Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         account
6
 * @author          WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link            http://www.websitebaker.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: save_signup.php 1773 2012-09-27 23:42:13Z Luisehahne $
13
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/account/save_signup.php $
14
 * @lastmodified    $Date: 2012-09-28 01:42:13 +0200 (Fri, 28 Sep 2012) $
15
 *
16
 */
17

    
18
/* -------------------------------------------------------- */
19
if(defined('WB_PATH') == false)
20
{
21
	// Stop this file being access directly
22
		die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
23
}
24
/* -------------------------------------------------------- */
25
$bDebugSignup = false;
26
if (!function_exists('ObfuscateIp')) {
27
	function ObfuscateIp() {
28
	    $sClientIp = (isset($_SERVER['REMOTE_ADDR']))
29
	                         ? $_SERVER['REMOTE_ADDR'] : '000.000.000.000';
30
//	    $iClientIp = ip2long($sClientIp);
31
//	    $sClientIp = long2ip(($iClientIp & ~65535));
32
	    return $sClientIp;
33
	}
34
}
35

    
36
if (!function_exists('emailAdmin')) {
37
	function emailAdmin() {
38
		global $database,$admin;
39
        $retval = $admin->get_email();
40
        if($admin->get_user_id()!='1') {
41
			$sql  = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
42
			$sql .= 'WHERE `user_id`=\'1\' ';
43
	        $retval = $database->get_one($sql);
44
        }
45
		return $retval;
46
	}
47
}
48

    
49
if (!function_exists('deleteOutdatedConfirmations')) {
50
	function deleteOutdatedConfirmations() {
51
		$sql = 'DELETE FROM `'.TABLE_PREFIX.'users` WHERE `confirm_timeout` BETWEEN 1 AND '.time();
52
		WbDatabase::getInstance()->query($sql);
53
	}
54
}
55

    
56
if (!function_exists('checkPassWordConfirmCode')) {
57
	function checkPassWordConfirmCode( $sPassword, $sConfirmCode ) {
58
		if( preg_match('/[0-9a-f]{32}/i', $sConfirmCode) ) {
59
			$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` '
60
			     . 'WHERE `password`=\''.md5($sPassword).'\' '
61
			     .       'AND `confirm_code`=\''.$sConfirmCode.'\'';
62
			if( WbDatabase::getInstance()->get_one($sql)) {
63
				return true;
64
			}
65
		}
66
		return false;
67
	}
68
}
69

    
70
//$_SESSION['username'] = '';
71
//$_SESSION['DISPLAY_NAME'] = '';
72
//$_SESSION['email'] = '';
73
//$_SESSION['display_form'] = true;
74

    
75
if(isset($_POST['action']) && $_POST['action']=='send')
76
{
77
	$database = WbDatabase::getInstance();
78

    
79
// add new fields in users
80
	$table_name = TABLE_PREFIX.'users';
81
	$field_name = 'confirm_code';
82
	$description = "VARCHAR( 32 ) NOT NULL DEFAULT '' AFTER `password`";
83
	if(!$database->field_exists($table_name,$field_name)) {
84
		$database->field_add($table_name, $field_name, $description);
85
	}
86
	if($database->set_error()){
87
		msgQueue::add($database->get_error());
88
	}
89

    
90
	$field_name = 'confirm_timeout';
91
	$description = "INT NOT NULL DEFAULT '0' AFTER `confirm_code`";
92
	if(!$database->field_exists($table_name,$field_name)) {
93
		$database->field_add($table_name, $field_name, $description);
94
	}
95
	if($database->set_error()){
96
		msgQueue::add($database->get_error());
97
	}
98

    
99
	$_SESSION['username'] = strtolower(strip_tags($wb->get_post_escaped('login_name')));
100
	$_SESSION['DISPLAY_NAME'] = strip_tags($wb->get_post_escaped('display_name'));
101
	$_SESSION['email'] = $wb->get_post('email');
102
	$_SESSION['language'] = $wb->get_post('language');
103

