Context Navigation

source: minimanager/register.php@ 77

Last change on this file since 77 was 77, checked in by george, 18 years ago
Smazáno: prázdná složka mangos.\nUpraveno: Použití konfiguračního souboru config.php místo config.sample.php. Soubor config.php se neverzuje a každý si ho musí zkopírovat z config.sample.php a dolnit svoje místní údaje.
File size: 14.5 KB

Line
1	<?php
2	/*
3	* Project Name: MiniManager for Mangos Server
4	* Date: 17.10.2006 inital version (0.0.1a)
5	* Author: Q.SA
6	* Copyright: Q.SA
7	* Email: *****
8	* License: GNU General Public License v2(GPL)
9	*/
10	require_once("header.php");
11
12	//#####################################################################################################
13	// DO REGISTER
14	//#####################################################################################################
15	function doregister()
16	{
17	global $lang_global, $realm_db, $disable_acc_creation, $limit_acc_per_ip, $valid_ip_mask,
18	$send_mail_on_creation, $create_acc_locked, $from_mail, $mailer_type, $smtp_cfg, $title, $MaximumAccountCount;
19
20	if ( empty($_POST['pass']) \|\| empty($_POST['email']) \|\| empty($_POST['username']) ) {
21	redirect("register.php?err=1");
22	}
23
24	$sql = new SQL;
25	$sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
26
27	$result = $sql->query("SELECT COUNT(*) FROM account");
28	$AccountCount = $sql->result($result, 0, 'COUNT(*)');
29	if($AccountCount >= $MaximumAccountCount) redirect("register.php?err=4");
30
31	if ($disable_acc_creation) redirect("register.php?err=4");
32
33	$last_ip = (getenv('HTTP_X_FORWARDED_FOR')) ? getenv('HTTP_X_FORWARDED_FOR') : getenv('REMOTE_ADDR');
34
35	if (sizeof($valid_ip_mask)){
36	$qFlag = 0;
37	$user_ip_mask = explode('.', $last_ip);
38
39	foreach($valid_ip_mask as $mask){
40	$vmask = explode('.', $mask);
41	$v_count = 4;
42	$i = 0;
43	foreach($vmask as $range){
44	$vmask_h = explode('-', $range);
45	if (isset($vmask_h[1])){
46	if (($vmask_h[0]>=$user_ip_mask[$i]) && ($vmask_h[1]<=$user_ip_mask[$i])) $v_count--;
47	}else{
48	if ($vmask_h[0] == $user_ip_mask[$i]) $v_count--;
49	}
50	$i++;
51	}
52	if (!$v_count){
53	$qFlag++;
54	break;
55	}
56	}
57	if (!$qFlag) redirect("register.php?err=9&usr=$last_ip");
58	}
59
60
61	$user_name = $sql->quote_smart(trim($_POST['username']));
62	$pass = $sql->quote_smart($_POST['pass']);
63	$pass1 = $sql->quote_smart($_POST['pass1']);
64
65	//make sure username/pass at least 4 chars long and less than max
66	if ((strlen($user_name) < 4) \|\| (strlen($user_name) > 15)){
67	$sql->close();
68	redirect("register.php?err=5");
69	}
70
71	require_once("scripts/valid_lib.php");
72
73	//make sure it doesnt contain non english chars.
