<?

include("functions.php");
include("forum_template.php");

mysql_connect($db_Hostname, $db_UserName, $db_Password) || UhOh("Can't Connect to Database: ".mysql_error());
mysql_select_db($db_Database);

$fSettings = GetSettings();

function AddMember()
{
	global $username,$password,$email,$homepage,$country,$icqnumber,$aolhandle,$msnhandle,$yahoohandle,$signature,$savepass,$timezone,$avatar;
	
	$username = trim($username);
	
	ParseRegForm();
	
	$CurrentTime = time();
	
	$username = htmlspecialchars($username);
	$password = htmlspecialchars($password);
	$email = htmlspecialchars($email);
	$homepage = htmlspecialchars($homepage);
	$icqnumber = htmlspecialchars($icqnumber);
	$aolhandle = htmlspecialchars($aolhandle);
	$yahoohandle = htmlspecialchars($yahoohandle);
	$signature = addslashes($signature);
	$savepass = htmlspecialchars($savepass);
	$msnhandle = htmlspecialchars($msnhandle);
	$avatar = htmlspecialchars($avatar);

	$query = "INSERT INTO t_users (UserName,Password,Email,Homepage,Country,ICQNumber,YahooHandle,MSNHandle,AOLHandle,Signature,NumPost,RegDate,SavePass,timezone,Avatar) ";
	$query .= "VALUES('$username','$password','$email','$homepage','$country','$icqnumber','$yahoohandle','$msnhandle','$aolhandle','$signature',0,'$CurrentTime','$savepass','$timezone','$avatar')";
	$result = mysql_query($query);
	if ($result)
		echo "Registration completed sucessfully";
	else
		{UhOh(mysql_error());}
}

function ParseRegForm()
{
	global $username,$password,$password2,$email,$txt;
	
	if ($username == "") {UhOh($txt['errNoUsername']);}
	if ($password == "") {UhOh($txt['errNoPassword']);}
	if ($email == "") {UhOh($txt['errNoEmail']);}
	if ($password != $password2) {UhOh($txt['errPasswordMismatch']);}
	
	if ((strlen($username) > 25) || (strlen($username) < 4)) {UhOh($txt['errUsernameLength']);}
	if ((strlen($password) > 15) || (strlen($password) < 4)) {UhOh($txt['errPasswordLength']);}
	if ((strlen($email) > 50) || (strlen($email) < 5)) {UhOh($txt['errEmailLength']);}
	
	if (!(eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,3}$",$email))) {UhOh($txt['errInvalidEmail']);}
	if (HasSpecialChar($username)) {UhOh($txt['errUsernameFormat']);}
	if (HasSpecialChar($password)) {UhOh($txt['errBadPassword']);}
	
	$query = "SELECT count(*) from t_users WHERE UserName ='".$username."'";
	$result = mysql_query($query);
	$row = mysql_fetch_row($result);
	if ($row[0] >= 1) { UhOh($txt['errUsernameTaken']);}

	$query = "SELECT count(*) from t_users WHERE Email ='".$email."'";
	$result = mysql_query($query);
	$row = mysql_fetch_row($result);
	if ($row[0] >= 1) { UhOh($txt['errEmailTaken']);}
}

function EditProfile()
{
	global $username,$password,$newpassword,$email,$homepage,$icqnumber,$aolhandle,$yahoohandle,$signature,$savepass,$txt,$timezone,$country,$msnhandle,$avatar;
	
	ParseEditProfForm();
	
	$UserInfo = GrabUserInfo($username);
	$ID = $UserInfo['ID'];
	
