Project

General

Profile

1 1673 Luisehahne
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         account
6
 * @author          WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link            http://www.websitebaker.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id$
13
 * @filesource      $HeadURL$
14
 * @lastmodified    $Date$
15
 *
16
 */
17
18
/* -------------------------------------------------------- */
19 1777 Luisehahne
// Must include code to stop this file being accessed directly
20
if(!defined('WB_PATH')) {
21
	require_once(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php');
22
	throw new IllegalFileException();
23 1673 Luisehahne
}
24
/* -------------------------------------------------------- */
25 1773 Luisehahne
$bDebugSignup = false;
26
if (!function_exists('ObfuscateIp')) {
27
	function ObfuscateIp() {
28
	    $sClientIp = (isset($_SERVER['REMOTE_ADDR']))
29
	                         ? $_SERVER['REMOTE_ADDR'] : '000.000.000.000';
30
//	    $iClientIp = ip2long($sClientIp);
31
//	    $sClientIp = long2ip(($iClientIp & ~65535));
32
	    return $sClientIp;
33
	}
34
}
35 1673 Luisehahne
36
if (!function_exists('emailAdmin')) {
37
	function emailAdmin() {
38
		global $database,$admin;
39 1777 Luisehahne
        $retval = false;
40
		$sql  = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
41
		$sql .= 'WHERE `user_id`=\'1\' ';
42
        if(!($retval = $database->get_one($sql))){
43
            $retval = false;
44 1673 Luisehahne
        }
45
		return $retval;
46
	}
47
}
48
49 1773 Luisehahne
if (!function_exists('deleteOutdatedConfirmations')) {
50
	function deleteOutdatedConfirmations() {
51
		$sql = 'DELETE FROM `'.TABLE_PREFIX.'users` WHERE `confirm_timeout` BETWEEN 1 AND '.time();
52
		WbDatabase::getInstance()->query($sql);
53
	}
54
}
55 1673 Luisehahne
56 1773 Luisehahne
if (!function_exists('checkPassWordConfirmCode')) {
57
	function checkPassWordConfirmCode( $sPassword, $sConfirmCode ) {
58
		if( preg_match('/[0-9a-f]{32}/i', $sConfirmCode) ) {
59
			$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` '
60
			     . 'WHERE `password`=\''.md5($sPassword).'\' '
61
			     .       'AND `confirm_code`=\''.$sConfirmCode.'\'';
62
			if( WbDatabase::getInstance()->get_one($sql)) {
63
				return true;
64
			}
65
		}
66
		return false;
67
	}
68
}
69
70 1777 Luisehahne
//if(isset($_POST['action']) && $_POST['action']=='send')
71
if($wb->StripCodeFromText($wb->get_post('action'))=='send')
72 1773 Luisehahne
{
73
	$database = WbDatabase::getInstance();
74
75
// add new fields in users
76
	$table_name = TABLE_PREFIX.'users';
77
	$field_name = 'confirm_code';
78
	$description = "VARCHAR( 32 ) NOT NULL DEFAULT '' AFTER `password`";
79
	if(!$database->field_exists($table_name,$field_name)) {
80
		$database->field_add($table_name, $field_name, $description);
81
	}
82
	if($database->set_error()){
83
		msgQueue::add($database->get_error());
84
	}
85
86
	$field_name = 'confirm_timeout';
87
	$description = "INT NOT NULL DEFAULT '0' AFTER `confirm_code`";
88
	if(!$database->field_exists($table_name,$field_name)) {
89
		$database->field_add($table_name, $field_name, $description);
90
	}
91
	if($database->set_error()){
92
		msgQueue::add($database->get_error());
93
	}
94
95 1777 Luisehahne
	$_SESSION['USERNAME'] = strtolower($wb->StripCodeFromText($wb->get_post('login_name')));
96
	$_SESSION['DISPLAY_NAME'] = strip_tags($wb->StripCodeFromText($wb->get_post('display_name')));
97
	$_SESSION['EMAIL'] = strip_tags($wb->StripCodeFromText($wb->get_post('email')));
98
	$_SESSION['LANGUAGE'] = strip_tags($wb->StripCodeFromText($wb->get_post('language')));
99 1773 Luisehahne
//	$aErrorMsg = array();
100 1673 Luisehahne
101 1777 Luisehahne
	if($wb->get_session('USERNAME') != "") {
102 1673 Luisehahne
		// Check if username already exists
103 1777 Luisehahne
		$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `username` = \''.$_SESSION['USERNAME'].'\'';
104 1673 Luisehahne
		if($database->get_one($sql)){
105 1773 Luisehahne
//			$aErrorMsg[] = $MESSAGE['USERS_USERNAME_TAKEN'];
106
			msgQueue::add($MESSAGE['USERS_USERNAME_TAKEN']);
107 1777 Luisehahne
			$_SESSION['USERNAME'] = '';
108 1673 Luisehahne
		} else {
109 1777 Luisehahne
			if(preg_match('/^[a-z]{1}[a-z0-9_-]{3,}$/i', $_SESSION['USERNAME'])==false) {
110 1773 Luisehahne
//				$aErrorMsg[] = $MESSAGE['USERS_NAME_INVALID_CHARS'];
111
				msgQueue::add($MESSAGE['USERS_NAME_INVALID_CHARS']);
112 1777 Luisehahne
				$_SESSION['USERNAME'] = '';
113 1673 Luisehahne
		 	}
114
		}
115
	} else {
116 1773 Luisehahne
//		$aErrorMsg[] = $MESSAGE['LOGIN_USERNAME_BLANK'];
117
		msgQueue::add($MESSAGE['LOGIN_USERNAME_BLANK']);
118 1673 Luisehahne
	}
119
120 1777 Luisehahne
	if($wb->get_session('DISPLAY_NAME') != "") {
121 1773 Luisehahne
//		$aErrorMsg[] = $MESSAGE['GENERIC_FILL_IN_ALL'];
122
		msgQueue::add($MESSAGE['GENERIC_FILL_IN_ALL']);
123 1673 Luisehahne
	}
124
125 1777 Luisehahne
	if($wb->get_session('EMAIL') != "") {
126 1673 Luisehahne
		// Check if the email already exists
127 1777 Luisehahne
		$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `email` = \''.$_SESSION['EMAIL'].'\'';
128 1673 Luisehahne
		if($database->get_one($sql)){
129 1773 Luisehahne
			msgQueue::add($MESSAGE['USERS_EMAIL_TAKEN']);
130 1777 Luisehahne
			$_SESSION['EMAIL'] = '';
131 1673 Luisehahne
		} else {
132 1777 Luisehahne
			if(!$wb->validate_email($_SESSION['EMAIL'])){
133 1773 Luisehahne
				msgQueue::add($MESSAGE['USERS_INVALID_EMAIL']);
134 1777 Luisehahne
				$_SESSION['EMAIL'] = '';
135 1673 Luisehahne
			}
136
		}
137
	} else {
138 1773 Luisehahne
		msgQueue::add($MESSAGE['SIGNUP_NO_EMAIL']);
139 1673 Luisehahne
	}
140
141 1773 Luisehahne
	if(CONFIRMED_REGISTRATION) {
142
		$iMinPassLength = 6;
143
// receive password vars and calculate needed action
144 1777 Luisehahne
//		$sNewPassword = $wb->get_post('new_password_1');
145
    	$sNewPassword = ($wb->StripCodeFromText($wb->get_post('new_password_1')));
146 1773 Luisehahne
		$sNewPassword = (is_null($sNewPassword) ? '' : $sNewPassword);
147 1777 Luisehahne
//		$sNewPasswordRetyped = $wb->get_post('new_password_2');
148
    	$sNewPasswordRetyped = ($wb->StripCodeFromText($wb->get_post('new_password_2')));
149 1773 Luisehahne
		$sNewPasswordRetyped= (is_null($sNewPasswordRetyped) ? '' : $sNewPasswordRetyped);
150
// validate new password
151
		$sPwHashNew = false;
152
		if($sNewPassword != '') {
153
			if(strlen($sNewPassword) < $iMinPassLength) {
154
				msgQueue::add($MESSAGE['USERS_PASSWORD_TOO_SHORT']);
155
			} else {
156
				if($sNewPassword != $sNewPasswordRetyped) {
157
					msgQueue::add($MESSAGE['USERS_PASSWORD_MISMATCH']);
158
				} else {
159
					$pattern = '/[^'.$admin->password_chars.']/';
160
					if (preg_match($pattern, $sNewPassword)) {
161
						msgQueue::add($MESSAGE['PREFERENCES_INVALID_CHARS']);
162
					}else {
163
						$sPwHashNew = md5($sNewPassword);
164
					}
165
				}
166 1673 Luisehahne
			}
167
		} else {
168 1773 Luisehahne
			msgQueue::add($MESSAGE['LOGIN_PASSWORD_BLANK']);
169 1673 Luisehahne
		}
170
171 1773 Luisehahne
	} else {
172
		// Captcha
173
		if(ENABLED_CAPTCHA) {
174 1777 Luisehahne
//			if(isset($_POST['captcha']) AND $_POST['captcha'] != '')
175
			if($wb->StripCodeFromText($wb->get_post('captcha')) != '')
176 1773 Luisehahne
			{
177
				// Check for a mismatch get email user_id
178
				if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
179 1777 Luisehahne
					$replace = array('webmaster_email' => emailAdmin() );
180 1773 Luisehahne
	//				$aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'], $replace);
181
					msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'], $replace));
182
				}
183
			} else {
184 1777 Luisehahne
