trunk/register.php, r363 - source code browser - Codewise Blogs

Source of trunk/register.php at revision 363 (05/07/2008 10:05:26, 7816 bytes, 231 lines, language: php) [download]:

1	<?php
2
3	/*
4	** Control Panel :: User Registration
5	** for CodewiseBlog Multi-User
6	**
7	** by William R. Fraser <wrf@codewise.org>
8	** Copyright (c) 2005-2008 Codewise.org
9	*/
10
11	/*
12	** This file is part of CodewiseBlog
13	**
14	** CodewiseBlog is free software; you can redistribute it and/or modify
15	** it under the terms of the GNU General Public License as published by
16	** the Free Software Foundation; either version 2 of the License, or
17	** (at your option) any later version.
18	**
19	** CodewiseBlog is distributed in the hope that it will be useful,
20	** but WITHOUT ANY WARRANTY; without even the implied warranty of
21	** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22	** GNU General Public License for more details.
23	**
24	** You should have received a copy of the GNU General Public License
25	** along with CodewiseBlog; if not, write to the Free Software
26	** Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
27	*/
28
29	/* all the checks that need to be performed.
30	** If any fail, the appropriate $NOTIFY message is set and it returns FALSE,
31	** causing the if/elseif/else block to go to the else, which is to redisplay
32	** the registration form (with the $NOTIFY message of course). */
33	function check_post()
34	{
35	if($_POST['name'] == "")
36	{
37	$GLOBALS['NOTIFY'] = "Username must not be empty!";
38	return FALSE;
39	}
40
41	if(strlen($_POST['name']) > 32)
42	{
43	$GLOBALS['NOTIFY'] = "Username is too long. It must be 32 characters or less.";
44	return FALSE;
45	}
46
47	if(!preg_match('/^[a-z0-9][a-z0-9-]*$/', $_POST['name'] = strtolower($_POST['name'])))
48	{
49	$GLOBALS['NOTIFY'] = "Username must contain only lower case letters, numbers, and dashes and cannot start with a dash.";
50	return FALSE;
51	}
52
53	if($_POST['email'] == "")
54	{
55	$GLOBALS['NOTIFY'] = "Email address must not be empty!";
56	return FALSE;
57	}
58
59	if(strlen($_POST['email']) > 64)
60	{
61	$GLOBALS['NOTIFY'] = "Email address is too long. It must be 64 characters or less.";
62	return FALSE;
63	}
64
65	if(!preg_match('/^[a-zA-Z0-9-+_.]+@[a-zA-Z0-9-+_.]+$/', $_POST['email']))
66	{
67	$GLOBALS['NOTIFY'] = "Email address is invalid.";
68	return FALSE;
69	}
70
71	if($_POST['title'] == "")
72	{
73	$GLOBALS['NOTIFY'] = "Blog title must not be empty!";
74	return FALSE;
75	}
76
77	if(strlen($_POST['title']) > 64)
78	{
79	$GLOBALS['NOTIFY'] = "Blog title is too long. It must be 64 characters or less.";
80	return FALSE;
81	}
82
83	$_POST['title'] = str_replace(
84	array("<", " ", "\""),
85	array("<", " ", """),
86	$_POST['title']
87	);
88
89	if($_POST['birthday'] != "" && !preg_match('/^(0?[1-9]\|1[012])\/(0[1-9]\|[12][0-9]\|3[01])\/(19\|20)[0-9]{2}$/', $_POST['birthday']))
90	{
91	$GLOBALS['NOTIFY'] = "Invalid Birthday. Format is mm/dd/yyyy";
92	return FALSE;
93	}
94
95	if($_POST['photo'] != "" && !preg_match('#^http://([a-zA-Z0-9-_]+\.)+[a-z]+/#', $_POST['photo']))
96	{
97	$GLOBALS['NOTIFY'] = "Photo/Avatar URL is invalid. Only http:// URLs are allowed.";
98	return FALSE;
99	}
100
101	if($_POST['realname'] == "")
102	$_POST['realname'] = NULL;
103	if($_POST['birthday'] == "")
104	$_POST['birthday'] = NULL;
105	if($_POST['location'] == "")
106	$_POST['location'] = NULL;
107	if($_POST['photo'] == "")
108	$_POST['photo'] = NULL;
109	if($_POST['homepage'] == "")
110	$_POST['homepage'] = NULL;
111	if($_POST['interests'] == "")
112	$_POST['interests'] = NULL;
113	if($_POST['links'] == "")
114	$_POST['links'] = NULL;
115
116	return TRUE;
117	}
118
119	// The existance of the TERMS file is what allows registrations
120	if(!file_exists(FSPATH . "/TERMS"))
121	{
122	die("Open registration has been disabled.");
123	}
124
125	// confirming via emailed link
126	if(isset($_GET['confirm']) && isset($_GET['username']) && isset($_GET['code']))
127	{
128	$q = $db->issue_query("SELECT password FROM blogs WHERE name = ".$db->prepare_value($_GET['username']));
129	$hash = $db->fetch_var($q);
130
131	if($hash === $_GET['code'])
132	{
133	if(SUBDOMAIN_MODE)
134	$user_url = "http://" . $_GET['username'] . "." . BASE_DOMAIN . INSTALLED_PATH;
135	else
136	$user_url = "http://" . DEFAULT_SUBDOMAIN . BASE_DOMAIN . INSTALLED_PATH . $_GET['username'];
137
138	$body = skinvoodoo("register", "change_password_form", array(
139	"posturl" => INDEX_URL . "?register&change_password",
140	"username" => $_GET['username'],
141	"code" => $_GET['code'],
142	));
143	} else {
144	$body = skinvoodoo("register", "confirm_failure");
145	}
146	// final step, setting the password
147	} elseif($_POST && isset($_GET['change_password'])) {
148	if($_POST['password1'] != $_POST['password2'])
149	{
150	$GLOBALS['NOTIFY'] = "Passwords do not match.";
151	$body = skinvoodoo("register", "change_password_form", array("posturl" => INDEX_URL . "?register&change_password&code=".$_POST['code']));
152	} elseif($_POST['code'] !== $db->fetch_var( $db->issue_query("SELECT password FROM blogs WHERE name = ".$db->prepare_value($_POST['username'])) )) {
153	$GLOBALS['NOTIFY'] = "Wrong authentication code.";
154	} else {
155	$db->update("blogs", array("password" => md5($_POST['password1']), "status" => "active"), array("name" => $_POST['username']));
156
157	if(SUBDOMAIN_MODE)
158	$user_url = "http://" . $_POST['username'] . "." . BASE_DOMAIN . INSTALLED_PATH;
159	else
160	$user_url = "http://" . DEFAULT_SUBDOMAIN . BASE_DOMAIN . INSTALLED_PATH . $_POST['username'];
161
162	$body = skinvoodoo("register", "password_changed", array("user_url" => $user_url));
163	}
164	// submitting the registration form
165	} elseif($_POST && check_post()) {
166
167	$password = md5(uniqid(mt_rand(), TRUE));
168
169	$db->insert("blogs", array(
170	//"blogid" => 0, // ;et it autoincrement
171	"name" => $_POST['name'],
172	"email" => $_POST['email'],
173	"title" => $_POST['title'],
174	"realname" => $_POST['realname'],
175	"birthday" => $_POST['birthday'],
176	"location" => $_POST['location'],
177	"photo" => $_POST['photo'],
178	"homepage" => $_POST['homepage'],
179	"interests" => $_POST['interests'],
180	"links" => $_POST['links'],
181	"password" => $password,
182	"joindate" => time(),
183	"skinid" => "00000000000000000000000000000000",
184	"status" => "validating",
185	));
186
187	$confirm_address = "http://" . DEFAULT_SUBDOMAIN . BASE_DOMAIN . INSTALLED_PATH . "?register&confirm&username=" . $_POST['name'] . "&code=" . $password;
188
189	$msg = "Your ".SITE_TITLE." blog account is ready to use.
190
191	Go to the following location to confirm your account.
192	$confirm_address
193	Your blog will be up and running in no time!
194
195	Thanks for registering!
196	- The Management";
197
198	mail($_POST['email'], "Your ".SITE_TITLE." blog account is ready.", $msg, "From: ".DEFAULT_SUBDOMAIN.BASE_DOMAIN." <nobody@".BASE_DOMAIN.">");
199
200	$body = skinvoodoo("register", "success");
201
202	} else {
203
204	$body = skinvoodoo("register", "form", array(
205	"posturl" => INDEX_URL . "?register",
206	"terms" => INDEX_URL . "TERMS",
207	"name" => $_POST['name'],
208	"email" => $_POST['email'],
209	"title" => $_POST['title'],
210	"realname" => $_POST['realname'],
211	"birthday" => $_POST['birthday'],
212	"location" => $_POST['location'],
213	"photo" => $_POST['photo'],
214	"homepage" => $_POST['homepage'],
215	"interests" => $_POST['interests'],
216	"links" => $_POST['links'],
217	));
218
219	}
220
221	$out = skinvoodoo("register", "");
222
223	$out = str_replace("<!-- #CWB_BODY# -->", $body, $out);
224
225	$out = str_replace("%{".UNIQ."querycount}", querycount(), $out);
226	$out = str_replace("%{".UNIQ."runtime}", runtime(), $out);
227
228	echo $out;
229
230	?>
231