00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00023 function getRegistrationForm() {
00024 global $urlRequestRoot, $moduleFolder, $cmsFolder,$sourceFolder, $templateFolder;
00025 require_once("$sourceFolder/$moduleFolder/form/registrationformsubmit.php");
00026 require_once("$sourceFolder/$moduleFolder/form/registrationformgenerate.php");
00027 $jsPath2 = "$urlRequestRoot/$cmsFolder/$moduleFolder/form/validation.js";
00028 $jsPath = "$urlRequestRoot/$cmsFolder/templates/common/scripts/formValidator.js";
00029 $calpath = "$urlRequestRoot/$cmsFolder/$moduleFolder";
00030 $jsPathMooTools = "$urlRequestRoot/$cmsFolder/templates/common/scripts/mootools-1.11-allCompressed.js";
00031 $body = '<script language="javascript" type="text/javascript" src="'.$jsPath2.'"></script>';
00032 $body .= '<link rel="stylesheet" type="text/css" media="all" href="'.$calpath.'/form/calendar/calendar.css" title="Aqua" />' .
00033 '<script type="text/javascript" src="'.$calpath.'/form/calendar/calendar.js"></script>';
00035 $captchaHtml = getCaptchaHtml();
00036 $jsValidationFunctions = array();
00037 $containsFileUploadFields = false;
00039 $dynamicFields = getFormElementsHtmlAsArray(0, 0, $jsValidationFunctions, $containsFileUploadFields);
00040 $dynamicFields = join($dynamicFields, "</tr>\n<tr>");
00041 if($dynamicFields != '') {
00042 $dynamicFields = "<tr>$dynamicFields</tr>";
00043 }
00044 $jsValidationFunctions = join($jsValidationFunctions, ' && ');
00045 $email_val = "";
00046 $name_val = "";
00047 $fullname_val = "";
00048 if(isset($_POST['user_email']))
00049 $email_val = escape($_POST['user_email']);
00050 if(isset($_POST['user_name']))
00051 $name_val = escape($_POST['user_name']);
00052 if(isset($_POST['user_email']))
00053 $fullname_val = escape($_POST['user_fullname']);
00054 $reg_str =<<<REG
00055 <script language="javascript">
00056 function checkPassword(inputhandler2) {
00057 inputhandler1=inputhandler2.form.user_password;
00058 if(inputhandler1.value!=inputhandler2.value) {
00059 alert("Passwords do not match");
00060 inputhandler2.value="";
00061 inputhandler1.value="";
00062 inputhandler1.focus();
00063 return false;
00064 }
00065 return true;
00066 }
00067 function checkRegistrationForm(inputhandler) {
00068 if(inputhandler.user_password.value.length==0) {
00069 alert("Blank password not allowed.");
00070 return false;
00071 }
00072 if(inputhandler.user_name.value.length==0) {
00073 alert("Blank 'User name' not allowed.");
00074 return false;
00075 }
00076 if(inputhandler.user_fullname.value.length==0) {
00077 alert("Blank 'Full name' not allowed.");
00078 return false;
00079 }
00080 return (checkEmail(this.user_email)&&checkPassword(this.user_repassword));
00081 }
00082 </script>
00083 <form class="cms-registrationform" method="POST" name="user_reg_usrFrm" onsubmit="return checkRegistrationForm(this)" action="./+login&subaction=register" enctype="multipart/form-data">
00084 <fieldset>
00085 <legend> Sign Up</legend>
00086 <table border="0" cellspacing="0" cellpadding="0">
00087 <tr> <td><label for="user_email" class="labelrequired">Email *</label></td>
00088 <td><input name="user_email" id="user_email" class="required" value='{$email_val}' onchange="if(this.length!=0) return checkEmail(this);" type="text"></td>
00089 </tr>
00090 <tr> <td><label for="user_password" class="labelrequired">Password *</label></td>
00091 <td> <input name="user_password" id="user_password" class="required" type="password"></td>
00092 </tr>
00093 <tr> <td><label for="user_repassword" class="labelrequired">Re-enter Password *</label></td>
00094 <td> <input name="user_repassword" id="user_repassword" class="required" onchange="if(this.length!=0) return checkPassword(this);" type="password"></td>
00095 </tr>
00096 <tr>
00097 <td><label for="user_name" class="labelrequired">User name *</label></td>
00098 <td><input name="user_name" id="user_name" class="required" value='{$name_val}' type="text"></td>
00099 </tr>
00100 <tr>
00101 <td><label for="user_fullname" class="labelrequired">Full Name *</label></td>
00102 <td><input name="user_fullname" id="user_fullname" class="required" value='{$fullname_val}' type="text"></td>
00103 </tr>
00104 $dynamicFields
00105 $captchaHtml
00106 <tr>
00107 <td colspan="2">* - Required Fields </td>
00108 </tr>
00109
00110 <tr>
