function log_fullsize_access_fullsize_html($fullsize_html)
{
global $CONFIG, $pid, $USER_DATA;
if ($pid) {
cpg_db_query("INSERT INTO {$CONFIG['TABLE_PREFIX']}plugin_log_fullsize_access (pid, user_id, timestamp) VALUES ('{$pid}', '" . USER_ID . "', UNIX_TIMESTAMP())");
if ($CONFIG['plugin_log_fullsize_access_email']) {
preg_match('/alt="(.*)"/U', $fullsize_html, $matches);
cpg_mail($CONFIG['gallery_admin_email'], 'Fullsize access', $USER_DATA['user_name'] . "\t" . $matches[1]);
}
}
return $fullsize_html;
}
} else {
$reasons .= "{$lang_report_php['no_reason_given']}";
}
$reason_list = substr($reason_list, 0, -2);
//remove trailing comma and space
$reasons .= $reason_list;
$msg_content = nl2br(strip_tags($message));
$data = array('sn' => $sender_name, 'se' => $sender_email, 'p' => $n_picname, 'su' => $subject, 'm' => $message, 'r' => $reasons, 'c' => $comment, 'cid' => $cid, 'pid' => $pid, 't' => $what);
$encoded_data = urlencode(base64_encode(serialize($data)));
$params = array('{LANG_DIR}' => $lang_text_dir, '{TITLE}' => sprintf($lang_report_php['report_subject'], $sender_name, $type), '{CHARSET}' => $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset'], '{VIEW_REPORT_TGT}' => "{$gallery_url_prefix}displayreport.php?data={$encoded_data}", '{VIEW_REPORT_LNK}' => $lang_report_php['view_report'], '{VIEW_REPORT_LNK_PLAINTEXT}' => $lang_report_php['view_report_plaintext'], '{PIC_URL}' => $n_picname, '{URL_PREFIX}' => $gallery_url_prefix, '{PIC_TGT}' => "{$CONFIG['ecards_more_pic_target']}displayimage.php?pid=" . $pid, '{SUBJECT}' => $subject, '{MESSAGE}' => $msg_content, '{PLAINTEXT_MESSAGE}' => $message, '{SENDER_EMAIL}' => $sender_email, '{SENDER_NAME}' => $sender_name, '{VIEW_MORE_TGT}' => $CONFIG['ecards_more_pic_target'], '{VIEW_MORE_LNK}' => $lang_report_php['view_more_pics'], '{REASON}' => $reasons, '{COMMENT}' => $comment, '{COMMENT_ID}' => $cid, '{VIEW_COMMENT_LNK}' => $lang_report_php['view_comment'], '{COMMENT_TGT}' => "{$CONFIG['ecards_more_pic_target']}displayimage.php?pid={$pid}#comment{$cid}", '{PID}' => $pid);
$message = template_eval($template, $params);
$plaintext_message = template_eval($template_report_plaintext, $params);
$tempTime = time();
$message .= sprintf($lang_report_php['report_footer'], $sender_name, $raw_ip, localised_date(-1, $lang_date['comment']));
$subject = sprintf($lang_report_php['report_subject'], $sender_name, $type);
$result = cpg_mail('admin', $subject, $message, 'text/html', $sender_name, $sender_email, $plaintext_message);
/*//write log
if ($CONFIG['log_ecards'] == 1) {
$result_log = cpg_db_query("INSERT INTO {$CONFIG['TABLE_ECARDS']} (sender_name, sender_email, recipient_name, recipient_email, link, date, sender_ip) VALUES ('$sender_name', '$sender_email', '$recipient_name', '$recipient_email', '$encoded_data', '$tempTime', '$raw_ip')");
}*/
if (!USER_ID) {
$USER['name'] = $sender_name;
$USER['email'] = $sender_email;
}
if ($result) {
pageheader($lang_report_php['title'], "<meta http-equiv=\"refresh\" content=\"3;url=displayimage.php?pid={$pid}\" />");
msg_box($lang_cpg_die[INFORMATION], $lang_report_php['send_success'], $lang_common['continue'], "displayimage.php?pid={$pid}");
pagefooter();
exit;
} else {
cpg_die(ERROR, $lang_report_php['send_failed'], __FILE__, __LINE__);
$sender_email = $email_address;
$sender_name = $user_name;
} else {
$sender_email = $CONFIG['gallery_admin_email'];
$sender_name = $CONFIG['gallery_admin_email'];
}
}
$html_message = $message_header . '<br />' . $LINEBREAK . sprintf($lang_contact_php['user_info'], $visitor_status, $html_user_name, $email_address) . '<br />' . $LINEBREAK . '<div style="border:1px solid black">' . $html_message . '</div>';
$html_message = nl2br($html_message);
$message = $message_header . $LINEBREAK . sprintf($lang_contact_php['user_info'], $visitor_status, $text_user_name, $email_address) . $LINEBREAK . $message;
if ($superCage->server->testip('REMOTE_ADDR')) {
$ip = $superCage->server->getRaw('REMOTE_ADDR');
} else {
$ip = 'Unknown';
}
if (!cpg_mail($CONFIG['gallery_admin_email'], $subject, $html_message, 'text/html', $sender_name, $sender_email, $message)) {
if ($CONFIG['log_mode'] != CPG_NO_LOGGING) {
log_write("Sending an email using the contact form failed (name: {$sender_name}, email: {$sender_email}, subject: {$original_subject}, IP: {$ip}", CPG_MAIL_LOG);
}
cpg_die(ERROR, $lang_contact_php['failed_sending_email'], __FILE__, __LINE__);
} else {
// sending the email has been successfull, redirect the user
if ($CONFIG['log_mode'] == CPG_LOG_ALL) {
log_write("Sending email from contact form successful (name: {$sender_name}, email: {$sender_email}, subject: {$original_subject}, IP: {$ip}", CPG_MAIL_LOG);
}
cpgRedirectPage($CONFIG['ecards_more_pic_target'] . $CPG_REFERER, $lang_common['information'], $lang_contact_php['email_sent']);
}
}
// beyond this point an error must have happened - let the visitor review his input
} else {
// the form has not been submit yet - populate default values
function photo_shop_send_password($message, $subject, $pass, $name, $email, $hash)
{
global $CONFIG, $SHOP_CONFIG;
$template_vars = array('{PASSWORD}' => $pass, '{USER_NAME}' => $name, '{ADMIN}' => $CONFIG['gallery_name'], '{LINK}' => $CONFIG['ecards_more_pic_target'] . "index.php?file=photo_shop/photo_shop_download_order&order=" . $hash);
$mail_body = nl2br(strtr($message, $template_vars));
if (cpg_mail($email, $subject, $mail_body, 'text/plain', $CONFIG['gallery_name'], $CONFIG['gallery_admin_email'])) {
return true;
}
return false;
}
$results = db_query("SELECT user_group,user_active,user_name, user_password, user_email FROM {$CONFIG['TABLE_USERS']} WHERE (user_name = '" . addslashes($HTTP_POST_VARS['username']) . "' OR user_email = '" . addslashes($HTTP_POST_VARS['username']) . "') AND user_active = 'YES'");
if (mysql_num_rows($results)) {
// something has been found start
$USER_DATA = mysql_fetch_array($results);
// check if we have an admin account (with empty email address)
if ($USER_DATA['user_email'] == '') {
// the password is empty. Is the current user the gallery admin?
