Location: PHPKode > projects > My little forum > forum/includes/register.inc.php
<?php
if(!defined('IN_INDEX'))
 {
  header('Location: ../index.php');
  exit;
 }

$smarty->configLoad($settings['language_file'], 'emails');
$lang = $smarty->getConfigVars();

// remove not activated user accounts:
@mysql_query("DELETE FROM ".$db_settings['userdata_table']." WHERE registered < (NOW() - INTERVAL 24 HOUR) AND activate_code != '' AND logins=0", $connid);

if(empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_register']>0)
 {
  require('modules/captcha/captcha.php');
  $captcha = new Captcha();
 }

if(isset($_REQUEST['action'])) $action = $_REQUEST['action'];
else $action = 'main';

if(isset($_POST['register_submit'])) $action = 'register_submitted';
if(isset($_GET['key'])) $action = 'activate';

switch($action)
 {
  case 'main':
   if($settings['register_mode']<2)
    {
     if($settings['terms_of_use_agreement']==1) $smarty->assign("terms_of_use_agreement",true);
     $smarty->assign('subnav_location','subnav_register');
     $smarty->assign('subtemplate','register.inc.tpl');
     $template = 'main.tpl';
    }
   else
    {
     $smarty->assign('lang_section','register');
     $smarty->assign('message','register_only_by_admin');
     $smarty->assign('subnav_location','subnav_register');
     $smarty->assign('subtemplate','info.inc.tpl');
     $template = 'main.tpl';
    }
  break;
  case 'register_submitted':
   if($settings['register_mode']>1) die('No authorisation!');
   else
    {
     $new_user_name = trim($_POST['new_user_name']);
     $new_user_email = trim($_POST['new_user_email']);
     $reg_pw = $_POST['reg_pw'];
     $reg_pw_conf = $_POST['reg_pw_conf'];
     if(isset($_POST['terms_of_use_agree']) && $_POST['terms_of_use_agree']==1) $terms_of_use_agree=1; else $terms_of_use_agree=0;

     // form complete?
     if($new_user_name=='' || $new_user_email=='' || $reg_pw=='' || $reg_pw_conf=='') $errors[] = 'error_form_uncomplete';

     if(empty($errors))
      {
       // password too short?
       if(my_strlen($reg_pw, $lang['charset']) < $settings['min_pw_length']) $errors[] = 'error_password_too_short';
       // password and repeatet Password equal?
       if($reg_pw != $reg_pw_conf) $errors[] = 'error_pw_conf_wrong';
       // name too long?
       if(my_strlen($new_user_name, $lang['charset']) > $settings['username_maxlength']) $errors[] = 'error_name_too_long';
       // e-mail address too long?
       if(my_strlen($new_user_email, $lang['charset']) > $settings['email_maxlength']) $errors[] = 'error_email_too_long';

       // word in username too long?
       $too_long_word = too_long_word($new_user_name,$settings['name_word_maxlength']);
       if($too_long_word) $errors[] = 'error_word_too_long';

       // look if name already exists:
       $name_result = mysql_query("SELECT user_name FROM ".$db_settings['userdata_table']." WHERE lower(user_name) = '".mysql_real_escape_string(my_strtolower($new_user_name, $lang['charset']))."'", $connid) or raise_error('database_error',mysql_error());
       if(mysql_num_rows($name_result)>0) $errors[] = 'user_name_already_exists';
       mysql_free_result($name_result);

       // look, if e-mail already exists:
       $email_result = mysql_query("SELECT user_email FROM ".$db_settings['userdata_table']." WHERE lower(user_email) = '".mysql_real_escape_string(my_strtolower($new_user_email, $lang['charset']))."'", $connid) or raise_error('database_error',mysql_error());
       if(mysql_num_rows($email_result)>0) $errors[] = 'error_email_alr_exists';
       mysql_free_result($email_result);