				$replace = array('webmaster_email'=> emailAdmin() );
185 1773 Luisehahne
	//			$aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'],$replace );
186
				msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'],$replace ));
187
			}
188
		}
189
		if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
190 1673 Luisehahne
191 1773 Luisehahne
		$sNewPassword = '';
192 1673 Luisehahne
		$salt = "abchefghjkmnpqrstuvwxyz0123456789";
193
		srand((double)microtime()*1000000);
194
		$i = 0;
195
		while ($i <= 7) {
196
			$num = rand() % 33;
197
			$tmp = substr($salt, $num, 1);
198 1773 Luisehahne
			$sNewPassword = $sNewPassword . $tmp;
199 1673 Luisehahne
			$i++;
200
		}
201 1773 Luisehahne
		$sPwHashNew = md5($sNewPassword);
202
	}
203 1673 Luisehahne
204 1773 Luisehahne
	if( ($msg = msgQueue::getError()) != '') {
205
// back to signup_form to show errors, otherwise save user and send mail
206
	} else {
207
		$get_ip = ObfuscateIp();
208
		$get_ts = time();
209 1777 Luisehahne
		$sLoginName = $_SESSION['USERNAME'];
210 1773 Luisehahne
//		$sDisplayName = $_SESSION['DISPLAY_NAME'];
211
		$sDisplayName = $wb->add_slashes($_SESSION['DISPLAY_NAME']);
212 1673 Luisehahne
		$groups_id = FRONTEND_SIGNUP;
213
		$email_to = $_SESSION['email'];
214
215 1773 Luisehahne
// Delete outdated confirmation IDs
216
		deleteOutdatedConfirmations();
217 1673 Luisehahne
218 1773 Luisehahne
// Create confirmation ID and Timestamp
219
		$sTimeOut = 0; // now + 24hours
220
		$sConfirmationId = '';
221 1673 Luisehahne
222 1773 Luisehahne
		if(CONFIRMED_REGISTRATION) {
223
			$sTimeOut = (string)(time() + 86400); // now + 24hours
224
			$sConfirmationId = md5(md5($sLoginName.$sTimeOut).$sTimeOut);
225
			$sConfirmedLink = WB_URL.'/account/confirm.php?id='.$sConfirmationId;
226
            $sConfirmedLink = '<a href="'.$sConfirmedLink.'">'.$sConfirmedLink.'</a>';
227
		}
228 1673 Luisehahne
229 1773 Luisehahne
// Save new user
230
		$bSaveRegistration = true;
231
232
		$sql  = 'INSERT INTO `'.TABLE_PREFIX.'users` SET ';
233
		$sql .= '`group_id` = \''.$groups_id.'\', ';
234
		$sql .= '`groups_id` = \''.$groups_id.'\', ';
235
		$sql .= '`active` = \''.(CONFIRMED_REGISTRATION ? '0' : '1').'\', ';
236
		$sql .= '`username` = \''.$sLoginName.'\', ';
237
		$sql .= '`password` = \''.$sPwHashNew.'\', ';
238
		$sql .= '`confirm_code` = \''.$sConfirmationId.'\', ';
239
		$sql .= '`confirm_timeout` = \''.$sTimeOut.'\', ';
240
		$sql .= '`display_name` = \''.$sDisplayName.'\', ';
241
		$sql .= '`email` = \''.$email_to.'\', ';
242 1777 Luisehahne
		$sql .= '`language` = \''.$_SESSION['LANGUAGE'].'\', ';
243 1773 Luisehahne
		$sql .= '`login_when` = \''.$get_ts.'\', ';
244
		$sql .= '`login_ip` = \''.$get_ip.'\' ';
245
246
		if(!$database->query($sql))
247
		{
248
// cancel and break script
249
			$bSaveRegistration = false;
250
			$_SESSION['display_form'] = false;
251 1777 Luisehahne
			unset($_SESSION['USERNAME']);
252 1773 Luisehahne
			unset($_SESSION['DISPLAY_NAME']);
253 1777 Luisehahne
			unset($_SESSION['EMAIL']);
254
			unset($_SESSION['TIMEZONE']);
255
			unset($_SESSION['LANGUAGE']);
256 1773 Luisehahne
			unset($_POST);
257
			if($database->set_error()){
258
				msgQueue::add($database->get_error());
259 1673 Luisehahne
			}
260 1773 Luisehahne
		} else {
261
			msgQueue::add($MESSAGE['SIGNUP_NEW_USER'],true);
262 1673 Luisehahne
263 1773 Luisehahne
			include(dirname(__FILE__).'/signup_mails.php');
264 1673 Luisehahne
265 1773 Luisehahne
			if($bSaveRegistration && $bSendRegistrationMailtoUser) {
266
			// send success message to screen, no signup form
267 1673 Luisehahne
				$_SESSION['display_form'] = false;
268
			}
269 1773 Luisehahne
270
		} // end success $bSaveRegistration
271 1673 Luisehahne
	}
272 1773 Luisehahne
} // end $_POST['action']
273
// if page_id lost
274
$page_id = isset($_SESSION['PAGE_ID']) ? $_SESSION['PAGE_ID'] : 0;