Exemple #1
0
/**
 * add a comment to a blog entry
 *
 * @return array entry status
 */
function Blog_commentAdd()
{
    $ret = array();
    $bid = (int) $_REQUEST['blog_entry_id'];
    $pid = (int) $_REQUEST['page_id'];
    $page = Page::getInstance($pid);
    if (!$page->name) {
        $ret['error'] = 'Invalid page id.';
        return $ret;
    }
    $entry = dbRow('select * from blog_entry where id=' . $bid . ' and status>0 and allow_comments');
    if (!$entry) {
        $ret['error'] = 'Entry does not exist, is not yet public,' . ' or does not allow comments.';
        return $ret;
    }
    $name = $_REQUEST['name'];
    $email = $_REQUEST['email'];
    $url = $_REQUEST['url'];
    $comment = $_REQUEST['comment'];
    $status = 0;
    $uid = 0;
    if (isset($_SESSION['userdata']['id'])) {
        $name = $_SESSION['userdata']['name'];
        $email = $_SESSION['userdata']['email'];
        $status = 1;
        $uid = $_SESSION['userdata']['id'];
    }
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $ret['error'] = 'Invalid email address';
        return $ret;
    }
    if ($url && !filter_var($url, FILTER_VALIDATE_URL)) {
        $ret['error'] = 'Invalid URL';
        return $ret;
    }
    $verification = '';
    if (!$status && $entry['allow_comments'] == 1) {
        $verification = md5(time() . rand());
    }
    dbQuery('insert into blog_comment set user_id=' . $uid . ', name="' . addslashes($name) . '"' . ', url="' . addslashes($url) . '"' . ', email="' . addslashes($email) . '"' . ', comment="' . addslashes($comment) . '"' . ', cdate=now(), blog_entry_id=' . $bid . ', status=' . $status . ', verification="' . $verification . '"');
    if (!$status && $entry['allow_comments'] == 1) {
        Core_mail($email, '[' . $_SERVER['HTTP_HOST'] . '] comment verification', 'A comment was posted on our website claiming to be from your email' . " address.\n\nIf it was not you, then please ignore this email.\n\n" . "To verify the comment, please click the following link:\n" . 'http://' . $_SERVER['HTP_HOST'] . '/a/p=blog/f=commentVerify/md5=' . $verification);
        $ret['message'] = 'Please check your email for a verification code';
    }
    return $ret;
}
Exemple #2
0
            foreach ($_REQUEST['new_groups'] as $ng) {
                $n = addslashes($ng);
                dbQuery("insert into groups set name='{$n}',parent=0");
                $_REQUEST['groups'][dbOne('select last_insert_id() as id', 'id')] = true;
            }
        }
        // }
        if (isset($_REQUEST['groups'])) {
            foreach ($_REQUEST['groups'] as $k => $n) {
                dbQuery("insert into users_groups set user_accounts_id={$id},groups_id=" . (int) $k);
            }
        }
        echo '<em>users updated</em>';
        if (isset($_REQUEST['email-to-send'])) {
            $site = preg_replace('/www\\./', '', $_SERVER['HTTP_HOST']);
            Core_mail($_REQUEST['email'], '[' . $site . '] user status update', $_REQUEST['email-to-send'], 'no-reply@' . $site);
        }
        Core_cacheSave('user-session-resets', $id, true);
    }
}
// }
// { form
$r = dbRow("select * from user_accounts where id={$id}");
if (!is_array($r) || !count($r)) {
    $r = array('id' => -1, 'email' => '', 'name' => '', 'contact' => '{}', 'active' => 0, 'address' => '[]', 'parent' => $_SESSION['userdata']['id']);
}
// { table of contents
echo '<div id="tabs"><ul>' . '<li><a href="#details">User Details</a></li>' . '<li><a href="#locations">Locations</a></li>' . '<li><a href="#custom">Custom Data</a></li>' . '</ul> <form action="siteoption' . 's.php?page=users&amp;id=' . $id . '" method="post">';
echo '<input type="hidden" name="id" value="' . $id . '" />';
if (!isset($r['extras'])) {
    $r['extras'] = '';
Exemple #3
0
        if (strcmp($res, "VERIFIED") == 0) {
            $str = '';
            foreach ($_POST as $key => $value) {
                $str .= $key . " = " . $value . "\n";
            }
            if (!isset($_POST['item_number'])) {
                Core_mail('*****@*****.**', $_SERVER['HTTP_HOST'] . ' problem with PayPal payment', "There was a problem marking a purchase as Paid. Please contact" . " your website provider with the following details:\n\n" . $str);
