register.php

   1 <?php
   2 /*=====================================================================*\
   3 || ################################################################### ||
   4 || # [#]app[#] [#]version[#]
   5 || # --------------------------------------------------------------- # ||
   6 || # All parts of this file are ©2003-[#]year[#] Iris Studios, Inc. No     # ||
   7 || # part of this file may be reproduced in any way: part or whole.  # ||
   8 || # --------------------------------------------------------------- # ||
   9 || # ©2003 - [#]year[#] Iris Studios, Inc. | http://www.iris-studios.com   # ||
  10 || ################################################################### ||
  11 \*=====================================================================*/
  12
  13 require_once('./global.php');
  14
  15 // ###################################################################
  16
  17 if ($bugsys->userinfo['userid'])
  18 {
  19         echo 'Sorry, you are already registered!';
  20         exit;
  21 }
  22
  23 if (!$bugsys->options['allownewreg'])
  24 {
  25         echo 'Sorry, we don\'t allow new registrations!';
  26         exit;
  27 }
  28
  29 // ###################################################################
  30
  31 if (empty($_REQUEST['do']))
  32 {
  33         foreach ($bugsys->datastore['language'] AS $languageid => $language)
  34         {
  35                 $opts .= "<option value=\"$languageid\">$language[title]</option>";
  36         }
  37
  38         echo <<<EOF
  39 <form action="register.php" name="register" method="post">
  40 <input type="hidden" name="do" value="insert" />
  41 Email: <input type="text" name="email" size="30" /><br />
  42 Confirm Email: <input type="text" name="confirmemail" size="30" /><br />
  43 Display Name: <input type="text" name="displayname" size="30" /><br />
  44 Password: <input type="password" name="password" size="30" /><br />
  45 Confirm Password: <input type="password" name="confirmpassword" size="30" /><br />
  46 Show My Email Publicly: <input type="checkbox" value="1" name="showemail" /> Yes<br />
  47 Language: <select name="languageid">$opts</select><br />
  48 <input type="submit" name="submit" value="Save" accesskey="s" /> <input type="reset" name="reset" value="Reset" accesskey="r" />
  49 </form>
  50 EOF;
  51 }
  52
  53 // ###################################################################
  54
  55 if ($_POST['do'] == 'insert')
  56 {
  57         sanitize(array('email' => STR_NOHTML, 'confirmemail' => STR_NOHTML, 'displayname' => STR_NOHTML, 'password' => STR, 'confirmpassword' => STR, 'showemail' => INT, 'languageid' => INT));
  58
  59         if ($vars['email'] != $vars['confirmemail'])
  60         {
  61                 $errors[] = 'The emails you entered do not match.';
  62         }
  63
  64         if (!$vars['email'])
  65         {
  66                 $errors[] = 'The password you specified was blank.';
  67         }
  68
  69         if ($vars['password'] != $vars['confirmpassword'])
  70         {
  71                 $errors[] = 'The passwords you entered did not match.';
  72         }
  73
  74         if (!$vars['password'])
  75         {
  76                 $errors[] = 'The password you specified was blank.';
  77         }
  78
  79         if (is_array($DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . addslasheslike($vars['email']) . "'")))
  80         {
  81                 $errors[] = 'The specified email is already in use.';
  82         }
  83
  84         if (is_array($errors))
  85         {
  86                 echo implode('<br />', $errors);
  87                 exit;
  88         }
  89
  90         $salt = fetch_random_chars(15);
  91
  92         if ($bugsys->options['verifyemail'])
  93         {
  94                 $usergroupid = 3;
  95         }
  96         else
  97         {
  98                 if ($bugsys->options['moderatenewusers'])
  99                 {
 100                         $usergroupid = 4;
 101                 }
 102                 else
 103                 {
 104                         $usergroupid = 2;
 105                 }
 106         }
 107
 108         $DB_sql->query("
 109                 INSERT INTO " . TABLE_PREFIX . "user
 110                         (email, displayname, password, salt, authkey, showemail, languageid, usergroupid)
 111                 VALUES
 112                         ('" . addslasheslike($vars['email']) . "',
 113                         '" . addslasheslike($vars['displayname']) . "',
 114                         '" . md5(md5($vars['password']) . md5($salt)) . "',
 115                         '$salt',
 116                         '" . fetch_random_chars() . "',
 117                         $vars[showemail],
 118                         $vars[languageid],
 119                         $usergroupid
 120                 )"
 121         );
 122
 123         $userid = $DB_sql->insert_id();
 124
 125         // Verify email address
 126         if ($usergroupid == 3)
 127         {
 128                 $activationid = fetch_random_chars(25);
 129
 130                 $DB_sql->query("INSERT INTO " . TABLE_PREFIX . "useractivation (userid, activator, dateline, usergroupid) VALUES ($userid, '$activationid', " . NOW . ", 2)");
 131
 132                 mymail(addslasheslike($vars['email']), 'Welcome to ' . $bugsys->options['trackertitle'], "Hi " . addslasheslike($vars['displayname']) . " you need to activate your account: http://devbox/bugtraq/register.php?do=activate&userid=" . $userid . "&activator=" . $activationid);
 133
 134                 echo 'You now need to activate your account via email.';
 135         }
 136         else if ($usergroupid == 4 OR $usergroupid == 2)
 137         {
 138                 if ($bugsys->options['sendwelcomemail'])
 139                 {
 140                         mymail(addslasheslike($vars['email']), 'Welcome to ' . $bugsys->options['trackertitle'], "Hi " . addslasheslike($vars['displayname']) . " and welcome to the " . $bugsys->options['trackertitle'] . " bug tracker! Thanks for registering.");
 141                 }
 142
 143                 if ($usergroupid == 4)
 144                 {
 145                         echo 'Your account is pending approval.';
 146                 }
 147                 else
 148                 {
 149                         echo 'Registration complete!';
 150                 }
 151         }
 152 }
 153
 154 // ###################################################################
 155
 156 if ($_REQUEST['do'] == 'activate')
 157 {
 158         sanitize(array('userid' => INT, 'activator' => STR));
 159
 160         if ($useractivation = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "useractivation WHERE userid = $vars[userid] AND activator = '" . addslasheslike($vars['activator']) . "'"))
 161         {
 162                 $DB_sql->query("UPDATE " . TABLE_PREFIX . "user SET usergroupid = $useractivation[usergroupid] WHERE userid = $vars[userid]");
 163                 $DB_sql->query("DELETE FROM " . TABLE_PREFIX . "useractivation WHERE userid = $vars[userid]");
 164                 echo 'your account is now activated and you can now login';
 165         }
 166         else
 167         {
 168                 echo 'we could not match your registration string. please make sure you entered the correct url';
 169         }
 170 }
 171
 172 /*=====================================================================*\
 173 || ###################################################################
 174 || # $HeadURL$
 175 || # $Id$
 176 || ###################################################################
 177 \*=====================================================================*/
 178 ?>