function register_user($adding_service = "no")
{
global $pro_mysql_admin_table;
global $pro_mysql_new_admin_table;
global $pro_mysql_product_table;
global $pro_mysql_vps_server_table;
global $conf_webmaster_email_addr;
global $conf_selling_conditions_url;
global $conf_message_subject_header;
global $secpayconf_currency_letters;
global $gettext_lang;
get_secpay_conf();
// Check if all fields are blank, in wich case don't display error
if ((!isset($_REQUEST["reqadm_login"]) || $_REQUEST["reqadm_login"] == "") && (!isset($_REQUEST["reqadm_pass"]) || $_REQUEST["reqadm_pass"] == "") && (!isset($_REQUEST["reqadm_pass2"]) || $_REQUEST["reqadm_pass2"] == "") && (!isset($_REQUEST["domain_name"]) || $_REQUEST["domain_name"] == "") && (!isset($_REQUEST["domain_tld"]) || $_REQUEST["domain_tld"] == "") && (!isset($_REQUEST["familyname"]) || $_REQUEST["familyname"] == "") && (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "") && (!isset($_REQUEST["email"]) || $_REQUEST["email"] == "") && (!isset($_REQUEST["phone"]) || $_REQUEST["phone"] == "") && (!isset($_REQUEST["address1"]) || $_REQUEST["address1"] == "") && (!isset($_REQUEST["zipcode"]) || $_REQUEST["zipcode"] == "") && (!isset($_REQUEST["city"]) || $_REQUEST["city"] == "") && (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "")) {
$ret["err"] = 1;
$ret["mesg"] = _("Not registering");
return $ret;
}
if (isset($_REQUEST["product_id"])) {
$esc_product_id = addslashes($_REQUEST["product_id"]);
}
if (!isRandomNum($esc_product_id)) {
$ret["err"] = 2;
$ret["mesg"] = _("Product ID not valid!");
return $ret;
}
$q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='{$esc_product_id}';";
$r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
$ret["err"] = 2;
$ret["mesg"] = _("Product not found in database");
} else {
$db_product = mysql_fetch_array($r);
}
// Do field format checking and escaping for all fields
if (!preg_match("/^([a-zA-Z0-9]+)([._a-zA-Z0-9-]+)\$/", $_REQUEST["reqadm_login"])) {
$ret["err"] = 2;
$ret["mesg"] = _("User login format incorrect. Please use letters and numbers only and from 4 to 16 chars.");
return $ret;
}
if ($_REQUEST["reqadm_login"] == "root" || $_REQUEST["reqadm_login"] == "debian-sys-maint") {
$ret["err"] = 2;
$ret["mesg"] = _("Username invalid: please choose something else other than root or debian-sys-maint");
return $ret;
}
if (!isDTCPassword($_REQUEST["reqadm_pass"])) {
$ret["err"] = 2;
$ret["mesg"] = _("Password format incorrect. Please use letters and numbers only and from 4 to 16 chars.");
return $ret;
}
if ($_REQUEST["reqadm_pass"] != $_REQUEST["reqadm_pass2"]) {
$ret["err"] = 2;
$ret["mesg"] = _("Passwords 1 and 2 do not match!");
return $ret;
}
if ($_REQUEST["domain_name"] == "" || !isTLD($_REQUEST["domain_tld"])) {
$domain_tld = "";
} else {
$domain_tld = $_REQUEST["domain_tld"];
}
// If shared or ssl hosting, we MUST do type checkings
if ($db_product["heb_type"] == "shared" || $db_product["heb_type"] == "ssl" || $db_product["heb_type"] == "dedicated") {
if (!isHostnameOrIP($_REQUEST["domain_name"] . $_REQUEST["domain_tld"])) {
$ret["err"] = 2;
$ret["mesg"] = _("Domain name seems to be incorrect.");
return $ret;
}
// If not a shared, a dedicated or ssl account, it's a VPS:
// we don't care if it's umpty, but we take care of mysql insertion anyway
// so if there is a domain name, then we check it's consistency, but we don't
// do much more if there's nothing...
