSION['error']['msg']['username'] = "Please verify your username does not start with a numeric character!"; unset($_SESSION['order']['username']); } else { $pckNum = $_SESSION['order']['package']; $srvID = $sql->getResult("SELECT `id` FROM `packages` WHERE `id` = '$pckNum';"); $srvData = $sql->getAssocRow("SELECT * FROM `servers` WHERE `id` = '$srvID';"); $acctArr = listaccts($srvData['inet'], $srvData['username'],$srvData['access_key'],$srvData['usessl']); for($i=0;$i < count($acctArr);$i++) { if(key($acctArr) == $_SESSION['order']['username']) { $_SESSION['error']['username'] = TRUE; $_SESSION['error']['msg']['username'] = "We are sorry, but the username already exists!"; } next($acctArr); } /* * Modified: 11/21/05 * Justin Osterholt * SQL class integration */ $query = $sql->query("SELECT * FROM `accounts` WHERE `username` = '".mysql_real_escape_string($_POST['username'])."' LIMIT 1"); if(mysql_num_rows($query) > 0) { $_SESSION['error']['username'] = TRUE; $_SESSION['error']['msg']['username'] = "We are sorry but the username already exists!"; unset($_SESSION['order']['username']); } } } } if(empty($_POST['password']['0'])) { $_SESSION['error']['password'] = TRUE; $_SESSION['error']['msg']['password'][] = "Password is required!!"; unset($_SESSION['order']['password']); } if(empty($_POST['password']['1'])) { $_SESSION['error']['password'] = TRUE; $_SESSION['error']['msg']['password'][] = "Verify Password is required!"; unset($_SESSION['order']['password']); } if(strcmp($_POST['password']['0'], $_POST['password']['1']) != 0) { $_SESSION['error']['password'] = TRUE; $_SESSION['error']['msg']['password'][] = "Please verify your passwords are the same!"; unset($_SESSION['order']['password']); } else { $_SESSION['order']['password'] = mysql_real_escape_string($_POST['password']['0']); } $skip_num = ($_SESSION['order']['packages'][$_SESSION['order']['package']]['type'] == 1) ? 2 : 0; $tmpArr = explode(".", $_SESSION['order']['domain']); $tmpDomain = strtoupper($tmpArr[0]); // Check simularity between username and password similar_text(strtoupper($_SESSION['order']['username']), strtoupper($_SESSION['order']['password']), $p1); // Check simularity between username and domain similar_text(strtoupper($_SESSION['order']['username']), $tmpDomain, $p2); // Check simularity between password and domain similar_text(strtoupper($_SESSION['order']['password']), $tmpDomain, $p3); if($p1 > 55) { $_SESSION['error']['msg']['username'] = "Username can not be similar to password"; $_SESSION['error']['username'] = 1; } elseif ($p2 > 55) { $_SESSION['error']['msg']['username'] = "Username can not be similar to domain"; $_SESSION['error']['username'] = 1; } elseif ($p3 > 55) { $_SESSION['error']['msg']['password'] = "Password can not be similar to domain"; $_SESSION['error']['password'] = 1; } break; case 7: if(empty($_POST['pay_method'])) { $_SESSION['error']['pay_method'] = TRUE; $_SESSION['error']['msg']['pay_method'] = "You must select a payment method!"; } if(!$_SESSION['error']) { $query = "SELECT COUNT(*) FROM `accounts` WHERE `username`='{$_SESSION['order']['username']}';"; $userCount = mysql_result($query,0,0); if($userCount != 0) { $_SESSION['error']['msg']['username'] = 'Username already exists!'; } else { /* * Justin Osterholt * 12/03/05 * Status fix */ $query = $sql->query("INSERT INTO accounts (sid, sdid, firstname, lastname, company, address, city, state, province, zip, country, phone_num, fax_num, email, referrer, username, password, pay_method, pay_period, package, domain, domain_type, level, status, hostname, date,servstatus) VALUES('{$_SESSION['order']['server_id']}','{$_SESSION['order']['subdomain']}','{$_SESSION['order']['firstname']}', '{$_SESSION['order']['lastname']}', '{$_SESSION['order']['company']}', '{$_SESSION['order']['address']}', '{$_SESSION['order']['city']}', '{$_SESSION['order']['state']}', '{$_SESSION['order']['province']}', '{$_SESSION['order']['zip']}', '{$_SESSION['order']['country']}', '{$_SESSION['order']['phone_num']}', '{$_SESSION['order']['fax_num']}', '{$_SESSION['order']['email']}', '{$_SESSION['order']['refferer']}', '" . strtolower($_SESSION['order']['username']) . "', '{$_SESSION['order']['password']}', '{$_SESSION['order']['pay_method']}', '{$_SESSION['order']['pay_period']}', '{$_SESSION['order']['package']}', '{$_SESSION['order']['domain']}', '{$_SESSION['order']['domain_type']}', 0, 8, '" . ip2long($_SERVER['REMOTE_ADDR']) . "', NOW(),'yes')"); $_SESSION['order']['insert_id'] = $sql->insertID; if($_SESSION['order']['packages'][$_SESSION['order']['package']]['type'] = 1) { /*⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -