<?php /* UE Accounts Signup Process */require_once('inc/core.php');account

1. <?php /* UE Accounts Signup Process */
2.  
3. require_once('inc/core.php');
4. accounts_start(false);
5.  
6.  /* PasswordHash */
7. require('inc/passwordhash.php');
8.  
9.  /* Get Values */
10. $fullname = filter_magic_quotes(mysql_real_escape_string($_POST['fullname']));
11. $username = filter_magic_quotes(mysql_real_escape_string($_POST['username']));
12. $password = filter_magic_quotes(mysql_real_escape_string($_POST['password']));
13. $email = filter_magic_quotes(mysql_real_escape_string($_POST['email']));
14. if ($_POST["request"] != "ajax") {
15.  if ($_POST['email_public'] != "") { $email_public_array = $_POST['email_public'];
16.   foreach ($email_public_array as $row) { $email_public = "true"; }
17.  } else {
18.   $email_public = "false";
19.  }
20. } else { $email_public = $_POST["email_public"]; }
21. $ip = $_SERVER['REMOTE_ADDR'];
22. $checkusername = mysql_query("SELECT username FROM users WHERE username = '".$username."'");
23. $checkemail = mysql_query("SELECT email FROM users WHERE email = '".$email."'");
24. $validatedusername = preg_replace("/[^a-zA-Z0-9_-]/", "", $username);
25. if ($username == $validatedusername) { $validusername = true; }
26. else { $validusername = false; }
27. $activationkey = uniqid(rand(),true);
28. $date = date("Y-m-d H:i:s");
29. $uid = sha1(uniqid(rand(),true));
30.  
31.  /* Hash Password */
32. $hasher = new PasswordHash(8, FALSE);
33. $hash = $hasher->HashPassword($password);
34.  
35.  /* Error Messages */
36. if (strlen($password) > 72) { echo '<p>Please keep your password under 72 characters. <a href="'.$base_url.'/signup/">Try again</a>.</p>'; }
37. if (strlen($hash) < 20) { echo '<p>Unexpected error, please check your password. <a href="'.$base_url.'/signup/">Try again</a>.</p>'; unset($hasher); }
38. if (filter_email($email) == false) { echo '<p>Please enter a valid email. <a href="'.$base_url.'/signup/">Try again</a>.</p>'; }
39. if ($fullname == "") { echo '<p>Please fill out the full name field. <a href="'.$base_url.'/signup/">Try again</a>.</p>'; }
40. if ($username == "") { echo '<p>Please fill out the username field. <a href="'.$base_url.'/signup/">Try again</a>.</p>'; }
41. if ($password == "") { echo '<p>Please fill out the password field. <a href="'.$base_url.'/signup/">Try again</a>.</p>'; }
42. if ($email == "") { echo '<p>Please fill out the email field. <a href="'.$base_url.'/signup/">Try again</a>.</p>'; }
43.  
44.  /* Create Account */
45. if (($fullname != "") && ($username != "") && (strlen($hash) >= 20) && (strlen($password) <= 72) && ($email != "") && (filter_email($email) == true)) {
46.  if (mysql_num_rows($checkusername) == 1) { echo '<p>Sorry, that username already exists. <a href="'.$base_url.'/signup/">Try again</a>.</p>'; }
47.  else if (mysql_num_rows($checkemail) == 1) { echo '<p>Sorry, that email is already in use. <a href="'.$base_url.'/signup/">Try again</a>.</p>'; }
48.  else if ($validusername == false) { echo '<p>Please make sure your username contains no spaces or weird characters (dashes and underscores allowed). <a href="'.$base_url.'/signup/">Try again</a>.</p>'; }
49.  else {   $signupquery = mysql_query("INSERT INTO users (uid, fullname, username, password, email, email_public, ip, signupday, activationkey) VALUES('".$uid."', '".$fullname."', '".$username."', '".$hash."', '".$email."', '".$email_public."', '". $ip."', '".$date."', '".$activationkey."')");
50.   if ($signupquery) {
51.    mail_signup_activation($email, $activationkey);
52.    if ($_POST["request"] != "ajax") {
53.     header('Location: '.$base_url.'/login?user=new');
54.    } else {
55.     echo "success:$username";
56.    }
57.   } else { echo '<p>Sorry, an unknown error occured. <a href="'.$base_url.'/signup/">Try again</a>.</p>'; }
58.  }
59. }
60.  
61. ?>