} else {
if ($_REQUEST["domain_name"] . $domain_tld != "" && !isHostnameOrIP($_REQUEST["domain_name"] . $domain_tld)) {
$ret["err"] = 2;
$ret["mesg"] = _("Domain name seems to be incorrect.");
return $ret;
}
}
if ($db_product["heb_type"] == "vps") {
if ($_REQUEST["vps_server_hostname"] == "-1") {
$ret["err"] = 2;
$ret["mesg"] = _("VPS location not selected!");
return $ret;
}
$q = "SELECT * FROM {$pro_mysql_vps_server_table} WHERE hostname='" . addslashes($_REQUEST["vps_server_hostname"]) . "';";
$r = mysql_query($q) or die("Cannot query {$q} " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
$ret["err"] = 2;
$ret["mesg"] = _("Could not find the VPS server in database");
return $ret;
}
}
if (!isValidEmail($_REQUEST["email"])) {
$ret["err"] = 2;
$ret["mesg"] = _("Email address seems to be incorrect format.");
return $ret;
}
if (!isset($_REQUEST["familyname"]) || $_REQUEST["familyname"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field family name missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_familyname = addslashes($_REQUEST["familyname"]);
} else {
$esc_familyname = $_REQUEST["familyname"];
}
}
if (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field first name missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_firstname = addslashes($_REQUEST["firstname"]);
} else {
$esc_firstname = $_REQUEST["firstname"];
}
}
if (!isset($_REQUEST["phone"]) || $_REQUEST["phone"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field phone missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_phone = addslashes($_REQUEST["phone"]);
} else {
$esc_phone = $_REQUEST["phone"];
}
}
if (!get_magic_quotes_gpc()) {
$esc_fax = addslashes($_REQUEST["fax"]);
} else {
$esc_fax = $_REQUEST["fax"];
}
if (!get_magic_quotes_gpc()) {
$esc_compname = addslashes($_REQUEST["compname"]);
} else {
$esc_compname = $_REQUEST["compname"];
}
if (!get_magic_quotes_gpc()) {
$esc_vat_num = addslashes($_REQUEST["vat_num"]);
} else {
$esc_vat_num = $_REQUEST["vat_num"];
}
if (!isset($_REQUEST["address1"]) || $_REQUEST["address1"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field address (line 1) missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_address1 = addslashes($_REQUEST["address1"]);
} else {
$esc_address1 = $_REQUEST["address1"];
}
}
if (!get_magic_quotes_gpc()) {
$esc_address2 = addslashes($_REQUEST["address2"]);
} else {
$esc_address2 = $_REQUEST["address2"];
}
if (!get_magic_quotes_gpc()) {
$esc_address3 = addslashes($_REQUEST["address3"]);
} else {
$esc_address3 = $_REQUEST["address3"];
}
if (!isset($_REQUEST["zipcode"]) || $_REQUEST["zipcode"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field zipcode missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_zipcode = addslashes($_REQUEST["zipcode"]);
} else {
$esc_zipcode = $_REQUEST["zipcode"];
}
}
if (!isset($_REQUEST["city"]) || $_REQUEST["city"] == "") {
$ret["err"] = 2;
$ret["mesg"] = _("Required field city missing.");
return $ret;
} else {
if (!get_magic_quotes_gpc()) {
$esc_city = addslashes($_REQUEST["city"]);
} else {
$esc_city = $_REQUEST["city"];
}
}
if (!get_magic_quotes_gpc()) {
$esc_state = addslashes($_REQUEST["state"]);
} else {
$esc_state = $_REQUEST["state"];
}
if (!get_magic_quotes_gpc()) {
$esc_custom_notes = addslashes($_REQUEST["custom_notes"]);
} else {
