Location: PHPKode > projects > top serious project > bco/signup.php
<?

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

include("include.php");

if ($_POST['submit'] == "submit") {
    // If there is more than one space between words, replace them with one space.
    $u = trim(preg_replace("/\s+/", " ", urldecode($_POST['username'])));
    $u2 = trim(preg_replace("/\s+/", " ", urldecode($_POST['username2'])));
	$zip1 = trim(preg_replace("/\s+/", "", urldecode($_POST['zip1'])));
	$zip2 = trim(preg_replace("/\s+/", "", urldecode($_POST['zip2'])));
    if (trim(strip_tags($_POST['security_answer'])) == "") {
        bco_error("Please fill in the security answer field. It was blank.");
    }
    if ($u != $u2) {
        bco_error("Username's do not match.");
    }
    if (strlen($u) > 25) {
        bco_error("Username is longer than 25 characteres, the limit is 25.");
    }
    if (!preg_match("/[0-9A-Za-z ._-]+/i", $u)) {
        bco_error("Username contains illegal characters.<br />Allowed characters are: letters, numbers, . , _ -");
    }
    if (strlen($u) < 2) {
        bco_error("Username must be longer than 3 characters");
    }
	if ($zip1 != $zip2) {
		bco_error("Zip codes do not match");
	}
	if (!is_numeric($zip1)) {
		bco_error("Zip code must be a number.");
	} 
	if (strlen($zip1) > 5) {
		bco_error("Zip code must be 5 characters.. you do not need zip+4");
	}
    // This is different from the bco_user_exists function.
    bco_username_exists($u);
    $e = trim(bco_newcheck_email($_POST['email'],$_POST['email2']));
    // Check that there isn't an already exist account for the users email.
    $dupe_email = "select id from users where email_signup='$e'";
    if (pg_num_rows(pg_query($dupe_email)) != "0") {
        bco_error("Sorry, there is already an account for the email address: $e");
    }

	// Get the default colors from the config table
	$colors_query = "select config_value from bco_config where config_name='default_colors'";
	if (!$result = pg_query($colors_query)) {
		bco_error("Colors query failed.<br />$colors_query");
	}
	$colors = pg_fetch_result($result, 0);
	unset($result);

    // Generate password. And then md5() for encryption purposes.
    $password = bco_randompassword(8);
    $md5_password = md5($password);

    // md5 the security question answer.
    $security_answer = md5(strtolower($_POST['security_answer']));
    
    $u = addslashes($u);

	// Catch forwarded ips
	$forward_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
	if ($forward_ip == '') {
		$foward_ip = '0.0.0.0';
	}

    // Here is the query to insert the user
    $insert_user_query  = "insert into users (username, password, email_signup, security_answer, ip_signup,";
	$insert_user_query .= " ip_signup_foward, signup_date, last_profile_update, zipcode, colors)";
    $insert_user_query .= " values";
    $insert_user_query .= " ('$u', '$md5_password', '$e', '$security_answer', '$_SERVER[REMOTE_ADDR]',";
	$insert_user_query .= "  '$forward_ip', NOW(), NOW(), '$zip1', '$colors')";
    if (!pg_query($insert_user_query)) {
        bco_error("ERROR: " . pg_last_error());
    }
    //
    // This is what we'll mail to the user. This can be altered to some extent.
    //
    $mail_msg  = "Welcome to \"" . BOARD_TITLE . "\".\n\n";
    $mail_msg .= "Your username is: $u\n";
    $mail_msg .= "Your password is: $password\n\n";
    $mail_msg .= "Thanks for signing up!\n" . ADMIN_NAME . "\n\n";

	// Mail headers
	$headers .= "MIME-Version: 1.0\n";
	$headers .= "Content-type: text/plain; charset=iso-8859-1\n";
	$headers .= "X-Priority: 1\n";
	$headers .= "X-MSMail-Priority: High\n";
	$headers .= "X-Mailer: PHP" . phpversion() . "\n";
	$headers .= "From: \"" . ADMIN_NAME . "\" <" . ADMIN_EMAIL . ">\n";

    mail("$e", "New account registration.", $mail_msg, $headers); 
    header("Location: " . $GLOBALS['base_url']);
    exit;
} elseif ($_GET['agree'] == "true") {

    bco_html_header("New account registration.");
//    bco_index_menu("New account registration.");

