/*-------------------------------------------------------+
| PHP-Fusion Content Management System
| Copyright (C) 2002 - 2008 Nick Jones
| http://www.php-fu...
+--------------------------------------------------------+
| Filename: register.php
| Author: Nick Jones (Digitanium)
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licen... Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
require_once "maincore.php";
require_once THEMES."templates/header.php";
include LOCALE.LOCALESET."register.php";
include LOCALE.LOCALESET."user_fields.php";

// start: secure code by basti2web.de
if (file_exists(LOCALE.LOCALESET."register_security.php")) {
include LOCALE.LOCALESET."register_security.php";
} else {
include LOCALE."English/register_security.php";
}
// end: secure code by basti2web.de

if (iMEMBER || !$settings['enable_registration']) { redirect("index.php"); }

if (isset($_GET['activate'])) {
if (!preg_check("/^[0-9a-z]{32}$/", $_GET['activate'])) { redirect("index.php"); }
$result = dbquery("SELECT * FROM ".DB_NEW_USERS." WHERE user_code='".$_GET['activate']."'");
if (dbrows($result)) {
$data = dbarray($result);
$user_info = unserialize($data['user_info']);
$user_status = $settings['admin_activation'] == "1" ? "2" : "0";

$profile_method = "validate_insert"; $db_fields = ""; $db_values = "";
$result = dbquery("SELECT * FROM ".DB_USER_FIELDS." ORDER BY field_order");
if (dbrows($result)) {
while($data = dbarray($result)) {
if (file_exists(LOCALE.LOCALESET."user_fields/".$data['field_name'].".php")) {
include LOCALE.LOCALESET."user_fields/".$data['field_name'].".php";
}
if (file_exists(INCLUDES."user_fields/".$data['field_name']."_include.php")) {
include INCLUDES."user_fields/".$data['field_name']."_include.php";
}
}
}

$result = dbquery("INSERT INTO ".DB_USERS." (user_name, user_password, user_admin_password, user_email, user_hide_email, user_avatar, user_posts, user_threads, user_joined, user_lastvisit, user_ip, user_rights, user_groups, user_level, user_status".$db_fields.") VALUES('".$user_info['user_name']."', '".$user_info['user_password']."', '', '".$user_info['user_email']."', '".$user_info['user_hide_email']."', '', '0', '0', '".time()."', '0', '".USER_IP."', '', '', '101', '$user_status'".$db_values.")");
$result = dbquery("DELETE FROM ".DB_NEW_USERS." WHERE user_code='".$_GET['activate']."'");
add_to_title($locale['global_200'].$locale['401']);
opentable($locale['401']);
if ($settings['admin_activation'] == "1") {
echo "\n";
} else {
echo "\n";
}
closetable();
} else {
redirect("index.php");
}
} elseif (isset($_POST['register'])) {
if ($settings['display_validation'] == "1") {
include_once INCLUDES."securimage/securimage.php";
}
$error = ""; $db_fields = ""; $db_values = "";

// start: secure code by basti2web.de

$secure_con = isset($_POST['user_secure_con']) ? stripinput(trim($_POST['user_secure_con'])) : "";
$secure_num = isset($_POST['user_secure_zahl']) ? stripinput(trim($_POST['user_secure_zahl'])) : "";

if($secure_con == "" || $secure_num == "" || !isNum($secure_num)) {
$error .= $locale['secure_error1']."
\n";
}
elseif (strtolower($locale['secure_res'][$secure_num]) != strtolower($secure_con)) {
$error .= $locale['secure_error2']."
\n";
}
// end: secure code by basti2web.de

$username = stripinput(trim(eregi_replace(" +", " ", $_POST['username'])));
$email = stripinput(trim(eregi_replace(" +", "", $_POST['email'])));
$password1 = stripinput(trim(eregi_replace(" +", "", $_POST['password1'])));

if ($username == "" || $password1 == "" || $email == "") {
$error .= $locale['402']."
\n";
}

if (!preg_match("/^[-0-9A-Z_@\s]+$/i", $username)) {
$error .= $locale['403']."
\n";
}

if (preg_match("/^[0-9A-Z@]{6,20}$/i", $password1)) {
if ($password1 != $_POST['password2']) $error .= $locale['404']."
\n";
} else {
$error .= $locale['405']."
\n";
}

if (!preg_match("/^[-0-9A-Z_\.]{1,50}@([-0-9A-Z_\.]+\.){1,50}([0-9A-Z]){2,4}$/i", $email)) {
$error .= $locale['406']."
\n";
}

$email_domain = substr(strrchr($email, "@"), 1);
$result = dbquery("SELECT * FROM ".DB_BLACKLIST." WHERE blacklist_email='$email' OR blacklist_email='$email_domain'");
if (dbrows($result) != 0) { $error = $locale['411']."
\n"; }

$result = dbquery("SELECT * FROM ".DB_USERS." WHERE user_name='$username'");
if (dbrows($result) != 0) { $error = $locale['407']."
\n"; }

$result = dbquery("SELECT * FROM ".DB_USERS." WHERE user_email='$email'");
if (dbrows($result) != 0) { $error = $locale['408']."
\n"; }

if ($settings['email_verification'] == "1") {
$result = dbquery("SELECT * FROM ".DB_NEW_USERS);
while ($new_users = dbarray($result)) {
$user_info = unserialize($new_users['user_info']);
if ($new_users['user_email'] == $email) { $error = $locale['409']."
\n"; }
if ($user_info['user_name'] == $username) { $error = $locale['407']."
\n"; break; }
}
}

if ($settings['display_validation'] == "1") {
$securimage = new Securimage();
if (!isset($_POST['captcha_code']) || $securimage->check($_POST['captcha_code']) == false) {
$error .= $locale['410']."
\n";
}
}

$user_hide_email = isnum($_POST['user_hide_email']) ? $_POST['user_hide_email'] : "1";

if ($settings['email_verification'] == "0") {
$user_offset = isset($_POST['user_offset']) ? is_numeric($_POST['user_offset']) ? $_POST['user_offset'] : "0" : "0";

$profile_method = "validate_insert"; $db_fields = ""; $db_values = "";
$result = dbquery("SELECT * FROM ".DB_USER_FIELDS." ORDER BY field_order");
if (dbrows($result)) {
while($data = dbarray($result)) {
if (file_exists(LOCALE.LOCALESET."user_fields/".$data['field_name'].".php")) {
include LOCALE.LOCALESET."user_fields/".$data['field_name'].".php";
}
if (file_exists(INCLUDES."user_fields/".$data['field_name']."_include.php")) {
include INCLUDES."user_fields/".$data['field_name']."_include.php";
}
}
}
}

if ($error == "") {
if ($settings['email_verification'] == "1") {
require_once INCLUDES."sendmail_include.php";
mt_srand((double)microtime()*1000000); $salt = "";
for ($i = 0; $i <= 7; $i++) { $salt .= chr(rand(97, 122)); }
$user_code = md5($email.$salt);
$activation_url = $settings['siteurl']."register.php?activate=".$user_code;
if (sendemail($username,$email,$settings['siteusername'], $settings['siteemail'], $locale['449'], $locale['450'].$activation_url)) {
$user_info = serialize(array(
"user_name" => $username,
"user_password" => md5(md5($password1)),
"user_email" => $email,
"user_hide_email" => isnum($_POST['user_hide_email']) ? $_POST['user_hide_email'] : "1"
));
$result = dbquery("INSERT INTO ".DB_NEW_USERS." (user_code, user_email, user_datestamp, user_info) VALUES('$user_code', '".$email."', '".time()."', '$user_info'");
opentable($locale['400']);
echo "\n";
closetable();
} else {
opentable($locale['456']);
echo "\n";
closetable();
}
} else {
$user_status = $settings['admin_activation'] == "1" ? "2" : "0";
$result = dbquery("INSERT INTO ".DB_USERS." (user_name, user_password, user_admin_password, user_email, user_hide_email, user_avatar, user_posts, user_threads, user_joined, user_lastvisit, user_ip, user_rights, user_groups, user_level, user_status".$db_fields.") VALUES('$username', '".md5(md5($password1))."', '', '".$email."', '$user_hide_email', '', '0', '0', '".time()."', '0', '".USER_IP."', '', '', '101', '$user_status'".$db_values.")");
opentable($locale['400']);
if ($settings['admin_activation'] == "1") {
echo "\n";
} else {
echo "\n";
}
closetable();
}
} else {
opentable($locale['456']);
echo "
\n";
closetable();
}
} else {
if ($settings['email_verification'] == "0") {
$offset_list = "";
for ($i = -13; $i < 17; $i++) {
if ($i > 0) { $offset = "+".$i; } else { $offset = $i; }
$offset_list .= "".$offset."\n";
}
}
opentable($locale['400']);
echo "

