<?php
require_once('config.inc.php');
try {
if (!isset($_POST['username']) || empty($_POST['username'])) {
throw new Exception('Username can not be empty');
}
if (!ctype_alnum($_POST['username'])) {
throw new Exception( 'usr must be alphanumeric' );
}
if (!isset($_POST['email']) || empty($_POST['email'])) {
throw new Exception('Email can not be empty.');
}
if (!isset($_POST['key']) || empty($_POST['key'])) {
throw new Exception('Authentication Key can not be empty.');
}
if (!ctype_digit($_POST['key'])) {
throw new Exception( 'num must be numeric' );
}
if (!isset($_POST['passwd1']) || empty($_POST['passwd1'])) {
throw new Exception('Password can not be empty.');
}
if (preg_match("/\s/",trim($_POST['passwd1']))) {
throw new Exception('Whitespace is not allowed in passwords.');
}
if (!isset($_POST['time_zone']) || empty($_POST['time_zone'])) {
throw new Exception('A time zone must be specified');
}
if (!isset($_SERVER['REMOTE_ADDR'])) {
throw new Exception('Your ip address can not be verified.');
}
if (require_once(PF_BASE.'connect.php'))
$link = connect();
$un = mysql_real_escape_string(trim($_POST['username']));
$email = mysql_real_escape_string($_POST['email']);
$passwd = mysql_real_escape_string(trim($_POST['passwd1']));
$firstname = mysql_real_escape_string($_POST['firstname']);
$lastname = mysql_real_escape_string($_POST['lastname']);
$country_iso_id = mysql_real_escape_string($_POST['country_iso_id']);
$time_zone = mysql_real_escape_string($_POST['time_zone']);
$key = mysql_real_escape_string($_POST['key']);
//$ip = $_SERVER['REMOTE_ADDR'];
if (strlen($passwd) < 6 || strlen($passwd) > 32) {
throw new Exception('Your password must be at least 6 characters and less than 32 characters.');
}
} catch (Exception $e) {
$pfutil = new PFUtil();
$pfutil->error_page($e->getMessage());
}
require(PF_BASE.'Header.php');
?>
<?php $titl = PF_SITENAME.' Registration Confirmation'; require(PF_BASE.'titl.php'); ?>
<br/>
<br/>
<?php
try {
$query0 = 'SELECT AUTH_ID,CREATION_DATE,USERNAME,EMAIL FROM user_reg_auth';
$query0 .=' WHERE USERNAME = \''.$un.'\' and key_value = '.$key;
//.' and ip_num = "'.$ip.'"';
//cho $query0.'<br/>';
$result = mysql_query($query0);
if (!$result) {
throw new Exception('Unable to select authentication information: ' . mysql_errno());
}
$row = mysql_fetch_assoc($result);
if (mysql_num_rows($result) == 0) { // No auth row in user_reg_auth table
throw new Exception('<b>Registration information did not match.</b><br/>This login may already exist.<br/>Please try registering again.' );
}
$ins_query = 'INSERT INTO users ';
$ins_query .='(USERNAME,EMAIL,PASSWORD,FIRSTNAME,LASTNAME,COUNTRY_ISO_ID,KARMA,ACTIVE,TIME_ZONE)';
$ins_query .=' values (';
$ins_query .='\''.$un.'\'';
$ins_query .=',\''.$email.'\'';
$ins_query .=',MD5(\''.$passwd.'\')';
$ins_query .=',\''.$firstname.'\'';
$ins_query .=',\''.$lastname.'\'';
$ins_query .=',\''.$country_iso_id.'\'';
$ins_query .=',0';
$ins_query .=',1';
$ins_query .=',\''.$time_zone.'\')';
//echo $ins_query.'<br/>';
mysql_query('start transaction');
$ins_result = mysql_query($ins_query);
if (!$ins_result) { mysql_query('rollback'); throw new Exception('Unable to insert user information: ' . mysql_errno()); }
$del_query = 'DELETE FROM user_reg_auth WHERE AUTH_ID = '.$row['AUTH_ID'];
//echo $del_query.'<br/>';
$del_result = mysql_query($del_query);
if (!$del_result) { mysql_query('rollback'); throw new Exception('Unable to delete user registration information: ' . mysql_errno()); }
mysql_query('commit');
//mysql_query('rollback');
?>
<center>
<table width="60%" border="0" cellspacing="1" cellpadding="5">
<tr class="form">
<td class="form" align="center">
Registration completed.
</td>
</tr>
<tr class="form">
<td class="form" align="center">
Go to the
<a class="form" href="login.php">
login page</a>
to login.
</td>
</tr>
</table>
</center>
<?php
} catch (Exception $e) {
$pfutil = new PFUtil();
$pfutil->error_page($e->getMessage());
}
include('Footer.php');
?>