if ($USER_DATA['user_group'] == 1) {
$USER_DATA['user_email'] = $CONFIG['gallery_admin_email'];
} else {
cpg_die(CRITICAL_ERROR, $lang_forgot_passwd_php['failed_sending_email'], __FILE__, __LINE__);
//not the gallery admin account
}
}
// send the email
if (!cpg_mail($USER_DATA['user_email'], sprintf($lang_forgot_passwd_php['passwd_reminder_subject'], $CONFIG['gallery_name']), sprintf($lang_forgot_passwd_php['passwd_reminder_body'], $USER_DATA['user_name'], $USER_DATA['user_password'], $CONFIG['ecards_more_pic_target'] . 'login.php'))) {
cpg_die(CRITICAL_ERROR, $lang_forgot_passwd_php['failed_sending_email'], __FILE__, __LINE__);
}
// output the message
pageheader($lang_forgot_passwd_php['forgot_passwd'], "<META http-equiv=\"refresh\" content=\"3;url=login.php\">");
$referer = 'login.php';
msg_box($lang_forgot_passwd_php['forgot_passwd'], sprintf($lang_forgot_passwd_php['email_sent'], $USER_DATA['user_email']), $lang_continue, $referer);
$USER_DATA['user_password'] = '******';
pagefooter();
exit;
// something has been found end
} else {
$lookup_failed = <<<EOT
<tr>
<td colspan="2" align="center" class="tableh2">
<font size="1" color="red"><b>{$lang_forgot_passwd_php['err_unk_user']}<b></font>
}
$result->free();
$sql = "SELECT {$cpg_udb->field['username']}, {$cpg_udb->field['email']} FROM {$cpg_udb->usertable} WHERE {$cpg_udb->field['user_id']} = {$CLEAN['id']}";
$result = cpg_db_query($sql);
if (!$result->numRows()) {
cpg_die($lang_forgot_passwd_php['forgot_passwd'], $lang_forgot_passwd_php['err_unk_user']);
}
$row = $result->fetchAssoc(true);
// Reset Password
$new_password = $cpg_udb->make_password();
require 'include/passwordhash.inc.php';
$sql = "UPDATE {$cpg_udb->usertable} SET " . cpg_password_create_update_string($new_password) . " WHERE {$cpg_udb->field['email']} = '{$row['user_email']}'";
cpg_db_query($sql);
$template_vars = array('{USER_NAME}' => $row['user_name'], '{PASSWORD}' => $new_password, '{SITE_LINK}' => $CONFIG['ecards_more_pic_target'] . (substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') . 'login.php', '{SITE_NAME}' => $CONFIG['gallery_name']);
// send the password
if (!cpg_mail($row['user_email'], sprintf($lang_forgot_passwd_php['passwd_reset_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_forgot_passwd_php['reset_email'], $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_forgot_passwd_php['failed_sending_email'], __FILE__, __LINE__);
}
$sql = "DELETE FROM {$cpg_udb->sessionstable} WHERE session_id = '" . md5($CLEAN['key'] . $CLEAN['id']) . "'";
cpg_db_query($sql);
// output the message
pageheader($lang_forgot_passwd_php['forgot_passwd'], "<META http-equiv=\"refresh\" content=\"3;url=login.php\">");
$referer = 'login.php';
msg_box($lang_forgot_passwd_php['forgot_passwd'], sprintf($lang_forgot_passwd_php['email_sent'], $row['user_email']), $lang_common['continue'], $referer);
$USER_DATA['user_password'] = '******';
pagefooter();
exit;
}
pageheader($lang_forgot_passwd_php['forgot_passwd']);
echo '<form action="forgot_passwd.php" method="post" name="passwordreminder" id="cpgform">';
$email_icon = cpg_fetch_icon('mail', 2);
cpg_die(ERROR, $lang_send_activation_php['err_already_logged_in'], __FILE__, __LINE__);
}
if ($CONFIG['reg_requires_valid_email'] == 0) {
cpg_die(ERROR, $lang_send_activation_php['activation_not_required']);
}
$lookup_failed = '';
if (!empty($_POST['email'])) {
$emailaddress = addslashes($_POST['email']);
$sql = "SELECT user_id, user_group,user_active,user_name, user_email, user_actkey FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$emailaddress}' AND user_active = 'NO'";
$results = cpg_db_query($sql);
if (mysql_num_rows($results)) {
// something has been found start
$USER_DATA = mysql_fetch_array($results);
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $USER_DATA['user_actkey'];
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $USER_DATA['user_name'], '{ACT_LINK}' => $act_link);
if (!cpg_mail($USER_DATA['user_email'], sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_confirm_email, $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
}
// output the message
pageheader($lang_send_activation_php['resend_act_link'], "<META http-equiv=\"refresh\" content=\"3;url=index.php\">");
$referer = 'index.php';
msg_box($lang_send_activation_php['resend_act_link'], sprintf($lang_send_activation_php['activation_email_sent'], $USER_DATA['user_email']), $lang_common['continue'], $referer);
pagefooter();
exit;
// something has been found end
} else {
$lookup_failed = <<<EOT
<tr>
<td colspan="2" align="center" class="tableh2">
<span style="color:red"><b>{$lang_send_activation_php['err_unk_user']}<b></span>
</td>
} else {
$n_picname = get_pic_url($row, 'fullsize');
}
if (!stristr($n_picname, 'http:')) {
$n_picname = $gallery_url_prefix . $n_picname;
}
$msg_content = process_smilies($message, $gallery_url_prefix);
$data = array('rn' => $superCage->post->noTags('recipient_name'), 'sn' => $superCage->post->noTags('sender_name'), 'se' => $sender_email, 'p' => $n_picname, 'g' => $greetings, 'm' => $message, 'pid' => $pid, 'pt' => $pic_title, 'pc' => $pic_caption);
$encoded_data = urlencode(base64_encode(serialize($data)));
$params = array('{LANG_DIR}' => $lang_text_dir, '{TITLE}' => sprintf($lang_ecard_php['ecard_title'], $sender_name), '{CHARSET}' => $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset'], '{VIEW_ECARD_TGT}' => "{$gallery_url_prefix}displayecard.php?data={$encoded_data}", '{VIEW_ECARD_LNK}' => $lang_ecard_php['view_ecard'], '{VIEW_ECARD_LNK_PLAINTEXT}' => $lang_ecard_php['view_ecard_plaintext'], '{PIC_URL}' => $n_picname, '{URL_PREFIX}' => $gallery_url_prefix, '{GREETINGS}' => $greetings, '{MESSAGE}' => bb_decode($msg_content), '{PLAINTEXT_MESSAGE}' => $message, '{SENDER_EMAIL}' => $sender_email, '{SENDER_NAME}' => $sender_name, '{VIEW_MORE_TGT}' => $CONFIG['ecards_more_pic_target'], '{VIEW_MORE_LNK}' => $lang_ecard_php['view_more_pics'], '{PID}' => $pid, '{PIC_TITLE}' => $pic_title, '{PIC_CAPTION}' => bb_decode($pic_caption), '{PIC_MARKUP}' => $pic_markup);
$message = template_eval($template_ecard, $params);
$plaintext_message = template_eval($template_ecard_plaintext, $params);
$tempTime = time();
