part 3
part 3 is still register.php, but can not post to much code in one post.
Paste this in register.php after the code in part 2:
// captcha code
if ($CONFIG['registration_captcha'] != 0) {
$help = cpg_display_help('f=empty.htm&h=lang_common[captcha_help_title]&t=lang_common[captcha_help]', 470, 245);
$captcha_print = <<< EOT
<tr>
<td align="right" class="regis regisCaptchaTitle">
{$lang_common['confirm']} {$help}
</td>
<td class="regis regisCaptcha">
<input type="text" name="confirmCode" id="confirmCode" size="5" maxlength="5" class="textinput" />
<img src="captcha.php" align="middle" border="0" alt="" />
</td>
</tr>
EOT;
$captcha_print = CPGPluginAPI::filter('captcha_register_print', $captcha_print);
echo $captcha_print;
}
echo <<< EOT
<tr>
<td colspan="2" align="center" class="regis regisSubmitTitle">
<button type="submit" class="button" name="submit" id="submit" value="{$lang_register_php['submit']}">{$icon_array['ok']}{$lang_register_php['submit']}</button>
</td>
</tr>
<tr>
<td class="regis regisSubmit" colspan="2">
<div id="form_not_submit_bottom" class="formFieldWarning" style="display:none;">
{$lang_register_php['form_not_submit']}
</div>
</td>
</tr>
EOT;
endtable();
echo '</div>';
echo '</div>';
print '</form>';
}
/**
* get_post_var()
*
* Check the posted data
*
* @param array $var
* @return array $var
**/
function get_post_var($var)
{
global $lang_errors;
$superCage = Inspekt::makeSuperCage();
if (!$superCage->post->keyExists($var) || !trim($superCage->post->getEscaped($var))) {
cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'] . " ($var)", __FILE__, __LINE__);
}
return $superCage->post->getEscaped($var);
}
function check_user_info(&$error)
{
global $CONFIG;
global $lang_register_php, $lang_common, $lang_register_approve_email;
global $lang_register_user_login, $lang_errors;
$superCage = Inspekt::makeSuperCage();
$user_name = trim(get_post_var('username'));
$password = trim(get_post_var('password'));
$password_again = trim(get_post_var('password_verification'));
$email = trim(get_post_var('email'));
$profile1 = $superCage->post->getEscaped('user_profile1');
$profile2 = $superCage->post->getEscaped('user_profile2');
$profile3 = $superCage->post->getEscaped('user_profile3');
$profile4 = $superCage->post->getEscaped('user_profile4');
$profile5 = $superCage->post->getEscaped('user_profile5');
$profile6 = $superCage->post->getEscaped('user_profile6');
$agree_disclaimer = $superCage->post->getEscaped('agree');
$captcha_confirmation = $superCage->post->getEscaped('confirmCode');
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '$user_name'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_user_exists'] . '</li>';
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['username_warning2'] . '</li>';
}
if (!empty($CONFIG['global_registration_pw'])) {
$global_registration_pw = get_post_var('global_registration_pw');
if ($global_registration_pw != $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pw'] . '</li>';
} elseif ($password == $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pass_same'] . '</li>';
}
}
if (utf_strlen($password) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning1'] . '</li>';
}
if ($password == $user_name) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning2'] . '</li>';
}
if ($password != $password_again) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_verification_warning1'] . '</li>';
}
if (!Inspekt::isEmail($email)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_warning2'] . '</li>';
}
if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_disclaimer'] . '</li>';
}
// Perform the ban check against email address and username
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '$user_name' AND brute_force = 0 LIMIT 1");
if (mysql_num_rows($result)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['user_name_banned'] . '</li>';
}
mysql_free_result($result);
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE email = '$email' AND brute_force = 0 LIMIT 1");
if (mysql_num_rows($result)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_address_banned'] . '</li>';
}
mysql_free_result($result);
// check captcha
if ($CONFIG['registration_captcha'] != 0) {
if (!captcha_plugin_enabled('register')) {
require("include/captcha.inc.php");
