SilverDragonTears
04-06-2012, 09:53 PM
I don't know what I did.... but people can't view new member's profiles and most people registering are having an invalid email issue. Here is my register script.... see anything out of the ordinary?
<?php
include("functions/functions.php");
include("functions/functions_users.php");
include("inc/config_forum.php");
include("inc/lang.php");
//***************//
// START SCRIPT //
//***************//
if($isloggedin == "yes"){
$article_title = "You already have an account";
$article_content = "You already have an account, thus there is no need for you to register a new one.";
}
else{
//Grab the post data from the form
$username = $_POST["username"];
$username = secure($username);
$pass1 = $_POST["pass1"];
$pass1 = secure($pass1);
$pass2 = $_POST["pass2"];
$pass2 = secure($pass2);
$email = $_POST["email"];
$ip = $_POST['ip'];
$birthday = $_POST['birthday'];
$avatar = $_POST["avatar"];
$tos = $_POST["tos"];
$hidden = $_POST["hidden"];
$answer = $_POST["answer"];
$answer2 = $_POST["answer2"];
if($hidden != "goregister"){
//The form was not submitted, so we are showing the signup page...
$question = grabanysetting("securityquestion");
$answer = grabanysetting("securityanswer");
$article_title = $regnew;
$article_content = $regnewexplain."<br><form name='form1' method='post' action='register.php'>
<p>Username: <input name='username' type='text' id='username' maxlength='20'></p>
<p>Your username may be up to 20 characters long and may only contain letters, numbers and spaces. </p>
<p>Password: <input name='pass1' type='password' id='pass1' maxlength='20'></p>
<p>Your password may be up to 20 characters long and may contain letters, numbers, spaces and special characters. The use of a special character, such as * or ! is recommended for increased security. </p>
<p>Confirm Password: <input name='pass2' type='password' id='pass2' maxlength='20'></p>
<p>Email Address: <input name='email' type='text' id='email'></p>
<p>Birthday(mm/dd/yyyy): <input name='birthday' type='text' id='birthday'></p>
<p>Avatar url: <input name='avatar' type='text' id='avatar' value='templates/icons/default_avatar.gif'></p>
<p>Security Question: {$question}
<input name='answer' type='hidden' id='answer' value='{$answer}'></p>
<p>Answer: <input name='answer2' type='text' id='answer2'></p>
<p><input name='tos' type='checkbox' id='tos' value='yes'> I agree to the <a href='tos.php' target='_blank'>Terms of Service</a>.
<input name='ip' type='hidden' id='ip' value='{$_SERVER['REMOTE_ADDR']}'></p>
<input name='hidden' type='hidden' id='hidden' value='goregister'></p>
<p><input type='submit' name='Submit' value='Register'>
</p></form>";
}
else{
//We are attempting to register the user...
$salt = codegen(15, 0);
$password1 = passencr($username, $pass1, $salt);
$password2 = passencr($username, $pass2, $salt);
//Next check that the username does not already exist...
$flag = 0;
$stmt = $adopts->query("SELECT * FROM {$prefix}users WHERE username = '$username'");
$row = $stmt->fetchObject();
if(is_object($row)) $flag = 1;
//Now we verify that the email address is a valid email address...
$emailisvalid = "no";
$regex = '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/';
if(preg_match($regex, $email)) $emailisvalid = "yes";
//First check that something required was not left blank...