                Core_quit();
            }
            $id = (int) $_POST['item_number'];
            if ($id < 1) {
                Core_quit();
            }
            // check that payment_amount/payment_currency are correct
            $order = dbRow("SELECT * FROM online_store_orders WHERE id={$id}");
            if (round($order['total']) != round($_POST['mc_gross'])) {
                // TODO: you should be able to edit the email address here - e.g. test domains will have a strange email address
                $eml = 'info@' . preg_replace('/^www\\./', '', $_SERVER['HTTP_HOST']);
                Core_mail($eml, $_SERVER['HTTP_HOST'] . ' paypal hack', $str, $eml);
                Core_quit();
            }
            // process payment
            require dirname(__FILE__) . '/../order-status.php';
            OnlineStore_processOrder($id, $order);
        } else {
            if (strcmp($res, "INVALID") == 0) {
            }
        }
    }
    fclose($fp);
}
Exemple #4
0
/**
 * sends an invoice if the status is right
 *
 * @param int   $id    ID of the order
 * @param array $order details of the order
 *
 * @return null
 */
function OnlineStore_sendInvoiceEmail($id, $order = false)
{
    if ($order === false) {
        $order = dbRow("SELECT * FROM online_store_orders WHERE id={$id}");
    }
    $sendAt = (int) dbOne('select val from online_store_vars where name="invoices_by_email"', 'val');
    if ($sendAt == 0 && $order['status'] != '1') {
        return;
    }
    if ($sendAt == 1) {
        // never send
        return;
    }
    if ($sendAt == 2 && $order['status'] != '2') {
        return;
    }
    if ($sendAt == 3 && $order['status'] != '4') {
        return;
    }
    $form_vals = json_decode($order['form_vals']);
    $items = json_decode($order['items']);
    $short_domain = str_replace('www.', '', $_SERVER['HTTP_HOST']);
    // { work out from/to
    $page = Page::getInstanceByType('online-store');
    $page->initValues();
    $from = 'noreply@' . $short_domain;
    $bcc = '';
    if ($page && isset($page->vars['online_stores_admin_email']) && $page->vars['online_stores_admin_email']) {
        $from = $page->vars['online_stores_admin_email'];
        $bcc = $page->vars['online_stores_admin_email'];
    }
    if (isset($form_vals->billing_email)) {
        $form_vals->Billing_Email = $form_vals->billing_email;
    }
    if (!isset($form_vals->Billing_Email) || !$form_vals->Billing_Email) {
        $form_vals->Billing_Email = $form_vals->Email;
    }
    $headers = '';
    if ($bcc) {
        $sendToAdmin = (int) dbOne('select val from online_store_vars where name="invoices_by_email_admin"', 'val');
        if (!$sendToAdmin) {
            $headers .= 'BCC: ' . $bcc . "\r\n";
        }
    }
    // }
    Core_trigger('send-invoice', array($order));
    // { send invoice
    if ($form_vals->Billing_Email != '*****@*****.**') {
        Core_mail($form_vals->Billing_Email, '[' . $short_domain . '] invoice #' . $id, $order['invoice'], $from, '_body', $headers);
    }
    // }
    // { handle item-specific stuff (vouchers, stock control)
    foreach ($items as $item_index => $item) {
        if (!$item->id) {
            continue;
        }
        $p = Product::getInstance($item->id);
        $pt = ProductType::getInstance($p->vals['product_type_id']);
        if ($pt->is_voucher) {
            $html = $pt->voucher_template;
            // { common replaces
            $html = str_replace('{{$_name}}', $p->name, $html);
            $html = str_replace('{{$description}}', $p->vals['description'], $html);
            $html = str_replace('{{$_recipient}}', $form_vals->Billing_Email, $html);
            $html = str_replace('{{$_amount}}', $p->vals['os_voucher_value'], $html);
            // }
            if (strpos($html, '{{PRODUCTS_QRCODE}}') !== false) {
                // qr code
                $url = 'http://' . $_SERVER['HTTP_HOST'] . '/a/p=online-store/f=checkQrCode/' . 'oid=' . $order['id'] . '/pid=' . $item_index . '/md5=' . md5($order['invoice']);
