Revision 1773
Added by Dietmar about 12 years ago
save_signup.php | ||
---|---|---|
19 | 19 |
if(defined('WB_PATH') == false) |
20 | 20 |
{ |
21 | 21 |
// Stop this file being access directly |
22 |
die('<head><title>Access denied</title></head><body><h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2></body></html>');
|
|
22 |
die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
|
|
23 | 23 |
} |
24 | 24 |
/* -------------------------------------------------------- */ |
25 |
$bDebugSignup = false; |
|
26 |
if (!function_exists('ObfuscateIp')) { |
|
27 |
function ObfuscateIp() { |
|
28 |
$sClientIp = (isset($_SERVER['REMOTE_ADDR'])) |
|
29 |
? $_SERVER['REMOTE_ADDR'] : '000.000.000.000'; |
|
30 |
// $iClientIp = ip2long($sClientIp); |
|
31 |
// $sClientIp = long2ip(($iClientIp & ~65535)); |
|
32 |
return $sClientIp; |
|
33 |
} |
|
34 |
} |
|
25 | 35 |
|
26 |
|
|
27 | 36 |
if (!function_exists('emailAdmin')) { |
28 | 37 |
function emailAdmin() { |
29 | 38 |
global $database,$admin; |
... | ... | |
32 | 41 |
$sql = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` '; |
33 | 42 |
$sql .= 'WHERE `user_id`=\'1\' '; |
34 | 43 |
$retval = $database->get_one($sql); |
35 |
|
|
36 | 44 |
} |
37 | 45 |
return $retval; |
38 | 46 |
} |
39 | 47 |
} |
40 | 48 |
|
41 |
$_SESSION['username'] = ''; |
|
42 |
$_SESSION['DISPLAY_NAME'] = ''; |
|
43 |
$_SESSION['email'] = ''; |
|
44 |
$_SESSION['display_form'] = true; |
|
49 |
if (!function_exists('deleteOutdatedConfirmations')) { |
|
50 |
function deleteOutdatedConfirmations() { |
|
51 |
$sql = 'DELETE FROM `'.TABLE_PREFIX.'users` WHERE `confirm_timeout` BETWEEN 1 AND '.time(); |
|
52 |
WbDatabase::getInstance()->query($sql); |
|
53 |
} |
|
54 |
} |
|
45 | 55 |
|
46 |
if(isset($_POST['action']) && $_POST['action']=='send') { |
|
47 |
$_SESSION['username'] = strtolower(strip_tags($wb->get_post_escaped('username'))); |
|
56 |
if (!function_exists('checkPassWordConfirmCode')) { |
|
57 |
function checkPassWordConfirmCode( $sPassword, $sConfirmCode ) { |
|
58 |
if( preg_match('/[0-9a-f]{32}/i', $sConfirmCode) ) { |
|
59 |
$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` ' |
|
60 |
. 'WHERE `password`=\''.md5($sPassword).'\' ' |
|
61 |
. 'AND `confirm_code`=\''.$sConfirmCode.'\''; |
|
62 |
if( WbDatabase::getInstance()->get_one($sql)) { |
|
63 |
return true; |
|
64 |
} |
|
65 |
} |
|
66 |
return false; |
|
67 |
} |
|
68 |
} |
|
69 |
|
|
70 |
//$_SESSION['username'] = ''; |
|
71 |
//$_SESSION['DISPLAY_NAME'] = ''; |
|
72 |
//$_SESSION['email'] = ''; |
|
73 |
//$_SESSION['display_form'] = true; |
|
74 |
|
|
75 |
if(isset($_POST['action']) && $_POST['action']=='send') |
|
76 |
{ |
|
77 |
$database = WbDatabase::getInstance(); |
|
78 |
|
|
79 |
// add new fields in users |
|
80 |
$table_name = TABLE_PREFIX.'users'; |
|
81 |
$field_name = 'confirm_code'; |
|
82 |
$description = "VARCHAR( 32 ) NOT NULL DEFAULT '' AFTER `password`"; |
|
83 |
if(!$database->field_exists($table_name,$field_name)) { |
|
84 |
$database->field_add($table_name, $field_name, $description); |
|
85 |
} |
|
86 |
if($database->set_error()){ |
|
87 |
msgQueue::add($database->get_error()); |
|
88 |
} |
|
89 |
|
|
90 |
$field_name = 'confirm_timeout'; |
|
91 |
$description = "INT NOT NULL DEFAULT '0' AFTER `confirm_code`"; |
|
92 |
