Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         account
6
 * @author          WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link            http://www.websitebaker.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: save_signup.php 1792 2012-10-24 00:43:00Z Luisehahne $
13
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/account/save_signup.php $
14
 * @lastmodified    $Date: 2012-10-24 02:43:00 +0200 (Wed, 24 Oct 2012) $
15
 *
16
 */
17

    
18
/* -------------------------------------------------------- */
19
// Must include code to stop this file being accessed directly
20
if(!defined('WB_PATH')) {
21
	require_once(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php');
22
	throw new IllegalFileException();
23
}
24
/* -------------------------------------------------------- */
25
$bDebugSignup = false;
26
if (!function_exists('ObfuscateIp')) {
27
	function ObfuscateIp() {
28
	    $sClientIp = (isset($_SERVER['REMOTE_ADDR']))
29
	                         ? $_SERVER['REMOTE_ADDR'] : '000.000.000.000';
30
//	    $iClientIp = ip2long($sClientIp);
31
//	    $sClientIp = long2ip(($iClientIp & ~65535));
32
	    return $sClientIp;
33
	}
34
}
35

    
36
if (!function_exists('emailAdmin')) {
37
	function emailAdmin() {
38
		global $database,$admin;
39
        $retval = false;
40
		$sql  = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
41
		$sql .= 'WHERE `user_id`=\'1\' ';
42
        if(!($retval = $database->get_one($sql))){
43
            $retval = false;
44
        }
45
		return $retval;
46
	}
47
}
48

    
49
if (!function_exists('deleteOutdatedConfirmations')) {
50
	function deleteOutdatedConfirmations() {
51
		$sql = 'DELETE FROM `'.TABLE_PREFIX.'users` WHERE `confirm_timeout` BETWEEN 1 AND '.time();
52
		WbDatabase::getInstance()->query($sql);
53
	}
54
}
55

    
56
if (!function_exists('checkPassWordConfirmCode')) {
57
	function checkPassWordConfirmCode( $sPassword, $sConfirmCode ) {
58
		if( preg_match('/[0-9a-f]{32}/i', $sConfirmCode) ) {
59
			$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` '
60
			     . 'WHERE `password`=\''.md5($sPassword).'\' '
61
			     .       'AND `confirm_code`=\''.$sConfirmCode.'\'';
62
			if( WbDatabase::getInstance()->get_one($sql)) {
63
				return true;
64
			}
65
		}
66
		return false;
67
	}
68
}
69

    
70
//if(isset($_POST['action']) && $_POST['action']=='send')
71
if($wb->StripCodeFromText($wb->get_post('action'))=='send')
72
{
73
	$database = WbDatabase::getInstance();
74

    
75
// add new fields in users
76
	$table_name = TABLE_PREFIX.'users';
77
	$field_name = 'confirm_code';
78
	$description = "VARCHAR( 32 ) NOT NULL DEFAULT '' AFTER `password`";
79
	if(!$database->field_exists($table_name,$field_name)) {
80
		$database->field_add($table_name, $field_name, $description);
81
	}
82
	if($database->set_error()){
83
		msgQueue::add($database->get_error());
84
	}
85

    
86
	$field_name = 'confirm_timeout';
87
	$description = "INT NOT NULL DEFAULT '0' AFTER `confirm_code`";
88
	if(!$database->field_exists($table_name,$field_name)) {
89
		$database->field_add($table_name, $field_name, $description);
90
	}
91
	if($database->set_error()){
92
		msgQueue::add($database->get_error());
93
	}
94

    
95
	$_SESSION['USERNAME'] = strtolower($wb->StripCodeFromText($wb->get_post('login_name')));
96
	$_SESSION['DISPLAY_NAME'] = strip_tags($wb->StripCodeFromText($wb->get_post('display_name')));
97
	$_SESSION['EMAIL'] = strip_tags($wb->StripCodeFromText($wb->get_post('email')));
98
	$_SESSION['LANGUAGE'] = strip_tags($wb->StripCodeFromText($wb->get_post('language')));
99
//	$aErrorMsg = array();
100

    
101
	if($wb->get_session('USERNAME') != "") {
102
		// Check if username already exists
103
		$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `username` = \''.$_SESSION['USERNAME'].'\'';
104
		if($database->get_one($sql)){
105
//			$aErrorMsg[] = $MESSAGE['USERS_USERNAME_TAKEN'];
106
			msgQueue::add($MESSAGE['USERS_USERNAME_TAKEN']);
107
			$_SESSION['USERNAME'] = '';
108
		} else {
109
			if(preg_match('/^[a-z]{1}[a-z0-9_-]{3,}$/i', $_SESSION['USERNAME'])==false) {
110
//				$aErrorMsg[] = $MESSAGE['USERS_NAME_INVALID_CHARS'];
111
				msgQueue::add($MESSAGE['USERS_NAME_INVALID_CHARS']);
112
				$_SESSION['USERNAME'] = '';
113
		 	}
114
		}
115
	} else {
116
//		$aErrorMsg[] = $MESSAGE['LOGIN_USERNAME_BLANK'];
117
		msgQueue::add($MESSAGE['LOGIN_USERNAME_BLANK']);
118
	}
119

    
120
	if($wb->get_session('EMAIL') != "") {
121
		// Check if the email already exists
122
		$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `email` = \''.$_SESSION['EMAIL'].'\'';
123
		if($database->get_one($sql)){
124
			msgQueue::add($MESSAGE['USERS_EMAIL_TAKEN']);
125
			$_SESSION['EMAIL'] = '';
126
		} else {
127
			if(!$wb->validate_email($_SESSION['EMAIL'])){
128
				msgQueue::add($MESSAGE['USERS_INVALID_EMAIL']);
129
				$_SESSION['EMAIL'] = '';
130
			}
131
		}
132
	} else {
133
		msgQueue::add($MESSAGE['SIGNUP_NO_EMAIL']);
134
	}
135

    
136
	if($wb->get_session('DISPLAY_NAME') == "") {
137
//		$aErrorMsg[] = $MESSAGE['GENERIC_FILL_IN_ALL'];
138
		msgQueue::add($MESSAGE['GENERIC_FILL_IN_ALL'].' ('.$TEXT['DISPLAY_NAME'].')');
139
	}
140

    
141
	if(CONFIRMED_REGISTRATION) {
142
		$iMinPassLength = 6;
143
// receive password vars and calculate needed action
144
//		$sNewPassword = $wb->get_post('new_password_1');
145
    	$sNewPassword = ($wb->StripCodeFromText($wb->get_post('new_password_1')));
146
		$sNewPassword = (is_null($sNewPassword) ? '' : $sNewPassword);
147
//		$sNewPasswordRetyped = $wb->get_post('new_password_2');
148
    	$sNewPasswordRetyped = ($wb->StripCodeFromText($wb->get_post('new_password_2')));
149
		$sNewPasswordRetyped= (is_null($sNewPasswordRetyped) ? '' : $sNewPasswordRetyped);
150
// validate new password
151
		$sPwHashNew = false;
152
		if($sNewPassword != '') {
153
			if(strlen($sNewPassword) < $iMinPassLength) {
154
				msgQueue::add($MESSAGE['USERS_PASSWORD_TOO_SHORT']);
155
			} else {
156
				if($sNewPassword != $sNewPasswordRetyped) {
157
					msgQueue::add($MESSAGE['USERS_PASSWORD_MISMATCH']);
158
				} else {
159
					$pattern = '/[^'.$wb->password_chars.']/';
160
					if (preg_match($pattern, $sNewPassword)) {
161
						msgQueue::add($MESSAGE['PREFERENCES_INVALID_CHARS']);
162
					}else {
163
						$sPwHashNew = md5($sNewPassword);
164
					}
165
				}
166
			}
167
		} else {
168
			msgQueue::add($MESSAGE['LOGIN_PASSWORD_BLANK']);
169
		}
170

    
171
	} else {
172
		// Captcha
173
		if(ENABLED_CAPTCHA) {
174
//			if(isset($_POST['captcha']) AND $_POST['captcha'] != '')
175
			if($wb->StripCodeFromText($wb->get_post('captcha')) != '')
176
			{
177
				// Check for a mismatch get email user_id
178
				if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
179
					$replace = array('webmaster_email' => emailAdmin() );
180
	//				$aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'], $replace);
181
					msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'], $replace));
182
				}
183
			} else {
184
				$replace = array('webmaster_email'=> emailAdmin() );
185
	//			$aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'],$replace );
186
				msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'],$replace ));
187
			}
188
		}
189
		if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
190

