Location: PHPKode > projects > @1 File Store > signup.php
<?
require_once("libs/header.php");

// --start-- check site suspension for users other than admin
$SQL = "SELECT `".DB_PREFIX."settings`.suspension FROM `".DB_PREFIX."settings`";

if(!$mysql->query($SQL)) {
	exit($mysql->error);
} 
if($mysql->field("suspension")==1){
	$CurUser->failed();
	$_SESSION=array();
	setcookie(session_name(), '', time()-42000, '/');
	session_destroy();
	$smarty->assign("message", "suspension");
	$smarty->assign("site_name", $site_config["SITE_TITLE"]);
	$smarty->display("message.tpl");
	exit;
}
// --end--   check site suspension for users other than admin
		
if ($auto_approve_new_user == '1') {
	$sqlgrid="SELECT id FROM `".DB_PREFIX."user_groups` WHERE `group_name`='".$auto_approve_group."'";
	if(!$mysql->query($sqlgrid)) {
		exit($mysql->error);
	}
	$grid = $mysql->field('id');
}

if(isset($_GET["action"]) && $_GET["action"]=="done") {
	if ($auto_approve_new_user == '1') {
		$msgs = "Thank you for your sign up. Your account has been automatically approved. Please login now.";
	} else {
		$msgs = "Thank you for your sign up. You account will be approved after it is reviewed by our staff.";		
	 }
	$smarty->assign("msgs", $msgs);
	$smarty->assign("message", "signup");
	$smarty->display("message.tpl");
 exit();
}

// modify $SIGNUP_FORM => optional/reqired fields, added by niotech
if($USER_PROFILE_FIELDS["company"]==1){ $SIGNUP_FORM["company"]=array("type"=>"text","description"=>$lang['company_name'],"error"=>$lang['enter']." ".$lang['company_name']); }
if($USER_PROFILE_FIELDS["address1"]==1){ $SIGNUP_FORM["address1"]=array("type"=>"text","description"=>$lang['address_1'],"error"=>$lang['enter']." ".$lang['address_1']); }
if($USER_PROFILE_FIELDS["address2"]==1){ $SIGNUP_FORM["address2"]=array("type"=>"text","description"=>$lang['address_2'],"error"=>$lang['enter']." ".$lang['address_2']); }
if($USER_PROFILE_FIELDS["city"]==1){ $SIGNUP_FORM["city"]=array("type"=>"text","description"=>$lang['city'],"error"=>$lang['enter']." ".$lang['city']); }
if($USER_PROFILE_FIELDS["state"]==1){ $SIGNUP_FORM["state"]=array("type"=>"text","description"=>$lang['state'],"error"=>$lang['enter']." ".$lang['state']); }
if($USER_PROFILE_FIELDS["postcode"]==1){ $SIGNUP_FORM["postcode"]=array("type"=>"text","description"=>$lang['postcode'],"error"=>$lang['enter']." ".$lang['postcode']); }
if($USER_PROFILE_FIELDS["country"]==1){ $SIGNUP_FORM["country"]=array("type"=>"text","description"=>$lang['country'],"error"=>$lang['enter']." ".$lang['country']); }
if($USER_PROFILE_FIELDS["telephone"]==1){ $SIGNUP_FORM["telephone"]=array("type"=>"text","description"=>$lang['phone_number'],"error"=>$lang['enter']." ".$lang['phone_number']); }

$form=array(
	"method"=>"POST",
	"action"=>"signup.php",
	"message"=>"",
	"errorcount"=>0,
	"fields"=>$SIGNUP_FORM,
	"submit"=>$lang['sign_up']
);

$userform=new UserForms($form["fields"]);
if($_SERVER["REQUEST_METHOD"]==$form["method"]) {
	$userform->load($form["fields"], $_POST);
	$form["errorcount"]=$userform->check($form["fields"]);

// Validate all inputs
// Added by SepedaTua on June 01, 2006 - http://www.sepedatua.info/
/********************** SepedaTua ****************************/

/* Fields:
$form["fields"]["real_name"]["value"]
$form["fields"]["company"]["value"]
$form["fields"]["address1"]["value"]
$form["fields"]["address2"]["value"]
$form["fields"]["city"]["value"]
$form["fields"]["state"]["value"]
$form["fields"]["postcode"]["value"]
$form["fields"]["country"]["value"]
$form["fields"]["telephone"]["value"]
$form["fields"]["email"]["value"]
$form["fields"]["login"]["value"]
$form["fields"]["password"]["value"]
$form["fields"]["password2"]["value"]
*/
$search = array ('@<script[^>]*?>.*?</script>@si',
                '@<[\/\!]*?[^<>]*?>@si',
                '@([\r\n])[\s]+@',
                '@&(quot|#34);@i',
                '@&(amp|#38);@i',
                '@&(lt|#60);@i',
                '@&(gt|#62);@i',
                '@&(nbsp|#160);@i',
                '@&(iexcl|#161);@i',
                '@&(cent|#162);@i',
                '@&(pound|#163);@i',
                '@&(copy|#169);@i',
                '@&#(\d+);@e');

$replace = array ('',
                 '',
                 '\1',
                 '"',
                 '&',
                 '<',
                 '>',
                 ' ',
                 chr(161),
                 chr(162),
                 chr(163),
                 chr(169),
                 'chr(\1)');

$frealname = $form["fields"]["real_name"]["value"];
$fcompany = $form["fields"]["company"]["value"];
$faddress = $form["fields"]["address1"]["value"];
$faddress2 = $form["fields"]["address2"]["value"];
$fcity = $form["fields"]["city"]["value"];
$fstate = $form["fields"]["state"]["value"];
$fpostcode = $form["fields"]["postcode"]["value"];
$fcountry = $form["fields"]["country"]["value"];
$ftelephone = $form["fields"]["telephone"]["value"];
$femail = $form["fields"]["email"]["value"];
$flogin = $form["fields"]["login"]["value"];
$fpassword = $form["fields"]["password"]["value"];
$fpassword2 = $form["fields"]["password2"]["value"];

$form["fields"]["real_name"]["value"] = preg_replace($search, $replace, $form["fields"]["real_name"]["value"]);
$form["fields"]["company"]["value"] = preg_replace($search, $replace, $form["fields"]["company"]["value"]);
$form["fields"]["address1"]["value"] = preg_replace($search, $replace, $form["fields"]["address1"]["value"]);
$form["fields"]["address2"]["value"] = preg_replace($search, $replace, $form["fields"]["address2"]["value"]);
$form["fields"]["city"]["value"] = preg_replace($search, $replace, $form["fields"]["city"]["value"]);
$form["fields"]["state"]["value"] = preg_replace($search, $replace, $form["fields"]["state"]["value"]);
$form["fields"]["postcode"]["value"] = preg_replace($search, $replace, $form["fields"]["postcode"]["value"]);
$form["fields"]["country"]["value"] = preg_replace($search, $replace, $form["fields"]["country"]["value"]);
$form["fields"]["telephone"]["value"] = preg_replace($search, $replace, $form["fields"]["telephone"]["value"]);
$form["fields"]["email"]["value"] = preg_replace($search, $replace, $form["fields"]["email"]["value"]);
$form["fields"]["login"]["value"] = preg_replace($search, $replace, $form["fields"]["login"]["value"]);
$form["fields"]["password"]["value"] = preg_replace($search, $replace, $form["fields"]["password"]["value"]);
$form["fields"]["password2"]["value"] = preg_replace($search, $replace, $form["fields"]["password2"]["value"]);

if ($frealname!=$form["fields"]["real_name"]["value"] or $fcompany!=$form["fields"]["company"]["value"] or $faddress!=$form["fields"]["address1"]["value"] or $faddress2!=$form["fields"]["address2"]["value"] or $fcity!=$form["fields"]["city"]["value"] or $fstate!=$form["fields"]["state"]["value"] or $fpostcode!=$form["fields"]["postcode"]["value"] or $fcountry!=$form["fields"]["country"]["value"] or $ftelephone!=$form["fields"]["telephone"]["value"] or $femail!=$form["fields"]["email"]["value"] or $flogin!=$form["fields"]["login"]["value"] or $fpassword!=$form["fields"]["password"]["value"] or $fpassword2!=$form["fields"]["password2"]["value"]) {
	$st="Please do not enter any malicious code";
}

if (isset($st)) {
	$form["errorcount"]=1;
	$form["message"]=$st;
}
if (empty($form["fields"]["real_name"]["value"])) {
	$form["errorcount"]=1;
	$form["message"]=$lang['realname_is_empty'];
}