if(!$database->field_exists($table_name,$field_name)) { |
|
93 |
$database->field_add($table_name, $field_name, $description); |
|
94 |
} |
|
95 |
if($database->set_error()){ |
|
96 |
msgQueue::add($database->get_error()); |
|
97 |
} |
|
98 |
|
|
99 |
$_SESSION['username'] = strtolower(strip_tags($wb->get_post_escaped('login_name'))); |
|
48 | 100 |
$_SESSION['DISPLAY_NAME'] = strip_tags($wb->get_post_escaped('display_name')); |
49 | 101 |
$_SESSION['email'] = $wb->get_post('email'); |
102 |
$_SESSION['language'] = $wb->get_post('language'); |
|
50 | 103 |
|
51 |
$aErrorMsg = array(); |
|
104 |
// $aErrorMsg = array();
|
|
52 | 105 |
|
53 | 106 |
if($_SESSION['username'] != "") |
54 | 107 |
{ |
55 | 108 |
// Check if username already exists |
56 | 109 |
$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `username` = \''.$_SESSION['username'].'\''; |
57 | 110 |
if($database->get_one($sql)){ |
58 |
$aErrorMsg[] = $MESSAGE['USERS_USERNAME_TAKEN']; |
|
111 |
// $aErrorMsg[] = $MESSAGE['USERS_USERNAME_TAKEN']; |
|
112 |
msgQueue::add($MESSAGE['USERS_USERNAME_TAKEN']); |
|
59 | 113 |
$_SESSION['username'] = ''; |
60 | 114 |
} else { |
61 |
if(!preg_match('/^[a-z]{1}[a-z0-9_-]{3,}$/i', $_SESSION['username'])) { |
|
62 |
$aErrorMsg[] = $MESSAGE['USERS_NAME_INVALID_CHARS']; |
|
115 |
if(preg_match('/^[a-z]{1}[a-z0-9_-]{3,}$/i', $_SESSION['username'])==false) { |
|
116 |
// $aErrorMsg[] = $MESSAGE['USERS_NAME_INVALID_CHARS']; |
|
117 |
msgQueue::add($MESSAGE['USERS_NAME_INVALID_CHARS']); |
|
63 | 118 |
$_SESSION['username'] = ''; |
64 | 119 |
} |
65 | 120 |
} |
66 | 121 |
} else { |
67 |
$aErrorMsg[] = $MESSAGE['LOGIN_USERNAME_BLANK']; |
|
122 |
// $aErrorMsg[] = $MESSAGE['LOGIN_USERNAME_BLANK']; |
|
123 |
msgQueue::add($MESSAGE['LOGIN_USERNAME_BLANK']); |
|
68 | 124 |
} |
69 | 125 |
|
70 | 126 |
if($_SESSION['DISPLAY_NAME'] == "") { |
71 |
$aErrorMsg[] = $MESSAGE['GENERIC_FILL_IN_ALL']; |
|
127 |
// $aErrorMsg[] = $MESSAGE['GENERIC_FILL_IN_ALL']; |
|
128 |
msgQueue::add($MESSAGE['GENERIC_FILL_IN_ALL']); |
|
72 | 129 |
} |
73 | 130 |
|
74 | 131 |
if($_SESSION['email'] != "") { |
75 | 132 |
// Check if the email already exists |
76 | 133 |
$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `email` = \''.mysql_escape_string($_SESSION['email']).'\''; |
77 | 134 |
if($database->get_one($sql)){ |
78 |
$aErrorMsg[] = $MESSAGE['USERS_EMAIL_TAKEN']; |
|
135 |
// $aErrorMsg[] = $MESSAGE['USERS_EMAIL_TAKEN']; |
|
136 |
msgQueue::add($MESSAGE['USERS_EMAIL_TAKEN']); |
|
79 | 137 |
$_SESSION['email'] = ''; |
80 | 138 |
} else { |
81 | 139 |
if(!$wb->validate_email($_SESSION['email'])){ |
82 |
$aErrorMsg[] = $MESSAGE['USERS_INVALID_EMAIL']; |
|
140 |
// $aErrorMsg[] = $MESSAGE['USERS_INVALID_EMAIL']; |
|
141 |
msgQueue::add($MESSAGE['USERS_INVALID_EMAIL']); |
|
83 | 142 |
$_SESSION['email'] = ''; |
84 | 143 |
} |
85 | 144 |
} |
86 | 145 |
} else { |
87 |
$aErrorMsg[] = $MESSAGE['SIGNUP_NO_EMAIL']; |
|
146 |
// $aErrorMsg[] = $MESSAGE['SIGNUP_NO_EMAIL']; |
|
147 |
msgQueue::add($MESSAGE['SIGNUP_NO_EMAIL']); |
|
88 | 148 |
} |
89 | 149 |
|
90 |
$sServerEmail = (defined('SERVER_EMAIL') && SERVER_EMAIL != '' ? SERVER_EMAIL : emailAdmin()); |
|
91 |
// Captcha |
|
92 |
if(ENABLED_CAPTCHA) { |
|
93 |
if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){ |
|
94 |
// Check for a mismatch get email user_id |
|
