Kod: Markera allt
<?php
/***************************************************************************
* usercp_register.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id: usercp_register.php,v 1.20.2.57 2004/03/25 15:57:20 acydburn Exp $
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
exit;
}
function gen_reg_key()
{
$key = "";
$max_length_reg_key = 5;
$chars = array(
"a","b","c","d","e","f","g","h","i","j","k","l","m",
"n","o","p","q","r","s","t","u","v","w","x","y","z");
$count = count($chars) - 1;
srand((double)microtime()*1000000);
for($i = 0; $i < $max_length_reg_key; $i++)
{
$key .= $chars[rand(0, $count)];
}
return($key);
}
$unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#');
$unhtml_specialchars_replace = array('>', '<', '"', '&');
// ---------------------------------------
// Load agreement template since user has not yet
// agreed to registration conditions/coppa
//
//
// CBACK CrackerTracker Register Flood Protection
//
if($ctracker_config['regblock'] == 1 && $HTTP_GET_VARS['mode'] == 'register')
{
if($ctracker_config['lastreg'] >= time())
{
$lregtimestamp = $ctracker_config['lastreg'];
$waittime = 0;
$waittime = $lregtimestamp - time();
$waitmsg = '';
$waitmsg = sprintf($lang['ct_forum_rfl'], $waittime);
message_die(GENERAL_MESSAGE, $waitmsg);
}
if(!empty($HTTP_SERVER_VARS['REMOTE_ADDR']) && $ctracker_config['lastreg_ip'] == $HTTP_SERVER_VARS['REMOTE_ADDR'])
{
// If the same IP wants to register we block this for 400 Seconds
if($ctracker_config['lastreg'] + 400 >= time())
{
message_die(GENERAL_MESSAGE, $lang['ct_forum_ifl']);
}
}
}
function show_coppa()
{
global $userdata, $template, $lang, $phpbb_root_path, $phpEx;
$template->set_filenames(array(
'body' => 'agreement.tpl')
);
$template->assign_vars(array(
'REGISTRATION' => $lang['Registration'],
'AGREEMENT' => $lang['Reg_agreement'],
"AGREE_OVER_13" => $lang['Agree_over_13'],
"AGREE_UNDER_13" => $lang['Agree_under_13'],
'DO_NOT_AGREE' => $lang['Agree_not'],
"U_AGREE_OVER13" => append_sid("profile.$phpEx?mode=register&agreed=true"),
"U_AGREE_UNDER13" => append_sid("profile.$phpEx?mode=register&agreed=true&coppa=true"))
);
$template->pparse('body');
}
//
// ---------------------------------------
$error = FALSE;
$error_msg = '';
$page_title = ( $mode == 'editprofile' ) ? $lang['Edit_profile'] : $lang['Register'];
if ( $mode == 'register' && !isset($HTTP_POST_VARS['agreed']) && !isset($HTTP_GET_VARS['agreed']) )
{
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
show_coppa();
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
$coppa = ( empty($HTTP_POST_VARS['coppa']) && empty($HTTP_GET_VARS['coppa']) ) ? 0 : TRUE;
//
// Check and initialize some variables if needed
//
if (
isset($HTTP_POST_VARS['submit']) ||
isset($HTTP_POST_VARS['avatargallery']) ||
isset($HTTP_POST_VARS['submitavatar']) ||
isset($HTTP_POST_VARS['cancelavatar']) ||
$mode == 'register' )
{
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
include($phpbb_root_path . 'includes/functions_post.'.$phpEx);
if ( $mode == 'editprofile' )
{
$user_id = intval($HTTP_POST_VARS['user_id']);
$current_email = trim(htmlspecialchars($HTTP_POST_VARS['current_email']));
}
$strip_var_list = array('email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests', 'car_mark' => 'car_mark', 'car_mark_choice' => 'car_mark_choice', 'car_model' => 'car_model', 'car_model_choice' => 'car_model_choice', 'car_year' => 'car_year', 'car_year_choice' => 'car_year_choice', 'car_engine' => 'car_engine', 'car_engine_choice' => 'car_engine_choice', 'car_wheel' => 'car_wheel', 'car_trans' => 'car_trans', 'car_color' => 'car_color', 'car_rt' => 'car_rt', 'car_sixty' => 'car_sixty', 'car_three' => 'car_three', 'car_eigth' => 'car_eigth', 'car_eigthm' => 'car_eigthm', 'car_thou' => 'car_thou', 'car_quart' => 'car_quart', 'car_quartm' => 'car_quartm', 'mod_engine' => 'mod_engine', 'mod_exterior' => 'mod_exterior', 'mod_interior' => 'mod_interior', 'mod_rims' => 'mod_rims', 'mod_audio' => 'mod_audio', 'mod_future' => 'mod_future', 'confirm_code' => 'confirm_code', 'abq_aw' => $board_config['anti_bot_quest_get'], 'idabq' => 'idabq', 'name_first' => 'name_first', 'name_last' => 'name_last', 'info' => 'info');
// Begin Map Mod
$strip_vars_mapmod = array('longitude' => 'longitude', 'latitude' => 'latitude');
$strip_var_list = array_merge ($strip_var_list, $strip_vars_mapmod);
// End Map Mod
// Strip all tags from data ... may p**s some people off, bah, strip_tags is
// doing the job but can still break HTML output ... have no choice, have
// to use htmlspecialchars ... be prepared to be moaned at.
