Project

General

Profile

« Previous | Next » 

Revision 1473

Added by Dietmar almost 13 years ago

found more backlinks to fix
remove not working ftan in frontend
fixed redirect in login procedure (Tks to mr-fan)
update droplet LoginBox, additional parameter $redirect
remove double config call in media (Tks to Testör)

View differences:

signup2.php
1 
<?php
2 
/**
3 
 *
4 
 * @category        frontend
5 
 * @package         account
6 
 * @author          WebsiteBaker Project
7 
 * @copyright       2004-2009, Ryan Djurovich
8 
 * @copyright       2009-2011, Website Baker Org. e.V.
9 
 * @link			http://www.websitebaker2.org/
10 
 * @license         http://www.gnu.org/licenses/gpl.html
11 
 * @platform        WebsiteBaker 2.8.x
12 
 * @requirements    PHP 5.2.2 and higher
13 
 * @version         $Id$
14 
 * @filesource		$HeadURL$
15 
 * @lastmodified    $Date$
16 
 *
17 
 */
18 

  		




  19
  
  
    
// Must include code to stop this file being access directly


  		




  20
  
  
    
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }


  		




  21
  
  
    

  		




  22
  
  
    
require_once(WB_PATH.'/framework/class.wb.php');


  		




  23
  
  
    
$wb = new wb('Start', 'start', false, false);


  		




  24
  
  
    

  		




  25
  
  
    
// Create new database object


  		




  26
  
  
    
// $database = new database();


  		




  27
  
  
    

  		




  28
  
  
    
// Get details entered


  		




  29
  
  
    
$groups_id = FRONTEND_SIGNUP;


  		




  30
  
  
    
$active = 1;


  		




  31
  
  
    
$username = strtolower(strip_tags($wb->get_post_escaped('username')));


  		




  32
  
  
    
$display_name = strip_tags($wb->get_post_escaped('display_name'));


  		




  33
  
  
    
$email = $wb->get_post('email');


  		




  34
  
  
    

  		




  35
  
  
    
// Create a javascript back link


  		




  36
  
  
    
$js_back = WB_URL.'/account/signup.php';


  		




  37
  
  
    

  		




  38
  
  
    
if (!$wb->checkFTAN())


  		




  39
  
  
    
{


  		




  40
  
  
    
	$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back, false);


  		




  41
  
  
    
	exit();


  		




  42
  
  
    
}


  		




  43
  
  
    

  		




  44
  
  
    
// Check values


  		




  45
  
  
    
if($groups_id == "") {


  		




  46
  
  
    
	$wb->print_error($MESSAGE['USERS']['NO_GROUP'], $js_back, false);


  		




  47
  
  
    
}


  		




  48
  
  
    
if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) {


  		




  49
  
  
    
	$wb->print_error( $MESSAGE['USERS_NAME_INVALID_CHARS'].' / '.


  		




  50
  
  
    
	                  $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back);


  		




  51
  
  
    
}


  		




  52
  
  
    
if($email != "") {


  		




  53
  
  
    
	if($wb->validate_email($email) == false) {


  		




  54
  
  
    
		$wb->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back, false);


  		




  55
  
  
    
	}


  		




  56
  
  
    
} else {


  		




  57
  
  
    
	$wb->print_error($MESSAGE['SIGNUP']['NO_EMAIL'], $js_back, false);


  		




  58
  
  
    
}


  		




  59
  
  
    

  		




  60
  
  
    
$email = $wb->add_slashes($email);


  		




  61
  
  
    

  		




  62
  
  
    
// Captcha


  		




  63
  
  
    
if(ENABLED_CAPTCHA) {


  		




  64
  
  
    
	if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){


  		




  65
  
  
    
		// Check for a mismatch


  		




  66
  
  
    
		if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {


  		




  67
  
  
    
			$wb->print_error($MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'], $js_back, false);


  		




  68
  
  
    
		}


  		




  69
  
  
    
	} else {


  		




  70
  
  
    
		$wb->print_error($MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'], $js_back, false);


  		




  71
  
  
    
	}


  		




  72
  
  
    
}


  		