95 |
if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) { |
|
96 |
$replace = array('SERVER_EMAIL' => emailAdmin() ); |
|
97 |
$aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'], $replace); |
|
150 |
if(CONFIRMED_REGISTRATION) { |
|
151 |
$iMinPassLength = 6; |
|
152 |
// receive password vars and calculate needed action |
|
153 |
$sNewPassword = $wb->get_post('new_password_1'); |
|
154 |
$sNewPassword = (is_null($sNewPassword) ? '' : $sNewPassword); |
|
155 |
$sNewPasswordRetyped = $wb->get_post('new_password_2'); |
|
156 |
$sNewPasswordRetyped= (is_null($sNewPasswordRetyped) ? '' : $sNewPasswordRetyped); |
|
157 |
// validate new password |
|
158 |
$sPwHashNew = false; |
|
159 |
if($sNewPassword != '') { |
|
160 |
if(strlen($sNewPassword) < $iMinPassLength) { |
|
161 |
// $err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT']; |
|
162 |
msgQueue::add($MESSAGE['USERS_PASSWORD_TOO_SHORT']); |
|
163 |
} else { |
|
164 |
if($sNewPassword != $sNewPasswordRetyped) { |
|
165 |
// $err_msg[] = $MESSAGE['USERS_PASSWORD_MISMATCH']; |
|
166 |
msgQueue::add($MESSAGE['USERS_PASSWORD_MISMATCH']); |
|
167 |
} else { |
|
168 |
$pattern = '/[^'.$admin->password_chars.']/'; |
|
169 |
if (preg_match($pattern, $sNewPassword)) { |
|
170 |
// $err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS']; |
|
171 |
msgQueue::add($MESSAGE['PREFERENCES_INVALID_CHARS']); |
|
172 |
}else { |
|
173 |
$sPwHashNew = md5($sNewPassword); |
|
174 |
} |
|
175 |
} |
|
98 | 176 |
} |
99 | 177 |
} else { |
100 |
$replace = array('SERVER_EMAIL'=>emailAdmin() ); |
|
101 |
$aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'],$replace ); |
|
178 |
msgQueue::add($MESSAGE['LOGIN_PASSWORD_BLANK']); |
|
102 | 179 |
} |
103 | 180 |
|
104 |
} |
|
105 |
if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); } |
|
181 |
} else { |
|
182 |
// Captcha |
|
183 |
if(ENABLED_CAPTCHA) { |
|
184 |
if(isset($_POST['captcha']) AND $_POST['captcha'] != '') |
|
185 |
{ |
|
186 |
// Check for a mismatch get email user_id |
|
187 |
if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) { |
|
188 |
$replace = array('SERVER_EMAIL' => emailAdmin() ); |
|
189 |
// $aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'], $replace); |
|
190 |
msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'], $replace)); |
|
191 |
} |
|
192 |
} else { |
|
193 |
$replace = array('SERVER_EMAIL'=>emailAdmin() ); |
|
194 |
// $aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'],$replace ); |
|
195 |
msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'],$replace )); |
|
196 |
} |
|
197 |
} |
|
198 |
if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); } |
|
106 | 199 |
|
107 |
if (sizeof($aErrorMsg)) { |
|
108 |
$aTmp = array_unshift ($aErrorMsg,''); |
|
109 |
$sMessage = implode('<li>',$aErrorMsg); |
|
110 |
?><div style="width: 100%; overflow: hidden; border: 2px #990000 solid; background-color: #ffb9b9;"> |
|
111 |
<div style="width: 100%; padding: 5px;"> |
|
112 |
<ul style="list-style-type: decimal-leading-zero;"> |
|
113 |
<?php print $sMessage ?></li> |
|
114 |
</ul> |
|
115 |
</div> |
|
116 |
</div> |
|
117 |
|
|
118 |
<?php |
|
119 |
|
|
120 |
} else { |
|
121 |
// Generate a random password then update the database with it |
|
122 |
$new_pass = ''; |
|
200 |
$sNewPassword = ''; |
|
123 | 201 |
