1 (edited by 2005-01-16 18:27:24)

Topic: Souped Up Register.php

choose to generate passwords and send them in emails to users or ask them for passwords

requires the following two (2) hacks:

/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 register.php - Build 004a - Configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */

// With what level to be registered member.
//  4 = Commenter
//  3 = Journalist
//  2 = Editor
//  1 = Administrator
$register_level = "4";

// Allow multiple users to use same Email Address?
//  yes
//  no
$email_multiple = "no";

// Send password in an email (if no the script will ask for password)
//  yes
//  no
$email_password = "yes";

// Send an email to the admin when a new user signs up?
//  yes
//  no
$email_admin = "no";

// Username Filter
//  These characters will not be allowed in usernames or passwords
$filter = array(" ", "<", ">", "\n", "\r", "|", "'", "\"");

/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 END - END - END - END - END -- Do Not Edit Below
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
if ($register_level=="4") $level_mail="Commenter";
if ($register_level=="3") $level_mail="Journalist";
if ($register_level=="2") $level_mail="Editor";
if ($register_level=="1") $level_mail="Administrator";
error_reporting (E_ALL ^E_NOTICE);

if($action != "doregister"){
echoheader("user", "$level_mail Registration");

if ($email_password == "no") {
$prompt_password = <<<HTML
      <td width=80>Password: </td>
      <td><input tabindex=3 type=text name=regpassword  style="width:134" size="20"></td>
      <td width=80>Confirm Password: </td>
      <td><input tabindex=4 type=text name=confpassword  style="width:134" size="20"></td>
} else { $prompt_password = ""; }

   <table leftmargin=0 marginheight=0 marginwidth=0 topmargin=0 border=0 height=100% cellspacing=0>
    <form  name=login action="$PHP_SELF" method=post>
      <td width=80>
Username: </td>
<input tabindex=1 type=text name=regusername  style="width:134" size="20"></td>
      <td width=80>Email: </td>
      <td><input tabindex=3 type=text name=regemail  style="width:134" size="20"></td>
      <td width=80>Confirm Email: </td>
      <td><input tabindex=4 type=text name=confemail  style="width:134" size="20"></td>
      <td width=80>Hide Email: </td>
      <td><input type=checkbox name=reghide></td>
      <td ><input accesskey="s" type=submit style="background-color: #F3F3F3;" value='Register'></td>
    <input type=hidden name=action value=doregister>

if($email_password == "yes"){ $regpassword = makeRandomPassword(); $confpassword = $regpassword; }
if(!$regusername){ msg("error","Error !!!", "Username can not be blank"); }
if(!$regpassword || !$confpassword || $regpassword != $confpassword)  { msg("error","Error !!!", "Password can not be blank, both fields must match"); }
if(!$regemail || !$confemail || $regemail != $confemail)  { msg("error","Error !!!", "Email can not be blank, both fields must match"); }
if(!preg_match("/^[\.A-z0-9_\-]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[A-z]{1,4}$/", $regemail)){ msg("error","Error !!!", "Invalid Email."); }
for ($f = 0; $f <= sizeof($filter); $f++) { if (stristr($regusername, $filter[$f])) { msg("error","Error !!!", "Invalid Username."); } }
for ($f = 0; $f <= sizeof($filter); $f++) { if (stristr($regpassword, $filter[$f])) { msg("error","Error !!!", "Invalid Password."); } }

$add_time = time()+($config_date_adjust*60);
if ($reghide=="on") { $hidemail="1"; } else { $hidemail="0"; }

$all_users = file("./data/users.db.php");
foreach($all_users as $null => $user_line) {
    $user_arr = explode("|", $user_line);
    if(stristr("|".$user_arr[2]."|", "|".$regusername."|")){ msg("error", "Error", "This username is already taken"); }
    if($email_multiple=="no" && stristr("|".$user_arr[5]."|", "|".$regemail."|")){ msg("error", "Error", "This email address is registered to another user!"); }

$users_file = fopen("./data/users.db.php", "a");
fwrite($users_file, "$add_time|$register_level|$regusername|".md5($regpassword)."||$regemail|0|$hidemail||||||\n");

if ($email_password == "yes"){ cute_mail($regemail, "Registration at $SERVER_NAME", "$regusername, you have registered successfully. \n ---------- \n Your User Level is: $level_mail \n Your Password is: $regpassword \n You can change this once you login. \n ---------- \n You can login here: $config_http_script_dir/ \n Thank You for Registering!"); }
if ($email_admin == "yes") { cute_mail($config_mail_admin_address, "New User: $regusername", "$regusername has registered on your CuteNews system. \n The address used to register was: $regemail \n To delete this user go to the following address: $config_http_script_dir/index.php?mod=editusers&action=dodeleteuser&id=$add_time"); }

if (!isset($config_mail_admin_address) || $config_mail_admin_address == "") { $problem_contact = "our staff"; }
else { $problem_contact = "[url=]".$email_admin_address."[/url]"; }
if ($email_password == "yes"){ msg("user", "$level_mail Added", "You have successfully registered as [b]\"$regusername\"[/b].
Your password has been emailed to [b]\"$regemail\"[/b].
If this information is wrong or you do not recieve your password please contact $problem_contact."); }
else { msg("user", "$level_mail Added", "You have successfully registered as [b]\"$regusername\"[/b].
Your password is [b]\"$regpassword\"[/b].
Your email address is [b]\"$regemail\"[/b].
If this information is wrong please contact $problem_contact."); }

vallgard/VienoZ: send e-mail to successfully registered users
chonz0: confirm password (used to make confirm e-mail)

changes i made:
confirm e-mail instead of confirm password (password isnt asked for anymore)
password is randomly generated, and e-mailed to the user as a way of confirmation (enable/disable this option at top)
usernames can not match existing usernames ( CASE INSENSITIVE )
e-mail address can only be used by one user (enable/disable this option at top)
send mail to admin when user registers (enable/disable this option at top)

if anyone has any other suggestions let me know :-)