register.php at ProjectPress

ï»¿<?php
session_start(); //Starts the session.
define('access',true);
include('config.inc.php');
include(PM_DIR . 'pm-includes/global.inc.php');
require(PM_DIR . 'pm-includes/functions.php');

if(get_pm_option('enable_registration') != 'yes') { pm_die( '<a href="login.php">Click here</a> to login.' , 'Registration disabled'); die(); }

if($_SESSION['logged'] == 1) //User is already logged in.
	pm_redirect(PM_URI . '/index.php'); //Goes to main page.
	
$err = array();
					 
if($_POST['doRegister'] == 'Register') { 
/******************* Filtering/Sanitizing Input *****************************
This code filters harmful script code and escapes data of all POST data
from the user submitted form.
*****************************************************************/
foreach($_POST as $key => $value) {
	$data[$key] = pmdb::connect()->escape($value);
}

/********************* RECAPTCHA CHECK *******************************
This code checks and validates recaptcha
****************************************************************/
 /*require_once(PM_DIR . 'recaptchalib.php');
     
      $resp = recaptcha_check_answer ($privatekey,
                                      $_SERVER["REMOTE_ADDR"],
                                      $_POST["recaptcha_challenge_field"],
                                      $_POST["recaptcha_response_field"]);

      if (!$resp->is_valid) {
        die ("<h3>Image Verification failed!. Go back and try again.</h3>" .
             "(reCAPTCHA said: " . $resp->error . ")");			
      }*/
/************************ SERVER SIDE VALIDATION **************************************/

/********** This validation is useful if javascript is disabled in the browswer ***/

if(empty($data['first_name']) || strlen($data['first_name']) < 4) {
$err[] = "ERROR - Invalid First Name. Please enter at least 3 or more characters for your first name";
//header("Location: register.php?msg=$err");
//exit();
}

if(empty($data['last_name']) || strlen($data['last_name']) < 4) {
$err[] = "ERROR - Invalid Last Name. Please enter at least 3 or more characters for your last name";
//header("Location: register.php?msg=$err");
//exit();
}

// Validate User Name
if (!is_valid_username($data['username'])) {
$err[] = "ERROR - Invalid username. It can contain alphabet, number and underscore.";
//header("Location: register.php?msg=$err");
//exit();
}

// Validate Email
if(!is_valid_email($data['email'])) {
$err[] = "ERROR - Invalid email address.";
//header("Location: register.php?msg=$err");
//exit();
}
// Check User Passwords
if (!is_valid_password($data['pwd'],$data['pwd2'])) {
$err[] = "ERROR - Invalid Password or mismatch. Enter 5 chars or more";
//header("Location: register.php?msg=$err");
//exit();
}
	  
$user_ip = $_SERVER['REMOTE_ADDR'];

// stores sha1 of password
$md5pass = md5($data['pwd']);

// Automatically collects the hostname or domain  like example.com) 
$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$path   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');

// Generates activation code simple 4 digit number
$activ_code = rand(1000,9999);

$email = $data['email'];
$username = $data['username'];

/************ USER EMAIL CHECK ************************************
This code does a second check on the server side if the email already exists. It 
queries the database and if it has any existing email it throws user email already exists
*******************************************************************/

$rs_duplicate = pmdb::connect()->query("select count(*) as total from " . DB . "members where email='$email' OR username='$username'");
list($total) = $rs_duplicate->fetch_row();

if ($total > 0) {
$err[] = "ERROR - The username/email already exists. Please try again with different username and email.";
//header("Location: register.php?msg=$err");
//exit();
}
/***************************************************************************/

if(empty($err)) {

$sql_insert = "INSERT INTO " . DB . "members
  			(`user_id`,`username`,`first_name`,`last_name`,`email`,`password`,`users_ip`,`activation_code`,`date`
			)
		    VALUES
		    (LAST_INSERT_ID(),'$username','$data[first_name]','$data[last_name]','$email','$md5pass','$user_ip','$activ_code',NOW()
			)
			";
			
pmdb::connect()->query($sql_insert);  
$md5_id = md5($user_id);
pmdb::connect()->query("UPDATE " . DB . "members SET md5_id='$md5_id' WHERE user_id = LAST_INSERT_ID()");
pmdb::connect()->query("INSERT INTO " . DB . "user_roles (userID,roleID,addDate) VALUES (LAST_INSERT_ID(),'2',NOW())");
//	echo "<h3>Thank You</h3> We received your submission.";

if($user_registration)  {
$a_link = "
*****ACTIVATION LINK*****\n
http://$host$path/activate.php?user=$md5_id&activ_code=$activ_code
"; 
} else {
$a_link = 
"Your account is *PENDING APPROVAL* and will be soon activated the administrator.
";
}

