API tools faq
paste
Advertisement
barsenault

Untitled

barsenault
Mar 7th, 2018
173
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.05 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. UserSpice 4
  4. An Open Source PHP User Management System
  5. by the UserSpice Team at http://UserSpice.com
  6.  
  7. This program is free software: you can redistribute it and/or modify
  8. it under the terms of the GNU General Public License as published by
  9. the Free Software Foundation, either version 3 of the License, or
  10. (at your option) any later version.
  11.  
  12. This program is distributed in the hope that it will be useful,
  13. but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. GNU General Public License for more details.
  16.  
  17. You should have received a copy of the GNU General Public License
  18. along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. */
  20. function formField($o, $v = []){
  21. global $abs_us_root;
  22. global $us_url_root;
  23. $u = 0;
  24. if(isset($v->update)){
  25. $u = 1;
  26. $value = get_object_vars($v);
  27. if(isset($value[$o->col])){
  28. $value = $value[$o->col];
  29. }else{
  30. $value = '';
  31. }
  32. }
  33. //note that formField expects an entire object, not an id
  34. ?>
  35. <div class="form-group">
  36. <?php if($o->field_type != 'timestamp'){ ?>
  37. <label class="<?=$o->label_class?>" for="<?=$o->col?>"><?=$o->form_descrip?>
  38. <?php if($o->required == 1){echo "*";}?>
  39. </label>
  40. <?php }
  41.  
  42. if($o->field_type == "text" || $o->field_type == "password" || $o->field_type == "passwordE"|| $o->field_type == "color"){
  43. $type = $o->field_type;
  44. if($o->field_type == 'passwordE'){$type = "password";}
  45. ?>
  46. <input type='<?=$type?>' name='<?=$o->col?>' id='<?=$o->col?>' class='<?=$o->field_class?>'
  47. value="<?php if($u == 1){echo $value;}if(!empty($_POST)){if(isset($_POST[$o->col])){echo $_POST[$o->col];}}?>"
  48. <?php if($o->required == 1){echo "required";}?>
  49. <?=$o->input_html?>
  50. >
  51. <?php } //end if text
  52.  
  53. if($o->field_type == "number" || $o->field_type == "tinyint"){
  54. ?>
  55. <input type="number" step="1" <?php if($o->field_type == "tinyint"){ echo "min='0' max='9'";}?> name='<?=$o->col?>' id='<?=$o->col?>' class='<?=$o->field_class?>'
  56. value="<?php if($u == 1){echo $value;}elseif(!empty($_POST)){echo $_POST[$o->col];}?>"
  57. <?php if($o->required == 1){echo "required";}?>
  58. <?=$o->input_html?>
  59. >
  60. <?php } //end if int
  61.  
  62. if($o->field_type == "textarea") { ?>
  63. <textarea name='<?=$o->col?>' id='<?=$o->col?>' class='<?=$o->field_class?>'
  64. <?php if($o->required == 1){echo "required";}?> <?=$o->input_html?>><?php if($u == 1){echo $value;}elseif(!empty($_POST)){echo $_POST[$o->col];}?></textarea>
  65. <?php } //end if textarea?>
  66.  
  67. <?php if($o->field_type == "dropdown") { ?>
  68. <select <?=$o->input_html?> name='<?=$o->col?>' id='<?=$o->col?>' class='<?=$o->field_class?>'
  69. <?php if($o->required == 1){echo "required";}?>>
  70. <?php $options = json_decode($o->select_opts);
  71. if($u == 1){
  72. $option = get_object_vars($options); dnd($option);?>
  73. <option value="<?=$value?>"><?=$option[$value]?></option>
  74. <?php }
  75. foreach($options as $k=>$v){ ?>
  76. <option value="<?=$k?>"><?=$v?></option>
  77. <?php } ?>
  78. </select>
  79.  
  80. <?php } //end if dropdown
  81.  
  82. if($o->field_type == "date"){?>
  83. <input type="text" class="form-control" name="<?=$o->col?>" id="<?=$o->col?>" value="<?php if($u == 1){echo $value;}elseif(!empty($_POST)){echo $_POST[$o->col];}?>">
  84. <?php
  85. //set your custom datepicker options in this file in usersc
  86. include($abs_us_root.$us_url_root.'usersc/scripts/datepicker.php');
  87. }
  88. if($o->field_type == "datetime"){?>
  89. <input type="text" class="form-control" name="<?=$o->col?>" id="<?=$o->col?>"
  90. value="<?php if($u == 1){echo $value;}elseif(!empty($_POST)){if(isset($_POST[$o->col])){echo $_POST[$o->col];}}?>">
  91. <?php
  92. //set your custom datetimepicker options in this file in usersc
  93. include($abs_us_root.$us_url_root.'usersc/scripts/datetimepicker.php');
  94. }
  95.  
  96. if($o->field_type == "checkbox"){
  97. $options = json_decode($o->select_opts);
  98. if($u == 1){$option = json_decode($value);}
  99. foreach($options as $k=>$v){
  100. ?>
  101. <label class="<?=$o->field_class?>"><input type='checkbox' <?php if($u == 1){
  102. if(in_array($k,$option)){ echo "checked='checked'";}} ?> name='<?=$o->col?>[]' value='<?=$k?>'
  103. <?php if($o->required == 1){echo "required";}?>
  104. <?=$o->input_html?>
  105. ><?=$v?></label>
  106. <?php }
  107. } //end if checkbox
  108.  
  109. if($o->field_type == "radio") {
  110. $options = json_decode($o->select_opts);
  111. foreach($options as $k=>$v){
  112. ?>
  113. <div class="radio">
  114. <label><input type="radio" value="<?=$k?>" <?php if($u == 1){if($value == $k){echo "checked='checked'";}} ?> <?php echo $o->input_html;?> name='<?=$o->col?>'><?=$v?></label>
  115. </div>
  116. <?php } //end radio
  117. }
  118.  
  119. if($o->field_type == "timestamp") {
  120. //do nothing.
  121. }
  122. ?>
  123.  
  124. <!-- final div -->
  125. </div>
  126. <?php
  127. } //end of function
  128.  
  129. function displayForm($name, $opts = []){
  130. $db = DB::getInstance();
  131. $formatted = formatName($name);
  132. $u = 0;
  133. if(isset($opts['update'])){
  134. $id = $opts['update'];
  135. $q = $db->query("SELECT * FROM $name WHERE id = ?",array($id));
  136. $c = $q->count();
  137. if($c > 0){
  138. $u = 1;
  139. $v = $q->first();
  140. }else{
  141. die("Form record not found. Check your id");
  142. }
  143. }
  144.  
  145. $o = $db->query("SELECT * FROM $formatted ORDER BY ord")->results();
  146. ?>
  147. <form action="<?=$_SERVER['PHP_SELF'];?>" method="post">
  148. <?php
  149. if(!isset($opts['token'])){ ?>
  150. <input type="hidden" name="csrf" value="<?=Token::generate();?>" />
  151. <?php }else{ ?>
  152. <input type="hidden" name="csrf" value="<?=$opts['token'];?>" />
  153. <?php }
  154. foreach ($o as $f){
  155. // dnd($f);
  156. if($u != 1){
  157. //note that formField expects an entire object, not an id
  158. formField($f);
  159. }else{
  160. $v->update = $id;
  161. formField($f,$v);
  162. }
  163. }
  164. ?>
  165. <input type="hidden" name="form_name" value="<?=$name?>">
  166. <?php
  167. include('form_submit_button.php');
  168. if(!isset($opts['noclose'])){
  169. echo "</form>";
  170. }
  171.  
  172. }
  173.  
  174. function displayView($view, $opts = []){
  175. $db = DB::getInstance();
  176. $getViewQ = $db->query("SELECT * FROM us_form_views WHERE id = ?",array($view));
  177. $getViewC = $getViewQ->count();
  178. if($getViewC < 1){
  179. bold("<br>View not found");
  180. exit;
  181. }else{
  182. $getView = $getViewQ->first();
  183. }
  184.  
  185. $form = $getView->form_name.'_form';
  186. $fields = json_decode($getView->fields);
  187. $u = 0;
  188. if(isset($opts['update'])){
  189. $id = $opts['update'];
  190. $q = $db->query("SELECT * FROM $getView->form_name WHERE id = ?",array($id));
  191. $c = $q->count();
  192. if($c > 0){
  193. $u = 1;
  194. $v = $q->first();
  195. }else{
  196. die("Form record not found. Check your id");
  197. }
  198. }
  199. ?>
  200. <form action="<?=$_SERVER['PHP_SELF'];?>" method="post">
  201. <?php
  202. if(!isset($opts['token'])){ ?>
  203. <input type="hidden" name="csrf" value="<?=Token::generate();?>" />
  204. <?php }else{ ?>
  205. <input type="hidden" name="csrf" value="<?=$opts['token'];?>" />
  206. <?php }
  207. foreach ($fields as $f){
  208.  
  209. $fldQ = $db->query("SELECT * FROM $form WHERE id = ?",array($f));
  210. $fldC = $fldQ->count();
  211. if($fldC > 0){
  212. $fld = $fldQ->first();
  213. if($u != 1){
  214. //note that formField expects an entire object, not an id
  215. formField($fld);
  216. }else{
  217. $v->update = $id;
  218. formField($fld,$v);
  219. }
  220. }else{
  221. continue;
  222. }
  223. }
  224. ?>
  225. <input type="hidden" name="form_name" value="<?=$getView->form_name?>">
  226. <?php include('form_submit_button.php'); ?>
  227. </form>
  228. <?php
  229. }
  230.  
  231. function displayTable($name,$opts = []){
  232. $db = DB::getInstance();
  233. //Pass id as 1 to show the id column
  234.  
  235. if(!isset($opts['class'])){
  236. $opts['class'] = 'table table-striped';
  237. }
  238.  
  239. if(!isset($opts['id'])){
  240. $opts['id'] = 0;
  241. }
  242. $form = $name.'_form';
  243. $s = $db->query("SELECT * FROM $form ORDER BY ord")->results();
  244. $order=[];
  245. $newOrder = [];
  246. foreach($s as $key=>$value){
  247. $order[$value->col] = $value->table_descrip;
  248. }
  249. $table = $db->query("SELECT * FROM $name");
  250. $count = $table->count();
  251. ?>
  252. <!-- optional table class? -->
  253. <table class='<?=$opts['class']?>'>
  254. <thead>
  255. <?php
  256. if($opts['id'] == 1){?>
  257. <th>ID</th>
  258. <?php }
  259. foreach($order as $key=>$value){?>
  260. <th><?=$value?></th>
  261. <?php } ?>
  262. </thead>
  263. <tbody>
  264. <?php
  265. if($count > 0){
  266.  
  267. $t = $table->results(true);
  268. foreach($t as $r){
  269. // All of this is to get the table in the same order as your form
  270. $r = array_intersect_key($r,$order);
  271. $r = array_merge($order,$r);
  272. ?>
  273. <tr>
  274. <?php foreach($r as $k=>$v){
  275. if($k == 'id' && $opts['id'] != 1){
  276. continue;
  277. }elseif(isJSON($v)){
  278. $v = json_decode($v);
  279. $v = rtrim(implode(',', $v), ','); ?>
  280. <td><?=$v?></td>
  281. <?php
  282. }else{ ?>
  283. <td><?=$v?></td>
  284.  
  285. <?php
  286. }
  287. }
  288. ?>
  289. </tr>
  290. <?php
  291. }
  292. }
  293. ?>
  294. </tbody>
  295. <?php
  296. }
  297.  
  298. function processForm($opts = []){
  299. //form name is auto detected so we might want to prevent column names that match the form name
  300.  
  301. global $usFormUpdate;
  302. global $abs_us_root;
  303. global $us_url_root;
  304. $token = $_POST['csrf'];
  305. if(!Token::check($token)){
  306. require_once $abs_us_root.$us_url_root.'usersc/scripts/token_error.php';
  307. }
  308. //dump($_POST);
  309. $validation = new Validate();
  310. $db = DB::getInstance();
  311. $name = Input::get('form_name');
  312. $form = $name.'_form';
  313. $fields = [];
  314.  
