include/register.php

   1 <?php
   2 /* make sure that we are not called from outside the scripts,
   3  * use a variable defined in config.php to check this
   4  */
   5 if(!isset($HOST))
   6   exit;
   7
   8 /* new user wants to register */
   9 if(myisset("Rfullname","Remail","Rtimezone") )
  10   {
  11     global $HOST,$INDEX;
  12
  13     /* is this name already in use/ */
  14     $ok=1;
  15     if(DB_get_userid('name',$_REQUEST['Rfullname']))
  16       {
  17         echo "please chose another name<br />";
  18         $ok=0;
  19       }
  20     /* check if email address is already used */
  21     if(DB_get_userid('email',$_REQUEST['Remail']))
  22       {
  23         echo "this email address is already used ?!<br />";
  24         $ok=0;
  25       }
  26     /* need either openid or password */
  27     if(!myisset('Rpassword')  &&  !myisset('Ropenid'))
  28       {
  29         echo "I need either a Password or an Openid url.<br />";
  30         $ok=0;
  31       }
  32
  33     /* check against robots */
  34     $robots=0; /* at least one anti-robot question needs to be answered */
  35     if(myisset('Robotproof0'))
  36       {
  37         if($_REQUEST['Robotproof0']!=42)
  38           $ok=0;
  39         else
  40           $robot=1;
  41       }
  42     else if(myisset('Robotproof1'))
  43       {
  44         if($_REQUEST['Robotproof1']!=35)
  45           $ok=0;
  46         else
  47           $robot=1;
  48       }
  49     else if(myisset('Robotproof2'))
  50       {
  51         if($_REQUEST['Robotproof2']!=28)
  52           $ok=0;
  53         else
  54           $robot=1;
  55       }
  56     else if(myisset('Robotproof3'))
  57       {
  58         if($_REQUEST['Robotproof3']!=21)
  59           $ok=0;
  60         else
  61           $robot=1;
  62       }
  63     else if(myisset('Robotproof4'))
  64       {
  65         if($_REQUEST['Robotproof4']!=14)
  66           $ok=0;
  67         else
  68           $robot=1;
  69       }
  70     if($robot==0)
  71       {
  72         echo "You answered the math question wrong. <br />\n";
  73         $ok=0;
  74       }
  75     /* everything ok, go ahead and create user */
  76     if($ok)
  77       {
  78         if(myisset('Rpassword'))
  79           {
  80             $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]).
  81                         ",".DB_quote_smart($_REQUEST["Remail"]).
  82                         ",".DB_quote_smart(md5($_REQUEST["Rpassword"])).
  83                         ",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)");
  84           }
  85         else if(myisset('Ropenid'))
  86           {
  87             $password = $_REQUEST["Rfullname"].preg_replace('/([ ])/e', 'chr(rand(33,122))', '               ');
  88             $r=DB_query("INSERT INTO User VALUES(NULL,".DB_quote_smart($_REQUEST["Rfullname"]).
  89                         ",".DB_quote_smart($_REQUEST["Remail"]).
  90                         ",".DB_quote_smart(md5($password)).
  91                         ",".DB_quote_smart($_REQUEST["Rtimezone"]).",NULL,NULL)");
  92             if($r)
  93               {
  94                 include_once('openid.php');
  95                 $myid = DB_get_userid('email',$_REQUEST['Remail']);
  96                 DB_AttachOpenID($_REQUEST['Ropenid'], $myid);
  97               }
  98           }
  99         else
 100           {
 101             echo 'Error during registration, please contact '.$ADMIN_NAME.' at '.$ADMIN_EMAIL;
 102           }
 103         if($r)
 104           {
 105             /* Set session, so that new user doesn't need to log in */
 106             $myname = DB_get_name('email',$_REQUEST['Remail']);
 107             $_SESSION["name"] = $myname;
 108
 109             echo " Welcome to e-DoKo, you are now registered, please visit the".
 110               " <a href=\"".$HOST.$INDEX."\">homepage</a> to continue.";
 111           }
 112         else
 113           echo " something went wrong, couldn't add you to the database, please contact $ADMIN_NAME at $ADMIN_EMAIL.";
 114       }
 115     else
 116       {
 117         echo "Couldn't register you. Please <a href=\"index.php?action=register\">try again</a>! </br />\n";
 118       }
 119   }
 120  else
 121    {
 122      /* No information for new user given, ouput a page for registration */
 123
 124      /* check for openid information */
 125      $openid_url = '';
 126      $name       = '';
 127      $email      = '';
 128      if(myisset('openid_url'))
 129        $openid_url = $_REQUEST['openid_url'];
 130      if(myisset('openidname'))
 131        $name       = $_REQUEST['openidname'];
 132      if(myisset('openidemail'))
 133        $email      = $_REQUEST['openidemail'];
 134
 135      if($openid_url=='')
 136        echo "<p><br /><strong> IMPORTANT: passwords are going over the net as clear text, so pick an easy password. ".
 137          "No need to pick anything complicated here ;)<br />";
 138      echo "N.B. Your email address will be exposed to other players whom you play games with. ";
 139      echo "<br /><br /></strong></p>";
 140      echo '        <form action="index.php?action=register" method="post">';
 141      echo '          <fieldset>';
 142      echo '            <legend>Register</legend>';
 143      echo '             <table>';
 144      echo '              <tr>';
 145      echo '               <td><label for="Rfullname">Full name:</label></td>';
 146      echo "            <td><input type=\"text\" id=\"Rfullname\" name=\"Rfullname\" size=\"20\" maxlength=\"30\" value=\"$name\" /> </td>";
 147      echo '              </tr><tr>';
 148      echo '               <td><label for="Remail">Email:</label></td>';
 149      echo "            <td><input type=\"text\" id=\"Remail\" name=\"Remail\" size=\"20\" maxlength=\"30\" value=\"$email\" /></td>";
 150      echo '              </tr><tr>';
 151      if($openid_url=='')
 152        {
 153          echo '        <td><label for="Rpassword">Password(will be displayed in cleartext on the next page):</label></td>';
 154          echo '               <td><input type="password" id="Rpassword" name="Rpassword" size="20" maxlength="30" /></td>';
 155          echo '              </tr><tr>';
 156        }
 157      else
 158        {
 159          echo '        <td><label for="Ropenid">OpenId:</label></td>';
 160          echo '               <td><input type="text" id="Ropenid" name="Ropenid" size="20" maxlength="50" value="'.htmlentities($openid_url).'" /></td>';
 161          echo '              </tr><tr>';
 162        }
 163      echo '            <td><label for="Rtimezone">Timezone:</label></td>';
 164      echo '               <td>';
 165
 166      output_select_timezone("Rtimezone");
 167 ?>
 168                </td>
 169               </tr><tr>
 170               </tr><tr>
 171 <?php
 172               /* random number to select robotproof question */
 173               $rand_number = mt_rand(0,3); /* to get numbers between 0 and 4  */
 174               $Robotproof = "Robotproof".$rand_number;
 175 ?>
 176                 <td><label for="Robotproof">Please answer this question: <?php echo output_robotproof($rand_number); ?></label></td>
 177 <?php
 178          echo "<td><input type=\"text\" id=\"$Robotproof\" name=\"$Robotproof\" size=\"20\" maxlength=\"30\" /></td>\n";
 179 ?>
 180               </tr><tr>
 181                <td colspan="2"> <input type="submit" value="register" /></td>
 182               </tr>
 183              </table>
 184           </fieldset>
 185         </form>
 186 <?php
 187    }
 188 ?>