$message .= sprintf($lang_ecard_php['ecards_footer'], $sender_name, $raw_ip, localised_date(-1, $lang_date['comment']));
$subject = sprintf($lang_ecard_php['ecard_title'], $sender_name);
$result = cpg_mail($recipient_email, $subject, $message, 'text/html', $sender_name, $sender_email, $plaintext_message);
if (!USER_ID) {
$USER['name'] = $sender_name;
$USER['email'] = $sender_email;
}
if ($result) {
// write ecard log, only if mail was sent
if ($CONFIG['log_ecards'] == 1) {
$sender_name = addslashes($sender_name);
$recipient_name = addslashes($recipient_name);
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ECARDS']} (sender_name, sender_email, recipient_name, recipient_email, link, date, sender_ip) VALUES ('{$sender_name}', '{$sender_email}', '{$recipient_name}', '{$recipient_email}', '{$encoded_data}', '{$tempTime}', '{$raw_ip}')");
}
msg_box($lang_common['information'], $lang_ecard_php['send_success'], $lang_common['continue'], "displayimage.php?album={$album}&pid={$pid}");
echo '<br />';
starttable('100%', $icon_array['preview_table'] . $lang_ecard_php['preview']);
echo '<tr><td>';
function generatepassword($addusername, $pass_key)
{
global $DBS, $CF, $LANG, $CONFIG;
// Check for user in users table
$sql = "SELECT {$DBS->field['user_id']}, {$DBS->field['username']}, {$DBS->field['email']} FROM {$DBS->usertable}";
$sql .= " WHERE {$DBS->field['username']} = '{$addusername}' AND {$DBS->field['act_key']} = '{$pass_key}'";
$results = $DBS->sql_query($sql);
if (mysql_num_rows($results)) {
$password = $CF->str_makerand(8, 12, true, false, true);
$pass_key = $CF->str_makerand(15, 25, true, false, true);
$email = mysql_result($results, 0, $DBS->field['email']);
$login_link = rtrim($CONFIG['site_url'], '/') . '/index.htm#pg=logindiv';
if (!cpg_mail($email, sprintf($LANG['forgot_passwd']['passwd_reset_subject'], $CONFIG['gallery_name']), nl2br(sprintf($LANG['forgot_passwd']['passwd_reset_body'], $addusername, $password, $login_link)))) {
$USER_DATA = array();
$USER_DATA['error'] = true;
$USER_DATA['messagecode'] = "failed_sending_email";
return $USER_DATA;
}
$sql = "UPDATE {$DBS->usertable} SET {$DBS->field['password']}= md5('{$password}'), {$DBS->field['act_key']}='{$pass_key}' WHERE {$DBS->field['username']}='{$addusername}'";
$DBS->sql_update($sql);
return $this->getpersonaldata($addusername);
} else {
$USER_DATA = array();
$USER_DATA['error'] = true;
$USER_DATA['messagecode'] = "forgotpassword_error";
return $USER_DATA;
}
}
function newsletter_mailqueue()
{
if (defined('CPG_PLUGIN_NEWSLETTER_MAILQUEUE')) {
return;
}
global $CONFIG, $lang_plugin_newsletter, $newsletter_icon_array;
require_once 'include/mailer.inc.php';
$output_array = array();
$query = "SELECT * \n FROM {$CONFIG['TABLE_PREFIX']}plugin_newsletter_queue \n AS queue \n INNER JOIN {$CONFIG['TABLE_PREFIX']}plugin_newsletter_mailings \n AS mailings\n ON mailings.mailing_id = queue.mailing_id\n INNER JOIN {$CONFIG['TABLE_PREFIX']}plugin_newsletter_subscriptions \n AS subscriptions\n ON subscriptions.subscriber_id = queue.subscriber_id\n WHERE queue.attempts <= {$CONFIG['plugin_newsletter_mails_per_page']}\n ORDER BY queue.attempts,queue.time \n LIMIT {$CONFIG['plugin_newsletter_mails_per_page']}";
$result = cpg_db_query($query);
$mailqueue_array = cpg_db_fetch_rowset($result);
mysql_free_result($result);
foreach ($mailqueue_array as $mailqueue) {
if ($mailqueue['user_id'] == '') {
// Guest
$salutation = $CONFIG['plugin_newsletter_salutation_for_guests'];
} else {
// Registered user
$salutation = str_replace('{USERNAME}', $mailqueue['subscriber_name'], $mailqueue['salutation']);
}
$mailing_message_plain = $salutation . $LINEBREAK . $mailqueue['body'] . $LINEBREAK . $LINEBREAK;
// Add the unsubscribe link at the bottom
$mailing_message_plain .= $lang_plugin_newsletter['unsubscribe_text'];
$mailing_message_plain .= ' ' . $CONFIG['site_url'] . 'index.php?file=newsletter/unsubscribe';
$mailing_message_html = newsletter_text2html($mailqueue['subject'], $salutation, $mailqueue['body']);
if (!cpg_mail($mailqueue['subscriber_email'], $mailqueue['subject'], $mailing_message_html, 'text/plain', $CONFIG['plugin_newsletter_from_name'], $CONFIG['plugin_newsletter_from_email'], $mailing_message_plain)) {
// sending the email has failed --- start
$output_array[] = '<span class="important">' . $newsletter_icon_array['failure'] . sprintf($lang_plugin_newsletter['sending_email_failed'], '<a href="index.php?file=newsletter/archive&mailing="' . $mailqueue['mailing_id'] . '">' . $mailqueue['subject'] . '</a>', '<a href="index.php?file=newsletter/subscribe&subscriber=' . $mailqueue['subscriber_id'] . '">' . $mailqueue['subscriber_email'] . '</a>', $mailqueue['attempts'] + 1) . '</span>';
cpg_db_query("UPDATE {$CONFIG['TABLE_PREFIX']}plugin_newsletter_queue SET attempts = attempts + 1 WHERE queue_id={$mailqueue['queue_id']}");
if ($CONFIG['log_mode'] != CPG_NO_LOGGING) {
log_write("Sending an email using the newsletter plugin failed (recipient email: {$mailqueue['subscriber_email']}, subscriber ID: {$mailqueue['subscriber_id']}, Mailing ID: {$mailqueue['mailing_id']}, Attempt: {$mailqueue['attempts']})", CPG_MAIL_LOG);
}
} else {
// sending the email has failed --- end // sending the email has been successfull --- start
$output_array[] = $newsletter_icon_array['success'] . sprintf($lang_plugin_newsletter['sending_email_succeeded'], '<a href="index.php?file=newsletter/archive&mailing="' . $mailqueue['mailing_id'] . '>' . $mailqueue['subject'] . '</a>', '<a href="index.php?file=newsletter/subscribe&subscriber=' . $mailqueue['subscriber_id'] . '">' . $mailqueue['subscriber_email'] . '</a>');
$processed_records_counter++;
cpg_db_query("DELETE FROM {$CONFIG['TABLE_PREFIX']}plugin_newsletter_queue WHERE queue_id={$mailqueue['queue_id']}");
if ($CONFIG['log_mode'] == CPG_LOG_ALL) {
log_write("Sending email from newsletter plugin successful (recipient email: {$mailqueue['subscriber_email']}, subscriber ID: {$mailqueue['subscriber_id']}, Mailing ID: {$mailqueue['mailing_id']})", CPG_MAIL_LOG);
}
}
// sending the email has been successfull --- end
}
define('CPG_PLUGIN_NEWSLETTER_MAILQUEUE', true);
return $output_array;
}
// this will only happen in case of echeck.