00111 <td><input type="submit" id="submitbutton" value="Sign Up"></td>
00112 <td><a href="./+login&subaction=register&reSendKey=1">Resend Activation link?</a> <a href="./+login">Login?</a></td>
00113 </tr>
00114 </table>
00115 </fieldset>
00116 </form>
00117 REG;
00118 $body .= $reg_str;
00119 $body .= <<<SCRIPT
00120 <script language="javascript" type="text/javascript">
00121 <!--
00122 function validate_form(thisform) {
00123 return ($jsValidationFunctions);
00124 }
00125 -->
00126 </script>
00127 SCRIPT;
00128 return $body;
00129 }
00130
00131 function register() {
00133 global $uploadFolder,$sourceFolder,$moduleFolder,$urlRequestRoot;
00134 require("$sourceFolder/$moduleFolder/form/registrationformgenerate.php");
00135 require("$sourceFolder/$moduleFolder/form/registrationformsubmit.php");
00136 if ((!isset ($_GET['key'])) && (!isset ($_GET['reSendKey'])) && (!isset ($_POST['user_email']))) {
00137 return getRegistrationForm();
00138 }
00140 elseif ((isset ($_GET['reSendKey'])) && (!isset ($_POST['resend_key_email'])) && SEND_MAIL_ON_REGISTRATION) {
00141
00142 $reSendForm =<<<FORM
00143 <form class="cms-registrationform" method="POST" name="user_resend_key" onsubmit="return checkForm(this)" action="./+login&subaction=register&reSendKey">
00144 <fieldset>
00145 <legend>Resend Activation Link</legend>
00146 <table>
00147 <tr>
00148 <td><label for="resend_key_email" class="labelrequired">Email</label></td>
00149 <td><input type="text" name="resend_key_email" id="resend_key_email" class="required" onchange="if(this.length!=0) return checkEmail(this);"/><br /></td>
00150 </tr>
00151 <tr>
00152 <td colspan="2"> </td>
00153 </tr>
00154 <tr>
00155 <td><input type="submit" id="submitbutton" value="Submit"></td>
00156 <td><a href="./+login&subaction=register">Sign Up</a> <a href="./+login">Login?</a></td>
00157 </tr>
00158 </table>
00159 </fieldset>
00160 </form>
00161 FORM;
00162 return $reSendForm;
00163 }
00165 elseif (isset ($_POST['resend_key_email'])) {
00166 $email = escape($_POST['resend_key_email']);
00167 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='$email' ";
00168 $result = mysql_query($query) or displayerror(mysql_error() . "registration L:131");
00169 if (!mysql_num_rows($result))
00170 displayinfo("This email-id has not yet been registered. Kindly <a href=\"./+login&subaction=register\">register</a>.");
00171 else {
00172 $temp = mysql_fetch_assoc($result);
00173 if ($temp['user_activated'] == 1)
00174 displayinfo("E-mail $email has already been verified.<a href=\"./+login\"> Login</a> <a href=\"./+login&subaction=resetPasswd\">Forgot Password?</a>");
00175 else {
00176 $key = getVerificationKey($email, $temp['user_password'], $temp['user_regdate']);
00177
00178
00179 $from = "from: ".CMS_TITLE." <".CMS_EMAIL.">";
00180 $to = "$email";
00181 $mailtype = "activation_mail";
00182
00183
00184 $messenger = new messenger(false);
00185 global $onlineSiteUrl;
00186 $messenger->assign_vars(array('ACTIVATE_URL'=>"$onlineSiteUrl/+login&subaction=register&verify=$to&key=$key",'NAME'=>"$temp[user_fullname]",'WEBSITE'=>CMS_TITLE,'DOMAIN'=>$onlineSiteUrl));
00187
00188 if ($messenger->mailer($to,$mailtype,$key,$from))
00189 displayinfo("Activation link resent. Kindly check your e-mail for activation link.");
00190 else
00191 displayerror("Activation link resending failure. Kindly contact administrator");
00192
00193
00194 }
00195 }
00196 }
00198 elseif (isset ($_GET['key'])) {
00199 $emailId = escape($_GET['verify']);
00200 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='{$emailId}'";
00201 $result = mysql_query($query) or displayerror(mysql_error() . "registration L:76");
00202 $temp = mysql_fetch_assoc($result);
00203 if ($temp['user_activated'] == 1)
00204 displayinfo("E-mail ".escape($_GET[verify])." has already been verified");
00205 else {
00206 if ($_GET['key'] == getVerificationKey($_GET['verify'], $temp['user_password'], $temp['user_regdate'])) {
00207 $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_activated`=1 WHERE `user_email`='$emailId'";
00208 mysql_query($query) or die(mysql_error());
00209 if (mysql_affected_rows() > 0)
00210 displayinfo("Your e-mail ".escape($_GET[verify])." has been verified. Now you can fill your profile information by clicking <a href=\"./+profile\">here</a> or by clicking on the preferences link in the action bar any time you are logged in.");
