You can still use the guest functions but we're not allowed to record data on you (even a username/email... it's the law) please come back when you are ".MIN_AGE_REGISTER.". Thank you!"); define('STR_ERR_BAD_USERNAME', "Usernames must be 2 characters or longer and can only contain letters, numbers, hyphens (-), and underscores (_)."); define('STR_ERR_USERNAME_TAKEN', "An account with that username already exists. Please choose a different username."); define('STR_ERR_FOUND_NOT_VERIFIED', "An account with that username has already been created but the email address has not been verified. Please click here to re-send the verification email"); define('STR_ERR_PASSWORD_MISMATCH', "The passwords you entered did not match."); define('STR_ERR_PASSWORD_TOO_SHORT', "Your password must be at least %MIN_CHARS% characters long."); define('STR_ERR_BAD_EMAIL', "Please enter a valid email address."); define('STR_ERR_REPEATED_EMAIL', "There is a limit of one account per email address and there is an account on record with this address. If you have forgotten your password, please click here to retrieve it."); define('STR_ERR_BAD_IMAGE_CODE', "The code you entered did not match the image."); define('STR_ERR_CANT_CREATE_ACCT', "Error creating account."); //// // Adds a new user to the system. This function requires that a session var, 'secret' be set // and match the value passed in. This is used to enforce the use of the CAPTCHA. // // To attempt to be intuitive, the order of the parameters is the (current... may be changed) order of the // parameters in the RegistrationMod. // // Returns true on success, error message on failure. //// function api_createUser($dateOfBirth, $username, $email, $pass1, $pass2, $code, $sendConfirm=true){ mysql_begin(); ob_start(); //Validate the input... $err = ""; // Check the age of the registrant $daysInYear = 365.242199; // Takes into account leap-years, etc. $secondsInYear = (60*60*24*$daysInYear); // seconds*minutes*hours*days $age = ((strtotime('now')-strtotime($dateOfBirth)) / $secondsInYear); if((floor($age) < MIN_AGE_REGISTER && !$isBand) || (getVal($_SESSION, 'blockRegistration') === true)){ // Note: Unlike Pedlr where this code was written for, OffhandWay isn't designed for social networking, so it's not necessary to be this paranoid about blocking people. // Often, legitimate users of Pedlr were mistyping their age once then getting banned and didn't understand why (the complaints were surprisingly common... people probably put the current year in instead of their birth year). // $_SESSION['blockRegistration'] = true; // they can't register at all during this session. Would do a ban on the email until their birthdate (to actually be.. EFFECTIVE) but it's illegal to store their email address. $err = STR_ERR_TOO_YOUNG; } else { // Check for conflicts with existing users (and whether they are confirmed or not). if(0 >= preg_match("/^[0-9a-zA-Z_-][0-9a-zA-Z_-]+$/", $username)){ $err.= (($err=="")?"":"
"); $err.= STR_ERR_BAD_USERNAME; } else { // Some reserved names that we don't have accounts for yet & don't want to let people use (because they pose some threat that the user could scam other users by pretending to be one of the administrators). // NON-PORTABLE: There should be some config file somewhere which allows users to set this and other non-portable definitions more easily. $reservedNames = array( "dil", "doitlater", "admin", "webmaster", "sean_colombo", "geoff_brown", "pedlr", "lyricwiki" ); $alreadyExists = in_array(strtolower($username), $reservedNames); include_once 'user.php'; $tempUser = new User(); if($tempUser->requiresVerification()){ $alreadyExists = ($alreadyExists || (0 < simpleQuery("SELECT COUNT(*) FROM users WHERE username='$username' AND isVerified=1"))); } else { $alreadyExists = ($alreadyExists || (0 < simpleQuery("SELECT COUNT(*) FROM users WHERE username='$username'"))); } if($alreadyExists){ $err.= (($err=="")?"":"
"); $err.= STR_ERR_USERNAME_TAKEN; } else if(($tempUser->requiresVerification()) && (0 < simpleQuery("SELECT COUNT(*) FROM users WHERE username='$username' AND isVerified=0"))){ $dir = $_SERVER['PHP_SELF']; $dir = substr($dir, 0, strrpos($dir, "/")+1); // So it will work regardless of where user installed Motive Suggest. $link = "http://".$_SERVER['SERVER_NAME'].$dir."verify.php?sendConfirm=$username&index=".$_SERVER['PHP_SELF']; $err.= (($err=="")?"":"
"); $err.= str_replace("%LINK%", $link, STR_ERR_FOUND_NOT_VERIFIED); } } // Validate the password and email address. if($err == ''){ if($pass1 != $pass2){ $err.= (($err=="")?"":"
"); $err.= STR_ERR_PASSWORD_MISMATCH; } $MIN_CHARS = 5; if(strlen($pass1) < $MIN_CHARS){ $err.= (($err=="")?"":"
"); $err.= str_replace("%MIN_CHARS%", $MIN_CHARS, STR_ERR_PASSWORD_TOO_SHORT); } // This regular expression should accept an email address with any TLD. if(0 == preg_match("/^([a-zA-Z0-9_\.\-\+])+\@(([a-zA-Z0-9\-])+\.)+[a-zA-Z]+$/", $email)){ $err.= (($err=="")?"":"
"); $err.= STR_ERR_BAD_EMAIL; } else if(0< simpleQuery("SELECT COUNT(*) FROM users WHERE emailAddr='$email'")){ $err.= (($err=="")?"":"
"); $link = "/forgotPass.php"; $err.= str_replace("%LINK%", $link, STR_ERR_REPEATED_EMAIL); } $secret = getVal($_SESSION, 'secret'); if(($secret=="") || ($secret!=$code)){ $err.= (($err=="")?"":"
"); $err.= STR_ERR_BAD_IMAGE_CODE; } } $isBand = $isBand ? 1 : 0; if($err == ''){ $passHash = md5($pass1); $emailHash = md5("$email - Motive Force - ".mt_rand()); // As long as the mt_rand is used, the rest is irrelevant (can be removed if desired). $queryString = "INSERT INTO users (username,password,emailAddr,emailHash,dateOfBirth,createdOn) VALUES ("; $queryString.= "'$username', '$passHash', '$email', '$emailHash', '$dateOfBirth', NOW())"; if(!sendQuery($queryString)){ $mError = "\nmysql_error: ".mysql_error(); // will be removed by the rollback, so grab it here explicitly (usually done in logQueryError() automatically). mysql_rollback(); // so that the error message actually gets logged but other queries get dumped. logQueryError("Problem creating new user.", $queryString.$mError); $err.= (($err=="")?"":"
"); $err.= STR_ERR_CANT_CREATE_ACCT; } } } $longError = ob_get_contents(); ob_end_clean(); // Redisplay the form with an error message if needed. if($err == ""){ // Log the new user in (they have a week to confirm their email address). $user = getUser(); $user->login($username, $pass1); $retVal = true; // Create other entries that each user should have $userId = $user->getId(); sendQuery("INSERT INTO userPreferences (user_id,createdOn) VALUES ($userId, NOW())"); // use defaults wherever possible sendQuery("INSERT INTO userStats (user_id) VALUES ($userId)"); mysql_commit(); // Sometimes the API won't send messages, the default "signUp" page will send messages though. if($sendConfirm){ include_once 'includes/emailTools.php'; $sendErr = sendConfirm($username); if($sendErr != ""){ // This wasn't displaying properly, and is probably the wrong thing to do. They _did_ register, so show them a welcomeModule, we'll fix the email problems on our own. //$err.= (($err=="")?"":"
"); //$err.= $sendErr; //requireLogin(false, $err, $longError); logEvent($sendErr, 2); // email problems are fairly serious } } } else { mysql_rollback(); } return (($err=="")?true:$err); } // end api_createUser() //// // //// function api_setPageLayout(){ } // end api_setPageLayout() //// // //// function api_updateProfile(){ } // end api_updateProfile() //// // Completely refactors a username changing all references in the database from the old to the new // and inserting a redirect into the database that will persist until someone else registers the old // username. // // Returns true on success, error-string on failure. //// function api_changeUsername($origUsername, $changedUsername){ $err = ""; $num = simpleQuery("SELECT COUNT(*) FROM users WHERE username='$origUsername'"); if($num > 0){ $alreadyExists = simpleQuery("SELECT COUNT(*) FROM users WHERE username='$changedUsername'"); if(!$alreadyExists){ mysql_begin(); // Start transaction // Change main data sendQuery("UPDATE users SET username='$changedUsername' WHERE username='$origUsername'"); // Change peripheral data sendQuery("UPDATE messages SET fromUser='$changedUsername' WHERE fromUser='$origUsername'"); sendQuery("UPDATE messages SET toUser='$changedUsername' WHERE toUser='$origUsername'"); // LIMIT 1 since the relationship system is (serially) monogomous (this will make requests where there is a result end faster). sendQuery("UPDATE userProfiles SET significantOther='$changedUsername' WHERE significantOther='$origUsername' LIMIT 1"); // can't check first to see if this user has a sig-other just to make this faster (due to criss-crossing requests). // Make redirect (overwrite old redirect). sendQuery("REPLACE INTO profileRedirects (username, redirectTo) VALUES ('$origUsername', '$changedUsername')"); // Move the user's profile-icons. include_once "includes/profilePicTools.php"; $origIcon = ppicUrl($origUsername); $changedIcon = ppicUrl($changedUsername, true); // the 'true' makes directories as it looks. // This move() function is our own custom func which overwrites the dest file if it exists. move($origIcon.PPIC_DELIM.IMG_LIL, $changedIcon.PPIC_DELIM.IMG_LIL); move($origIcon.PPIC_DELIM.IMG_MED, $changedIcon.PPIC_DELIM.IMG_MED); move($origIcon.PPIC_DELIM.IMG_BIG, $changedIcon.PPIC_DELIM.IMG_BIG); if($err == ""){ mysql_commit(); } else { mysql_rollback(); } } else { $err .= "User \"$changedUsername\" already exists.
\n"; } } else { $err .= "User \"$origUsername\" not found.
\n"; } return (($err=="")?true:$err); } // end api_changeUsername() ?>