$body = $lang_photoshop_ipn['ipn_email_failed'] . $body;
cpg_mail('admin', $lang_photoshop_ipn['ipn_email_admin_ipn_failed'] . " [{$date}]", nl2br(make_clickable($body)), 'text/plain', $CONFIG['gallery_name'], $CONFIG['gallery_admin_email'], $body);
break;
case 'Denied':
$body = $lang_photoshop_ipn['ipn_email_denied'] . $body;
cpg_mail('admin', $lang_photoshop_ipn['ipn_email_admin_ipn_failed'] . " [{$date}]", nl2br(make_clickable($body)), 'text/plain', $CONFIG['gallery_name'], $CONFIG['gallery_admin_email'], $body);
break;
case 'Refunded':
$body = $lang_photoshop_ipn['ipn_email_refunded'] . $body;
cpg_mail('admin', $lang_photoshop_ipn['ipn_email_admin_ipn_failed'] . " [{$date}]", nl2br(make_clickable($body)), 'text/plain', $CONFIG['gallery_name'], $CONFIG['gallery_admin_email'], $body);
break;
case 'Canceled':
// mark the payment as dispute cancelled
$body = $lang_photoshop_ipn['ipn_email_canc-rev'] . $body;
cpg_mail('admin', $lang_photoshop_ipn['ipn_email_admin_ipn_failed'] . " [{$date}]", nl2br(make_clickable($body)), 'text/plain', $CONFIG['gallery_name'], $CONFIG['gallery_admin_email'], $body);
break;
default:
// order is not good
$body = $lang_photoshop_ipn['ipn_email_unknown'] . $p->ipn_data['payment_status'] . "\n\n";
cpg_mail('admin', $lang_photoshop_ipn['ipn_email_admin_ipn_failed'], nl2br(make_clickable($body)), 'text/plain', $CONFIG['gallery_name'], $CONFIG['gallery_admin_email'], $body);
break;
}
// end switch
} else {
//Paypal didn't verify
$body = $lang_photoshop_ipn['ipn_email_invalid'] . $p->ipn_response . "\n\n";
cpg_mail('admin', $lang_photoshop_ipn['ipn_email_admin_ipn_failed'], nl2br(make_clickable($body)), 'text/plain', $CONFIG['gallery_name'], $CONFIG['gallery_admin_email'], $body);
}
break;
}
function photoshop_email_the_user($message, $subject, $admin = '')
{
global $CONFIG, $SHOP_CONFIG, $lang_photoshop, $cd_price, $order_id, $discount, $shipping_price;
$user_info = photoshop_user_details(USER_ID);
$email = $user_info['user_email'];
if ($admin) {
$user_info['user_email'] = 'admin';
}
$template_vars = array('{ORDER_ID}' => $order_id, '{SITE_NAME}' => $CONFIG['gallery_name'], '{PRICE}' => number_format($cd_price[0] + $cd_price[1] + $shipping_price - $discount, 2), '{USER_NAME}' => USER_NAME, '{USER_EMAIL}' => $email, '{ADMIN}' => $CONFIG['gallery_name'], '{LINK}' => $CONFIG['ecards_more_pic_target'], '{USER_PROFILE1}' => $user_info['user_profile1'], '{USER_PROFILE2}' => $user_info['user_profile2'], '{USER_PROFILE3}' => $user_info['user_profile3'], '{USER_PROFILE4}' => $user_info['user_profile4'], '{USER_PROFILE5}' => $user_info['user_profile5'], '{USER_PROFILE6}' => $user_info['user_profile6']);
$mail_body = nl2br(strtr($message, $template_vars));
if (cpg_mail($user_info['user_email'], $subject, $mail_body, 'text/plain', $CONFIG['gallery_name'], $CONFIG['gallery_admin_email'])) {
return true;
}
return false;
}
}
// Image is ok
}
// Upload is ok
// Create thumbnail and internediate image and add the image into the DB
$result = add_picture($album, $filepath, $picture_name, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category, $raw_ip, $hdr_ip, (int) $_POST['width'], (int) $_POST['height']);
if (!$result) {
@unlink($uploaded_pic);
cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true);
} elseif ($PIC_NEED_APPROVAL) {
pageheader($lang_info);
msg_box($lang_info, $lang_db_input_php['upload_success'], $lang_continue, 'index.php');
// start: send admin approval mail added by gaugau: 03-11-09
if ($CONFIG['upl_notify_admin_email']) {
include_once 'include/mailer.inc.php';
cpg_mail($CONFIG['gallery_admin_email'], sprintf($lang_db_input_php['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_db_input_php['notify_admin_email_body'], USER_NAME, $CONFIG['ecards_more_pic_target'] . '/editpics.php?mode=upload_approval'));
}
// end: send admin approval mail
ob_end_flush();
} else {
$header_location = @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ? 'Refresh: 0; URL=' : 'Location: ';
$redirect = "displayimage.php?pos=" . -mysql_insert_id();
header($header_location . $redirect);
pageheader($lang_info, "<META http-equiv=\"refresh\" content=\"1;url={$redirect}\">");
msg_box($lang_info, $lang_db_input_php['upl_success'], $lang_continue, $redirect);
pagefooter();
ob_end_flush();
exit;
}
break;
// Unknow event
}
$row = mysql_fetch_assoc($result);
mysql_free_result($sql);
// Reset Password
$new_password = $cpg_udb->make_password();
if ($CONFIG['enable_encrypted_passwords']) {
$password = md5($new_password);
} else {
$password = $new_password;
}
$sql = "update {$cpg_udb->usertable} set ";
$sql .= "{$cpg_udb->field['password']}='{$password}' ";
$sql .= "where {$cpg_udb->field['email']}='{$row['user_email']}'";
cpg_db_query($sql);
// send the password
if (!cpg_mail($row['user_email'], sprintf($lang_forgot_passwd_php['passwd_reset_subject'], $CONFIG['gallery_name']), sprintf($lang_forgot_passwd_php['passwd_reset_body'], $row['user_name'], $new_password, $CONFIG['ecards_more_pic_target'] . (substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') . 'login.php'))) {
cpg_die(CRITICAL_ERROR, $lang_forgot_passwd_php['failed_sending_email'], __FILE__, __LINE__);
}
$sql = "delete from {$cpg_udb->sessionstable} where session_id=md5('{$CLEAN['key']}{$CLEAN['id']}');";
cpg_db_query($sql);
// output the message
pageheader($lang_forgot_passwd_php['forgot_passwd'], "<META http-equiv=\"refresh\" content=\"3;url=login.php\">");
$referer = 'login.php';
msg_box($lang_forgot_passwd_php['forgot_passwd'], sprintf($lang_forgot_passwd_php['email_sent'], $row['user_email']), $lang_common['continue'], $referer);
$USER_DATA['user_password'] = '******';
pagefooter();
exit;
}
pageheader($lang_forgot_passwd_php['forgot_passwd']);
echo '<form action="forgot_passwd.php" method="post" name="passwordreminder" id="cpgform">';
starttable('-1', $lang_forgot_passwd_php['forgot_passwd'], 2);
function reply()
{
include BASE_DIR . 'include' . DS . 'smilies.inc.php';
include BASE_DIR . 'include' . DS . 'mailer.inc.php';
$vars = array();
$errors = array();
$authorizer = check_model::getInstance();
$vars['topic_id'] = $this->validate->get->getInt('id');
if (!$authorizer->is_topic_id($vars['topic_id'])) {
cpg_die(ERROR, Lang::item('error.wrong_topic_id'), __FILE__, __LINE__);
}
if (!$authorizer->can_reply($vars['topic_id'])) {
cpg_die(ERROR, Lang::item('error.perm_denied'), __FILE__, __LINE__);
}
$vars['nagavitor'] = $this->forum->get_nagavitor();
$vars['icons'] = $this->forum->get_icons();
$topic = $this->forum->get_topic_data($vars['topic_id'], 'board_id');
$messages = $this->forum->get_message($vars['topic_id'], 'subject', 'msg_id asc', '1');
$data = array('icon' => 'icon1', 'subject' => Lang::item('topic.re') . $messages[0]['subject']);
if ($this->validate->post->keyExists('submit')) {
$data = array('topic_id' => $vars['topic_id'], 'icon' => $this->validate->post->getRaw('icon'), 'subject' => $this->validate->post->getEscaped('subject'), 'body' => $this->validate->post->getRaw('body'), 'board_id' => $topic['board_id'], 'poster_time' => time(), 'poster_id' => USER_ID, 'poster_name' => USER_NAME, 'poster_ip' => Config::item('hdr_ip'), 'smileys_enabled' => 1);
if (Config::item('fr_msg_icons') == 0 && $data['icon'] == '') {
$data['icon'] = 'icon1';
}
if ($data['subject'] == '') {
$errors[] = Lang::item('error.empty_subject');
}
if ($data['icon'] == '') {
$errors[] = Lang::item('error.no_msg_icon');
}
if ($data['body'] == '') {
$errors[] = Lang::item('error.empty_body');
}
if (strlen($data['body']) > Config::item('fr_msg_max_size') && Config::item('fr_msg_max_size')) {
$data['body'] = substr($data['body'], 0, Config::item('fr_msg_max_size'));
}
global $CONFIG;
if ($CONFIG['comment_captcha'] == 1 || $CONFIG['comment_captcha'] == 2 && !USER_ID) {
if (!captcha_plugin_enabled('comment')) {
global $lang_errors;
$superCage = Inspekt::makeSuperCage();
require "include/captcha.inc.php";
$matches = $superCage->post->getMatched('confirmCode', '/^[a-zA-Z0-9]+$/');
if (!$matches[0] || !PhpCaptcha::Validate($matches[0])) {
$errors[] = $lang_errors['captcha_error'];
}
} else {
CPGPluginAPI::action('captcha_comment_validate', null);
}
}
if (count($errors) == 0) {
if ($authorizer->double_post()) {
cpg_die(ERROR, Lang::item('error.already_post'), __FILE__, __LINE__);
} else {
$msg_id = $this->forum->insert_message($data);
// to-do: send notify email
$users = $this->forum->get_notify_user('', $vars['topic_id']);
