gitphp 0.2.9.1 :: contractdashboard.git/blobdiff

blob:a/cutenews/register.php -> blob:b/cutenews/register.php

<?PHP	<?PHP



error_reporting (E_ALL ^E_NOTICE);	error_reporting (E_ALL ^E_NOTICE);
require_once("./inc/functions.inc.php");	require_once("./inc/functions.inc.php");
require_once("./data/config.php");	require_once("./data/config.php");
require_once("./skins/${config_skin}.skin.php");	require_once("./skins/${config_skin}.skin.php");



// Check if CuteNews is not installed	// Check if CuteNews is not installed
$all_users_db = file("./data/users.db.php");	$all_users_db = file("./data/users.db.php");
$check_users = $all_users_db;	$check_users = $all_users_db;
$check_users[1] = trim($check_users[1]);	$check_users[1] = trim($check_users[1]);
$check_users[2] = trim($check_users[2]);	$check_users[2] = trim($check_users[2]);
if((!$check_users[2] or $check_users[2] == "") and (!$check_users[1] or $check_users[1] == "")){	if((!$check_users[2] or $check_users[2] == "") and (!$check_users[1] or $check_users[1] == "")){
if(!file_exists("./inc/install.mdu")){ die('<h2>Error!</h2>CuteNews detected that you do not have users in your users.db.php file and wants to run the install module.<br>	if(!file_exists("./inc/install.mdu")){ die('<h2>Error!</h2>CuteNews detected that you do not have users in your users.db.php file and wants to run the install module.<br>
However, the install module (<b>./inc/install.mdu</b>) can not be located, please reupload this file and make sure you set the proper permissions so the installation can continue.'); }	However, the install module (<b>./inc/install.mdu</b>) can not be located, please reupload this file and make sure you set the proper permissions so the installation can continue.'); }

msg("info", "CuteNews Not Installed", "CuteNews is not properly installed (users missing) <a href=index.php>go to index.php</a>");	msg("info", "CuteNews Not Installed", "CuteNews is not properly installed (users missing) <a href=index.php>go to index.php</a>");
}	}


$register_level = $config_registration_level;	$register_level = $config_registration_level;

if($action == "doregister"){	if($action == "doregister"){
if($config_allow_registration != "yes"){ msg("error","Error", "User registration is Disabled"); }	if($config_allow_registration != "yes"){ msg("error","Error", "User registration is Disabled"); }
if(!$regusername){ msg("error","Error !!!", "Username can not be blank"); }	if(!$regusername){ msg("error","Error !!!", "Username can not be blank"); }
if(!$regpassword){ msg("error","Error !!!", "Password can not be blank"); }	if(!$regpassword){ msg("error","Error !!!", "Password can not be blank"); }
if(!$regemail) { msg("error","Error !!!", "Email can not be blank"); }	if(!$regemail) { msg("error","Error !!!", "Email can not be blank"); }

$regusername = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\\|'"), array("", "", "", "", ""), $regusername);	$regusername = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\\|'"), array("", "", "", "", ""), $regusername);
$regnickname = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\\|'"), array("", "", "", "", ""), $regnickname);	$regnickname = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\\|'"), array("", "", "", "", ""), $regnickname);
$regemail = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\\|'"), array("", "", "", "", ""), $regemail);	$regemail = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\\|'"), array("", "", "", "", ""), $regemail);
$regpassword = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\\|'"), array("", "", "", "", ""), $regpassword);	$regpassword = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\\|'"), array("", "", "", "", ""), $regpassword);

if(!preg_match("/^[\.A-z0-9_\-]{1,15}$/i", $regusername)){ msg("error","Error !!!", "$regusername Your username must only contain valid characters, numbers and the symbol '_'"); }	if(!preg_match("/^[\.A-z0-9_\-]{1,15}$/i", $regusername)){ msg("error","Error !!!", "$regusername Your username must only contain valid characters, numbers and the symbol '_'"); }
if(!preg_match("/^[\.A-z0-9_\-]{1,15}$/i", $regnickname)){ msg("error","Error !!!", "Your nickname must only contain valid characters, numbers and the symbol '_'"); }	if(!preg_match("/^[\.A-z0-9_\-]{1,15}$/i", $regnickname)){ msg("error","Error !!!", "Your nickname must only contain valid characters, numbers and the symbol '_'"); }
if(!preg_match("/^[\.A-z0-9_\-]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[A-z]{1,4}$/", $regemail)){ msg("error","Error !!!", "Not valid Email."); }	if(!preg_match("/^[\.A-z0-9_\-]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[A-z]{1,4}$/", $regemail)){ msg("error","Error !!!", "Not valid Email."); }
if(!preg_match("/^[\.A-z0-9_\-]{1,15}$/i", $regpassword)){ msg("error","Error !!!", "Your password must conatain only valid characters and numbers"); }	if(!preg_match("/^[\.A-z0-9_\-]{1,15}$/i", $regpassword)){ msg("error","Error !!!", "Your password must conatain only valid characters and numbers"); }