       // e-mail correct?
       if(!is_valid_email($new_user_email)) $errors[] = 'error_email_wrong';

       if($settings['terms_of_use_agreement']==1 && $terms_of_use_agree!=1) $errors[] = 'terms_of_use_error_register';

       if(contains_special_characters($new_user_name)) $errors[] = 'error_username_invalid_chars';
      }

     // check for not accepted words:
     $checkstring = my_strtolower($new_user_name.' '.$new_user_email, $lang['charset']);
     $not_accepted_words = get_not_accepted_words($checkstring);
     if($not_accepted_words!=false)
      {
       $errors[] = 'error_reg_not_accepted_word';
      }

     // CAPTCHA check:
     if(empty($errors) && empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_register']>0)
      {
       if($settings['captcha_register']==2)
        {
         if(empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_captcha($_SESSION['captcha_session'],$_POST['captcha_code'])!=true) $errors[] = 'captcha_check_failed';
        }
       else
        {
         if(empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_math_captcha($_SESSION['captcha_session'][2],$_POST['captcha_code'])!=true) $errors[] = 'captcha_check_failed';
        }
       unset($_SESSION['captcha_session']);
      }

     // save user if no errors:
     if(empty($errors))
      {
       $pw_hash = generate_pw_hash($reg_pw);
       $activate_code = random_string(20);
       $activate_code_hash = generate_pw_hash($activate_code);
       if($settings['register_mode']==1) $user_lock = 1;
       else $user_lock = 0;
       @mysql_query("INSERT INTO ".$db_settings['userdata_table']." (user_type, user_name, user_real_name, user_pw, user_email, user_hp, user_location, signature, profile, email_contact, last_login, last_logout, user_ip, registered, user_view, fold_threads, user_lock, auto_login_code, pwf_code, activate_code, entries_read) VALUES (0,'".mysql_real_escape_string($new_user_name)."','','".mysql_real_escape_string($pw_hash)."','".mysql_real_escape_string($new_user_email)."','','','','',".$settings['default_email_contact'].",'0000-00-00 00:00:00',NOW(),'".mysql_real_escape_string($_SERVER["REMOTE_ADDR"])."',NOW(),".intval($settings['default_view']).", ".intval($settings['fold_threads']).", ".$user_lock.", '', '', '".mysql_real_escape_string($activate_code_hash)."', '')", $connid) or raise_error('database_error',mysql_error());

       // get new user ID:
       $new_user_id_result = mysql_query("SELECT user_id FROM ".$db_settings['userdata_table']." WHERE user_name = '".mysql_real_escape_string($new_user_name)."' LIMIT 1", $connid);
       if (!$new_user_id_result) raise_error('database_error',mysql_error());
       $field = mysql_fetch_array($new_user_id_result);
       $new_user_id = $field['user_id'];
       mysql_free_result($new_user_id_result);

       // send e-mail with activation key to new user:
       $lang['new_user_email_txt'] = str_replace("[name]", $new_user_name, $lang['new_user_email_txt']);
       $lang['new_user_email_txt'] = str_replace("[activate_link]", $settings['forum_address']."index.php?mode=register&id=".$new_user_id."&key=".$activate_code, $lang['new_user_email_txt']);

       if(my_mail($new_user_email, $lang['new_user_email_sj'], $lang['new_user_email_txt'])) $smarty->assign('message','registered');
       else $smarty->assign('message','registered_send_error');