                $html = str_replace('{{PRODUCTS_QRCODE}}', '<img src="http://' . $_SERVER['HTTP_HOST'] . '/a/p=online-store/f=getQrCode/b64=' . urlencode(base64_encode($url)) . '"/>', $html);
            }
            Core_mail($form_vals->Billing_Email, '[' . $short_domain . '] voucher', $html, $from, '_body', $headers);
        }
        // { stock control
        if (isset($p->vals['online-store'])) {
            $valsOS = $p->vals['online-store'];
            $stock_amount = (int) @$valsOS['_stock_amt'] - $item->amt;
            $valsOS['_stock_amt'] = $stock_amount;
            $sold_amount = (int) @$valsOS['_sold_amt'] + $item->amt;
            $valsOS['_sold_amt'] = $sold_amount;
            dbQuery('update products set' . ' online_store_fields="' . addslashes(json_encode($valsOS)) . '"' . ', os_amount_in_stock=' . $stock_amount . ', os_amount_sold=' . $sold_amount . ', date_edited=now()' . ' where id=' . $item->id);
        }
        // }
    }
    Core_cacheClear('products');
    // }
}
Exemple #5
0
 }
 // }
 // { send order_made_admin email if the template is set
 // { create template if it doesn't exist
 if (!file_exists($tpldir . $PAGEDATA->id . '-order_made_admin')) {
     $r = dbOne('select val from online_store_vars' . ' where name="email_order_made_admin"', 'val');
     if ($r) {
         file_put_contents($tpldir . $PAGEDATA->id . '-order_made_admin', $r);
     }
 }
 // }
 // { send email
 if (file_exists($tpldir . $PAGEDATA->id . '-order_made_admin')) {
     $rs = dbAll('select * from online_store_vars' . ' where name like "email_order_made_admin%"', 'name');
     $body = $smarty->fetch($tpldir . $PAGEDATA->id . '-order_made_admin');
     Core_mail($rs['email_order_made_admin_recipient']['val'], $rs['email_order_made_admin_subject']['val'], $body, $rs['email_order_made_admin_replyto']['val'], $rs['email_order_made_admin_template']['val']);
 }
 // }
 // }
 // { show payment button
 switch ($_REQUEST['_payment_method_type']) {
     case 'Bank Transfer':
         // {
         $msg = $PAGEDATA->vars['online_stores_bank_transfer_message'];
         $msg = str_replace('{{$total}}', OnlineStore_numToPrice($grandTotal), $msg);
         $msg = str_replace('{{$invoice_number}}', $id, $msg);
         $msg = str_replace('{{$bank_name}}', htmlspecialchars($PAGEDATA->vars['online_stores_bank_transfer_bank_name']), $msg);
         $msg = str_replace('{{$account_name}}', htmlspecialchars($PAGEDATA->vars['online_stores_bank_transfer_account_name']), $msg);
         $msg = str_replace('{{$account_number}}', htmlspecialchars($PAGEDATA->vars['online_stores_bank_transfer_account_number']), $msg);
         $msg = str_replace('{{$sort_code}}', htmlspecialchars($PAGEDATA->vars['online_stores_bank_transfer_sort_code']), $msg);
         $c .= $msg;
Exemple #6
0
/**
 * send a confirmation email
 *
 * @param string $email email address to send the confirmation to
 * @param string $hash  hash key for verification
 *
 * @return null
 */
function Mailinglist_sendConfirmation($email, $hash)
{
    $data = dbAll('select name,value from mailing_list_options');
    foreach ($data as $d) {
        $EMAIL[$d['name']] = $d['value'];
    }
    if ($_SERVER['HTTPS'] == 'on') {
        $http = 'https';
    } else {
        $http = 'http';
    }
    $url = $http . '://' . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
    $EMAIL['body'] = str_replace('%link%', $url . '?mailing_list_hash=' . $hash, $EMAIL['body']);
    Core_mail($email, $EMAIL['subject'], $EMAIL['body'], $EMAIL['from']);
}
Exemple #7
0
/**
 * submit a post to a forum
 *
 * @return status of the forum
 */
function Forum_post()
{
    if (!isset($_SESSION['userdata']) || !$_SESSION['userdata']['id']) {
        Core_quit();
    }
    $title = $_REQUEST['title'];
    $body = $_REQUEST['body'];
    $forum_id = (int) @$_REQUEST['forum_id'];
    $thread_id = (int) @$_REQUEST['thread_id'];
    $errs = array();
    if (!$body) {
        $errs[] = 'no post body supplied';
    }
    if (!$forum_id) {
        $errs[] = 'no forum selected';
    } else {
        $forum = dbRow('select * from forums where id=' . $forum_id);
        if (!$forum || !count($forum)) {
