Project

General

Profile

« Previous | Next » 

Revision 1773

Added by Dietmar about 12 years ago

! account split html and code
+ add signup activation registering
+ add missing icons in themes

View differences:

save_signup.php
19 19
if(defined('WB_PATH') == false)
20 20
{
21 21
	// Stop this file being access directly
22
		die('<head><title>Access denied</title></head><body><h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2></body></html>');
22
		die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
23 23
}
24 24
/* -------------------------------------------------------- */
25
$bDebugSignup = false;
26
if (!function_exists('ObfuscateIp')) {
27
	function ObfuscateIp() {
28
	    $sClientIp = (isset($_SERVER['REMOTE_ADDR']))
29
	                         ? $_SERVER['REMOTE_ADDR'] : '000.000.000.000';
30
//	    $iClientIp = ip2long($sClientIp);
31
//	    $sClientIp = long2ip(($iClientIp & ~65535));
32
	    return $sClientIp;
33
	}
34
}
25 35

  
26

  
27 36
if (!function_exists('emailAdmin')) {
28 37
	function emailAdmin() {
29 38
		global $database,$admin;
......
32 41
			$sql  = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
33 42
			$sql .= 'WHERE `user_id`=\'1\' ';
34 43
	        $retval = $database->get_one($sql);
35

  
36 44
        }
37 45
		return $retval;
38 46
	}
39 47
}
40 48

  
41
$_SESSION['username'] = '';
42
$_SESSION['DISPLAY_NAME'] = '';
43
$_SESSION['email'] = '';
44
$_SESSION['display_form'] = true;
49
if (!function_exists('deleteOutdatedConfirmations')) {
50
	function deleteOutdatedConfirmations() {
51
		$sql = 'DELETE FROM `'.TABLE_PREFIX.'users` WHERE `confirm_timeout` BETWEEN 1 AND '.time();
52
		WbDatabase::getInstance()->query($sql);
53
	}
54
}
45 55

  
46
if(isset($_POST['action']) && $_POST['action']=='send') {
47
	$_SESSION['username'] = strtolower(strip_tags($wb->get_post_escaped('username')));
56
if (!function_exists('checkPassWordConfirmCode')) {
57
	function checkPassWordConfirmCode( $sPassword, $sConfirmCode ) {
58
		if( preg_match('/[0-9a-f]{32}/i', $sConfirmCode) ) {
59
			$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` '
60
			     . 'WHERE `password`=\''.md5($sPassword).'\' '
61
			     .       'AND `confirm_code`=\''.$sConfirmCode.'\'';
62
			if( WbDatabase::getInstance()->get_one($sql)) {
63
				return true;
64
			}
65
		}
66
		return false;
67
	}
68
}
69

  
70
//$_SESSION['username'] = '';
71
//$_SESSION['DISPLAY_NAME'] = '';
72
//$_SESSION['email'] = '';
73
//$_SESSION['display_form'] = true;
74

  
75
if(isset($_POST['action']) && $_POST['action']=='send')
76
{
77
	$database = WbDatabase::getInstance();
78

  
79
// add new fields in users
80
	$table_name = TABLE_PREFIX.'users';
81
	$field_name = 'confirm_code';
82
	$description = "VARCHAR( 32 ) NOT NULL DEFAULT '' AFTER `password`";
83
	if(!$database->field_exists($table_name,$field_name)) {
84
		$database->field_add($table_name, $field_name, $description);
85
	}
86
	if($database->set_error()){
87
		msgQueue::add($database->get_error());
88
	}
89

  
90
	$field_name = 'confirm_timeout';
91
	$description = "INT NOT NULL DEFAULT '0' AFTER `confirm_code`";
92
	if(!$database->field_exists($table_name,$field_name)) {
93
		$database->field_add($table_name, $field_name, $description);
94
	}
95
	if($database->set_error()){
96
		msgQueue::add($database->get_error());
97
	}
98

  
99
	$_SESSION['username'] = strtolower(strip_tags($wb->get_post_escaped('login_name')));
48 100
	$_SESSION['DISPLAY_NAME'] = strip_tags($wb->get_post_escaped('display_name'));
49 101
	$_SESSION['email'] = $wb->get_post('email');
102
	$_SESSION['language'] = $wb->get_post('language');
50 103