$esc_custom_notes = $_REQUEST["custom_notes"];
}
if (!preg_match("/^([A-Z])([A-Z])\$/", $_REQUEST["country"])) {
$ret["err"] = 2;
$ret["mesg"] = _("Country code seems incorrect.");
return $ret;
}
if ($_REQUEST["iscomp"] == "yes") {
$esc_comp = "yes";
} else {
if ($_REQUEST["iscomp"] == "no") {
$esc_comp = "no";
} else {
$ret["err"] = 2;
$ret["mesg"] = _("Is company radio button is wrong!");
return $ret;
}
}
if ($conf_selling_conditions_url != "none" && (!isset($_REQUEST["condition"]) || $_REQUEST["condition"] != "yes")) {
$ret["err"] = 2;
$ret["mesg"] = _("Selling conditions not accepted!");
return $ret;
}
$q = "SELECT adm_login FROM {$pro_mysql_admin_table} WHERE adm_login='******';";
$r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n > 0) {
$ret["err"] = 3;
$ret["mesg"] = _("Username already taken! Try again.");
return $ret;
}
$q = "SELECT reqadm_login FROM {$pro_mysql_new_admin_table} WHERE reqadm_login='******';";
$r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error());
$n = mysql_num_rows($r);
if ($n > 0) {
$ret["err"] = 3;
$ret["mesg"] = _("Username already taken! Try again.");
return $ret;
}
$vps_add1 = "";
$vps_add2 = "";
$vps_mail_add1 = "";
if ($db_product["heb_type"] == "vps") {
if (!get_magic_quotes_gpc()) {
$esc_vps_os = addslashes($_REQUEST["vps_os"]);
} else {
$esc_vps_os = $_REQUEST["vps_os"];
}
$vps_add1 = ",vps_location,vps_os";
$vps_add2 = ",'" . $_REQUEST["vps_server_hostname"] . "','{$esc_vps_os}'";
$vps_mail_add1 = "VPS hostname: " . $_REQUEST["vps_server_hostname"];
}
// MaxMind: Rudd-O
get_secpay_conf();
global $secpayconf_maxmind_license_key;
global $secpayconf_use_maxmind;
global $secpayconf_maxmind_threshold;
$maxmind_score = 0;
if ($secpayconf_use_maxmind == "yes") {
// This has been done in dtc/shared/dtc_lib.php
// but could be removed from there... As you like!
require_once "../shared/maxmind/HTTPBase.php";
require_once "../shared/maxmind/CreditCardFraudDetection.php";
$hash = array();
$hash["i"] = $_SERVER["REMOTE_ADDR"];
$hash["city"] = $_REQUEST["city"];
$hash["postal"] = $_REQUEST["zipcode"];
$hash["country"] = $_REQUEST["country"];
$maildomain = split("@", $_REQUEST["email"], 2);
$hash["domain"] = $maildomain[1];
$hash["custPhone"] = $_REQUEST["phone"];
$hash["license_key"] = $secpayconf_maxmind_license_key;
if (isset($_SERVER["X_HTTP_FORWARDED_FOR"])) {
$hash["forwardedIP"] = $_SERVER["X_HTTP_FORWARDED_FOR"];
}
$hash["emailMD5"] = md5($_REQUEST["email"]);
$hash["usernameMD5"] = md5($_REQUEST["reqadm_login"]);
$hash["passwordMD5"] = md5($_REQUEST["reqadm_pass"]);
// trigger_error("MaxMind input: ".serialize($hash),E_USER_NOTICE);
$ccfs = new CreditCardFraudDetection();
$ccfs->isSecure = 1;
$ccfs->input($hash);
$ccfs->query();
$maxmind_output = $ccfs->output();
// trigger_error("MaxMind output: ".serialize($maxmind_output),E_USER_NOTICE);
$maxmind_score = $maxmind_output["riskScore"];
} else {
$maxmind_output = "";
}
// end MaxMind