if($username == "" or $password1 == "" or $password2 == "" or $email == ""){
$article_title = "Error";
$article_content = $regblank;
}
else if($password1 != $password2){
//Passwords do not match
$article_title = "Your passwords do not match";
$article_content = $passnomatch;
}
else if($tos != "yes"){
//User did not agree to TOS
$article_title = "Terms of Service Error";
$article_content = $notos;
}
else if($flag > 0){
//Username already exists
$article_title = "Your username already exists";
$article_content = $userexists;
}
else if($emailisvalid != "yes"){
//Email address is not valid or is a fake
$article_title = "Email address is not valid";
$article_content = $emailinvalid;
}
else if($answer != $answer2){
//Email address is not valid or is a fake
$article_title = "An error has occurred";
$article_content = "It seems that you did not answer the security question correctly...";
}
else{
//All checks are done, actually create the user's account on the database
$date = date('Y-m-d');
$session = session_id();
$myssession = md5($uid.$session);
$adopts->query("INSERT INTO {$prefix}users (uid, username, salt, password, session, email, ip, usergroup, birthday, membersince, money, friends)
VALUES ('', '$username', '$salt', '$password1', '$myssession', '$email','{$_SERVER['REMOTE_ADDR']}','3','$birthday', '$date', '{$GLOBALS['settings']['startmoney']}','')");
$adopts->query("INSERT INTO {$prefix}users_contacts (uid, username, website, facebook, twitter, aim, yahoo, msn, skype)
VALUES ('', '$username', '', '', '', '', '', '', '')");
$adopts->query("INSERT INTO {$prefix}users_options (uid, username, newmessagenotify, pmstatus, vmstatus, tradestatus, theme)
VALUES ('', '$username', '1', '0', '0', '0', '{$GLOBALS['settings']['theme']}')");
$adopts->query("INSERT INTO {$prefix}users_profile (uid, username, avatar, bio, color, about, favpet, gender, nickname)
VALUES ('', '$username', '$avatar', '', '', '', '0', 'unknown', '')");
$adopts->query("INSERT INTO {$prefix}users_status (uid, username, canlevel, canvm, canfriend, cantrade, canbreed, canshop)
VALUES ('', '$username', 'yes', 'yes', 'yes', 'yes', 'yes', 'yes')");
//Now check if Mybb forum integration is enabled
if($mybbenabled == 1){
//Mybb forum integration is enabled, now generate the user account on Mybb forum!
$dsn2 = "mysql:host={$mybbhost};dbname={$mybbdbname}";
$forums = new PDO($dsn2, $mybbuser, $mybbpass) or die("Cannot connect to forum database, please contact an admin immediately.");
//Now the database has been switched to mybb forum's. Before inserting user info, lets generate the password and salt in Mybb format.
$salty = codegen(8, 0);
$loginkey = codegen(50, 0);
$md5pass = md5($pass1);
$fpass = md5(md5($salty).$md5pass);
$ip = $_SERVER['REMOTE_ADDR'];
$altip = ipgen($ip);
$query2 = "INSERT INTO {$mybbprefix}users (uid, username, password, salt, loginkey, email, postnum, avatar, avatardimensions, avatartype, usergroup, additionalgroups, displaygroup, usertitle, regdate, lastactive, lastvisit, lastpost, website, icq, aim, yahoo, msn, birthday, birthdayprivacy, signature, allownotices, hideemail, subscriptionmethod, invisible, receivepms, receivefrombuddy, pmnotice, pmnotify, threadmode, showsigs, showavatars, showquickreply, showredirect, ppp, tpp, daysprune, dateformat, timeformat, timezone, dst, dstcorrection, buddylist, ignorelist, style, away, awaydate, returndate, awayreason, pmfolders, notepad, referrer, referrals, reputation, regip, lastip, longregip, longlastip, language, timeonline, showcodebuttons, totalpms, unreadpms, warningpoints, moderateposts, moderationtime, suspendposting, suspensiontime, suspendsignature, suspendsigtime, coppauser, classicpostbit, loginattempts, failedlogin, usernotes)
VALUES ('', '$username', '$fpass','$salty','$loginkey','$email', '0', '', '', '0', '2', '', '0', '', 'time()', 'time()', 'time()', '0', '', '', '', '', '', '$birthday', 'all', '', '1', '0', '0', '0', '1', '0', '1', '1', '', '1', '1', '1', '1', '0', '0', '0', '', '', '0', '0', '0', '', '', '0', '0', '0', '', '', '', '', '0','0','0','$ip', '$ip','$altip','$altip','','0','1', '0', '0', '0','0','0','0','0','0','0','0','0','1','0','')";
$forums->query($query2) or die("Failed to create forum account");
}
//Now that we have created the user, let's log them in...
$status = dologin($username, $password1, $myssession);
if($status != "success"){
$article_title = "Something is Wrong!";
$article_content = "Something is very, very wrong. Please contact Mysidia Adoptables about this error.";
}
else{
//We are registered and logged in...
$article_title = $titleregsuccess;
$article_content = $regsuccess."".$username."".$regsuccess2;
if($mybbenabled == 1){
$article_content .= "</br></br>You may also visit your <a href='http://taleofdragons.net/forum'>forum account</a> and edit your profile.";
}
//Reflect our changes in the sidebar...