$all_users = file("./data/users.db.php");	$all_users = file("./data/users.db.php");
foreach($all_users as $user_line)	foreach($all_users as $user_line)
{	{
$user_arr = explode("\|", $user_line);	$user_arr = explode("\|", $user_line);
if($user_arr[2] == $regusername){ msg("error", "Error", "This username is already taken"); }	if($user_arr[2] == $regusername){ msg("error", "Error", "This username is already taken"); }
}	}

$add_time = time()+($config_date_adjust*60);	$add_time = time()+($config_date_adjust*60);
$regpassword = md5($regpassword);	$regpassword = md5($regpassword);

$old_users_file = file("./data/users.db.php");	$old_users_file = file("./data/users.db.php");
$new_users_file = fopen("./data/users.db.php", "a");	$new_users_file = fopen("./data/users.db.php", "a");
fwrite($new_users_file, "$add_time\|$register_level\|$regusername\|$regpassword\|$regnickname\|$regemail\|0\|0\|\|\|\|\n");	fwrite($new_users_file, "$add_time\|$register_level\|$regusername\|$regpassword\|$regnickname\|$regemail\|0\|0\|\|\|\|\n");
fclose($new_users_file);	fclose($new_users_file);

if($config_notify_registration == "yes" and $config_notify_status == "active"){	if($config_notify_registration == "yes" and $config_notify_status == "active"){
send_mail("$config_notify_email", "CuteNews - New User Registered", "New user ($regusername) has just registered:\nUsername: $regusername\nNickname: $regnickname\nEmail: $regemail\n ");	send_mail("$config_notify_email", "CuteNews - New User Registered", "New user ($regusername) has just registered:\nUsername: $regusername\nNickname: $regnickname\nEmail: $regemail\n ");
}	}

msg("user", "User Added", "You were successfully added to users database.<br>You can now login <a href=index.php>here</a>");	msg("user", "User Added", "You were successfully added to users database.<br>You can now login <a href=index.php>here</a>");


}elseif($action == "lostpass"){	}elseif($action == "lostpass"){

echoheader("user","Lost Password");	echoheader("user","Lost Password");

echo"<form method=post action=\"$PHP_SELF\"><table border=0 cellpading=0 cellspacing=0 width=\"654\" height=\"59\" >	echo"<form method=post action=\"$PHP_SELF\"><table border=0 cellpading=0 cellspacing=0 width=\"654\" height=\"59\" >
<td width=\"18\" height=\"11\">	<td width=\"18\" height=\"11\">
<td width=\"71\" height=\"11\" align=\"left\">	<td width=\"71\" height=\"11\" align=\"left\">

Username<td width=\"203\" height=\"11\" align=\"left\">	Username<td width=\"203\" height=\"11\" align=\"left\">
<input type=text name=user seize=20>	<input type=text name=user seize=20>
<td width=\"350\" height=\"26\" align=\"left\" rowspan=\"2\" valign=\"middle\">	<td width=\"350\" height=\"26\" align=\"left\" rowspan=\"2\" valign=\"middle\">
If the username and email match in our users database,<br> and email with furher instructions will be sent to you.	If the username and email match in our users database,<br> and email with furher instructions will be sent to you.
<tr>	<tr>
<td width=\"18\" valign=\"top\" height=\"15\">	<td width=\"18\" valign=\"top\" height=\"15\">
<td width=\"71\" height=\"15\" align=\"left\">	<td width=\"71\" height=\"15\" align=\"left\">
Email	Email
<td width=\"203\" height=\"15\" align=\"left\">	<td width=\"203\" height=\"15\" align=\"left\">

<input type=text name=email size=\"20\">	<input type=text name=email size=\"20\">

</tr>	</tr>
<tr>	<tr>
<td width=\"18\" valign=\"top\" height=\"15\">	<td width=\"18\" valign=\"top\" height=\"15\">
<td width=\"628\" height=\"15\" align=\"left\" colspan=\"3\">	<td width=\"628\" height=\"15\" align=\"left\" colspan=\"3\">