if (!PhpCaptcha::Validate($captcha_confirmation)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_errors['captcha_error'] . '</li>';
}
} else {
$error = CPGPluginAPI::filter('captcha_register_validate', $error);
}
}
if (!$CONFIG['allow_duplicate_emails_addr']) {
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '$email'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_duplicate_email'] . '</li>';
}
mysql_free_result($result);
}
$error = CPGPluginAPI::filter('register_form_validate', $error);
if ($error != '') {
return false;
}
if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
$active = 'NO';
list($usec, $sec) = explode(' ', microtime());
$seed = (float) $sec + ((float) $usec * 100000);
srand($seed);
$act_key = md5(uniqid(rand(), 1));
} else {
$active = 'YES';
$act_key = '';
}
$encpassword = md5($password);
$user_language = $CONFIG['lang'];
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_language) VALUES (NOW(), '$active', '$act_key', '$user_name', '$encpassword', '$email', '$profile1', '$profile2', '$profile3', '$profile4', '$profile5', '$profile6', '$user_language')";
$result = cpg_db_query($sql);
$user_array = array();
$user_array['user_id'] = mysql_insert_id();
$user_array['user_name'] = $user_name;
$user_array['user_email'] = $email;
$user_array['user_active'] = $active;
CPGPluginAPI::action('register_form_submit', $user_array);
if ($CONFIG['log_mode']) {
log_write('New user "'.$user_name.'" registered', CPG_ACCESS_LOG);
}
// Create a personal album if corresponding option is enabled
if ($CONFIG['personal_album_on_registration'] == 1) {
$user_id = mysql_insert_id();
$catid = $user_id + FIRST_USER_CAT;
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('$user_name', $catid, $user_id)");
}
// Registrations must be activated/verified by the user clicking a link in an email
if ($CONFIG['reg_requires_valid_email']) {
// Mail the user the activation/verification link
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array(
'{SITE_NAME}' => $CONFIG['gallery_name'],
'{USER_NAME}' => $user_name,
'{ACT_LINK}' => $act_link,
);
if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['confirm_email'], $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
}
msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php');
} else {
if ($CONFIG['admin_activation']) {
// We need admin activation only
msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php');
} else {
// No activation required, account is ready for login
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php');
}
}
// email notification or actication link to admin
if ($CONFIG['reg_notify_admin_email'] || ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email'])) {
if (UDB_INTEGRATION == 'coppermine') {
// get default language in which to inform the admins
$result = cpg_db_query("SELECT user_id, user_email, user_language FROM {$CONFIG['TABLE_USERS']} WHERE user_group = 1");
while ( ($row = mysql_fetch_assoc($result)) ) {
if (!empty($row['user_email'])) {
$admins[$row['user_id']] = array('email' => $row['user_email'], 'lang' => $row['user_language']);
}
}
} else {
//@todo: is it possible to get the language from bridged installs?
$admins[] = array('email' => $CONFIG['gallery_admin_email'], 'lang' => 'english');
}
foreach($admins as $admin) {
//check if the admin language is available
if (file_exists("lang/{$admin['lang']}.php")) {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php', $admin['lang']);
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email', $admin['lang']);
} else {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php');
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email');
}
// if the admin has to activate the login, give them the link to do so; but only if users don't have to verify their email address
if ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array(
'{SITE_NAME}' => $CONFIG['gallery_name'],
'{USER_NAME}' => $user_name,
'{ACT_LINK}' => $act_link,
);
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars)));
} elseif ($CONFIG['reg_notify_admin_email']) {
// otherwise, email is for information only
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name));
}
}
}
return true;
}
/***************************
* function definitions end *
***************************/
/***************************
* main code start *
