Author
Message
<?PHP
/* ====================
Seditio - Website engine
Copyright Neocrome & Seditio Team
http://www.neocrome.net
[BEGIN_SED]
File=users.register.inc.php
Version=175
Updated=2012-dec-31
Type=Core
Author=Neocrome
Description=User auth
[END_SED]
==================== */
if (!defined('SED_CODE')) { die('Yanlış URL.'); }
$v = sed_import('v','G','ALP');
if ($cfg['maintenance'] && $usr['level'] < $cfg['maintenancelevel'])
  {
  sed_diemaintenance();
  exit;
  }
if ($cfg['disablereg'])
	{
	sed_redirect(sed_url("message", "msg=117", "", true));
	exit;
	}
/* === Hook === */
$extp = sed_getextplugins('users.register.first');
if (is_array($extp))
	{ foreach ($extp as $pl) { include('plugins/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
/* ===== */
if ($a=='add')
	{
	$bannedreason = FALSE;
	sed_shield_protect();
	/* === Hook for the plugins === */
	$extp = sed_getextplugins('users.register.add.first');
	if (is_array($extp))
		{ foreach ($extp as $pl) { include('plugins/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
	/* ===== */
	$rusername = sed_import('rusername','P','TXT', 24, TRUE);
	$ruseremail = sed_import('ruseremail','P','TXT', 64, TRUE);
	$rpassword1 = sed_import('rpassword1','P','TXT', 16);
	$rpassword2 = sed_import('rpassword2','P','TXT',16);
	$rcountry = sed_import('rcountry','P','TXT');
	$rlocation = sed_import('rlocation','P','TXT');
	$rtimezone = sed_import('rtimezone','P','TXT',5);
	$rtimezone_p = sed_import('rtimezone_p','P','BOL');
	$roccupation = sed_import('roccupation','P','TXT');
	$rusergender = sed_import('rusergender','P','TXT');
	$ryear = sed_import('ryear','P','INT');
	$rmonth = sed_import('rmonth','P','INT');
	$rday = sed_import('rday','P','INT');
	$rusericq = sed_import('rusericq','P','TXT');
	$ruserirc = sed_import('ruserirc','P','TXT');
	$ruserskype = sed_import('ruserskype','P','TXT');
	$ruserwebsite = sed_import('ruserwebsite','P','TXT');
	$ruserextra1 = sed_import('ruserextra1','P','TXT');
	$ruserextra2 = sed_import('ruserextra2','P','TXT');
 	$ruserextra3 = sed_import('ruserextra3','P','TXT');
  $ruserextra4 = sed_import('ruserextra4','P','TXT');
	$ruserextra5 = sed_import('ruserextra5','P','TXT');
	$ruserextra6 = sed_import('ruserextra6','P','HTM');
 	$ruserextra7 = sed_import('ruserextra7','P','HTM');
	$ruserextra8 = sed_import('ruserextra8','P','HTM');
	$ruserextra9 = sed_import('ruserextra9','P','HTM');
	$ruserextra1_p = sed_import('ruserextra1_p','P','BOL');
	$ruserextra2_p = sed_import('ruserextra2_p','P','BOL');
 	$ruserextra3_p = sed_import('ruserextra3_p','P','BOL');
 	$ruserextra4_p = sed_import('ruserextra4_p','P','BOL');
	$ruserextra5_p = sed_import('ruserextra5_p','P','BOL');
	$ruserextra6_p = sed_import('ruserextra6_p','P','BOL');
 	$ruserextra7_p = sed_import('ruserextra7_p','P','BOL');
	$ruserextra8_p = sed_import('ruserextra8_p','P','BOL');
	$ruserextra9_p = sed_import('ruserextra9_p','P','BOL');
	$ruseremail = mb_strtolower($ruseremail);
	$sql = sed_sql_query("SELECT banlist_reason, banlist_email FROM $db_banlist WHERE banlist_email!=''");
	while ($row = sed_sql_fetchassoc($sql))
		{
		if (mb_strpos($ruseremail, $row['banlist_email']) !== FALSE)
			{ $bannedreason = $row['banlist_reason']; }
		}
	$sql = sed_sql_query("SELECT COUNT(*) FROM $db_users WHERE user_name='".sed_sql_prep($rusername)."'");
	$res1 = sed_sql_result($sql,0,"COUNT(*)");
	$sql = sed_sql_query("SELECT COUNT(*) FROM $db_users WHERE user_email='".sed_sql_prep($ruseremail)."'");
	$res2 = sed_sql_result($sql,0,"COUNT(*)");
	$rusername = str_replace('&#160;', '', $rusername);
	$error_string .= (!empty($bannedreason)) ? $L['aut_emailbanned'].$bannedreason."<br />" : '';
	$error_string .= (mb_strlen($rusername)<2) ? $L['aut_usernametooshort']."<br />" : '';
	$error_string .= (mb_strlen($rpassword1)<4) ? $L['aut_passwordtooshort']."<br />" : '';
	$error_string .= (mb_strlen($ruseremail)<4) ? $L['aut_emailtooshort']."<br />" : '';
	$error_string .= ($res1>0) ? $L['aut_usernamealreadyindb']."<br />" : '';
	$error_string .= ($res2>0) ? $L['aut_emailalreadyindb']."<br />" : '';
	$error_string .= ($rpassword1!=$rpassword2) ? $L['aut_passwordmismatch']."<br />" : '';
	if (empty($error_string))
		{
		if (sed_sql_rowcount($db_users)==0)
			{ $defgroup = 5; }
		else
			{ $defgroup = ($cfg['regnoactivation']) ? 4 : 2; }
		$mdsalt = sed_unique(16); // New sed172
    $mdpass = sed_hash($rpassword1, 1, $mdsalt);  // New sed172
		$mdpass_secret = md5(sed_unique(16)); // New sed172 for generate cookies
		$ruserbirthdate = ($rmonth=='x' || $rday=='x' || $ryear=='x' || $rmonth==0 || $rday==0 || $ryear==0) ? 0 : sed_mktime(1, 0, 0, $rmonth, $rday, $ryear);
		$ruserextra1 = ($ruserextra1_p) ? mb_substr($ruserextra1,0,$cfg['extra1tsetting']) : '';
		$ruserextra2 = ($ruserextra2_p) ? mb_substr($ruserextra2,0,$cfg['extra2tsetting']) : '';
		$ruserextra3 = ($ruserextra3_p) ? mb_substr($ruserextra3,0,$cfg['extra3tsetting']) : '';
		$ruserextra4 = ($ruserextra4_p) ? mb_substr($ruserextra4,0,$cfg['extra4tsetting']) : '';
		$ruserextra5 = ($ruserextra5_p) ? mb_substr($ruserextra5,0,$cfg['extra5tsetting']) : '';
		$ruserextra6 = ($ruserextra6_p) ? $ruserextra6 : '';
		$ruserextra7 = ($ruserextra7_p) ? $ruserextra7 : '';
		$ruserextra8 = ($ruserextra8_p) ? $ruserextra8 : '';
		$ruserextra9 = ($ruserextra9_p) ? $ruserextra9 : '';
		$rtimezone = ($rtimezone_p) ? $rtimezone : $cfg['defaulttimezone'];
		$validationkey = md5(microtime());
		sed_shield_update(20, "Registration");
		$sql = sed_sql_query("INSERT into $db_users
			(user_name,
			user_password,
      user_salt,
			user_secret,
			user_passtype,
			user_maingrp,
			user_country,
			user_location,
			user_timezone,
			user_occupation,
			user_text,
			user_text_ishtml,
			user_email,
			user_hideemail,
			user_pmnotify,
			user_skin,
			user_lang,
			user_regdate,
			user_logcount,
			user_lostpass,
			user_gender,
			user_birthdate,
			user_icq,
			user_irc,
			user_skype,
			user_website,
			user_extra1,
			user_extra2,
			user_extra3,
			user_extra4,
			user_extra5,
			user_extra6,
			user_extra7,
			user_extra8,
			user_extra9,
			user_lastip)
			VALUES
			('".sed_sql_prep($rusername)."',
			'$mdpass',
			'$mdsalt',
			'$mdpass_secret',
			1,
			".(int)$defgroup.",
			'".sed_sql_prep($rcountry)."',
			'".sed_sql_prep($rlocation)."',
			'".sed_sql_prep($rtimezone)."',
			'".sed_sql_prep($roccupation)."',
			'',
			".(int)$ishtml.",
			'".sed_sql_prep($ruseremail)."',
			1,
			1,
			'".$cfg['defaultskin']."',
			'".$cfg['defaultlang']."',
			".(int)$sys['now_offset'].",
			0,
			'$validationkey',
			'".sed_sql_prep($rusergender)."',
			".(int)$ruserbirthdate.",