	$newpassword = htmlspecialchars($newpassword);
	$email = htmlspecialchars($email);
	$homepage = htmlspecialchars($homepage);
	$icqnumber = htmlspecialchars($icqnumber);
	$aolhandle = htmlspecialchars($aolhandle);
	$yahoohandle = htmlspecialchars($yahoohandle);
	$signature = addslashes($signature);
	$savepass = htmlspecialchars($savepass);
	$msnhandle = htmlspecialchars($msnhandle);
	$avatar = htmlspecialchars($avatar);
	if ($newpassword)
		$query = "UPDATE t_users SET Password='$newpassword',Email='$email',Homepage='$homepage',Country='$country',ICQNumber='$icqnumber',YahooHandle='$yahoohandle',MSNHandle='$msnhandle',AOLHandle='$aolhandle',Signature='$signature',SavePass='$savepass',timezone='$timezone',Avatar='$avatar' WHERE ID = '$ID'";
	else
		$query = "UPDATE t_users SET Email='$email',Homepage='$homepage',Country='$country',ICQNumber='$icqnumber',YahooHandle='$yahoohandle',MSNHandle='$msnhandle',AOLHandle='$aolhandle',Signature='$signature',SavePass='$savepass',timezone='$timezone',Avatar='$avatar' WHERE ID = '$ID'";
	$result = mysql_query($query);
	if ($result)
	{
		CookieStuff(0,$username,$newpassword);
		fHeader();
		echo $txt['ProfileEdited'];
	}
	else
		{fHeader();UhOh(mysql_error());}
}

function ParseEditProfForm()
{
	global $username,$password,$newpassword,$newpassword2,$email,$txt;
	
	if (CheckPassword($username,$password) != 1)
		{fHeader();UhOh($txt['errInvalidUser']);}

	if ($email == "") {UhOh(errNoEmail);}
	if (($newpassword) || ($newpassword2))
	{
		if ($newpassword != $newpassword2) {fHeader();UhOh($txt['errPasswordMismatch2']);}
		if ((strlen($newpassword) > 15) || (strlen($newpassword) < 4)) {fHeader();UhOh($txt['errPasswordLength']);}
		if (HasSpecialChar($newpassword)) {fHeader();UhOh($txt['errBadPassword']);}
	}
	if ((strlen($email) > 50) || (strlen($email) < 4)) {UhOh($txt['errEmailLength']);}
	if (!(eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,3}$",$email))) {fHeader();UhOh($txt['errInvalidEmail']);}
	
	$query = "SELECT count(*) from t_users WHERE Email ='".$email."'";
	$result = mysql_query($query);
	$row = mysql_fetch_row($result);
	if ($row[0] >= 2) {fHeader();UhOh($txt['errUsernameTaken']);}
}

function Login()
{
	global $username,$password,$url,$txt;
	if (HasSpecialChar($username)) {fHeader();UhOh($txt['errInvalidUser']);}
	if (HasSpecialChar($password)) {fHeader();UhOh($txt['errInvalidUser']);}
	
	if (CheckPassword($username,$password))
	{
		$query = "SELECT SavePass from t_users WHERE UserName = '$username'";
		$result = mysql_query($query);
		$row = mysql_fetch_row($result);
		if ($row[0] == 'yes')
			CookieStuff(time()+30240000,$username,$password);
		else
			CookieStuff(0,$username,$password);
		$now = time();
		$query = "UPDATE t_users SET LastActive=$now WHERE UserName LIKE '$username'";
		mysql_query($query) || die("Can't update user info. Reason: ".mysql_error());
		Redirect("Login success!  You're now being redirected to the location you were at. If you don't want to wait, <a href=\"$url\">please click here</a>",$url);
	}
	else
		{fHeader();UhOh($txt['errInvalidUser']);}
}

function Logout()
{
	global $url;
	CookieStuff(0,"Guest","");
	Redirect("Logout success!  You're now being redirected to the location you were at. If you don't want to wait, <a href=\"$url\">please click here</a>",$url);
}

function SendMail()
{
	global $fSettings,$Action,$username,$password,$subject,$message,$TopicID,$Destination,$txt;
	
	if ($username == "") {fHeader();UhOh($txt['errNeedUsername']);}
	if ($message == "") {fHeader();UhOh($txt['errEmptyMessage']);}
	if ($Destination == "") {fHeader();UhOh($txt['errNoRecipient']);}
	
