diff --git a/common.inc.php b/common.inc.php
index 1881804f..5ae34eaa 100644
--- a/common.inc.php
+++ b/common.inc.php
@@ -38,7 +38,7 @@ else
$prependdir="";
$sfiabversion=@file($prependdir."version.txt");
-$config['version']=$sfiabversion[0];
+$config['version']=trim($sfiabversion[0]);
//make sure the data subdirectory is writable, if its not, then we're screwed, so make sure it is!
@@ -478,10 +478,12 @@ global $config;
@@ -707,6 +709,10 @@ function outputStatus($status)
function email_send($val,$to,$sub_subject=array(),$sub_body=array())
{
+ //if our "to" doesnt look like a valid email, then forget about sending it.
+ if(!eregi('[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})', $to))
+ return;
+
$q=mysql_query("SELECT * FROM emails WHERE val='$val'");
if($r=mysql_fetch_object($q))
{
diff --git a/register_participants.php b/register_participants.php
index 4649fd66..d31b3670 100644
--- a/register_participants.php
+++ b/register_participants.php
@@ -306,29 +306,40 @@
}
else
{
- $regnum=0;
- //now create the new registration record, and assign a random/unique registration number to then.
- do
+ //they can only create a new registraiton if they have a valid email address, so lets do a quick ereg check on their email
+ if(eregi('[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})', $_SESSION['email']))
{
- //random number between
- //100000 and 999999 (six digit integer)
- $regnum=rand(100000,999999);
- $q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
- }while(mysql_num_rows($q)>0);
+
+ $regnum=0;
+ //now create the new registration record, and assign a random/unique registration number to then.
+ do
+ {
+ //random number between
+ //100000 and 999999 (six digit integer)
+ $regnum=rand(100000,999999);
+ $q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
+ }while(mysql_num_rows($q)>0);
- //actually insert it
- mysql_query("INSERT INTO registrations (num,email,start,status,year) VALUES (".
- "'$regnum',".
- "'".$_SESSION['email']."',".
- "NOW(),".
- "'new',".
- $config['FAIRYEAR'].
- ")");
+ //actually insert it
+ mysql_query("INSERT INTO registrations (num,email,start,status,year) VALUES (".
+ "'$regnum',".
+ "'".$_SESSION['email']."',".
+ "NOW(),".
+ "'new',".
+ $config['FAIRYEAR'].
+ ")");
- email_send("new_participant",$_SESSION['email'],array("FAIRNAME"=>i18n($config['fairname'])),array("REGNUM"=>$regnum));
+ email_send("new_participant",$_SESSION['email'],array("FAIRNAME"=>i18n($config['fairname'])),array("REGNUM"=>$regnum));
- echo i18n("You have been identified as a new registrant. An email has been sent to %1 which contains your new registration number. Please check your email to obtain your registration number and then enter it below:",array($_SESSION['email']),array("email address"));
- echo "";
+ echo i18n("You have been identified as a new registrant. An email has been sent to %1 which contains your new registration number. Please check your email to obtain your registration number and then enter it below:",array($_SESSION['email']),array("email address"));
+ echo "";
+ }
+ else
+ {
+ echo error(i18n("The email address you entered (%1) appears to be invalid. You must use a proper email address in order to create an account",array($_SESSION['email'])));
+ echo "".i18n("Return to participant registration")."";
+ $showform=false;
+ }
}
}