<?phpif (!isset($_SESSION)) { session_start(); }if(isset($_SESSION

1. <?php
2. if (!isset($_SESSION))
3.     {
4.         session_start();
5.     }
6. if(isset($_SESSION['user']))
7.     {
8.         header('Location: users/'.$_SESSION['user'].'/index.php'); // [user]
9.         exit();
10.     }
11. ?>
12. <?php require_once('../Connections/uploader.php'); ?>
13. <?
14. function loginFormErrorsCheck ($loginUsername, $loginPassword) {
15.   if (empty($loginUsername) || empty($loginPassword)) {
16.     return true;
17.   } else {
18.     return false;
19.   }
20. }
21. // Checking if the username is not reserved
22. function checkUsername ($new_username) {
23.     $new_username = strtolower($new_username);
24.     if (($new_username == "administrator") || ($new_username == "admin") || ($new_username == "admin.") || ($new_username == "mod") || ($new_username == "moderator"))
25.     {
26.         return true;
27.     }
28.     else
29.     {
30.         return false;
31.     }
32. }
33. ?>
34. <?php
35. if (isset($_POST['login'])) {
36.        
37.     $loginUsername = $_POST['uname'];  
38.     $loginPassword = $_POST['pword'];
39.    
40.     $blank_fields = loginFormErrorsCheck ($loginUsername, $loginPassword);  
41.        
42.     if (isset($blank_fields)) { }
43.        
44.     if (!$blank_fields) {
45.         $loginPassword = md5($loginPassword);
46.                
47.         mysql_select_db($database_uploader, $uploader);    
48.         $query = "SELECT * FROM members WHERE uname='"
49.         . mysql_real_escape_string($loginUsername) .
50.         "' AND pword='" . mysql_real_escape_string($loginPassword) . "'";  
51.         $result = mysql_query($query) or die(mysql_error());
52.                
53.         // make sure the username and password were found
54.         if (mysql_num_rows($result) > 0) {
55.             $row = mysql_fetch_array($result) or die(mysql_error());
56.            
57.             if ($loginUsername == "admin") { // Admin Login
58.                 mysql_close($result);
59.                 $_SESSION['admin'] = "Admin.";
60.                 header('Location: users/admin/index.php');
61.                 exit;
62.             }
63.            
64.             if ($row['acntStatus'] == 0) {  // If account is OK
65.             }
66.             else // If account is in bad standing
67.                 {
68.                     $login_errors[]="Your account has been temporarily/permanently disabled, or terminated. Please contact us for more details.";
69.                 }
70.            
71.             if ($row['activated'] == 1) {
72.             }
73.             else {$login_errors[] = "Your account is not yet activated.";}
74.            
75.             if ($row['activated'] == 1 && $row['acntStatus'] == 0)
76.             {
77.                 $_SESSION['user'] = $loginUsername;
78.                 mysql_close($result);
79.                 header('Location: users/' . $row['uname'] . '/index.php');
80.                 exit;
81.             }
82.         }
83.         else {$login_errors[] = "Please check your User ID and Password, and try again.";}
84.     } else { $login_errors[] = "<div class='error'><img src='../Images/error_image.png' width='16' height='16' /> <b>Error</b>: Please fill in all fields.</div>"; }
85. }
86. ?>
87.     <?  // REGISTRATION
88.     if (isset($_POST['register'])) {
89.        
90.         $new_password = md5($new_password);
91.                
92.     if (empty($name)) {
93.         $register_errors[] = "Name field required.";
94.     }
95.     if (empty($new_username)) {
96.         $register_errors[] = "Login ID field required.";
97.        
98.         $new_username = $_POST['new_username'];
99.     }
100.    
101.     $new_username = $_POST['new_username'];
102.    
103.     if (!empty($new_username)) { $checkUsername = checkUsername($new_username); } // NECESSARY??
104.        
105.     if ($checkUsername) {
106.         $register_errors[] = "Invalid User ID.";
107.     }
108.    