while( list($var, $param) = @each($strip_var_list) )
{
if ( !empty($HTTP_POST_VARS[$param]) )
{
$$var = trim(htmlspecialchars($HTTP_POST_VARS[$param]));
}
}
$username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$trim_var_list = array('cur_password' => 'cur_password', 'new_password' => 'new_password', 'password_confirm' => 'password_confirm', 'signature' => 'signature');
while( list($var, $param) = @each($trim_var_list) )
{
if ( !empty($HTTP_POST_VARS[$param]) )
{
$$var = trim($HTTP_POST_VARS[$param]);
}
}
$signature = (isset($signature)) ? str_replace('<br />', "\n", $signature) : '';
$signature_bbcode_uid = '';
// Start add - Gender MOD
$gender = ( isset($HTTP_POST_VARS['gender']) ) ? intval ($HTTP_POST_VARS['gender']) : 0;
// End add - Gender MOD
// Start add - Birthday MOD
if (isset($HTTP_POST_VARS['birthday']) )
{
$birthday = intval ($HTTP_POST_VARS['birthday']);
if ($birthday!=999999)
{
$b_day = realdate('j',$birthday);
$b_md = realdate('n',$birthday);
$b_year = realdate('Y',$birthday);
}
} else
{
$b_day = ( isset($HTTP_POST_VARS['b_day']) ) ? intval ($HTTP_POST_VARS['b_day']) : 0;
$b_md = ( isset($HTTP_POST_VARS['b_md']) ) ? intval ($HTTP_POST_VARS['b_md']) : 0;
$b_year = ( isset($HTTP_POST_VARS['b_year']) ) ? intval ($HTTP_POST_VARS['b_year']) : 0;
if ($b_day && $b_md && $b_year)
{
$birthday = mkrealdate($b_day,$b_md,$b_year);
} else
{
$birthday = 999999;
}
}
// End add - Birthday MOD
// Run some validation on the optional fields. These are pass-by-ref, so they'll be changed to
// empty strings if they fail.
validate_optional_fields($icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $user_absence_text);
// The humanizer MOD
$ruhuman = ( isset($HTTP_POST_VARS['ruhuman']) ) ? ( ($HTTP_POST_VARS['ruhuman']) ? TRUE : 0 ) : 0;
$viewemail = ( isset($HTTP_POST_VARS['viewemail']) ) ? ( ($HTTP_POST_VARS['viewemail']) ? TRUE : 0 ) : 0;
$user_allow_new_img_popup = ( isset($HTTP_POST_VARS['user_allow_new_img_popup']) ) ? ( ($HTTP_POST_VARS['user_allow_new_img_popup']) ? TRUE : 0 ) : 0;
$user_absence_mode = abs( intval($HTTP_POST_VARS['user_absence_mode']) );
$user_absence = ( isset($HTTP_POST_VARS['user_absence']) ) ? ( ($HTTP_POST_VARS['user_absence']) ? TRUE : 0 ) : 0;
$user_absence_text = htmlspecialchars($HTTP_POST_VARS['user_absence_text']);
$allowviewonline = ( isset($HTTP_POST_VARS['hideonline']) ) ? ( ($HTTP_POST_VARS['hideonline']) ? 0 : TRUE ) : TRUE;
$notifyreply = ( isset($HTTP_POST_VARS['notifyreply']) ) ? ( ($HTTP_POST_VARS['notifyreply']) ? TRUE : 0 ) : 0;
$notifypm = ( isset($HTTP_POST_VARS['notifypm']) ) ? ( ($HTTP_POST_VARS['notifypm']) ? TRUE : 0 ) : TRUE;
$popup_pm = ( isset($HTTP_POST_VARS['popup_pm']) ) ? ( ($HTTP_POST_VARS['popup_pm']) ? TRUE : 0 ) : TRUE;
$setbm = ( isset($HTTP_POST_VARS['setbm']) ) ? ( ($HTTP_POST_VARS['setbm']) ? TRUE : 0 ) : 0;
if ( $mode == 'register' )
{
$attachsig = ( isset($HTTP_POST_VARS['attachsig']) ) ? ( ($HTTP_POST_VARS['attachsig']) ? TRUE : 0 ) : $board_config['allow_sig'];
$allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $board_config['allow_html'];
$allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $board_config['allow_bbcode'];
$allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? ( ($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) : $board_config['allow_smilies'];
}
else
{
$attachsig = ( isset($HTTP_POST_VARS['attachsig']) ) ? ( ($HTTP_POST_VARS['attachsig']) ? TRUE : 0 ) : $userdata['user_attachsig'];
$allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $userdata['user_allowhtml'];
$allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $userdata['user_allowbbcode'];
$allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? ( ($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) : $userdata['user_allowsmile'];
}
$user_style = ( isset($HTTP_POST_VARS['style']) ) ? intval($HTTP_POST_VARS['style']) : $board_config['default_style'];
if ( !empty($HTTP_POST_VARS['language']) )
{
if ( preg_match('/^[a-z_]+$/i', $HTTP_POST_VARS['language']) )
{
$user_lang = htmlspecialchars($HTTP_POST_VARS['language']);
}
else
{
$error = true;
$error_msg = $lang['Fields_empty'];
}
}
else
{
$user_lang = $board_config['default_lang'];
}
$user_timezone = ( isset($HTTP_POST_VARS['timezone']) ) ? doubleval($HTTP_POST_VARS['timezone']) : $board_config['board_timezone'];
