function do_register()
{
global $hasError, $data, $dbc, $globals, $mostrar_captcha;
borrar_usuarios_no_activados_antiguos();
if ($mostrar_captcha) {
validar_captcha($hasError);
}
$user_ip = $globals['ip'];
// hash sha1 de la clave
$sha1pass = PwdHash($data['Password']);
// Generamos el código de activación
$activ_code = rand(1000, 9999);
$usr_email = $data['Email'];
$user_name = $data['UserName'];
// Valido si existe ya el usuario
$rs_duplicate = mysql_query("select count(*) as total from users where user_name='{$user_name}'") or die(mysql_error());
list($total) = mysql_fetch_row($rs_duplicate);
if ($total > 0) {
$hasError[] = "El usuario ya está dado de alta.";
}
// Valido si existe ya el email
$parts = explode('@', $usr_email);
$subparts = explode('+', $parts[0]);
// se permiten direcciones del tipo user+extension@gmail.com, que debemos controlar para no permitir abusos
$rs_duplicate = mysql_query("select count(*) as total from users where user_email = '{$subparts['0']}@{$parts['1']}' or user_email LIKE '{$subparts['0']}+%@{$parts['1']}'") or die(mysql_error());
list($total) = mysql_fetch_row($rs_duplicate);
if ($total > 0) {
$hasError[] = "El email ya está dado de alta.";
}
if (empty($hasError)) {
// Insertamos el Nuevo Usuario
$sql_insert = "INSERT into `users`\n (`user_email`,`pwd`,`date`,`users_ip`,`activation_code`,`user_name`)\n VALUES\n ('{$usr_email}','{$sha1pass}',now(),'{$user_ip}','{$activ_code}','{$user_name}')\n ";
mysql_query($sql_insert, $dbc['link']) or die("Insertion Failed:" . mysql_error());
$user_id = mysql_insert_id($dbc['link']);
$md5_id = md5($user_id);
mysql_query("update users set md5_id='{$md5_id}' where id='{$user_id}'");
log_insert("register_ok", ip2long($globals['ip']));
$_SESSION['email_registro'] = $usr_email;
$_SESSION['email_registro_contador'] = 3;
$_SESSION['hasSuccess'] = null;
enviar_correo_registro($usr_email, $md5_id, $activ_code);
header("Location: thankyou.php");
exit;
}
}
<?php
include "includes/general.inc.php";
include "includes/dbc.inc.php";
page_protect(false, true);
foreach ($_GET as $key => $value) {
$get[$key] = filter($value);
}
$exito = false;
if (isset($get['user']) && isset($get['activ_code']) && !empty($get['activ_code']) && !empty($get['user']) && is_numeric($get['activ_code'])) {
borrar_usuarios_no_activados_antiguos();
$user = filter($get['user']);
$activ = filter($get['activ_code']);
$rs_check = mysql_query("select id from users where md5_id='{$user}' and activation_code='{$activ}' and approved=0 limit 1") or die(mysql_error());
$num = mysql_num_rows($rs_check);
if ($num > 0) {
$rs_activ = mysql_query("update users set approved='1' WHERE\n md5_id='{$user}' AND activation_code = '{$activ}' and approved=0 ") or die(mysql_error());
$exito = true;
$_SESSION["email_registro"] = null;
}
} else {
header("HTTP/1.0 404 Not Found");
include "404.php";
exit;
}
get_header();
if ($exito) {
escribir_titulo("Registro completado", "Ya puedes conectarte");
?>