  73
  
  
    
if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }


  		




  74
  
  
    

  		




  75
  
  
    
// Generate a random password then update the database with it


  		




  76
  
  
    
$new_pass = '';


  		




  77
  
  
    
$salt = "abchefghjkmnpqrstuvwxyz0123456789";


  		




  78
  
  
    
srand((double)microtime()*1000000);


  		




  79
  
  
    
$i = 0;


  		




  80
  
  
    
while ($i <= 7) {


  		




  81
  
  
    
	$num = rand() % 33;


  		




  82
  
  
    
	$tmp = substr($salt, $num, 1);


  		




  83
  
  
    
	$new_pass = $new_pass . $tmp;


  		




  84
  
  
    
	$i++;


  		




  85
  
  
    
}


  		




  86
  
  
    
$md5_password = md5($new_pass);


  		




  87
  
  
    

  		




  88
  
  
    
// Check if username already exists


  		




  89
  
  
    
$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE username = '$username'");


  		




  90
  
  
    
if($results->numRows() > 0) {


  		




  91
  
  
    
	$wb->print_error($MESSAGE['USERS']['USERNAME_TAKEN'], $js_back, false);


  		




  92
  
  
    
}


  		




  93
  
  
    

  		




  94
  
  
    
// Check if the email already exists


  		




  95
  
  
    
$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".$wb->add_slashes($email)."'");


  		




  96
  
  
    
if($results->numRows() > 0) {


  		




  97
  
  
    
	if(isset($MESSAGE['USERS']['EMAIL_TAKEN'])) {


  		




  98
  
  
    
		$wb->print_error($MESSAGE['USERS']['EMAIL_TAKEN'], $js_back, false);


  		




  99
  
  
    
	} else {


  		




  100
  
  
    
		$wb->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back, false);


  		




  101
  
  
    
	}


  		




  102
  
  
    
}


  		




  103
  
  
    

  		




  104
  
  
    
// MD5 supplied password


  		




  105
  
  
    
$md5_password = md5($new_pass);


  		




  106
  
  
    

  		




  107
  
  
    
// Inser the user into the database


  		




  108
  
  
    
$query = "INSERT INTO ".TABLE_PREFIX."users (group_id,groups_id,active,username,password,display_name,email) VALUES ('$groups_id', '$groups_id', '$active', '$username','$md5_password','$display_name','$email')";


  		




  109
  
  
    
$database->query($query);


  		




  110
  
  
    

  		




  111
  
  
    
if($database->is_error()) {


  		




  112
  
  
    
	// Error updating database


  		




  113
  
  
    
	$message = $database->get_error();


  		




  114
  
  
    
} else {


  		




  115
  
  
    
	// Setup email to send


  		




  116
  
  
    
	$mail_to = $email;


  		




  117
  
  
    
	$mail_subject = $MESSAGE['SIGNUP2']['SUBJECT_LOGIN_INFO'];


  		




  118
  
  
    

  		




  119
  
  
    
	// Replace placeholders from language variable with values


  		




  120
  
  
    
	$search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');


  		




  121
  
  
    
	$replace = array($display_name, WEBSITE_TITLE, $username, $new_pass); 


  		




  122
  
  
    
	$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2']['BODY_LOGIN_INFO']);


  		




  123
  
  
    

  		




  124
  
  
    
	// Try sending the email


  		




  125
  
  
    
	if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) { 


  		




  126
  
  
    
		$display_form = false;


  		




  127
  
  
    
		$wb->print_success($MESSAGE['FORGOT_PASS']['PASSWORD_RESET'], WB_URL.'/account/login.php' );


  		




  128
  
  
    
	} else {


  		




  129
  
  
    
		$database->query("DELETE FROM ".TABLE_PREFIX."users WHERE username = '$username'");


  		




  130
  
  
    
		$wb->print_error($MESSAGE['FORGOT_PASS']['CANNOT_EMAIL'], $js_back, false);


  		




  131
  
  
    
	}


  		




  132
  
  
    
}


  		




  133
  
  
    

  		




  134
  
  
    
?>


  		




  
  1
  
    
<?php


  		




  
  2
  
    
/**


  		




  
  3
  
    
 *


  		




  
  4
  
    
 * @category        frontend


  		




  
  5
  
    
 * @package         account


  		




  
  6
  
    
 * @author          WebsiteBaker Project


  		




  
  7
  
    
 * @copyright       2004-2009, Ryan Djurovich


  		




  
  8
  
    
 * @copyright       2009-2011, Website Baker Org. e.V.