// FLAGHACK-start
$user_flag = ( !empty($HTTP_POST_VARS['user_flag']) ) ? $HTTP_POST_VARS['user_flag'] : '' ;
// FLAGHACK-end
$sql = "SELECT config_value
FROM " . CONFIG_TABLE . "
WHERE config_name = 'default_dateformat'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select default dateformat', '', __LINE__, __FILE__, $sql);
}
// We remove all stored login keys since the password has been updated
// and change the current one (if applicable)
if ( !empty($passwd_sql) )
{
session_reset_keys($user_id, $user_ip);
}
$row = $db->sql_fetchrow($result);
$board_config['default_dateformat'] = $row['config_value'];
$user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['dateformat'])) : $board_config['default_dateformat'];
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarselect']) : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
$user_avatar_category = ( isset($HTTP_POST_VARS['avatarcatname']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarcatname']) : '' ;
$user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['avatarremoteurl'])) : '';
$user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' );
$user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : '';
$user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0;
$user_avatar_filetype = ( !empty($HTTP_POST_FILES['avatar']['type']) ) ? $HTTP_POST_FILES['avatar']['type'] : '';
$user_avatar = ( empty($user_avatar_local) && $mode == 'editprofile' ) ? $userdata['user_avatar'] : '';
$user_avatar_type = ( empty($user_avatar_local) && $mode == 'editprofile' ) ? $userdata['user_avatar_type'] : '';
// Begin Map Mod
$longitude = ( !empty($HTTP_POST_VARS['longitude']) ) ? str_replace(',','.',trim(strip_tags( $HTTP_POST_VARS['longitude'] ) ) ) : '';
$latitude = ( !empty($HTTP_POST_VARS['latitude']) ) ? str_replace(',','.',trim(strip_tags( $HTTP_POST_VARS['latitude'] ) ) ) : '';
// End Map Mod
if ( (isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar'])) && (!isset($HTTP_POST_VARS['submit'])) )
{
$username = stripslashes($username);
$name_first = stripslashes($name_first);
$name_last = stripslashes($name_last);
$email = stripslashes($email);
$cur_password = htmlspecialchars(stripslashes($cur_password));
$new_password = htmlspecialchars(stripslashes($new_password));
$password_confirm = htmlspecialchars(stripslashes($password_confirm));
$icq = stripslashes($icq);
$aim = stripslashes($aim);
$msn = stripslashes($msn);
$yim = stripslashes($yim);
$website = stripslashes($website);
$location = stripslashes($location);
$occupation = stripslashes($occupation);
$interests = stripslashes($interests);
//
// START Joe's Car Mod
//
$car_mark = stripslashes($car_mark);
$car_mark_choice = stripslashes($car_mark_choice);
$car_model = stripslashes($car_model);
$car_model_choice = stripslashes($car_model_choice);
$car_year = stripslashes($car_year);
$car_year_choice = stripslashes($car_year_choice);
$car_engine = stripslashes($car_engine);
$car_engine_choice = stripslashes($car_engine_choice);
$car_wheel = stripslashes($car_wheel);
$car_trans = stripslashes($car_trans);
$car_color = stripslashes($car_color);
$car_rt = stripslashes($car_rt);
$car_sixty = stripslashes($car_sixty);
$car_three = stripslashes($car_three);
$car_eigth = stripslashes($car_eigth);
$car_eigthm = stripslashes($car_eigthm);
$car_thou = stripslashes($car_thou);
$car_quart = stripslashes($car_quart);
$car_quartm = stripslashes($car_quartm);
$mod_engine = stripslashes($mod_engine);
$mod_exterior = stripslashes($mod_exterior);
$mod_interior = stripslashes($mod_interior);
$mod_rims = stripslashes($mod_rims);
$mod_audio = stripslashes($mod_audio);
$mod_future = stripslashes($mod_future);
//
// END Joe's Car Mod
//
$info = stripslashes($info);
$user_absence_text = stripslashes($user_absence_text);
$signature = htmlspecialchars(stripslashes($signature));
$user_lang = stripslashes($user_lang);
$user_dateformat = stripslashes($user_dateformat);
if ( !isset($HTTP_POST_VARS['cancelavatar']))
{
$user_avatar = $user_avatar_category . '/' . $user_avatar_local;
$user_avatar_type = USER_AVATAR_GALLERY;
}
}
}
//
// Let's make sure the user isn't logged in while registering,
// and ensure that they were trying to register a second time
// (Prevents double registrations)
//
if ($mode == 'register' && ($userdata['session_logged_in'] || $username == $userdata['username']))
{
message_die(GENERAL_MESSAGE, $lang['Username_taken'], '', __LINE__, __FILE__);
}
//
// Did the user submit? In this case build a query to update the users profile in the DB
//
if ( isset($HTTP_POST_VARS['submit']) )
{
include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);
$passwd_sql = '';
if ( $mode == 'editprofile' )
{
if ( $user_id != $userdata['user_id'] )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Wrong_Profile'];
}
///
/// Begin Names in Profile MOD
///
if ( $board_config['name_first_required'] )
{
if ( empty($name_first) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['name_first_empty'];
}
}
if ( $board_config['name_last_required'] )
{
if ( empty($name_last) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['name_last_empty'];
}
}
///
/// End Names in Profile MOD
///
}
else if ( $mode == 'register' )
{
///
/// Begin Names in Profile MOD
///
if ( $board_config['name_first_required'] )
{
if ( empty($name_first) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['name_first_empty'];
}
}
if ( $board_config['name_last_required'] )
{
if ( empty($name_last) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['name_last_empty'];
}
}
///
/// End Names in Profile MOD
///
if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty'];
}
//
// Anti Robotic Registration
//
$sql = "SELECT * FROM " . ANTI_ROBOT_TABLE . " WHERE session_id = '" . $userdata['session_id'] . "' LIMIT 1";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not obtain registration information', '', __LINE__, __FILE__, $sql);
}
$anti_robot_row = $db->sql_fetchrow($result);
if (( strtolower($HTTP_POST_VARS['reg_key']) != $anti_robot_row['reg_key'] ) or ($anti_robot_row['reg_key'] == ''))
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Wrong_reg_key'];
}
else
{
$sql = "DELETE FROM " . ANTI_ROBOT_TABLE . " WHERE session_id = '" . $userdata['session_id'] . "'";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete validation key', '', __LINE__, __FILE__, $sql);
}
}
// --------------------------
//
}
$passwd_sql = '';
if ( !empty($new_password) && !empty($password_confirm) )
{
// Start add - Protect user account MOD
// validate that the password is complex
$result = validate_complex_password ($username, $new_password);
if ( $result['error'] )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
}
// End add - Protect user account MOD
if ( $new_password != $password_confirm )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch'];
}
else if ( strlen($new_password) > 32 )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_long'];
}
else
{
if ( $mode == 'editprofile' )
{
$sql = "SELECT user_password
FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user_password information', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
if ( $row['user_password'] != md5($cur_password) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Current_password_mismatch'];
}
}
if ( !$error )
{
$new_password = md5($new_password);
$passwd_sql = "user_password = '$new_password', ";
}
}
}
else if ( ( empty($new_password) && !empty($password_confirm) ) || ( !empty($new_password) && empty($password_confirm) ) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch'];
}
//
// Do a ban check on this email address
//
if ( $email != $userdata['user_email'] || $mode == 'register' )
{
$result = validate_email($email);
if ( $result['error'] )
{
$email = $userdata['user_email'];
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
}
if ( $mode == 'editprofile' )
{
$sql = "SELECT user_password
FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user_password information', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
if ( $row['user_password'] != md5($cur_password) )
{
$email = $userdata['user_email'];
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Current_password_mismatch'];
}
}
}
// The humanizer MOD
if (!$ruhuman && $mode == 'register')
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Are_u_human_wrong'];
}
$username_sql = '';
if ( $board_config['allow_namechange'] || $mode == 'register' )
{
if ( empty($username) )
{
// Error is already triggered, since one field is empty.