  
51
	$aErrorMsg = array();
104
//	$aErrorMsg = array();
52 105

  
53 106
	if($_SESSION['username'] != "")
54 107
	{
55 108
		// Check if username already exists
56 109
		$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `username` = \''.$_SESSION['username'].'\'';
57 110
		if($database->get_one($sql)){
58
			$aErrorMsg[] = $MESSAGE['USERS_USERNAME_TAKEN'];
111
//			$aErrorMsg[] = $MESSAGE['USERS_USERNAME_TAKEN'];
112
			msgQueue::add($MESSAGE['USERS_USERNAME_TAKEN']);
59 113
			$_SESSION['username'] = '';
60 114
		} else {
61
			if(!preg_match('/^[a-z]{1}[a-z0-9_-]{3,}$/i', $_SESSION['username'])) {
62
				$aErrorMsg[] = $MESSAGE['USERS_NAME_INVALID_CHARS'];
115
			if(preg_match('/^[a-z]{1}[a-z0-9_-]{3,}$/i', $_SESSION['username'])==false) {
116
//				$aErrorMsg[] = $MESSAGE['USERS_NAME_INVALID_CHARS'];
117
				msgQueue::add($MESSAGE['USERS_NAME_INVALID_CHARS']);
63 118
				$_SESSION['username'] = '';
64 119
		 	}
65 120
		}
66 121
	} else {
67
		$aErrorMsg[] = $MESSAGE['LOGIN_USERNAME_BLANK'];
122
//		$aErrorMsg[] = $MESSAGE['LOGIN_USERNAME_BLANK'];
123
		msgQueue::add($MESSAGE['LOGIN_USERNAME_BLANK']);
68 124
	}
69 125

  
70 126
	if($_SESSION['DISPLAY_NAME'] == "") {
71
		$aErrorMsg[] = $MESSAGE['GENERIC_FILL_IN_ALL'];
127
//		$aErrorMsg[] = $MESSAGE['GENERIC_FILL_IN_ALL'];
128
		msgQueue::add($MESSAGE['GENERIC_FILL_IN_ALL']);
72 129
	}
73 130

  
74 131
	if($_SESSION['email'] != "") {
75 132
		// Check if the email already exists
76 133
		$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `email` = \''.mysql_escape_string($_SESSION['email']).'\'';
77 134
		if($database->get_one($sql)){
78
			$aErrorMsg[] = $MESSAGE['USERS_EMAIL_TAKEN'];
135
//			$aErrorMsg[] = $MESSAGE['USERS_EMAIL_TAKEN'];
136
			msgQueue::add($MESSAGE['USERS_EMAIL_TAKEN']);
79 137
			$_SESSION['email'] = '';
80 138
		} else {
81 139
			if(!$wb->validate_email($_SESSION['email'])){
82
				$aErrorMsg[] = $MESSAGE['USERS_INVALID_EMAIL'];
140
//				$aErrorMsg[] = $MESSAGE['USERS_INVALID_EMAIL'];
141
				msgQueue::add($MESSAGE['USERS_INVALID_EMAIL']);
83 142
				$_SESSION['email'] = '';
84 143
			}
85 144
		}
86 145
	} else {
87
		$aErrorMsg[] = $MESSAGE['SIGNUP_NO_EMAIL'];
146
//		$aErrorMsg[] = $MESSAGE['SIGNUP_NO_EMAIL'];
147
		msgQueue::add($MESSAGE['SIGNUP_NO_EMAIL']);
88 148
	}
89 149

  
90
	$sServerEmail = (defined('SERVER_EMAIL') && SERVER_EMAIL != '' ? SERVER_EMAIL : emailAdmin());
91
	// Captcha
92
	if(ENABLED_CAPTCHA) {
93
		if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
94
			// Check for a mismatch get email user_id
95
			if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
96
				$replace = array('SERVER_EMAIL' => emailAdmin() );
97
				$aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'], $replace);
150
	if(CONFIRMED_REGISTRATION) {
151
		$iMinPassLength = 6;
152
// receive password vars and calculate needed action
153
		$sNewPassword = $wb->get_post('new_password_1');
154
		$sNewPassword = (is_null($sNewPassword) ? '' : $sNewPassword);
155
		$sNewPasswordRetyped = $wb->get_post('new_password_2');
156
		$sNewPasswordRetyped= (is_null($sNewPasswordRetyped) ? '' : $sNewPasswordRetyped);
157
// validate new password
158
		$sPwHashNew = false;
159
		if($sNewPassword != '') {
160
			if(strlen($sNewPassword) < $iMinPassLength) {
161
//				$err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];
162
				msgQueue::add($MESSAGE['USERS_PASSWORD_TOO_SHORT']);
163
			} else {
164
				if($sNewPassword != $sNewPasswordRetyped) {
165
//					$err_msg[] = $MESSAGE['USERS_PASSWORD_MISMATCH'];
166
					msgQueue::add($MESSAGE['USERS_PASSWORD_MISMATCH']);
167
				} else {
168
					$pattern = '/[^'.$admin->password_chars.']/';
169
					if (preg_match($pattern, $sNewPassword)) {
170
//						$err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];
171
						msgQueue::add($MESSAGE['PREFERENCES_INVALID_CHARS']);
172
					}else {
173
						$sPwHashNew = md5($sNewPassword);
174
					}
175
				}
98 176
			}
99 177
		} else {
100
			$replace = array('SERVER_EMAIL'=>emailAdmin() );
101
			$aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'],$replace );
178
			msgQueue::add($MESSAGE['LOGIN_PASSWORD_BLANK']);
102 179
		}
103 180