  		




  
  9
  
    
 * @link			http://www.websitebaker2.org/


  		




  
  10
  
    
 * @license         http://www.gnu.org/licenses/gpl.html


  		




  
  11
  
    
 * @platform        WebsiteBaker 2.8.x


  		




  
  12
  
    
 * @requirements    PHP 5.2.2 and higher


  		




  
  13
  
    
 * @version         $Id$


  		




  
  14
  
    
 * @filesource		$HeadURL$


  		




  
  15
  
    
 * @lastmodified    $Date$


  		




  
  16
  
    
 *


  		




  
  17
  
    
 */


  		




  
  18
  
    

  		




  
  19
  
    
// Must include code to stop this file being access directly


  		




  
  20
  
    
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }


  		




  
  21
  
    

  		




  
  22
  
    
require_once(WB_PATH.'/framework/class.wb.php');


  		




  
  23
  
    
$wb = new wb('Start', 'start', false, false);


  		




  
  24
  
    

  		




  
  25
  
    
// Create new database object


  		




  
  26
  
    
// $database = new database();


  		




  
  27
  
    

  		




  
  28
  
    
// Get details entered


  		




  
  29
  
    
$groups_id = FRONTEND_SIGNUP;


  		




  
  30
  
    
$active = 1;


  		




  
  31
  
    
$username = strtolower(strip_tags($wb->get_post_escaped('username')));


  		




  
  32
  
    
$display_name = strip_tags($wb->get_post_escaped('display_name'));


  		




  
  33
  
    
$email = $wb->get_post('email');


  		




  
  34
  
    

  		




  
  35
  
    
// Create a javascript back link


  		




  
  36
  
    
$js_back = WB_URL.'/account/signup.php';


  		




  
  37
  
    
/*


  		




  
  38
  
    
if (!$wb->checkFTAN())


  		




  
  39
  
    
{


  		




  
  40
  
    
	$wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back, false);


  		




  
  41
  
    
	exit();


  		




  
  42
  
    
}


  		




  
  43
  
    
*/


  		




  
  44
  
    
// Check values


  		




  
  45
  
    
if($groups_id == "") {


  		




  
  46
  
    
	$wb->print_error($MESSAGE['USERS']['NO_GROUP'], $js_back, false);


  		




  
  47
  
    
}


  		




  
  48
  
    
if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) {


  		




  
  49
  
    
	$wb->print_error( $MESSAGE['USERS_NAME_INVALID_CHARS'].' / '.


  		




  
  50
  
    
	                  $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back);


  		




  
  51
  
    
}


  		




  
  52
  
    
if($email != "") {


  		




  
  53
  
    
	if($wb->validate_email($email) == false) {


  		




  
  54
  
    
		$wb->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back, false);


  		




  
  55
  
    
	}


  		




  
  56
  
    
} else {


  		




  
  57
  
    
	$wb->print_error($MESSAGE['SIGNUP']['NO_EMAIL'], $js_back, false);


  		




  
  58
  
    
}


  		




  
  59
  
    

  		




  
  60
  
    
$email = $wb->add_slashes($email);


  		




  
  61
  
    

  		




  
  62
  
    
// Captcha


  		




  
  63
  
    
if(ENABLED_CAPTCHA) {


  		




  
  64
  
    
	if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){


  		




  
  65
  
    
		// Check for a mismatch


  		




  
  66
  
    
		if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {


  		




  
  67
  
    
			$wb->print_error($MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'], $js_back, false);


  		




  
  68
  
    
		}


  		




  
  69
  
    
	} else {


  		




  
  70
  
    
		$wb->print_error($MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'], $js_back, false);


  		




  
  71
  
    
	}


  		




