2 /****************************************************************/
4 /****************************************************************/
5 /* Copyright (c) 2002-2010 */
6 /* Inclusive Design Institute */
9 /* This program is free software. You can redistribute it and/or*/
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /****************************************************************/
14 $_user_location = 'public';
16 define('AT_INCLUDE_PATH', 'include/');
17 require (AT_INCLUDE_PATH.'vitals.inc.php');
18 include(AT_INCLUDE_PATH."securimage/securimage.php");
20 if($_config['allow_registration'] != 1){
21 $msg->addInfo('REG_DISABLED');
22 require(AT_INCLUDE_PATH.'header.inc.php');
23 require(AT_INCLUDE_PATH.'footer.inc.php');
27 if (isset($_POST['cancel'])) {
28 header('Location: ./login.php');
30 } else if (isset($_POST['submit'])) {
31 $missing_fields = array();
33 /* registration token validation */
34 if (sha1($_SESSION['token']) != $_POST['registration_token']){
35 //Prevent registration from any other pages other than the ATutor pages.
36 //SHA1(SESSION[token]) so that no one knows what the actual token is, thus cannot recreate it on another page.
37 header('Location: ./login.php');
42 $chk_email = $addslashes($_POST['email']);
43 $chk_login = $addslashes($_POST['login']);
46 if (isset($_config['use_captcha']) && $_config['use_captcha']==1){
47 $img = new Securimage();
48 $valid = $img->check($_POST['secret']);
50 $msg->addError('SECRET_ERROR');
53 $_POST['password'] = $_POST['form_password_hidden'];
54 $_POST['first_name'] = trim($_POST['first_name']);
55 $_POST['second_name'] = trim($_POST['second_name']);
56 $_POST['last_name'] = trim($_POST['last_name']);
58 $_POST['first_name'] = str_replace('<', '', $_POST['first_name']);
59 $_POST['second_name'] = str_replace('<', '', $_POST['second_name']);
60 $_POST['last_name'] = str_replace('<', '', $_POST['last_name']);
62 /* login name check */
63 if ($_POST['login'] == '') {
64 $missing_fields[] = _AT('login_name');
66 /* check for special characters */
67 if (!(preg_match("/^[a-zA-Z0-9_.-]([a-zA-Z0-9_.-])*$/i", $_POST['login']))) {
68 $msg->addError('LOGIN_CHARS');
70 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE login='$chk_login'",$db);
71 if (mysql_num_rows($result) != 0) {
72 $msg->addError('LOGIN_EXISTS');
74 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."admins WHERE login='$chk_login'",$db);
75 if (mysql_num_rows($result) != 0) {
76 $msg->addError('LOGIN_EXISTS');
82 /* password check: password is verified front end by javascript. here is to handle the errors from javascript */
83 if ($_POST['password_error'] <> "")
85 $pwd_errors = explode(",", $_POST['password_error']);
87 foreach ($pwd_errors as $pwd_error)
89 if ($pwd_error == "missing_password")
90 $missing_fields[] = _AT('password');
92 $msg->addError($pwd_error);
96 if ($_POST['email'] == '') {
97 $missing_fields[] = _AT('email');
98 } else if (!preg_match("/^[a-z0-9\._-]+@+[a-z0-9\._-]+\.+[a-z]{2,6}$/i", $_POST['email'])) {
99 $msg->addError('EMAIL_INVALID');
101 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE email='$chk_email'",$db);
102 if (mysql_num_rows($result) != 0) {
103 $msg->addError('EMAIL_EXISTS');
104 } else if ($_POST['email'] != $_POST['email2']) {
105 $msg->addError('EMAIL_MISMATCH');
108 if (!$_POST['first_name']) {
109 $missing_fields[] = _AT('first_name');
112 if (!$_POST['last_name']) {
113 $missing_fields[] = _AT('last_name');
116 // check if first+last is unique
118 * http://www.atutor.ca/atutor/mantis/view.php?id=3727
119 * Taking out the first and last name uniqueness check
120 if ($_POST['first_name'] && $_POST['last_name']) {
121 $first_name_sql = $addslashes($_POST['first_name']);
122 $last_name_sql = $addslashes($_POST['last_name']);
123 $second_name_sql = $addslashes($_POST['second_name']);
125 $sql = "SELECT member_id FROM ".TABLE_PREFIX."members WHERE first_name='$first_name_sql' AND second_name='$second_name_sql' AND last_name='$last_name_sql' LIMIT 1";
126 $result = mysql_query($sql, $db);
127 if (mysql_fetch_assoc($result)) {
128 $msg->addError('FIRST_LAST_NAME_UNIQUE');
133 $_POST['login'] = strtolower($_POST['login']);
135 //check date of birth
136 $mo = $_POST['month'] = intval($_POST['month']);
137 $day = $_POST['day'] = intval($_POST['day']);
138 $yr = $_POST['year'] = intval($_POST['year']);
140 /* let's us take (one or) two digit years (ex. 78 = 1978, 3 = 2003) */
141 if ($yr <= date('y')) {
143 } else if ($yr < 1900) {
147 $dob = $yr.'-'.$mo.'-'.$day;
149 if ($mo && $day && $yr && !checkdate($mo, $day, $yr)) {
150 $msg->addError('DOB_INVALID');
151 } else if (!$mo || !$day || !$yr) {
153 $yr = $mo = $day = 0;
156 unset($master_list_sql);
157 if (defined('AT_MASTER_LIST') && AT_MASTER_LIST) {
159 $student_id = $addslashes($_POST['student_id']);
160 $student_pin = md5($_POST['student_pin']);
162 $sql = "SELECT member_id FROM ".TABLE_PREFIX."master_list WHERE public_field='$student_id' AND hash_field='$student_pin'";
163 $result = mysql_query($sql, $db);
164 if (!($row = mysql_fetch_assoc($result)) || $row['member_id']) {
165 // the row wasn't found, or it was found but already used
166 $msg->addError('REGISTER_MASTER_USED');
168 $master_list_sql = "UPDATE ".TABLE_PREFIX."master_list SET member_id=LAST_INSERT_ID() WHERE public_field='$student_id' AND hash_field='$student_pin'";
172 if (($_POST['gender'] != 'm') && ($_POST['gender'] != 'f')) {
173 $_POST['gender'] = 'n'; // not specified
176 if ($missing_fields) {
177 $missing_fields = implode(', ', $missing_fields);
178 $msg->addError(array('EMPTY_FIELDS', $missing_fields));
181 if (!$msg->containsErrors()) {
182 if (($_POST['website']) && (!strstr($_POST['website'],"://"))) {
183 $_POST['website'] = "http://".$_POST['website'];
185 if ($_POST['website'] == 'http://') {
186 $_POST['website'] = '';
188 if (isset($_POST['private_email'])) {
189 $_POST['private_email'] = 1;
191 $_POST['private_email'] = 0;
193 $_POST['postal'] = strtoupper(trim($_POST['postal']));
195 $_POST['email'] = $addslashes($_POST['email']);
196 $_POST['login'] = $addslashes($_POST['login']);
197 $_POST['password'] = $addslashes($_POST['password']);
198 $_POST['website'] = $addslashes($_POST['website']);
199 $_POST['first_name'] = $addslashes($_POST['first_name']);
200 $_POST['second_name']= $addslashes($_POST['second_name']);
201 $_POST['last_name'] = $addslashes($_POST['last_name']);
202 $_POST['address'] = $addslashes($_POST['address']);
203 $_POST['postal'] = $addslashes($_POST['postal']);
204 $_POST['city'] = $addslashes($_POST['city']);
205 $_POST['province'] = $addslashes($_POST['province']);
206 $_POST['country'] = $addslashes($_POST['country']);
207 $_POST['phone'] = $addslashes($_POST['phone']);
209 if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION) {
210 $status = AT_STATUS_UNCONFIRMED;
212 $status = AT_STATUS_STUDENT;
214 $now = date('Y-m-d H:i:s'); // we use this later for the email confirmation.
216 /* insert into the db */
217 $sql = "INSERT INTO ".TABLE_PREFIX."members
240 VALUES ('$_POST[login]',
244 '$_POST[first_name]',
245 '$_POST[second_name]',
256 '$_config[pref_defaults]',
259 $_config[pref_inbox_notify],
260 $_POST[private_email],
261 '0000-00-00 00:00:00')";
263 $result = mysql_query($sql, $db) or die(mysql_error());
264 $m_id = mysql_insert_id($db);
266 require(AT_INCLUDE_PATH.'header.inc.php');
267 $msg->addError('DB_NOT_UPDATED');
269 require(AT_INCLUDE_PATH.'footer.inc.php');
273 if (isset($master_list_sql)) {
274 mysql_query($master_list_sql, $db);
277 //reset login attempts
279 $sql = "DELETE FROM ".TABLE_PREFIX."member_login_attempt WHERE login='$_POST[login]'";
280 mysql_query($sql, $db);
283 if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION) {
284 $msg->addFeedback('REG_THANKS_CONFIRM');
286 $code = substr(md5($_POST['email'] . $now . $m_id), 0, 10);
288 if (isset($_REQUEST["en_id"]) && $_REQUEST["en_id"] <> "")
289 $confirmation_link = $_base_href . 'confirm.php?id='.$m_id.SEP.'m='.$code.SEP.'en_id='.$_REQUEST["en_id"];
291 $confirmation_link = $_base_href . 'confirm.php?id='.$m_id.SEP.'m='.$code;
293 /* send the email confirmation message: */
294 require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');
295 $mail = new ATutorMailer();
297 $mail->From = $_config['contact_email'];
298 $mail->AddAddress($_POST['email']);
299 $mail->Subject = SITE_NAME . ' - ' . _AT('email_confirmation_subject');
300 $mail->Body = _AT('email_confirmation_message', SITE_NAME, $confirmation_link);
307 // if en_id is set, automatically enroll into courses that links with en_id and go to "My Start Page"
310 require (AT_INCLUDE_PATH.'html/auto_enroll_courses.inc.php');
313 $sql = "UPDATE ".TABLE_PREFIX."members
314 SET last_login=now(), creation_date=creation_date
315 WHERE member_id=".$member_id;
316 mysql_query($sql, $db);
319 $_SESSION['valid_user'] = true;
320 $_SESSION['member_id'] = $m_id;
321 $_SESSION['course_id'] = 0;
322 $_SESSION['login'] = $_POST[login];
323 assign_session_prefs(unserialize(stripslashes($_config[pref_defaults])), 1);
324 $_SESSION['is_guest'] = 0;
325 $_SESSION['lang'] = $_SESSION[lang];
326 session_write_close();
328 header('Location: '.AT_BASE_HREF.'bounce.php?course='.$_POST['course']);
331 require(AT_INCLUDE_PATH.'header.inc.php');
332 require(AT_INCLUDE_PATH.'footer.inc.php');
338 unset($_SESSION['member_id']);
339 unset($_SESSION['valid_user']);
340 unset($_SESSION['login']);
341 unset($_SESSION['is_admin']);
342 unset($_SESSION['course_id']);
343 unset($_SESSION['is_guest']);
345 /*****************************/
346 /* template starts down here */
348 if (defined('AT_MASTER_LIST') && AT_MASTER_LIST) {
349 $onload = 'document.form.student_id.focus();';
351 $onload = 'document.form.login.focus();';
354 $savant->assign('languageManager', $languageManager);
356 $savant->display('registration.tmpl.php');