			'".sed_sql_prep($rusericq)."',
			'".sed_sql_prep($ruserirc)."',
			'".sed_sql_prep($ruserskype)."',
			'".sed_sql_prep($ruserwebsite)."',
			'".sed_sql_prep($ruserextra1)."',
			'".sed_sql_prep($ruserextra2)."',
			'".sed_sql_prep($ruserextra3)."',
			'".sed_sql_prep($ruserextra4)."',
			'".sed_sql_prep($ruserextra5)."',
			'".sed_sql_prep($ruserextra6)."',
			'".sed_sql_prep($ruserextra7)."',
			'".sed_sql_prep($ruserextra8)."',
			'".sed_sql_prep($ruserextra9)."',
			'".$usr['ip']."')");
		$userid = sed_sql_insertid();
		$sql = sed_sql_query("INSERT INTO $db_groups_users (gru_userid, gru_groupid) VALUES (".(int)$userid.", ".(int)$defgroup.")");
$uav_tmp_name = $_FILES['userfile']['tmp_name'];
	$uav_type = $_FILES['userfile']['type'];
	$uav_name = $_FILES['userfile']['name'];
	$uav_size = $_FILES['userfile']['size'];
if (!empty($uav_tmp_name))
		{ @clearstatcache(); }
if (!empty($uav_tmp_name) && $uav_size>0)
		{
		$dotpos = mb_strrpos($uav_name,".")+1;
		$f_extension = mb_strtolower(mb_substr($uav_name, $dotpos, 5));
		if (is_uploaded_file($uav_tmp_name) && $uav_size>0 && $uav_size<=$cfg['av_maxsize'] && ($f_extension=='jpeg' || $f_extension=='jpg' || $f_extension=='gif' || $f_extension=='png'))
			{
			list($w, $h) = @getimagesize($uav_tmp_name);
			if ($w<=$cfg['av_maxx'] && $h<=$cfg['av_maxy'] )
				{
				$avatar = (int)$userid."-avatar.".$f_extension;
				$avatarpath = $cfg['av_dir'].$avatar;
				if (file_exists($avatarpath))
					{ unlink($avatarpath); }
				move_uploaded_file($uav_tmp_name, $avatarpath);
$uav_size = filesize($avatarpath);
$sql = sed_sql_query("UPDATE $db_users SET user_avatar='$avatarpath' WHERE user_id='".(int)$userid."'");
		/* === Hook for the plugins === */
		$extp = sed_getextplugins('users.register.add.done');
		if (is_array($extp))
			{ foreach ($extp as $pl) { include('plugins/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
} } }
/* ===== */
		if ($cfg['regnoactivation'] || $defgroup==5)
			{
			sed_redirect(sed_url("message", "msg=106", "", true));
			exit;
			}
		if ($cfg['regrequireadmin'])
			{
			$rsubject = $cfg['maintitle']." - ".$L['aut_regrequesttitle'];
			$rbody = sprintf($L['aut_regrequest'], $rusername, $rpassword1);
			$rbody .= "\n\n".$L['aut_contactadmin'];
			sed_mail ($ruseremail, $rsubject, $rbody);
			$rsubject = $cfg['maintitle']." - ".$L['aut_regreqnoticetitle'];
			$rinactive = $cfg['mainurl']."/".sed_url("users", "gm=2&s=regdate&w=desc", "", false, false);
			$rbody = sprintf($L['aut_regreqnotice'], $rusername, $rinactive);
			sed_mail ($cfg['adminemail'], $rsubject, $rbody);
			sed_redirect(sed_url("message", "msg=118", "", true));
			exit;
			}
		else
			{
			$rsubject = $cfg['maintitle']." - ".$L['Registration'];
			$ractivate = $cfg['mainurl']."/".sed_url("users", "m=register&a=validate&v=".$validationkey, "", false, false);
			$rbody = sprintf($L['aut_emailreg'], $rusername, $rpassword1, $ractivate);
			$rbody .= "\n\n".$L['aut_contactadmin'];
			sed_mail ($ruseremail, $rsubject, $rbody);
			sed_redirect(sed_url("message", "msg=105", "", true));
			exit;
			}
		}
	}
elseif ($a=='validate' && mb_strlen($v)==32)
	{
	sed_shield_protect();
	$sql = sed_sql_query("SELECT user_id FROM $db_users WHERE user_lostpass='$v' AND user_maingrp=2");
	if ($row = sed_sql_fetchassoc($sql))
		{