109.     if (empty($new_password)) {
110.         $register_errors[] = "Password field required.";
111.     }
112.     $pattern = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
113. if (!preg_match($pattern, trim($new_email)) || empty($new_email))
114. {
115.     $register_errors[] = "E-mail address field is not in proper format, or is empty.";
116. }
117.     if (($spamcheck != 7) || empty($spamcheck)) {
118.         $register_errors[] = "Spamcheck field is either empty, or not correctly answered.";
119.     }
120.    
121.     if ((file_exists('users/'.$new_username))  && (!empty($new_username)))
122.     {
123.         echo "<span class='errors'>We are sorry, but the username, $new_username, is already taken.</span>";
124.     }
125.    
126.         if (!file_exists($new_username) && !(empty($new_username)) && (!isset($register_errors)))  // if the user is not registered....
127.     {  
128.         $_SESSION['username'] = $new_username;
129.        
130.         mkdir('users/'.$new_username); // creates the user's profile
131.         mkdir('users/'.$new_username.'/uploads'); // creates the user's upload folder
132.        
133.             /*if (isset($remember)) {
134.     $_COOKIE['username'] = $_POST['new_username'];
135.     $_COOKIE['password'] = $_POST['new_password']; }*/
136.                    
137.                 /* Accessing SQL-Server and querying table */
138. connect to database here...
139.                
140.                 mysql_query(sprintf("INSERT INTO members(name, uname, pword, email, activated) VALUES('%s','%s','%s','%s','%s')",mysql_real_escape_string($name),mysql_real_escape_string($new_username),mysql_real_escape_string($new_password),mysql_real_escape_string($new_email), mysql_real_escape_string($acntactivation)))
141.            
142.                 // ERROR MESSAGE??
143.     or die(mysql_error());  
144.     mysql_close($con);
145.            
146.         $file = 'index.php';
147.         $newfile = 'users/'.$new_username.'/index.php';
148.         if (!copy($file, $newfile)) // Optional
149.         {
150.             echo "<br>Failed to copy $file to the location, $newfile.";
151.         }
152.         else
153.         {
154.             // USE THIS WHEN SERVICE IS READY - echo '<br><a href="users/' . $new_username . '/index.php">Your account has been successfully created.  It may take up to two weeks to activate your account.  We will e-mail you at the e-mail address you specified when you may start using your account.</a>';
155.         }  
156.         if (empty($register_errors)) {
157.             $to  = $new_email;
158.  
159. // subject
160. $subject = 'Uploader Tool E-mail Confirmation';
161.  
162. // message
163. $message = '
164. <html>
165. <head>
166.  <title>Birthday Reminders for August</title>
167. </head>
168. <body>
169.  <p>Here are the birthdays upcoming in August!</p>
170.  <table>
171.    <tr>
172.      <th>Person</th><th>Day</th><th>Month</th><th>Year</th>
173.    </tr>
174.    <tr>
175.      <td>Joe</td><td>3rd</td><td>August</td><td>1970</td>
176.    </tr>
177.    <tr>
178.      <td>Sally</td><td>17th</td><td>August</td><td>1973</td>
179.    </tr>
180.  </table>
181. </body>
182. </html>
183. ';
184.  
185. // To send HTML mail, the Content-type header must be set
186. $headers  = 'MIME-Version: 1.0' . "\r\n";
187. $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
188.  
189. // Additional headers
190. $headers .= 'To: ' . "\r\n";
191. $headers .= 'From: Web Designers <noreply@mysite.com>' . "\r\n";
192.  
193. // Mail it
194. mail($to, $subject, $message, $headers);
195. echo "<br><div class='noError'><img src='../Images/success_check.png' width='16' height='16' /><b>Success</b>! Your account has been successfully created.  It may take up to two weeks to activate your account.  We will e-mail you at the e-mail address you specified when your account is fully activated. Please be on the lookout for an e-mail from us to confirm your account.</div>";
196.     }
197. }
198. }
199.     ?>