Revision 1777
Added by Dietmar about 12 years ago
save_signup.php | ||
---|---|---|
16 | 16 |
*/ |
17 | 17 |
|
18 | 18 |
/* -------------------------------------------------------- */ |
19 |
if(defined('WB_PATH') == false)
|
|
20 |
{ |
|
21 |
// Stop this file being access directly
|
|
22 |
die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
|
|
19 |
// Must include code to stop this file being accessed directly
|
|
20 |
if(!defined('WB_PATH')) {
|
|
21 |
require_once(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php');
|
|
22 |
throw new IllegalFileException();
|
|
23 | 23 |
} |
24 | 24 |
/* -------------------------------------------------------- */ |
25 | 25 |
$bDebugSignup = false; |
... | ... | |
36 | 36 |
if (!function_exists('emailAdmin')) { |
37 | 37 |
function emailAdmin() { |
38 | 38 |
global $database,$admin; |
39 |
$retval = $admin->get_email();
|
|
40 |
if($admin->get_user_id()!='1') {
|
|
41 |
$sql = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
|
|
42 |
$sql .= 'WHERE `user_id`=\'1\' ';
|
|
43 |
$retval = $database->get_one($sql);
|
|
39 |
$retval = false;
|
|
40 |
$sql = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
|
|
41 |
$sql .= 'WHERE `user_id`=\'1\' ';
|
|
42 |
if(!($retval = $database->get_one($sql))){
|
|
43 |
$retval = false;
|
|
44 | 44 |
} |
45 | 45 |
return $retval; |
46 | 46 |
} |
... | ... | |
67 | 67 |
} |
68 | 68 |
} |
69 | 69 |
|
70 |
//$_SESSION['username'] = ''; |
|
71 |
//$_SESSION['DISPLAY_NAME'] = ''; |
|
72 |
//$_SESSION['email'] = ''; |
|
73 |
//$_SESSION['display_form'] = true; |
|
74 |
|
|
75 |
if(isset($_POST['action']) && $_POST['action']=='send') |
|
70 |
//if(isset($_POST['action']) && $_POST['action']=='send') |
|
71 |
if($wb->StripCodeFromText($wb->get_post('action'))=='send') |
|
76 | 72 |
{ |
77 | 73 |
$database = WbDatabase::getInstance(); |
78 | 74 |
|
... | ... | |
96 | 92 |
msgQueue::add($database->get_error()); |
97 | 93 |
} |
98 | 94 |
|
99 |
$_SESSION['username'] = strtolower(strip_tags($wb->get_post_escaped('login_name'))); |
|
100 |
$_SESSION['DISPLAY_NAME'] = strip_tags($wb->get_post_escaped('display_name')); |
|
101 |
$_SESSION['email'] = $wb->get_post('email'); |
|
102 |
$_SESSION['language'] = $wb->get_post('language'); |
|
103 |
|
|
95 |
$_SESSION['USERNAME'] = strtolower($wb->StripCodeFromText($wb->get_post('login_name'))); |
|
96 |
$_SESSION['DISPLAY_NAME'] = strip_tags($wb->StripCodeFromText($wb->get_post('display_name'))); |
|
97 |
$_SESSION['EMAIL'] = strip_tags($wb->StripCodeFromText($wb->get_post('email'))); |
|
98 |
$_SESSION['LANGUAGE'] = strip_tags($wb->StripCodeFromText($wb->get_post('language'))); |
|
104 | 99 |
// $aErrorMsg = array(); |
105 | 100 |
|
106 |
if($_SESSION['username'] != "") |
|
107 |
{ |
|
101 |
if($wb->get_session('USERNAME') != "") { |
|
108 | 102 |
// Check if username already exists |
109 |
$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `username` = \''.$_SESSION['username'].'\'';
|
|
103 |
$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `username` = \''.$_SESSION['USERNAME'].'\'';
|
|
110 | 104 |
if($database->get_one($sql)){ |
111 | 105 |
// $aErrorMsg[] = $MESSAGE['USERS_USERNAME_TAKEN']; |
112 | 106 |
msgQueue::add($MESSAGE['USERS_USERNAME_TAKEN']); |
113 |