</tr>	</tr>
<tr>	<tr>
<td width=\"18\" valign=\"top\" height=\"15\">	<td width=\"18\" valign=\"top\" height=\"15\">
<td width=\"628\" height=\"15\" align=\"left\" colspan=\"3\">	<td width=\"628\" height=\"15\" align=\"left\" colspan=\"3\">
<input type=submit value=\"Send me the Confirmation\">	<input type=submit value=\"Send me the Confirmation\">
</tr>	</tr>
<input type=hidden name=action value=validate>	<input type=hidden name=action value=validate>
<input type=hidden name=mod value=lostpass>	<input type=hidden name=mod value=lostpass>
<tr>	<tr>
<td width=\"18\" height=\"27\">	<td width=\"18\" height=\"27\">
<td width=\"632\" height=\"27\" colspan=\"3\">	<td width=\"632\" height=\"27\" colspan=\"3\">
</tr></table></form>";	</tr></table></form>";

echofooter();	echofooter();

}elseif($action == "validate"){	}elseif($action == "validate"){

if(!isset($user) or !$user or $user == '' or !isset($email) or !$email or $email == ''){ msg("error", "Error !!!", "All the fields are required"); }	if(!isset($user) or !$user or $user == '' or !isset($email) or !$email or $email == ''){ msg("error", "Error !!!", "All the fields are required"); }

$found = FALSE;	$found = FALSE;
$all_users = file("./data/users.db.php");	$all_users = file("./data/users.db.php");
foreach($all_users as $user_line){	foreach($all_users as $user_line){
$user_arr = explode("\|", $user_line);	$user_arr = explode("\|", $user_line);
if($user_arr[2] == $user and $user_arr[5] == $email){ $sstring = "${user_arr[0]}${user_arr[3]}"; $found = TRUE; break;}	if($user_arr[2] == $user and $user_arr[5] == $email){ $sstring = "${user_arr[0]}${user_arr[3]}"; $found = TRUE; break;}
}	}
if(!$found){ msg("error", "Error !!!", "The username/email you enter did not match in our users database"); }	if(!$found){ msg("error", "Error !!!", "The username/email you enter did not match in our users database"); }
else{	else{

$confirm_url = "$config_http_script_dir/register.php?a=dsp&s=$sstring";	$confirm_url = "$config_http_script_dir/register.php?a=dsp&s=$sstring";
$message = "Hi,\n Someone requested your password to be changed, if this is the desired action and you want to change your password please follow this link: $confirm_url .";	$message = "Hi,\n Someone requested your password to be changed, if this is the desired action and you want to change your password please follow this link: $confirm_url .";


mail("$email", "Confirmation ( New Password for CuteNews )", $message,	mail("$email", "Confirmation ( New Password for CuteNews )", $message,
"From: no-reply@$SERVER_NAME\r\n"	"From: no-reply@$SERVER_NAME\r\n"
."X-Mailer: PHP/" . phpversion()) or die("can not send mail");	."X-Mailer: PHP/" . phpversion()) or die("can not send mail");

msg('info','Confirmation Email',"A confirmation email was sent, please check your inbox for further details.");	msg('info','Confirmation Email',"A confirmation email was sent, please check your inbox for further details.");
}	}


//Do Send Password	//Do Send Password
}elseif($a == "dsp"){	}elseif($a == "dsp"){

if($s == "" or !$s){ msg("error", "Error !!!", "All fields are required"); }	if($s == "" or !$s){ msg("error", "Error !!!", "All fields are required"); }
$found = FALSE;	$found = FALSE;
$all_users = file("./data/users.db.php");	$all_users = file("./data/users.db.php");
foreach($all_users as $user_line){	foreach($all_users as $user_line){
$user_arr = explode("\|", $user_line);	$user_arr = explode("\|", $user_line);
if($s == "${user_arr[0]}${user_arr[3]}"){ $found = TRUE; break;}	if($s == "${user_arr[0]}${user_arr[3]}"){ $found = TRUE; break;}
}	}
if(!$found){ msg("error", "Error !!!", "invalid string"); }	if(!$found){ msg("error", "Error !!!", "invalid string"); }
else{	else{

$salt = "abchefghjkmnpqrstuvwxyz0123456789";	$salt = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*1000000);	srand((double)microtime()*1000000);
for($i=0;$i<9;$i++){	for($i=0;$i<9;$i++){
$new_pass .= $salt{rand(0,33)};	$new_pass .= $salt{rand(0,33)};
}	}
$md5_pass = md5($new_pass);	$md5_pass = md5($new_pass);