$q = "INSERT INTO {$pro_mysql_new_admin_table}\n(reqadm_login,\nreqadm_pass,\ndomain_name,\nfamily_name,\nfirst_name,\ncomp_name,\nvat_num,\niscomp,\nemail,\nphone,\nfax,\naddr1,\naddr2,\naddr3,\nzipcode,\ncity,\nstate,\ncountry,\nproduct_id,\ncustom_notes,\nshopper_ip,\ndate,\ntime,\nlast_used_lang,\nmaxmind_output{$vps_add1}\n)\nVALUES('" . $_REQUEST["reqadm_login"] . "',\n'" . $_REQUEST["reqadm_pass"] . "',\n'" . $_REQUEST["domain_name"] . $domain_tld . "',\n'{$esc_familyname}',\n'{$esc_firstname}',\n'{$esc_compname}',\n'{$esc_vat_num}',\n'{$esc_comp}',\n'" . $_REQUEST["email"] . "',\n'{$esc_phone}',\n'{$esc_fax}',\n'{$esc_address1}',\n'{$esc_address2}',\n'{$esc_address3}',\n'{$esc_zipcode}',\n'{$esc_city}',\n'{$esc_state}',\n'" . $_REQUEST["country"] . "',\n'{$esc_product_id}',\n'{$esc_custom_notes}',\n'" . $_SERVER["REMOTE_ADDR"] . "',\n'" . date("Y-m-d") . "',\n'" . date("H:i:s") . "',\n'" . $gettext_lang . "',\n'" . mysql_real_escape_string(serialize($maxmind_output)) . "'{$vps_add2})";
$r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error());
$id = mysql_insert_id();
$ret["err"] = 0;
$ret["mesg"] = "Query ok!";
$ret["id"] = $id;
$q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='{$esc_product_id}';";
$r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error());
$n = mysql_num_rows($r);
if ($n != 1) {
echo "<font color=\"red\">" . _("Cannot find product id!") . "</font>";
$the_prod = $esc_product_id . " (0 {$secpayconf_currency_letters})";
} else {
$a = mysql_fetch_array($r);
$the_prod = $a["name"] . " (" . $a["price_dollar"] . " {$secpayconf_currency_letters})";
}
$mail_content = "\nSomebody tried to register an account. Here is the details of the new user:\n\nlogin: "******"reqadm_login"] . "\npass: "******"reqadm_pass"] . "\ndomain: " . $_REQUEST["domain_name"] . $domain_tld . "\nCompany name: " . $_REQUEST["compname"] . "\nFirst name: " . $_REQUEST["firstname"] . "\nFamily name: " . $_REQUEST["familyname"] . "\nEmail: " . $_REQUEST["email"] . "\nPhone: {$esc_phone}\nFax: {$esc_fax}\nAddr: " . $_REQUEST["address1"] . " " . $_REQUEST["address2"] . " " . $_REQUEST["address3"] . "\nZipcode: {$esc_zipcode}\nCity: " . $_REQUEST["city"] . "\nState: " . $_REQUEST["state"] . "\nCountry: " . $_REQUEST["country"] . "\nShopper ip: " . $_SERVER["REMOTE_ADDR"] . "\nProduct id: {$the_prod}\nCustomer note: " . $_REQUEST["custom_notes"] . "\n{$vps_mail_add1}\n";
if ($maxmind_score > 0) {
$mail_content .= "Maxmind Score: {$maxmind_score}\n";
$mail_content .= "Maxmind Output: {$maxmind_output}\n";
}
$headers = "From: DTC Robot <{$conf_webmaster_email_addr}>";
mail($conf_webmaster_email_addr, "{$conf_message_subject_header} Somebody tried to register an account", $mail_content, $headers);
return $ret;
}
$root = '.';
include_once "{$root}/config.php";
include_once "{$root}/common.php";
$title = __('TLDsSuggest');
if (!empty($_POST)) {
$domain = $_POST['domain'];
$description = $_POST['description'];
$captcha = strtolower($_POST['captcha']);
if (substr($domain, 0, 1) == '.') {
$domain = substr($domain, 1);
}
$domain = strtolower($domain);
if (!Session::captchaCompare('tldssuggest', $captcha)) {
$error['captcha'] = true;
}
if (strlen($domain) < 2 || !isTLD($domain)) {
$error['domain'] = true;
}
if (!empty($description) && strlen($description) > 140) {
$error['description'] = true;
}
if (empty($error)) {
$tldexists = Db::fetchOne("SELECT domain FROM tlds\n WHERE LCASE(domain) = '{$domain}'");
if (!empty($tldexists)) {
$error['domainexists'] = true;
}
}
if (empty($error)) {
Db::insert('tlds', array('domain' => $domain, 'description' => $description, 'suggest' => 1));
header("Location: {$config['root']}tlds/");
}
