#!/usr/bin/perl
########################################################################
# COPYRIGHT NOTICE:
#
# Copyright 2007 FocalMedia.Net All Rights Reserved.
#
# Selling the code for this program without prior written consent
# from FocalMedia.Net is expressly forbidden. You may not
# redistribute this program in any shape or form.
#
# This program is distributed "as is" and without warranty of any
# kind, either express or implied. In no event shall the liability
# of FocalMedia.Net for any damages, losses and/or causes of action
# exceed the total amount paid by the user for this software.
#
########################################################################
#### EDIT HERE -- FOR WINDOWS/IIS BASED INSTALLATIONS ONLY #######
$config_cgi = "config.cgi"; ## <-- CHANGE THIS LINE TO THE FULL SERVER PATH TO config.cgi
# THE PATH ON A WINDOWS INSTALLATION WILL LOOK SOMETHING LIKE THIS:
# $config_cgi = "c:/inetpub/webpub/cgi-bin/pseek/config.cgi";
#### DO NOT CHANGE ANYTHING BELOW THIS LINE #################
#use FindBin;
#use lib $FindBin::Bin;
use CGI;
use DBI;
use CGI::Carp qw(fatalsToBrowser);
use mysdesk;
use fmspm;
&get_setup;
fmspm::check_spamb("register.cgi", "header", $data_dir);
$q = CGI->new;
#################
print "Content-type: text/html\n\n";
if ($q->param('fct') eq "") { &start; }
if ($q->param('fct') eq "register_user") { ®ister_user; }
sub register_user
{
### CHECK FOR ERRORS
$fullname = $q->param('fullname');
$email = $q->param('email');
$username = $q->param('username');
$password = $q->param('password');
$extra1 = $q->param('extra1');
$extra2 = $q->param('extra2');
$extra3 = $q->param('extra3');
$extra4 = $q->param('extra4');
$extra5 = $q->param('extra5');
$extra6 = $q->param('extra6');
$extra7 = $q->param('extra7');
$extra8 = $q->param('extra8');
$extra9 = $q->param('extra9');
$extra10 = $q->param('extra10');
$extra11 = $q->param('extra11');
$extra12 = $q->param('extra12');
$extra13 = $q->param('extra13');
$extra14 = $q->param('extra14');
$extra15 = $q->param('extra15');
if ($fullname eq "") {$error_text = "Please supply us with your fullname."; }
if ($email eq "") {$error_text = "Please supply us with your email address."; }
if ($username eq "") {$error_text = "Please choose a user name."; }
if ($password eq "") {$error_text = "Please choose a password."; }
$imgresult = mysdesk::check_img_auth;
if ($imgresult eq "false") {$error_text = "The letters you supplied did not match."; }
### EXTRA FIELD ERROR CHECKING
$efields = mysdesk::get_file_contents("$data_dir/keys.dat");
@field_lines = split (/\n/, $efields);
$acnt = 1;
foreach $fitem (@field_lines)
{
($aname, $areq) = split (/\t/, $fitem);
$finame = "extra" . $acnt;
$finame = $q->param($finame);
if (($areq eq "Yes") and ($finame eq ""))
{
$error_text = "You did not provide a value for the '$aname' field.";
}
$acnt++;
}
#########
if ($error_text ne "")
{
&start ($error_text);
exit;
}
### CHECK FOR DUPLICATES
if ($mysql_hostname eq ""){$dsn = "DBI:mysql:$db_name";}else{$dsn = "DBI:mysql:$db_name:$mysql_hostname:$mysql_port";}
