Location: PHPKode > projects > DarkCodex Forum System > darkcodex/adduser.php
<?php
include ("config.inc");
include ("forum.inc");

$dbh = db_connect();

$FORM = get_input();

$Username = $FORM[Username];
$Email    = $FORM[Email];
$Verify   = $FORM[Verify];

# -----------------------------------------------
# Don't let them register the Username Anonymous
if( ($Username == "Anonymous") || ($Username == "anonymous") ) {
    not_right("You cannot register the username Anonymous");
}

# ------------------------------------------------------------
# If all required info is not filled in, then we can't proceed 
if(empty($Username) || empty($Email)){
    not_right("All of the required information has not been filled in.  Please try again.");
}

# -------------------------------------------------------------
# If the Username isn't the proper length then we can't proceed  
if((strlen($Username) >16) || (strlen($Username) < 3)) {
    not_right("Username is not the proper length.  Please try again.");
}

# --------------------------------------------
# Check to make sure the Username is available
$Username_q = db_quote ($Username);
$query = "SELECT Username FROM   Users WHERE  Username = $Username_q";

$sth = mysql_query($query, $dbh) or die ("Query syntax error: " . mysql_error() . ". Query: $query");
  
# ----------------------------------------------------------
# If sql returned a row then that username is already in use.
if( mysql_num_rows($sth) ) {
    mysql_free_result($sth);
    not_right("That Username is already in use.  Please try again.");
}
mysql_free_result($sth);

# ---------------------------------------------------------------------
# If we do not allow multiple usernames for the same email address then
# we need to see if this email address is in the database
if ($config[multiuser] == "off" ) {
    $Email_q = db_quote($Email);
    $query = "SELECT Email FROM Users WHERE Email = $Email_q";

    $sth = mysql_query($query,$dbh) or die ("Can't prepare $query.  Reason: " . mysql_error());

    if(mysql_num_rows($sth)){
	mysql_free_result($sth);
	not_right("Multiple accounts are not allowed for a single email address and we already have a Username for the email address you provided.");

    }
    mysql_free_result($sth);
} 

# --------------------------------------
# Check to see if this is the first user
$query = "SELECT Username FROM Users";
  
$sth = mysql_query($query,$dbh) or die ("Query syntax error: ". mysql_error() . ". Query: $query");
$Status = "";
$Security = $config[user_security];
$rows = mysql_num_rows($sth);
mysql_free_result($sth);

# -------------------------------------------------------
# If this is the first user, then status is Administrator
# otherwise they are just get normal user status.
if (!$rows){
    $Status = "Administrator";
    $Security = 100;
} else {
    $Status = "User";
} 

# ------------
# Get the date
$date = get_date();

# ------------------------------
# Put the user into the database
$Status_q   = db_quote($Status);
$Username_q    = db_quote($Username);
$Email_q    = db_quote($Email);
$Display_q  = db_quote($config[postlist]);
$View_q     = db_quote($config[threaded]); 
$EReplies_q = db_quote("Off");
$query = <<<END_SQL
    INSERT INTO Users (Username,Email,Totalposts,Laston,Status,Sort,Display,View,PostsPer,EReplies,Security,Registered)
    VALUES ($Username_q,$Email_q,0,$date,$Status_q,$config[sort],$Display_q,$View_q,$config[postsperpage],$EReplies_q,$Security,$date)
END_SQL;

mysql_query($query,$dbh) or die ("Can't execute query: $query. Reason: " . mysql_error());

# ----------------------------------
# Grab all the boards in the database 
$query = "SELECT Keyword FROM Boards";
$sth = mysql_query($query,$dbh) or die ("Query syntax error: " . mysql_error() . ". Query: $query");
$rows = mysql_num_rows($sth);

# ---------------------------------------------------
# Now we put this user into each last viewed database
$curr = get_date();
for ($i = 0; $i < $rows; $i++){
    list($Lastviewed) = mysql_fetch_array($sth);
    $Lastviewed .= "Last";

    # --------------------------------------------------------------------
    # We have to get rid of any exisiting entries because in versions
    # 3.4, 3.4.1 and 3.4.2 I forgot to remove these entries when deleting
    # a user.
    $query = "DELETE FROM $Lastviewed WHERE Username = $Username_q";
    mysql_query($query,$dbh) or die ("Can't execute query: $query. Reason: " . mysql_error());
    $query = "INSERT INTO $Lastviewed (Username,Last) VALUES ($Username_q,$curr)";
    mysql_query($query,$dbh) or die ("Can't execute query: $query. Reason: " . mysql_error());
}
mysql_free_result($sth);

