#!/usr/bin/perl
 
########################################################################
# COPYRIGHT NOTICE:
#
# Copyright 2003 FocalMedia.Net All Rights Reserved.
#
# Selling the code for this program without prior written consent 
# from FocalMedia.Net is expressly forbidden. You may not 
# redistribute this program in any shape or form.
# 
# This program is distributed "as is" and without warranty of any
# kind, either express or implied. In no event shall the liability 
# of FocalMedia.Net for any damages, losses and/or causes of action 
# exceed the total amount paid by the user for this software.
#
########################################################################

#### EDIT HERE -- FOR WINDOWS/IIS BASED INSTALLATIONS ONLY #######

$config_cgi = "config.cgi"; ## <-- CHANGE THIS LINE TO THE FULL SERVER PATH TO config.cgi

# THE PATH ON A WINDOWS INSTALLATION WILL LOOK SOMETHING LIKE THIS:
# $config_cgi = "c:/inetpub/webpub/cgi-bin/pseek/config.cgi";

#### DO NOT CHANGE ANYTHING BELOW THIS LINE #################


#use FindBin;
#use lib $FindBin::Bin;
use CGI;
use DBI;
use htbuild;
use CGI::Carp qw(fatalsToBrowser); 
use pseek;
use fmspm;


&get_setup;
fmspm::check_spamb("rgs_register.cgi", "header", "$data_dir");
$q = CGI->new;

################# 

print "Content-type: text/html\n\n";

if ($q->param('fct') eq ""){&display_regform;} 
if ($q->param('fct') eq "register"){&register_user;} 

#################

sub register_user
{

### CHECK FOR ERRORS

$rgtext = pseek::get_file_contents("$data_dir/regusers.txt"); 
@regtext = split (/\n/, $rgtext);

# Please provide a user name. 
if ($q->param('rgs_user') eq "") { $error_text = $error_text . "$regtext[10]<BR><BR>"; }

# Your user name needs at least 4 letters.
if (length($q->param('rgs_user')) < 4) { $error_text = $error_text . "$regtext[11]<BR><BR>"; }

# The user name you specified contains invalid characters. Please use only numerical characters or characters present in the english alphabet.
for ($ms = 0; $ms < length($q->param('rgs_user')); $ms++) 
	{
	$oneletter = substr($q->param('rgs_user'), $ms, 1);
	if (($oneletter !~ /[0-9a-zA-Z]/))
		{
		$error_text = "$regtext[18]<BR><BR>";
		}
	} 

# Please provide a password.
if ($q->param('rgs_pass') eq "") { $error_text = $error_text . "$regtext[12]<BR><BR>"; }

# The verify password does not match the password you entered. Both must match.
if ($q->param('rgs_pass') ne $q->param('rgs_pass2')) { $error_text = $error_text . "$regtext[13]<BR><BR>"; }

# Please provide a name for your account.
if ($q->param('name') eq "") { $error_text = $error_text . "$regtext[14]<BR><BR>"; }

# Please provide your email address.
if ($q->param('email') eq "") { $error_text = $error_text . "$regtext[15]<BR><BR>"; }

# The confirmation email you provided does not match the original email address you entered.
if ($q->param('email') ne $q->param('email2')) { $error_text = $error_text . "$regtext[16]<BR><BR>"; }


	### CHECK IF EXTRA FIELDS VALUES THAT IS REQUIRED HAS BEEN FILLED IN

	$ldata = &get_file_contents("$data_dir/usrfields.dat"); 
	@allditems = split (/\n/, $ldata);

  $cntr = 1;
	foreach $item (@allditems)
		{
		($diz, $req) = split (/:::/, $item);
		
		$pval = "extra" . $cntr;
		
			if ($req eq "Y")
				{
				if ($q->param($pval) eq "") { $error_text = $error_text . "You need to specify a value for '$diz'.<BR>"; }
				}

		$cntr++;
		}

	################



	################
	
if ($mysql_hostname eq ""){$dsn = "DBI:mysql:$db_name";}else{$dsn = "DBI:mysql:$db_name:$mysql_hostname:$mysql_port";}
$dbh = DBI->connect($dsn, $db_username, $db_password);
if ( !defined $dbh ) {die "Cannot connect to MySQL server: $DBI::errstr\n"; } 


$rgs_user = $q->param('rgs_user'); $rgs_user =~ s/'/\\'/g; 
$rgs_pass = $q->param('rgs_pass'); $rgs_pass =~ s/'/\\'/g; 
$rgs_pass2 =$q->param('rgs_pass2'); 

$name = $q->param('name'); $rgs_pass =~ s/'/\\'/g; 

$email = $q->param('email'); $rgs_pass =~ s/'/\\'/g; 
$email2 = $q->param('email2');
$extra1 = $q->param('extra1'); $extra1 =~ s/'/\\'/g; 
$extra2 = $q->param('extra2'); $extra2 =~ s/'/\\'/g; 
$extra3 = $q->param('extra3'); $extra3 =~ s/'/\\'/g; 
$extra4 = $q->param('extra4'); $extra4 =~ s/'/\\'/g; 
$extra5 = $q->param('extra5'); $extra5 =~ s/'/\\'/g; 
$extra6 = $q->param('extra6'); $extra6 =~ s/'/\\'/g; 
$extra7 = $q->param('extra7'); $extra7 =~ s/'/\\'/g; 
$extra8 = $q->param('extra8'); $extra8 =~ s/'/\\'/g; 
$extra9 = $q->param('extra9'); $extra9 =~ s/'/\\'/g; 
$extra10 = $q->param('extra10'); $extra10 =~ s/'/\\'/g; 


$ergs_user = $q->param('rgs_user');
$ergs_pass = $q->param('rgs_pass');
$ename = $q->param('name');


	#### CHECK FOR DUPLICATES

	$wsql = "SELECT * FROM lnkusers WHERE rgsuser = '$rgs_user'";
	$sth = $dbh->prepare($wsql);
	$sth->execute;
	$serror = ""; $serror = $sth->errstr; if ($serror ne "") {die "SQL Syntax Error: $serror - From: $wsql";}
	$rows = $sth->rows(); 
	#The user name you are trying to use is already in use. Please use another.
	if ($rows > 0) { $error_text = $error_text  . "$regtext[19]<BR><BR>"; }

	$wsql = "SELECT * FROM lnkusers WHERE rgsemail = '$email'";
	$sth = $dbh->prepare($wsql);
	$sth->execute;
	$serror = ""; $serror = $sth->errstr; if ($serror ne "") {die "SQL Syntax Error: $serror - From: $wsql";}
	$rows = $sth->rows(); 
	#The user name you are trying to use is already in use. Please use another.
	if ($rows > 0) { $error_text = $error_text  . "$regtext[17]<BR><BR>"; }
	

	
########

if ($error_text ne "")
	{
	&display_regform; exit;
	}

	
$mlist = $q->param('mlist');


#### CREATE USER ACCOUNT

$gsettings = new_gsettings tseek;
if ($gsettings->{new_account_validation} eq "No")
	{
	$acc_activ = "Y";
	}
	else
	{
	$acc_activ = "N";
	}



$wsql = "INSERT INTO lnkusers SET 	rgsuser = '$rgs_user',
										 	rgspass = '$rgs_pass',
											rgsname = '$name',
											rgsemail = '$email',
											rgs_extra1 = '$extra1',
											rgs_extra2 = '$extra2',
											rgs_extra3 = '$extra3',
											rgs_extra4 = '$extra4',
											rgs_extra5 = '$extra5',
											rgs_extra6 = '$extra6',
											rgs_extra7 = '$extra7',
											rgs_extra8 = '$extra8',
											rgs_extra9 = '$extra9',
											rgs_extra10  = '$extra10',
											subscribed = '$mlist',
											activated = '$acc_activ'
											";


$sth = $dbh->prepare($wsql);
$sth->execute;
$serror = ""; $serror = $sth->errstr; if ($serror ne "") {die "SQL Syntax Error: $serror - From: $wsql";}


#### SEND ACTIVATION EMAIL

$emailmsg = pseek::get_file_contents("$data_dir/validation.eml");
@elines = split (/\n/, $emailmsg);

$from_name = $elines[0];
$from_email = $elines[1];
$email_subject = $elines[2];

$lnc = 0;
foreach $line (@elines)
	{
	if ($lnc > 2)
		{
		$email_message = $email_message . $line . "\n";
		}
	$lnc++;
	}


	#######

	$wsql = "SELECT userid FROM lnkusers WHERE rgsuser = '$rgs_user'";
	$sth = $dbh->prepare($wsql);
	$sth->execute;
	$serror = ""; $serror = $sth->errstr; if ($serror ne "") {die "SQL Syntax Error: $serror - From: $wsql";}
		while ( @row = $sth->fetchrow() )
		{
		$userid = $row[0];
		} 

	$userid = ($userid * 600);

	$activation_link = "$script_url/activate.cgi?a=$userid";
	$email_message =~ s/%%activation_link%%/$activation_link/gi;
	$email_message =~ s/%%name%%/$ename/gi;
	$email_message =~ s/%%user_name%%/$ergs_user/gi;
	$email_message =~ s/%%password%%/$ergs_pass/gi;

	#print "$email_message";

#########

pseek::send_email ($from_name, $from_email, $email, $email_subject, $email_message);  

$sth->finish;
$dbh->disconnect; 



#### DISPLAY REGISTERED TEMPLATE
$reg_template = pseek::get_file_contents("$data_dir/rgs_regsuccess.html");
$reg_template = pseek::ts_insert_template_includes($reg_template);
$reg_template = pseek::fill_vars($reg_template);
print $reg_template;


}



sub display_regform
{

$reg_template = pseek::get_file_contents("$data_dir/rgs_register.html");

$reg_template =~ s/!!error_text!!/$error_text/gi;

$rgs_user = $q->param('rgs_user');
$reg_template =~ s/!!rgs_user!!/$rgs_user/gi;


$rgs_pass = $q->param('rgs_pass');
$reg_template =~ s/!!rgs_pass!!/$rgs_pass/gi;

$rgs_pass2 = $q->param('rgs_pass2');
$reg_template =~ s/!!rgs_pass2!!/$rgs_pass2/gi;



$name = $q->param('name');
$reg_template =~ s/!!name!!/$name/gi;

$email = $q->param('email');
$reg_template =~ s/!!email!!/$email/gi;

$email2 = $q->param('email2');
$reg_template =~ s/!!email2!!/$email2/gi;

$extra1 = $q->param('extra1');
$reg_template =~ s/!!extra1!!/$extra1/gi;

$extra2 = $q->param('extra2');
$reg_template =~ s/!!extra2!!/$extra2/gi;

$extra3 = $q->param('extra3');
$reg_template =~ s/!!extra3!!/$extra3/gi;

$extra4 = $q->param('extra4');
$reg_template =~ s/!!extra4!!/$extra4/gi;

$extra5 = $q->param('extra5');
$reg_template =~ s/!!extra5!!/$extra5/gi;

$extra6 = $q->param('extra6');
$reg_template =~ s/!!extra6!!/$extra6/gi;

$extra7 = $q->param('extra7');
$reg_template =~ s/!!extra7!!/$extra7/gi;

$extra8 = $q->param('extra8');
$reg_template =~ s/!!extra8!!/$extra8/gi;

$extra9 = $q->param('extra9');
$reg_template =~ s/!!extra9!!/$extra9/gi;

$extra10 = $q->param('extra10');
$reg_template =~ s/!!extra10!!/$extra10/gi;

$reg_template = pseek::ts_insert_template_includes($reg_template);
$reg_template = pseek::fill_vars($reg_template);
$reg_template =~ s/!!rgs_register!!/$script_url\/rgs_register\.cgi/gi;

print $reg_template;
}

#################

sub get_setup
{

$exists = (-e "$config_cgi");
if ($exists > 0)
	{
	open (STP, "$config_cgi");
		while (defined($line=<STP>))
			{
			if ($line =~ m/#/g)
				{
				$r = pos($line);
				$line = substr($line, 0, $r - 1);
				}
				
				$line =~ s/\n//g;
	
if ($line =~ /^DB_NAME/){$db_name = &get_setup_line($line, DB_NAME);}
if ($line =~ /^DB_USERNAME/){$db_username = &get_setup_line($line, DB_USERNAME);}
if ($line =~ /^DB_PASSWORD/){$db_password = &get_setup_line($line, DB_PASSWORD);}
if ($line =~ /^MYSQL_HOSTNAME/){$mysql_hostname = &get_setup_line($line, MYSQL_HOSTNAME);}
if ($line =~ /^MYSQL_PORT/){$mysql_port = &get_setup_line($line, MYSQL_PORT);}

if ($line =~ /^SCRIPT_URL/){$script_url = &get_setup_line($line, SCRIPT_URL);}
if ($line =~ /^ADMIN_URL/){$admin_url = &get_setup_line($line, ADMIN_URL);}
if ($line =~ /^WEB_URL/){$web_url = &get_setup_line($line, WEB_URL);}
if ($line =~ /^WEB_DIR/){$web_dir = &get_setup_line($line, WEB_DIR);}
if ($line =~ /^DATA_DIR/){$data_dir = &get_setup_line($line, DATA_DIR);}

if ($line =~ /^USERNAME/){$username = &get_setup_line($line, USERNAME);}
if ($line =~ /^PASSWORD/){$password = &get_setup_line($line, PASSWORD);}


			}
	close (STP);
	
	}
}




sub get_setup_line
{
my ($setup_line, $setup_var) = @_;
$crit = "\"";
$setup_line =~ m/$crit/g;
$r1 = pos($setup_line);
$setup_line =~ m/$crit/g;
$r2 = pos($setup_line);
$setup_line = substr($setup_line, $r1, ($r2 - $r1 - 1));
$return_val = $setup_line;
return ($return_val);
}

#### END CONFIGURATION ########################################################