  315. $s = $db->query("SELECT * FROM $form")->results(true);
  316. //only deal with the fields that were actually posted
  317. $submitted = [];
  318. foreach($_POST as $k=>$v){
  319. foreach($s as $t){
  320. if(array_search($k,$t)){
  321. $submitted[]= $t;
  322. }
  323. }
  324. }
  325.  
  326. $errors = [];
  327. $successes = [];
  328. //check for posted arrays
  329. foreach($_POST as $k=>$v){
  330. foreach($submitted as $t)
  331. if(is_array($k)){
  332. }
  333. }
  334.  
  335. foreach($submitted as $c){
  336. $val = [];
  337. if($c['field_type'] == "checkbox"){
  338. if(! isset($_POST[$c['col']])){
  339. $data = [];
  340. }else{
  341. $data = filter_var_array($_POST[$c['col']],FILTER_SANITIZE_ENCODED);
  342. }
  343. $data = json_encode($data);
  344. $fields[$c['col']] = $data;
  345. }elseif($c['field_type'] == "passwordE"){
  346. $fields[$c['col']] = password_hash(Input::get($c['col']), PASSWORD_BCRYPT, array('cost' => 12));
  347. }elseif($c['field_type'] == "timestamp"){
  348. continue;
  349. }else{
  350. $fields[$c['col']] = Input::get($c['col']);
  351. //dnd($c);
  352. //dnd($_POST);
  353. if($c['validation'] != "" && $c['validation'] != '[]'){
  354.  
  355. $val = json_decode($c['validation']);
  356. $process = [];
  357. $process['display'] = $c['table_descrip'];
  358. foreach($val as $key => $value){
  359. $process[$key] = $value;
  360. }
  361. $validation->check($_POST,array(
  362. $c['col'] => $process
  363. ));
  364. if($validation->passed()) {
  365. // die("Passed");
  366. }else{
  367. if($opts != '' && isset($opts['debug'])){
  368. dump($validation);
  369. }
  370. }
  371. }
  372. }
  373. }
  374.  
  375. if(!$validation->errors()=='') {
  376. ?>
  377. <div class="alert alert-danger">
  378. <?=display_errors($validation->errors());?>
  379. </div><?php }
  380. if($validation->passed()) {
  381. if(isset($usFormUpdate)){
  382. $db->update($name,$usFormUpdate,$fields);
  383. }else{
  384. $db->insert($name,$fields);
  385. }
  386.  
  387. }
  388. if($opts != '' && isset($opts['debug'])){
  389. dnd($db->errorInfo());
  390. }
  391. }
  392.  
  393. function createForm($name){
  394. $db = DB::getInstance();
  395. $form = $name.'_form';
  396. if (!preg_match("#^[a-z0-9]+$#", $name)) {
  397. bold("Sorry! You can only use lowercase letters and numbers in your form name!");
  398. exit;
  399. }else{
  400. $error = 'ERROR #0';
  401. $err = true;
  402. $test = $db->query("SELECT * FROM $name")->first();
  403. $e = $db->errorString();
  404. if (strpos($e, $error) !== false){
  405. bold("Sorry! A table with that name exists in your database!");
  406. exit;
  407. }else{
  408. // echo 'Good to go';
  409. $columns = "id INT( 11 ) AUTO_INCREMENT PRIMARY KEY";
  410. $columns2 = "<code>id</code> INT( 11 ) AUTO_INCREMENT PRIMARY KEY,
  411. <code>ord</code> int(11) NOT NULL,
  412. <code>col</code> varchar(255) NOT NULL,
  413. <code>form_descrip</code> varchar(255) NOT NULL,
  414. <code>table_descrip</code> varchar(255) NOT NULL,
  415. <code>col_type</code> varchar(255) NOT NULL,
  416. <code>field_type</code> varchar(100) NOT NULL,
  417. <code>length</code> int(11) NOT NULL,
  418. <code>required</code> tinyint(1) NOT NULL,
  419. <code>validation</code> text NOT NULL,
  420. <code>label_class</code> varchar(255) NOT NULL,
  421. <code>field_class</code> varchar(255) NOT NULL,
  422. <code>input_html</code> text NOT NULL,
  423. <code>select_opts</code> text NOT NULL";
  424. $db->query("CREATE TABLE IF NOT EXISTS $name ( $columns )");
  425. $db->query("CREATE TABLE IF NOT EXISTS $form ( $columns2 )");
  426. $db->insert('us_forms',['form'=>$name]);
  427. $id = $db->lastId();
  428. Redirect::to('edit_form.php?edit='.$id.'&err=Form+created!');
  429. }
  430. }
  431. }
  432.  