74	if (!alphabetic($user_name)) {
75	$sql->close();
76	redirect("register.php?err=6");
77	}
78
79	//make sure the mail is valid mail format
80	$mail = $sql->quote_smart(trim($_POST['email']));
81	if ((!is_email($mail))\|\|(strlen($mail) > 224)) {
82	$sql->close();
83	redirect("register.php?err=7");
84	}
85
86	$per_ip = ($limit_acc_per_ip) ? "OR last_ip='$last_ip'" : "";
87
88	$result = $sql->query("SELECT ip FROM ip_banned WHERE ip = '$last_ip'");
89	//IP is in ban list
90	if ($sql->num_rows($result)){
91	$sql->close();
92	redirect("register.php?err=8&usr=$last_ip");
93	}
94
95	$result = $sql->query("SELECT username,email FROM account WHERE username='$user_name' OR email='$mail' $per_ip");
96
97	//there is already someone with same user/mail
98	if ($sql->num_rows($result)){
99	$sql->close();
100	redirect("register.php?err=3&usr=$user_name");
101	} else {
102	$tbc = (isset($_POST['tbc'])) ? $sql->quote_smart($_POST['tbc']) : 0;
103
104	$result = $sql->query("INSERT INTO account (username,I,gmlevel,email, joindate,last_ip,failed_logins,locked,last_login,online,tbc)
105	VALUES ('$user_name','$pass',0,'$mail',current_date(),'$last_ip',0,$create_acc_locked,NULL,0,$tbc)");
106	$sql->close();
107
108	setcookie ("terms", "", time() - 3600);
109
110	if ($send_mail_on_creation){
111	require_once("scripts/mailer/class.phpmailer.php");
112	$mailer = new PHPMailer();
113	$mailer->Mailer = $mailer_type;
114	if ($mailer_type == "smtp"){
115	$mailer->Host = $smtp_cfg['host'];
116	$mailer->Port = $smtp_cfg['port'];
117	if($smtp_cfg['user'] != '') {
118	$mailer->SMTPAuth = true;
119	$mailer->Username = $smtp_cfg['user'];
120	$mailer->Password = $smtp_cfg['pass'];
121	}
122	}
123
124	$file_name = "mail_templates/mail_welcome.tpl";
125	$fh = fopen($file_name, 'r');
126	$subject = fgets($fh, 4096);
127	$body = fread($fh, filesize($file_name));
128	fclose($fh);
129
130	$subject = str_replace("<title>", $title, $subject);
131	$body = str_replace("\n", "<br />", $body);
132	$body = str_replace("\r", " ", $body);
133	$body = str_replace("<username>", $user_name, $body);
134	$body = str_replace("<password>", $pass1, $body);
135	$body = str_replace("<base_url>", $_SERVER['SERVER_NAME'], $body);
136
137	$mailer->WordWrap = 50;
138	$mailer->From = $from_mail;
139	$mailer->FromName = "$title Admin";
140	$mailer->Subject = $subject;
141	$mailer->IsHTML(true);
142	$mailer->Body = $body;
143	$mailer->AddAddress($mail);
144	$mailer->Send();
145	$mailer->ClearAddresses();
146	}
147
148	if ($result) redirect("login.php");
149	}
150	}
151
152	//#####################################################################################################
153	// PRINT FORM
154	//#####################################################################################################
155	function register(){
156	global $lang_register, $lang_global, $output;
157	$output .= "<center>
158	<script type=\"text/javascript\" src=\"js/sha1.js\"></script>
159	<script type=\"text/javascript\">
160	function do_submit_data () {
161	if (document.form.pass1.value != document.form.pass2.value){
162	alert('{$lang_register['diff_pass_entered']}');
163	return;
164	} else {
165	document.form.pass.value = hex_sha1(document.form.username.value.toUpperCase()+':'+document.form.pass1.value.toUpperCase());
166	document.form.pass2.value = '0';
167	do_submit();
168	}
169	}
170	answerbox.btn_ok='{$lang_register['i_agree']}';
171	answerbox.btn_cancel='{$lang_register['i_dont_agree']}';
172	answerbox.btn_icon='';
173	</script>
174	<fieldset style=\"width: 550px;\">
175	<legend>{$lang_register['create_acc']}</legend>
176	<form method=\"post\" action=\"register.php?action=doregister\" name=\"form\">
177	<input type=\"hidden\" name=\"pass\" value=\"\" maxlength=\"256\" />
178	<table class=\"flat\">
179	<tr>
180	<td valign=\"top\">{$lang_register['username']}:</td>
181	<td><input type=\"text\" name=\"username\" size=\"45\" maxlength=\"14\" /><br />
182	{$lang_register['use_eng_chars_limited_len']}<br />
183	</td>
184	</tr>
185	<tr>
186	<td valign=\"top\">{$lang_register['password']}:</td>
187	<td><input type=\"password\" name=\"pass1\" size=\"45\" maxlength=\"25\" /></td>
188	</tr>
189	<tr>
190	<td valign=\"top\">{$lang_register['confirm_password']}:</td>
191	<td><input type=\"password\" name=\"pass2\" size=\"45\" maxlength=\"25\" /><br />
192	{$lang_register['min_pass_len']}<br />
193	</td>
194	</tr>
195	<tr>
196	<td valign=\"top\">{$lang_register['email']}:</td>
