function register($username, $name, $email, $profile, $captcha) { if (!checkLock("register")) { return 7; } //verify that fields have been properly entered if (strlen($username) == 0 || strlen($email) == 0) { return 1; } //verify name if (strlen($name) < 4) { return 9; } //check if registration is enabled $config = $GLOBALS['config']; if (!$config['app_enabled']) { return 8; } //make sure that there are not too many users if (isset($config['limits']) && isset($config['limits']['users']) && $config['limits']['users'] > 0) { $result = mysql_query("SELECT COUNT(*) FROM users"); $row = mysql_fetch_array($result); if ($row[0] >= $config['limits']['users']) { return 8; } } $username = escape($username); $name = escape($name); $email = escape($email); $gen_salt = secure_random_bytes(20); $db_salt = escape(bin2hex($gen_salt)); $gen_password = uid(12); $password = escape(chash2($gen_password, $gen_salt)); //validate email address (after MySQL escaping...) if (!validEmail($email)) { return 3; } //verify that email and username are not in use // we check each one separately to respond with different error codes $result = mysql_query("SELECT id FROM users WHERE email='" . $email . "'"); if (mysql_num_rows($result) > 0) { return 3; } $result = mysql_query("SELECT id FROM users WHERE username='******'"); if (mysql_num_rows($result) > 0) { return 5; } //verify the captcha if ($config['captcha_enabled']) { include_once basePath() . '/securimage/securimage.php'; $securimage = new Securimage(); if ($securimage->check($captcha) == false) { // the code was incorrect return 2; } } $registerTime = time(); //delete old accounts // these are accounts that have not been accessed (accessed=0 in oneapp.users) with register_time < time() - config[activation_time] $activeTime = $registerTime - $config['activation_time']; mysql_query("DELETE FROM users WHERE accessed = '0' AND register_time < '{$activeTime}'"); lockAction("register"); $result = mysql_query("INSERT INTO users (username, name, password, salt, email, register_time, accessed) VALUES ('{$username}', '{$name}', '{$password}', '{$db_salt}', '{$email}', '{$registerTime}', '0')"); if ($result !== FALSE) { $user_id = mysql_insert_id(); foreach ($profile as $var_id => $item) { $val = escape($item[1]); mysql_query("INSERT INTO profiles (user_id, var_id, val) VALUES ('{$user_id}', '{$var_id}', '{$val}')"); } //initiate messaging default preferences initMessaging($user_id); //send email $content = page_db("registration"); $content = str_replace('$USERNAME$', $username, $content); $content = str_replace('$NAME$', $name, $content); $content = str_replace('$PASSWORD$', $gen_password, $content); $content = str_replace('$EMAIL$', $email, $content); $content = str_replace('$LOGIN_ADDRESS$', $config['site_address'] . "/login.php", $content); $result = one_mail($config['site_name'] . " Registration", $content, $email); if ($result) { return 0; } else { return 6; } } else { return 4; } }
$line = trim($line); if($line !== '') { mysql_query($line) or die("There was an error while attempting to create the oneapp tables.<br />" . mysql_error()); } } } else { die("Error: could not read from the install.sql file!"); } //make sure that users aren't set up yet echo "Checking users table<br />"; $result = mysql_query("SELECT COUNT(*) FROM users"); $row = mysql_fetch_row($result); if($row[0] == 0) { echo "Creating site administrative user (username=admin, password is blank)<br />"; mysql_query("INSERT INTO users (username, password, name, email, register_time, accessed) VALUES ('admin', '" . chash("") . "', 'Site Administrator', '*****@*****.**', '0', '0')"); $admin_id = escape(mysql_insert_id()); mysql_query("INSERT INTO user_groups (user_id, `group`) VALUES ('$admin_id', '0')"); mysql_query("INSERT INTO user_groups (user_id, `group`) VALUES ('$admin_id', '-1')"); initMessaging($admin_id); echo "<font color=\"green\">Installation is complete.</font>"; } else { die("Error: at least one user has been created. For security reasons, the users table must be empty to run this installation script."); } ?>