query("SELECT * FROM {$tablepre}settings WHERE variable IN ('bbrules', 'bbrulestxt', 'welcomemsg', 'welcomemsgtxt')"); while($setting = $db->fetch_array($query)) { $$setting['variable'] = $setting['value']; } $query = $db->query("SELECT groupid, allownickname, allowcstatus, allowavatar, allowcusbbcode, allowsigbbcode, allowsigimgcode, maxsigsize FROM {$tablepre}usergroups WHERE ".($regverify ? "groupid='8'" : "creditshigher<=".intval($initcredits)." AND ".intval($initcredits)."fetch_array($query); $seccodecheck = substr(sprintf('%05b', $seccodestatus), -1, 1); $fromuid = $_DCOOKIE['promotion'] && $creditspolicy['promotion_register'] ? intval($_DCOOKIE['promotion']) : 0; if(!submitcheck('regsubmit', 0, $seccodecheck)) { $referer = isset($referer) ? dhtmlspecialchars($referer) : dreferer(); if($bbrules && !submitcheck('rulesubmit')) { $bbrulestxt = nl2br("\n$bbrulestxt\n\n"); } else { $enctype = $groupinfo['allowavatar'] == 3 ? 'enctype="multipart/form-data"' : NULL; $accessexp = '/('.str_replace("\r\n", '|', preg_quote($accessemail, '/')).')$/i'; $censorexp = '/('.str_replace("\r\n", '|', preg_quote($censoremail, '/')).')$/i'; $accessemail = str_replace("\r\n", '/', $accessemail); $censoremail = str_replace("\r\n", '/', $censoremail); $advcheck = $regadvance ? 'checked' : ''; $advdisplay = $regadvance ? '' : 'none'; $fromuser = !empty($fromuser) ? dhtmlspecialchars($fromuser) : ''; $styleselect = $dayselect = ''; $query = $db->query("SELECT styleid, name FROM {$tablepre}styles WHERE available='1'"); while($styleinfo = $db->fetch_array($query)) { $styleselect .= ''.$styleinfo['name'].''."\n"; } if($fromuid) { $query = $db->query("SELECT username FROM {$tablepre}members WHERE uid='$fromuid'"); if($db->num_rows($query)) { $fromuser = dhtmlspecialchars($db->result($query, 0)); } else { dsetcookie('promotion', ''); } } for($num = 1; $num <= 31; $num++) { $dayselect .= ''.$num.''; } $dateformatorig = $dateformat; $dateformatorig = str_replace('n', 'mm', $dateformatorig); $dateformatorig = str_replace('j', 'dd', $dateformatorig); $dateformatorig = str_replace('y', 'yy', $dateformatorig); $dateformatorig = str_replace('Y', 'yyyy', $dateformatorig); } if($seccodecheck) { $seccode = random(4, 1); } include template('register'); } else { require_once DISCUZ_ROOT.'./include/discuzcode.func.php'; include_once DISCUZ_ROOT.'./forumdata/cache/cache_bbcodes.php'; $email = trim($email); $username = trim($username); $alipay = trim($alipay); if(strlen($username) < 3) { showmessage('profile_username_tooshort'); // profile_username_tooshort } if(strlen($username) > 15) { showmessage('profile_username_toolong'); } if($password != $password2) { showmessage('profile_passwd_notmatch'); } $guestexp = '\xA1\xA1|\xAC\xA3|^Guest|^\xD3\xCE\xBF\xCD|\xB9\x43\xAB\xC8'; $censorexp = '/^('.str_replace(array('\\*', "\r\n", ' '), array('.*', '|', ''), preg_quote(($censoruser = trim($censoruser)), '/')).')$/i'; if(preg_match("/^\s*$|^c:\\con\\con$|[%,\*\"\s\t\<\>\&]|$guestexp/is", $username) || ($censoruser && @preg_match($censorexp, $username))) { showmessage('profile_username_illegal'); } if($censoruser && (@preg_match($censorexp, $nickname) || @preg_match($censorexp, $cstatus))) { showmessage('profile_nickname_cstatus_illegal'); } if(!$password || $password != addslashes($password)) { showmessage('profile_passwd_illegal'); } $accessexp = '/('.str_replace("\r\n", '|', preg_quote($accessemail, '/')).')$/i'; $censorexp = '/('.str_replace("\r\n", '|', preg_quote($censoremail, '/')).')$/i'; $invalidemail = $accessemail ? !preg_match($accessexp, $email) : $censoremail && preg_match($censorexp, $email); if(!isemail($email) || $invalidemail) { showmessage('profile_email_illegal'); } if($alipay && !isemail($alipay)) { showmessage('profile_alipay_illegal'); } if($msn && !isemail($msn)) { showmessage('profile_alipay_msn'); } $fieldadd1 = $fieldadd2 = ''; foreach(array_merge($_DCACHE['fields_required'], $_DCACHE['fields_optional']) as $field) { $field_key = 'field_'.$field['fieldid']; $field_val = ${'field_'.$field['fieldid'].'new'}; if($field['required'] && trim($field_val) == '') { showmessage('profile_required_info_invalid'); } elseif($field['selective'] && $field_val != '' && !isset($field['choices'][$field_val])) { showmessage('undefined_action', NULL, 'HALTED'); } else { $fieldadd1 .= ", $field_key"; $fieldadd2 .= ', \''.dhtmlspecialchars($field_val).'\''; } } if($regverify == 2 && !trim($regmessage)) { showmessage('profile_required_info_invalid'); } if($groupinfo['maxsigsize']) { if(strlen($signature) > $groupinfo['maxsigsize']) { $maxsigsize = $groupinfo['maxsigsize']; showmessage('profile_sig_toolong'); } } else { $signature = ''; } if($ipregctrl) { foreach(explode("\n", $ipregctrl) as $ctrlip) { if(preg_match("/^(".preg_quote(($ctrlip = trim($ctrlip)), '/').")/", $onlineip)) { $ctrlip = $ctrlip.'%'; $regctrl = 72; break; } } } else { $ctrlip = $onlineip; } if($regctrl) { $query = $db->query("SELECT ip FROM {$tablepre}regips WHERE ip LIKE '$ctrlip' AND count='-1' AND dateline>$timestamp-'$regctrl'*3600 LIMIT 1"); if($db->num_rows($query)) { showmessage('register_ctrl', NULL, 'HALTED'); } } $query = $db->query("SELECT uid FROM {$tablepre}members WHERE username='$username'"); if($db->num_rows($query)) { showmessage('profile_username_duplicate'); } if(!$doublee) { $query = $db->query("SELECT uid FROM {$tablepre}members WHERE email='$email' LIMIT 1"); if($db->num_rows($query)) { showmessage('profile_email_duplicate'); } } if($regfloodctrl) { $query = $db->query("SELECT count FROM {$tablepre}regips WHERE ip='$onlineip' AND count>'0' AND dateline>'$timestamp'-86400"); if($regattempts = $db->result($query, 0)) { if($regattempts >= $regfloodctrl) { showmessage('register_flood_ctrl', NULL, 'HALTED'); } else { $db->query("UPDATE {$tablepre}regips SET count=count+1 WHERE ip='$onlineip' AND count>'0'"); } } else { $db->query("INSERT INTO {$tablepre}regips (ip, count, dateline) VALUES ('$onlineip', '1', '$timestamp')"); } } $password = md5($password); $secques = quescrypt($questionid, $answer); $tppnew = in_array($tppnew, array(10, 20, 30)) ? $tppnew : 0; $pppnew = in_array($pppnew, array(5, 10, 15)) ? $pppnew : 0; if($dateformatnew) { $dateformatnew = str_replace('mm', 'n', $cdateformatnew); $dateformatnew = str_replace('dd', 'j', $dateformatnew); $dateformatnew = str_replace('yyyy', 'Y', $dateformatnew); $dateformatnew = str_replace('yy', 'y', $dateformatnew); } else { $dateformatnew = ''; } $dateformatnew = str_replace('mm', 'n', $dateformatnew); $dateformatnew = str_replace('dd', 'j', $dateformatnew); $dateformatnew = str_replace('yyyy', 'Y', $dateformatnew); $dateformatnew = str_replace('yy', 'y', $dateformatnew); $icq = preg_match("/^([0-9]+)$/", $icq) && strlen($icq) >= 5 && strlen($icq) <= 12 ? $icq : ''; $qq = preg_match("/^([0-9]+)$/", $qq) && strlen($qq) >= 5 && strlen($qq) <= 12 ? $qq : ''; $bday = datecheck($bday) ? $bday : '0000-00-00'; //$avatar = dhtmlspecialchars($avatar); $yahoo = dhtmlspecialchars($yahoo); $msn = dhtmlspecialchars($msn); $taobao = dhtmlspecialchars($taobao); $email = dhtmlspecialchars($email); $alipay = dhtmlspecialchars($alipay); $bday = dhtmlspecialchars($bday); $signature = censor($signature); $sigstatus = $signature ? 1 : 0; $sightml = addslashes(discuzcode(stripslashes($signature), 1, 0, 0, 0, ($groupinfo['allowsigbbcode'] ? ($groupinfo['allowcusbbcode'] ? 2 : 1) : 0), $groupinfo['allowsigimgcode'], 0)); $bio = censor(dhtmlspecialchars($bio)); $site = dhtmlspecialchars(trim(preg_match("/^https?:\/\/.+/i", $site) ? $site : ($site ? 'http://'.$site : ''))); $locationnew = cutstr(censor(dhtmlspecialchars($locationnew)), 30); $nickname = $groupinfo['allownickname'] ? cutstr(censor(dhtmlspecialchars($nickname)), 30) : ''; $cstatus = $groupinfo['allowcstatus'] ? cutstr(censor(dhtmlspecialchars($cstatus)), 30) : ''; $invisiblenew = $invisiblenew && $groupinfo['allowinvisible'] ? 1 : 0; $idstring = random(6); $authstr = $regverify == 1 ? "$timestamp\t2\t$idstring" : ''; //avatar $avatar = ''; $avatarimagesize = array(); if($groupinfo['allowavatar'] == 3 && disuploadedfile($_FILES['customavatar']['tmp_name']) && $_FILES['customavatar']['tmp_name'] != 'none' && $_FILES['customavatar']['tmp_name'] && trim($_FILES['customavatar']['name'])) { $_FILES['customavatar']['name'] = daddslashes($_FILES['customavatar']['name']); $avatarext = strtolower(fileext($_FILES['customavatar']['name'])); if(!in_array($avatarext, array('gif', 'jpg', 'png'))) { showmessage('profile_avatar_invalid'); } $avatar = 'customavatars/'.$uid.'.'.$avatarext; $avatartarget = DISCUZ_ROOT.'./'.$avatar; if(!@copy($_FILES['customavatar']['tmp_name'], $avatartarget)) { @move_uploaded_file($_FILES['customavatar']['tmp_name'], $avatartarget); } $avatarimagesize = @getimagesize($avatartarget); if(!$avatarimagesize) { @unlink($avatartarget); showmessage('profile_avatar_invalid'); } elseif($maxavatarsize && filesize($avatartarget) > $maxavatarsize) { @unlink($avatartarget); showmessage('profile_avatar_toobig'); } if(is_array($avatarextarray) && !in_array($avatarext, $avatarextarray)) { showmessage('profile_avatar_invalid'); } } elseif(($groupinfo['allowavatar'] == 2 || $groupinfo['allowavatar'] == 3) && $urlavatar) { if(!preg_match("/^(http:\/\/.+?)|(images\/avatars\/.+?)|(customavatars\/.+?)$/i", $urlavatar)) { showmessage('profile_avatar_invalid'); } $avatarimagesize = @getimagesize($urlavatar); $avatar = $urlavatar; } elseif(($groupinfo['allowavatar'] == 1 || $groupinfo['allowavatar'] == 2 || $groupinfo['allowavatar'] == 3) && $systemavatar) { if(!preg_match("/^(images\/avatars\/.+?)$/i", $systemavatar)) { showmessage('profile_avatar_invalid'); } $avatarimagesize = @getimagesize($systemavatar); $avatar = $systemavatar; } if($avatar) { if(!in_array(strtolower(fileext($avatar)), array('gif', 'jpg', 'png'))) { showmessage('profile_avatar_invalid'); } $avatar = dhtmlspecialchars(trim($avatar)); if($avatarwidth == '*' || $avatarheight == '*' || $avatarwidth == '' || $avatarheight == '') { $avatarwidth = $avatarheight = ($maxavatarpixel ? round($maxavatarpixel * 0.6) : 80); @list($avatarwidth, $avatarheight) = $avatarimagesize ? $avatarimagesize : array($avatarwidth, $avatarheight); } $maxsize = max($avatarwidth, $avatarheight); if($maxsize > $maxavatarpixel) { $avatarwidth = $avatarwidth * $maxavatarpixel / $maxsize; $avatarheight = $avatarheight * $maxavatarpixel / $maxsize; } } $showemailnew = $showemailnew ? 1 : 0; $db->query("INSERT INTO {$tablepre}members (username, password, secques, gender, adminid, groupid, regip, regdate, lastvisit, lastactivity, posts, credits, extcredits1, extcredits2, extcredits3, extcredits4, extcredits5, extcredits6, extcredits7, extcredits8, email, bday, sigstatus, tpp, ppp, styleid, dateformat, timeformat, pmsound, showemail, newsletter, invisible, timeoffset) VALUES ('$username', '$password', '$secques', '$gendernew', '0', '$groupinfo[groupid]', '$onlineip', '$timestamp', '$timestamp', '$timestamp', '0', $initcredits, '$email', '$bday', '$sigstatus', '$tppnew', '$pppnew', '$styleidnew', '$dateformatnew', '$timeformatnew', '$pmsoundnew', '$showemailnew', '$newsletter', '$invisiblenew', '$timeoffsetnew')"); $uid = $db->insert_id(); $db->query("INSERT INTO {$tablepre}memberfields (uid, nickname, site, icq, qq, yahoo, msn, taobao, alipay, location, bio, signature, sightml, customstatus, authstr, avatar, avatarwidth, avatarheight $fieldadd1) VALUES ('$uid', '$nickname', '$site', '$icq', '$qq', '$yahoo', '$msn', '$taobao', '$alipay', '$locationnew', '$bio', '$signature', '$sightml', '$cstatus', '$authstr', '$avatar', '$avatarwidth', '$avatarheight' $fieldadd2)"); if($regctrl || $regfloodctrl) { $db->query("DELETE FROM {$tablepre}regips WHERE dateline<='$timestamp'-".($regctrl > 72 ? $regctrl : 72)."*3600", 'UNBUFFERED'); if($regctrl) { $db->query("INSERT INTO {$tablepre}regips (ip, count, dateline) VALUES ('$onlineip', '-1', '$timestamp')"); } } if($regverify == 2) { $db->query("REPLACE INTO {$tablepre}validating (uid, submitdate, moddate, admin, submittimes, status, message, remark) VALUES ('$uid', '$timestamp', '0', '', '1', '0', '$regmessage', '')"); } if($welcomemsg && !empty($welcomemsgtxt)) { $welcomtitle = "Welcome to $bbname!"; $welcomtitle = addslashes($welcomtitle); $welcomemsgtxt = addslashes($welcomemsgtxt); $db->query("INSERT INTO {$tablepre}pms (msgfrom, msgfromid, msgtoid, folder, new, subject, dateline, message) VALUES ('System Message', '0', '$uid', 'inbox', '1', '$welcomtitle', '$timestamp','$welcomemsgtxt')"); $db->query("UPDATE {$tablepre}members SET newpm='1' WHERE uid='$uid'"); } if($fromuid) { updatecredits($fromuid, $creditspolicy['promotion_register']); dsetcookie('promotion', ''); } $discuz_uid = $uid; $discuz_user = $username; $discuz_userss = stripslashes($discuz_user); $discuz_pw = $password; $discuz_secques = $secques; $groupid = $groupinfo['groupid']; $styleid = $styleid ? $styleid : $_DCACHE['settings']['styleid']; require_once DISCUZ_ROOT.'./include/cache.func.php'; $_DCACHE['settings']['totalmembers']++; $_DCACHE['settings']['lastmember'] = $discuz_userss; updatesettings(); switch($regverify) { case 1: sendmail("$username <$email>", 'email_verify_subject', 'email_verify_message'); showmessage('profile_email_verify'); break; case 2: showmessage('register_manual_verify', 'memcp.php'); break; default: if($passport_status == 'shopex' && $passport_shopex) { $dreferer = dreferer(); $verify = md5('login'.$dreferer.$passport_key); showmessage('register_succeed', 'api/relateshopex.php?action=login&forward='.rawurlencode($dreferer).'&verify='.$verify); } else { showmessage('register_succeed', dreferer()); } break; } } ?>