  433. function buildFormFromTable($name){
  434. $db = DB::getInstance();
  435. global $us_url_root;
  436. $order = 10;
  437. $form = $name.'_form';
  438. if (!preg_match("#^[a-z0-9]+$#", $name)) {
  439. bold("<br>Sorry! You can only use lowercase letters and numbers in your form name!");
  440. exit;
  441. }
  442. $err = true;
  443. $test = $db->query("SELECT * FROM $name")->first();
  444. //we want to make sure the requested table is really there
  445. if ($test == []){
  446. bold("<br>Sorry! The table you're requesting does not exist!");
  447. exit;
  448. }else{
  449. $count = $db->query("SELECT form FROM us_forms WHERE form = ?",array($name))->count();
  450. if($count < 1){
  451. $db->insert('us_forms',['form'=>$name]);
  452. $id = $db->lastId();
  453. $columns2 = "<code>id</code> INT( 11 ) AUTO_INCREMENT PRIMARY KEY,
  454. <code>ord</code> int(11) NOT NULL,
  455. <code>col</code> varchar(255) NOT NULL,
  456. <code>form_descrip</code> varchar(255) NOT NULL,
  457. <code>table_descrip</code> varchar(255) NOT NULL,
  458. <code>col_type</code> varchar(255) NOT NULL,
  459. <code>field_type</code> varchar(100) NOT NULL,
  460. <code>required</code> tinyint(1) NOT NULL,
  461. <code>validation</code> text NOT NULL,
  462. <code>label_class</code> varchar(255) NOT NULL,
  463. <code>field_class</code> varchar(255) NOT NULL,
  464. <code>input_html</code> text NOT NULL,
  465. <code>select_opts</code> text NOT NULL";
  466. $db->query("CREATE TABLE IF NOT EXISTS $form ( $columns2 )");
  467. $schema = $db->query("SHOW COLUMNS FROM $name")->results(true);
  468. foreach($schema as $s){
  469.  
  470. $type = '';
  471. $field = '';
  472. $t = $s['Type'];
  473. if($s['Field'] == 'id'){
  474. continue;
  475. }else{
  476. if(substr($t,0,3) == 'int'){
  477. $type = "int";
  478. $field = "number";
  479. }elseif(substr($t,0,3) == 'var'){
  480. $type = "varchar";
  481. $field = "text";
  482. }elseif(substr($t,0,3) == 'dat'){
  483. if(substr($t,0,5) == 'datet'){
  484. $type = "datetime";
  485. $field = "datetime";
  486. }else{
  487. $type = "date";
  488. $field = "date";
  489. }
  490. }elseif(substr($t,0,3) == 'tex'){
  491. $type = "text";
  492. $field = "textarea";
  493. }elseif(substr($t,0,9) == 'timestamp'){
  494. continue;
  495. }
  496. }
  497. $fields = array(
  498. 'ord'=>$order,
  499. 'col'=>$s['Field'],
  500. 'form_descrip'=>ucfirst($s['Field']),
  501. 'table_descrip'=>ucfirst($s['Field']),
  502. 'col_type'=>$type,
  503. 'field_type'=>$field,
  504. 'field_class'=>'form-control',
  505. );
  506. $order = $order + 10;
  507. $db->insert($form,$fields);
  508. }
  509.  
  510. }else{
  511. bold("<br>Your us_forms table already has a form called ".$name);
  512. exit;
  513. }
  514. }
  515.  
  516. Redirect::to($us_url_root.'users/edit_form.php?autogen=1&edit='.$id);
  517. }
  518.  
  519. function formatName($name){
  520. $post = "_form";
  521. $formatted = $name."_form";
  522. return $formatted;
  523. }
  524.  
