register.php 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165
  1. <?php
  2. require_once ("./header.php");
  3. $secret = "dDWUc72sCcs20cXskcw";
  4. $reg_register = set_post_bool_var ('reg_register', false);
  5. $reg_username = set_post_string_var ('reg_username');
  6. $reg_email = set_post_string_var ('reg_email');
  7. $confirm = set_get_string_var ('confirm');
  8. if ($reg_register) {
  9. if ($reg_username != "") {
  10. if (check_username ($reg_username)) {
  11. echo '<div style="color:red;">$username is an already registered user. Choose another one.</div>'."\n";
  12. $username = false;
  13. }
  14. else {
  15. $username = $reg_username;
  16. }
  17. }
  18. else {
  19. echo '<div style="color:red;">Please enter a Username.</div>'."\n";
  20. $username = false;
  21. }
  22. if (isset ($_POST['reg_password1']) && $_POST['reg_password1'] != "" &&
  23. isset ($_POST['reg_password2']) && $_POST['reg_password2'] != "") {
  24. if (md5 ($_POST['reg_password1']) != md5 ($_POST['reg_password2'])) {
  25. echo '<div style="color:red;">Passwords do not match.</div>'."\n";
  26. $password = false;
  27. }
  28. else {
  29. $password = md5 ($_POST['reg_password1']);
  30. }
  31. }
  32. else {
  33. echo '<div style="color:red;">Please fill out both password fields.</div>'."\n";
  34. $password = false;
  35. }
  36. if ($reg_email != '') {
  37. if (preg_match ('/^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i', $reg_email)) {
  38. $query = "SELECT COUNT(*) AS result FROM user WHERE email='$reg_email'";
  39. if ($mysql->query ($query)) {
  40. if (reset(mysqli_fetch_assoc ($result)) > 0) {
  41. echo '<div style="color:red;">A User Account with this email address aready exists.</div>'."\n";
  42. $email = false;
  43. }
  44. else {
  45. $email = $reg_email;
  46. }
  47. }
  48. else {
  49. $email = false;
  50. message ($mysql->error);
  51. }
  52. }
  53. else {
  54. echo '<div style="color:red;">Email address is invalid.</div>'."\n";
  55. $email = false;
  56. }
  57. }
  58. else {
  59. echo '<div style="color:red;">Please enter a valid email address.</div>'."\n";
  60. $email = false;
  61. }
  62. if ($username && $password && $email) {
  63. $query = " INSERT INTO user
  64. (username, password, email, active)
  65. VALUES
  66. ('$username', md5('$password'), '$email', '0')";
  67. if (mysqli_query ("$query")) {
  68. # dieser key wird als username und secret md5 hash an den
  69. # user geschickt und für die verifikation der registrierung gebraucht.
  70. $key = md5 ($username . $secret);
  71. $headers = "From: noreply@yourdomain.com\r\n" .
  72. $subject = 'Your registration at yourdomain.com';
  73. $message = "Hi $username,\r\n\r\n";
  74. $message .= "This email confirms the creation of your Online-Bookmarks user account. ";
  75. $message .= "Your username is '$username'. For security reasons your password is not ";
  76. $message .= "included in this email. To activate your account, visit the following URL:\r\n\r\n";
  77. $message .= "http://www.yourdomain.com/register.php?confirm=$key\r\n\r\n";
  78. $message .= "In case of complications regarding this user account registration, ";
  79. $message .= "please contact support@yourdomain.com\r\n\r\n";
  80. $message .= "With kind regards, your yourdomain.com Team";
  81. mail($email, $subject, $message, $headers);
  82. echo " you have been successfully registered.
  83. Read your email and click the link to activate your account.";
  84. }
  85. else {
  86. echo mysqli_error ();
  87. }
  88. }
  89. else {
  90. display_register_form ();
  91. }
  92. }
  93. else if ($confirm != '' && strlen ($confirm) === 32) {
  94. $query = "SELECT username FROM user WHERE MD5(CONCAT(username,'$secret'))='$confirm' AND active='0'";
  95. $result = mysqli_query ("$query");
  96. if (mysqli_num_rows ($result) == 1) {
  97. # the registration confirmation was successufull,
  98. # thus we can enable the useraccount in the database.
  99. $username = reset(mysqli_fetch_assoc ($result));
  100. $query = "UPDATE user SET active='1' WHERE username='$username' AND active='0'";
  101. if (mysqli_query ($query)) {
  102. echo "You are now registered. Happy bookmarking!";
  103. }
  104. }
  105. else {
  106. display_register_form ();
  107. }
  108. }
  109. else {
  110. display_register_additional_text ();
  111. display_register_form ();
  112. }
  113. function display_register_form () {
  114. ?>
  115. <form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>" name="loginform">
  116. <table border="0">
  117. <tr>
  118. <td>Username:</td>
  119. <td><input name="reg_username" type="text" value=""></td>
  120. </tr>
  121. <tr>
  122. <td>Password:</td>
  123. <td><input name="reg_password1" type="password" value=""></td>
  124. </tr>
  125. <tr>
  126. <td>Password Verification:</td>
  127. <td><input name="reg_password2" type="password" value=""></td>
  128. </tr>
  129. <tr>
  130. <td>Email Address:</td>
  131. <td><input name="reg_email" type="text" value=""></td>
  132. </tr>
  133. <tr>
  134. <td></td>
  135. <td><input type="submit" value="Register" name="reg_register"></td>
  136. </tr>
  137. </table>
  138. </form>
  139. <?php
  140. }
  141. function display_register_additional_text () {
  142. ?>
  143. <p>Please provide the information bellow to register.</p>
  144. <p>If you are already a registered user, <a class="orange" href="./index.php">you can log in here.</a></p>
  145. <?php
  146. }
  147. require_once ("./footer.php");
  148. ?>