	if ((strlen($username) > 25) || (strlen($username) < 4)) {fHeader();UhOh($txt['errPasswordLength']);}
	if ((strlen($Destination) > 25) || (strlen($Destination) < 4)) {fHeader();UhOh($txt['errBadDestEmail']);}
	
	if (HasSpecialChar($username)) {fHeader();UhOh($txt['errBadPassword']);}
	if (HasSpecialChar($Destination)) {fHeader();UhOh($txt['errBadDestEmail']);}
	
	if (CheckPassword($username,$password) != 1)
	{
		fHeader();
		UhOh($txt['errInvalidUser']);
	}
	else
	{
		$query = "SELECT Password,SavePass from t_users WHERE UserName = '$username'";
		$result = mysql_query($query);
		$row = mysql_fetch_array($result);
		if ($row["SavePass"] == 'yes')
			CookieStuff(time()+30240000,$username,$row["Password"]);
		else
			CookieStuff(0,$username,$row["Password"]);
		mysql_query($query);
	}
	
	$subject = htmlspecialchars($subject);
	$subject = stripslashes($subject);
	$message = stripslashes($message);

	$FromUser = GrabUserInfo($username);
	$ToUser = GrabUserInfo($Destination);
	
	mail($ToUser["UserName"]." <".$ToUser["Email"].">", $subject, $message, "From: ".$FromUser["UserName"]." <".$FromUser["Email"].">");
	
	$prevlink = $fSettings["ScriptURL"]."/member.php?Action=viewprofile&username=".rawurlencode($username);
	Redirect("Your email has been sent.  You're now being redirected to the location you were at. If you don't want to wait, <a href=\"$prevlink\">please click here</a>",$prevlink);
}

function SendPassword()
{
	global $fSettings,$username,$txt;
	
	if ($username == "") {fHeader();UhOh($txt['errNoUsername']);}
	if (HasSpecialChar($username)) {fHeader();UhOh($txt['errUsernameFormat']);}
	
	$query = "SELECT Password from t_users WHERE UserName = '$username'";
	$result = mysql_query($query);
	$row = mysql_fetch_array($result);
	if (!$row)
	{fHeader();UhOh($txt['errInvalidUser']);}
	
	$subject = "tForum Password Retrieval";
	$message = "You or someone else has filled out the lost password form for tForum at: ".$fSettings["ScriptURL"]."/index.php.\n\nYour password is: ".$row["Password"];

	$ToUser = GrabUserInfo($username);
	
	mail($ToUser["UserName"]." <".$ToUser["Email"].">", $subject, $message, "From: tForum Admin <".$fSettings["Email"].">");
	
	$prevlink = $fSettings["ScriptURL"]."/index.php";
	Redirect("Your password has been sent.  You're now being redirected to the main forum. If you don't want to wait, <a href=\"$prevlink\">please click here</a>",$prevlink);
}

if (empty($Action))
	$Action = "";

switch ($Action)
{
	case "Register":
		fHeader();
		PrintRegForm();
		fFooter();
		break;
	case "AddMember":
		fHeader();
		AddMember();
		fFooter();
		break;
	case "Login":
		Login();
		break;
	case "Logout":
		Logout();
		break;
	case "viewprofile":
		fHeader();
		ViewProfile();
		fFooter();
		break;
	case "editprofile":
		fHeader();
		PrintEditProfile();
		fFooter();
		break;
	case "editprofile2":
		EditProfile();
		fFooter();
		break;
	case "email":
		fHeader();
		PrintMailForm();
		fFooter();
		break;
	case "SendMail":
		SendMail();
		break;
	case "lostpassword":
		fHeader();
		PrintSendPasswordForm();
		fFooter();
		break;
	case "SendPassword":
		SendPassword();
		break;
	default:
		fHeader();
		UhOh("Nothing specified!");
}

?>