  525. function getFormName($id,$opt=[]){
  526. $db = DB::getInstance();
  527. $q = $db->query("SELECT form FROM us_forms WHERE id = ?",array($id));
  528. $c = $q->count();
  529. if($c > 0){
  530. $f = $q->first();
  531. $name = $f->form;
  532. // dnd($opt);
  533. if($opt != [] && $opt['name'] == 1){
  534. $name = $f->form."_form";
  535. }
  536. return $name;
  537. }else{
  538. $msg = "not found";
  539. return $msg;
  540. }
  541. }
  542.  
  543. function isSqlProtected($col){
  544. $protected = ['accessible','add','all','alter','analyze','and','as','asc','asensitive','before','between','bigint','binary','blob','both','by','call','cascade','case','change','char','character','check','collate','column','condition','constraint','continue','convert','create','cross','current_date','current_time','current_timestamp','current_user','cursor','database','databases','day_hour','day_microsecond','day_minute','day_second','dec','decimal','declare','default','delayed','delete','desc','describe','deterministic','distinct','distinctrow','div','double','drop','dual','each','else','elseif','enclosed','escaped','exists','exit','explain','false','fetch','float','float4','float8','for','force','foreign','from','fulltext','general','grant','group','having','high_priority','hour_microsecond','hour_minute','hour_second','if','ignore','ignore_server_ids','in','index','infile','inner','inout','insensitive','insert','int','int1','int2','int3','int4','int8','integer','interval','into','is','iterate','join','key','keys','kill','leading','leave','left','like','limit','linear','lines','load','localtime','localtimestamp','lock','long','longblob','longtext','loop','low_priority','master_heartbeat_period','master_ssl_verify_server_cert','match','maxvalue','mediumblob','mediumint','mediumtext','middleint','minute_microsecond','minute_second','mod','modifies','natural','not','no_write_to_binlog','null','numeric','on','optimize','option','optionally','or','order','out','outer','outfile','partition','precision','primary','procedure','purge','range','read','reads','read_write','real','recursive','references','regexp','release','rename','repeat','replace','require','resignal','restrict','return','revoke','right','rlike','rows','schema','schemas','second_microsecond','select','sensitive','separator','set','show','signal','slow','smallint','spatial','specific','sql','sqlexception','sqlstate','sqlwarning','sql_big_result','sql_calc_found_rows','sql_small_result','ssl','starting','straight_join','table','terminated','then','tinyblob','tinyint','tinytext','to','trailing','trigger','true','undo','union','unique','unlock','unsigned','update','usage','use','using','utc_date','utc_time','utc_timestamp','values','varbinary','varchar','varcharacter','varying','when','where','while','window','with','write','xor','year_month','zerofill'];
  545. $col = strtolower($col);
  546. if(in_array($col,$protected)){
  547. return true;
  548. }else{
  549. return false;
  550. }
  551. }
  552.  
  553. function isValidValidation($opt){
  554. //since we cannot sanitize < symbols etc, we need to make sure that the posted values
  555. //are in the db table to prevent injections
  556. $db = DB::getInstance();
  557. $c = $db->query("SELECT value FROM us_form_validation WHERE value = ?",array($opt))->count();
  558. if($c > 0){
  559. return true;
  560. }else{
  561. return false;
  562. }
  563. }
  564.  
  565. function getValidTables(){
  566. //get a list of tables that don't end in _form
  567. $db = DB::getInstance();
  568. $query = $db->query("SHOW TABLES")->results();
  569. $tables = [];
  570. foreach($query as $t){
  571. foreach($t as $q){
  572. $tables[] = $q;
  573. }
  574. }
  575. foreach($tables as $k=>$v){
  576. if(substr($v,-5)=='_form'){
  577. unset($tables[$k]);
  578. }
  579. }
  580. //check if there's already a form.
  581. //if yes, unset it
  582. $query = $db->query("SELECT form FROM us_forms")->results();
  583. foreach($query as $k=>$v){
  584. foreach($tables as $key=>$value){
  585. if($v->form == $value){
  586. unset($tables[$key]);
  587. }
  588. }
  589. }
  590. return $tables;
  591. }
  592.  
  593. function isJSON($string){
  594. return is_string($string) && is_array(json_decode($string, true)) && (json_last_error() == JSON_ERROR_NONE) ? true : false;
  595. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!