    
104
//	$aErrorMsg = array();
105

    
106
	if($_SESSION['username'] != "")
107
	{
108
		// Check if username already exists
109
		$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `username` = \''.$_SESSION['username'].'\'';
110
		if($database->get_one($sql)){
111
//			$aErrorMsg[] = $MESSAGE['USERS_USERNAME_TAKEN'];
112
			msgQueue::add($MESSAGE['USERS_USERNAME_TAKEN']);
113
			$_SESSION['username'] = '';
114
		} else {
115
			if(preg_match('/^[a-z]{1}[a-z0-9_-]{3,}$/i', $_SESSION['username'])==false) {
116
//				$aErrorMsg[] = $MESSAGE['USERS_NAME_INVALID_CHARS'];
117
				msgQueue::add($MESSAGE['USERS_NAME_INVALID_CHARS']);
118
				$_SESSION['username'] = '';
119
		 	}
120
		}
121
	} else {
122
//		$aErrorMsg[] = $MESSAGE['LOGIN_USERNAME_BLANK'];
123
		msgQueue::add($MESSAGE['LOGIN_USERNAME_BLANK']);
124
	}
125

    
126
	if($_SESSION['DISPLAY_NAME'] == "") {
127
//		$aErrorMsg[] = $MESSAGE['GENERIC_FILL_IN_ALL'];
128
		msgQueue::add($MESSAGE['GENERIC_FILL_IN_ALL']);
129
	}
130

    
131
	if($_SESSION['email'] != "") {
132
		// Check if the email already exists
133
		$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `email` = \''.mysql_escape_string($_SESSION['email']).'\'';
134
		if($database->get_one($sql)){
135
//			$aErrorMsg[] = $MESSAGE['USERS_EMAIL_TAKEN'];
136
			msgQueue::add($MESSAGE['USERS_EMAIL_TAKEN']);
137
			$_SESSION['email'] = '';
138
		} else {
139
			if(!$wb->validate_email($_SESSION['email'])){
140
//				$aErrorMsg[] = $MESSAGE['USERS_INVALID_EMAIL'];
141
				msgQueue::add($MESSAGE['USERS_INVALID_EMAIL']);
142
				$_SESSION['email'] = '';
143
			}
144
		}
145
	} else {
146
//		$aErrorMsg[] = $MESSAGE['SIGNUP_NO_EMAIL'];
147
		msgQueue::add($MESSAGE['SIGNUP_NO_EMAIL']);
148
	}
149

    
150
	if(CONFIRMED_REGISTRATION) {
151
		$iMinPassLength = 6;
152
// receive password vars and calculate needed action
153
		$sNewPassword = $wb->get_post('new_password_1');
154
		$sNewPassword = (is_null($sNewPassword) ? '' : $sNewPassword);
155
		$sNewPasswordRetyped = $wb->get_post('new_password_2');
156
		$sNewPasswordRetyped= (is_null($sNewPasswordRetyped) ? '' : $sNewPasswordRetyped);
157
// validate new password
158
		$sPwHashNew = false;
159
		if($sNewPassword != '') {
160
			if(strlen($sNewPassword) < $iMinPassLength) {
161
//				$err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT'];
162
				msgQueue::add($MESSAGE['USERS_PASSWORD_TOO_SHORT']);
163
			} else {
164
				if($sNewPassword != $sNewPasswordRetyped) {
165
//					$err_msg[] = $MESSAGE['USERS_PASSWORD_MISMATCH'];
166
					msgQueue::add($MESSAGE['USERS_PASSWORD_MISMATCH']);
167
				} else {
168
					$pattern = '/[^'.$admin->password_chars.']/';
169
					if (preg_match($pattern, $sNewPassword)) {
170
//						$err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS'];
171
						msgQueue::add($MESSAGE['PREFERENCES_INVALID_CHARS']);
172
					}else {
173
						$sPwHashNew = md5($sNewPassword);
174
					}
175
				}
176
			}
177
		} else {
178
			msgQueue::add($MESSAGE['LOGIN_PASSWORD_BLANK']);
179
		}
180

    
181
	} else {
182
		// Captcha
183
		if(ENABLED_CAPTCHA) {
184
			if(isset($_POST['captcha']) AND $_POST['captcha'] != '')
185
			{
186
				// Check for a mismatch get email user_id
187
				if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
188
					$replace = array('SERVER_EMAIL' => emailAdmin() );
189
	//				$aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'], $replace);
190
					msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'], $replace));
191
				}
192
			} else {
193
				$replace = array('SERVER_EMAIL'=>emailAdmin() );
194
	//			$aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'],$replace );
195
				msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'],$replace ));
196
			}
197
		}
198
		if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
199

