echo "Please <a href=\"../users.php?id=" . $user_id . "\">click here</a><br>\n";
echo "</h2>\n";
echo "</body>\n</html>\n\n";
die;
}
}
}
if ($crc == md5($HTTP_USER_AGENT . $ts . CRC_SALT_0007)) {
$da_username = $username;
if ($da_username != $user->user_name) {
echo "Hmm? hijacking pages ?";
die;
}
$da_emailaddy = $email;
$da_newmail = $newemail;
if (is_email_locked($LOCK_EMAILCHG, $da_newmail)) {
echo "<h2>\n";
echo "Your new e-mail CANNOT be '{$da_newmail}' (Unallowed).<br>\n";
echo "<a href=\"javascript:history.go(-1);\">Go Back</a><br>\n";
echo "</h2>\n";
echo "</body>\n</html>\n\n";
die;
}
$email_nreg = pg_safe_exec("select * from noreg where lower(email) = '" . strtolower($da_newmail) . "'");
if (pg_numrows($email_nreg) > 0) {
echo "<h2>\n";
echo "Your new e-mail CANNOT be '{$da_newmail}' (NOREG).<br>\n";
echo "<a href=\"javascript:history.go(-1);\">Go Back</a><br>\n";
echo "</h2>\n";
echo "</body>\n</html>\n\n";
die;
if ($admin > 0 || acl(XAT_CAN_EDIT) || $nrw_lvl > 0) {
$unf = pg_safe_exec("select * from noreg where type=4 and lower(user_name)='" . strtolower($user->user_name) . "'");
if (pg_numrows($unf) > 0 || (int) $user->flags & 0x8) {
echo "<tr><td colspan=2 bgcolor=#" . $cTheme->main_frauduser . "><font color=#" . $cTheme->table_maintextcolor . " size=-1><em><b><center>~ This account is in FRAUD USERNAMES";
if (pg_numrows($unf) > 0) {
$unfobj = pg_fetch_object($unf, 0);
$da_reason = $unfobj->reason;
echo " - Reason : </b>" . $da_reason . "<b>";
}
echo " ~</center></em></b></font></td></tr>\n";
}
$unf2 = pg_safe_exec("select * from noreg where type<4 and lower(user_name)='" . strtolower($user->user_name) . "' OR lower(email)='" . strtolower($user->email) . "'");
if (pg_numrows($unf2) > 0) {
echo "<tr><td colspan=2 bgcolor=#" . $cTheme->table_tr_enlighten . "><font color=#" . $cTheme->main_textcolor . " size=-1><em><b><center>~ This account is in NOREG (user or email) ~</center></em></b></font></td></tr>\n";
}
if (is_email_locked(1, $user->email) || is_email_locked(2, $user->email) || is_email_locked(4, $user->email) || is_email_locked(8, $user->email)) {
echo "<tr><td colspan=2 bgcolor=#" . $cTheme->table_tr_enlighten2 . "><font color=#" . $cTheme->table_headtextcolor . " size=-1><em><b><center>~ This account is in DOMAIN LOCK (email addy) ~</center></em></b></font></td></tr>\n";
}
}
echo "<tr><td colspan=2 bgcolor=#" . $cTheme->table_sepcolor . "><font size=-1 color=#" . $cTheme->table_septextcolor . "><em><b>User Information</b></em></td></tr>";
if (!$edit) {
//if ($admin>0) { local_seclog("View '" . $user->user_name . "' (" . $user->id . ")"); }
if ($id == $user_id || ($admin > 0 || acl(XAT_CAN_EDIT))) {
echo "<TR><TD><font size=-1><b>Email</b></td><td><font size=-1> " . $user->email . "</font><FONT COLOR=#" . $cTheme->main_textlight . " size=-1> (Hidden from public)</td></tr>";
}
// Only show for self or admin
if ($user->url != "") {
if ($user->url != "" && !ereg("^http://", $user->url)) {
echo "<tr><td><font size=-1><b>Homepage</b></td><td><font size=-1><a href=\"http://{$user->url}\" target=\"_blank\">http://" . htmlspecialchars($user->url) . "</a></td></tr>";
} else {
echo "<tr><td><font size=-1><b>Homepage</b></td><td><font size=-1><a href=\"{$user->url}\" target=\"_blank\">" . htmlspecialchars($user->url) . "</a></td></tr>";
echo "<b>Domain/User Lock</b> Checker - <a href=\"./index.php\">Home</a><br><br>\n";
if (ereg("@", $_GET["im"])) {
// considere it a full email
if (preg_match("/^[A-Za-z0-9_+-.]+@[A-Za-z0-9.-]+\\.[A-Za-z][A-Za-z]+\$/", $_GET["im"])) {
if (is_email_locked(-1, $_GET["im"])) {
echo "<h3>The e-mail address '" . $_GET["im"] . "' is LOCKED by the '" . $LOCK_MATCH . "' entry.</h3>";
} else {
echo "<h3>The e-mail address '" . $_GET["im"] . "' is NOT LOCKED by the DomainLock system.</h3>";
}
} else {
echo "<h3>Invalid e-mail address, try again !</h3>\n";
}
} else {
// considere it a domain name
if (preg_match("/^[A-Za-z0-9.-]+\\.[A-Za-z][A-Za-z]+\$/", $_GET["im"])) {
if (is_email_locked(-1, "!!!@" . $_GET["im"])) {
echo "<h3>The domain name '" . $_GET["im"] . "' is LOCKED by the '" . $LOCK_MATCH . "' entry.</h3>";
} else {
echo "<h3>The domain name '" . $_GET["im"] . "' is NOT LOCKED by the DomainLock system.</h3>";
}
} else {
echo "<h3>Invalid domain name, try again !</h3>\n";
}
}
echo "<br><br><a href=\"index.php\">go back !</a><br>\n";
?>
</body>
</html>
// Added more email validation checks. The email must contain an @, it must have atleast one character before the @ and it must
// contain atleast one . and there must be atleast 2 characters trailing the final . and there is no _ in the hostname section. Just
// RFC enforcement checking.