197	<td><input type=\"text\" name=\"email\" size=\"45\" maxlength=\"225\" /><br />
198	{$lang_register['use_valid_mail']}</td>
199	</tr>
200	<tr>
201	<td valign=\"top\">{$lang_register['acc_type']}:</td>
202	<td>
203	<select name=\"tbc\">
204	<option value=\"1\">{$lang_register['expansion']}</option>
205	<option value=\"0\">{$lang_register['classic']}</option>
206	</select>
207	- {$lang_register['acc_type_desc']}</td>
208	</tr>
209	<tr><td colspan=\"2\"><hr /></td></tr>
210	<tr>
211	<td colspan=\"2\">{$lang_register['read_terms']}.</td>
212	</tr>
213	<tr><td colspan=\"2\"><hr / ></td></tr>
214	<tr><td>";
215
216	$terms = "<textarea rows=\'18\' cols=\'80\' readonly=\'readonly\'>";
217	$terms_text = '';
218	$fp = fopen("mail_templates/terms.tpl", 'r') or die (error("Couldn't Open terms.tpl File!"));
219	while (!feof($fp)) $terms_text .= fgets($fp, 1024);
220	fclose($fp);
221	//$terms .= htmlentities($terms_text, ENT_QUOTES, 'cp1252')."</textarea>";
222	$terms .= $terms_text."</textarea>";
223
224
225	makebutton($lang_register['create_acc_button'], "javascript:answerBox('{$lang_register['terms']}<br />$terms', 'javascript:do_submit_data()')",150);
226	$output .= "</td><td>";
227	makebutton($lang_global['back'], "login.php", 328);
228	$output .= "</td></tr>
229	</table>
230	</form></fieldset>
231	<br /><br /></center>";
232	}
233
234
235	//#####################################################################################################
236	// PRINT PASSWORD RECOVERY FORM
237	//#####################################################################################################
238	function pass_recovery(){
239	global $lang_register, $lang_global, $output;
240	$output .= "<center>
241	<fieldset style=\"width: 550px;\">
242	<legend>{$lang_register['recover_acc_password']}</legend>
243	<form method=\"post\" action=\"register.php?action=do_pass_recovery\" name=\"form\">
244	<table class=\"flat\">
245	<tr>
246	<td valign=\"top\">{$lang_register['username']} :</td>
247	<td><input type=\"text\" name=\"username\" size=\"45\" maxlength=\"14\" /><br />
248	{$lang_register['user_pass_rec_desc']}<br />
249	</td>
250	</tr>
251	<tr>
252	<td valign=\"top\">{$lang_register['email']} :</td>
253	<td><input type=\"text\" name=\"email\" size=\"45\" maxlength=\"225\" /><br />
254	{$lang_register['mail_pass_rec_desc']}</td>
255	</tr>
256	<tr><td>";
257	makebutton($lang_register['recover_pass'], "javascript:do_submit()",150);
258	$output .= "</td><td>";
259	makebutton($lang_global['back'], "javascript:window.history.back()", 328);
260	$output .= "</td></tr>
261	</table>
262	</form></fieldset>
263	<br /><br /></center>";
264	}
265
266	//#####################################################################################################
267	// DO RECOVER PASSWORD
268	//#####################################################################################################
269	function do_pass_recovery(){
270	global $lang_global, $realm_db, $from_mail, $mailer_type, $smtp_cfg, $title;
271
272	if ( empty($_POST['username']) \|\| empty($_POST['email']) ) redirect("register.php?action=pass_recovery&err=1");
273
274	$sql = new SQL;
275	$sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
276
277	$user_name = $sql->quote_smart(trim($_POST['username']));
278	$email_addr = $sql->quote_smart($_POST['email']);
279
280	$result = $sql->query("SELECT I FROM account WHERE username = '$user_name' AND email = '$email_addr'");
281
282	if ($sql->num_rows($result) == 1){
283
284	require_once("scripts/mailer/class.phpmailer.php");
285	$mail = new PHPMailer();
286	$mail->Mailer = $mailer_type;
287	if ($mailer_type == "smtp"){
288	$mail->Host = $smtp_cfg['host'];
289	$mail->Port = $smtp_cfg['port'];
290	if($smtp_cfg['user'] != '') {
291	$mail->SMTPAuth = true;
292	$mail->Username = $smtp_cfg['user'];
293	$mail->Password = $smtp_cfg['pass'];
294	}
295	}
296
297	$file_name = "mail_templates/recover_password.tpl";
298	$fh = fopen($file_name, 'r');
299	$subject = fgets($fh, 4096);
300	$body = fread($fh, filesize($file_name));
301	fclose($fh);
302
303	$body = str_replace("\n", "<br />", $body);
304	$body = str_replace("\r", " ", $body);
305	$body = str_replace("<username>", $user_name, $body);
306	$body = str_replace("<password>", substr(sha1(strtoupper($user_name)),0,7), $body);
307	$body = str_replace("<activate_link>",
308	$_SERVER['HTTP_HOST']."/register.php?action=do_pass_activate&h=".$sql->result($result, 0, 'I')."&p=".substr(sha1(strtoupper($user_name)),0,7), $body);