            $errs[] = 'forum does not exist';
        } else {
            if ($thread_id) {
                $title = '';
                $thread = dbRow('select * from forums_threads where id=' . $thread_id . ' and forum_id=' . $forum_id);
                if (!$thread || !count($thread)) {
                    $errs[] = 'thread does not exist or doesn\'t belong to that forum';
                }
            } else {
                if (!$title) {
                    $errs[] = 'no thread title supplied';
                }
            }
        }
    }
    if (count($errs)) {
        return array('errors' => $errs);
    }
    if (!$thread_id) {
        $sql = 'insert into forums_threads set forum_id=' . $forum_id . ',' . 'name="' . addslashes($title) . '",creator_id=' . $_SESSION['userdata']['id'] . ',created_date=now(),num_posts=0,last_post_date=now(),last_post_by=0,' . 'subscribers="' . $_SESSION['userdata']['id'] . '"';
        dbQuery($sql);
        $thread_id = dbLastInsertId();
    } else {
        // add user to the subscribers list
        $subscribers = dbOne('select subscribers from forums_threads where id=' . $thread_id, 'subscribers');
        $subscribers = explode(',', $subscribers);
        if (!in_array($_SESSION['userdata']['id'], $subscribers)) {
            $subscribers[] = $_SESSION['userdata']['id'];
            dbQuery('update forums_threads set subscribers="' . join(',', $subscribers) . '" where id=' . $thread_id);
        }
    }
    // { insert the post into the thread
    $moderated = 1 - $forum['is_moderated'];
    dbQuery('insert into forums_posts set thread_id=' . $thread_id . ',author_id=' . $_SESSION['userdata']['id'] . ',created_date=now()' . ',body="' . addslashes($body) . '",moderated=' . $moderated);
    $post_id = (int) dbLastInsertId();
    dbQuery('update forums_threads set num_posts=num_posts+1,' . 'last_post_date=now(),last_post_by=' . $_SESSION['userdata']['id'] . ' where id=' . $thread_id);
    // }
    // { alert subscribers that a new post is available
    $post_author = User::getInstance($_SESSION['userdata']['id']);
    $row = dbRow('select subscribers,name from forums_threads where id=' . $thread_id);
    $subscribers = explode(',', $row['subscribers']);
    $url = Page::getInstance($forum['page_id'])->getRelativeUrl() . '?forum-f=' . $forum_id . '&forum-t=' . $thread_id . '&' . $post_id . '#forum-c-' . $post_id;
    foreach ($subscribers as $subscriber) {
        if ($subscriber == $_SESSION['userdata']['id']) {
            continue;
        }
        $user = User::getInstance($subscriber);
        if (!$user) {
            continue;
        }
        Core_mail($user->get('email'), '[' . $_SERVER['HTTP_HOST'] . '] ' . $row['name'], "A new post has been added to this forum thread which you are subscribed" . " to.<br/>\n<br/>\n" . 'http://www.' . $_SERVER['HTTP_HOST'] . $url . "<br/>\n<br/>\n" . $post_author->get('name') . " said:<hr/>" . $body . '<hr/>', 'no-reply@' . $_SERVER['HTTP_HOST']);
    }
    // }
    return array('forum_id' => $forum_id, 'thread_id' => $thread_id, 'post_id' => $post_id);
}
Exemple #8
0
/**
 * send list of new products to people watching the lists
 *
 * @return null
 */
function Products_categoryWatchesSend()
{
    $rs = dbAll('select * from products_watchlists');
    $users = array();
    if (is_array($rs)) {
        foreach ($rs as $r) {
            if (!isset($users[$r['user_id']])) {
                $users[$r['user_id']] = array();
            }
            $users[$r['user_id']][] = $r['category_id'];
        }
    }
    foreach ($users as $uid => $cats) {
        $numFound = 0;
        $email = '';
        foreach ($cats as $cid) {
            $rs = ProductsCategoriesProducts::getByCategoryId($cid);
            $sql = 'select id from products where id in (' . join(',', $rs) . ')' . ' and activates_on>date_add(now(), interval -1 day)';
            $rs = dbAll($sql);
            if (count($rs)) {
                $email .= '<h2>' . ProductCategory::getInstance($cid)->vals['name'] . '</h2><table style="width:100%">';
                foreach ($rs as $r) {
                    $product = Product::getInstance($r['id']);