$sidebar = "<b><u>Welcome {$username}</u></b>:<br><a href='account.php'>Go to My Account</a><br><a href='adopt.php'>Adopt Some Pets</a>";
}
}
}
}
//***************//
// OUTPUT PAGE //
//***************//
echo showpage($article_title, $article_content, $date);
?>
<?php
include("functions/functions.php");
include("functions/functions_users.php");
include("inc/config_forum.php");
include("inc/lang.php");
//***************//
// START SCRIPT //
//***************//
if($isloggedin == "yes"){
$article_title = "You already have an account";
$article_content = "You already have an account, thus there is no need for you to register a new one.";
}
else{
//Grab the post data from the form
$username = $_POST["username"];
$username = secure($username);
$pass1 = $_POST["pass1"];
$pass1 = secure($pass1);
$pass2 = $_POST["pass2"];
$pass2 = secure($pass2);
$email = $_POST["email"];
$ip = $_POST['ip'];
$birthday = $_POST['birthday'];
$avatar = $_POST["avatar"];
$tos = $_POST["tos"];
$hidden = $_POST["hidden"];
$answer = $_POST["answer"];
$answer2 = $_POST["answer2"];
if($hidden != "goregister"){
//The form was not submitted, so we are showing the signup page...
$question = grabanysetting("securityquestion");
$answer = grabanysetting("securityanswer");
$article_title = $regnew;
$article_content = $regnewexplain."<br><form name='form1' method='post' action='register.php'>
<p>Username: <input name='username' type='text' id='username' maxlength='20'></p>
<p>Your username may be up to 20 characters long and may only contain letters, numbers and spaces. </p>
<p>Password: <input name='pass1' type='password' id='pass1' maxlength='20'></p>
<p>Your password may be up to 20 characters long and may contain letters, numbers, spaces and special characters. The use of a special character, such as * or ! is recommended for increased security. </p>
<p>Confirm Password: <input name='pass2' type='password' id='pass2' maxlength='20'></p>
<p>Email Address: <input name='email' type='text' id='email'></p>
<p>Birthday(mm/dd/yyyy): <input name='birthday' type='text' id='birthday'></p>
<p>Avatar url: <input name='avatar' type='text' id='avatar' value='templates/icons/default_avatar.gif'></p>
<p>Security Question: {$question}
<input name='answer' type='hidden' id='answer' value='{$answer}'></p>
<p>Answer: <input name='answer2' type='text' id='answer2'></p>
<p><input name='tos' type='checkbox' id='tos' value='yes'> I agree to the <a href='tos.php' target='_blank'>Terms of Service</a>.
<input name='ip' type='hidden' id='ip' value='{$_SERVER['REMOTE_ADDR']}'></p>
<input name='hidden' type='hidden' id='hidden' value='goregister'></p>
<p><input type='submit' name='Submit' value='Register'>
</p></form>";
}
else{
//We are attempting to register the user...
$salt = codegen(15, 0);
$password1 = passencr($username, $pass1, $salt);
$password2 = passencr($username, $pass2, $salt);
//Next check that the username does not already exist...
$flag = 0;
$stmt = $adopts->query("SELECT * FROM {$prefix}users WHERE username = '$username'");
$row = $stmt->fetchObject();
if(is_object($row)) $flag = 1;
//Now we verify that the email address is a valid email address...
$emailisvalid = "no";
$regex = '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/';
if(preg_match($regex, $email)) $emailisvalid = "yes";
//First check that something required was not left blank...