309	$body = str_replace("<base_url>", $_SERVER['HTTP_HOST'], $body);
310
311	$mail->WordWrap = 50;
312	$mail->From = $from_mail;
313	$mail->FromName = "$title Admin";
314	$mail->Subject = $subject;
315	$mail->IsHTML(true);
316	$mail->Body = $body;
317	$mail->AddAddress($email_addr);
318
319	if(!$mail->Send()) {
320	$mail->ClearAddresses();
321	redirect("register.php?action=pass_recovery&err=11&usr=".$mail->ErrorInfo);
322	} else {
323	$mail->ClearAddresses();
324	redirect("register.php?action=pass_recovery&err=12");
325	}
326
327	} else redirect("register.php?action=pass_recovery&err=10");
328	}
329
330
331	//#####################################################################################################
332	// DO ACTIVATE RECOVERED PASSWORD
333	//#####################################################################################################
334	function do_pass_activate(){
335	global $lang_global, $realm_db;
336
337	if ( empty($_GET['h']) \|\| empty($_GET['p']) ) redirect("register.php?action=pass_recovery&err=1");
338
339	$sql = new SQL;
340	$sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
341
342	$pass = $sql->quote_smart(trim($_GET['p']));
343	$hash = $sql->quote_smart($_GET['h']);
344
345	$result = $sql->query("SELECT id,username FROM account WHERE I = '$hash'");
346
347	if ($sql->num_rows($result) == 1){
348	$username = $sql->result($result, 0, 'username');
349	$id = $sql->result($result, 0, 'id');
350	if (substr(sha1(strtoupper($sql->result($result, 0, 'username'))),0,7) == $pass){
351	$sql->query("UPDATE account SET I=SHA1(CONCAT(UPPER('$username'),':',UPPER('$pass'))) WHERE id = '$id'");
352	redirect("login.php");
353	}
354
355	} else redirect("register.php?action=pass_recovery&err=1");
356
357	redirect("register.php?action=pass_recovery&err=1");
358	}
359
360
361	//#####################################################################################################
362	// MAIN
363	//#####################################################################################################
364	$err = (isset($_GET['err'])) ? $_GET['err'] : NULL;
365
366	if (isset($_GET['usr'])) $usr = $_GET['usr'];
367	else $usr = NULL;
368
369	$output .= "<div class=\"top\">";
370	switch ($err) {
371	case 1:
372	$output .= "<h1><font class=\"error\">{$lang_global['empty_fields']}</font></h1>";
373	break;
374	case 2:
375	$output .= "<h1><font class=\"error\">{$lang_register['diff_pass_entered']}</font></h1>";
376	break;
377	case 3:
378	$output .= "<h1><font class=\"error\">{$lang_register['username']} $usr {$lang_register['already_exist']}<br />Or other User registered with same email/IP</font></h1>";
379	break;
380	case 4:
381	$output .= "<h1><font class=\"error\">{$lang_register['acc_reg_closed']}</font></h1>";
382	break;
383	case 5:
384	$output .= "<h1><font class=\"error\">{$lang_register['wrong_pass_username_size']}</font></h1>";
385	break;
386	case 6:
387	$output .= "<h1><font class=\"error\">{$lang_register['bad_chars_used']}</font></h1>";
388	break;
389	case 7:
390	$output .= "<h1><font class=\"error\">{$lang_register['invalid_email']}</font></h1>";
391	break;
392	case 8:
393	$output .= "<h1><font class=\"error\">{$lang_register['banned_ip']} ($usr)<br />{$lang_register['contact_serv_admin']}</font></h1>";
394	break;
395	case 9:
396	$output .= "<h1><font class=\"error\">{$lang_register['users_ip_range']}: $usr {$lang_register['cannot_create_acc']}</font></h1>";
397	break;
398	case 10:
399	$output .= "<h1><font class=\"error\">{$lang_register['user_mail_not_found']}</font></h1>";
400	break;
401	case 11:
402	$output .= "<h1><font class=\"error\">Mailer Error: $usr</font></h1>";
403	break;
404	case 12:
405	$output .= "<h1><font class=\"error\">{$lang_register['recovery_mail_sent']}</font></h1>";
406	break;
407	default:
408	$output .= "<h1><font class=\"error\">{$lang_register['fill_all_fields']}</font></h1>";
409	}
410	$output .= "</div>";
411
412	$action = (isset($_GET['action'])) ? $_GET['action'] : NULL;
413
414	switch ($action){
415	case "doregister":
416	doregister();
417	break;
418	case "pass_recovery":
419	pass_recovery();
420	break;
421	case "do_pass_recovery":
422	do_pass_recovery();
423	break;
424	case "do_pass_activate":
425	do_pass_activate();
426	break;
427	default:
428	register();
429	}
430
431	require_once("footer.php");
432	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: