<?php
$body = "";
$email_to = "joinus@sucs.org";
$_REQUEST['email'] = str_replace("\n", "", $_REQUEST['email']);
$headers = "From: ".$_REQUEST['email']."\n"."Reply-to: ".$_REQUEST['email'];
$subject = "Join request for user ".$_REQUEST['uname'];

// Perform data integrity checks

// Full name
if (ereg("[:/<>]", $_REQUEST['realname'])) {
	$body .= "<p>That's a suspiciously unusual-looking name, <strong>" . htmlentities($_REQUEST['realname']) . "</strong>.</p>\n";
	$body .= "<p>Please click <em>Back</em> and correct it.</p>\n";
} else {
// Student number
if (!is_numeric($_REQUEST['student_number']) || strlen($_REQUEST['student_number']) <>  6) {
	$body .= "<p>The student number <strong>" . htmlentities($_REQUEST['student_number']) . "</strong> appears not to be valid.</p>\n";
	$body .= "<p>Please click <em>Back</em> and correct it.</p>\n";
} else {
// Email address
	list($username, $maildomain) = split("@", $_REQUEST['email']);
	if (!checkdnsrr($maildomain, "MX") && !checkdnsrr($maildomain)) {
		$body .= "<p>The email address <strong>" . htmlentities($_REQUEST['email']) . "</strong> appears not to be valid.</p>\n";
		$body .= "<p>Please click <em>Back</em> and correct it.</p>\n";
	} else {
// Username
		// This test is rather inadequate. Needs improving
		if (ereg("[:/<>]", $_REQUEST['uname'])) {
			$body .= "<p>Usernames can only contain letters, numbers and underscores(_).</p>\n";
			$body .= "<p>Please click <em>Back</em> and choose a different one.</p>\n";
		} else {
// We're good to go
			$address = "http";
			if ($_SERVER['HTTPS']) $address .= "s";
			$address .= "://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ;
			$email_body = "This email was automatically created by the SUCS Website.\n\n";
			$email_body .= "It was created by " . $address . "\n";
			$email_body .= "from IP " . $_SERVER['REMOTE_ADDR'] . " on " . date("r") . "\n\n";
			$email_body .= "The details of the request are as follows:\n\n";
			$email_body .= "  Real name ............ {$_REQUEST['realname']}\n";
			$email_body .= "  Student number ....... {$_REQUEST['student_number']}\n";
			$email_body .= "  Email address ........ {$_REQUEST['email']}\n";
			$email_body .= "  Requested username ... {$_REQUEST['uname']}\n\n";
			$email_body .= "Please reply to this email, providing the user with details of\n";
			$email_body .= "how to join.\n\n";
			$email_body .= "-- \nSUCS Website\n";

			mail($email_to, $subject, $email_body, $headers);

			$body .= "<p>Thank you for your request to join SUCS.</p>";
			$body .= "<p>Someone from our admin team will email you shortly.</p>";
		} // username
	} // email
} // student number
} // full name

$smarty->assign("body", $body);
$smarty->assign("title", "Joining");
$pathlist[2] = "Joining";
$smarty->assign("subselect", "Joining");
?>