<?php

##
#
# Jisko: An open-source microblogging application
# Copyright (C) 2008  Rubén Díaz <outime@gmail.com> & Matías Parodi <mparodilabs@gmail.com>
# 
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
##

if (!defined("SECURITY")) { exit; }
if ($_SESSION['LOGIN'] === true) header("Location: {$base}notes");

require_once('includes/recaptchalib.php');

if ($_POST) {

	$token = safe_str($_POST['id'], true);

	if (!empty($token)) {

		$sql = "
			SELECT `tokens`.*
			FROM `tokens`
			WHERE ((`tokens`.`token` = '" . $token . "') AND (`tokens`.`type` = 'invitation'));";
		$result = mysql_query($sql);
		$row = mysql_fetch_assoc($result);
		mysql_free_result($result);

		if (mysql_affected_rows() == 1) {
			if (get_seconds($row['date']) <= 86400) {

				$username = safe_str($_POST['username'], true);
				$email = safe_str($_POST['email'], true);
				$password = safe_str($_POST['password']);
				$repeat_password = safe_str($_POST['repeat_password']);
				$form_err = '';

				$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);

				$sql = "SELECT `users`.* FROM `users` WHERE (`users`.`username` = '" . $username . "')";
				$user_taken = mysql_query($sql);
				mysql_free_result($user_taken);

				if (mysql_affected_rows() == 0) {

					$sql = "SELECT `users`.* FROM `users` WHERE (`users`.`email` = '" . $email . "')";
					$email_taken = mysql_query($sql);
					mysql_free_result($email_taken);

					if (mysql_affected_rows() == 0) {
						if ($resp->is_valid) {
							if ((!empty($username)) and (!empty($email)) and (!empty($password)) and (!empty($repeat_password))) {
								if ((strlen($username) >= 3) and (strlen($username) <= 15)) {
									if ((strlen($password) >= 6) and (strlen($password) <= 15)) {
										if ($password == $repeat_password) {
											if (preg_match('/^[a-z0-9]{3,15}$/i', $username)) {
												if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
													if (in_array($username, $forbidden_usernames) === false) {

														$salt = substr(md5(rand()), 0, 5);
														$new_password = md5(md5($password) . md5($salt));

														$api = substr(md5(rand()), 0, 8);

														$sql = "INSERT INTO `users` (`username`, `password`, `api`, `salt`, `email`, `karma`, `avatar`, `register_date`, `last_login`, `last_ip`) VALUES ('" . $username . "', '" . $new_password . "', '" . $api . "', '" . $salt . "', '" . $email . "', '" . $CONFIG['DEFAULT_KARMA'] . "', '', UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), '" . $_SERVER['REMOTE_ADDR'] . "')";
														mysql_query($sql);

														$_SESSION['LOGIN'] = true;
														$_SESSION['ID_USER'] = mysql_insert_id();
														$_SESSION['API'] = $api;
														$_SESSION['USERNAME'] = $username;
														$_SESSION['EMAIL'] = $email;

														setcookie("Jisko[SID]", md5(md5(SID) . md5($row['salt'])), time() + 86400, '/');
														setcookie("Jisko[USERNAME]", $row['username'], time() + 86400, '/');
														$sql = "INSERT INTO `sessions` (`sid`, `timestamp`, `id_user`, `api`, `username`) VALUES ('" . md5(md5(SID) . md5($row['salt'])) . "', UNIX_TIMESTAMP(), '" . $_SESSION['ID_USER'] . "', '" . $_SESSION['API'] . "', '" . $_SESSION['USERNAME'] . "');";
														mysql_query($sql);

														$sql = "DELETE FROM `tokens` WHERE (`tokens`.`token` = '" . $token . "') LIMIT 1;";
														mysql_query($sql);

														$old_msg_body = sprintf(_("¡Bienvenid@ a Jisko! Estas son tus credenciales:\n\nUsuario: %s\nContraseña: (la que facilitaste)\n\nEsperemos que disfrutes del servicio y que nos ayudes a mejorarlo.\n--\nAdministración de Jisko (<a href=\"mailto:%s\">%s</a>)"), $username, $CONFIG['EMAIL_CONTACT'], $CONFIG['EMAIL_CONTACT']);
														$msg_body = ereg_replace("\n", "<br>", $old_msg_body);

