Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if (!isset($_SESSION))
- {
- session_start();
- }
- if(isset($_SESSION['user']))
- {
- header('Location: users/'.$_SESSION['user'].'/index.php'); // [user]
- exit();
- }
- ?>
- <?php require_once('../Connections/uploader.php'); ?>
- <?
- function loginFormErrorsCheck ($loginUsername, $loginPassword) {
- if (empty($loginUsername) || empty($loginPassword)) {
- return true;
- } else {
- return false;
- }
- }
- // Checking if the username is not reserved
- function checkUsername ($new_username) {
- $new_username = strtolower($new_username);
- if (($new_username == "administrator") || ($new_username == "admin") || ($new_username == "admin.") || ($new_username == "mod") || ($new_username == "moderator"))
- {
- return true;
- }
- else
- {
- return false;
- }
- }
- ?>
- <?php
- if (isset($_POST['login'])) {
- $loginUsername = $_POST['uname'];
- $loginPassword = $_POST['pword'];
- $blank_fields = loginFormErrorsCheck ($loginUsername, $loginPassword);
- if (isset($blank_fields)) { }
- if (!$blank_fields) {
- $loginPassword = md5($loginPassword);
- mysql_select_db($database_uploader, $uploader);
- $query = "SELECT * FROM members WHERE uname='"
- . mysql_real_escape_string($loginUsername) .
- "' AND pword='" . mysql_real_escape_string($loginPassword) . "'";
- $result = mysql_query($query) or die(mysql_error());
- // make sure the username and password were found
- if (mysql_num_rows($result) > 0) {
- $row = mysql_fetch_array($result) or die(mysql_error());
- if ($loginUsername == "admin") { // Admin Login
- mysql_close($result);
- $_SESSION['admin'] = "Admin.";
- header('Location: users/admin/index.php');
- exit;
- }
- if ($row['acntStatus'] == 0) { // If account is OK
- }
- else // If account is in bad standing
- {
- $login_errors[]="Your account has been temporarily/permanently disabled, or terminated. Please contact us for more details.";
- }
- if ($row['activated'] == 1) {
- }
- else {$login_errors[] = "Your account is not yet activated.";}
- if ($row['activated'] == 1 && $row['acntStatus'] == 0)
- {
- $_SESSION['user'] = $loginUsername;
- mysql_close($result);
- header('Location: users/' . $row['uname'] . '/index.php');
- exit;
- }
- }
- else {$login_errors[] = "Please check your User ID and Password, and try again.";}
- } else { $login_errors[] = "<div class='error'><img src='../Images/error_image.png' width='16' height='16' /> <b>Error</b>: Please fill in all fields.</div>"; }
- }
- ?>
- <? // REGISTRATION
- if (isset($_POST['register'])) {
- $new_password = md5($new_password);
- if (empty($name)) {
- $register_errors[] = "Name field required.";
- }
- if (empty($new_username)) {
- $register_errors[] = "Login ID field required.";
- $new_username = $_POST['new_username'];
- }
- $new_username = $_POST['new_username'];
- if (!empty($new_username)) { $checkUsername = checkUsername($new_username); } // NECESSARY??
- if ($checkUsername) {
- $register_errors[] = "Invalid User ID.";
- }
- if (empty($new_password)) {
- $register_errors[] = "Password field required.";
- }
- $pattern = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
- if (!preg_match($pattern, trim($new_email)) || empty($new_email))
- {
- $register_errors[] = "E-mail address field is not in proper format, or is empty.";
- }
- if (($spamcheck != 7) || empty($spamcheck)) {
- $register_errors[] = "Spamcheck field is either empty, or not correctly answered.";
- }
- if ((file_exists('users/'.$new_username)) && (!empty($new_username)))
- {
- echo "<span class='errors'>We are sorry, but the username, $new_username, is already taken.</span>";
- }
- if (!file_exists($new_username) && !(empty($new_username)) && (!isset($register_errors))) // if the user is not registered....
- {
- $_SESSION['username'] = $new_username;
- mkdir('users/'.$new_username); // creates the user's profile
- mkdir('users/'.$new_username.'/uploads'); // creates the user's upload folder
- /*if (isset($remember)) {
- $_COOKIE['username'] = $_POST['new_username'];
- $_COOKIE['password'] = $_POST['new_password']; }*/
- /* Accessing SQL-Server and querying table */
- connect to database here...
- mysql_query(sprintf("INSERT INTO members(name, uname, pword, email, activated) VALUES('%s','%s','%s','%s','%s')",mysql_real_escape_string($name),mysql_real_escape_string($new_username),mysql_real_escape_string($new_password),mysql_real_escape_string($new_email), mysql_real_escape_string($acntactivation)))
- // ERROR MESSAGE??
- or die(mysql_error());
- mysql_close($con);
- $file = 'index.php';
- $newfile = 'users/'.$new_username.'/index.php';
- if (!copy($file, $newfile)) // Optional
- {
- echo "<br>Failed to copy $file to the location, $newfile.";
- }
- else
- {
- // USE THIS WHEN SERVICE IS READY - echo '<br><a href="users/' . $new_username . '/index.php">Your account has been successfully created. It may take up to two weeks to activate your account. We will e-mail you at the e-mail address you specified when you may start using your account.</a>';
- }
- if (empty($register_errors)) {
- $to = $new_email;
- // subject
- $subject = 'Uploader Tool E-mail Confirmation';
- // message
- $message = '
- <html>
- <head>
- <title>Birthday Reminders for August</title>
- </head>
- <body>
- <p>Here are the birthdays upcoming in August!</p>
- <table>
- <tr>
- <th>Person</th><th>Day</th><th>Month</th><th>Year</th>
- </tr>
- <tr>
- <td>Joe</td><td>3rd</td><td>August</td><td>1970</td>
- </tr>
- <tr>
- <td>Sally</td><td>17th</td><td>August</td><td>1973</td>
- </tr>
- </table>
- </body>
- </html>
- ';
- // To send HTML mail, the Content-type header must be set
- $headers = 'MIME-Version: 1.0' . "\r\n";
- $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
- // Additional headers
- $headers .= 'To: ' . "\r\n";
- $headers .= 'From: Web Designers <noreply@mysite.com>' . "\r\n";
- // Mail it
- mail($to, $subject, $message, $headers);
- echo "<br><div class='noError'><img src='../Images/success_check.png' width='16' height='16' /><b>Success</b>! Your account has been successfully created. It may take up to two weeks to activate your account. We will e-mail you at the e-mail address you specified when your account is fully activated. Please be on the lookout for an e-mail from us to confirm your account.</div>";
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement