/*********************************************************************************
* Filename: index.php
*********************************************************************************/
//-------------------------------
// CustomIncludes begin
session_start();
include ("./common.php");
$file_name="index.php";
include ("./header.php");
include ("./logo_bar.php");
include ("./footer_body.php");
include ("./footer.php");
// CustomIncludes end
//-------------------------------
//===============================
// Save Page and File Name available into variables
//-------------------------------
$filename = "index.php";
$template_filename = "browse_body.htm";
$header_filename="tpl_header.htm";
$logo_bar_filename="logo_bar.htm";
$footer_body_filename="footer_body.htm";
$footer_filename="tpl_footer.htm";
//===============================
$fldact = get_param("act");
if ($fldact == 'do') {
$fldemail=strip(trim(get_param("email")));
$fldpasswd=strip(trim(get_param("passwd")));
$fldfull_name=strip(trim(get_param("full_name")));
$fldusername=strip(trim(get_param("username")));
$fldwho=strip(trim(get_param("who")));
$fldtos=strip(trim(get_param("tos")));
$flderror = "";
if (!strlen($fldemail))
$flderror.=" The value in field E-Mail is required.
";
else if (!validEmail($fldemail))
$flderror.=" The value in field E-Mail is incorrect.
";
else {
$db->query("select * from accounts where email=".tosql($fldemail,"Text"));
if ($db->num_rows()<>0)
$flderror.=" Such E-Mail already exists in our database.
";
}
if (!strlen($fldpasswd))
$flderror.=" The value in field Password is required.
";
else if (strlen($fldpasswd) < 4)
$flderror.=" The value in field Password must be minimum 4 letters.
";
if (!strlen($fldfull_name))
$flderror.=" The value in field Full Name is required.
";
if (!strlen($fldusername))
$flderror.=" The value in field Username is required.
";
else if (preg_match('/\W/',$fldusername))
$flderror.=" Username should contain ONLY word characters: a-z, A-Z and 0-9.
";
else
{
$sql="select * from accounts where username=".tosql($fldusername,"Text");
$db->query($sql);
if ($db->num_rows()>0)
$flderror.=" Such Username already exists in our database.
";
}
$verified = FALSE;
if (isset($_REQUEST['cap'])&& isset($_SESSION['captchacode']) && $_SESSION['captchacode'] != '' && strtolower($_REQUEST['cap']) == strtolower($_SESSION['captchacode'])) {
$verified = TRUE;
} else {
$flderror.="Please input correct verification code.
";
}
if (!$fldtos)
$flderror.=" You should read and agree to our terms of services.
";
if (!strlen($flderror)) {
$confid = ConfIDGenerator();
$sql_insert="insert into accounts(username, passwd, email,full_name,who,".
"date_added,confid) values(".
tosql($fldusername,"Text").",".
tosql($fldpasswd,"Text").",".
tosql($fldemail,"Text").",".
tosql($fldfull_name,"Text").",".
tosql($fldwho,"Text").",".
"now(),".
tosql($confid,"Text").")";
$db->query($sql_insert);
$last_id = $db->insert_id();
////////////////////RECREATE .HTACCESS//////////////////////////////
$rewriteFile = '';
$rewriteFile .= 'RewriteEngine on
RewriteBase /
RewriteRule ^.htaccess$ - [F]'."\n"."\n";
$rewriteFile .= "RewriteRule ^.*-([0-9]+).htm$ photo_profile.php?id=$1 [NC]"."\n"."\n";
$query = "SELECT * FROM accounts";
$db->query($query);
$dashboard_page = "dashboard_public.php?user_id=";
$string = '';
while($db->next_record()) {
$string .= 'RewriteRule ^' . $db->f("username") . '/$ ' . $dashboard_page . $db->f("id") . ' [NC]'."\n";
$string .= 'RewriteRule ^' . $db->f("username") . '$ ' . $dashboard_page . $db->f("id") ."/" . ' [R,NC]'."\n";
$string .= 'RewriteRule ^' . $db->f("username") . '/shared/$ ' . $shared_page . $db->f("id") . ' [NC]'."\n";
$string .= 'RewriteRule ^' . $db->f("username") . '/shared$ ' . $shared_page . $db->f("id") ."/" . ' [R,NC]'."\n";
}
$rewriteFile .=$string;
$fp = fopen('.htaccess', 'w');
fwrite($fp, $rewriteFile);
fclose($fp);
////////////////////////////////////////////////////////////////////
$from_email ="donotreply@hotonfacebook.com";
$email_subject = "hotonfacebook.com Account Created";
$fldconfirm_url = "http://hotonfacebook.com/activate.php?c=".$confid;
$fp = fopen("tpl/confirm_email.htm","r");
$fcontent = fread($fp,filesize("tpl/confirm_email.htm"));
fclose($fp);
$message = str_replace("{full_name}",$fldfull_name,$fcontent);
$message = str_replace("{confirm_url_here}",$fldconfirm_url,$message);
mail($fldemail, $email_subject, $message, "From:".$from_email."\nContent-Type: text/html");
////send email to admin
$message="Hi Admin,
";
$message.="New user was registered on hotonfacebook.com
";
$message.="Username: ".$fldusername."
";
$message.="E-Mail: ".$fldemail."
";
$db->query("select email from admins");
$db->next_record();
$fldadmin_email=$db->f("email");
mail($fldadmin_email,"hotonfacebook.com New User Registration",$message,"From:".$fldadmin_email."\nContent-Type: text/html");
$file_action="joined.php";
Header("Location: ".$file_action);
exit;
}
}
$fldact=get_param("act");
if ($fldact == 'submit_url')
{
$fldalink = strip(trim(get_param("alink")));
$db->query("update accounts set alink=".tosql($fldalink,"Text")." where id=".$HTTP_SESSION_VARS['UserID']);
}
//===============================
// PageSecurity begin
//check_security(1,'usr');
// PageSecurity end
//===============================
//===============================
//Save the name of the form and type of action into the variables
//-------------------------------
$sAction = get_param("FormAction");
$sForm = get_param("FormName");
//===============================
//===============================
// Display page
//-------------------------------
// Load HTML template for this page
//-------------------------------
$tpl = new Template($app_path);
$tpl->load_file($template_filename, "main");
//-------------------------------
// Load HTML template of Header and Footer
//-------------------------------
$tpl->load_file($header_filename, "Header");
$tpl->load_file($logo_bar_filename, "Logo_bar");
$tpl->load_file($footer_body_filename, "Footer_body");
$tpl->load_file($footer_filename, "Footer");
//-------------------------------
$tpl->set_var("FileName", $filename);
//-------------------------------
// Step through each form
//-------------------------------
header_form_show();
logo_bar_show();
footer_body_show();
footer_form_show();index_show();
//-------------------------------
// Process page templates
//-------------------------------
//-------------------------------
// Output the page to the browser
//-------------------------------
$tpl->pparse("main", false);
// Show end
//********************************************************************************
//===============================
// Display Grid Form
//-------------------------------
function index_show()
{
global $tpl;
global $db, $db1, $flderror, $HTTP_SESSION_VARS;
if ($HTTP_SESSION_VARS['UserID'] and $HTTP_SESSION_VARS['UserRights']==2)
{
$tpl->set_var("IfNotLoggedIn","");
}
else
{
$fldemail=strip(trim(get_param("email")));
$fldpasswd=strip(trim(get_param("passwd")));
$fldfull_name=strip(trim(get_param("full_name")));
$fldusername=strip(trim(get_param("username")));
$fldwho=strip(trim(get_param("who")));
$fldtos=strip(trim(get_param("tos")));
$tpl->set_var("email",$fldemail);
$tpl->set_var("passwd",'');
$tpl->set_var("full_name",$fldfull_name);
$tpl->set_var("username",$fldusername);
if ($fldwho == 'Female') {
$tpl->set_var("who_checked_female", "Checked");
$tpl->set_var("who_checked_male", "");
} else {
$tpl->set_var("who_checked_male", "Checked");
$tpl->set_var("who_checked_female", "");
}
if (strlen($flderror)) {
$tpl->set_var("error",$flderror);
$tpl->parse("Errors",false);
} else
$tpl->set_var("Errors","");
$tpl->parse("IfNotLoggedIn",false);
}
//categories
$db->query("select * from categories order by name");
while ($db->next_record())
{
$tpl->set_var("ID",$db->f("id"));
$tpl->set_var("Value",$db->f("name"));
$tpl->parse("CatsList",true);
}
//pics
$db->query("select pics.*, categories.name as cname, accounts.username from pics left join categories on (pics.fcategory_id=categories.id) left join accounts on (pics.user_id=accounts.id) order by pics.date_added desc");
if ($db->num_rows()<>0)
{
$i=1;
while ($db->next_record())
{
$block='';
$tick_tpl = new Template("./tpl");
$tick_tpl->load_file("little_tick.htm","tick");
$tick_tpl->set_var("id",$db->f("id"));
$tick_tpl->set_var("phototitle", $db->f("title"));
$tick_tpl->set_var("pic",$db->f("file_path")."/thb/".$db->f("thbfile_name"));
$tick_tpl->set_var("username", $db->f("username"));
$db1->query("select sum(rating) as s from rating where pic_id=".$db->f("id"));
$db1->next_record();
$rating = $db1->f("s");
if (!$rating) $rating=0;
$tick_tpl->set_var("rating",$rating);
if ($_SESSION['UserID'])
{
$tick_tpl->set_var("nice","javascript: rating('add','".$db->f("id")."')");
$tick_tpl->set_var("poo","javascript: rating('remove','".$db->f("id")."')");
}
else
{
$tick_tpl->set_var("nice","stm(Text[0],Style[5])");
$tick_tpl->set_var("poo","stm(Text[0],Style[5])");
}
$tick_tpl->set_var("total_views",$db->f("views"));
$tick_tpl->set_var("type",$db->f("ftype"));
$tick_tpl->set_var("category",$db->f("cname"));
$tick_tpl->parse("tick",false);
$block=$tick_tpl->ParsedBlocks["tick"];
if ($i==1)
{
$tpl->set_var("little_tick1", $block);
$i=2;
}
else
{
$tpl->set_var("little_tick2", $block);
$i=1;
$tpl->parse("List",true);
}
}
if ($i==2)
{
$tpl->set_var("little_tick2", "");
$tpl->parse("List",true);
}
}
else
{
$tpl->set_var("List","");
}
}
//===============================
?>