API tools faq
paste
Guest User

Untitled

a guest
Nov 19th, 2017
177
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 25.16 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. =====================================================
  4.  DataLife Engine - by SoftNews Media Group
  5. -----------------------------------------------------
  6.  http://dle-news.ru/
  7. -----------------------------------------------------
  8.  Copyright (c) 2004,2015 SoftNews Media Group
  9. =====================================================
  10.  Данный код защищен авторскими правами
  11. =====================================================
  12.  Файл: register.php
  13. -----------------------------------------------------
  14.  Назначение: регистрация посетителя
  15. =====================================================
  16. */
  17.  
  18. if( ! defined( 'DATALIFEENGINE' ) ) {
  19.     die( "Hacking attempt!" );
  20. }
  21.  
  22. require_once ENGINE_DIR . '/classes/parse.class.php';
  23.  
  24. $parse = new ParseFilter( );
  25. $parse->safe_mode = true;
  26. $parse->allow_url = false;
  27. $parse->allow_image = false;
  28. $stopregistration = FALSE;
  29. $_IP = get_ip();
  30.  
  31. if( isset( $_REQUEST['doaction'] ) ) $doaction = $_REQUEST['doaction']; else $doaction = "";
  32. $config['reg_group'] = intval( $config['reg_group'] ) ? intval( $config['reg_group'] ) : 4;
  33.  
  34. function check_reg($name, $email, $password1, $password2, $sec_code = 1, $sec_code_session = 1) {
  35.     global $lang, $db, $banned_info, $relates_word, $config;
  36.     $stop = "";
  37.  
  38.     if( $sec_code != $sec_code_session OR !$sec_code_session ) $stop .= $lang['reg_err_19'];
  39.     if( $password1 != $password2 ) $stop .= $lang['reg_err_1'];
  40.     if( strlen( $password1 ) < 6 ) $stop .= $lang['reg_err_2'];
  41.     if( dle_strlen( $name, $config['charset'] ) > 30 OR dle_strlen(trim($name), $config['charset']) < 3) $stop .= $lang['reg_err_3'];
  42.     if( preg_match( "/[\||\'|\<|\>|\[|\]|\"|\!|\?|\$|\@|\#|\/|\\\|\&\~\*\{\+]/", $name ) ) $stop .= $lang['reg_err_4'];
  43.     if( empty( $email ) OR strlen( $email ) > 50 OR @count(explode("@", $email)) != 2) $stop .= $lang['reg_err_6'];
  44.     if (strpos( strtolower ($name) , '.php' ) !== false) $stop .= $lang['reg_err_4'];
  45.  
  46.     if( stripos(urlencode ($name), "%AD") !== false ) {
  47.  
  48.         $stop .= $lang['reg_err_4'];
  49.  
  50.     }
  51.  
  52.     if( count( $banned_info['name'] ) ) foreach ( $banned_info['name'] as $banned ) {
  53.  
  54.         $banned['name'] = str_replace( '\*', '.*', preg_quote( $banned['name'], "#" ) );
  55.  
  56.         if( $banned['name'] and preg_match( "#^{$banned['name']}$#i", $name ) ) {
  57.  
  58.             if( $banned['descr'] ) {
  59.                 $lang['reg_err_21'] = str_replace( "{descr}", $lang['reg_err_22'], $lang['reg_err_21'] );
  60.                 $lang['reg_err_21'] = str_replace( "{descr}", $banned['descr'], $lang['reg_err_21'] );
  61.             } else
  62.                 $lang['reg_err_21'] = str_replace( "{descr}", "", $lang['reg_err_21'] );
  63.  
  64.             $stop .= $lang['reg_err_21'];
  65.         }
  66.     }
  67.  
  68.     if( count( $banned_info['email'] ) ) foreach ( $banned_info['email'] as $banned ) {
  69.  
  70.         $banned['email'] = str_replace( '\*', '.*', preg_quote( $banned['email'], "#" ) );
  71.  
  72.         if( $banned['email'] and preg_match( "#^{$banned['email']}$#i", $email ) ) {
  73.  
  74.             if( $banned['descr'] ) {
  75.                 $lang['reg_err_23'] = str_replace( "{descr}", $lang['reg_err_22'], $lang['reg_err_23'] );
  76.                 $lang['reg_err_23'] = str_replace( "{descr}", $banned['descr'], $lang['reg_err_23'] );
  77.             } else
  78.                 $lang['reg_err_23'] = str_replace( "{descr}", "", $lang['reg_err_23'] );
  79.  
  80.             $stop .= $lang['reg_err_23'];
  81.         }
  82.     }
  83.  
  84.     if( $stop == "" ) {
  85.         if( function_exists('mb_strtolower') ) {
  86.             $name = trim(mb_strtolower($name, $config['charset']));
  87.         } else {
  88.             $name = trim(strtolower( $name ));
  89.         }
  90.         $search_name = strtr( $name, $relates_word );
  91.  