if (!preg_match("/^[A-Za-z0-9_+-.]+@[A-Za-z0-9.-]+\\.[A-Za-z][A-Za-z]+\$/", $email)) {
$failed = 1;
if ($first_error) {
std_theme_styles(1);
std_theme_body();
echo $headerz;
$first_error = 0;
}
echo "<p><font color=\"#" . $cTheme->main_warnmsg . "\">The email address is invalid.</font> It must contain a @, it must be from a valid domain, and it can only contain alpha-numeric ";
echo "characters (a-zA-Z0-9) or the . or - character.</p>";
}
// Now we have to go to the database. First to see if the email domain is valid, then to see if it's in use.
if (is_email_locked($LOCK_USERNAME, $email)) {
$failed = 1;
if ($first_error) {
std_theme_styles(1);
std_theme_body();
echo $headerz;
$first_error = 0;
}
echo "<p><font color=\"#" . $cTheme->main_warnmsg . "\">You are not allowed to create a username using this email account ({$email}).</p>";
}
$email_dbh = pg_safe_exec("select user_name from users where lower(email) = '{$lowemail}'");
if (pg_numrows($email_dbh) > 0) {
$failed = 1;
if ($first_error) {
std_theme_styles(1);
std_theme_body();
unset($lhmask);
if (REGPROC_IDLECHECK && is_irc_idled($user_id, 21)) {
echo "<html><head><title>REGISTRATION PROCESS</title>";
std_theme_styles();
echo "</head>\n";
std_theme_body("../");
echo "<b>CHANNEL SERVICE REGISTRATION PROCESS</b><br><hr noshade size=2><br>\n";
echo "<h2>You must login to " . BOT_NAME . " on IRC to apply to register a channel.<br></h2>\n";
echo "<br>\n";
echo "Then <a href=\"javascript:history.go(-1);\">go back</a> and repost the form.<br>\n";
echo "</body></html>\n\n";
die;
}
$ress = pg_safe_exec("SELECT email FROM users WHERE id='{$user_id}'");
$rooo = pg_fetch_object($ress, 0);
if (is_email_locked($LOCK_REGPROC, $rooo->email)) {
echo "<html><head><title>REGISTRATION PROCESS</title>";
std_theme_styles();
echo "</head>\n";
std_theme_body("../");
echo "Sorry, you can't register a channel using your current e-mail address.<br>\n";
echo "You can request a modification of your email-in-record by <a href=\"../forms/emailchange.php\">clicking here</a>.";
echo "</body></html>\n\n";
die;
}
$rsts = pg_safe_exec("SELECT signup_ts FROM users WHERE id=" . (int) $user_id);
$rsto = pg_fetch_object($rsts);
if ((int) $rsto->signup_ts > 0) {
$now = time();
$days_elapsed = (int) ((int) ($now - (int) $rsto->signup_ts) / 86400);
if ($days_elapsed < MIN_DAYS_BEFORE_REG) {
header("Pragma: no-cache");
echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">\n";
echo "<html>\n";
echo "<head><title>Error</title>";
std_theme_styles();
echo "</head>";
std_theme_body();
echo "<font size=+0>\n";
echo "You have been globally suspended by a Cservice Administrator, you can't login.<br><br>";
echo "<a href=\"index.php\" target=\"_top\">click here</a>.<br>\n";
echo "</font></body></html>\n\n";
die;
}
$ress = pg_safe_exec("SELECT tz_setting,email FROM users WHERE id='{$user_id}'");
$rooo = pg_fetch_object($ress, 0);
if (is_email_locked($LOCK_LOGIN, $rooo->email)) {
header("Pragma: no-cache");
echo "<META HTTP-EQUIV=\"Pragma\" CONTENT=\"no-cache\">\n";
echo "<html><head><title>REGISTRATION PROCESS</title>\n";
std_theme_styles();
echo "</head>";
std_theme_body();
echo "Sorry, you can't login using your current e-mail address.<br>\n";
echo "You will need to <b>/join " . SERVICE_CHANNEL . "</b> in order to deal with this problem.";
echo "</body></html>\n\n";
die;
}
$tz_setting = trim($rooo->tz_setting);
/*
unset($ress);
$ress = pg_safe_exec("SELECT * FROM noreg WHERE lower(user_name)='" . strtolower($username) . "' AND type=4");
echo "</body>\n</html>\n\n";
die;
}
$res2 = pg_safe_exec("SELECT id,email,user_name FROM users WHERE lower(user_name)='" . strtolower($new_manager) . "'");
if (pg_numrows($res2) == 0) {
echo "<h2>\n";
echo "The new manager needs to be a valid CService username.<br>\n";