$error = TRUE;
}
else if ( $username != $userdata['username'] || $mode == 'register' )
{
if (strtolower($username) != strtolower($userdata['username']) || $mode == 'register')
{
$result = validate_username($username);
if ( $result['error'] )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
}
}
if (!$error)
{
$username_sql = "username = '" . str_replace("\'", "''", $username) . "', ";
}
}
}
if ( $signature != '' )
{
if ( strlen($signature) > $board_config['max_sig_chars'] )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Signature_too_long'];
}
if ( !isset($signature_bbcode_uid) || $signature_bbcode_uid == '' )
{
$signature_bbcode_uid = ( $allowbbcode ) ? make_bbcode_uid() : '';
}
$signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid);
}
if ( $website != '' )
{
rawurlencode($website);
}
$avatar_sql = '';
if ( isset($HTTP_POST_VARS['avatardel']) && $mode == 'editprofile' )
{
$avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
}
else
if ( ( !empty($user_avatar_upload) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] )
{
if ( !empty($user_avatar_upload) )
{
$avatar_mode = (empty($user_avatar_name)) ? 'remote' : 'local';
$avatar_sql = user_avatar_upload($mode, $avatar_mode, $userdata['user_avatar'], $userdata['user_avatar_type'], $error, $error_msg, $user_avatar_upload, $user_avatar_name, $user_avatar_size, $user_avatar_filetype);
}
else if ( !empty($user_avatar_name) )
{
$l_avatar_size = sprintf($lang['Avatar_filesize'], round($board_config['avatar_filesize'] / 1024));
$error = true;
$error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $l_avatar_size;
}
}
else if ( $user_avatar_remoteurl != '' && $board_config['allow_avatar_remote'] )
{
user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
$avatar_sql = user_avatar_url($mode, $error, $error_msg, $user_avatar_remoteurl);
}
else if ( $user_avatar_local != '' && $board_config['allow_avatar_local'] )
{
user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
$avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local, $user_avatar_category);
}
// Start add - Birthday MOD
// find the birthday values, reflected by the $lang['Submit_date_format']
if ($b_day || $b_md || $b_year) //if a birthday is submited, then validate it
{
$user_age=(date('md')>=$b_md.(($b_day <= 9) ? '0':'').$b_day) ? date('Y') - $b_year : date('Y') - $b_year - 1 ;
// Check date, maximum / minimum user age
if (!checkdate($b_md,$b_day,$b_year))
{
$error = TRUE;
if( isset($error_msg) )$error_msg .= "<br />";
$error_msg .= $lang['Wrong_birthday_format'];
} else
if ($user_age>$board_config['max_user_age'])
{
$error = TRUE;
if( isset($error_msg) )$error_msg .= "<br />";
$error_msg .= sprintf($lang['Birthday_to_high'],$board_config['max_user_age']);
} else
if ($user_age<$board_config['min_user_age'])
{
$error = TRUE;
if( isset($error_msg) )$error_msg .= "<br />";
$error_msg .= sprintf($lang['Birthday_to_low'],$board_config['min_user_age']);
} else
{
$birthday = ($error) ? $birthday : mkrealdate($b_day,$b_md,$b_year);
$next_birthday_greeting = (date('md')<$b_md.(($b_day <= 9) ? '0':'').$b_day) ? date('Y'):date('Y')+1 ;
}
} else
{
if ($board_config['birthday_required'])
{
$error = TRUE;
if( isset($error_msg) )$error_msg .= "<br />";
$error_msg .= sprintf($lang['Birthday_require']);
}
$birthday = 999999;
}
// End add - Birthday MOD
if ( !$error )
{
if ( $avatar_sql == '' )
{
$avatar_sql = ( $mode == 'editprofile' ) ? '' : "'', " . USER_AVATAR_NONE;
}
if ( $mode == 'editprofile' )
{
if ( $email != $userdata['user_email'] && $board_config['require_activation'] != USER_ACTIVATION_NONE && $userdata['user_level'] != ADMIN )
{
$user_active = 0;
$user_actkey = gen_rand_string(true);
$key_len = 54 - ( strlen($server_url) );
$key_len = ( $key_len > 6 ) ? $key_len : 6;
$user_actkey = substr($user_actkey, 0, $key_len);
if ( $userdata['session_logged_in'] )
{
session_end($userdata['session_id'], $userdata['user_id']);
}
}
else
{
$user_active = 'user_active';
$user_actkey = 'user_actkey';
// Start add - Protect user account MOD
$passwd_sql .= (empty($passwd_sql)) ? "" : " user_passwd_change=".time().",";
// End add - Protect user account MOD
}
$car_engine_choice = ($car_engine_choice == $lang['Car_Engine_Choice']['0']) ? '' : $car_engine_choice;
$car_mark_choice = ($car_mark_choice == $lang['Car_Mark_Choice']['0']) ? '' : $car_mark_choice;