  92.         $row = $db->super_query( "SELECT COUNT(*) as count FROM " . USERPREFIX . "_users WHERE email = '$email' OR LOWER(name) REGEXP '[[:<:]]{$search_name}[[:>:]]' OR name = '$name'" );
  93.  
  94.         if( $row['count'] ) $stop .= $lang['reg_err_8'];
  95.     }
  96.  
  97.     return $stop;
  98.  
  99. }
  100.  
  101. if( !$config['allow_registration'] ) {
  102.  
  103.     msgbox( $lang['all_info'], $lang['reg_err_9'] );
  104.     $stopregistration = TRUE;
  105.  
  106. }
  107.  
  108. if( $config['auth_only_social'] AND !$stopregistration) {
  109.  
  110.     msgbox( $lang['all_info'], $lang['reg_err_41'] );
  111.     $stopregistration = TRUE;
  112.  
  113. }
  114.  
  115. if ( $config['sec_addnews'] AND !$stopregistration ) {
  116.  
  117.     $row = $db->super_query( "SELECT * FROM " . PREFIX . "_spam_log WHERE ip = '{$_IP}'" );
  118.  
  119.     if ( !$row['id'] ) {
  120.  
  121.         include_once ENGINE_DIR . '/classes/stopspam.class.php';
  122.         $sfs = new StopSpam($config['spam_api_key'], $config['sec_addnews']);
  123.         $args = array('ip' => $_IP);
  124.  
  125.         if ($sfs->is_spammer( $args )) {
  126.  
  127.             $db->query( "INSERT INTO " . PREFIX . "_spam_log (ip, is_spammer, date) VALUES ('{$_IP}','1', '{$_TIME}')" );
  128.  
  129.             msgbox( $lang['all_info'], $lang['reg_err_28'] );
  130.             $stopregistration = TRUE;
  131.  
  132.         } else {
  133.  
  134.             $db->query( "INSERT INTO " . PREFIX . "_spam_log (ip, is_spammer, date) VALUES ('{$_IP}','0', '{$_TIME}')" );
  135.         }
  136.  
  137.     } else {
  138.  
  139.         if ($row['is_spammer']) {
  140.  
  141.             msgbox( $lang['all_info'], $lang['reg_err_28'] );
  142.             $stopregistration = TRUE;
  143.  
  144.         }
  145.  
  146.     }
  147.  
  148. }
  149.  
  150. if( $config['max_users'] > 0 AND !$stopregistration) {
  151.  
  152.     $row = $db->super_query( "SELECT COUNT(*) as count FROM " . USERPREFIX . "_users" );
  153.  
  154.     if ( $row['count'] >= $config['max_users'] ) {
  155.         msgbox( $lang['all_info'], $lang['reg_err_10'] );
  156.         $stopregistration = TRUE;
  157.     }
  158.  
  159. }
  160.  
  161. if( !$config['reg_multi_ip'] AND !$is_logged AND !$stopregistration) {
  162.  
  163.     $row = $db->super_query( "SELECT COUNT(*) as count FROM " . USERPREFIX . "_users WHERE logged_ip = '{$_IP}'" );
  164.  
  165.     if ( $row['count'] ) {
  166.         msgbox( $lang['all_info'], $lang['reg_err_26'] );
  167.         $stopregistration = TRUE;
  168.     }
  169.  
  170. }
  171.  
  172. if ( $is_logged AND !isset( $_POST['submit_val'] ) AND !$stopregistration ) {
  173.  
  174.     msgbox( $lang['all_info'], $lang['reg_err_27'] );
  175.     $stopregistration = TRUE;
  176. }
  177.  
  178. if( isset( $_POST['submit_reg'] ) AND !$stopregistration ) {
  179.  
  180.     if( $config['allow_sec_code'] ) {
  181.  
  182.         if ($config['allow_recaptcha']) {
  183.  
  184.             include_once ENGINE_DIR . '/classes/recaptcha.php';
  185.             $sec_code = 1;
  186.             $sec_code_session = false;
  187.  
  188.             if ( $_POST['g-recaptcha-response'] ) {
  189.  
  190.                 $reCaptcha = new ReCaptcha($config['recaptcha_private_key']);
  191.        
  192.                 $resp = $reCaptcha->verifyResponse(get_ip(), $_POST['g-recaptcha-response'] );
  193.  
  194.                 if ( $resp != null && $resp->success ) {
  195.                     $sec_code = 1;
  196.                     $sec_code_session = 1;
  197.  
  198.                 }
  199.             }
  200.  
  201.         } else {
  202.             $sec_code = $_POST['sec_code'];
  203.             $sec_code_session = ($_SESSION['sec_code_session'] != '') ? $_SESSION['sec_code_session'] : false;
  204.         }
  205.  
  206.     } else {
  207.         $sec_code = 1;
  208.         $sec_code_session = 1;
  209.     }
  210.  
  211.     $password1 = $_POST['password1'];
  212.     $password2 = $_POST['password2'];
  213.     $name = $db->safesql( $parse->process( htmlspecialchars( trim( $_POST['name'] ), ENT_COMPAT, $config['charset'] ) ) );
  214.     $name = preg_replace('#\s+#i', ' ', $name);
  215.  
  216.     $not_allow_symbol = array ("\x22", "\x60", "\t", '\n', '\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "$", "<", ">", "?", "!", '"', "'", " ", "&" );
  217.     $email = $db->safesql(trim( str_replace( $not_allow_symbol, '', strip_tags( stripslashes( $_POST['email'] ) ) ) ) );
  218.  
  219.     $reg_error = check_reg( $name, $email, $password1, $password2, $sec_code, $sec_code_session );
  220.  
  221.     if( $config['reg_question'] ) {
  222.  
  223.         if ( intval($_SESSION['question']) ) {
  224.  
  225.             $answer = $db->super_query("SELECT id, answer FROM " . PREFIX . "_question WHERE id='".intval($_SESSION['question'])."'");
  226.  
  227.             $answers = explode( "\n", $answer['answer'] );
  228.  
  229.             $pass_answer = false;
  230.  
  231.             if( function_exists('mb_strtolower') ) {
  232.                 $question_answer = trim(mb_strtolower($_POST['question_answer'], $config['charset']));
  233.             } else {
  234.                 $question_answer = trim(strtolower($_POST['question_answer']));
  235.             }
  236.  
  237.             if( count($answers) AND $question_answer ) {
  238.                 foreach( $answers as $answer ){
  239.  
  240.                     if( function_exists('mb_strtolower') ) {
  241.                         $answer = trim(mb_strtolower($answer, $config['charset']));
  242.                     } else {
  243.                         $answer = trim(strtolower($answer));
  244.                     }
  245.  
  246.                     if( $answer AND $answer == $question_answer ) {
  247.                         $pass_answer    = true;
  248.                         break;
  249.                     }
  250.                 }
  251.             }
  252.  
  253.             if( !$pass_answer ) $reg_error .= $lang['reg_err_25'];
  254.  
  255.         } else $reg_error .= $lang['reg_err_25'];
  256.  
  257.     }
  258.  
  259.     if ( $config['sec_addnews'] ) {
  260.         include_once ENGINE_DIR . '/classes/stopspam.class.php';
  261.         $sfs = new StopSpam($config['spam_api_key'], $config['sec_addnews']);
  262.         $args = array('email' => $email);
  263.  
  264.         if ($sfs->is_spammer( $args )) {
  265.  
  266.             $db->query( "UPDATE " . PREFIX . "_spam_log SET is_spammer='1', email='{$email}' WHERE ip = '{$_IP}'" );
  267.             $stopregistration = TRUE;
  268.             $reg_error .= $lang['reg_err_35'];
  269.  
  270.         } else {
  271.  
  272.             $db->query( "UPDATE " . PREFIX . "_spam_log SET email='{$email}' WHERE ip = '{$_IP}'" );
  273.  
  274.         }
  275.  
  276.     }
  277.    
  278.     $_SESSION['sec_code_session'] = false;
  279.     $_SESSION['question'] = false;
  280.            
  281.     if( !$reg_error AND !$stopregistration ) {
  282.  
  283.         $stronghash = sha1(DBHOST . DBNAME . SECURE_AUTH_KEY);
  284.  
  285.         if( $config['registration_type'] ) {
  286.  
  287.             include_once ENGINE_DIR . '/classes/mail.class.php';
  288.  
  289.             $row = $db->super_query( "SELECT * FROM " . PREFIX . "_email where name='reg_mail' LIMIT 0,1" );
  290.             $mail = new dle_mail( $config, $row['use_html'] );
  291.            
  292.             $row['template'] = stripslashes( $row['template'] );
  293.  
  294.             $idlink = rawurlencode( base64_encode( $name . "||" . $email . "||" . md5( $password1 ) . "||" . sha1( $name . $email . $stronghash . $config['key'] ) ) );
  295.  
  296.             $row['template'] = str_replace( "{%username%}", $name, $row['template'] );
  297.             $row['template'] = str_replace( "{%email%}", $email, $row['template'] );
  298.             $row['template'] = str_replace( "{%validationlink%}", $config['http_home_url'] . "index.php?do=register&doaction=validating&id=" . $idlink, $row['template'] );
  299.             $row['template'] = str_replace( "{%password%}", $password1, $row['template'] );
  300.  
  301.             $mail->send( $email, $lang['reg_subj'], $row['template'] );
  302.  
  303.             if( $mail->send_error ) msgbox( $lang['all_info'], $mail->smtp_msg );
  304.             else msgbox( $lang['reg_vhead'], $lang['reg_vtext'] );
  305.  
  306.             $stopregistration = TRUE;
  307.  
  308.         } else {
  309.  
  310.             $doaction = "validating";
  311.             $_REQUEST['id'] = rawurlencode( base64_encode( $name . "||" . $email . "||" . md5( $password1 ) . "||" . sha1( $name . $email . $stronghash . $config['key'] ) ) );
  312.         }
  313.  
  314.     } else {
  315.         msgbox( $lang['reg_err_11'], "<ul>" . $reg_error . "</ul>" );
  316.     }
  317.  
  318. }
  319.  
  320. if( $doaction != "validating" AND !$stopregistration ) {
  321.  
  322.     if( $_POST['dle_rules_accept'] == "yes" ) {
  323.  
  324.         $_SESSION['dle_rules_accept'] = "1";
  325.  
  326.     }
  327.  
  328.     if( $config['registration_rules'] and ! $_SESSION['dle_rules_accept'] ) {
  329.  
  330.         $_GET['page'] = "dle-rules-page";
  331.         include ENGINE_DIR . '/modules/static.php';
  332.  
  333.     } else {
  334.  
  335.         $tpl->load_template( 'registration.tpl' );
  336.  
  337.         $tpl->set( '[registration]', "" );
  338.         $tpl->set( '[/registration]', "" );
  339.         $tpl->set_block( "'\\[validation\\](.*?)\\[/validation\\]'si", "" );
  340.  
  341.         if( $vk_url ) {
  342.             $tpl->set( '[vk]', "" );
  343.             $tpl->set( '[/vk]', "" );
  344.             $tpl->set( '{vk_url}', $vk_url );  
  345.         } else {
  346.             $tpl->set_block( "'\\[vk\\](.*?)\\[/vk\\]'si", "" );
  347.             $tpl->set( '{vk_url}', '' );   
  348.         }
  349.         if( $odnoklassniki_url ) {
  350.             $tpl->set( '[odnoklassniki]', "" );
  351.             $tpl->set( '[/odnoklassniki]', "" );
  352.             $tpl->set( '{odnoklassniki_url}', $odnoklassniki_url );
  353.         } else {
  354.             $tpl->set_block( "'\\[odnoklassniki\\](.*?)\\[/odnoklassniki\\]'si", "" );
  355.             $tpl->set( '{odnoklassniki_url}', '' );
  356.         }
  357.         if( $facebook_url ) {
  358.             $tpl->set( '[facebook]', "" );
  359.             $tpl->set( '[/facebook]', "" );
  360.             $tpl->set( '{facebook_url}', $facebook_url );  
  361.         } else {
  362.             $tpl->set_block( "'\\[facebook\\](.*?)\\[/facebook\\]'si", "" );
  363.             $tpl->set( '{facebook_url}', '' ); 
  364.         }
  365.         if( $google_url ) {
  366.             $tpl->set( '[google]', "" );
  367.             $tpl->set( '[/google]', "" );
  368.             $tpl->set( '{google_url}', $google_url );
  369.         } else {
  370.             $tpl->set_block( "'\\[google\\](.*?)\\[/google\\]'si", "" );
  371.             $tpl->set( '{google_url}', '' );   
  372.         }
  373.         if( $mailru_url ) {
  374.             $tpl->set( '[mailru]', "" );
  375.             $tpl->set( '[/mailru]', "" );
  376.             $tpl->set( '{mailru_url}', $mailru_url );  
  377.         } else {
  378.             $tpl->set_block( "'\\[mailru\\](.*?)\\[/mailru\\]'si", "" );
  379.             $tpl->set( '{mailru_url}', '' );   
  380.         }
  381.         if( $yandex_url ) {
  382.             $tpl->set( '[yandex]', "" );
  383.             $tpl->set( '[/yandex]', "" );
  384.             $tpl->set( '{yandex_url}', $yandex_url );
  385.         } else {
  386.             $tpl->set_block( "'\\[yandex\\](.*?)\\[/yandex\\]'si", "" );
  387.             $tpl->set( '{yandex_url}', '' );
  388.         }
  389.  
  390.         $path = parse_url( $config['http_home_url'] );
  391.  
  392.         if( $config['reg_question'] ) {
  393.  
  394.             $tpl->set( '[question]', "" );
  395.             $tpl->set( '[/question]', "" );
  396.  
  397.             $question = $db->super_query("SELECT id, question FROM " . PREFIX . "_question ORDER BY RAND() LIMIT 1");
  398.             $tpl->set( '{question}', htmlspecialchars( stripslashes( $question['question'] ), ENT_QUOTES, $config['charset'] ) );
  399.  
  400.             $_SESSION['question'] = $question['id'];
  401.  
  402.         } else {
  403.  