$salt = "abchefghjkmnpqrstuvwxyz0123456789"; |
124 | 202 |
srand((double)microtime()*1000000); |
125 | 203 |
$i = 0; |
126 | 204 |
while ($i <= 7) { |
127 | 205 |
$num = rand() % 33; |
128 | 206 |
$tmp = substr($salt, $num, 1); |
129 |
$new_pass = $new_pass . $tmp;
|
|
207 |
$sNewPassword = $sNewPassword . $tmp;
|
|
130 | 208 |
$i++; |
131 | 209 |
} |
132 |
$md5_password = md5($new_pass); |
|
210 |
$sPwHashNew = md5($sNewPassword); |
|
211 |
} |
|
133 | 212 |
|
213 |
if( ($msg = msgQueue::getError()) != '') { |
|
214 |
// back to signup_form to show errors, otherwise save user and send mail |
|
215 |
} else { |
|
216 |
$get_ip = ObfuscateIp(); |
|
217 |
$get_ts = time(); |
|
134 | 218 |
$sLoginName = $_SESSION['username']; |
135 |
$sDisplayName = $_SESSION['DISPLAY_NAME']; |
|
219 |
// $sDisplayName = $_SESSION['DISPLAY_NAME']; |
|
220 |
$sDisplayName = $wb->add_slashes($_SESSION['DISPLAY_NAME']); |
|
136 | 221 |
$groups_id = FRONTEND_SIGNUP; |
137 | 222 |
$email_to = $_SESSION['email']; |
138 |
$get_ts = time(); |
|
139 |
$get_ip = $_SERVER['REMOTE_ADDR']; |
|
140 | 223 |
|
141 |
$email_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO']; |
|
142 |
$search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}'); |
|
143 |
$replace = array($sDisplayName, WEBSITE_TITLE, $sLoginName, $new_pass); |
|
144 |
$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_INFO']); |
|
224 |
// Delete outdated confirmation IDs |
|
225 |
deleteOutdatedConfirmations(); |
|
145 | 226 |
|
146 |
$email_body = ''; |
|
147 |
$recipient = preg_replace( "/[^a-z0-9 !?:;,.\/_\-=+@#$&\*\(\)]/im", "", $sDisplayName ); |
|
148 |
$email_fromname = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $recipient ); |
|
149 |
$email_body = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $mail_message ); |
|
227 |
// Create confirmation ID and Timestamp |
|
228 |
$sTimeOut = 0; // now + 24hours |
|
229 |
$sConfirmationId = ''; |
|
150 | 230 |
|
151 |
if($email_to != '') { |
|
152 |
// if($wb->mail(SERVER_EMAIL,$mail_to,$email_subject,$email_body)) { } |
|
153 |
$success = false; |
|
154 |
if( $wb->mail($sServerEmail,$email_to,$email_subject,$email_body,WB_MAILER) ) { |
|
155 |
$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` '; |
|
156 |
$sql .= 'ORDER BY `user_id` DESC '; |
|
157 |
$user_id = $database->get_one($sql)+1; |
|
231 |
if(CONFIRMED_REGISTRATION) { |
|
232 |
$sTimeOut = (string)(time() + 86400); // now + 24hours |
|
233 |
$sConfirmationId = md5(md5($sLoginName.$sTimeOut).$sTimeOut); |
|
234 |
$sConfirmedLink = WB_URL.'/account/confirm.php?id='.$sConfirmationId; |
|
235 |
$sConfirmedLink = '<a href="'.$sConfirmedLink.'">'.$sConfirmedLink.'</a>'; |
|
236 |
} |
|
158 | 237 |
|
159 |
$email_subject = $MESSAGE['SIGNUP2_NEW_USER']; |
|
160 |
$search = array('{LOGIN_EMAIL}','{LOGIN_ID}', '{SIGNUP_DATE}', '{LOGIN_NAME}', '{LOGIN_IP}'); |
|
161 |
$replace = array($email_to, $email_fromname.' ('.$user_id.')', date(DATE_FORMAT.' '.TIME_FORMAT,$get_ts ), $sLoginName, $get_ip); |
|
162 |
$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_ADMIN_INFO']); |
|
163 |
$email_body = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $mail_message ); |
|
164 |
$success_email_to = emailAdmin(); |
|
165 |
$success = $wb->mail($sServerEmail,$success_email_to,$email_subject,$email_body,$email_fromname); |