    
191
		$sNewPassword = '';
192
		$salt = "abchefghjkmnpqrstuvwxyz0123456789";
193
		srand((double)microtime()*1000000);
194
		$i = 0;
195
		while ($i <= 7) {
196
			$num = rand() % 33;
197
			$tmp = substr($salt, $num, 1);
198
			$sNewPassword = $sNewPassword . $tmp;
199
			$i++;
200
		}
201
		$sPwHashNew = md5($sNewPassword);
202
	}
203

    
204
	if( ($msg = msgQueue::getError()) != '') {
205
// back to signup_form to show errors, otherwise save user and send mail
206
	} else {
207
		$get_ip = ObfuscateIp();
208
		$get_ts = time();
209
		$sLoginName = $_SESSION['USERNAME'];
210
//		$sDisplayName = $_SESSION['DISPLAY_NAME'];
211
		$sDisplayName = $wb->add_slashes($_SESSION['DISPLAY_NAME']);
212
		$groups_id = FRONTEND_SIGNUP;
213
		$email_to = $_SESSION['EMAIL'];
214

    
215
// Delete outdated confirmation IDs
216
		deleteOutdatedConfirmations();
217

    
218
// Create confirmation ID and Timestamp
219
		$sTimeOut = 0; // now + 24hours
220
		$sConfirmationId = '';
221

    
222
		if(CONFIRMED_REGISTRATION) {
223
			$sTimeOut = (string)(time() + 86400); // now + 24hours
224
			$sConfirmationId = md5(md5($sLoginName.$sTimeOut).$sTimeOut);
225
			$sConfirmedLink = WB_URL.'/account/confirm.php?id='.$sConfirmationId;
226
            $sConfirmedLink = '<a href="'.$sConfirmedLink.'">'.$sConfirmedLink.'</a>';
227
		}
228

    
229
// Save new user
230

    
231
		$sql  = 'INSERT INTO `'.TABLE_PREFIX.'users` SET ';
232
		$sql .= '`group_id` = \''.$groups_id.'\', ';
233
		$sql .= '`groups_id` = \''.$groups_id.'\', ';
234
		$sql .= '`active` = \''.(CONFIRMED_REGISTRATION ? '0' : '1').'\', ';
235
		$sql .= '`username` = \''.$sLoginName.'\', ';
236
		$sql .= '`password` = \''.$sPwHashNew.'\', ';
237
		$sql .= '`confirm_code` = \''.$sConfirmationId.'\', ';
238
		$sql .= '`confirm_timeout` = \''.$sTimeOut.'\', ';
239
		$sql .= '`display_name` = \''.$sDisplayName.'\', ';
240
		$sql .= '`email` = \''.$email_to.'\', ';
241
		$sql .= '`language` = \''.$_SESSION['LANGUAGE'].'\', ';
242
		$sql .= '`login_when` = \''.$get_ts.'\', ';
243
		$sql .= '`login_ip` = \''.$get_ip.'\' ';
244

    
245
		if(!$database->query($sql))
246
		{
247
// cancel and break script
248
			$bSaveRegistration = false;
249
			$_SESSION['display_form'] = false;
250
			unset($_SESSION['USERNAME']);
251
			unset($_SESSION['DISPLAY_NAME']);
252
			unset($_SESSION['EMAIL']);
253
			unset($_SESSION['TIMEZONE']);
254
			unset($_SESSION['LANGUAGE']);
255
			unset($_POST);
256
			if($database->set_error()){
257
				msgQueue::add($database->get_error());
258
			}
259
		} else {
260
    		$bSaveRegistration = true;
261
			msgQueue::add($MESSAGE['SIGNUP_NEW_USER'],true);
262

    
263
			include(dirname(__FILE__).'/signup_mails.php');
264

    
265
			if($bSaveRegistration && $bSendRegistrationMailtoUser) {
266
			// send success message to screen, no signup form
267
				$_SESSION['display_form'] = false;
268
			}
269

    
270
		} // end success $bSaveRegistration
271
	}
272
} // end $_POST['action']
(19-19/22)