		$sql = sed_sql_query("UPDATE $db_users SET user_maingrp=4 WHERE user_id='".$row['user_id']."' AND user_lostpass='$v'");
		$sql = sed_sql_query("UPDATE $db_groups_users SET gru_groupid=4 WHERE gru_groupid=2 AND gru_userid='".$row['user_id']."'");
		sed_auth_clear($row['user_id']);
		sed_redirect(sed_url("message", "msg=106", "", true));
		exit;
		}
	else
		{
		sed_shield_update(7, "Account validation");
		sed_log("Wrong validation URL", 'sec');
		sed_redirect(sed_url("message", "msg=157", "", true));
		exit;
		}
	}
$form_usergender = sed_selectbox_gender($rusergender,'rusergender');
$form_birthdate = sed_selectbox_date(sed_mktime(1, 0, 0, $rmonth, $rday, $ryear), 'short');
$form_extra1 = "<input type=\"text\" class=\"text\" name=\"ruserextra1\" value=\"".sed_cc($ruserextra1)."\" size=\"32\" maxlength=\"".$cfg['extra1tsetting']."\" /><input type=\"hidden\" name=\"ruserextra1_p\" value=\"1\" />";
$form_extra2 = "<input type=\"text\" class=\"text\" name=\"ruserextra2\" value=\"".sed_cc($ruserextra2)."\" size=\"32\" maxlength=\"".$cfg['extra2tsetting']."\" /><input type=\"hidden\" name=\"ruserextra2_p\" value=\"1\" />";
$form_extra3 = "<input type=\"text\" class=\"text\" name=\"ruserextra3\" value=\"".sed_cc($ruserextra3)."\" size=\"32\" maxlength=\"".$cfg['extra3tsetting']."\" /><input type=\"hidden\" name=\"ruserextra3_p\" value=\"1\" />";
$form_extra4 .= $L['pro_avatarsupload']." (".$cfg['av_maxx']."x".$cfg['av_maxy']."x".$cfg['av_maxsize'].$L['b'].")<br />";
$form_extra4 .= "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"".($cfg['av_maxsize']*1024)."\" />";
$form_extra4 .= "<input name=\"userfile\" type=\"file\" class=\"file\" size=\"24\" /><br />";
$form_extra5 = "<input type=\"text\" class=\"text\" name=\"ruserextra5\" value=\"".sed_cc($ruserextra5)."\" size=\"32\" maxlength=\"".$cfg['extra5tsetting']."\" /><input type=\"hidden\" name=\"ruserextra5_p\" value=\"1\" />";
$form_extra6 = sed_selectbox($ruserextra6,'ruserextra6',$cfg['extra6tsetting'])."<input type=\"hidden\" name=\"ruserextra6_p\" value=\"1\" />";
$form_extra7 = sed_selectbox($ruserextra7,'ruserextra7',$cfg['extra7tsetting'])."<input type=\"hidden\" name=\"ruserextra7_p\" value=\"1\" />";
$form_extra8 = sed_selectbox($ruserextra8,'ruserextra8',$cfg['extra8tsetting'])."<input type=\"hidden\" name=\"ruserextra8_p\" value=\"1\" />";
$form_extra9 = "<textarea name=\"ruserextra9\" rows=\"4\" cols=\"56\">".sed_cc($ruserextra9)."</textarea><input type=\"hidden\" name=\"ruserextra9_p\" value=\"1\" />";
$rtimezone = (empty($rtimezone)) ? $cfg['defaulttimezone'] : $rtimezone;
$rcountry = (empty($rcountry)) ? $cfg['defaultcountry'] : $rcountry;
$timezonelist = array ('-12', '-11', '-10', '-09', '-08', '-07', '-06', '-05', '-04', '-03',  '-03.5', '-02', '-01', '+00', '+01', '+02', '+03', '+03.5', '+04', '+04.5', '+05', '+05.5', '+06', '+07', '+08', '+09', '+09.5', '+10', '+11', '+12');
$form_timezone ="<input type=\"hidden\" name=\"rtimezone_p\" value=\"1\" /><select name=\"rtimezone\" size=\"1\">";
while( list($i,$x) = each($timezonelist) )
	{
	$selected = ($x==$rtimezone) ? "selected=\"selected\"" : '';
	$form_timezone .= "<option value=\"$x\" $selected>GMT".$x."</option>";
	}
$form_timezone .= "</select> ".$usr['gmttime']." / ".sed_build_date($cfg['dateformat'], $sys['now_offset'])." ".$usr['timetext'];