foreach ($users as $user) {
if ($user['user_id'] == USER_ID) {
continue;
}
$user = $this->forum->get_user_data($user['user_id'], 'user_email');
// prepare email
$email_subject = Lang::item('topic.topic_reply') . $data['subject'];
$email_body = sprintf(Lang::item('topic.notify_email'), Config::item('fr_prefix_url') . 'profile.php?uid=' . USER_ID, USER_NAME, Config::item('fr_prefix_url') . forum::link('message', '', $msg_id), Config::item('fr_prefix_url') . forum::link('message', '', $msg_id), Config::item('fr_prefix_url') . forum::link('topic', 'notify', $vars['topic_id']), Config::item('fr_prefix_url') . forum::link('topic', 'notify', $vars['topic_id']), Config::item('fr_title'));
// send mail
cpg_mail($user['user_email'], $email_subject, $email_body, 'text/html', Config::item('fr_title'), Config::item('gallery_admin_email'));
// set send = 0
$this->forum->set_topic_notify($vars['topic_id'], 0, $user['user_id']);
}
if ($this->validate->post->getInt('notify') === 1) {
$this->forum->set_topic_notify($vars['topic_id'], $this->validate->post->getInt('notify'));
}
if ($this->validate->post->getInt('notify') === 0) {
$this->forum->unnotify_topic($vars['topic_id']);
}
forum::message(Lang::item('common.message'), sprintf(Lang::item('message.new_msg_success'), $data['subject']), 'forum.php?c=message&id=' . $msg_id);
}
}
}
$vars['errors'] = $errors;
$vars['form'] = $data;
$this->view->render('topic/reply', $vars);
}
// The submit email address doesn't exist in the db --- start
// Perform a look up in the user db of coppermine to see if the email address belongs to a registered user who hasn't subscribed so far
// Perform a category check
// Write the registration into the database
// Send the verification email
// Tell the subscriber to check his email
} else {
// The submit email address doesn't exist in the db --- end // There already is a record for the submit email address --- start
if ($existing_subscription_array['user_id'] != 0) {
$registration_message = '<div class="cpg_message_error">' . sprintf($lang_plugin_newsletter['email_address_belongs_to_registered_subscriber'], '<a href="login.php?referer=index.php%3Ffile%3Dnewsletter%2Fsubscribe">', '</a>') . '</div>';
} else {
$registration_message = sprintf($lang_plugin_newsletter['subscription_exists_for_email_address'], $submit_email_address, '<a href="index.php?file=newsletter/subscribe&action=mailsent">', '</a>');
$message_plain = $lang_plugin_newsletter['click_to_edit_subscription'];
$message_plain .= 'Edit later';
$message_html = newsletter_text2html($lang_plugin_newsletter['newsletter_subscription_authentification'], $CONFIG['plugin_newsletter_salutation_for_guests'], $message_plain);
cpg_mail($submit_email_address, $lang_plugin_newsletter['newsletter_subscription_authentification'], $message_html, 'text/plain', $CONFIG['plugin_newsletter_from_name'], $CONFIG['plugin_newsletter_from_email'], $message_plain);
if ($CONFIG['log_mode'] != CPG_NO_LOGGING) {
log_write("Newsletter plugin: {$submit_email_address} requested an authentification email from the subscribe page", CPG_MAIL_LOG);
}
}
}
// There already is a record for the submit email address --- end
// The email Address is valid --- end
} else {
$subscriber_email_warning = '<div class="cpg_message_validation">' . $lang_plugin_newsletter['email_address_invalid'] . '</div>';
}
}
}
// guest --- end
}
pageheader($lang_plugin_newsletter['newsletter-subscription']);
print '<td class="tableb"><strong>';
print $user_data['user_name'];
print '</strong></td>';
print '<td class="tableb">';
if ($user_data['user_active'] == 'YES') {
// user is already active
print $lang_delete_php['user_already_active'];
} else {
// activate this user
cpg_db_query("UPDATE {$CONFIG['TABLE_USERS']} SET user_active = 'YES', user_actkey = '' WHERE user_id = '{$key}'");
print $lang_delete_php['activated'];
if ($user_data['user_actkey']) {
// send activation confirmation email (only once)
require_once 'include/mailer.inc.php';
$template_vars = array('{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => $user_data['user_name'], '{SITE_NAME}' => $CONFIG['gallery_name']);
cpg_mail($user_data['user_email'], sprintf($lang_register_php['notify_user_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['activated_email'], $template_vars)));
}
}
print '</strong></td>';
}
$result->free();
}
// foreach --- end
echo '<tr><td colspan="2" class="tablef" align="center">' . $LINEBREAK;
echo '<a href="usermgr.php" class="admin_menu">' . $icon_array['ok'] . $lang_common['continue'] . '</a>' . $LINEBREAK;
echo '</td></tr>';
endtable();
pagefooter();
break;
// end case "activate"
// end case "activate"
if (mysql_result(cpg_db_query("select count(user_id) from {$CONFIG['TABLE_USERS']} where UPPER(user_name) = UPPER('{$msg_author}')"), 0, 0)) {
enl_die($lang_db_input_php['com_author_error']);
}
$insert = cpg_db_query("INSERT INTO {$CONFIG['TABLE_COMMENTS']} (pid, msg_author, msg_body, msg_date, author_md5_id, author_id, msg_raw_ip, msg_hdr_ip) VALUES ('{$pid}', '{$CONFIG['comments_anon_pfx']}{$msg_author}', '{$msg_body}', NOW(), '{$USER['ID']}', '0', '{$raw_ip}', '{$hdr_ip}')");
$USER['name'] = $_POST['msg_author'];
$redirect = "displayimage.php?pos=" . -$pid;
if ($CONFIG['email_comment_notification']) {
$mail_body = "<p>" . bb_decode(process_smilies($msg_body, $CONFIG['ecards_more_pic_target'])) . "</p>\n\r " . $lang_db_input_php['email_comment_body'] . " " . $CONFIG['ecards_more_pic_target'] . (substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') . $redirect;
cpg_mail('admin', $lang_db_input_php['email_comment_subject'], make_clickable($mail_body));
}
enl_message($lang_db_input_php['com_added']);
ob_end_flush();
exit;
} else {
// Registered users, we can use Location to redirect
$insert = cpg_db_query("INSERT INTO {$CONFIG['TABLE_COMMENTS']} (pid, msg_author, msg_body, msg_date, author_md5_id, author_id, msg_raw_ip, msg_hdr_ip) VALUES ('{$pid}', '" . addslashes(USER_NAME) . "', '{$msg_body}', NOW(), '', '" . USER_ID . "', '{$raw_ip}', '{$hdr_ip}')");
$redirect = "displayimage.php?pos=" . -$pid;
if ($CONFIG['email_comment_notification'] && !USER_IS_ADMIN) {
$mail_body = "<p>" . bb_decode(process_smilies($msg_body, $CONFIG['ecards_more_pic_target'])) . "</p>\n\r " . $lang_db_input_php['email_comment_body'] . " " . $CONFIG['ecards_more_pic_target'] . (substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') . $redirect;
cpg_mail('admin', $lang_db_input_php['email_comment_subject'], make_clickable($mail_body));
}
enl_message($lang_db_input_php['com_added']);
ob_end_flush();
exit;
}
break;
// Unknow event
// Unknow event
default:
enl_die($lang_errors['param_missing']);
}
function check_user_info(&$error)
{
// function check_user_info - start
global $CONFIG;
//, $PHP_SELF;
global $lang_register_php, $lang_register_confirm_email, $lang_common, $lang_register_approve_email;
global $lang_register_activated_email, $lang_register_user_login, $lang_errors;
$superCage = Inspekt::makeSuperCage();
//$CONFIG['admin_activation'] = FALSE;
//$CONFIG['admin_activation'] = TRUE;
$user_name = trim(get_post_var('username'));
$password = trim(get_post_var('password'));
$password_again = trim(get_post_var('password_verification'));
$email = trim(get_post_var('email'));
$profile1 = $superCage->post->getEscaped('user_profile1');
$profile2 = $superCage->post->getEscaped('user_profile2');
$profile3 = $superCage->post->getEscaped('user_profile3');
$profile4 = $superCage->post->getEscaped('user_profile4');
$profile5 = $superCage->post->getEscaped('user_profile5');
$profile6 = $superCage->post->getEscaped('user_profile6');
$agree_disclaimer = $superCage->post->getEscaped('agree');
$captcha_confirmation = $superCage->post->getEscaped('confirmCode');
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . $user_name . "'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li>' . $lang_register_php['err_user_exists'] . '</li>';
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) {
$error .= '<li>' . $lang_register_php['err_uname_short'] . '</li>';
}
if (!empty($CONFIG['global_registration_pw'])) {
$global_registration_pw = get_post_var('global_registration_pw');
if ($global_registration_pw != $CONFIG['global_registration_pw']) {
$error .= '<li>' . $lang_register_php['err_global_pw'] . '</li>';
} elseif ($password == $CONFIG['global_registration_pw']) {
$error .= '<li>' . $lang_register_php['err_global_pass_same'] . '</li>';