$car_model_choice = ($car_model_choice == $lang['Car_Model_Choice']['0']) ? '' : $car_model_choice;
$car_year_choice = ($car_year_choice == $lang['Car_Year_Choice']['0']) ? '' : $car_year_choice;
$sql = "UPDATE " . USERS_TABLE . "
SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\'", "''", $email) ."', user_icq = '" . str_replace("\'", "''", $icq) . "', user_website = '" . str_replace("\'", "''", $website) . "', user_occ = '" . str_replace("\'", "''", $occupation) . "', user_from = '" . str_replace("\'", "''", $location) . "', user_from_flag = '$user_flag', user_interests = '" . str_replace("\'", "''", $interests) . "', user_car_mark = '" . str_replace("\'", "''", $car_mark) . "', user_car_mark_choice = '" . str_replace("\'", "''", $car_mark_choice) . "', user_car_model = '" . str_replace("\'", "''", $car_model) . "', user_car_model_choice = '" . str_replace("\'", "''", $car_model_choice) . "', user_car_year = '" . str_replace("\'", "''", $car_year) . "', user_car_year_choice = '" . str_replace("\'", "''", $car_year_choice) . "', user_car_engine = '" . str_replace("\'", "''", $car_engine) . "', user_car_engine_choice = '" . str_replace("\'", "''", $car_engine_choice) . "', user_car_wheel = '" . str_replace("\'", "''", $car_wheel) . "', user_car_trans = '" . str_replace("\'", "''", $car_trans) . "', user_car_color = '" . str_replace("\'", "''", $car_color) . "', user_car_rt = '" . str_replace("\'", "''", $car_rt) . "', user_car_sixty = '" . str_replace("\'", "''", $car_sixty) . "', user_car_three = '" . str_replace("\'", "''", $car_three) . "', user_car_eigth = '" . str_replace("\'", "''", $car_eigth) . "', user_car_eigthm = '" . str_replace("\'", "''", $car_eigthm) . "', user_car_thou = '" . str_replace("\'", "''", $car_thou) . "', user_car_quart = '" . str_replace("\'", "''", $car_quart) . "', user_car_quartm = '" . str_replace("\'", "''", $car_quartm) . "', user_mod_engine = '" . str_replace("\'", "''", $mod_engine) . "', user_mod_exterior = '" . str_replace("\'", "''", $mod_exterior) . "', user_mod_interior = '" . str_replace("\'", "''", $mod_interior) . "', user_mod_rims = '" . str_replace("\'", "''", $mod_rims) . "', user_mod_audio = '" . str_replace("\'", "''", $mod_audio) . "', user_mod_future = '" . str_replace("\'", "''", $mod_future) . "', user_name_first = '" . str_replace("\'", "''", $name_first) . "', user_name_last = '" . str_replace("\'", "''", $name_last) . "', user_allow_new_img_popup = $user_allow_new_img_popup, user_modell = '" . str_replace("\'", "''", $info) . "', user_absence_mode = $user_absence_mode, user_absence = $user_absence, user_absence_text = '" . str_replace("\'", "''", $user_absence_text) . "', user_birthday = '$birthday', user_next_birthday_greeting = '$next_birthday_greeting', user_viewemail = $viewemail, user_aim = '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', user_yim = '" . str_replace("\'", "''", $yim) . "', user_msnm = '" . str_replace("\'", "''", $msn) . "', user_attachsig = $attachsig, user_setbm = $setbm, user_allowsmile = $allowsmilies, user_allowhtml = $allowhtml, user_allowbbcode = $allowbbcode, user_allow_viewonline = $allowviewonline, user_notify = $notifyreply, user_notify_pm = $notifypm, user_popup_pm = $popup_pm, user_timezone = $user_timezone, user_dateformat = '" . str_replace("\'", "''", $user_dateformat) . "', user_lang = '" . str_replace("\'", "''", $user_lang) . "', user_style = $user_style, user_active = $user_active, user_actkey = '$user_actkey'" . $avatar_sql . ", user_gender = '$gender'
WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
}
// Begin Map Mod
$sql = "SELECT user_id
FROM ". MAP_MOD_USER_TABLE . "
WHERE user_id = $user_id ";
if (! $result = $db->sql_query($sql)) {
message_die(GENERAL_ERROR, 'Could not get map data.', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
if ($row['user_id']==$user_id) {
$sql = "DELETE
FROM " . MAP_MOD_USER_TABLE . "
WHERE user_id = $user_id ";
if (! $result = $db->sql_query($sql)) {
message_die(GENERAL_ERROR, 'Could not delete map data.', '', __LINE__, __FILE__, $sql);
}
}
if (((float)$longitude != 0.0) || ((float)$latitude != 0.0)) {
$sql = "INSERT INTO " .MAP_MOD_USER_TABLE. "
VALUES (" . intval($user_id) . ", " . (float)$longitude . "," . (float)$latitude. ")";
if(! $result = $db->sql_query($sql)) {
message_die(GENERAL_ERROR, 'Could not update map table.', '', __LINE__, __FILE__, $sql);
}
}
// End Map Mod
if ( !$user_active )
{
//
// The users account has been deactivated, send them an email with a new activation key
//
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer($board_config['smtp_delivery']);
if ( $board_config['require_activation'] != USER_ACTIVATION_ADMIN )
{
$emailer->from($board_config['board_email']);
$emailer->replyto($board_config['board_email']);
$emailer->use_template('user_activate', stripslashes($user_lang));
$emailer->email_address($email);
$emailer->set_subject($lang['Reactivate']);
$emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'],
'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)),
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
);
$emailer->send();
$emailer->reset();
}
else if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
{
$sql = 'SELECT user_email, user_lang
FROM ' . USERS_TABLE . '
WHERE user_level = ' . ADMIN;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select Administrators', '', __LINE__, __FILE__, $sql);
}
while ($row = $db->sql_fetchrow($result))
{
$emailer->from($board_config['board_email']);
$emailer->replyto($board_config['board_email']);
$emailer->email_address(trim($row['user_email']));
$emailer->use_template("admin_activate", $row['user_lang']);
$emailer->set_subject($lang['Reactivate']);
$emailer->assign_vars(array(
'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\'", "'", $username), 0, 25)),
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
);
$emailer->send();
$emailer->reset();
}
$db->sql_freeresult($result);
}
$message = $lang['Profile_updated_inactive'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("portal.$phpEx") . '">', '</a>');
}
else
{
$message = $lang['Profile_updated'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("portal.$phpEx") . '">', '</a>');
}
$template->assign_vars(array(
"META" => '<meta http-equiv="refresh" content="5;url=' . append_sid("portal.$phpEx") . '">')
);
message_die(GENERAL_MESSAGE, $message);
}
else
{
$sql = "SELECT MAX(user_id) AS total
FROM " . USERS_TABLE;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
}
if ( !($row = $db->sql_fetchrow($result)) )
{
message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
}
$user_id = $row['total'] + 1;
// CBACK CrackerTracker Register Flood Protection
$stime = time() + $ctracker_config['regtime'];
$sql = "UPDATE " . CTRACK . " SET value = " . $stime . " WHERE name = 'lastreg'";
$db->sql_query($sql);
if(!empty($HTTP_SERVER_VARS['REMOTE_ADDR']))
{
$sql = "UPDATE " . CTRACK . " SET value = '" . $HTTP_SERVER_VARS['REMOTE_ADDR'] . "' WHERE name = 'lastreg_ip'";
if( !$db->sql_query($sql))
{
message_die(CRITICAL_ERROR, "Could not perform Database operation", "", __LINE__, __FILE__, $sql);
}
}
// END CBACK CrackerTracker Register Flood Protection
//
// Get current date
//
$sql = "INSERT INTO " . USERS_TABLE . " (user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_from_flag, user_interests, user_car_mark, user_car_mark_choice, user_car_model, user_car_model_choice, user_car_year, user_car_year_choice, user_car_engine, user_car_engine_choice, user_car_wheel, user_car_trans, user_car_color, user_car_rt, user_car_sixty, user_car_three, user_car_eigth, user_car_eigthm, user_car_thou, user_car_quart, user_car_quartm, user_mod_engine, user_mod_exterior, user_mod_interior, user_mod_rims, user_mod_audio, user_mod_future, user_name_first, user_name_last, user_allow_new_img_popup, user_modell, user_absence_mode, user_absence, user_absence_text, user_sig, user_sig_bbcode_uid, user_avatar, user_avatar_type, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_setbm, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_timezone, user_dateformat, user_lang, user_style, user_gender, user_level, user_allow_pm, user_birthday, user_next_birthday_greeting, user_passwd_change, user_active, user_actkey)