echo "<a href=\"javascript:history.go(-1);\">Go Back</a><br>\n";
echo "</h2>\n";
echo "</body>\n</html>\n\n";
die;
}
$newmgr = pg_fetch_object($res2, 0);
$new_manager_email = $newmgr->email;
$new_manager_id = $newmgr->id;
if (is_email_locked(2, $new_manager_email)) {
echo "<h2>\n";
echo "The new manager has an invalid e-mail address that cannot be owner of a channel (LOCKED).<br>\n";
echo "<a href=\"javascript:history.go(-1);\">Go Back</a><br>\n";
echo "</h2>\n";
echo "</body>\n</html>\n\n";
die;
}
$channel = str_replace("\\\\'", "'", $channel);
$blah = pg_safe_exec("SELECT id FROM channels WHERE lower(name)='" . strtolower($channel) . "' AND registered_ts>0");
if (pg_numrows($blah) == 0) {
echo "<h2>Unexistant channel !@#</h2></body></html>\n\n";
die;
} else {
$roo = pg_fetch_object($blah, 0);
$channel_id = $roo->id;
}
if ($check_invalid && !file_exists("../testnet")) {
echo "<h2>All your supporters must login to " . BOT_NAME . " on IRC to apply to register a channel.<br><br>Have all your supporters login to " . BOT_NAME . ", then try again posting the form.</h2>\n";
echo "<br>\n";
echo "<br><br><a href=\"javascript:reg_form();\">Go back to form</a>.\n";
echo "</body></html>\n\n";
die;
}
}
$check_invalid = 0;
$s_index = 0;
for ($x = 0; $x < REQUIRED_SUPPORTERS; $x++) {
$res = pg_safe_exec("SELECT email FROM users WHERE lower(users.user_name)='" . strtolower($supporters[$x]) . "'");
$row = pg_fetch_object($res, 0);
$email = strtolower($row->email);
if (is_email_locked($LOCK_REGPROC, $email)) {
$check_invalid = 1;
$badmail_supids[$s_index] = $x;
$s_index++;
}
}
if ($check_invalid) {
echo "<h2>One or more of your supporters is using an invalid email address.<br></h2>\n";
echo "<br>\n";
echo "List of invalid supporters :<br>\n";
for ($x = 0; $x < count($badmail_supids); $x++) {
echo "<li> " . $supporters[$badmail_supids[$x]] . "\n";
echo "<script language=\"JavaScript1.2\">\n";
echo "<!--\n";
echo "document.forms[0].ii_supporter" . $badmail_supids[$x] . ".value='* '+document.forms[0].ii_supporter" . $badmail_supids[$x] . ".value;\n";
echo "//-->\n";
echo "to send you unsolicited email. It will be used to send you information on how to obtain your ";
echo "password.<br><br>\n";
echo "<label>Email Address: <input type=text name=email maxlength=128>\n";
$jsf .= "\tif (f.email.value == '') { all_ok = false; }\n";
$jsf .= "\tvar msg = 'Please type in your e-mail address !';\n";
}
break;
case 4:
if (md5(CRC_SALT_0008 . $_POST["username"] . "UCHECK") != $_POST["username_crc"]) {
$err .= "<li> <b>Attempt to hack page content !</b> (username)\n";
$hackpc = 1;
}
if (!is_email_valid($_POST["email"])) {
$err .= "<li> Your e-mail address is invalid.\n";
}
if (is_email_locked($LOCK_USERNAME, $_POST["email"])) {
$err .= "<li> You are not allowed to create an account using this email address (" . $_POST["email"] . ")\n";
}
$email_nreg = pg_safe_exec("SELECT * FROM noreg WHERE lower(email)='" . post2db(strtolower($_POST["email"])) . "' and user_name='*'");
if (pg_numrows($email_nreg) > 0) {
$err .= "<li> This email account (" . $_POST["email"] . ") is in NOREG, you can't use it for username registration.\n";
}
$email_dbh = pg_safe_exec("SELECT user_name FROM users WHERE lower(email)='" . post2db(strtolower($_POST["email"])) . "'");
if (pg_numrows($email_dbh) > 0) {
$err .= "<li> There is already an account registered with that email address.<br>You can only have one account per person. If you have lost your password and require a new one to be resent <a href=\"forgotten_pass.php\">click here</a>.\n";
}
if ($err != "") {
err_newuser($err);
} else {
echo "<input type=hidden name=is13 value=1>\n";
echo "<input type=hidden name=username value=\"" . post2input($_POST["username"]) . "\">\n";
