<?php
// ----------------------------------------------------------------------
// eFiction 3.2
// Copyright (c) 2007 by Tammy Keefer
// Valid HTML 4.01 Transitional
// Based on eFiction 1.1
// Copyright (C) 2003 by Rebecca Smallwood.
// http://efiction.sourceforge.net/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
if(!defined("_CHARSET")) exit( );
if(!function_exists("random_char")) {
function random_char($string)
{
$length = strlen($string);
$position = mt_rand(0, $length - 1);
$output = ($string[$position]);
return $output;
}
function random_string ($charset_string, $length)
{
$return_string = random_char($charset_string);
for ($x = 1; $x < $length; $x++)
$return_string .= random_char($charset_string);
return $return_string;
}
}
$uid = isset($_REQUEST['uid']) ? $_REQUEST['uid'] : false;
if(!$uid) $uid = USERUID;
if((!isADMIN || uLEVEL > 2) && $uid != USERUID && $action == "editbio") $output .= write_error(_NOTAUTHORIZED);
if(isMEMBER) $output .= "<div id=\"pagetitle\">"._EDITPERSONAL."</div>";
else $output .= "<div id=\"pagetitle\">"._NEWACCOUNT."</div>";
if(!empty($_POST['submit'])) {
$penname = isset($_POST['newpenname']) ? escapestring($_POST['newpenname']) : false;
$email = escapestring($_POST['email']);
if(!isset($email) && !isADMIN) $output .= "<div style='text-align: center;'>"._EMAILREQUIRED."</div>";
else if($penname && !preg_match("!^[a-z0-9-_ ]{3,30}$!i", $penname)) $output .= "<div style='text-align: center;'>"._BADUSERNAME."</div>";
else if(!validEmail($email)) $output .= "<div style='text-align: center;'>"._INVALIDEMAIL." "._TRYAGAIN."</div>";
else if($action == "register") {
if(!$penname || !preg_match("!^[a-z0-9-_ ]{3,30}$!i", $penname)) $output .= write_error(_PENEMAILREQUIRED);
else if($pwdsetting && empty($_POST['password'])) $output .= write_error(_PWDREQUIRED." "._TRYAGAIN);
else {
$result = dbquery("SELECT "._PENNAMEFIELD." FROM "._AUTHORTABLE." WHERE "._PENNAMEFIELD." = '".escapestring($penname)."'");
$result2 = dbquery("SELECT "._EMAILFIELD." as email FROM "._AUTHORTABLE." WHERE "._EMAILFIELD." = '$email'");
if($captcha && !captcha_confirm()) $output .= write_error(_CAPTCHAFAIL);
else if(dbnumrows($result) > 0) $output .= write_error(_PENNAMEINUSE." "._TRYAGAIN);
else if(dbnumrows($result2) > 0) $output .= write_error(_EMAILINUSE." "._TRYAGAIN);
else if(preg_match("!^[a-z0-9-_ ]{3,30}$!i", $penname)) {
if(!$pwdsetting) {
$charset = '23456789' . 'abcdefghijkmnpqrstuvwxyz' . 'ABCDEFGHJKLMNPQRSTUVWXYZ';
$pass = random_string($charset, 10);
$encryppass = md5($pass);
}
else {
if($_POST['password'] != $_POST['password2']) {
$output .= write_error(_PASSWORDTWICE);
$tpl->assign("output", $output);
$tpl->printToScreen( );
dbclose( );
exit( );
}
$pass = $_POST['password2'];
$encryppass = md5($pass);
}
dbquery("INSERT INTO ".substr(_AUTHORTABLE, 0, strpos(_AUTHORTABLE, "as author"))." (penname, realname, bio, email, date, password) VALUES ('".escapestring($penname)."', '".escapestring(strip_tags($_POST['realname']))."', '".strip_tags(escapestring($_POST['bio']), $allowed_tags)."', '$email', now(), '$encryppass')");
$useruid = dbinsertid();
if($logging) dbquery("INSERT INTO ".TABLEPREFIX."fanfiction_log (`log_action`, `log_uid`, `log_ip`, `log_type`) VALUES('".escapestring(sprintf(_LOG_REGISTER, $penname, $useruid, $_SERVER['REMOTE_ADDR']))."', '".$useruid."', INET_ATON('".$_SERVER['REMOTE_ADDR']."'), 'RG')");