       $smarty->assign('lang_section','register');
       $smarty->assign('var',htmlspecialchars($new_user_email));
       $smarty->assign('subnav_location','subnav_register');
       $smarty->assign('subtemplate','info.inc.tpl');
       $template = 'main.tpl';
      }
     else
      {
       $smarty->assign('errors',$errors);
       if(isset($too_long_word)) $smarty->assign('word',$too_long_word);
       $smarty->assign('subnav_location','subnav_register');
       $smarty->assign('subtemplate','register.inc.tpl');
       $smarty->assign('new_user_name',htmlspecialchars($new_user_name));
       $smarty->assign('new_user_email',htmlspecialchars($new_user_email));
       if($settings['terms_of_use_agreement']==1) $smarty->assign("terms_of_use_agreement",true);
       $template = 'main.tpl';
      }
    }
  break;
  case 'activate':
   if(isset($_GET['id'])) $id = intval($_GET['id']); else $error = TRUE;
   if(isset($_GET['key'])) $key = trim($_GET['key']); else $error = TRUE;
   if(empty($error))
    {
     if($id==0) $error = TRUE;
     if($key=='') $error = TRUE;
    }
   if(empty($error))
    {
     $result = mysql_query("SELECT user_name, user_email, logins, activate_code FROM ".$db_settings['userdata_table']." WHERE user_id = ".intval($id)." LIMIT 1", $connid) or raise_error('database_error',mysql_error());
     if(mysql_num_rows($result) != 1) $errors[] = true;
     $data = mysql_fetch_array($result);
     mysql_free_result($result);
    }
   if(empty($error))
    {
     if(trim($data['activate_code']) == '') $error = true;
    }
   if(empty($error))
    {
     if(is_pw_correct($key,$data['activate_code']))
      {
       @mysql_query("UPDATE ".$db_settings['userdata_table']." SET activate_code = '' WHERE user_id=".intval($id), $connid) or raise_error('database_error',mysql_error());

       // E-mail notification to mods and admins:
       if($data['logins']==0) // if != 0 user has changed his e-mail address
        {
         if($settings['register_mode']==1) $new_user_notif_txt = $lang['new_user_notif_txt_locked'];
         else $new_user_notif_txt = $lang['new_user_notif_txt'];
         $new_user_notif_txt = str_replace("[name]", $data['user_name'], $new_user_notif_txt);
         $new_user_notif_txt = str_replace("[email]", $data['user_email'], $new_user_notif_txt);
         $new_user_notif_txt = str_replace("[user_link]", $settings['forum_address']."index.php?mode=user&show_user=".$id, $new_user_notif_txt);

         // who gets a notification?
         $admin_result = @mysql_query("SELECT user_name, user_email FROM ".$db_settings['userdata_table']." WHERE user_type>0 AND new_user_notification=1", $connid);
         if(!$admin_result) raise_error('database_error',mysql_error());
         while($admin_array = mysql_fetch_array($admin_result))
          {
           $ind_reg_emailbody = str_replace("[recipient]", $admin_array['user_name'], $new_user_notif_txt);
           $admin_mailto = my_mb_encode_mimeheader($admin_array['user_name'], CHARSET, "Q")." <".$admin_array['user_email'].">";
           my_mail($admin_mailto, $lang['new_user_notif_sj'], $ind_reg_emailbody);
          }
        }
       if($settings['register_mode']==1) header("Location: index.php?mode=login&login_message=account_activated_but_locked");
       else header("Location: index.php?mode=login&login_message=account_activated");
       exit;
      }
     else $error = true;
    }
   if(isset($error))
    {
     $smarty->assign('lang_section','register');
     $smarty->assign('message','activation_failed');
     $smarty->assign('subnav_location','subnav_register');
     $smarty->assign('subtemplate','info.inc.tpl');
     $template = 'main.tpl';
    }
  break;
 }

// CAPTCHA:
if(empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['captcha_register']>0)
 {
  if($settings['captcha_register']==2)
   {
    $_SESSION['captcha_session'] = $captcha->generate_code();
   }
  else
   {
    $_SESSION['captcha_session'] = $captcha->generate_math_captcha();
    $captcha_tpl['number_1'] = $_SESSION['captcha_session'][0];
    $captcha_tpl['number_2'] = $_SESSION['captcha_session'][1];
   }
  $captcha_tpl['session_name'] = session_name();
  $captcha_tpl['session_id'] = session_id();
  $captcha_tpl['type'] = $settings['captcha_register'];
  $smarty->assign('captcha',$captcha_tpl);
 }
?>
Return current item: My little forum