$_SESSION['username'] = '';
|
|
107 |
$_SESSION['USERNAME'] = '';
|
|
114 | 108 |
} else { |
115 |
if(preg_match('/^[a-z]{1}[a-z0-9_-]{3,}$/i', $_SESSION['username'])==false) {
|
|
109 |
if(preg_match('/^[a-z]{1}[a-z0-9_-]{3,}$/i', $_SESSION['USERNAME'])==false) {
|
|
116 | 110 |
// $aErrorMsg[] = $MESSAGE['USERS_NAME_INVALID_CHARS']; |
117 | 111 |
msgQueue::add($MESSAGE['USERS_NAME_INVALID_CHARS']); |
118 |
$_SESSION['username'] = '';
|
|
112 |
$_SESSION['USERNAME'] = '';
|
|
119 | 113 |
} |
120 | 114 |
} |
121 | 115 |
} else { |
... | ... | |
123 | 117 |
msgQueue::add($MESSAGE['LOGIN_USERNAME_BLANK']); |
124 | 118 |
} |
125 | 119 |
|
126 |
if($_SESSION['DISPLAY_NAME'] == "") {
|
|
120 |
if($wb->get_session('DISPLAY_NAME') != "") {
|
|
127 | 121 |
// $aErrorMsg[] = $MESSAGE['GENERIC_FILL_IN_ALL']; |
128 | 122 |
msgQueue::add($MESSAGE['GENERIC_FILL_IN_ALL']); |
129 | 123 |
} |
130 | 124 |
|
131 |
if($_SESSION['email'] != "") {
|
|
125 |
if($wb->get_session('EMAIL') != "") {
|
|
132 | 126 |
// Check if the email already exists |
133 |
$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `email` = \''.mysql_escape_string($_SESSION['email']).'\'';
|
|
127 |
$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `email` = \''.$_SESSION['EMAIL'].'\'';
|
|
134 | 128 |
if($database->get_one($sql)){ |
135 |
// $aErrorMsg[] = $MESSAGE['USERS_EMAIL_TAKEN']; |
|
136 | 129 |
msgQueue::add($MESSAGE['USERS_EMAIL_TAKEN']); |
137 |
$_SESSION['email'] = '';
|
|
130 |
$_SESSION['EMAIL'] = '';
|
|
138 | 131 |
} else { |
139 |
if(!$wb->validate_email($_SESSION['email'])){ |
|
140 |
// $aErrorMsg[] = $MESSAGE['USERS_INVALID_EMAIL']; |
|
132 |
if(!$wb->validate_email($_SESSION['EMAIL'])){ |
|
141 | 133 |
msgQueue::add($MESSAGE['USERS_INVALID_EMAIL']); |
142 |
$_SESSION['email'] = '';
|
|
134 |
$_SESSION['EMAIL'] = '';
|
|
143 | 135 |
} |
144 | 136 |
} |
145 | 137 |
} else { |
146 |
// $aErrorMsg[] = $MESSAGE['SIGNUP_NO_EMAIL']; |
|
147 | 138 |
msgQueue::add($MESSAGE['SIGNUP_NO_EMAIL']); |
148 | 139 |
} |
149 | 140 |
|
150 | 141 |
if(CONFIRMED_REGISTRATION) { |
151 | 142 |
$iMinPassLength = 6; |
152 | 143 |
// receive password vars and calculate needed action |
153 |
$sNewPassword = $wb->get_post('new_password_1'); |
|
144 |
// $sNewPassword = $wb->get_post('new_password_1'); |
|
145 |
$sNewPassword = ($wb->StripCodeFromText($wb->get_post('new_password_1'))); |
|
154 | 146 |
$sNewPassword = (is_null($sNewPassword) ? '' : $sNewPassword); |
155 |
$sNewPasswordRetyped = $wb->get_post('new_password_2'); |
|
147 |
// $sNewPasswordRetyped = $wb->get_post('new_password_2'); |
|
148 |
$sNewPasswordRetyped = ($wb->StripCodeFromText($wb->get_post('new_password_2'))); |
|
156 | 149 |
$sNewPasswordRetyped= (is_null($sNewPasswordRetyped) ? '' : $sNewPasswordRetyped); |
157 | 150 |
// validate new password |
158 | 151 |
$sPwHashNew = false; |
159 | 152 |
if($sNewPassword != '') { |
160 | 153 |
if(strlen($sNewPassword) < $iMinPassLength) { |
161 |
// $err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT']; |
|
162 | 154 |
msgQueue::add($MESSAGE['USERS_PASSWORD_TOO_SHORT']); |
163 | 155 |
} else { |
164 | 156 |
if($sNewPassword != $sNewPasswordRetyped) { |
165 |
// $err_msg[] = $MESSAGE['USERS_PASSWORD_MISMATCH']; |
|
166 | 157 |
msgQueue::add($MESSAGE['USERS_PASSWORD_MISMATCH']); |
167 | 158 |
} else { |
168 | 159 |
$pattern = '/[^'.$admin->password_chars.']/'; |
169 | 160 |
if (preg_match($pattern, $sNewPassword)) { |
170 |
// $err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS']; |
|
171 | 161 |
msgQueue::add($MESSAGE['PREFERENCES_INVALID_CHARS']); |
172 | 162 |
}else { |
173 | 163 |
$sPwHashNew = md5($sNewPassword); |
... | ... | |
181 | 171 |
} else { |
182 | 172 |
// Captcha |
183 | 173 |
if(ENABLED_CAPTCHA) { |
184 |
if(isset($_POST['captcha']) AND $_POST['captcha'] != '') |
|
174 |
// if(isset($_POST['captcha']) AND $_POST['captcha'] != '') |
|
175 |
if($wb->StripCodeFromText($wb->get_post('captcha')) != '') |
|
185 | 176 |
{ |
186 | 177 |
// Check for a mismatch get email user_id |
187 | 178 |
if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) { |
188 |
$replace = array('SERVER_EMAIL' => emailAdmin() );
|
|
179 |
$replace = array('webmaster_email' => emailAdmin() );
|
|
189 | 180 |
// $aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'], $replace); |
190 | 181 |
msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'], $replace)); |
191 | 182 |
} |
192 | 183 |
} else { |
193 |
$replace = array('SERVER_EMAIL'=>emailAdmin() );
|
|
184 |
$replace = array('webmaster_email'=> emailAdmin() );
|
|
194 | 185 |
// $aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'],$replace ); |
195 | 186 |
msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'],$replace )); |
196 | 187 |
} |
... | ... | |
215 | 206 |
} else { |
216 | 207 |
$get_ip = ObfuscateIp(); |
217 | 208 |
$get_ts = time(); |
218 |
$sLoginName = $_SESSION['username'];
|
|
209 |
$sLoginName = $_SESSION['USERNAME'];
|
|
219 | 210 |
// $sDisplayName = $_SESSION['DISPLAY_NAME']; |
220 | 211 |
$sDisplayName = $wb->add_slashes($_SESSION['DISPLAY_NAME']); |
221 | 212 |
$groups_id = FRONTEND_SIGNUP; |
... | ... | |
248 | 239 |
$sql .= '`confirm_timeout` = \''.$sTimeOut.'\', '; |
249 | 240 |
$sql .= '`display_name` = \''.$sDisplayName.'\', '; |
250 | 241 |
$sql .= '`email` = \''.$email_to.'\', '; |
251 |
$sql .= '`language` = \''.$_SESSION['language'].'\', ';
|
|
242 |
$sql .= '`language` = \''.$_SESSION['LANGUAGE'].'\', ';
|
|
252 | 243 |
$sql .= '`login_when` = \''.$get_ts.'\', '; |
253 | 244 |
$sql .= '`login_ip` = \''.$get_ip.'\' '; |
254 | 245 |
|
... | ... | |
257 | 248 |
// cancel and break script |
258 | 249 |
$bSaveRegistration = false; |
259 | 250 |
$_SESSION['display_form'] = false; |
260 |
unset($_SESSION['username']);
|
|
251 |
unset($_SESSION['USERNAME']);
|
|
261 | 252 |
unset($_SESSION['DISPLAY_NAME']); |
262 |
unset($_SESSION['email']); |
|
253 |
unset($_SESSION['EMAIL']); |
|
254 |
unset($_SESSION['TIMEZONE']); |
|
255 |
unset($_SESSION['LANGUAGE']); |
|
263 | 256 |
unset($_POST); |
264 | 257 |
if($database->set_error()){ |
265 | 258 |
msgQueue::add($database->get_error()); |
Also available in: Unified diff
+ add methode StripCodeFromText in class.wb to clean injection
! rebranding the admin/settings and security fixes
! a few new styling in backend wb_theme
! beginning aa lot of account changes like correction of $_SESSION indexe, security fixes
+ add head.load.min.js and head.min.js to /include/jquery/ to style HTML5 templates