  404.             $tpl->set_block( "'\\[question\\](.*?)\\[/question\\]'si", "" );
  405.             $tpl->set( '{question}', "" );
  406.  
  407.         }
  408.  
  409.         if( $config['allow_sec_code'] ) {
  410.  
  411.             if ( $config['allow_recaptcha'] ) {
  412.  
  413.                 $tpl->set( '[recaptcha]', "" );
  414.                 $tpl->set( '[/recaptcha]', "" );
  415.  
  416.                 $tpl->set( '{recaptcha}', "<div class=\"g-recaptcha\" data-sitekey=\"{$config['recaptcha_public_key']}\" data-theme=\"{$config['recaptcha_theme']}\"></div><script src='https://www.google.com/recaptcha/api.js?hl={$lang['wysiwyg_language']}' async defer></script>" );
  417.  
  418.                 $tpl->set_block( "'\\[sec_code\\](.*?)\\[/sec_code\\]'si", "" );
  419.                 $tpl->set( '{reg_code}', "" );
  420.  
  421.             } else {
  422.  
  423.                 $tpl->set( '[sec_code]', "" );
  424.                 $tpl->set( '[/sec_code]', "" );
  425.                 $tpl->set( '{reg_code}', "<a onclick=\"reload(); return false;\" href=\"#\" title=\"{$lang['reload_code']}\"><span id=\"dle-captcha\"><img src=\"" . $path['path'] . "engine/modules/antibot/antibot.php\" alt=\"{$lang['reload_code']}\" width=\"160\" height=\"80\" /></span></a>" );
  426.                 $tpl->set_block( "'\\[recaptcha\\](.*?)\\[/recaptcha\\]'si", "" );
  427.                 $tpl->set( '{recaptcha}', "" );
  428.             }
  429.  
  430.         } else {
  431.  
  432.             $tpl->set( '{reg_code}', "" );
  433.             $tpl->set( '{recaptcha}', "" );
  434.             $tpl->set_block( "'\\[sec_code\\](.*?)\\[/sec_code\\]'si", "" );
  435.             $tpl->set_block( "'\\[recaptcha\\](.*?)\\[/recaptcha\\]'si", "" );
  436.         }
  437.  
  438.         $tpl->copy_template = "<form  method=\"post\" name=\"registration\" onsubmit=\"if (!check_reg_daten()) {return false;};\" id=\"registration\" action=\"\">\n" . $tpl->copy_template . "
  439. <input name=\"submit_reg\" type=\"hidden\" id=\"submit_reg\" value=\"submit_reg\" />
  440. <input name=\"do\" type=\"hidden\" id=\"do\" value=\"register\" />
  441. </form>";
  442.  
  443.         $tpl->copy_template .= <<<HTML
  444. <script language='javascript' type="text/javascript">
  445. <!--
  446. function reload () {
  447.  
  448.     var rndval = new Date().getTime();
  449.  
  450.     document.getElementById('dle-captcha').innerHTML = '<img src="{$path['path']}engine/modules/antibot/antibot.php?rndval=' + rndval + '" width="160" height="80" alt="" />';
  451.  
  452. };
  453. function check_reg_daten () {
  454.  
  455.     if(document.forms.registration.name.value == '') {
  456.  
  457.         DLEalert('{$lang['reg_err_30']}', dle_info);return false;
  458.  
  459.     }
  460.  
  461.     if(document.forms.registration.password1.value.length < 6) {
  462.  
  463.         DLEalert('{$lang['reg_err_31']}', dle_info);return false;
  464.  
  465.     }
  466.  
  467.     if(document.forms.registration.password1.value != document.forms.registration.password2.value) {
  468.  
  469.         DLEalert('{$lang['reg_err_32']}', dle_info);return false;
  470.  
  471.     }
  472.  
  473.     if(document.forms.registration.email.value == '') {
  474.  
  475.         DLEalert('{$lang['reg_err_33']}', dle_info);return false;
  476.  
  477.     }
  478.  
  479. return true;
  480.  
  481. };
  482. //-->
  483. </script>
  484. HTML;
  485.         $tpl->compile( 'content' );
  486.         $tpl->clear();
  487.  
  488.     }
  489.  
  490. }
  491.  
  492. if( isset( $_POST['submit_val'] ) AND !$stopregistration ) {
  493.  
  494.     $fullname = $db->safesql( $parse->process( $_POST['fullname'] ) );
  495.     $land = $db->safesql( $parse->process( $_POST['land'] ) );
  496.  
  497.     $info = $db->safesql( $parse->BB_Parse( $parse->process( $_POST['info'] ), false ) );
  498.  
  499.     $image = $_FILES['image']['tmp_name'];
  500.     $image_name = $_FILES['image']['name'];
  501.     $image_size = $_FILES['image']['size'];
  502.     $image_name = str_replace( " ", "_", $image_name );
  503.     $img_name_arr = explode( ".", $image_name );
  504.     $type = totranslit( end( $img_name_arr ) );
  505.  