    
200
		$sNewPassword = '';
201
		$salt = "abchefghjkmnpqrstuvwxyz0123456789";
202
		srand((double)microtime()*1000000);
203
		$i = 0;
204
		while ($i <= 7) {
205
			$num = rand() % 33;
206
			$tmp = substr($salt, $num, 1);
207
			$sNewPassword = $sNewPassword . $tmp;
208
			$i++;
209
		}
210
		$sPwHashNew = md5($sNewPassword);
211
	}
212

    
213
	if( ($msg = msgQueue::getError()) != '') {
214
// back to signup_form to show errors, otherwise save user and send mail
215
	} else {
216
		$get_ip = ObfuscateIp();
217
		$get_ts = time();
218
		$sLoginName = $_SESSION['username'];
219
//		$sDisplayName = $_SESSION['DISPLAY_NAME'];
220
		$sDisplayName = $wb->add_slashes($_SESSION['DISPLAY_NAME']);
221
		$groups_id = FRONTEND_SIGNUP;
222
		$email_to = $_SESSION['email'];
223

    
224
// Delete outdated confirmation IDs
225
		deleteOutdatedConfirmations();
226

    
227
// Create confirmation ID and Timestamp
228
		$sTimeOut = 0; // now + 24hours
229
		$sConfirmationId = '';
230

    
231
		if(CONFIRMED_REGISTRATION) {
232
			$sTimeOut = (string)(time() + 86400); // now + 24hours
233
			$sConfirmationId = md5(md5($sLoginName.$sTimeOut).$sTimeOut);
234
			$sConfirmedLink = WB_URL.'/account/confirm.php?id='.$sConfirmationId;
235
            $sConfirmedLink = '<a href="'.$sConfirmedLink.'">'.$sConfirmedLink.'</a>';
236
		}
237

    
238
// Save new user
239
		$bSaveRegistration = true;
240

    
241
		$sql  = 'INSERT INTO `'.TABLE_PREFIX.'users` SET ';
242
		$sql .= '`group_id` = \''.$groups_id.'\', ';
243
		$sql .= '`groups_id` = \''.$groups_id.'\', ';
244
		$sql .= '`active` = \''.(CONFIRMED_REGISTRATION ? '0' : '1').'\', ';
245
		$sql .= '`username` = \''.$sLoginName.'\', ';
246
		$sql .= '`password` = \''.$sPwHashNew.'\', ';
247
		$sql .= '`confirm_code` = \''.$sConfirmationId.'\', ';
248
		$sql .= '`confirm_timeout` = \''.$sTimeOut.'\', ';
249
		$sql .= '`display_name` = \''.$sDisplayName.'\', ';
250
		$sql .= '`email` = \''.$email_to.'\', ';
251
		$sql .= '`language` = \''.$_SESSION['language'].'\', ';
252
		$sql .= '`login_when` = \''.$get_ts.'\', ';
253
		$sql .= '`login_ip` = \''.$get_ip.'\' ';
254

    
255
		if(!$database->query($sql))
256
		{
257
// cancel and break script
258
			$bSaveRegistration = false;
259
			$_SESSION['display_form'] = false;
260
			unset($_SESSION['username']);
261
			unset($_SESSION['DISPLAY_NAME']);
262
			unset($_SESSION['email']);
263
			unset($_POST);
264
			if($database->set_error()){
265
				msgQueue::add($database->get_error());
266
			}
267
		} else {
268
			msgQueue::add($MESSAGE['SIGNUP_NEW_USER'],true);
269

    
270
			include(dirname(__FILE__).'/signup_mails.php');
271

    
272
			if($bSaveRegistration && $bSendRegistrationMailtoUser) {
273
			// send success message to screen, no signup form
274
				$_SESSION['display_form'] = false;
275
			}
276

    
277
		} // end success $bSaveRegistration
278
	}
279
} // end $_POST['action']
280
// if page_id lost
281
$page_id = isset($_SESSION['PAGE_ID']) ? $_SESSION['PAGE_ID'] : 0;
(19-19/22)