  
104
	}
105
	if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
181
	} else {
182
		// Captcha
183
		if(ENABLED_CAPTCHA) {
184
			if(isset($_POST['captcha']) AND $_POST['captcha'] != '')
185
			{
186
				// Check for a mismatch get email user_id
187
				if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
188
					$replace = array('SERVER_EMAIL' => emailAdmin() );
189
	//				$aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'], $replace);
190
					msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'], $replace));
191
				}
192
			} else {
193
				$replace = array('SERVER_EMAIL'=>emailAdmin() );
194
	//			$aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'],$replace );
195
				msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'],$replace ));
196
			}
197
		}
198
		if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
106 199

  
107
	if (sizeof($aErrorMsg)) {
108
		$aTmp = array_unshift ($aErrorMsg,'');
109
		$sMessage = implode('<li>',$aErrorMsg);
110
?><div style="width: 100%; overflow: hidden; border: 2px #990000 solid; background-color: #ffb9b9;">
111
	<div style="width: 100%; padding: 5px;">
112
<ul style="list-style-type: decimal-leading-zero;">
113
	<?php print $sMessage ?></li>
114
</ul>
115
	</div>
116
</div>
117

  
118
<?php
119

  
120
	} else {
121
		// Generate a random password then update the database with it
122
		$new_pass = '';
200
		$sNewPassword = '';
123 201
		$salt = "abchefghjkmnpqrstuvwxyz0123456789";
124 202
		srand((double)microtime()*1000000);
125 203
		$i = 0;
126 204
		while ($i <= 7) {
127 205
			$num = rand() % 33;
128 206
			$tmp = substr($salt, $num, 1);
129
			$new_pass = $new_pass . $tmp;
207
			$sNewPassword = $sNewPassword . $tmp;
130 208
			$i++;
131 209
		}
132
		$md5_password = md5($new_pass);
210
		$sPwHashNew = md5($sNewPassword);
211
	}
133 212

  
213
	if( ($msg = msgQueue::getError()) != '') {
214
// back to signup_form to show errors, otherwise save user and send mail
215
	} else {
216
		$get_ip = ObfuscateIp();
217
		$get_ts = time();
134 218
		$sLoginName = $_SESSION['username'];
135
		$sDisplayName = $_SESSION['DISPLAY_NAME'];
219
//		$sDisplayName = $_SESSION['DISPLAY_NAME'];
220
		$sDisplayName = $wb->add_slashes($_SESSION['DISPLAY_NAME']);
136 221
		$groups_id = FRONTEND_SIGNUP;
137 222
		$email_to = $_SESSION['email'];
138
		$get_ts = time();
139
		$get_ip = $_SERVER['REMOTE_ADDR'];
140 223

  
141
		$email_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO'];
142
		$search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}');
143
		$replace = array($sDisplayName, WEBSITE_TITLE, $sLoginName, $new_pass);
144
		$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_INFO']);
224
// Delete outdated confirmation IDs
225
		deleteOutdatedConfirmations();
145 226

  
146
		$email_body = '';
147
		$recipient = preg_replace( "/[^a-z0-9 !?:;,.\/_\-=+@#$&\*\(\)]/im", "", $sDisplayName );
148
		$email_fromname = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $recipient );
149
		$email_body = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $mail_message );
227
// Create confirmation ID and Timestamp
228
		$sTimeOut = 0; // now + 24hours
229
		$sConfirmationId = '';
150 230

  
151
		if($email_to != '') {
152
// 	if($wb->mail(SERVER_EMAIL,$mail_to,$email_subject,$email_body)) { }
153
			$success = false;
154
			if(	$wb->mail($sServerEmail,$email_to,$email_subject,$email_body,WB_MAILER) ) {
155
				$sql  = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` ';
156
				$sql .= 'ORDER BY `user_id` DESC ';
157
		        $user_id = $database->get_one($sql)+1;
231
		if(CONFIRMED_REGISTRATION) {
232
			$sTimeOut = (string)(time() + 86400); // now + 24hours
233
			$sConfirmationId = md5(md5($sLoginName.$sTimeOut).$sTimeOut);
234
			$sConfirmedLink = WB_URL.'/account/confirm.php?id='.$sConfirmationId;
235
            $sConfirmedLink = '<a href="'.$sConfirmedLink.'">'.$sConfirmedLink.'</a>';
236
		}
158 237