$old_db = file("./data/users.db.php");	$old_db = file("./data/users.db.php");
$new_db = fopen("./data/users.db.php", w);	$new_db = fopen("./data/users.db.php", w);
foreach($old_db as $old_db_line){	foreach($old_db as $old_db_line){
$old_db_arr = explode("\|", $old_db_line);	$old_db_arr = explode("\|", $old_db_line);
if($s != "${old_db_arr[0]}${old_db_arr[3]}"){	if($s != "${old_db_arr[0]}${old_db_arr[3]}"){
fwrite($new_db,"$old_db_line");	fwrite($new_db,"$old_db_line");
}else{	}else{
fwrite($new_db,"$old_db_arr[0]\|$old_db_arr[1]\|$old_db_arr[2]\|$md5_pass\|$old_db_arr[4]\|$old_db_arr[5]\|$old_db_arr[6]\|$old_db_arr[7]\|\|\|\n");	fwrite($new_db,"$old_db_arr[0]\|$old_db_arr[1]\|$old_db_arr[2]\|$md5_pass\|$old_db_arr[4]\|$old_db_arr[5]\|$old_db_arr[6]\|$old_db_arr[7]\|\|\|\n");
}	}
}	}
fclose($new_db);	fclose($new_db);

$message = "Hi $user_arr[2],\n Your new password for CuteNews is $new_pass, please after you login change this password.";	$message = "Hi $user_arr[2],\n Your new password for CuteNews is $new_pass, please after you login change this password.";

mail("$user_arr[5]", "Your New Password for CuteNews", $message,	mail("$user_arr[5]", "Your New Password for CuteNews", $message,
"From: no-reply@$SERVER_NAME\r\n"	"From: no-reply@$SERVER_NAME\r\n"
."X-Mailer: PHP/" . phpversion()) or die("can not send mail");	."X-Mailer: PHP/" . phpversion()) or die("can not send mail");


msg("info", "Password Sent", "The new password for <b> $user_arr[2]</b> was sent to the email.");	msg("info", "Password Sent", "The new password for <b> $user_arr[2]</b> was sent to the email.");
}	}

}else{	}else{
if($config_allow_registration != "yes"){ msg("error","Error", "User registration is Disabled"); }	if($config_allow_registration != "yes"){ msg("error","Error", "User registration is Disabled"); }
echoheader("user", "User Registration");	echoheader("user", "User Registration");

echo<<<HTML	echo<<<HTML
<table leftmargin=0 marginheight=0 marginwidth=0 topmargin=0 border=0 height=100% cellspacing=0>	<table leftmargin=0 marginheight=0 marginwidth=0 topmargin=0 border=0 height=100% cellspacing=0>
<form name=login action="$PHP_SELF" method=post>	<form name=login action="$PHP_SELF" method=post>
<tr>	<tr>
<td width=80>Username: </td>	<td width=80>Username: </td>
<td><input tabindex=1 type=text name=regusername style="width:134" size="20"></td>	<td><input tabindex=1 type=text name=regusername style="width:134" size="20"></td>
</tr>	</tr>
<tr>	<tr>
<td width=80>Nickname: </td>	<td width=80>Nickname: </td>
<td><input tabindex=1 type=text name=regnickname style="width:134" size="20"></td>	<td><input tabindex=1 type=text name=regnickname style="width:134" size="20"></td>
</tr>	</tr>
<tr>	<tr>
<td width=80>Password: </td>	<td width=80>Password: </td>
<td><input tabindex=1 type=text name=regpassword style="width:134" size="20"></td>	<td><input tabindex=1 type=text name=regpassword style="width:134" size="20"></td>
</tr>	</tr>
<tr>	<tr>
<td width=80>Email: </td>	<td width=80>Email: </td>
<td><input tabindex=1 type=text name=regemail style="width:134" size="20"></td>	<td><input tabindex=1 type=text name=regemail style="width:134" size="20"></td>
</tr>	</tr>
<tr>	<tr>
<td></td>	<td></td>
<td ><input accesskey="s" type=submit style="background-color: #F3F3F3;" value='Register'></td>	<td ><input accesskey="s" type=submit style="background-color: #F3F3F3;" value='Register'></td>
</tr>	</tr>
<tr>	<tr>
<td align=center colspan=2>$result</td>	<td align=center colspan=2>$result</td>
</tr>	</tr>
<input type=hidden name=action value=doregister>	<input type=hidden name=action value=doregister>
</form>	</form>
</table>	</table>
HTML;	HTML;

echofooter();	echofooter();

}	}
?>	?>