if(empty($siteskin)) {
$skinquery = dbquery("SELECT skin FROM ".$settingsprefix."fanfiction_settings WHERE sitekey = '".SITEKEY."'");
list($skin) = dbrow($skinquery);
}
else $skin = $siteskin;
dbquery("INSERT INTO ".TABLEPREFIX."fanfiction_authorprefs(uid, userskin, storyindex, sortby, tinyMCE) VALUES('".$useruid."', '$skin', '$displayindex', '$defaultsort', '$tinyMCE')");
/* The section adds fields from the authorfields table to the authorinfo table allowing dynamic additions to the bio/registration page */
$fields = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_authorfields WHERE field_on = '1'");
while($field = dbassoc($fields)) {
if(!$uid) continue;
$oldfield = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_authorinfo WHERE field='".$field['field_id']."' AND uid = '".$useruid."'");
if(dbnumrows($oldfield) > 0) {
$newinfo = isset($_POST["af_".$field['field_name']]) ? escapestring($_POST["af_".$field['field_name']]) : false;
if(!empty($newinfo)) dbquery("UPDATE ".TABLEPREFIX."fanfiction_authorinfo SET info='$newinfo' WHERE uid = '$useruid' AND field = '".$field['field_id']."'");
else dbquery("DELETE FROM ".TABLEPREFIX."fanfiction_authorinfo WHERE uid = '$useruid' AND field = '".$field['field_id']."'");
}
else if(!empty($_POST["af_".$field['field_name']])) dbquery("INSERT INTO ".TABLEPREFIX."fanfiction_authorinfo(`uid`, `info`, `field`) VALUES('$useruid', '".escapestring($_POST["af_".$field['field_name']])."', '".$field['field_id']."');");
}
/* End dynamic fields */
$subject = _SIGNUPSUBJECT;
$mailtext = _SIGNUPMESSAGE._LOGIN.": $penname\n"._PASSWORD.": $pass \n\n";
if(!$pwdsetting) $mailtext .= _SIGNUPWARNING;
include("includes/emailer.php");
sendemail($penname, $email, $sitename, $siteemail, $subject, $mailtext, "html");
dbquery("UPDATE ".TABLEPREFIX."fanfiction_stats SET newestmember = '".$useruid."', members = members + 1");
if(defined("AUTHORPREFIX")) dbquery("UPDATE ".AUTHORPREFIX."fanfiction_stats SET newestmember = '".$useruid."', members = members + 1");
unset($_POST['submit']);
$output = write_message(_ACTIONSUCCESSFUL);
define("_LOGINCHECK", true);
include("user/login.php");
}
else $output .= _BADUSERNAME;
}
}
else{
if(($_POST['password']) && ($_POST['password2'])) {
if($_POST['password'] == $_POST['password2']) {
$encryppassword = md5($_POST['password']);
dbquery("UPDATE "._AUTHORTABLE." SET password='$encryppassword' WHERE uid = '$uid'");
}
else $output .= write_error(_PASSWORDTWICE);
}
if(isset($_POST['oldpenname']) && $penname != $_POST['oldpenname']) {
$checkresult = dbquery("SELECT * FROM "._AUTHORTABLE." WHERE penname = '".escapestring($penname)."'");
if(dbnumrows($checkresult)) {
$output .= write_message(_PENNAMEINUSE." "._TRYAGAIN);
}
else {
dbquery("UPDATE "._AUTHORTABLE." SET penname = '".escapestring($penname)."' WHERE uid = '$_POST[uid]'");
if($logging) dbquery("INSERT INTO ".TABLEPREFIX."fanfiction_log (`log_action`, `log_uid`, `log_ip`, `log_type`) VALUES('".escapestring(sprintf(_NEWPEN, USERPENNAME, USERUID, $_POST[oldpenname], $uid, $penname))."', '".USERUID."', INET_ATON('".$_SERVER['REMOTE_ADDR']."'), 'EB')");
}
}
/* The section adds fields from the authorfields table to the authorinfo table allowing dynamic additions to the bio/registration page */
$fields = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_authorfields WHERE field_on = '1'");
while($field = dbassoc($fields)) {
$uid = isset($_POST['uid']) && isNumber($_POST['uid']) ? $_POST['uid'] : false;
if(!$uid) continue;
$oldfield = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_authorinfo WHERE field='".$field['field_id']."' AND uid = '".$uid."'");
if(dbnumrows($oldfield) > 0) {
$newinfo = isset($_POST["af_".$field['field_name']]) ? escapestring(descript($_POST["af_".$field['field_name']])) : false;
if(!empty($newinfo)) dbquery("UPDATE ".TABLEPREFIX."fanfiction_authorinfo SET info='".$newinfo."' WHERE uid = '$uid' AND field = '".descript($field['field_id'])."'");
else dbquery("DELETE FROM ".TABLEPREFIX."fanfiction_authorinfo WHERE uid = '$uid' AND field = '".$field['field_id']."'");
}
else if(!empty($_POST["af_".$field['field_name']])) dbquery("INSERT INTO ".TABLEPREFIX."fanfiction_authorinfo(`uid`, `info`, `field`) VALUES('$uid', '".escapestring($_POST["af_".$field['field_name']])."', '".$field['field_id']."');");
}
/* End dynamic fields */
dbquery("UPDATE "._AUTHORTABLE." SET realname='".descript(strip_tags(escapestring($_POST['realname'])), $allowed_tags)."', email='$email', bio='".descript(strip_tags(escapestring($_POST['bio']), $allowed_tags))."', image='".($imageupload && !empty($_POST['image']) ? escapestring($_POST['image']) : "")."' WHERE uid = '$uid'");
$output .= write_message(_ACTIONSUCCESSFUL." ".(isset($_GET['uid']) ? _BACK2ADMIN : _BACK2ACCT));
}
}
else {
if($action != "register") {
$result = dbquery("SELECT * FROM "._AUTHORTABLE." WHERE "._UIDFIELD." = '$uid' LIMIT 1");
$user = dbassoc($result);
$result2 = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_authorinfo WHERE uid = '$uid'");
while($field = dbassoc($result2)) {
$user["af_".$field['field']] = $field['info'];
}
}
if($action == "register") {
$query = dbquery("SELECT message_text FROM ".TABLEPREFIX."fanfiction_messages WHERE message_name = 'tos'");
list($tos) = dbrow($query);
$output .= "<div class='tblborder' style='width: 90%; margin: 1em auto;'>$tos</div>";
}
$output .= "<div id='settingsform'><form method=\"POST\" id=\"editbio\" name=\"editbio\" enctype=\"multipart/form-data\" style='margin: 0 auto;' action=\"user.php?action=$action".($uid != USERUID ? "&uid=".$uid : "")."\">
<div><label for='newpenname'>"._PENNAME.":</label>";
if((isADMIN && uLEVEL == 1) || $action == "register")
$output .= "<INPUT name=\"newpenname\" type=\"text\" class=\"textbox\" maxlength=\"200\" value=\"".(isset($user) ? $user['penname'] : "")."\"><INPUT name=\"oldpenname\" type=\"hidden\" value=\"".(isset($user) ? $user['penname'] : "")."\"><font color=\"red\">*</font> ";
else if(isset($user)) $output .= " ".$user['penname'];
$output .= "</div>
<div><label for='realname'>"._REALNAME.": </label><INPUT type=\"text\" class=\"textbox=\" name=\"realname\" maxlength=\"200\" value=\"".(isset($user) ? $user['realname'] : "")."\"></div>
<div><label for='email'>"._EMAIL.":</label><INPUT type=\"text\" class=\"textbox=\" name=\"email\" value=\"".(isset($user) ? $user['email'] : "")."\" maxlength=\"200\" size=\"35\"><font color=\"red\">*</font></div>
<div><label for='bio'>"._BIO.":</label></div>
<div style='width: 450px; margin: 0 auto;'><textarea class=\"textbox\" name=\"bio\" cols=\"50\" rows=\"6\">".(isset($user) ? stripslashes($user['bio']) : "")."</TEXTAREA></div>";
/* The section adds fields to the form from the authorfields table to the authorinfo table allowing dynamic additions to the bio/registration page */
$authorfields = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_authorfields WHERE field_on = '1'");
while($field = dbassoc($authorfields)) {
if($field['field_type'] == 1 || $field['field_type'] == 4 || $field['field_type'] == 6)
$output .= "<div><label for='".$field['field_name']."'>".$field['field_title'].":</label>\n<input type='text' class='textbox' name='af_".$field['field_name']."'".(!empty($user["af_".$field['field_id']]) ? "value='".$user["af_".$field['field_id']]."'" : "").">\n</div>\n";
if($field['field_type'] == 2) {
$output .= "<div><label for='".$field['field_name']."'>".$field['field_title'].":</label>\n
<select class='textbox' name='af_".$field['field_name']."'>\n";
$opts = explode("|#|", $field['field_options']);
foreach($opts as $opt) {
$output .= "<option".(!empty($user["af_".$field['field_id']]) && $user["af_".$field['field_id']] == $opt ? " selected" : "").">$opt</option>\n";
}
$output .= "</select>\n</div>\n";
}
if($field['field_type'] == 5) eval(stripslashes($field['field_code_in']));
if($field['field_type'] == 3) {
$output .= "<div class='fieldset'><span class='label'>".$field['field_title'].":</span>\n";
$output .= "<input type='radio' name='af_".$field['field_name']."' id='af_".$field['field_name']._YES."' value='"._YES."'".(!empty($user["af_".$field['field_id']]) && $user["af_".$field['field_id']] == _YES ? "checked='checked'" : "")."> <label for='".$field['field_name']._YES."'>"._YES."</label>\n
<input type='radio' name='af_".$field['field_name']."' id='af_".$field['field_name']._NO."' value='"._NO."'".(!empty($user["af_".$field['field_id']]) && $user["af_".$field['field_id']] == _NO ? "checked='checked'" : "")."> <label for='".$field['field_name']._NO."'>"._NO."</label></div>\n";
}
}
/* End dynamic fields */
if($imageupload == "1")
$output .= "<div><label for='image'>"._IMAGE.":</label> <INPUT type=\"text\" class=\"textbox=\" name=\"image\" maxlength=\"200\" value=\"".(!empty($user['image']) ? $user['image'] : "")."\"></div>";
if($action != "register" || $pwdsetting)
$output .= "<div><label for='password'>"._PASSWORD.":</label> <INPUT name=\"password\" class=\"textbox\" value=\"\" type=\"password\">".($action == "register" ? "<font color=\"red\">*</font>" : "")."</div>
<div><label for='password2'>"._PASSWORD2.":</label> <INPUT name=\"password2\" class=\"textbox=\" value=\"\" type=\"password\">".($action == "register" ? "<font color=\"red\">*</font>" : "")."</div>";
if(!empty($captcha) && $action == "register") $output .= "<div><label for='userdigit'>"._CAPTCHANOTE."</label><input MAXLENGTH=5 SIZE=5 name=\"userdigit\" type=\"text\" value=\"\"><div style='text-align: center;'><img width=120 height=30 src=\""._BASEDIR."includes/button.php\" style=\"border: 1px solid #111;\"></div></div>";
$output .= "<div style='text-align: center; margin: 1em;'><INPUT type=\"hidden\" name=\"uid\" value=\"".(isset($user) ? $user['uid'] : "")."\"><INPUT type=\"submit\" class=\"button\" name=\"submit\" value=\""._SUBMIT."\">";
if(!isADMIN && $action != "register")
{
$output .= " [<a href=\"admin.php?action=members&delete=$uid\">"._DELETE."</a>]";
}
$output .= "</div></form></div>".write_message("<font color=\"red\">*</font> "._REQUIREDFIELDS);
}
?>