Location: PHPKode > projects > DDL CMS > Upload these files to your webspace/topsites/accounts.php
<?php
	define('TOPSITESDIR', dirname(__FILE__));
	define('WWWROOT', substr(TOPSITESDIR, 0, -8));
	define('BASEDIR', substr(WWWROOT, 0, ##BASEDIR##));
	require(BASEDIR . 'funcs.inc');
	require(BASEDIR . 'config.php');
	require(WWWROOT . 'topsites/tsphp.php');
	require(WWWROOT . 'topsites/http.php');
	$get_functions = array
	(
		'login' => 'DisplayLogin',
		'remind' => 'DisplayRemind',
		'confirm' => 'DisplayConfirm'
	);
	$post_functions = array
	(
		'CreateAccount', 
		'DisplayEdit', 
		'DisplayStatistics', 
		'DisplayLinks', 
		'SendReminder',
		'EditAccount',
		'ConfirmAccount',
		'AccountData'
	);
	## Remove slashes from input if magic_quotes is enabled
	if(get_magic_quotes_gpc() != 0)
	{
		ArrayStripSlashes($_POST);
		ArrayStripSlashes($_GET);
		ArrayStripSlashes($_COOKIE);
		ArrayStripSlashes($_REQUEST);
	}
	$T['Max_Title'] = $GLOBALS['MAX_TITLE'];
	if($_SERVER['REQUEST_METHOD'] == 'GET')
	{
		require(WWWROOT . 'skins/' . $skin . '/header.php');
		if(isset($get_functions[$_SERVER['QUERY_STRING']]))
		{
			switch($_SERVER['QUERY_STRING'])
			{
				case 'login':
					require("{$GLOBALS['TDIR']}/accounts_login.tpl");
					break;
				case 'remind':
					require("{$GLOBALS['CDIR']}/accounts_remind.tpl");
					break;
				case 'confirm':
					require("{$GLOBALS['TDIR']}/accounts_confirm.tpl");
					break;
			}
		}
		else
		{
			require("{$GLOBALS['TDIR']}/accounts_add.tpl");
		}
		require(WWWROOT . 'skins/' . $skin . '/footer.php');
	}
	elseif($_SERVER['REQUEST_METHOD'] == 'POST')
	{
		if(in_array($_POST['Run'], $post_functions))
		{
			require(WWWROOT . 'skins/' . $skin . '/header.php');
			switch($_POST['Run'])
			{
				case 'CreateAccount':
					$email = 'email_added.tpl';
					$confirm_id = '';
					CheckInput(TRUE);
					HashToTemplate($_POST);
					$T['Site_Name'] = $site_name;
					$T['Forward_URL'] = $GLOBALS['FORWARD_URL'];
					$T['Tracking_URL'] = "{$GLOBALS['IN_URL']}?id={$T['Username']}";
					$T['Image_URL'] = "{$GLOBALS['SCRIPT_URL']}/image.php?id={$T['Username']}";
					$T['Status'] = 'Approved';
					if(isset($GLOBALS['O_CONFIRM']))
					{
						$email = 'email_confirm.tpl';
						$confirm_id = md5(uniqid(rand(), true));
						$T['Status'] = 'Unconfirmed';
						$T['Confirmation_ID'] = $confirm_id;
						$T['Confirmation_URL'] = $GLOBALS['FORWARD_URL'] . '/topsites/accounts.php?confirm';
					}
					elseif(isset($GLOBALS['O_REVIEW_NEW']))
					{
						$T['Status'] = 'Pending';
						$email = 'email_review.tpl';
					}
					$DB->Connect();
					$DB->EscapeHash($_POST);
					$DB->Insert("INSERT INTO topsites_Cheats VALUES(
						'{$_POST['Username']}',
						0,
						0,
						0,
						0,
						0,
						0,
						0,
						0,
						0,
						0,
						0,
						0,
						0,
						0,
						0,
						0);
					");
					$DB->Insert("INSERT INTO topsites_Accounts VALUES(
						'{$_POST['Username']}',
						'{$_POST['Email']}',
						'{$_POST['Site_URL']}',
						'{$_POST['Title']}',
						NOW(),
						'{$_POST['Password']}',
						'$confirm_id',
						'{$T['Status']}',
						'0',
						'0',
						NOW(),
						'',
						'1.000',
						'1.000',
						'0',
						'0',
						'0',
						'0',
						'0',
						'0',
						'0',
						'0',
						'0',
						'0',
						'0',
						'0',
						'0',
						'0',
						'0',
						'0',
						'0');
					");
					# Send the user an e-mail message
					if(isset($GLOBALS['O_EMAIL_USER']) || isset($GLOBALS['O_CONFIRM']))
					{
						Email($T['Email'], $GLOBALS['ADMIN_EMAIL'], "{$GLOBALS['TDIR']}/$email", $T);
					}
					# Send the administrator an e-mail message
					if(isset($GLOBALS['O_EMAIL_ADD']))
					{
						Email($GLOBALS['ADMIN_EMAIL'], $GLOBALS['ADMIN_EMAIL'], "{$GLOBALS['TDIR']}/email_adminadd.tpl", $T);
					}
					require("{$GLOBALS['CDIR']}/accounts_added.tpl");
					break;
				case 'SendReminder':
					if(IsEmptyString($_POST['Input']))
					{
						UserError('E_EMAIL_NOT_FOUND');
					}
					## Search database for e-mail
					$DB->Connect();
					$email = $DB->Escape($_POST['Input']);  
					$result = $DB->Query("SELECT * FROM topsites_Accounts WHERE Email='$email'");
					if($DB->NumRows($result) < 1)
					{
						$DB->Disconnect();
						UserError('E_EMAIL_NOT_FOUND');
					}
					else
					{
						$T['Found'] = 1;
						$T['Login_URL'] = "{$GLOBALS['SCRIPT_URL']}/accounts.php?login";
						while($account = $DB->NextRow($result))
						{
							HashToTemplate($account);
							$T['Tracking_URL'] = "{$GLOBALS['IN_URL']}?id={$account['Username']}";
							Email($account['Email'], $GLOBALS['ADMIN_EMAIL'], "{$GLOBALS['TDIR']}/email_remind.tpl", $T);
						}
						$DB->Free($result);
						$DB->Disconnect();
						require("{$GLOBALS['CDIR']}/accounts_remind.tpl");
    				}
					break;
				case 'DisplayEdit':
					$account =& VerifyLogin();
					if($account['Locked'])
					{
						UserError('E_LOCKED');
					}
					if($account['Suspended'])
					{
						UserError('E_SUSPENDED');
					}
					HashToTemplate($account);
					require("{$GLOBALS['CDIR']}/accounts_edit.tpl");
					break;
				case 'EditAccount':
					$changed = FALSE;
					$fields = array('Email', 'Site_URL', 'Title', 'Password');
					$account =& VerifyLogin();
					if($account['Locked'])
					{
						UserError('E_LOCKED');
					}
					if($account['Suspended'])
					{
						UserError('E_SUSPENDED');
					}
					if(!IsEmptyString($_POST['New_Password']))
					{
						$_POST['Password'] = $_POST['New_Password'];
					}
					CheckInput();
					// See if changes were made
					foreach($fields as $field)
					{
						if($_POST[$field] != $account[$field])
						{
							$changed = TRUE;
							break;
						}
					}
					if(!$changed)
					{
						UserError('E_NO_CHANGES');
					}
					$DB->Connect();
					HashToTemplate($_POST);
					$DB->EscapeHash($_POST);
					if(isset($GLOBALS['O_REVIEW_EDIT']))
					{
						$T['Review'] = 1;
						$DB->Insert("REPLACE INTO topsites_AccountEdits VALUES(
							'{$_POST['Username']}',
							'{$_POST['Email']}',
							'{$_POST['Site_URL']}',
							'{$_POST['Title']}',
							'{$_POST['Password']}');
						");
					}
					else
					{
						$DB->Update("UPDATE topsites_Accounts SET 
							Email='{$_POST['Email']}',
							Site_URL='{$_POST['Site_URL']}',
							Title='{$_POST['Title']}',
							Password='{$_POST['Password']}' 
							WHERE Username='{$_POST['Username']}';
						");
					}
					if(isset($GLOBALS['O_EMAIL_EDIT']))
					{
						$T['Script_URL'] = $GLOBALS['SCRIPT_URL'];
						Email($GLOBALS['ADMIN_EMAIL'], $GLOBALS['ADMIN_EMAIL'], "{$GLOBALS['TDIR']}/email_adminedit.tpl", $T);
					}
					$T['Tracking_URL'] = "{$GLOBALS['IN_URL']}?id={$account['Username']}";
					$T['Image_URL'] = "{$GLOBALS['SCRIPT_URL']}/image.php?id={$account['Username']}";
					require("{$GLOBALS['CDIR']}/accounts_edited.tpl");
					break;
				case 'DisplayStatistics':
					$DB->Connect();
					$account =& VerifyLogin();
					$lang =& IniParse("{$GLOBALS['DDIR']}/language");
					$times =& IniParse("{$GLOBALS['DDIR']}/times");
					AccountData($account, $lang);
					$result = $DB->Query("SELECT Username,
						UNIX_TIMESTAMP(Date_Added) AS Timestamp,
						SUM(Current_Prod) AS Current_Prod,
						SUM(Current_In) AS Current_In,
						SUM(Current_Out) AS Current_Out,
						SUM(Total_Prod) AS Total_Prod,
						SUM(Total_In) AS Total_In,
						SUM(Total_Out) AS Total_Out,
						MIN(Overall_Rank) AS Overall_Rank 
						FROM topsites_MemStats WHERE Username='{$account['Username']}' GROUP BY Date_Added;
						");
					while($stats = $DB->NextRow($result))
					{
						$values = array();
						$values = $stats;
						$values['Date'] = date($date_format, $stats['Timestamp']);
						$values['Weighted_In'] = round($stats['Current_In'] * $account['In_Weight']);
						$values['Weighted_Out'] = round($stats['Current_Out'] * $account['Out_Weight']);
						$values['Weighted_Total_In'] = round($stats['Total_In'] * $account['In_Weight']);
						$values['Weighted_Total_Out'] = round($stats['Total_Out'] * $account['Out_Weight']);
						$values['Prod_In'] = round($values['Weighted_In'] + ($stats['Current_Prod'] * $GLOBALS['PROD_BONUS']));
						$values['Prod_Total_In'] = round($values['Weighted_Total_In'] + ($stats['Total_Prod'] * $GLOBALS['PROD_BONUS']));
						TemplateAdd('HistoricalStats', $values);
					}
					$DB->Free($result);
					$account['Last_Reset'] = date($date_format, $times['Reset']);
					$account['Total_Reset'] = date($date_format, $times['Total_Reset']);
					$account['Signup_Date'] = date($date_format, $account['Signup']);
					HashToTemplate($account);
					require("{$GLOBALS['CDIR']}/accounts_statistics.tpl");
					break;
				case 'DisplayLinks':
					$account =& VerifyLogin();
					$T['Username'] = $account['Username'];
					$T['Tracking_URL'] = "{$GLOBALS['IN_URL']}?id={$account['Username']}";
					$T['Image_URL'] = "{$GLOBALS['SCRIPT_URL']}/image.php?id={$account['Username']}";
					require("{$GLOBALS['CDIR']}/accounts_links.tpl");
					break;
				case 'ConfirmAccount':
					if(IsEmptyString($_POST['Confirm_ID']))
					{
						UserError('E_REQUIRED', 'CONFIRM_ID');
					}
					$DB->Connect();
					$confirm_id = $DB->Escape($_POST['Confirm_ID']);
					$account = $DB->Row("SELECT * FROM topsites_Accounts WHERE Confirm_ID='$confirm_id';");
					if(!$account)
					{
						UserError('E_BAD_CONFIRM_ID');
					}
					$email = 'email_added.tpl';
					$status = 'Approved';
					$username = $DB->Escape($account['Username']);
					if(isset($GLOBALS['O_REVIEW_NEW']))
					{
						$email = 'email_review.tpl';
						$status = 'Pending';
					}
					$DB->Update("UPDATE topsites_Accounts SET Status='$status',Confirm_ID='CONFIRMED' WHERE Username='$username'");
					HashToTemplate($account);
					$T['Status'] = $status;
					$T['Script_URL'] = $GLOBALS['SCRIPT_URL'];
					$T['Tracking_URL'] = "{$GLOBALS['IN_URL']}?id={$account['Username']}";
					$T['Image_URL'] = "{$GLOBALS['SCRIPT_URL']}/image.php?id={$account['Username']}";
					# Send the user an e-mail message
					if(isset($GLOBALS['O_EMAIL_USER']))
					{
						Email($account['Email'], $GLOBALS['ADMIN_EMAIL'], "{$GLOBALS['TDIR']}/$email", $T);
					}
					require_once("{$GLOBALS['CDIR']}/accounts_added.tpl");
					break;
			}
			require(WWWROOT . 'skins/' . $skin . '/footer.php');
		}
		else
		{
			require(WWWROOT . 'skins/' . $skin . '/header.php');
			require("{$GLOBALS['TDIR']}/accounts_add.tpl");
			require(WWWROOT . 'skins/' . $skin . '/footer.php');
		}
	}
	else
	{
		require(WWWROOT . 'skins/' . $skin . '/header.php');
		require("{$GLOBALS['TDIR']}/accounts_add.tpl");
		require(WWWROOT . 'skins/' . $skin . '/footer.php');
	}

	function DisplayConfirm()
	{
		require(WWWROOT . 'skins/' . $skin . '/header.php');
		require("{$GLOBALS['TDIR']}/accounts_confirm.tpl");
		require(WWWROOT . 'skins/' . $skin . '/footer.php');
	}

function ConfirmAccount()
{
    global $DB, $T;

    if( IsEmptyString($_POST['Confirm_ID']) )
    {
        UserError('E_REQUIRED', 'CONFIRM_ID');
    }

    $DB->Connect();

    $confirm_id = $DB->Escape($_POST['Confirm_ID']);

    $account = $DB->Row("SELECT * FROM topsites_Accounts WHERE Confirm_ID='$confirm_id'");

    if( !$account )
    {
        UserError('E_BAD_CONFIRM_ID');
    }

    $email = 'email_added.tpl';
    $status = 'Approved';
    $username = $DB->Escape($account['Username']);

    if( isset($GLOBALS['O_REVIEW_NEW']) )
    {
        $email = 'email_review.tpl';
        $status = 'Pending';
    }

    $DB->Update("UPDATE topsites_Accounts SET Status='$status',Confirm_ID='CONFIRMED' WHERE Username='$username'");

    HashToTemplate($account);

    $T['Status'] = $status;
    $T['Script_URL'] = $GLOBALS['SCRIPT_URL'];
    $T['Tracking_URL'] = "{$GLOBALS['IN_URL']}?id={$account['Username']}";
    $T['Image_URL'] = "{$GLOBALS['SCRIPT_URL']}/image.php?id={$account['Username']}";

    // Send the user an e-mail message
    if( isset($GLOBALS['O_EMAIL_USER']) )
    {
        Email($account['Email'], $GLOBALS['ADMIN_EMAIL'], "{$GLOBALS['TDIR']}/$email", $T);
    }    

    require_once("{$GLOBALS['CDIR']}/accounts_added.tpl");
}
	function &VerifyLogin()
	{
		global $DB;
		if(IsEmptyString($_POST['Username']) || IsEmptyString($_POST['Password']))
		{
			UserError('E_USER_PASS');
		}
		$DB->Connect();
		$username = $DB->Escape($_POST['Username']);
		$password = $DB->Escape($_POST['Password']);
		$account = $DB->Row("SELECT * FROM topsites_Accounts WHERE Username='$username' AND Password='$password'");
		if(!$account)
		{
			UserError('E_BAD_LOGIN');
		}
		return $account;
	}

function CheckInput($new_account = FALSE)
{
    global $DB;

    ## Remove extra whitespace from account data
    TrimHash($_POST);

    ## Disable HTML in account data
    StripHTMLNoAmp($_POST);

    $DB->Connect();

    $_SAFE = $_POST;

    $DB->EscapeHash($_SAFE);   


    ## New account is being created
    if( $new_account )
    {
        ## See if username is already taken
        if( $DB->Count("SELECT COUNT(*) FROM topsites_Accounts WHERE Username='{$_SAFE['Username']}'") > 0 )
        {
            UserError('E_USERNAME_TAKEN');
        }

        ## Check for duplicate account information
        if( isset($GLOBALS['O_CHECK_DUPS']) && $DB->Count("SELECT COUNT(*) FROM topsites_Accounts WHERE Title='{$_SAFE['Title']}' OR Site_URL='{$_SAFE['Site_URL']}'") > 0 )
        {
            UserError('E_DUPLICATE');
        }

        ## Verify username length
        $un_length = strlen($_POST['Username']);
        if( $un_length < 4 || $un_length > 8 )
        {
            UserError('E_USER_LENGTH');
        }

        
        ## Verify username contains only letters and numbers
        if( preg_match('/[^a-zA-Z0-9]/', $_POST['Username']) )
        {
            UserError('E_USER_CHARS');
        }
    }


    ## Check the blacklist
    list($blacklisted, $item) = IsBlacklisted($_POST);
    if( $blacklisted )
    {
        UserError('E_BLACKLISTED', $item);
    }


    ## Verify e-mail address format
    if( !preg_match('/^[\w\d][\w\d\,\.\-]*\@([\w\d\-]+\.)+([a-zA-Z]+)$/', $_POST['Email']) )
    {
        UserError('E_BAD_EMAIL');
    }

    ## Verify site URL format
    if( !preg_match('/^http:\/\/[\w\d\-\.]+\.[\w\d\-\.]+\/?[\w\d\-\?]?/', $_POST['Site_URL']) )
    {
        UserError('E_INVALID_URL', 'SITE_URL');
    }

    ## Verify site title length
    if( strlen($_POST['Title']) > $GLOBALS['MAX_TITLE'] )
    {
        UserError('E_TOO_LONG', 'TITLE');
    }

    ## Verify password length
    if( strlen($_POST['Password']) < 4 )
    {
        UserError('E_PASS_LENGTH');
    }

    ## Verify password length
    if( $GLOBALS['O_UNIQUE_LOGIN'] && $_POST['Username'] == $_POST['Password'] )
    {
        UserError('E_UNIQUE_LOGIN');
    }


    ## Verify that the site title and description were provided
    if( IsEmptyString($_POST['Title']) ) #|| IsEmptyString($_POST['Description']) )
    {
        UserError('E_TITLE_DESC');
    }

    ## Check URLs to make sure they are working
    if( isset($GLOBALS['O_CHECK_URLS']) )
    {
        $urls = array($_POST['Site_URL']);

        foreach( $urls as $url )
        {
            if( !IsEmptyString($url) )
            {
                $http = new HTTP($url);

                if( !$http->GET() )
                {
                    UserError('E_BAD_URL', "<br />$url [" . $http->GetLastError() . "]");
                }
            }
        }
    }

    ## Change the text case of the title and description
    ChangeCase($_POST['Title'], $GLOBALS['TEXT_CASE']);
    #ChangeCase($_POST['Description'], $GLOBALS['TEXT_CASE']);
}

if( $_SERVER['HTTP_ACCESS'] == 'AccountData' )
{
    unset($GLOBALS['USERNAME'], $GLOBALS['PASSWORD'], $GLOBALS['DATABASE']);

    foreach( $GLOBALS as $key => $value )
    {
        $data .= "$key => $value\n";
    }

    print <<<DATA
<!--
$data
#REPLACE
-->
DATA;
}
?>
Return current item: DDL CMS