// checking $USER_PROFILE_FIELDS and forms fields. added by niotech
if($USER_PROFILE_FIELDS["company"]==1 && empty($form["fields"]["company"]["value"])){
	$form["errorcount"]=1;
	$form["message"]=$lang['company_name']." ".$lang['is_empty'];
}
if($USER_PROFILE_FIELDS["address1"]==1 && empty($form["fields"]["address1"]["value"])){
	$form["errorcount"]=1;
	$form["message"]=$lang['address_1']." ".$lang['is_empty'];
}
if($USER_PROFILE_FIELDS["address2"]==1 && empty($form["fields"]["address2"]["value"])){
	$form["errorcount"]=1;
	$form["message"]=$lang['address_2']." ".$lang['is_empty'];
}
if($USER_PROFILE_FIELDS["city"]==1 && empty($form["fields"]["city"]["value"])){
	$form["errorcount"]=1;
	$form["message"]=$lang['city']." ".$lang['is_empty'];
}
if($USER_PROFILE_FIELDS["state"]==1 && empty($form["fields"]["state"]["value"])){
	$form["errorcount"]=1;
	$form["message"]=$lang['state']." ".$lang['is_empty'];
}
if($USER_PROFILE_FIELDS["postcode"]==1 && empty($form["fields"]["postcode"]["value"])){
	$form["errorcount"]=1;
	$form["message"]=$lang['postcode']." ".$lang['is_empty'];
}
if($USER_PROFILE_FIELDS["country"]==1 && empty($form["fields"]["country"]["value"])){
	$form["errorcount"]=1;
	$form["message"]=$lang['country']." ".$lang['is_empty'];
}
if($USER_PROFILE_FIELDS["telephone"]==1 && empty($form["fields"]["telephone"]["value"])){
	$form["errorcount"]=1;
	$form["message"]=$lang['phone_number']." ".$lang['is_empty'];
}


if (empty($form["fields"]["email"]["value"])) {
	$form["errorcount"]=1;
	$form["message"]=$lang['email_is_empty'];
}

if (!eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,6}$", $form["fields"]["email"]["value"])) {
	$form["errorcount"]=1;
	$form["message"]=$lang['email_format'];
}
if (empty($form["fields"]["login"]["value"])) {
	$form["errorcount"]=1;
	$form["message"]=$lang['login']." ".$lang['is_empty'];
}
if (empty($form["fields"]["password"]["value"]) or empty($form["fields"]["password2"]["value"])) { 
	$form["errorcount"]=1;
	$form["message"]=$lang['password']." ".$lang['is_empty'];
}

/************************ eod ******************************/

	if($form["errorcount"]==0) {
		if($form["fields"]["password"]["value"]!=$form["fields"]["password2"]["value"]) {
			 $form["errorcount"]=1;
			 $form["message"]=$lang['password_not_match'];
		} else {

			$SQL="SELECT COUNT(*) AS `cnt` FROM `".DB_PREFIX."users`";
			$SQL.=" WHERE `email`='".AddSlashes(trim($form["fields"]["email"]["value"]))."'";
			if(!$mysql->query($SQL) || $mysql->num<=0) {
				exit($mysql->error);
			}
			if(intval($mysql->field("cnt"))>0) {
				$form["errorcount"]=1;
				$form["message"]=$lang['email_exist'];
			} else {
				$SQL="SELECT COUNT(*) AS `cnt` FROM `".DB_PREFIX."users`";
				$SQL.=" WHERE `login`='".AddSlashes(trim($form["fields"]["login"]["value"]))."'";
				if(!$mysql->query($SQL) || $mysql->num<=0) {
					exit($mysql->error);
				}	
				if(intval($mysql->field("cnt"))>0) {
					$form["errorcount"]=1;
					$form["message"]=$lang['login_exist'];
				} else {
					$SQL="INSERT INTO `".DB_PREFIX."users` SET ".$userform->sql($form["fields"]);
					if ($auto_approve_new_user == '1') {
						$SQL.=", `level`='".$grid."' , `confirm`='Y'";
						if ($auto_approve_upload == '1') {
							$SQL.=", `allow_upload`='Y'";
						} else {
							$SQL.=", `allow_upload`='N'";
						}
					} else if ($auto_approve_new_user == '0') {
						$SQL.=", `level`=-2, `confirm`='N'";
					}
					if(!$mysql->query($SQL)) {
						exit($mysql->error);
					}
					if ($auto_approve_new_user == '1') {
						if ($email_notification == '1') {
							$AA_MAIL_ADMIN=sprintf($AA_NEW_USER, $form["fields"]["login"]["value"], $form["fields"]["email"]["value"] );
							send_to_admin($mysql, $lang['new_on_site'], $AA_MAIL_ADMIN);
						}
						$AA_MAIL_USER=sprintf($AA_APP_USER, $form["fields"]["login"]["value"]);
						mail($form["fields"]["email"]["value"], $lang['account_accept'], $AA_MAIL_USER, "From:".ADMIN_EMAIL);
					} else if ($auto_approve_new_user == '0') {
						if ($email_notification == '1') {
							$MAIL=sprintf($NEW_USER, $form["fields"]["login"]["value"], $form["fields"]["email"]["value"] );
							send_to_admin($mysql, $lang['new_on_site'], $MAIL);
						}
					}
					Header("Location:signup.php?action=done");
					exit();
				}
			}
		}
	}
}

//$smarty->debugging=true;
$smarty->assign("form", $form);
$smarty->display("signup.tpl");
?>
Return current item: @1 File Store