".$locale['500']."\n";
if ($settings['email_verification'] == "1") echo $locale['501']."\n";
echo $locale['502'];
if ($settings['email_verification'] == "1") echo "\n".$locale['503'];
echo "

\n";
echo "

\n";
echo "\n\n";
echo "\n";
echo "\n";
echo "\n\n";
echo "\n";
echo "\n";
echo "\n\n";
echo "\n";
echo "\n";
echo "\n\n";
echo "\n";
echo "\n";
echo "\n\n";
echo "\n";
echo "\n";
echo "\n";

// start: secure code by basti2web.de
srand ((double)microtime()*1000000);
$zahl = rand(1, 5);
echo "


\n

\n";
unset($zahl);
// end: secure code by basti2web.de

if ($settings['display_validation'] == "1") {
echo "\n\n\n\n";
echo "\n";
echo "\n";
echo "\n";
}
if ($settings['email_verification'] == "0") {
$result2 = dbquery("SELECT * FROM ".DB_USER_FIELDS." WHERE field_group != '4' GROUP BY field_group");
while($data2 = dbarray($result2)) {
$result3 = dbquery("SELECT * FROM ".DB_USER_FIELDS." WHERE field_group='".$data2['field_group']."' ORDER BY field_order");
if (dbrows($result3)) {
echo "\n\n";
echo "\n\n";
while($data3 = dbarray($result3)) {
$profile_method = "input";
if (file_exists(LOCALE.LOCALESET."user_fields/".$data3['field_name'].".php")) {
include LOCALE.LOCALESET."user_fields/".$data3['field_name'].".php";
}
if (file_exists(INCLUDES."user_fields/".$data3['field_name']."_include.php")) {
include INCLUDES."user_fields/".$data3['field_name']."_include.php";
}
}
}
}
}

if ($settings['enable_terms'] == 1) {
echo "\n\n";
echo "\n";
echo "\n";
}
echo "\n\n\n

".$locale['u001']."*
".$locale['u002']."*
".$locale['u004']."*
".$locale['u005']."*
".$locale['u006']."	".$locale['u007']."\n"; echo "".$locale['u008']."
".$locale['secure_101'].":* ".$locale['secure_ask'][$zahl]."
".$locale['504']."	"; echo "\n"; echo " \n"; echo ">.src = '".INCLUDES."securimage/securimage_show.php?sid=' + Math.random(); return false\">\n"; echo "
".$locale['505']."*
	"; if ($data2['field_group'] == 1) { echo $locale['u044']; } elseif ($data2['field_group'] == 2) { echo $locale['u045']; } elseif ($data2['field_group'] == 3) { echo $locale['u046']; } echo "
".$locale['508'] ."*	> ".$locale['509'] ."
\n"; echo "\n"; echo "

\n

\n";
closetable();
echo "\n";

if ($settings['enable_terms'] == 1) {
echo "";
}
}