<% @ Language=VBScript %>
<% Option Explicit %>
<%
'****************************************************************************************
'** Copyright Notice
'**
'** Web Wiz Guide - Web Wiz Forums
'**
'** Copyright 2001-2004 Bruce Corkhill All Rights Reserved.
'**
'** This program is free software; you can modify (at your own risk) any part of it
'** under the terms of the License that accompanies this software and use it both
'** privately and commercially.
'**
'** All copyright notices must remain in tacked in the scripts and the
'** outputted HTML.
'**
'** You may use parts of this program in your own private work, but you may NOT
'** redistribute, repackage, or sell the whole or any part of this program even
'** if it is modified or reverse engineered in whole or in part without express
'** permission from the author.
'**
'** You may not pass the whole or any part of this application off as your own work.
'**
'** All links to Web Wiz Guide and powered by logo's must remain unchanged and in place
'** and must remain visible when the pages are viewed unless permission is first granted
'** by the copyright holder.
'**
'** This program is distributed in the hope that it will be useful,
'** but WITHOUT ANY WARRANTY; without even the implied warranty of
'** MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR ANY OTHER
'** WARRANTIES WHETHER EXPRESSED OR IMPLIED.
'**
'** You should have received a copy of the License along with this program;
'** if not, write to:- Web Wiz Guide, PO Box 4982, Bournemouth, BH8 8XP, United Kingdom.
'**
'**
'** No official support is available for this program but you may post support questions at: -
'** http://www.webwizguide.info/forum
'**
'** Support questions are NOT answered by e-mail ever!
'**
'** For correspondence or non support questions contact: -
'** info@webwizguide.info
'**
'** or at: -
'**
'** Web Wiz Guide, PO Box 4982, Bournemouth, BH8 8XP, United Kingdom
'**
'****************************************************************************************
'Set the response buffer to true as we maybe redirecting
Response.Buffer = True
'Dimension variables
Dim strEmail 'Holds the new users e-mail address
Dim intUsersGroupID 'Holds the users group ID
Dim blnShowEmail 'Boolean set to true if the user wishes there e-mail address to be shown
Dim strLocation 'Holds the new users location
Dim strHomepage 'Holds the new users homepage if they have one
Dim strAvatar 'Holds the avatar image
Dim strCheckUsername 'Holds the usernames from the database recordset to check against the new users requested username
Dim blnAutoLogin 'Boolean set to true if the user wants auto login trured on
Dim strImageFileExtension 'holds the file extension
Dim blnAccountReactivate 'Set to true if the users account needs to be reactivated
Dim blnSentEmail 'Set to true if the e-mail has been sent
Dim strEmailBody 'Holds the body of the welcome message e-mail
Dim strSubject 'Holds the subject of the e-mail
Dim strSignature 'Holds the signature
Dim strICQNum 'Holds the users ICQ Number
Dim strAIMAddress 'Holds the users AIM address
Dim strMSNAddress 'Holds the users MSN address
Dim strYahooAddress 'Holds the users Yahoo Address
Dim strOccupation 'Holds the users Occupation
Dim strInterests 'Holds the users Interests
Dim dtmDateOfBirth 'Holds the users Date Of Birth
Dim blnPMNotify 'Set to true if the user want email notification of PM's
Dim strSmutWord 'Holds the smut word to give better performance so we don't need to keep grabbing it form the recordset
Dim strSmutWordReplace 'Holds the smut word to be replaced with
Dim strMode 'Holds the mode of the page
Dim blnEmailOK 'Set to true if e-mail is not already in the database
Dim blnUsernameOK 'Set to true if the username requested does not already exsist
Dim intForumStartingGroup 'Holds the forum starting group ID number
Dim strEncyptedPassword 'Holds the encrypted password
Dim blnPasswordChange 'Holds if the password is changed or not
Dim blnEmailBlocked 'set to true if the email address is blocked
Dim strCheckEmailAddress 'Holds the email address to be checked
Dim lngUserProfileID 'Holds the users ID of the profile to get
Dim blnAdminMode 'Set to true if admin mode is enabled to update other members profiles
Dim blnUserActive 'Set to true if the users membership is active
Dim lngPosts 'Holds the number of posts the user has made
Dim intDOBYear 'Holds the year of birth
Dim intDOBMonth 'Holds the month of birth
Dim intDOBDay 'Holds the day of birth
Dim strRealName 'Holds the persons real name
Dim strMemberTitle 'Holds the members title
Dim dtmServerTime 'Holds the current server time
Dim lngLoopCounter 'Holds the generic loop counter for page
Dim intUpdatePartNumber 'If an update holds which part to update
Dim strTimeOffSet 'Holds the server time off set
Dim blnAttachSignature
Dim strDateFormat