  506.     if( stripos ( $image_name, "php" ) !== false ) die("Hacking attempt!");
  507.  
  508.     $user_arr = explode( "||", base64_decode( @rawurldecode( $_POST['id'] ) ) );
  509.  
  510.     if( $user_arr[0] == "" OR  $user_arr[2]== "" ) die("Hacking attempt!");
  511.  
  512.     $user = $db->safesql( trim( $user_arr[0] ) );
  513.     $email = $db->safesql( trim( $user_arr[1] ) );
  514.     $pass = md5( $user_arr[2] );
  515.     $stronghash = sha1(DBHOST . DBNAME . SECURE_AUTH_KEY);
  516.  
  517.     if( sha1( $user . $email . $stronghash . $config['key'] ) != $user_arr[3] ) die( 'ID not valid!' );
  518.  
  519.     if( preg_match( "/[\||\'|\<|\>|\[|\]|\"|\!|\?|\$|\@|\/|\\\|\&\~\*\{\+]/", $user ) ) die( 'USER not valid!' );
  520.  
  521.     $row = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE name = '$user' AND password='$pass'" );
  522.  
  523.     if( !$row['user_id'] ) die("Access Denied!");
  524.  
  525.     $db->free();
  526.  
  527.     if( is_uploaded_file( $image ) and ! $stop ) {
  528.  
  529.         if( intval( $user_group[$config['reg_group']]['max_foto'] ) > 0 ) {
  530.  
  531.             if( !$config['avatar_size'] OR $image_size < ($config['avatar_size'] * 1024) ) {
  532.  
  533.                 $allowed_extensions = array ("jpg", "png", "gif" );
  534.  
  535.                 if( in_array( $type, $allowed_extensions ) AND $image_name ) {
  536.  
  537.                     include_once ENGINE_DIR . '/classes/thumb.class.php';
  538.  
  539.                     $res = @move_uploaded_file( $image, ROOT_DIR . "/uploads/fotos/" . $row['user_id'] . "." . $type );
  540.  
  541.                     if( $res ) {
  542.  
  543.                         @chmod( ROOT_DIR . "/uploads/fotos/" . $row['user_id'] . "." . $type, 0666 );
  544.                         $thumb = new thumbnail( ROOT_DIR . "/uploads/fotos/" . $row['user_id'] . "." . $type );
  545.  
  546.                         $thumb->size_auto( $user_group[$config['reg_group']]['max_foto'] );
  547.                         $thumb->jpeg_quality( $config['jpeg_quality'] );
  548.                         $thumb->save( ROOT_DIR . "/uploads/fotos/foto_" . $row['user_id'] . "." . $type );
  549.  
  550.  
  551.                         @unlink( ROOT_DIR . "/uploads/fotos/" . $row['user_id'] . "." . $type );
  552.                         $foto_name = $db->safesql( $config['http_home_url'] . "uploads/fotos/" ."foto_" . $row['user_id'] . "." . $type );
  553.  
  554.                         $db->query( "UPDATE " . USERPREFIX . "_users SET foto='$foto_name' WHERE user_id='{$row['user_id']}'" );
  555.  
  556.                     } else
  557.                         $stop = $lang['reg_err_12'];
  558.                 } else
  559.                     $stop = $lang['reg_err_13'];
  560.             } else
  561.                 $stop = str_replace("{size}", $config['avatar_size'], $lang['news_err_16']);
  562.         } else
  563.             $stop .= $lang['news_err_32'];
  564.  
  565.     }
  566.  
  567.     if( intval( $user_group[$member_id['user_group']]['max_info'] ) > 0 and dle_strlen( $info, $config['charset'] ) > $user_group[$member_id['user_group']]['max_info'] ) $stop .= $lang['reg_err_14'];
  568.     if( dle_strlen( $fullname, $config['charset'] ) > 100 ) $stop .= $lang['reg_err_15'];
  569.     if( dle_strlen( $land, $config['charset'] ) > 100 ) $stop .= $lang['reg_err_16'];
  570.  
  571.     if( $parse->not_allowed_tags ) $stop .= $lang['news_err_34'];
  572.     if( $parse->not_allowed_text ) $stop .= $lang['news_err_38'];
  573.  
  574.     if ( preg_match( "/[\||\'|\<|\>|\"|\!|\]|\?|\$|\@|\/|\\\|\&\~\*\+]/", $fullname ) ) {
  575.  
  576.         $stop .= $lang['news_err_35'];
  577.     }
  578.  
  579.     if ( preg_match( "/[\||\'|\<|\>|\"|\!|\]|\?|\$|\@|\/|\\\|\&\~\*\+]/", $land ) ) {
  580.  