  
  72
  
    
}


  		




  
  73
  
    
if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }


  		




  
  74
  
    

  		




  
  75
  
    
// Generate a random password then update the database with it


  		




  
  76
  
    
$new_pass = '';


  		




  
  77
  
    
$salt = "abchefghjkmnpqrstuvwxyz0123456789";


  		




  
  78
  
    
srand((double)microtime()*1000000);


  		




  
  79
  
    
$i = 0;


  		




  
  80
  
    
while ($i <= 7) {


  		




  
  81
  
    
	$num = rand() % 33;


  		




  
  82
  
    
	$tmp = substr($salt, $num, 1);


  		




  
  83
  
    
	$new_pass = $new_pass . $tmp;


  		




  
  84
  
    
	$i++;


  		




  
  85
  
    
}


  		




  
  86
  
    
$md5_password = md5($new_pass);


  		




  
  87
  
    

  		




  
  88
  
    
// Check if username already exists


  		




  
  89
  
    
$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE username = '$username'");


  		




  
  90
  
    
if($results->numRows() > 0) {


  		




  
  91
  
    
	$wb->print_error($MESSAGE['USERS']['USERNAME_TAKEN'], $js_back, false);


  		




  
  92
  
    
}


  		




  
  93
  
    

  		




  
  94
  
    
// Check if the email already exists


  		




  
  95
  
    
$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".$wb->add_slashes($email)."'");


  		




  
  96
  
    
if($results->numRows() > 0) {


  		




  
  97
  
    
	if(isset($MESSAGE['USERS']['EMAIL_TAKEN'])) {


  		




  
  98
  
    
		$wb->print_error($MESSAGE['USERS']['EMAIL_TAKEN'], $js_back, false);


  		




  
  99
  
    
	} else {


  		




  
  100
  
    
		$wb->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back, false);


  		




  
  101
  
    
	}


  		




  
  102
  
    
}


  		




  
  103
  
    

  		




  
  104
  
    
// MD5 supplied password


  		




  
  105
  
    
$md5_password = md5($new_pass);


  		




  
  106
  
    

  		




  
  107
  
    
// Inser the user into the database


  		




  
  108
  
    
$query = "INSERT INTO ".TABLE_PREFIX."users (group_id,groups_id,active,username,password,display_name,email) VALUES ('$groups_id', '$groups_id', '$active', '$username','$md5_password','$display_name','$email')";


  		




  
  109
  
    
$database->query($query);


  		




  
  110
  
    

  		




  
  111
  
    
if($database->is_error()) {


  		




  
  112
  
    
	// Error updating database


  		




  
  113
  
    
	$message = $database->get_error();


  		




  
  114
  
    
} else {


  		




  
  115
  
    
	// Setup email to send


  		




  
  116
  
    
	$mail_to = $email;


  		




  
  117
  
    
	$mail_subject = $MESSAGE['SIGNUP2']['SUBJECT_LOGIN_INFO'];


  		




  
  118
  
    

  		




  
  119
  
    
	// Replace placeholders from language variable with values


  		




  
  120
  
    
	$search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');


  		




  
  121
  
    
	$replace = array($display_name, WEBSITE_TITLE, $username, $new_pass); 


  		




  
  122
  
    
	$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2']['BODY_LOGIN_INFO']);


  		




  
  123
  
    

  		




  
  124
  
    
	// Try sending the email


  		




  
  125
  
    
	if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) { 


  		




  
  126
  
    
		$display_form = false;


  		




  
  127
  
    
		$wb->print_success($MESSAGE['FORGOT_PASS']['PASSWORD_RESET'], WB_URL.'/account/login.php' );


  		




  
  128
  
    
	} else {


  		




  
  129
  
    
		$database->query("DELETE FROM ".TABLE_PREFIX."users WHERE username = '$username'");


  		




  
  130
  
    
		$wb->print_error($MESSAGE['FORGOT_PASS']['CANNOT_EMAIL'], $js_back, false);


  		




  
  131
  
    
	}


  		




  
  132
  
    
}


  		




  
  133
  
    

  		












Also available in:  Unified diff