	echo "\n<div align=\"center\"><h3>Register a new account</h3></div>";
    echo "\n<form method=\"post\" action=\"$PHP_SELF\">";
    echo "\n<table width=\"100%\" cellpadding=\"2\" cellspacing=\"0\" class=\"dashed\">";
    echo "\n    <tr>";
    echo "\n        <td colspan=\"2\">";
    echo "\n        <h3>* A password is automatically generated for you.</h3>";
    echo "\n        <h3>* Accounts using the same email are not allowed.</h3>";
    echo "\n        </td>";
    echo "\n    </tr>";
    echo "\n    <tr>";
    echo "\n        <td width=\"300\">username:</td>";
    echo "\n        <td><input type=\"text\" name=\"username\" maxlength=\"20\" class=\"textfield\" /></td>";
    echo "\n    </tr>";
    echo "\n    <tr>";
    echo "\n        <td width=\"300\">username verify:</td>";
    echo "\n        <td><input type=\"text\" name=\"username2\" maxlength=\"20\" class=\"textfield\" /></td>";
    echo "\n    </tr>";
    echo "\n    <tr>";
    echo "\n        <td width=\"300\">email:</td>";
    echo "\n        <td><input type=\"text\" name=\"email\" class=\"textfield\" /></td>";
    echo "\n    </tr>";
    echo "\n        <td width=\"300\">email verify:</td>";
    echo "\n        <td><input type=\"text\" name=\"email2\" class=\"textfield\" /></td>";
    echo "\n    </tr>";
	echo "\n	<tr>";
	echo "\n		<td width=\"300\">Zip code:<br />";
	if (!isset($_GET['usa'])) {
		echo "\n		* <a href=\"signup.php?agree=true&amp;usa=false\">If you are not in the U.S.A. click here</a></td>";
	} elseif ($_GET['usa'] == "false") {
		echo "\n		* <a href=\"signup.php?agree=true\">If you are in the U.S.A. click here</a></td>";
	} else {
		echo "\n        * <a href=\"signup.php?agree=true&amp;usa=false\">If you are not in the U.S.A. click here</a></td>";
	}
	echo "\n		<td>";
	if ($_GET['usa'] == "false") {
		echo "\n		N/A<input type=\"hidden\" name=\"zip1\" value=\"00000\" /><input type=\"hidden\" name=\"zip2\" value=\"00000\" />";
	} else {
		echo "\n		<input type=\"text\" maxlength=\"20\" class=\"textfield\" name=\"zip1\" /><br />";
		echo "\n		<input type=\"text\" maxlength=\"20\" class=\"textfield\" name=\"zip2\" /> (verfiy)";
	}
    echo "\n    <tr>";
    echo "\n        <td width=\"300\">Mother's maiden name:<br /><span class=\"smallfont\">-for security purposes<br />- 50 chars or less<br />- will be converted to lowercase</span></td>";
    echo "\n        <td valign=\"top\"><input type=\"text\" name=\"security_answer\" class=\"textfield\" /></td>";
    echo "\n    </tr>";
    echo "\n    <tr>";
    echo "\n        <td width=\"200\">&nbsp</td>";
    echo "\n        <td><input type=\"submit\" name=\"submit\" value=\"submit\" class=\"button\" /></td>";
    echo "\n    </tr>";
    echo "\n</table>";
    echo "\n<input type=\"hidden\" name=\"ip\" value=\"$_SERVER[REMOTE_ADDR]\" />";
    echo "\n</form>";

    bco_html_footer();
} else {
	bco_html_header("New account registration.");
	echo "\n<div align=\"center\"><h3>Legal mumbo jumbo</h3></div>";
    echo "\n<table width=\"100%\" cellpadding=\"2\" cellspacing=\"0\" class=\"legal\">";
    echo "\n    <tr>";
    echo "\n        <td>";
    echo "\n        By creating this account, you acknowledge that all posts made to this message board reflect solely the views and opinions of the author, and administrators of this board shall not be held liable for any objectionable material posted.
<br />
<br />
You also agree to refrain from posting any material that may violate any applicable laws, including but not limited to material that is obscene, vulgar, slanderous or threatening. Should your posts contain aforementioned questionable material, you acknowledge that board administrators may suspend your account and / or remove any objectionable posts to this board. To enforce these conditions, the IP address of all posts is recorded and available to board administrators. 
<br />
<br />
Additionally, board administrators may remove, edit, move or close any thread at any time. You acknowledge that all information posted is stored in a database, and while this information will not be disclosed to any third parties without your consent, board administrators will not be held responsible for any data compromised due to hacking attempts.
<br />
<br />
To obtain an account, you agree to provide the administrators of this board a 1) valid e-mail address, to be used only for confirming your registration details and password, and 2) your current zip / postal code, to be used for purposes of statistical analysis.
<br />
<br />
<br />
<div align=\"center\"><a href=\"signup.php?agree=true\">I AGREE to these terms and want to start posting.</a></div>
<br />
<div align=\"center\"><a href=\"http://www.dischord.com\">I DO NOT AGREE to these terms and want to find another message board more to my liking, upon which I can make dumb ass posts</a></div.";
    echo "\n        </td>";
    echo "\n    </tr>";
    echo "\n</table>";
}
// end else { }

?>
Return current item: top serious project