***************************/
// Activate pending registration
if ($superCage->get->keyExists('activate')) {
$act_key = $superCage->get->getAlnum('activate');
if (strlen($act_key) != 32) {
cpg_die(ERROR, $lang_register_php['acct_act_failed'], __FILE__, __LINE__);
}
$sql = "SELECT user_active, user_email, user_email_valid, user_name FROM {$CONFIG['TABLE_USERS']} WHERE user_actkey = '$act_key' LIMIT 1";
$result = cpg_db_query($sql);
if (!mysql_num_rows($result)) {
cpg_die(ERROR, $lang_register_php['acct_act_failed'], __FILE__, __LINE__);
}
$row = mysql_fetch_assoc($result);
mysql_free_result($result);
if ($row['user_active'] == 'YES') {
cpg_die(ERROR, $lang_register_php['acct_already_act'], __FILE__, __LINE__);
}
pageheader($lang_register_php['page_title']);
if ($CONFIG['reg_requires_valid_email'] && !$CONFIG['admin_activation']) {
// activate user (by user)
$sql = "UPDATE {$CONFIG['TABLE_USERS']} SET user_active = 'YES', user_actkey = '' WHERE user_actkey = '$act_key' LIMIT 1";
$user_status = 'active_user';
} elseif ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
// activate user (by admin)
$sql = "UPDATE {$CONFIG['TABLE_USERS']} SET user_active = 'YES', user_actkey = '' WHERE user_actkey = '$act_key' LIMIT 1";
$user_status = 'active_admin';
} else {
if ($row['user_email_valid'] == 'YES') {
// activate user (by admin)
if (GALLERY_ADMIN_MODE) {
$sql = "UPDATE {$CONFIG['TABLE_USERS']} SET user_active = 'YES', user_actkey = '' WHERE user_actkey = '$act_key' LIMIT 1";
$user_status = 'active_admin';
} else {
msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php');
pagefooter();
exit;
}
} else {
// email validated by user, send activation link to admin
$sql = "UPDATE {$CONFIG['TABLE_USERS']} SET user_email_valid = 'YES' WHERE user_actkey = '$act_key' LIMIT 1";
$user_status = 'valid';
}
}
cpg_db_query($sql);
CPGPluginAPI::action('register_user_activation', $act_key);
//after admin approves, user receives email notification
if ($user_status == 'active_admin') {
msg_box($lang_register_php['information'], $lang_register_php['acct_active_admin_activation'], $lang_common['continue'], 'index.php');
$template_vars = array(
'{SITE_LINK}' => $CONFIG['site_url'],
'{USER_NAME}' => $row['user_name'],
'{SITE_NAME}' => $CONFIG['gallery_name'],
);
cpg_mail($row['user_email'], sprintf($lang_register_php['notify_user_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['activated_email'], $template_vars)));
} elseif ($user_status == 'valid') {
// send activation link to admin
msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php');
if (UDB_INTEGRATION == 'coppermine') {
// get default language in which to inform the admins
$result = cpg_db_query("SELECT user_id, user_email, user_language FROM {$CONFIG['TABLE_USERS']} WHERE user_group = 1");
while ($row2 = mysql_fetch_assoc($result)) {
if (!empty($row2['user_email'])) {
$admins[$row2['user_id']] = array('email' => $row2['user_email'], 'lang' => $row2['user_language']);
}
}
mysql_free_result($result);
} else {
//@todo: is it possible to get the language from bridged installs?
$admins[] = array('email' => $CONFIG['gallery_admin_email'], 'lang' => 'english');
}
foreach($admins as $admin) {
//check if the admin language is available
if (file_exists("lang/{$admin['lang']}.php")) {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php', $admin['lang']);
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email', $admin['lang']);
} else {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php');
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email');
}
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array(
'{SITE_NAME}' => $CONFIG['gallery_name'],
'{USER_NAME}' => $row['user_name'],
'{ACT_LINK}' => $act_link,
);
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars)));
}
} else {
//user self-activated, gets message box that account was activated
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php');
}
} else {
pageheader($lang_register_php['page_title']);
if ($CONFIG['user_registration_disclaimer'] == 1 && !$superCage->post->keyExists('submit') && !$superCage->post->keyExists('agree')) {
// display the disclaimer page
display_disclaimer();
} else {
if (!$superCage->post->keyExists('submit')) {
input_user_info();
} else {
if (!check_user_info($errors)) {
input_user_info($errors);
}
}
}
}
pagefooter();
?>