|
238 |
// Save new user |
|
239 |
$bSaveRegistration = true; |
|
240 |
|
|
241 |
$sql = 'INSERT INTO `'.TABLE_PREFIX.'users` SET '; |
|
242 |
$sql .= '`group_id` = \''.$groups_id.'\', '; |
|
243 |
$sql .= '`groups_id` = \''.$groups_id.'\', '; |
|
244 |
$sql .= '`active` = \''.(CONFIRMED_REGISTRATION ? '0' : '1').'\', '; |
|
245 |
$sql .= '`username` = \''.$sLoginName.'\', '; |
|
246 |
$sql .= '`password` = \''.$sPwHashNew.'\', '; |
|
247 |
$sql .= '`confirm_code` = \''.$sConfirmationId.'\', '; |
|
248 |
$sql .= '`confirm_timeout` = \''.$sTimeOut.'\', '; |
|
249 |
$sql .= '`display_name` = \''.$sDisplayName.'\', '; |
|
250 |
$sql .= '`email` = \''.$email_to.'\', '; |
|
251 |
$sql .= '`language` = \''.$_SESSION['language'].'\', '; |
|
252 |
$sql .= '`login_when` = \''.$get_ts.'\', '; |
|
253 |
$sql .= '`login_ip` = \''.$get_ip.'\' '; |
|
254 |
|
|
255 |
if(!$database->query($sql)) |
|
256 |
{ |
|
257 |
// cancel and break script |
|
258 |
$bSaveRegistration = false; |
|
259 |
$_SESSION['display_form'] = false; |
|
260 |
unset($_SESSION['username']); |
|
261 |
unset($_SESSION['DISPLAY_NAME']); |
|
262 |
unset($_SESSION['email']); |
|
263 |
unset($_POST); |
|
264 |
if($database->set_error()){ |
|
265 |
msgQueue::add($database->get_error()); |
|
166 | 266 |
} |
167 |
} |
|
267 |
} else { |
|
268 |
msgQueue::add($MESSAGE['SIGNUP_NEW_USER'],true); |
|
168 | 269 |
|
169 |
if($success) {
|
|
270 |
include(dirname(__FILE__).'/signup_mails.php');
|
|
170 | 271 |
|
171 |
$sql = 'INSERT INTO `'.TABLE_PREFIX.'users` SET '; |
|
172 |
$sql .= 'group_id = \''.$groups_id.'\', '; |
|
173 |
$sql .= 'groups_id = \''.$groups_id.'\', '; |
|
174 |
$sql .= 'active = \'1\', '; |
|
175 |
$sql .= 'username = \''.$sLoginName.'\', '; |
|
176 |
$sql .= 'password = \''.$md5_password.'\', '; |
|
177 |
$sql .= 'display_name = \''.$sDisplayName.'\', '; |
|
178 |
$sql .= 'email = \''.$email_to.'\', '; |
|
179 |
$sql .= 'login_when = \''.$get_ts.'\', '; |
|
180 |
$sql .= 'login_ip = \''.$get_ip.'\' '; |
|
181 |
if($database->query($sql)) { |
|
272 |
if($bSaveRegistration && $bSendRegistrationMailtoUser) { |
|
273 |
// send success message to screen, no signup form |
|
182 | 274 |
$_SESSION['display_form'] = false; |
183 |
unset($_SESSION['username']); |
|
184 |
unset($_SESSION['DISPLAY_NAME']); |
|
185 |
unset($_SESSION['email']); |
|
186 |
unset($_POST); |
|
187 |
// send msgbox |
|
188 |
?><div style="width: 100%; overflow: hidden; border: 2px #336600 solid; background-color: #ccff99;"> |
|
189 |
<div style="width: 100%; padding: 5px; text-align:center;"> |
|
190 |
<?php print $MESSAGE['SIGNUP2_SUBJECT_NEW_USER'] ?> |
|
191 |
<div style="margin: 5px auto;"><br /> |
|
192 |
<button type="button" value="cancel" onClick="javascript: window.location = '<?php print $_SESSION['HTTP_REFERER'] ?>';"><?php print $TEXT['BACK'] ?></button> |
|
193 |
</div> |
|
194 |
</div> |
|
195 |
</div> |
|
196 |
<?php |
|
197 | 275 |
} |
198 |
} |
|
276 |
|
|
277 |
} // end success $bSaveRegistration |
|
199 | 278 |
} |
200 |
} |
|
201 |
|
|
279 |
} // end $_POST['action'] |
|
280 |
// if page_id lost |
|
281 |
$page_id = isset($_SESSION['PAGE_ID']) ? $_SESSION['PAGE_ID'] : 0; |
Also available in: Unified diff
! account split html and code
+ add signup activation registering
+ add missing icons in themes