  581.         $stop .= $lang['news_err_36'];
  582.     }
  583.  
  584.     if( $stop ) {
  585.         msgbox( $lang['reg_err_18'], $stop );
  586.     } else {
  587.  
  588.         $xfieldsaction = "init";
  589.         $xfieldsadd = true;
  590.         $xfieldsid = "";
  591.         include (ENGINE_DIR . '/inc/userfields.php');
  592.         $filecontents = array ();
  593.         $not_allow_symbol = array ("\x22", "\x60", "\t", '\n', '\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "$", "<", ">", "?", "!", '"', "'", " ", "&" );
  594.  
  595.         if( ! empty( $postedxfields ) ) {
  596.             foreach ( $postedxfields as $xfielddataname => $xfielddatavalue ) {
  597.                 if( ! $xfielddatavalue ) {
  598.                     continue;
  599.                 }
  600.  
  601.                 $xfielddatavalue = $db->safesql( $parse->BB_Parse( $parse->process( $xfielddatavalue ), false ) );
  602.  
  603.                 $xfielddataname = $db->safesql( str_replace( $not_allow_symbol, '', $xfielddataname) );
  604.  
  605.                 $xfielddataname = str_replace( "|", "&#124;", $xfielddataname );
  606.                 $xfielddatavalue = str_replace( "|", "&#124;", $xfielddatavalue );
  607.                 $filecontents[] = "$xfielddataname|$xfielddatavalue";
  608.             }
  609.  
  610.             $filecontents = implode( "||", $filecontents );
  611.         } else
  612.             $filecontents = '';
  613.  
  614.         $db->query( "UPDATE " . USERPREFIX . "_users SET fullname='$fullname', info='$info', land='$land', xfields='$filecontents' WHERE user_id='{$row['user_id']}'" );
  615.                 $ipb->UpdateRegister($user, $land, $icq, $info);
  616.                
  617.         msgbox( $lang['reg_ok'], $lang['reg_ok_1'] );
  618.  
  619.         $stopregistration = TRUE;
  620.     }
  621. }
  622.  
  623. if( $doaction == "validating" AND !$stopregistration AND !$_POST['submit_val'] ) {
  624.  
  625.     $user_arr = explode( "||", base64_decode( @rawurldecode( trim($_REQUEST['id']) ) ) );
  626.  
  627.     $regpassword = md5( $user_arr[2] );
  628.     $name = trim( $db->safesql( htmlspecialchars( $parse->process( $user_arr[0] ), ENT_COMPAT, $config['charset'] ) ) );
  629.  
  630.     $not_allow_symbol = array ("\x22", "\x60", "\t", '\n', '\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "$", "<", ">", "?", "!", '"', "'", " ", "&" );
  631.     $email = $db->safesql(trim( str_replace( $not_allow_symbol, '', strip_tags( stripslashes( $user_arr[1] ) ) ) ) );
  632.     $stronghash = sha1(DBHOST . DBNAME . SECURE_AUTH_KEY);
  633.  
  634.     if( sha1( $name . $email . $stronghash . $config['key'] ) != $user_arr[3] ) die( 'ID not valid!' );
  635.  
  636.     $name = preg_replace('#\s+#i', ' ', $name);
  637.     $reg_error = check_reg( $name, $email, $regpassword, $regpassword );
  638.  
  639.     if( $reg_error != "" ) {
  640.         msgbox( $lang['reg_err_11'], $reg_error );
  641.         $stopregistration = TRUE;
  642.     } else {
  643.  
  644.         if( ($_REQUEST['step'] != 2) and $config['registration_type'] ) {
  645.             $stopregistration = TRUE;
  646.             $lang['confirm_ok'] = str_replace( '{email}', $email, $lang['confirm_ok'] );
  647.             $lang['confirm_ok'] = str_replace( '{login}', $name, $lang['confirm_ok'] );
  648.             msgbox( $lang['all_info'], $lang['confirm_ok'] . "<br /><br /><a href=\"" . $config['http_home_url'] . "index.php?do=register&doaction=validating&step=2&id=" . rawurlencode( $_REQUEST['id'] ) . "\">" . $lang['reg_next'] . "</a>" );
  649.         } else {
  650.  
  651.             $add_time = time();
  652.             $_IP = get_ip();
  653.             if( intval( $config['reg_group'] ) < 3 ) $config['reg_group'] = 4;
  654.  
  655.             $db->query( "INSERT INTO " . USERPREFIX . "_users (name, password, email, reg_date, lastdate, user_group, info, signature, favorites, xfields, logged_ip) VALUES ('$name', '$regpassword', '$email', '$add_time', '$add_time', '" . $config['reg_group'] . "', '', '', '', '', '" . $_IP . "')" );
  656.             $ipb->CreateMember($name, $user_arr[2], $email, $add_time);
  657.                         $id = $db->insert_id();
  658.  