  
159
				$email_subject = $MESSAGE['SIGNUP2_NEW_USER'];
160
				$search = array('{LOGIN_EMAIL}','{LOGIN_ID}', '{SIGNUP_DATE}', '{LOGIN_NAME}', '{LOGIN_IP}');
161
				$replace = array($email_to, $email_fromname.' ('.$user_id.')', date(DATE_FORMAT.' '.TIME_FORMAT,$get_ts ), $sLoginName, $get_ip);
162
				$mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_ADMIN_INFO']);
163
				$email_body = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $mail_message );
164
				$success_email_to = emailAdmin();
165
 				$success = $wb->mail($sServerEmail,$success_email_to,$email_subject,$email_body,$email_fromname);
238
// Save new user
239
		$bSaveRegistration = true;
240

  
241
		$sql  = 'INSERT INTO `'.TABLE_PREFIX.'users` SET ';
242
		$sql .= '`group_id` = \''.$groups_id.'\', ';
243
		$sql .= '`groups_id` = \''.$groups_id.'\', ';
244
		$sql .= '`active` = \''.(CONFIRMED_REGISTRATION ? '0' : '1').'\', ';
245
		$sql .= '`username` = \''.$sLoginName.'\', ';
246
		$sql .= '`password` = \''.$sPwHashNew.'\', ';
247
		$sql .= '`confirm_code` = \''.$sConfirmationId.'\', ';
248
		$sql .= '`confirm_timeout` = \''.$sTimeOut.'\', ';
249
		$sql .= '`display_name` = \''.$sDisplayName.'\', ';
250
		$sql .= '`email` = \''.$email_to.'\', ';
251
		$sql .= '`language` = \''.$_SESSION['language'].'\', ';
252
		$sql .= '`login_when` = \''.$get_ts.'\', ';
253
		$sql .= '`login_ip` = \''.$get_ip.'\' ';
254

  
255
		if(!$database->query($sql))
256
		{
257
// cancel and break script
258
			$bSaveRegistration = false;
259
			$_SESSION['display_form'] = false;
260
			unset($_SESSION['username']);
261
			unset($_SESSION['DISPLAY_NAME']);
262
			unset($_SESSION['email']);
263
			unset($_POST);
264
			if($database->set_error()){
265
				msgQueue::add($database->get_error());
166 266
			}
167
		}
267
		} else {
268
			msgQueue::add($MESSAGE['SIGNUP_NEW_USER'],true);
168 269

  
169
		if($success) {
270
			include(dirname(__FILE__).'/signup_mails.php');
170 271

  
171
			$sql  = 'INSERT INTO `'.TABLE_PREFIX.'users` SET ';
172
			$sql .= 'group_id = \''.$groups_id.'\', ';
173
			$sql .= 'groups_id = \''.$groups_id.'\', ';
174
			$sql .= 'active = \'1\', ';
175
			$sql .= 'username = \''.$sLoginName.'\', ';
176
			$sql .= 'password = \''.$md5_password.'\', ';
177
			$sql .= 'display_name = \''.$sDisplayName.'\', ';
178
			$sql .= 'email = \''.$email_to.'\', ';
179
			$sql .= 'login_when = \''.$get_ts.'\', ';
180
			$sql .= 'login_ip = \''.$get_ip.'\' ';
181
			if($database->query($sql)) {
272
			if($bSaveRegistration && $bSendRegistrationMailtoUser) {
273
			// send success message to screen, no signup form
182 274
				$_SESSION['display_form'] = false;
183
				unset($_SESSION['username']);
184
				unset($_SESSION['DISPLAY_NAME']);
185
				unset($_SESSION['email']);
186
				unset($_POST);
187
// send msgbox
188
?><div style="width: 100%; overflow: hidden; border: 2px #336600 solid; background-color: #ccff99;">
189
	<div style="width: 100%; padding: 5px; text-align:center;">
190
		<?php print $MESSAGE['SIGNUP2_SUBJECT_NEW_USER'] ?>
191
		<div style="margin: 5px auto;"><br />
192
		<button type="button" value="cancel" onClick="javascript: window.location = '<?php print $_SESSION['HTTP_REFERER'] ?>';"><?php print $TEXT['BACK'] ?></button>
193
		</div>
194
	</div>
195
</div>
196
<?php
197 275
			}
198
		}
276

  
277
		} // end success $bSaveRegistration
199 278
	}
200
}
201

  
279
} // end $_POST['action']
280
// if page_id lost
281
$page_id = isset($_SESSION['PAGE_ID']) ? $_SESSION['PAGE_ID'] : 0;

Also available in: Unified diff