function registerNewUser($username, $password, $password2, $email) { global $seed; if (!valid_username($username) || !valid_password($password) || !valid_email($email) || $password != $password2 || user_exists($username)) { return false; } $code = generate_code(20); $sql = sprintf("insert into login (username,password,email,actcode) value ('%s','%s','%s','%s')", mysql_real_escape_string($username), mysql_real_escape_string(sha1($password . $seed)), mysql_real_escape_string($email), mysql_real_escape_string($code)); if (mysql_query($sql)) { $id = mysql_insert_id(); if (sendActivationEmail($username, $password, $id, $email, $code)) { return true; } else { return false; } } else { return false; } return false; }
<?php include_once 'Zend/Mail.php'; include_once 'Zend/Mail/Transport/Smtp.php'; /** * Sends an activation email to the new user */ function sendActivationEmail($email, $activationId) { #$activationUrl = 'http://localhost/index.php/user/activate/activationId/' . $activationId; #$bodyText = utf8_encode('Dear User<br>Welcome to ZPortal.<br>In order to activate your account please visit the following link <a href="' . $activationUrl . '">' . $activationUrl . '</a>'); #$bodyText = utf8_encode('Dear User\nWelcome to ZPortal.\nIn order to activate your account please visit the following link '); $bodyText = 'Dear User, welcome to ZPortal.'; $bodyText .= 'In order to activate your account, please visit the following link'; $config = array('auth' => 'login', 'username' => 'Eden', 'password' => '!27nov2005'); $transport = new Zend_Mail_Transport_Smtp('il-ex1.zend.net', $config); $mail = new Zend_Mail(); $mail->setBodyText($bodyText); $mail->setFrom('*****@*****.**', 'ZPortal'); $mail->addTo($email, $email); $mail->setSubject('Welcome to ZPortal'); $mail->send($transport); } sendActivationEmail("*****@*****.**", md5("1234"));
function create() { $name = sanitize($_POST['name'], "string"); $email = sanitize($_POST['email'], "email"); $password = sanitize($_POST['password'], "string"); $password2 = sanitize($_POST['password2'], "string"); function validEmail($email) { $result = preg_match("/^[_\\.0-9a-zA-Z-]+@([0-9a-zA-Z][0-9a-zA-Z-]+\\.)+[a-zA-Z]{2,6}\$/i", $email); if ($result == false) { writelog("Email validation: FAILED"); return false; } else { writelog("Email validation: OK"); return true; } } function checkUser($name) { $sql = "SELECT COUNT(*) AS 'numrow' FROM users WHERE name='" . $name . "'"; $query = mysql_query($sql); $numrow = mysql_fetch_array($query); if ($numrow['numrow'] != 0) { writelog("the username is already present"); return false; } else { writelog("the username is available"); return true; } } //*************** reCAPTCHA ************** $resp = recaptcha_check_answer(PRIVATEKEY, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); writelog("fuori dal ciclo captcha\t" . $_SERVER["REMOTE_ADDR"] . "recaptcha_challenge_field:" . $_POST["recaptcha_challenge_field"] . "recaptcha_response_field:" . $_POST["recaptcha_response_field"]); if ($resp->is_valid) { writelog("Captcha check: OK"); $captcha = TRUE; } else { writelog("Captcha check: FAILED"); $captcha = FALSE; } function checkEmail($email) { if (validEmail($email)) { $sql2 = "select count(*) as 'numrow' from users where email='" . $email . "'"; $query2 = mysql_query($sql2); $numrow2 = mysql_fetch_array($query2); if ($numrow2['numrow'] != 0) { writelog("email address is already present"); return FALSE; } else { writelog("email address not present"); return TRUE; } } } function checkpswd($password, $password2) { if ($password == $password2) { writelog("controllo password: OK"); return TRUE; } else { writelog("controllo password: FALLITO"); return FALSE; } } // insert user into database if (checkUser($name) && checkEmail($email) && checkpswd($password, $password2) && $captcha == TRUE) { $password = sha1(SALT . $password . $email); $sql = "INSERT INTO users (name,email,password,points,moderator,created,lastactivity) VALUES ('" . escape($name) . "','" . escape($email) . "','" . escape($password) . "','1','0',NOW(),NOW())"; $query = mysql_query($sql); $userid = mysql_insert_id(); $temp = gettimeofday(); $msec = (int) $temp["usec"]; $activeid = md5(time() . $msec); $sql = "INSERT INTO confirm (confirm_validator, confirm_userid) VALUES ('{$activeid}', '{$userid}')"; $query = mysql_query($sql); if (SEND_EMAIL) { sendActivationEmail($userid, $activeid); header("Location: " . BASE_PATH . "/users/active?action=1"); } else { header("Location: " . BASE_PATH . "/users/active?id={$activeid}"); } } else { writelog("errore"); header("Location: " . BASE_DIR . "/index.php/users/register"); } }