}
}
if (utf_strlen($password) < 2) {
$error .= '<li>' . $lang_register_php['err_password_short'] . '</li>';
}
if ($password == $user_name) {
$error .= '<li>' . $lang_register_php['err_uname_pass_diff'] . '</li>';
}
if ($password != $password_again) {
$error .= '<li>' . $lang_register_php['err_password_mismatch'] . '</li>';
}
if (!eregi("^[_\\.0-9a-z\\-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}\$", $email)) {
$error .= '<li>' . $lang_register_php['err_invalid_email'] . '</li>';
}
if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) {
$error .= '<li>' . $lang_register_php['err_disclaimer'] . '</li>';
}
// check captcha
if ($CONFIG['registration_captcha'] != 0) {
require "include/captcha.inc.php";
if (!PhpCaptcha::Validate($captcha_confirmation)) {
$error .= '<li>' . $lang_errors['captcha_error'] . '</li>';
}
}
if ($error != '') {
return false;
}
if (!$CONFIG['allow_duplicate_emails_addr']) {
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_email = '" . addslashes($email) . "'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li>' . $lang_register_php['err_duplicate_email'] . '</li>';
return false;
}
mysql_free_result($result);
}
if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
$active = 'NO';
list($usec, $sec) = explode(' ', microtime());
$seed = (double) $sec + (double) $usec * 100000;
srand($seed);
$act_key = md5(uniqid(rand(), 1));
} else {
$active = 'YES';
$act_key = '';
}
if ($CONFIG['enable_encrypted_passwords']) {
$encpassword = md5($password);
} else {
$encpassword = $password;
}
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} " . "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6) " . "VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$encpassword}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}')";
if ($CONFIG['log_mode']) {
log_write('New user "$user_name" created on ' . date("F j, Y, g:i a"), CPG_ACCESS_LOG);
}
$result = cpg_db_query($sql);
// Create a personal album if corresponding option is enabled
if ($CONFIG['personal_album_on_registration'] == 1) {
print 'sub<br />';
$catid = mysql_insert_id() + FIRST_USER_CAT;
print $catid;
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})");
print "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})";
}
if ($CONFIG['reg_requires_valid_email']) {
if (!$CONFIG['admin_activation'] == 1) {
//user gets activation email
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_confirm_email, $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
}
}
if ($CONFIG['admin_activation'] == 1) {
msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php');
} else {
msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php');
}
} else {
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php');
}
// email notification to admin
if ($CONFIG['reg_notify_admin_email']) {
// get default language in which to inform the admin
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php');
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email');
if ($CONFIG['admin_activation'] == 1) {
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars)));
} else {
cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name));
}
}
return true;
}
function cpg_send_upload_notification()
{
global $CONFIG;
$lang_db_input_php = cpg_get_default_lang_var('lang_db_input_php');
// Get the mail files.
include_once 'include/mailer.inc.php';
// Send the message.
cpg_mail('admin', sprintf($lang_db_input_php['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_db_input_php['notify_admin_email_body'], USER_NAME, $CONFIG['ecards_more_pic_target'] . (substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') . 'editpics.php?mode=upload_approval'));
}
function check_user_info(&$error)
{
global $CONFIG;
//, $PHP_SELF;
global $lang_register_php, $lang_register_confirm_email, $lang_continue, $lang_register_approve_email, $lang_register_activated_email, $lang_register_user_login;
//$CONFIG['admin_activation'] = FALSE;
//$CONFIG['admin_activation'] = TRUE;
$user_name = trim(get_post_var('username'));
$password = trim(get_post_var('password'));
$password_again = trim(get_post_var('password_verification'));
$email = trim(get_post_var('email'));
$profile1 = addslashes($_POST['user_profile1']);
$profile2 = addslashes($_POST['user_profile2']);
$profile3 = addslashes($_POST['user_profile3']);
$profile4 = addslashes($_POST['user_profile4']);
$profile5 = addslashes($_POST['user_profile5']);
$profile6 = addslashes($_POST['user_profile6']);
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . addslashes($user_name) . "'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li>' . $lang_register_php['err_user_exists'];
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) {
$error .= '<li>' . $lang_register_php['err_uname_short'];
}
if (utf_strlen($password) < 2) {
$error .= '<li>' . $lang_register_php['err_password_short'];
}
if ($password == $user_name) {
$error .= '<li>' . $lang_register_php['err_uname_pass_diff'];
}
if ($password != $password_again) {
$error .= '<li>' . $lang_register_php['err_password_mismatch'];
}
if (!eregi("^[_\\.0-9a-z\\-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}\$", $email)) {
$error .= '<li>' . $lang_register_php['err_invalid_email'];
}
if ($error != '') {
return false;
}
if (!$CONFIG['allow_duplicate_emails_addr']) {
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_email = '" . addslashes($email) . "'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li>' . $lang_register_php['err_duplicate_email'];
return false;
}
mysql_free_result($result);
}
if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
$active = 'NO';
list($usec, $sec) = explode(' ', microtime());
$seed = (double) $sec + (double) $usec * 100000;
srand($seed);
$act_key = md5(uniqid(rand(), 1));
} else {
$active = 'YES';
$act_key = '';
}
if ($CONFIG['enable_encrypted_passwords']) {
$encpassword = md5($password);
} else {
$encpassword = $password;
}
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} " . "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6) " . "VALUES (NOW(), '{$active}', '{$act_key}', '" . addslashes($user_name) . "', '" . addslashes($encpassword) . "', '" . addslashes($email) . "', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}')";
if ($CONFIG['log_mode']) {
log_write('New user "' . addslashes($user_name) . '" created on ' . date("F j, Y, g:i a"), CPG_ACCESS_LOG);
}
$result = cpg_db_query($sql);
if ($CONFIG['reg_requires_valid_email']) {
if (!$CONFIG['admin_activation'] == 1) {
//user gets activation email
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_confirm_email, $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
}
}
if ($CONFIG['admin_activation'] == 1) {
msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_continue, 'index.php');
} else {
msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_continue, 'index.php');
}
} else {
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_continue, 'index.php');
}
// email notification to admin
if ($CONFIG['reg_notify_admin_email']) {
// get default language in which to inform the admin
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php');
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email');
if ($CONFIG['admin_activation'] == 1) {
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars)));
} else {
cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name));
}
}
return true;
}
function check_user_info(&$error)
{
global $CONFIG;
global $lang_register_php, $lang_common, $lang_register_approve_email;
global $lang_register_user_login, $lang_errors;
$superCage = Inspekt::makeSuperCage();
$user_name = trim(get_post_var('username'));
$password = trim(get_post_var('password'));
$password_again = trim(get_post_var('password_verification'));
$email = trim(get_post_var('email'));
$profile1 = $superCage->post->getEscaped('user_profile1');
$profile2 = $superCage->post->getEscaped('user_profile2');
$profile3 = $superCage->post->getEscaped('user_profile3');
$profile4 = $superCage->post->getEscaped('user_profile4');
$profile5 = $superCage->post->getEscaped('user_profile5');
$profile6 = $superCage->post->getEscaped('user_profile6');
$agree_disclaimer = $superCage->post->getEscaped('agree');
$captcha_confirmation = $superCage->post->getEscaped('confirmCode');
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_user_exists'] . '</li>';
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['username_warning2'] . '</li>';
