* @filesource $HeadURL: https://localhost:8443/svn/wb283Sp4/SP4/branches/wb/account/signup2.php $ * @lastmodified $Date: 2015-04-27 10:02:19 +0200 (Mo, 27. Apr 2015) $ * */ // Must include code to stop this file being access directly if (defined('WB_PATH') == false) { die("Cannot access this file directly"); } // require_once(WB_PATH.'/framework/class.wb.php'); $wb = new wb('Start', 'start', false, false); // Get details entered $groups_id = FRONTEND_SIGNUP; $active = 1; $username = strtolower(strip_tags($wb->get_post_escaped('username'))); $display_name = strip_tags($wb->get_post_escaped('display_name')); $email = $wb->get_post('email'); // Create a javascript back link $js_back = WB_URL . '/account/signup.php'; /* if (!$wb->checkFTAN()) { $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back, false); exit(); } */ // Check values if ($groups_id == "") { $wb->print_error($MESSAGE['USERS_NO_GROUP'], $js_back, false); } if (!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) { $wb->print_error($MESSAGE['USERS_NAME_INVALID_CHARS'] . ' / ' . $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back);
unset($_POST['save']); } } } if (true === $submit_ok) { unset($_SESSION['wb_apf_hash']); unset($_POST['hash']); $errors = array(); // timezone must match a value in the table //global $timezone_table; $timezone_string = $wb_inst->get_timezone_string(); if (in_array($_POST['timezone_string'], $timezone_table)) { $timezone_string = $_POST['timezone_string']; } // language must be 2 upercase letters only $language = strtoupper($wb_inst->get_post('language')); $language = preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE; // email should be validatet by core $email = $wb_inst->get_post('email') == null ? '' : $wb_inst->get_post('email'); if (!$wb_inst->validate_email($email)) { $email = ''; $errors[] = $MESSAGE['USERS_INVALID_EMAIL']; } else { // check that email is unique in whoole system $email = addslashes($email); $sql = 'SELECT COUNT(*) FROM `' . TABLE_PREFIX . 'users` '; $sql .= 'WHERE `user_id` <> ' . (int) $wb_inst->get_user_id() . ' AND `email` LIKE "' . $email . '"'; if ($database->get_one($sql) > 0) { $errors[] = $MESSAGE['USERS_EMAIL_TAKEN']; } }