function do_register() { global $hasError, $data, $dbc, $globals, $mostrar_captcha; borrar_usuarios_no_activados_antiguos(); if ($mostrar_captcha) { validar_captcha($hasError); } $user_ip = $globals['ip']; // hash sha1 de la clave $sha1pass = PwdHash($data['Password']); // Generamos el código de activación $activ_code = rand(1000, 9999); $usr_email = $data['Email']; $user_name = $data['UserName']; // Valido si existe ya el usuario $rs_duplicate = mysql_query("select count(*) as total from users where user_name='{$user_name}'") or die(mysql_error()); list($total) = mysql_fetch_row($rs_duplicate); if ($total > 0) { $hasError[] = "El usuario ya está dado de alta."; } // Valido si existe ya el email $parts = explode('@', $usr_email); $subparts = explode('+', $parts[0]); // se permiten direcciones del tipo user+extension@gmail.com, que debemos controlar para no permitir abusos $rs_duplicate = mysql_query("select count(*) as total from users where user_email = '{$subparts['0']}@{$parts['1']}' or user_email LIKE '{$subparts['0']}+%@{$parts['1']}'") or die(mysql_error()); list($total) = mysql_fetch_row($rs_duplicate); if ($total > 0) { $hasError[] = "El email ya está dado de alta."; } if (empty($hasError)) { // Insertamos el Nuevo Usuario $sql_insert = "INSERT into `users`\n (`user_email`,`pwd`,`date`,`users_ip`,`activation_code`,`user_name`)\n VALUES\n ('{$usr_email}','{$sha1pass}',now(),'{$user_ip}','{$activ_code}','{$user_name}')\n "; mysql_query($sql_insert, $dbc['link']) or die("Insertion Failed:" . mysql_error()); $user_id = mysql_insert_id($dbc['link']); $md5_id = md5($user_id); mysql_query("update users set md5_id='{$md5_id}' where id='{$user_id}'"); log_insert("register_ok", ip2long($globals['ip'])); $_SESSION['email_registro'] = $usr_email; $_SESSION['email_registro_contador'] = 3; $_SESSION['hasSuccess'] = null; enviar_correo_registro($usr_email, $md5_id, $activ_code); header("Location: thankyou.php"); exit; } }
<?php include "includes/general.inc.php"; include "includes/dbc.inc.php"; page_protect(false, true); foreach ($_GET as $key => $value) { $get[$key] = filter($value); } $exito = false; if (isset($get['user']) && isset($get['activ_code']) && !empty($get['activ_code']) && !empty($get['user']) && is_numeric($get['activ_code'])) { borrar_usuarios_no_activados_antiguos(); $user = filter($get['user']); $activ = filter($get['activ_code']); $rs_check = mysql_query("select id from users where md5_id='{$user}' and activation_code='{$activ}' and approved=0 limit 1") or die(mysql_error()); $num = mysql_num_rows($rs_check); if ($num > 0) { $rs_activ = mysql_query("update users set approved='1' WHERE\n md5_id='{$user}' AND activation_code = '{$activ}' and approved=0 ") or die(mysql_error()); $exito = true; $_SESSION["email_registro"] = null; } } else { header("HTTP/1.0 404 Not Found"); include "404.php"; exit; } get_header(); if ($exito) { escribir_titulo("Registro completado", "Ya puedes conectarte"); ?>