$message = 
"Hello \n
Thank you for registering with us. Here are your login details...\n

User ID: $username
Email: $email \n 
Password: $data[pwd] \n

$a_link

Thank You

Administrator
$host_upper
______________________________________________________
THIS IS AN AUTOMATED RESPONSE. 
***DO NOT RESPOND TO THIS EMAIL****
";

$headers  = "From: \"ProjectPress Member Registration\" <auto-reply@$host>\r\n";
$headers .= "X-Mailer: PHP/" . phpversion();

pm_mail($email,"Login Details",$message,$headers);

  pm_redirect(PM_URI . '/thankyou.php');
	 
	 } 
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
<head>
<title>Registration</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link href="<?php echo PM_URI ?>/css/login-style.css" rel="stylesheet" type="text/css">
<script language="JavaScript" type="text/javascript" src="<?php echo PM_URI; ?>/js/jquery-1.3.2.min.js"></script>
<script language="JavaScript" type="text/javascript" src="<?php echo PM_URI; ?>/js/jquery.validate.js"></script>

  <script>
  $(document).ready(function(){
    $.validator.addMethod("username", function(value, element) {
        return this.optional(element) || /^[a-z0-9\_]+$/i.test(value);
    }, "Username must contain only letters, numbers, or underscore.");

    $("#regForm").validate();
  });
  </script>
</head>

<body>
<div id="register">
	
	<?php 
	 if (isset($_GET['done'])) { ?>
	  <h2>Thank you</h2> Your registration is now complete and you can <a href="login.php">login here</a>";
	 <?php exit();
	  }
	?>
	
	<?php	
	 if(!empty($err))  {
	   echo "<div class=\"msg\">";
	  foreach ($err as $e) {
	    echo "* $e <br>";
	    }
	  echo "</div>";	
	   }
	 ?>

<form name="regForm" id="regForm" action="<?php $_SERVER['PHP_SELF'] ?>" method="POST">

<table>
<h1>Create An Account</h1>

<tr><td width="50%">Username <span class="required"><font color="#CC0000">*</font></td> <td width="50%"><input name="username" id="username" size="18" type="text" />
	<input name="btnAvailable" type="button" id="sub_button" onclick='$("#checkid").html("Please wait..."); $.get("checkuser.php",{ cmd: "check", user: $("#username").val() } ,function(data){  $("#checkid").html(data); });' value="Check Availability">
	<span style="color:red; font: bold 12px verdana; " id="checkid" ></span>
</td></tr>

<tr><td width="50%">First Name <span class="required"><font color="#CC0000">*</font></td> <td width="50%"><input name="first_name" id="first_name" class="required" size="18" type="text" /></td></tr>

<tr><td width="50%">Last Name <span class="required"><font color="#CC0000">*</font></td> <td width="50%"><input name="last_name" id="last_name" class="required" size="18" type="text" /></td></tr>

<tr><td width="50%">Email <span class="required"><font color="#CC0000">*</font></td> <td width="50%"><input name="email" id="email" size="18" class="required" type="text" /></td></tr>

<tr><td width="50%">Password <span class="required"><font color="#CC0000">*</font></td> <td width="50%"><input name="pwd" id="pwd" minlength="5" size="18" class="required" type="text" /></td></tr>

<tr><td width="50%">Retype Password <span class="required"><font color="#CC0000">*</font></td> <td width="50%"><input name="pwd2"  id="pwd2" class="required password" type="password" minlength="5" equalto="#pwd"></td></tr>

<!-- <tr><td><strong>Image Verification </strong><td></tr>

<tr><td colspan="2"><?php require_once(PM_DIR . 'recaptchalib.php'); echo recaptcha_get_html($publickey); ?></td></tr> -->

<tr><td colspan="2"><input name="doRegister" type="submit" id="sub_button" value="Register"></td></tr>

<tr><td>&nbsp;</td></tr>

</table>
</form>
</div>

<p><a href="login.php">Login</a> | <a href="forgot.php">Reset Password</a></p>

<p>&nbsp;</p>

</body>
</html>