$dbh = DBI->connect($dsn, $db_username, $db_password);
if ( !defined $dbh ) {die "Cannot connect to MySQL server: $DBI::errstr\n"; }
$sql = "SELECT * FROM support_users WHERE email = '$email' OR username = '$username'";
$sth = $dbh->prepare($sql);
$sth->execute;
$serror = ""; $serror = $sth->errstr; if ($serror ne "") {die "SQL Syntax Error: $serror - From: $sql";}
$rows = $sth->rows();
if ($rows > 0)
{
$error_text = "The email address and/or user name you have chosen already exists in our database.";
&start ($error_text);
exit;
}
########################
$fullname =~ s/'/\\'/g;
$email =~ s/'/\\'/g;
$username =~ s/'//g; $username =~ s/%//g;
$password =~ s/'/\\'/g;
$extra1 =~ s/'/\\'/g;
$extra2 =~ s/'/\\'/g;
$extra3 =~ s/'/\\'/g;
$extra4 =~ s/'/\\'/g;
$extra5 =~ s/'/\\'/g;
$extra6 =~ s/'/\\'/g;
$extra7 =~ s/'/\\'/g;
$extra8 =~ s/'/\\'/g;
$extra9 =~ s/'/\\'/g;
$extra10 =~ s/'/\\'/g;
$extra11 =~ s/'/\\'/g;
$extra12 =~ s/'/\\'/g;
$extra13 =~ s/'/\\'/g;
$extra14 =~ s/'/\\'/g;
$extra15 =~ s/'/\\'/g;
$sql = "INSERT INTO support_users SET fullname = '$fullname',
email = '$email',
username = '$username',
password = '$password',
extra1 = '$extra1',
extra2 = '$extra2',
extra3 = '$extra3',
extra4 = '$extra4',
extra5 = '$extra5',
extra6 = '$extra6',
extra7 = '$extra7',
extra8 = '$extra8',
extra9 = '$extra9',
extra10 = '$extra10',
extra11 = '$extra11',
extra12 = '$extra12',
extra13 = '$extra13',
extra14 = '$extra14',
extra15 = '$extra15'";
$sth = $dbh->prepare($sql);
$sth->execute;
$serror = ""; $serror = $sth->errstr; if ($serror ne "") {die "SQL Syntax Error: $serror - From: $sql";}
$sth->finish;
$dbh->disconnect;
##########################
$success_tmpl = mysdesk::get_file_contents("$data_dir/reg_success.html");
$success_tmpl =~ s/!!login!!/$script_url\/login\.cgi/gi;
$success_tmpl = mysdesk::insert_template_includes($success_tmpl);
### SEND EMAIL TO REGISTERED USER
$filename = "$data_dir/registered.eml";
$emailmsg = mysdesk::get_file_contents("$filename");
@elines = split (/\n/, $emailmsg);
$from_name = $elines[0];
$from_email = $elines[1];
$subject = $elines[2];
$lnc = 0;
foreach $line (@elines)
{
if ($lnc > 2)
{
$message = $message . $line . "\n";
}
$lnc++;
}
$message =~ s/!!name!!/$fullname/gi;
$message =~ s/!!login!!/$script_url\/login\.cgi/gi;
$message =~ s/!!username!!/$username/gi;
$message =~ s/!!password!!/$password/gi;
mysdesk::send_email($from_name, $from_email, $email, $subject, $message);
print $success_tmpl;
}
sub start
{
my ($error_text1) = @_;
$register_template = mysdesk::get_file_contents("$data_dir/register.html");
$fullname = $q->param('fullname');
$email = $q->param('email');
$username = $q->param('username');
$password = $q->param('password');
$extra1 = $q->param('extra1');
$extra2 = $q->param('extra2');
$extra3 = $q->param('extra3');
$extra4 = $q->param('extra4');
$extra5 = $q->param('extra5');
$extra6 = $q->param('extra6');
$extra7 = $q->param('extra7');
$extra8 = $q->param('extra8');
$extra9 = $q->param('extra9');
$extra10 = $q->param('extra10');
$extra11 = $q->param('extra11');
$extra12 = $q->param('extra12');
$extra13 = $q->param('extra13');
$extra14 = $q->param('extra14');
$extra15 = $q->param('extra15');
$register_template =~ s/!!fullname!!/$fullname/gi;
$register_template =~ s/!!email!!/$email/gi;
$register_template =~ s/!!username!!/$username/gi;
$register_template =~ s/!!password!!/$password/gi;
$register_template =~ s/!!extra1!!/$extra1/gi;
$register_template =~ s/!!extra2!!/$extra2/gi;
$register_template =~ s/!!extra3!!/$extra3/gi;
$register_template =~ s/!!extra4!!/$extra4/gi;
$register_template =~ s/!!extra5!!/$extra5/gi;
$register_template =~ s/!!extra6!!/$extra6/gi;
$register_template =~ s/!!extra7!!/$extra7/gi;
$register_template =~ s/!!extra8!!/$extra8/gi;
$register_template =~ s/!!extra9!!/$extra9/gi;
$register_template =~ s/!!extra10!!/$extra10/gi;
$register_template =~ s/!!extra11!!/$extra11/gi;
$register_template =~ s/!!extra12!!/$extra12/gi;
$register_template =~ s/!!extra13!!/$extra13/gi;
$register_template =~ s/!!extra14!!/$extra14/gi;
$register_template =~ s/!!extra15!!/$extra15/gi;
$register_template =~ s/!!error_text!!/$error_text1/gi;
$register_template =~ s/!!register_cgi!!/$script_url\/register.cgi/gi;
$imgbox = mysdesk::get_imgboxes;
($imdisp, $imgnames) = split (/:::/, $imgbox);
$imgnames =~ s/\.gif//gi;
$register_template =~ s/!!letterboxes!!/$imdisp/g;
$formcrit = qq[];
$register_template =~ s/<\/form>/$formcrit/gi;
$register_template = mysdesk::insert_template_includes($register_template);
print $register_template;
}
#################
sub get_setup
{
$exists = (-e "$config_cgi");
if ($exists > 0)
{
open (STP, "$config_cgi");
while (defined($line=))
{
if ($line =~ m/#/g)
{
$r = pos($line);
$line = substr($line, 0, $r - 1);
}
$line =~ s/\n//g;
if ($line =~ /^DB_NAME/){$db_name = &get_setup_line($line, DB_NAME);}
if ($line =~ /^DB_USERNAME/){$db_username = &get_setup_line($line, DB_USERNAME);}
if ($line =~ /^DB_PASSWORD/){$db_password = &get_setup_line($line, DB_PASSWORD);}
if ($line =~ /^MYSQL_HOSTNAME/){$mysql_hostname = &get_setup_line($line, MYSQL_HOSTNAME);}
if ($line =~ /^MYSQL_PORT/){$mysql_port = &get_setup_line($line, MYSQL_PORT);}
if ($line =~ /^SCRIPT_URL/){$script_url = &get_setup_line($line, SCRIPT_URL);}
if ($line =~ /^ADMIN_URL/){$admin_url = &get_setup_line($line, ADMIN_URL);}
if ($line =~ /^WEB_URL/){$web_url = &get_setup_line($line, WEB_URL);}
if ($line =~ /^WEB_DIR/){$web_dir = &get_setup_line($line, WEB_DIR);}
if ($line =~ /^DATA_DIR/){$data_dir = &get_setup_line($line, DATA_DIR);}
if ($line =~ /^USERNAME/){$username = &get_setup_line($line, USERNAME);}
if ($line =~ /^PASSWORD/){$password = &get_setup_line($line, PASSWORD);}
}
close (STP);
}
}
sub get_setup_line
{
my ($setup_line, $setup_var) = @_;
$crit = "\"";
$setup_line =~ m/$crit/g;
$r1 = pos($setup_line);
$setup_line =~ m/$crit/g;
$r2 = pos($setup_line);
$setup_line = substr($setup_line, $r1, ($r2 - $r1 - 1));
$return_val = $setup_line;
return ($return_val);
}
#### END CONFIGURATION ########################################################