                    $email .= '<tr><td><img src="http://' . $_SERVER['HTTP_HOST'] . '/a/f=getImg/w=160/h=160/' . $product->getDefaultImage() . '"></td>' . '<td><h3>' . __FromJSON($product->name) . '</h3>' . '<a href="http://' . $_SERVER['HTTP_HOST'] . $product->getRelativeUrl() . '">View this product on our website</a>' . '</td></tr>';
                }
                $email . '</table>';
            }
        }
        if ($email == '') {
            continue;
        }
        $user = User::getInstance($uid);
        Core_mail($user->email, '[' . $_SERVER['HTTP_HOST'] . '] Watched Categories', $email, 'no-reply@' . $_SERVER['HTTP_HOST']);
    }
}
Exemple #9
0
/**
 * returns a HTML string to show the FaceBook widget
 *
 * @param object $vars plugin parameters
 *
 * @return string
 */
function FaceBook_widgetShow($vars = null)
{
    global $PAGEDATA;
    switch (@$vars->what_to_show) {
        case 'like-gateway':
            // {
            require_once SCRIPTBASE . '/ww.external/facebook/facebook.php';
            $config = array('appId' => $vars->app_id, 'secret' => $vars->app_secret);
            $facebook = new Facebook($config);
            // { add js sdk
            $html = '<div id="fb-root"></div>
<script>
  window.fbAsyncInit = function() {
    FB.init({
      appId      : "' . $vars->app_id . '",
      channelUrl : "//' . $_REQUEST['HTTP_HOST'] . '/channel.html",
      status     : true,
      cookie     : true,
      xfbml      : true
    });
  };
  (function(d){
     var js, id = "facebook-jssdk", ref = d.getElementsByTagName("script")[0];
     if (d.getElementById(id)) {return;}
     js = d.createElement("script"); js.id = id; js.async = true;
     js.src = "//connect.facebook.net/en_US/all.js";
     ref.parentNode.insertBefore(js, ref);
   }(document));
</script>';
            // }
            $uid = $facebook->getUser();
            if ($uid == 0) {
                // not logged in
                echo '<a href="' . $facebook->getLoginUrl(array('scope' => 'publish_stream')) . '">' . $vars->click_message . '</a>';
            } else {
                $facebook->api('/' . $uid . '/feed', 'post', array('message' => $vars->wall_message));
                $html = $vars->thankyou_message;
                $gs = dbAll('select * from users_groups where groups_id=1', 'user_accounts_id');
                $emails = array_keys(dbAll('select email from user_accounts where id in (' . join(',', array_keys($gs)) . ')', 'email'));
                $details = $facebook->api('/me', 'GET');
                Core_mail(join(', ', $emails), '[' . $_SERVER['HTTP_HOST'] . '] Facebook post', '<p>A customer has clicked the Like gateway on your website,' . ' posting to their wall.</p><p>Their details are:</p><ul>' . '<li>Name: ' . $details['name'] . '</li>' . '<li>Gender: ' . $details['gender'] . '</li>' . '<li>Facebook Link: ' . $details['link'] . '</li>' . '</ul>' . '<p>this is an automated email; please do not reply to it.</p>', 'no-reply@' . $_SERVER['HTTP_HOST']);
            }
            echo $html;
            break;
            // }
        // }
        default:
            // {
            if (!isset($vars->show_faces)) {
                $vars->show_faces = '1';
            }
            $show_faces = $vars->show_faces;
            if (!isset($vars->layout)) {
                $vars->layout = 'standard';
            }
            switch ($vars->layout) {
                case 'standard':
                    // {
                    $w = 225;
                    $h = $show_faces == '1' ? 80 : 35;
                    break;
                    // }
                // }
                case 'button_count':
                    // {
                    $w = 90;
                    $h = 20;
                    break;
                    // }
                // }
                default:
                    // {
                    $vars->layout = 'box_count';
                    $w = 55;
                    $h = 65;
                    //}
            }
