function register($username, $name, $email, $profile, $captcha)
{
if (!checkLock("register")) {
return 7;
}
//verify that fields have been properly entered
if (strlen($username) == 0 || strlen($email) == 0) {
return 1;
}
//verify name
if (strlen($name) < 4) {
return 9;
}
//check if registration is enabled
$config = $GLOBALS['config'];
if (!$config['app_enabled']) {
return 8;
}
//make sure that there are not too many users
if (isset($config['limits']) && isset($config['limits']['users']) && $config['limits']['users'] > 0) {
$result = mysql_query("SELECT COUNT(*) FROM users");
$row = mysql_fetch_array($result);
if ($row[0] >= $config['limits']['users']) {
return 8;
}
}
$username = escape($username);
$name = escape($name);
$email = escape($email);
$gen_salt = secure_random_bytes(20);
$db_salt = escape(bin2hex($gen_salt));
$gen_password = uid(12);
$password = escape(chash2($gen_password, $gen_salt));
//validate email address (after MySQL escaping...)
if (!validEmail($email)) {
return 3;
}
//verify that email and username are not in use
// we check each one separately to respond with different error codes
$result = mysql_query("SELECT id FROM users WHERE email='" . $email . "'");
if (mysql_num_rows($result) > 0) {
return 3;
}
$result = mysql_query("SELECT id FROM users WHERE username='******'");
if (mysql_num_rows($result) > 0) {
return 5;
}
//verify the captcha
if ($config['captcha_enabled']) {
include_once basePath() . '/securimage/securimage.php';
$securimage = new Securimage();
if ($securimage->check($captcha) == false) {
// the code was incorrect
return 2;
}
}
$registerTime = time();
//delete old accounts
// these are accounts that have not been accessed (accessed=0 in oneapp.users) with register_time < time() - config[activation_time]
$activeTime = $registerTime - $config['activation_time'];
mysql_query("DELETE FROM users WHERE accessed = '0' AND register_time < '{$activeTime}'");
lockAction("register");
$result = mysql_query("INSERT INTO users (username, name, password, salt, email, register_time, accessed) VALUES ('{$username}', '{$name}', '{$password}', '{$db_salt}', '{$email}', '{$registerTime}', '0')");
if ($result !== FALSE) {
$user_id = mysql_insert_id();
foreach ($profile as $var_id => $item) {
$val = escape($item[1]);
mysql_query("INSERT INTO profiles (user_id, var_id, val) VALUES ('{$user_id}', '{$var_id}', '{$val}')");
}
//initiate messaging default preferences
initMessaging($user_id);
//send email
$content = page_db("registration");
$content = str_replace('$USERNAME$', $username, $content);
$content = str_replace('$NAME$', $name, $content);
$content = str_replace('$PASSWORD$', $gen_password, $content);
$content = str_replace('$EMAIL$', $email, $content);
$content = str_replace('$LOGIN_ADDRESS$', $config['site_address'] . "/login.php", $content);
$result = one_mail($config['site_name'] . " Registration", $content, $email);
if ($result) {
return 0;
} else {
return 6;
}
} else {
return 4;
}
}
$line = trim($line);
if($line !== '') {
mysql_query($line) or die("There was an error while attempting to create the oneapp tables.<br />" . mysql_error());
}
}
} else {
die("Error: could not read from the install.sql file!");
}
//make sure that users aren't set up yet
echo "Checking users table<br />";
$result = mysql_query("SELECT COUNT(*) FROM users");
$row = mysql_fetch_row($result);
if($row[0] == 0) {
echo "Creating site administrative user (username=admin, password is blank)<br />";
mysql_query("INSERT INTO users (username, password, name, email, register_time, accessed) VALUES ('admin', '" . chash("") . "', 'Site Administrator', '*****@*****.**', '0', '0')");
$admin_id = escape(mysql_insert_id());
mysql_query("INSERT INTO user_groups (user_id, `group`) VALUES ('$admin_id', '0')");
mysql_query("INSERT INTO user_groups (user_id, `group`) VALUES ('$admin_id', '-1')");
initMessaging($admin_id);
echo "<font color=\"green\">Installation is complete.</font>";
} else {
die("Error: at least one user has been created. For security reasons, the users table must be empty to run this installation script.");
}
?>