if($username == "" or $password1 == "" or $password2 == "" or $email == ""){
$article_title = "Error";
$article_content = $regblank;
}
else if($password1 != $password2){
//Passwords do not match
$article_title = "Your passwords do not match";
$article_content = $passnomatch;
}
else if($tos != "yes"){
//User did not agree to TOS
$article_title = "Terms of Service Error";
$article_content = $notos;
}
else if($flag > 0){
//Username already exists
$article_title = "Your username already exists";
$article_content = $userexists;
}
else if($emailisvalid != "yes"){
//Email address is not valid or is a fake
$article_title = "Email address is not valid";
$article_content = $emailinvalid;
}
else if($answer != $answer2){
//Email address is not valid or is a fake
$article_title = "An error has occurred";
$article_content = "It seems that you did not answer the security question correctly...";
}
else{
//All checks are done, actually create the user's account on the database
$date = date('Y-m-d');
$session = session_id();
$myssession = md5($uid.$session);
$adopts->query("INSERT INTO {$prefix}users (uid, username, salt, password, session, email, ip, usergroup, birthday, membersince, money, friends)
VALUES ('', '$username', '$salt', '$password1', '$myssession', '$email','{$_SERVER['REMOTE_ADDR']}','3','$birthday', '$date', '{$GLOBALS['settings']['startmoney']}','')");
$adopts->query("INSERT INTO {$prefix}users_contacts (uid, username, website, facebook, twitter, aim, yahoo, msn, skype)
VALUES ('', '$username', '', '', '', '', '', '', '')");
$adopts->query("INSERT INTO {$prefix}users_options (uid, username, newmessagenotify, pmstatus, vmstatus, tradestatus, theme)
VALUES ('', '$username', '1', '0', '0', '0', '{$GLOBALS['settings']['theme']}')");
$adopts->query("INSERT INTO {$prefix}users_profile (uid, username, avatar, bio, color, about, favpet, gender, nickname)
VALUES ('', '$username', '$avatar', '', '', '', '0', 'unknown', '')");
$adopts->query("INSERT INTO {$prefix}users_status (uid, username, canlevel, canvm, canfriend, cantrade, canbreed, canshop)
VALUES ('', '$username', 'yes', 'yes', 'yes', 'yes', 'yes', 'yes')");
//Now check if Mybb forum integration is enabled
if($mybbenabled == 1){
//Mybb forum integration is enabled, now generate the user account on Mybb forum!
$dsn2 = "mysql:host={$mybbhost};dbname={$mybbdbname}";
$forums = new PDO($dsn2, $mybbuser, $mybbpass) or die("Cannot connect to forum database, please contact an admin immediately.");
//Now the database has been switched to mybb forum's. Before inserting user info, lets generate the password and salt in Mybb format.
$salty = codegen(8, 0);
$loginkey = codegen(50, 0);
$md5pass = md5($pass1);
$fpass = md5(md5($salty).$md5pass);
$ip = $_SERVER['REMOTE_ADDR'];
$altip = ipgen($ip);
$query2 = "INSERT INTO {$mybbprefix}users (uid, username, password, salt, loginkey, email, postnum, avatar, avatardimensions, avatartype, usergroup, additionalgroups, displaygroup, usertitle, regdate, lastactive, lastvisit, lastpost, website, icq, aim, yahoo, msn, birthday, birthdayprivacy, signature, allownotices, hideemail, subscriptionmethod, invisible, receivepms, receivefrombuddy, pmnotice, pmnotify, threadmode, showsigs, showavatars, showquickreply, showredirect, ppp, tpp, daysprune, dateformat, timeformat, timezone, dst, dstcorrection, buddylist, ignorelist, style, away, awaydate, returndate, awayreason, pmfolders, notepad, referrer, referrals, reputation, regip, lastip, longregip, longlastip, language, timeonline, showcodebuttons, totalpms, unreadpms, warningpoints, moderateposts, moderationtime, suspendposting, suspensiontime, suspendsignature, suspendsigtime, coppauser, classicpostbit, loginattempts, failedlogin, usernotes)
VALUES ('', '$username', '$fpass','$salty','$loginkey','$email', '0', '', '', '0', '2', '', '0', '', 'time()', 'time()', 'time()', '0', '', '', '', '', '', '$birthday', 'all', '', '1', '0', '0', '0', '1', '0', '1', '1', '', '1', '1', '1', '1', '0', '0', '0', '', '', '0', '0', '0', '', '', '0', '0', '0', '', '', '', '', '0','0','0','$ip', '$ip','$altip','$altip','','0','1', '0', '0', '0','0','0','0','0','0','0','0','0','1','0','')";
$forums->query($query2) or die("Failed to create forum account");
}
//Now that we have created the user, let's log them in...
$status = dologin($username, $password1, $myssession);
if($status != "success"){
$article_title = "Something is Wrong!";
$article_content = "Something is very, very wrong. Please contact Mysidia Adoptables about this error.";
}
else{
//We are registered and logged in...
$article_title = $titleregsuccess;
$article_content = $regsuccess."".$username."".$regsuccess2;
if($mybbenabled == 1){
$article_content .= "</br></br>You may also visit your <a href='http://taleofdragons.net/forum'>forum account</a> and edit your profile.";
}
//Reflect our changes in the sidebar...
$sidebar = "<b><u>Welcome {$username}</u></b>:<br><a href='account.php'>Go to My Account</a><br><a href='adopt.php'>Adopt Some Pets</a>";
}
}
}
}
//***************//
// OUTPUT PAGE //
//***************//
echo showpage($article_title, $article_content, $date);
?>