  659.             set_cookie( "dle_user_id", $id, 365 );
  660.             set_cookie( "dle_password", $user_arr[2], 365 );
  661.  
  662.             $_SESSION['dle_user_id'] = $id;
  663.             $_SESSION['dle_password'] = $user_arr[2];
  664.  
  665.         }
  666.  
  667.     }
  668.  
  669. }
  670.  
  671. if( $doaction == "validating" AND !$stopregistration ) {
  672.  
  673.     $tpl->load_template( 'registration.tpl' );
  674.  
  675.     $tpl->set( '[validation]', "" );
  676.     $tpl->set( '[/validation]', "" );
  677.     $tpl->set_block( "'\\[registration\\].*?\\[/registration\\]'si", "" );
  678.  
  679.     if( $vk_url ) {
  680.         $tpl->set( '[vk]', "" );
  681.         $tpl->set( '[/vk]', "" );
  682.         $tpl->set( '{vk_url}', $vk_url );  
  683.     } else {
  684.         $tpl->set_block( "'\\[vk\\](.*?)\\[/vk\\]'si", "" );
  685.         $tpl->set( '{vk_url}', '' );   
  686.     }
  687.     if( $odnoklassniki_url ) {
  688.         $tpl->set( '[odnoklassniki]', "" );
  689.         $tpl->set( '[/odnoklassniki]', "" );
  690.         $tpl->set( '{odnoklassniki_url}', $odnoklassniki_url );
  691.     } else {
  692.         $tpl->set_block( "'\\[odnoklassniki\\](.*?)\\[/odnoklassniki\\]'si", "" );
  693.         $tpl->set( '{odnoklassniki_url}', '' );
  694.     }
  695.     if( $facebook_url ) {
  696.         $tpl->set( '[facebook]', "" );
  697.         $tpl->set( '[/facebook]', "" );
  698.         $tpl->set( '{facebook_url}', $facebook_url );  
  699.     } else {
  700.         $tpl->set_block( "'\\[facebook\\](.*?)\\[/facebook\\]'si", "" );
  701.         $tpl->set( '{facebook_url}', '' ); 
  702.     }
  703.     if( $google_url ) {
  704.         $tpl->set( '[google]', "" );
  705.         $tpl->set( '[/google]', "" );
  706.         $tpl->set( '{google_url}', $google_url );
  707.     } else {
  708.         $tpl->set_block( "'\\[google\\](.*?)\\[/google\\]'si", "" );
  709.         $tpl->set( '{google_url}', '' );   
  710.     }
  711.     if( $mailru_url ) {
  712.         $tpl->set( '[mailru]', "" );
  713.         $tpl->set( '[/mailru]', "" );
  714.         $tpl->set( '{mailru_url}', $mailru_url );  
  715.     } else {
  716.         $tpl->set_block( "'\\[mailru\\](.*?)\\[/mailru\\]'si", "" );
  717.         $tpl->set( '{mailru_url}', '' );   
  718.     }
  719.     if( $yandex_url ) {
  720.         $tpl->set( '[yandex]', "" );
  721.         $tpl->set( '[/yandex]', "" );
  722.         $tpl->set( '{yandex_url}', $yandex_url );
  723.     } else {
  724.         $tpl->set_block( "'\\[yandex\\](.*?)\\[/yandex\\]'si", "" );
  725.         $tpl->set( '{yandex_url}', '' );
  726.     }
  727.  
  728.     $xfieldsaction = "list";
  729.     $xfieldsadd = true;
  730.     include (ENGINE_DIR . '/inc/userfields.php');
  731.     $tpl->set( '{xfields}', $output );
  732.  
  733.     if ( count( $xfieldinput ) ) {
  734.         foreach ( $xfieldinput as $key => $value ) {
  735.             $tpl->copy_template = str_replace( "[xfinput_{$key}]", $value, $tpl->copy_template );
  736.         }      
  737.     }  
  738.    
  739.     $_REQUEST['id'] = htmlspecialchars( $_REQUEST['id'], ENT_QUOTES, $config['charset'] );
  740.  
  741.     $tpl->copy_template = "<form  method=\"post\" name=\"registration\" enctype=\"multipart/form-data\" action=\"\">\n" . $tpl->copy_template . "
  742. <input name=\"submit_val\" type=\"hidden\" id=\"submit_val\" value=\"submit_val\" />
  743. <input name=\"do\" type=\"hidden\" id=\"do\" value=\"register\" />
  744. <input name=\"doaction\" type=\"hidden\" id=\"doaction\" value=\"validating\" />
  745. <input name=\"id\" type=\"hidden\" id=\"id\" value=\"{$_REQUEST['id']}\" />
  746. </form>";
  747.  
  748.     $tpl->compile( 'content' );
  749.     $tpl->clear();
  750. }
  751.  
  752. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!