Dim intTimeOffSet
Dim blnReplyNotify
Dim blnWYSIWYGEditor
Dim strImagePath
Dim blnEmoticons
'Initlise variables
blnUsernameOK = True
'If the Profile has already been edited then update the Profile
If Request.Form("postBack") Then
'******************************************
'*** Read in member details from form ***
'******************************************
'Read in the users details from the form
strUsername = Trim(Mid(Request.Form("name1"), 1, 15))
strPassword = LCase(Trim(Mid(Request.Form("password1"), 1, 15)))
strEmail = Trim(Mid(Request.Form("email"), 1, 60))
strRealName = Trim(Mid(Request.Form("realName"), 1, 27))
strLocation = Trim(Mid(Request.Form("location"), 1, 40))
strHomepage = Trim(Mid(Request.Form("homepage"), 1, 48))
strSignature = Mid(Request.Form("signature"), 1, 200)
blnAttachSignature = CBool(Request.Form("attachSig"))
'Check that the ICQ number is a number before reading it in
If isNumeric(Request.Form("ICQ")) Then strICQNum = Trim(Mid(Request.Form("ICQ"), 1, 15))
strAIMAddress = Trim(Mid(Request.Form("AIM"), 1, 60))
strMSNAddress = Trim(Mid(Request.Form("MSN"), 1, 60))
strYahooAddress = Trim(Mid(Request.Form("Yahoo"), 1, 60))
strOccupation = Mid(Request.Form("occupation"), 1, 40)
strInterests = Mid(Request.Form("interests"), 1, 130)
'Check the date of birth is a date before entering it
If Request.Form("DOBday") <> 0 AND Request.Form("DOBmonth") <> 0 AND Request.Form("DOByear") <> 0 Then
dtmDateOfBirth = CDate(DateSerial(Request.Form("DOByear"), Request.Form("DOBmonth"), Request.Form("DOBday")))
End If
blnShowEmail = CBool(Request.Form("emailShow"))
blnPMNotify = CBool(Request.Form("pmNotify"))
blnAutoLogin = CBool(Request.Form("Login"))
strDateFormat = Trim(Mid(Request.Form("dateFormat"), 1, 10))
strTimeOffSet = Trim(Mid(Request.Form("serverOffSet"), 1, 1))
intTimeOffSet = CInt(Request.Form("serverOffSetHours"))
blnReplyNotify = CBool(Request.Form("replyNotify"))
blnWYSIWYGEditor = CBool(Request.Form("ieEditor"))
blnUserActive = CBool(Request.Form("active"))
intUsersGroupID = CInt(Request.Form("group"))
lngPosts = CLng(Request.Form("posts"))
strMemberTitle = Trim(Mid(Request.Form("memTitle"), 1, 40))
'******************************************
'*** Read in the avatar ***
'******************************************
strAvatar = Trim(Mid(Request.Form("txtAvatar"), 1, 95))
'If the avatar text box is empty then read in the avatar from the list box
If strAvatar = "http://" OR strAvatar = "" Then strAvatar = Trim(Request.Form("SelectAvatar"))
'If there is no new avatar selected then get the old one if there is one
If strAvatar = "" Then strAvatar = Request.Form("oldAvatar")
'If the avatar is the blank image then the user doesn't want one
If strAvatar = strImagePath & "blank.gif" Then strAvatar = ""
'******************************************
'*** Clean up member details ***
'******************************************
'Clean up user input
strRealName = removeAllTags(strRealName)
strRealName = formatInput(strRealName)
strHomepage = formatLink(strHomepage)
strHomepage = formatInput(strHomepage)
strLocation = removeAllTags(strLocation)
strLocation = formatInput(strLocation)
strAIMAddress = formatLink(strAIMAddress)
strAIMAddress = formatInput(strAIMAddress)
strMSNAddress = formatLink(strMSNAddress)
strMSNAddress = formatInput(strMSNAddress)
strYahooAddress = formatLink(strYahooAddress)
strYahooAddress = formatInput(strYahooAddress)
strOccupation = removeAllTags(strOccupation)
strOccupation = formatInput(strOccupation)
strInterests = removeAllTags(strInterests)
strInterests = formatInput(strInterests)
'Call the function to format the signature
strSignature = FormatPost(strSignature)
'Call the function to format forum codes
strSignature = FormatForumCodes(strSignature)
'Call the filters to remove malcious HTML code
strSignature = checkHTML(strSignature)
'Strip long text strings from signature
strSignature = removeLongText(strSignature)
'If the user has not entered a hoempage then make sure the homepage variable is blank
If strHomepage = "http://" Then strHomepage = ""
strDateFormat = removeAllTags(strDateFormat)
strDateFormat = formatInput(strDateFormat)
strMemberTitle = removeAllTags(strMemberTitle)
strMemberTitle = formatInput(strMemberTitle)
'SQL safe format call
strEmail = formatSQLInput(strEmail)
'Remove any single quotes as they should not be in email addresses
strEmail = Replace(strEmail, "'", "", 1, -1, 1)
'******************************************
'*** Check the avatar is OK ***
'******************************************
'If there is no . in the link then there is no extenison and so can't be an image
If inStr(1, strAvatar, ".", 1) = 0 Then
strAvatar = ""
'Else remove malicious code and check the extension is an image extension
Else
'Call the filter for the image
strAvatar = checkImages(strAvatar)
strAvatar = formatInput(strAvatar)
End If