00211 else
00212 displayerror("Verification error for ".escape($_GET[verify]).". Please contact administrator");
00213 } else
00214 displayerror("Verification error for ".escape($_GET[verify]).". Please contact administrator");
00215 }
00216 }
00218 else {
00219
00220 if ((($_POST['user_email']) == "") || (($_POST['user_password']) == "")) {
00221 displayerror("Blank e-mail/password NOT allowed");
00222 return getRegistrationForm();
00223 }
00224
00225 if ((($_POST['user_name']) == "") || (($_POST['user_fullname']) == "")) {
00226 displayerror("Please fill in your user name and Full name");
00227 return getRegistrationForm();
00228 }
00229
00230 if (!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $_POST['user_email'])) {
00231 displayerror("Invalid Email Id");
00232 return getRegistrationForm();
00233 }
00234 if (($_POST['user_password']) != ($_POST['user_repassword'])) {
00235 displayerror("Passwords are not same");
00236 return getRegistrationForm();
00237 }
00238 if (submitCaptcha()==false) {
00239 return getRegistrationForm();
00240 }
00241
00242
00243 $umail = escape($_POST['user_email']);
00244 $umail = trim($umail);
00245 $isValid = check_email($umail);
00246 if(!$isValid)
00247 {
00248 displayerror("Your E-Mail Provoider has been blackilisted. Please Use another email id or contact the website administrator");
00249 return getRegistrationForm();
00250 }
00251 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='" . $umail . "'";
00252 $result = mysql_query($query) or displayerror(mysql_error() . "in registration L:115");
00253 if (mysql_num_rows($result)) {
00254 displaywarning("Email already exists in database. Please use a different e-mail.");
00255 return getRegistrationForm();
00256 } else {
00257 $passwd = md5($_POST['user_password']);
00258 $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " .
00259 "(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`) " .
00260 "VALUES ('".escape($_POST['user_name'])."', '".escape($_POST['user_email'])."', '".escape($_POST['user_fullname'])."', '$passwd', ".ACTIVATE_USER_ON_REG.")";
00261 $result = mysql_query($query);
00262 $query1 = "SELECT `user_id` FROM `". MYSQL_DATABASE_PREFIX . "users` WHERE `user_email` ='".escape($_POST['user_email'])."' LIMIT 1";
00263 $result1 = mysql_query($query1);
00264 $result1 = mysql_fetch_array($result1);
00265 $form_result = submitRegistrationForm(0, $result1[0], true, true);
00266 if(!$form_result)
00267 {
00268 $query1 = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = ".$result1[0];
00269 $result = mysql_query($query1);
00270 return getRegistrationForm();
00271 }
00272 if ($result)
00273 {
00274 if(ACTIVATE_USER_ON_REG)
00275 displayinfo("You have been successfully registered. You can now <a href=\"./+login\">log in</a>.");
00276 else displayinfo("Your registration was successful but your account is not activated yet. Kindly check your email, or wait for the website administrator to activate you.");
00277 }
00278 if(SEND_MAIL_ON_REGISTRATION)
00279 {
00280 $email = $umail;
00281 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='$email' ";
00282 $result = mysql_query($query) or displayerror(mysql_error() . "registration L:211");
00283
00284 $temp = mysql_fetch_assoc($result);
00285 $key = getVerificationKey($email, $temp['user_password'], $temp['user_regdate']);
00286
00287
00288 $from = "from: ".CMS_TITLE." <".CMS_EMAIL.">";
00289 $to = "$email";
00290 $mailtype = "activation_mail";
00291
00292
00293 $messenger = new messenger(false);
00294 global $onlineSiteUrl;
00295 $messenger->assign_vars(array('ACTIVATE_URL'=>"$onlineSiteUrl/+login&subaction=register&verify=$to&key=$key",'NAME'=>"$temp[user_fullname]",'WEBSITE'=>CMS_TITLE, 'DOMAIN'=>$onlineSiteUrl));
00296
00297 if ($messenger->mailer($to,$mailtype,$key,$from))
00298 displayinfo("Kindly check your e-mail for activation link.");
00299 else
00300 displayerror("Activation link sending failure. Kindly contact administrator");
00301
00302
00303 }
00304
00305 }
00306 }
00307 }
00308
00309 function getVerificationKey($userEmail, $userPassword, $userRegistrationTime) {
00310 return md5(substr($userEmail, 0, 6) . substr(md5($userPassword), -17) . $userRegistrationTime . $userPassword);
00311 }
00312
00313
00314
00315
00316