VALUES ($user_id, '" . str_replace("\'", "''", $username) . "', " . time() . ", '" . str_replace("\'", "''", $new_password) . "', '" . str_replace("\'", "''", $email) . "', '" . str_replace("\'", "''", $icq) . "', '" . str_replace("\'", "''", $website) . "', '" . str_replace("\'", "''", $occupation) . "', '" . str_replace("\'", "''", $location) . "', '$user_flag', '" . str_replace("\'", "''", $interests) . "', '" . str_replace("\'", "''", $car_mark) . "', '" . str_replace("\'", "''", $car_mark_choice) . "', '" . str_replace("\'", "''", $car_model) . "', '" . str_replace("\'", "''", $car_model_choice) . "', '" . str_replace("\'", "''", $car_year) . "', '" . str_replace("\'", "''", $car_year_choice) . "', '" . str_replace("\'", "''", $car_engine) . "', '" . str_replace("\'", "''", $car_engine_choice) . "', '" . str_replace("\'", "''", $car_wheel) . "', '" . str_replace("\'", "''", $car_trans) . "', '" . str_replace("\'", "''", $car_color) . "', '" . str_replace("\'", "''", $car_rt) . "', '" . str_replace("\'", "''", $car_sixty) . "', '" . str_replace("\'", "''", $car_three) . "', '" . str_replace("\'", "''", $car_eigth) . "', '" . str_replace("\'", "''", $car_eigthm) . "', '" . str_replace("\'", "''", $car_thou) . "', '" . str_replace("\'", "''", $car_quart) . "', '" . str_replace("\'", "''", $car_quartm) . "', '" . str_replace("\'", "''", $mod_engine) . "', '" . str_replace("\'", "''", $mod_exterior) . "', '" . str_replace("\'", "''", $mod_interior) . "', '" . str_replace("\'", "''", $mod_rims) . "', '" . str_replace("\'", "''", $mod_audio) . "', '" . str_replace("\'", "''", $mod_future) . "', '" . str_replace("\'", "''", $name_first) . "', '" . str_replace("\'", "''", $name_last) . "', $user_allow_new_img_popup, '" . str_replace("\'", "''", $info) . "', $user_absence_mode, $user_absence, '" . str_replace("\'", "''", $user_absence_text) . "', '" . str_replace("\'", "''", $signature) . "', '$signature_bbcode_uid', $avatar_sql, $viewemail, '" . str_replace("\'", "''", str_replace(' ', '+', $aim)) . "', '" . str_replace("\'", "''", $yim) . "', '" . str_replace("\'", "''", $msn) . "', $attachsig, $setbm, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $popup_pm, $user_timezone, '" . str_replace("\'", "''", $user_dateformat) . "', '" . str_replace("\'", "''", $user_lang) . "', $user_style, '$gender', 0, 1, '$birthday', '$next_birthday_greeting', ".time().",";
if ( $board_config['require_activation'] == USER_ACTIVATION_SELF || $board_config['require_activation'] == USER_ACTIVATION_ADMIN || $coppa )
{
$user_actkey = gen_rand_string(true);
$key_len = 54 - (strlen($server_url));
$key_len = ( $key_len > 6 ) ? $key_len : 6;
$user_actkey = substr($user_actkey, 0, $key_len);
$sql .= "0, '" . str_replace("\'", "''", $user_actkey) . "')";
}
else
{
$sql .= "1, '')";
}
if ( !($result = $db->sql_query($sql, BEGIN_TRANSACTION)) )
{
message_die(GENERAL_ERROR, 'Could not insert data into users table', '', __LINE__, __FILE__, $sql);
}
// Begin Map Mod
if (((float)$longitude != 0.0) || ((float)$latitude != 0.0)) {
$sql = "INSERT INTO " . MAP_MOD_USER_TABLE . " (user_id, longitude, latitude)
VALUES (" . intval($user_id) . ", " . (float)$longitude . "," . (float)$latitude . ")";
if(! $result = $db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not update map table.', '', __LINE__, __FILE__, $sql);
}
}
// End Map Mod
$sql = "INSERT INTO " . GROUPS_TABLE . " (group_name, group_description, group_single_user, group_moderator)
VALUES ('', 'Personal User', 1, 0)";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql);
}
$group_id = $db->sql_nextid();
$sql = "INSERT INTO " . USER_GROUP_TABLE . " (user_id, group_id, user_pending)
VALUES ($user_id, $group_id, 0)";
if( !($result = $db->sql_query($sql, END_TRANSACTION)) )
{
message_die(GENERAL_ERROR, 'Could not insert data into user_group table', '', __LINE__, __FILE__, $sql);
}
if ( $coppa )
{
$message = $lang['COPPA'];
$email_template = 'coppa_welcome_inactive';
}
else if ( $board_config['require_activation'] == USER_ACTIVATION_SELF )
{
$message = $lang['Account_inactive'];
$email_template = 'user_welcome_inactive';
}
else if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN )
{
$message = $lang['Account_inactive_admin'];
$email_template = 'admin_welcome_inactive';
}
else
{
$message = $lang['Account_added'];
$email_template = 'user_welcome';
}
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
$emailer = new emailer($board_config['smtp_delivery']);
$emailer->from($board_config['board_email']);
$emailer->replyto($board_config['board_email']);
$emailer->use_template($email_template, stripslashes($user_lang));