# --------------------
# Grab welcome.include  
$FILE = fopen("$config[includes]/welcome.include", 'r') or cgi_error("Can't open file '$config[includes]/welcome.include'");
$Message = '';
while($string = fgets($FILE, 4096)) {
    $Message .= $string;
}
$Message_q = db_quote($Message);
fclose($FILE);


# --------------------------------
# Get the Administrator's Username
$Admin = "Administrator";
$Admin_q = db_quote($Admin);
  
$query = "SELECT Username FROM Users WHERE  Status = $Admin_q";
$sth = mysql_query($query,$dbh) or die ("Query syntax error: " . mysql_error() . ". Query: $query");

# ---------------------------------
# Set up some stuff for the message
list($Sender)  = mysql_fetch_array($sth);
mysql_free_result($sth);
$Sender_q   = db_quote ($Sender);
$Messstat   = "N";
$Messstat_q = db_quote($Messstat);
$Subject    = "Welcome";
$Subject_q  = db_quote($Subject);

# --------------------------------------
# Put the message into the Messages table
$query = "INSERT INTO Messages (Username,Status,Subject,Sender,Message,Sent) VALUES ($Username_q,$Messstat_q,$Subject_q,$Sender_q,$Message_q,$date)";
mysql_query($query, $dbh) or die ("Can't execute query: $query. Reason: " . mysql_error());

# -----------------------------------------
# Now we need to generate a random password
mt_srand((double)microtime()*1000000);
$passet = array ('a','b','c','d','e','f','g','h','i','j','k', 
		 'm','n','o','p','q','r','s','t','u','v','w','x','y','z', 
		 'A','B','C','D','E','F','G','H','I','J','K','L','M','N', 
		 'P','Q','R','S','T','U','V','W','X','Y','Z', 
		 '2','3','4','5','6','7','8','9');
$pass = '';
for ($i = 0; $i < 6; $i++) {
    $random_num = mt_rand(0,sizeof($passet));
    $pass .= $passet[$random_num];
}

# ----------------------------
# Now let's crypt the password
mt_srand((double)microtime()*1000000);
$one   = mt_rand(0,sizeof($passet));
$two   = mt_rand(0,sizeof($passet));
$salt  = "$passet[$one]"."$passet[$two]";
$crypt = crypt($pass,$salt);

# -----------------------------
# Now let's update the database
$Username_q = db_quote($Username);
$crypt_q    = db_quote($crypt);
$query = "UPDATE Users SET Password = $crypt_q WHERE Username = $Username_q";
mysql_query($query) or die ("Can't execute $query.  Reason: " . mysql_error());

# -------------------------------------
# Now we need to mail them the password
$ip = $REMOTE_ADDR;

$query = "SELECT Username,Email FROM Users WHERE  Username = $Username_q";
$sth = mysql_query($query) or die ("Query syntax error: " . mysql_error() . ". Query: $query");

if (mysql_num_rows($sth)) {
    list($Username,$Email) = mysql_fetch_array($sth);
    #$mailer = new Mailer ( { smtp => $config[SMTP], sendmail => $config[sendmail] } ) or die "Can't init: $Mailer::error";
    $to      = $Email;
    $from    = $config[emailaddy];
    $subject = "Your password for $config[title]";
    $msg     = "Someone from the ip address '$ip' registered the Username '$Username'.  The password for this Username is '$pass'.";

    mail( $to, $subject, $msg, "From: $from" ) or die ("Can't mail message: $php_errormsg");
}
mysql_free_result($sth);

# ------------------------
# Send them a confirmation
send_header("Username has been registered");
table_header("Username has been registered");

print <<<END_HTML
  The Username '$Username' has been reserved.  You should be receiving an email shortly with your password.  Once you receive your password you can <a href="$config[cgiurl]/login.php">Login</a> and post with this Usename.  Thanks for registering a Username.  Please take the time to edit your profile before posting on the forums.  Editing your profile will allow you to customize the layout of the forums to suit your particular tastes and needs.  
  </P>
END_HTML;

# -------------
# Send a footer
send_footer();

?>
Return current item: DarkCodex Forum System