														$subject = _('Registro en Jisko');

														$headers = "MIME-Version: 1.0\r\n"; 
														$headers .= "Content-type: text/html; UTF-8\r\n"; 
														$headers .= "From: Jisko <" . $CONFIG['EMAIL_CONTACT'] . ">";

														@ mail($email, $subject, $msg_body, $headers);

														header("Location: {$base}notes");

													} else { $register_err = _('Usuario inválido'); }
												} else { $register_err = _('E-mail inválido'); }
											} else { $register_err = _('Usuario inválido'); }
										} else { $register_err = _('Las contraseñas no coinciden'); }
									} else { $register_err = _('La contraseña debe de tener entre 6 y 15 caracteres'); }
								} else { $register_err = _('El usuario debe de tener entre 3 y 12 caracteres'); }
							} else { $register_err = _('Todos los campos son obligatorios'); }
						} else { $register_err = _('Código incorrecto'); }
					} else { $register_err = _('El correo electrónico está en uso'); }
				} else { $register_err = _('El nombre de usuario está en uso'); }
			} else {
				$sql = "DELETE FROM `tokens` WHERE (`tokens`.`token` = '" . $token . "') LIMIT 1;";
				$result = mysql_query($sql);
				echo '<div id="warning">' . _('Código de confirmación caducado') . '</div>';
			}
		} else { echo '<div id="failed">' . _('Invitación inválida.') . '</div>'; }
	} else { echo '<div id="failed">' . _('Necesitas una invitación válida para entrar en Jisko.') . '</div>'; }
}

if (!empty($_GET['id'])) {
	$token = safe_str($_GET['id'], true);
} else if (!empty($_POST['id'])) {
	$token = safe_str($_POST['id'], true);
} else {
	$token = '';
}

if (!empty($token)) {

	$sql = "
		SELECT `tokens`.*
		FROM `tokens`
		WHERE ((`tokens`.`token` = '" . $token . "') AND (`tokens`.`type` = 'invitation'));";
	$result = mysql_query($sql);
	$row = mysql_fetch_assoc($result);
	mysql_free_result($result);

	if (mysql_affected_rows() == 1) {
		if (get_seconds($row['date']) <= 86400) {
?>

		<script>
			var RecaptchaOptions = { theme : 'white', lang : 'es', };
		</script>

		<div class="orange_box_register">
			<img src="images/headers/register2.png">
			<form action="register" method="post">
				<input name="id" type="hidden" value="<?php echo $token; ?>">
				<?php if (!empty($register_err)) echo '<div id="failed">' . $register_err . '</div>'; ?>
				<input name="username" type="text" class="blue_input" value="<?= $username; ?>"> <?=_('usuario')?><br>
				<div class="register_field">
					<input name="email" type="text" class="blue_input" value="<?= $email; ?>"> <?=_('e-mail')?><br>
				</div>
				<div class="register_field">
					<input name="password" type="password" class="blue_input" value=""> <?=_('contraseña')?><br>
				</div>
				<div class="register_field">
					<input name="repeat_password" type="password" class="blue_input" value=""> <?=_('contraseña (otra vez)')?><br>
				</div>
				<div class="register_field">
					<?php echo recaptcha_get_html($publickey); ?><br>
				</div>
				<input type="submit" value="<?=_('Registro')?>" class="blue_submit">
			</form>
			<div class="separator"></div>
		</div>

<?php

		} else {
			$sql = "DELETE FROM `tokens` WHERE (`tokens`.`token` = '" . $token . "') LIMIT 1;";
			$result = mysql_query($sql);
			echo '<div id="warning">' . _('Código de confirmación caducado') . '</div>';
		}
	} else { echo '<div id="failed">' . _('Invitación inválida.') . '</div>'; }
} else { echo '<div id="failed">' . _('Necesitas una invitación válida para entrar en Jisko.') . '</div>'; }

?>