Revision 1777
Added by Dietmar almost 12 years ago
| save_signup.php | ||
|---|---|---|
| 16 | 16 |
*/ |
| 17 | 17 |
|
| 18 | 18 |
/* -------------------------------------------------------- */ |
| 19 |
if(defined('WB_PATH') == false)
|
|
| 20 |
{
|
|
| 21 |
// Stop this file being access directly
|
|
| 22 |
die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
|
|
| 19 |
// Must include code to stop this file being accessed directly
|
|
| 20 |
if(!defined('WB_PATH')) {
|
|
| 21 |
require_once(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php');
|
|
| 22 |
throw new IllegalFileException();
|
|
| 23 | 23 |
} |
| 24 | 24 |
/* -------------------------------------------------------- */ |
| 25 | 25 |
$bDebugSignup = false; |
| ... | ... | |
| 36 | 36 |
if (!function_exists('emailAdmin')) {
|
| 37 | 37 |
function emailAdmin() {
|
| 38 | 38 |
global $database,$admin; |
| 39 |
$retval = $admin->get_email();
|
|
| 40 |
if($admin->get_user_id()!='1') {
|
|
| 41 |
$sql = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
|
|
| 42 |
$sql .= 'WHERE `user_id`=\'1\' ';
|
|
| 43 |
$retval = $database->get_one($sql);
|
|
| 39 |
$retval = false;
|
|
| 40 |
$sql = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
|
|
| 41 |
$sql .= 'WHERE `user_id`=\'1\' ';
|
|
| 42 |
if(!($retval = $database->get_one($sql))){
|
|
| 43 |
$retval = false;
|
|
| 44 | 44 |
} |
| 45 | 45 |
return $retval; |
| 46 | 46 |
} |
| ... | ... | |
| 67 | 67 |
} |
| 68 | 68 |
} |
| 69 | 69 |
|
| 70 |
//$_SESSION['username'] = ''; |
|
| 71 |
//$_SESSION['DISPLAY_NAME'] = ''; |
|
| 72 |
//$_SESSION['email'] = ''; |
|
| 73 |
//$_SESSION['display_form'] = true; |
|
| 74 |
|
|
| 75 |
if(isset($_POST['action']) && $_POST['action']=='send') |
|
| 70 |
//if(isset($_POST['action']) && $_POST['action']=='send') |
|
| 71 |
if($wb->StripCodeFromText($wb->get_post('action'))=='send')
|
|
| 76 | 72 |
{
|
| 77 | 73 |
$database = WbDatabase::getInstance(); |
| 78 | 74 |
|
| ... | ... | |
| 96 | 92 |
msgQueue::add($database->get_error()); |
| 97 | 93 |
} |
| 98 | 94 |
|
| 99 |
$_SESSION['username'] = strtolower(strip_tags($wb->get_post_escaped('login_name')));
|
|
| 100 |
$_SESSION['DISPLAY_NAME'] = strip_tags($wb->get_post_escaped('display_name'));
|
|
| 101 |
$_SESSION['email'] = $wb->get_post('email');
|
|
| 102 |
$_SESSION['language'] = $wb->get_post('language');
|
|
| 103 |
|
|
| 95 |
$_SESSION['USERNAME'] = strtolower($wb->StripCodeFromText($wb->get_post('login_name')));
|
|
| 96 |
$_SESSION['DISPLAY_NAME'] = strip_tags($wb->StripCodeFromText($wb->get_post('display_name')));
|
|
| 97 |
$_SESSION['EMAIL'] = strip_tags($wb->StripCodeFromText($wb->get_post('email')));
|
|
| 98 |
$_SESSION['LANGUAGE'] = strip_tags($wb->StripCodeFromText($wb->get_post('language')));
|
|
| 104 | 99 |
// $aErrorMsg = array(); |
| 105 | 100 |
|
| 106 |
if($_SESSION['username'] != "") |
|
| 107 |
{
|
|
| 101 |
if($wb->get_session('USERNAME') != "") {
|
|
| 108 | 102 |
// Check if username already exists |
| 109 |
$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `username` = \''.$_SESSION['username'].'\'';
|
|
| 103 |
$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `username` = \''.$_SESSION['USERNAME'].'\'';
|
|
| 110 | 104 |
if($database->get_one($sql)){
|
| 111 | 105 |
// $aErrorMsg[] = $MESSAGE['USERS_USERNAME_TAKEN']; |
| 112 | 106 |
msgQueue::add($MESSAGE['USERS_USERNAME_TAKEN']); |
| 113 |
$_SESSION['username'] = '';
|
|
| 107 |
$_SESSION['USERNAME'] = '';
|
|
| 114 | 108 |
} else {
|
| 115 |
if(preg_match('/^[a-z]{1}[a-z0-9_-]{3,}$/i', $_SESSION['username'])==false) {
|
|
| 109 |
if(preg_match('/^[a-z]{1}[a-z0-9_-]{3,}$/i', $_SESSION['USERNAME'])==false) {
|
|
| 116 | 110 |
// $aErrorMsg[] = $MESSAGE['USERS_NAME_INVALID_CHARS']; |
| 117 | 111 |
msgQueue::add($MESSAGE['USERS_NAME_INVALID_CHARS']); |
| 118 |
$_SESSION['username'] = '';
|
|
| 112 |
$_SESSION['USERNAME'] = '';
|
|
| 119 | 113 |
} |
| 120 | 114 |
} |
| 121 | 115 |
} else {
|
| ... | ... | |
| 123 | 117 |
msgQueue::add($MESSAGE['LOGIN_USERNAME_BLANK']); |
| 124 | 118 |
} |
| 125 | 119 |
|
| 126 |
if($_SESSION['DISPLAY_NAME'] == "") {
|
|
| 120 |
if($wb->get_session('DISPLAY_NAME') != "") {
|
|
| 127 | 121 |
// $aErrorMsg[] = $MESSAGE['GENERIC_FILL_IN_ALL']; |
| 128 | 122 |
msgQueue::add($MESSAGE['GENERIC_FILL_IN_ALL']); |
| 129 | 123 |
} |
| 130 | 124 |
|
| 131 |
if($_SESSION['email'] != "") {
|
|
| 125 |
if($wb->get_session('EMAIL') != "") {
|
|
| 132 | 126 |
// Check if the email already exists |
| 133 |
$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `email` = \''.mysql_escape_string($_SESSION['email']).'\'';
|
|
| 127 |
$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `email` = \''.$_SESSION['EMAIL'].'\'';
|
|
| 134 | 128 |
if($database->get_one($sql)){
|
| 135 |
// $aErrorMsg[] = $MESSAGE['USERS_EMAIL_TAKEN']; |
|
| 136 | 129 |
msgQueue::add($MESSAGE['USERS_EMAIL_TAKEN']); |
| 137 |
$_SESSION['email'] = '';
|
|
| 130 |
$_SESSION['EMAIL'] = '';
|
|
| 138 | 131 |
} else {
|
| 139 |
if(!$wb->validate_email($_SESSION['email'])){
|
|
| 140 |
// $aErrorMsg[] = $MESSAGE['USERS_INVALID_EMAIL']; |
|
| 132 |
if(!$wb->validate_email($_SESSION['EMAIL'])){
|
|
| 141 | 133 |
msgQueue::add($MESSAGE['USERS_INVALID_EMAIL']); |
| 142 |
$_SESSION['email'] = '';
|
|
| 134 |
$_SESSION['EMAIL'] = '';
|
|
| 143 | 135 |
} |
| 144 | 136 |
} |
| 145 | 137 |
} else {
|
| 146 |
// $aErrorMsg[] = $MESSAGE['SIGNUP_NO_EMAIL']; |
|
| 147 | 138 |
msgQueue::add($MESSAGE['SIGNUP_NO_EMAIL']); |
| 148 | 139 |
} |
| 149 | 140 |
|
| 150 | 141 |
if(CONFIRMED_REGISTRATION) {
|
| 151 | 142 |
$iMinPassLength = 6; |
| 152 | 143 |
// receive password vars and calculate needed action |
| 153 |
$sNewPassword = $wb->get_post('new_password_1');
|
|
| 144 |
// $sNewPassword = $wb->get_post('new_password_1');
|
|
| 145 |
$sNewPassword = ($wb->StripCodeFromText($wb->get_post('new_password_1')));
|
|
| 154 | 146 |
$sNewPassword = (is_null($sNewPassword) ? '' : $sNewPassword); |
| 155 |
$sNewPasswordRetyped = $wb->get_post('new_password_2');
|
|
| 147 |
// $sNewPasswordRetyped = $wb->get_post('new_password_2');
|
|
| 148 |
$sNewPasswordRetyped = ($wb->StripCodeFromText($wb->get_post('new_password_2')));
|
|
| 156 | 149 |
$sNewPasswordRetyped= (is_null($sNewPasswordRetyped) ? '' : $sNewPasswordRetyped); |
| 157 | 150 |
// validate new password |
| 158 | 151 |
$sPwHashNew = false; |
| 159 | 152 |
if($sNewPassword != '') {
|
| 160 | 153 |
if(strlen($sNewPassword) < $iMinPassLength) {
|
| 161 |
// $err_msg[] = $MESSAGE['USERS_PASSWORD_TOO_SHORT']; |
|
| 162 | 154 |
msgQueue::add($MESSAGE['USERS_PASSWORD_TOO_SHORT']); |
| 163 | 155 |
} else {
|
| 164 | 156 |
if($sNewPassword != $sNewPasswordRetyped) {
|
| 165 |
// $err_msg[] = $MESSAGE['USERS_PASSWORD_MISMATCH']; |
|
| 166 | 157 |
msgQueue::add($MESSAGE['USERS_PASSWORD_MISMATCH']); |
| 167 | 158 |
} else {
|
| 168 | 159 |
$pattern = '/[^'.$admin->password_chars.']/'; |
| 169 | 160 |
if (preg_match($pattern, $sNewPassword)) {
|
| 170 |
// $err_msg[] = $MESSAGE['PREFERENCES_INVALID_CHARS']; |
|
| 171 | 161 |
msgQueue::add($MESSAGE['PREFERENCES_INVALID_CHARS']); |
| 172 | 162 |
}else {
|
| 173 | 163 |
$sPwHashNew = md5($sNewPassword); |
| ... | ... | |
| 181 | 171 |
} else {
|
| 182 | 172 |
// Captcha |
| 183 | 173 |
if(ENABLED_CAPTCHA) {
|
| 184 |
if(isset($_POST['captcha']) AND $_POST['captcha'] != '') |
|
| 174 |
// if(isset($_POST['captcha']) AND $_POST['captcha'] != '') |
|
| 175 |
if($wb->StripCodeFromText($wb->get_post('captcha')) != '')
|
|
| 185 | 176 |
{
|
| 186 | 177 |
// Check for a mismatch get email user_id |
| 187 | 178 |
if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
|
| 188 |
$replace = array('SERVER_EMAIL' => emailAdmin() );
|
|
| 179 |
$replace = array('webmaster_email' => emailAdmin() );
|
|
| 189 | 180 |
// $aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'], $replace); |
| 190 | 181 |
msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'], $replace)); |
| 191 | 182 |
} |
| 192 | 183 |
} else {
|
| 193 |
$replace = array('SERVER_EMAIL'=>emailAdmin() );
|
|
| 184 |
$replace = array('webmaster_email'=> emailAdmin() );
|
|
| 194 | 185 |
// $aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'],$replace ); |
| 195 | 186 |
msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'],$replace )); |
| 196 | 187 |
} |
| ... | ... | |
| 215 | 206 |
} else {
|
| 216 | 207 |
$get_ip = ObfuscateIp(); |
| 217 | 208 |
$get_ts = time(); |
| 218 |
$sLoginName = $_SESSION['username'];
|
|
| 209 |
$sLoginName = $_SESSION['USERNAME'];
|
|
| 219 | 210 |
// $sDisplayName = $_SESSION['DISPLAY_NAME']; |
| 220 | 211 |
$sDisplayName = $wb->add_slashes($_SESSION['DISPLAY_NAME']); |
| 221 | 212 |
$groups_id = FRONTEND_SIGNUP; |
| ... | ... | |
| 248 | 239 |
$sql .= '`confirm_timeout` = \''.$sTimeOut.'\', '; |
| 249 | 240 |
$sql .= '`display_name` = \''.$sDisplayName.'\', '; |
| 250 | 241 |
$sql .= '`email` = \''.$email_to.'\', '; |
| 251 |
$sql .= '`language` = \''.$_SESSION['language'].'\', ';
|
|
| 242 |
$sql .= '`language` = \''.$_SESSION['LANGUAGE'].'\', ';
|
|
| 252 | 243 |
$sql .= '`login_when` = \''.$get_ts.'\', '; |
| 253 | 244 |
$sql .= '`login_ip` = \''.$get_ip.'\' '; |
| 254 | 245 |
|
| ... | ... | |
| 257 | 248 |
// cancel and break script |
| 258 | 249 |
$bSaveRegistration = false; |
| 259 | 250 |
$_SESSION['display_form'] = false; |
| 260 |
unset($_SESSION['username']);
|
|
| 251 |
unset($_SESSION['USERNAME']);
|
|
| 261 | 252 |
unset($_SESSION['DISPLAY_NAME']); |
| 262 |
unset($_SESSION['email']); |
|
| 253 |
unset($_SESSION['EMAIL']); |
|
| 254 |
unset($_SESSION['TIMEZONE']); |
|
| 255 |
unset($_SESSION['LANGUAGE']); |
|
| 263 | 256 |
unset($_POST); |
| 264 | 257 |
if($database->set_error()){
|
| 265 | 258 |
msgQueue::add($database->get_error()); |
Also available in: Unified diff
+ add methode StripCodeFromText in class.wb to clean injection
! rebranding the admin/settings and security fixes
! a few new styling in backend wb_theme
! beginning aa lot of account changes like correction of $_SESSION indexe, security fixes
+ add head.load.min.js and head.min.js to /include/jquery/ to style HTML5 templates