            return '<iframe src="http://www.facebook.com/widgets/like.php?href=' . urlencode('http://' . $_SERVER['HTTP_HOST'] . $PAGEDATA->getRelativeURL()) . '&layout=' . $vars->layout . '&show_faces=' . $show_faces . '" scrolling="no" frameborder="0"' . ' style="border:none;width:' . $w . 'px;height:' . $h . 'px"></iframe>';
    }
    return '';
}
Exemple #10
0
/**
 * send registration token
 *
 * @return array status
 */
function Core_sendRegistrationToken()
{
    $email = @$_REQUEST['email'];
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        return array('error' => 'invalid email address');
    }
    $sql = 'select id from user_accounts where email="' . addslashes($email) . '"';
    if (dbOne($sql, 'id')) {
        return array('error' => 'already registered');
    }
    if (!isset($_SESSION['privacy'])) {
        $_SESSION['privacy'] = array();
    }
    Core_trigger('user-registration-token-sent');
    $_SESSION['privacy']['registration'] = array('token' => rand(10000, 99999), 'custom' => array(), 'email' => $email);
    if (@$_REQUEST['custom'] && is_array($_REQUEST['custom'])) {
        $_SESSION['privacy']['registration']['custom'] = $_REQUEST['custom'];
    }
    $emaildomain = str_replace('www.', '', $_SERVER['HTTP_HOST']);
    $from = Core_siteVar('useraccounts_registrationtokenemail_from');
    Core_mail($email, Core_siteVar('useraccounts_registrationtokenemail_subject'), str_replace('%token%', $_SESSION['privacy']['registration']['token'], Core_siteVar('useraccounts_registrationtokenemail_message')), $from);
    return array('ok' => 1);
}
Exemple #11
0
/**
 * check a registration submission, and register the user if valid
 *
 * @return string either the registration form again, or a success message
 */
function Privacy_registrationRegister()
{
    global $DBVARS, $PAGEDATA;
    // { variables
    $name = @$_REQUEST['name'];
    $email = @$_REQUEST['email'];
    $usertype = @$_REQUEST['usertype'];
    $address1 = @$_REQUEST['address1'];
    $address2 = @$_REQUEST['address2'];
    $address3 = @$_REQUEST['address3'];
    $howyouheard = @$_REQUEST['howyouheard'];
    $pass1 = $_REQUEST['pass1'];
    $pass2 = $_REQUEST['pass2'];
    // }
    if (@$PAGEDATA->vars['userlogin_terms_and_conditions'] && !isset($_REQUEST['terms_and_conditions'])) {
        return '<em>' . __('You must agree to the terms and conditions.' . ' Please press "Back" and try again.', 'core') . '</em>';
    }
    $missing = array();
    // { check for user_account table "extras"
    $extras = array();
    if (@$PAGEDATA->vars['privacy_extra_fields']) {
        $rs = json_decode($PAGEDATA->vars['privacy_extra_fields']);
        if ($rs) {
            foreach ($rs as $r) {
                if (!$r->name) {
                    continue;
                }
                $ename = preg_replace('/[^a-zA-Z0-9_]/', '', $r->name);
                $extras[$r->name] = isset($_REQUEST['privacy_extras_' . $ename]) ? $_REQUEST['privacy_extras_' . $ename] : '';
                if ($extras[$r->name] == '' && @$r->is_required) {
                    $missing[] = $r->name;
                }
            }
        }
    }
    // }
    // { check for required fields
    if (!$name) {
        $missing[] = '<span>' . __('your name', 'core') . '</span>';
    }
    if (!$email) {
        $missing[] = '<span>' . __('your email address', 'core') . '</span>';
    }
    if (count($missing)) {
        return Privacy_registrationShowForm('<em><span>' . __('You must fill in the following fields:', 'core') . '</span> ' . join(', ', $missing) . '</em>');
    }
    // }
    // { check if the email address is already registered
    $r = dbRow('select id from user_accounts where email="' . $email . '"');
    if ($r && count($r)) {
        return Privacy_registrationShowForm('<p><em>' . __('That email is already registered.', 'core') . '</em></p>');
    }
    // }
    // { check that passwords match
    if (!$pass1 || $pass1 != $pass2) {
        return Privacy_registrationShowForm('<p><em>' . __('Please enter your preferred password twice', 'core') . '</em></p>');
    }
    // }
    // { check captcha
    require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/recaptcha.php';
    if (!isset($_REQUEST['recaptcha_challenge_field'])) {