$out['subtitle'] = $L['aut_registertitle'];
$title_tags[] = array('{MAINTITLE}', '{TITLE}', '{SUBTITLE}');
$title_tags[] = array('%1$s', '%2$s', '%3$s');
$title_data = array($cfg['maintitle'], $out['subtitle'], $cfg['subtitle']);
$out['subtitle'] = sed_title('userstitle', $title_tags, $title_data);
/* === Hook === */
$extp = sed_getextplugins('users.register.main');
if (is_array($extp))
	{ foreach ($extp as $pl) { include('plugins/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
/* ===== */
require("system/header.php");
$t = new XTemplate("skins/".$skin."/users.register.tpl");
if (!empty($error_string))
	{
	$t->assign("USERS_REGISTER_ERROR_BODY",$error_string);
	$t->parse("MAIN.USERS_REGISTER_ERROR");
	}
$t->assign(array(
	"USERS_REGISTER_TITLE" => $L['aut_registertitle'],
	"USERS_REGISTER_SUBTITLE" => $L['aut_registersubtitle'],
	"USERS_REGISTER_ADMINEMAIL" => "$sed_adminemail",
	"USERS_REGISTER_SEND" => sed_url("users", "m=register&a=add"),
	"USERS_REGISTER_USER" => "<input type=\"text\" class=\"text\" name=\"rusername\" value=\"".sed_cc($rusername)."\" size=\"24\" maxlength=\"24\" />",
	"USERS_REGISTER_EMAIL" => "<input type=\"text\" class=\"text\" name=\"ruseremail\" value=\"".sed_cc($ruseremail)."\" size=\"24\" maxlength=\"64\" />",
	"USERS_REGISTER_PASSWORD" => "<input type=\"password\" class=\"password\" name=\"rpassword1\" size=\"8\" maxlength=\"16\" />",
	"USERS_REGISTER_PASSWORDREPEAT" => "<input type=\"password\" class=\"password\" name=\"rpassword2\" size=\"8\" maxlength=\"16\" />",
	"USERS_REGISTER_COUNTRY" => sed_selectbox_countries($rcountry, 'rcountry'),
	"USERS_REGISTER_LOCATION" => "<input type=\"text\" class=\"text\" name=\"rlocation\" value=\"".sed_cc($rlocation)."\" size=\"24\" maxlength=\"64\" />",
	"USERS_REGISTER_TIMEZONE" => $form_timezone,
	"USERS_REGISTER_OCCUPATION" => "<input type=\"text\" class=\"text\" name=\"roccupation\" value=\"".sed_cc($roccupation)."\" size=\"24\" maxlength=\"64\" />",
	"USERS_REGISTER_GENDER" => $form_usergender,
	"USERS_REGISTER_BIRTHDATE" => $form_birthdate,
	"USERS_REGISTER_WEBSITE" => "<input type=\"text\" class=\"text\" name=\"ruserwebsite\" value=\"".sed_cc($ruserwebsite)."\" size=\"56\" maxlength=\"128\" />",
	"USERS_REGISTER_ICQ" => "<input type=\"text\" class=\"text\" name=\"rusericq\" value=\"".sed_cc($rusericq)."\" size=\"32\" maxlength=\"16\" />",
	"USERS_REGISTER_IRC" => "<input type=\"text\" class=\"text\" name=\"ruserirc\" value=\"".sed_cc($ruserirc)."\" size=\"56\" maxlength=\"128\" />",
	"USERS_REGISTER_SKYPE" => "<input type=\"text\" class=\"text\" name=\"ruserskype\" value=\"".sed_cc($ruserskype)."\" size=\"32\" maxlength=\"64\" />",
	"USERS_REGISTER_EXTRA1" => $form_extra1,
	"USERS_REGISTER_EXTRA2" => $form_extra2,
	"USERS_REGISTER_EXTRA3" => $form_extra3,
	"USERS_REGISTER_EXTRA4" => $form_extra4,
	"USERS_REGISTER_EXTRA5" => $form_extra5,
	"USERS_REGISTER_EXTRA6" => $form_extra6,
	"USERS_REGISTER_EXTRA7" => $form_extra7,
	"USERS_REGISTER_EXTRA8" => $form_extra8,
	"USERS_REGISTER_EXTRA9" => $form_extra9,
		));
/* === Hook === */
$extp = sed_getextplugins('users.register.tags');
if (is_array($extp))
	{ foreach ($extp as $pl) { include('plugins/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
/* ===== */
$t->parse("MAIN");
$t->out("MAIN");
require("system/footer.php");
?>