'******************************************
'*** Check the username is OK ***
'******************************************
'Check there is a username
If strUsername = "" Then blnUsernameOK = False
'Make sure the user has not entered disallowed usernames
If InStr(1, strUsername, "admin", vbTextCompare) Then blnUsernameOK = False
If InStr(1, strUsername, "password", vbTextCompare) Then blnUsernameOK = False
If InStr(1, strUsername, "salt", vbTextCompare) Then blnUsernameOK = False
If InStr(1, strUsername, "author", vbTextCompare) Then blnUsernameOK = False
If InStr(1, strUsername, "code", vbTextCompare) Then blnUsernameOK = False
If InStr(1, strUsername, "username", vbTextCompare) Then blnUsernameOK = False
If InStr(1, strUsername, "N0act", vbTextCompare) Then blnUsernameOK = False
'Clean up user input
strUsername = formatSQLInput(strUsername)
'******************************************
'*** Check the username is availabe ***
'******************************************
'If the username is not already written off then check it's not already gone
If blnUsernameOK Then
'Read in the the usernames from the database to check that the username does not already exsist
'Initalise the strSQL variable with an SQL statement to query the database
strSQL = "SELECT " & strDbTable & "Author.* FROM " & strDbTable & "Author WHERE " & strDbTable & "Author.Username = '" & strUsername & "';"
'Set the cursor type property of the record set to Dynamic so we can navigate through the record set
rsCommon.CursorType = 2
'Set the Lock Type for the records so that the record set is only locked when it is updated
rsCommon.LockType = 3
'Open the author table
rsCommon.Open strSQL, adoCon
'If there is a record returned from the database then the username is already used
If NOT rsCommon.EOF Then
blnUsernameOK = False
rsCommon.Close
End If
'Remove SQL safe single quote double up set in the format SQL function
strUsername = Replace(strUsername, "''", "'", 1, -1, 1)
End If
'******************************************
'*** Create a usercode ***
'******************************************
'Calculate a code for the user
strUserCode = userCode(strUsername)
'******************************************
'*** Encrypt password ***
'******************************************
'Encrypt password
If strPassword <> "" Then
'Genrate a slat value
strSalt = getSalt(Len(strPassword))
'Concatenate salt value to the password
strEncyptedPassword = strPassword & strSalt
'Encrypt the password
strEncyptedPassword = HashEncode(strEncyptedPassword)
End If
'******************************************
'*** Update datbase ***
'******************************************
'If this is new reg and the username and email is OK or this is an update then register the new user or update the rs
If blnUsernameOK Then
'Insert the user's details into the rs
With rsCommon
.AddNew
.Fields("Username") = strUsername
.Fields("Group_ID") = intUsersGroupID
.Fields("Password") = strEncyptedPassword
.Fields("Salt") = strSalt
.Fields("User_code") = strUserCode
.Fields("Author_email") = strEmail
.Fields("Real_name") = strRealName
.Fields("Location") = strLocation
.Fields("Avatar") = strAvatar
.Fields("Homepage") = strHomepage
.Fields("ICQ") = strICQNum
.Fields("AIM") = strAIMAddress
.Fields("MSN") = strMSNAddress
.Fields("Yahoo") = strYahooAddress
.Fields("Occupation") = strOccupation
.Fields("Interests") = strInterests
.Fields("DOB") = dtmDateOfBirth
.Fields("Signature") = strSignature
.Fields("Attach_signature") = blnAttachSignature
.Fields("Date_format") = strDateFormat
.Fields("Time_offset") = strTimeOffSet
.Fields("Time_offset_hours") = intTimeOffSet
.Fields("Reply_notify") = blnReplyNotify
.Fields("Rich_editor") = blnWYSIWYGEditor
.Fields("PM_notify") = blnPMNotify
.Fields("Show_email") = blnShowEmail
.Fields("Active") = blnUserActive
.Fields("Avatar_title") = strMemberTitle
.Fields("No_of_posts") = lngPosts
'Update the database with the new user's details (needed for MS Access which can be slow updating)
.Update
'Re-run the query to read in the updated recordset from the database
.Requery
End With
'******************************************
'*** Clean up ***
'******************************************
'Reset server Object
rsCommon.Close
Set rsCommon = Nothing
adoCon.Close
Set adoCon = Nothing
'******************************************
'*** Redirect to message page ***
'******************************************
'Redirect the welcome new user page
Response.Redirect("added_member.asp")
End If
End If
%>
Register New User
From here you can register a new member on the forum
Please note: This form can only be used if encrypted passwords have not been disabled.
<%
'Clean up
Set rsCommon = Nothing
adoCon.Close
Set adoCon = Nothing
'If the username is already gone diaply an error message pop-up
If blnUsernameOK = False Then
Response.Write("")
End If
%>