        return Privacy_registrationShowForm('<p><em>' . __('You must fill in the Captcha', 'core') . '</em></p>');
    } else {
        $result = recaptcha_check_answer(RECAPTCHA_PRIVATE, $_SERVER['REMOTE_ADDR'], $_REQUEST['recaptcha_challenge_field'], $_REQUEST['recaptcha_response_field']);
        if (!$result->is_valid) {
            return Privacy_registrationShowForm('<p><em>' . __('Invalid captcha. Please try again.', 'core') . '</em></p>');
        }
    }
    // }
    // { register the account
    $password = $pass1;
    $r = dbRow("SELECT * FROM site_vars WHERE name='user_discount'");
    $discount = (double) $r['value'];
    $hash = base64_encode(sha1(rand(0, 65000), true));
    $sql = 'insert into user_accounts set name="' . $name . '", password=md5("' . $password . '"), email="' . $email . '", verification_hash="' . $hash . '", active=0, extras="' . addslashes(json_encode($extras)) . '",date_created=now()';
    dbQuery($sql);
    $page = $GLOBALS['PAGEDATA'];
    $id = dbOne('select last_insert_id() as id', 'id');
    if (isset($page->vars['userlogin_groups'])) {
        $gs = json_decode($page->vars['userlogin_groups'], true);
        foreach ($gs as $k => $v) {
            dbQuery("insert into users_groups set user_accounts_id={$id},groups_id=" . (int) $k);
        }
    }
    $sitedomain = $_SERVER['HTTP_HOST'];
    $long_url = "http://{$sitedomain}" . $page->getRelativeUrl() . "?hash=" . urlencode($hash) . "&email=" . urlencode($email) . '#Login';
    $short_url = md5($long_url);
    $lesc = addslashes($long_url);
    $sesc = urlencode($short_url);
    dbQuery('insert into short_urls set cdate=now(),long_url="' . addslashes($long_url) . '",short_url="' . $short_url . '"');
    if (@$page->vars['userlogin_registration_type'] == 'Email-verified') {
        Core_mail($email, '[' . $sitedomain . '] user registration', "Hello!<br/><br/>This message is to verify your email address, which has " . "been used to register a user-account on the {$sitedomain} website." . "<br/><br/>After clicking the link below, you will be logged into the se" . "rver.<br/><br/>If you did not register this account, then please delete" . " this email. Otherwise, please click the following URL to verify " . "your email address with us. Thank you.<br/><br/>http://{$sitedomain}/_s/" . $sesc, "noreply@{$sitedomain}");
        if (1 || $page->vars['userlogin_send_admin_emails']) {
            $admins = dbAll('select email from user_accounts,users_groups where groups_id=1 &' . '& user_accounts_id=user_accounts.id');
            foreach ($admins as $admin) {
                Core_mail($admin['email'], '[' . $sitedomain . '] user registration', "Hello!<br/><br/>This message is to alert you that a user ({$email}) ha" . "s been created on your site, http://{$sitedomain}/ - the user h" . "as not yet been activated, so please log into the admin area " . "of the site (http://{$sitedomain}/ww.admin/ - under Site Option" . "s then Users) and verify that the user details are correct.", "noreply@{$sitedomain}");
            }
        }
        return Privacy_registrationShowForm(false, '<p><strong>' . __('Thank you for registering.', 'core') . '</strong> ' . __('Please check your email for a verification URL.' . ' Once that\'s been followed, your account will be activated.', 'core') . '</p>');
    } else {
        $admins = dbAll('select email from user_accounts,users_groups where groups_id=1 && ' . 'user_accounts_id=user_accounts.id');
        foreach ($admins as $admin) {
            Core_mail($admin['email'], '[' . $sitedomain . '] user registration', "Hello!<br/><br/>This message is to alert you that a user ({$email}) has " . "been created on your site, http://{$sitedomain}/ - the user has n" . "ot yet been activated, so please log into the admin area of the" . " site (http://{$sitedomain}/ww.admin/ - under Site Options then U" . "sers) and verify that the user details are correct.", "noreply@{$sitedomain}");
        }
        return Privacy_registrationShowForm(false, '<p><strong>' . __('Thank you for registering.') . '</strong> ' . __('Our admins will moderate your registration,' . ' and you will receive an email when it is activated.') . '</p>');
    }
    // }
}