}
if (!empty($CONFIG['global_registration_pw'])) {
$global_registration_pw = get_post_var('global_registration_pw');
if ($global_registration_pw != $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pw'] . '</li>';
} elseif ($password == $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pass_same'] . '</li>';
}
}
if (utf_strlen($password) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning1'] . '</li>';
}
if ($password == $user_name) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning2'] . '</li>';
}
if ($password != $password_again) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_verification_warning1'] . '</li>';
}
if (!Inspekt::isEmail($email)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_warning2'] . '</li>';
}
if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_disclaimer'] . '</li>';
}
// Perform the ban check against email address and username
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '{$user_name}' AND brute_force = 0 LIMIT 1");
if (mysql_num_rows($result)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['user_name_banned'] . '</li>';
}
mysql_free_result($result);
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE email = '{$email}' AND brute_force = 0 LIMIT 1");
if (mysql_num_rows($result)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_address_banned'] . '</li>';
}
mysql_free_result($result);
// check captcha
if ($CONFIG['registration_captcha'] != 0) {
if (!captcha_plugin_enabled('register')) {
require "include/captcha.inc.php";
if (!PhpCaptcha::Validate($captcha_confirmation)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_errors['captcha_error'] . '</li>';
}
} else {
$error = CPGPluginAPI::filter('captcha_register_validate', $error);
}
}
if (!$CONFIG['allow_duplicate_emails_addr']) {
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$email}'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_duplicate_email'] . '</li>';
}
mysql_free_result($result);
}
$error = CPGPluginAPI::filter('register_form_validate', $error);
if ($error != '') {
return false;
}
if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
$active = 'NO';
list($usec, $sec) = explode(' ', microtime());
$seed = (double) $sec + (double) $usec * 100000;
srand($seed);
$act_key = md5(uniqid(rand(), 1));
} else {
$active = 'YES';
$act_key = '';
}
$encpassword = md5($password);
$user_language = $CONFIG['lang'];
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_language) VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$encpassword}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}', '{$user_language}')";
$result = cpg_db_query($sql);
$user_array = array();
$user_array['user_id'] = mysql_insert_id();
$user_array['user_name'] = $user_name;
$user_array['user_email'] = $email;
$user_array['user_active'] = $active;
CPGPluginAPI::action('register_form_submit', $user_array);
if ($CONFIG['log_mode']) {
log_write('New user "' . $user_name . '" registered', CPG_ACCESS_LOG);
}
// Create a personal album if corresponding option is enabled
if ($CONFIG['personal_album_on_registration'] == 1) {
$user_id = mysql_insert_id();
$catid = $user_id + FIRST_USER_CAT;
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('{$user_name}', {$catid}, {$user_id})");
}
// Registrations must be activated/verified by the user clicking a link in an email
if ($CONFIG['reg_requires_valid_email']) {
// Mail the user the activation/verification link
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['confirm_email'], $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
}
msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php');
} else {
if ($CONFIG['admin_activation']) {
// We need admin activation only
msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php');
} else {
// No activation required, account is ready for login
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php');
}
}
// email notification or actication link to admin
if ($CONFIG['reg_notify_admin_email'] || $CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
if (UDB_INTEGRATION == 'coppermine') {
// get default language in which to inform the admins
$result = cpg_db_query("SELECT user_id, user_email, user_language FROM {$CONFIG['TABLE_USERS']} WHERE user_group = 1");
while ($row = mysql_fetch_assoc($result)) {
if (!empty($row['user_email'])) {
$admins[$row['user_id']] = array('email' => $row['user_email'], 'lang' => $row['user_language']);
}
}
} else {
//@todo: is it possible to get the language from bridged installs?
$admins[] = array('email' => $CONFIG['gallery_admin_email'], 'lang' => 'english');
}
foreach ($admins as $admin) {
//check if the admin language is available
if (file_exists("lang/{$admin['lang']}.php")) {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php', $admin['lang']);
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email', $admin['lang']);
} else {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php');
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email');
}
// if the admin has to activate the login, give them the link to do so; but only if users don't have to verify their email address
if ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars)));
} elseif ($CONFIG['reg_notify_admin_email']) {
// otherwise, email is for information only
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name));
}
}
}
return true;
}
$result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}' and (uploads = 'YES' OR category = '" . (USER_ID + FIRST_USER_CAT) . "' OR owner = '" . USER_ID . "')");
if (mysql_num_rows($result)) {
$row = mysql_fetch_array($result);
mysql_free_result($result);
$category = $row['category'];
}
} else {
$result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}'");
if (mysql_num_rows($result)) {
$row = mysql_fetch_array($result);
mysql_free_result($result);
$category = $row['category'];
}
}
if (false !== $category) {
// Test if picture requires approval
if (GALLERY_ADMIN_MODE) {
$approved = 'YES';
} elseif (!$USER_DATA['priv_upl_need_approval'] && $category == FIRST_USER_CAT + USER_ID) {
$approved = 'YES';
} elseif (!$USER_DATA['pub_upl_need_approval'] && $category < FIRST_USER_CAT) {
$approved = 'YES';
} else {
$approved = 'NO';
}
$PIC_NEED_APPROVAL = $approved == 'NO';
if ($PIC_NEED_APPROVAL) {
cpg_mail('admin', sprintf($lang_db_input_php['notify_admin_email_subject'], $CONFIG['gallery_name']), make_clickable(sprintf($lang_db_input_php['notify_admin_email_body'], USER_NAME, $CONFIG['ecards_more_pic_target'] . (substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') . 'editpics.php?mode=upload_approval')));
}
}
}
function update_user($user_id)
{
global $CONFIG;
//, $PHP_SELF;
global $lang_usermgr_php, $lang_register_php, $lang_send_login_data_email;
$user_name = addslashes(trim($_POST['user_name']));
$user_password = addslashes(trim($_POST['user_password']));
$user_email = addslashes(trim($_POST['user_email']));
$profile1 = addslashes($_POST['user_profile1']);
$profile2 = addslashes($_POST['user_profile2']);
$profile3 = addslashes($_POST['user_profile3']);
$profile4 = addslashes($_POST['user_profile4']);
$profile5 = addslashes($_POST['user_profile5']);
$profile6 = addslashes($_POST['user_profile6']);
$user_active = $_POST['user_active'];
$user_group = $_POST['user_group'];
$group_list = isset($_POST['group_list']) ? $_POST['group_list'] : '';
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . addslashes($user_name) . "' AND user_id != {$user_id}";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
cpg_die(ERROR, $lang_register_php['err_user_exists'], __FILE__, __LINE__);
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) {
cpg_die(ERROR, $lang_register_php['err_uname_short'], __FILE__, __LINE__);
}
if ($user_password && utf_strlen($user_password) < 2) {
cpg_die(ERROR, $lang_register_php['err_password_short'], __FILE__, __LINE__);
}
if (is_array($group_list)) {
$user_group_list = '';
foreach ($group_list as $group) {
$user_group_list .= $group != $user_group ? $group . ',' : '';
}
$user_group_list = substr($user_group_list, 0, -1);
} else {
$user_group_list = '';
}
$sql_update = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_name = '{$user_name}', " . "user_email = '{$user_email}', " . "user_active = '{$user_active}', " . "user_group = '{$user_group}', " . "user_profile1 = '{$profile1}', " . "user_profile2 = '{$profile2}', " . "user_profile3 = '{$profile3}', " . "user_profile4 = '{$profile4}', " . "user_profile5 = '{$profile5}', " . "user_profile6 = '{$profile6}', " . "user_group_list = '{$user_group_list}'";
if (!empty($user_password)) {
$sql_update .= ", user_password = '******'enable_encrypted_passwords'] ? md5($user_password) : $user_password) . "'";
}
$sql_update .= " WHERE user_id = '{$user_id}'";
cpg_db_query($sql_update);
// If send login data checkbox is checked then send the username and password to the user in an email
if (isset($_POST['send_login_data']) && trim($_POST['user_email'])) {
require 'include/mailer.inc.php';
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => trim($_POST['user_name']), '{USER_PASS}' => trim($_POST['user_password']));
if (!cpg_mail(trim($_POST['user_email']), $lang_usermgr_php['send_login_email_subject'], nl2br(strtr($lang_send_login_data_email, $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_usermgr_php['failed_sending_email'], __FILE__, __LINE__);
}
}
}
function update_user($user_id)
{
global $CONFIG;
global $lang_usermgr_php, $lang_register_php, $icon_array;
$superCage = Inspekt::makeSuperCage();
$user_name = $superCage->post->getEscaped('user_name');
$user_password = $superCage->post->getEscaped('user_password');
$user_email = $superCage->post->getEscaped('user_email');
$profile1 = $superCage->post->getEscaped('user_profile1');
$profile2 = $superCage->post->getEscaped('user_profile2');
$profile3 = $superCage->post->getEscaped('user_profile3');
$profile4 = $superCage->post->getEscaped('user_profile4');
$profile5 = $superCage->post->getEscaped('user_profile5');
$profile6 = $superCage->post->getEscaped('user_profile6');
$user_active = $superCage->post->getAlpha('user_active');
$user_group = $superCage->post->getInt('user_group');
$group_list = $superCage->post->keyExists('group_list') ? $superCage->post->getInt('group_list') : '';
if ($user_id == 'new_user') {
cpg_db_query("INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_profile6) VALUES (NOW(), '')");
$user_id = mysql_insert_id();
log_write('New user "' . $user_name . '" created', CPG_ACCESS_LOG);
// Create a personal album if corresponding option is enabled
if ($CONFIG['personal_album_on_registration'] == 1) {
$catid = $user_id + FIRST_USER_CAT;
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})");
}
}
$sql = "SELECT user_id FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}' AND user_id != {$user_id}";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
cpg_die(ERROR, $lang_register_php['err_user_exists'], __FILE__, __LINE__);
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) {
cpg_die(ERROR, $lang_register_php['username_warning2'], __FILE__, __LINE__);
}
if ($user_password && utf_strlen($user_password) < 2) {
cpg_die(ERROR, $lang_register_php['password_warning1'], __FILE__, __LINE__);
}
// Save old user data (we need it later to determine if we need to send the activation confirmation email)
$user_data = mysql_fetch_assoc(cpg_db_query("SELECT user_name, user_active, user_email, user_actkey FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '{$user_id}'"));
if (is_array($group_list)) {
$user_group_list = '';
foreach ($group_list as $group) {
$user_group_list .= $group != $user_group ? $group . ',' : '';
}
$user_group_list = substr($user_group_list, 0, -1);
} else {
$user_group_list = '';
}
$sql_update = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_name = '{$user_name}', " . "user_email = '{$user_email}', " . "user_active = '{$user_active}', " . "user_group = '{$user_group}', " . "user_profile1 = '{$profile1}', " . "user_profile2 = '{$profile2}', " . "user_profile3 = '{$profile3}', " . "user_profile4 = '{$profile4}', " . "user_profile5 = '{$profile5}', " . "user_profile6 = '{$profile6}', " . "user_group_list = '{$user_group_list}'";
if (!empty($user_password)) {
require 'include/passwordhash.inc.php';
$sql_update .= ', ' . cpg_password_create_update_string($user_password);
}
if ($user_active == 'YES') {
$sql_update .= ", user_actkey = ''";
}
$sql_update .= " WHERE user_id = '{$user_id}'";
cpg_db_query($sql_update);
// Update comments' author name
cpg_db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_author = '{$user_name}' WHERE author_id = {$user_id}");
// If send login data checkbox is checked then send the username and password to the user in an email
if ($superCage->post->keyExists('send_login_data') && trim($user_email)) {
require 'include/mailer.inc.php';
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => trim($user_name), '{USER_PASS}' => trim($user_password));
if (!cpg_mail(trim($user_email), $lang_usermgr_php['send_login_email_subject'], nl2br(strtr($lang_usermgr_php['send_login_data_email'], $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_usermgr_php['failed_sending_email'], __FILE__, __LINE__);
}
} elseif ($user_data['user_actkey'] && $user_data['user_active'] == 'NO' && $user_active == 'YES') {
// send activation confirmation email (only once)
require 'include/mailer.inc.php';
$template_vars = array('{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => $user_data['user_name'], '{SITE_NAME}' => $CONFIG['gallery_name']);
cpg_mail($user_data['user_email'], sprintf($lang_register_php['notify_user_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['activated_email'], $template_vars)));
}
}
function check_user_info(&$error)
{
global $CONFIG, $HTTP_SERVER_VARS, $PHP_SELF;
global $lang_register_php, $lang_register_confirm_email, $lang_continue;
$user_name = trim(get_post_var('username'));
$password = trim(get_post_var('password'));
$password_again = trim(get_post_var('password_verification'));
$email = trim(get_post_var('email'));
$location = addslashes(get_post_var('location'));
$interests = addslashes(get_post_var('interests'));
$website = addslashes(get_post_var('website'));
$occupation = addslashes(get_post_var('occupation'));
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . addslashes($user_name) . "'";
$result = db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li>' . $lang_register_php['err_user_exists'];
return false;
}
mysql_free_result($result);
if (strlen($user_name) < 2) {
$error .= '<li>' . $lang_register_php['err_uname_short'];
}
if (strlen($password) < 2) {
$error .= '<li>' . $lang_register_php['err_password_short'];
}
if ($password == $user_name) {
$error .= '<li>' . $lang_register_php['err_uname_pass_diff'];
}
if ($password != $password_again) {
$error .= '<li>' . $lang_register_php['err_password_mismatch'];
}
if (!eregi("^[_\\.0-9a-z\\-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}\$", $email)) {
$error .= '<li>' . $lang_register_php['err_invalid_email'];
}
if ($error != '') {
return false;
}
if (!$CONFIG['allow_duplicate_emails_addr']) {
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_email = '" . addslashes($email) . "'";
$result = db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li>' . $lang_register_php['err_duplicate_email'];
return false;
}
mysql_free_result($result);
}
if ($CONFIG['reg_requires_valid_email']) {
$active = 'NO';
list($usec, $sec) = explode(' ', microtime());
$seed = (double) $sec + (double) $usec * 100000;
srand($seed);
$act_key = md5(uniqid(rand(), 1));
} else {
$active = 'YES';
$act_key = '';
}
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} " . "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_location, user_interests, user_website, user_occupation) " . "VALUES (NOW(), '{$active}', '{$act_key}', '" . addslashes($user_name) . "', '" . addslashes($password) . "', '" . addslashes($email) . "', '{$location}', '{$interests}', '{$website}', '{$occupation}' )";
$result = db_query($sql);
if ($CONFIG['reg_requires_valid_email']) {
$act_link = $CONFIG['ecards_more_pic_target'] . 'register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{PASSWORD}' => $password, '{ACT_LINK}' => $act_link);
if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), strtr($lang_register_confirm_email, $template_vars))) {
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
}
msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_continue, 'index.php');
} else {
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_continue, 'index.php');
}
// email notification to admin
if ($CONFIG['reg_notify_admin_email']) {
cpg_mail($CONFIG['gallery_admin_email'], sprintf($lang_register_php['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php['notify_admin_email_body'], $user_name));
}
return true;
}