Project

General

Profile

1 1673 Luisehahne
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         account
6
 * @author          WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link            http://www.websitebaker.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id$
13
 * @filesource      $HeadURL$
14
 * @lastmodified    $Date$
15
 *
16
 */
17
18
/* -------------------------------------------------------- */
19 1777 Luisehahne
// Must include code to stop this file being accessed directly
20
if(!defined('WB_PATH')) {
21
	require_once(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php');
22
	throw new IllegalFileException();
23 1673 Luisehahne
}
24
/* -------------------------------------------------------- */
25 1773 Luisehahne
$bDebugSignup = false;
26
if (!function_exists('ObfuscateIp')) {
27
	function ObfuscateIp() {
28
	    $sClientIp = (isset($_SERVER['REMOTE_ADDR']))
29
	                         ? $_SERVER['REMOTE_ADDR'] : '000.000.000.000';
30
//	    $iClientIp = ip2long($sClientIp);
31
//	    $sClientIp = long2ip(($iClientIp & ~65535));
32
	    return $sClientIp;
33
	}
34
}
35 1673 Luisehahne
36
if (!function_exists('emailAdmin')) {
37
	function emailAdmin() {
38
		global $database,$admin;
39 1777 Luisehahne
        $retval = false;
40
		$sql  = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
41
		$sql .= 'WHERE `user_id`=\'1\' ';
42
        if(!($retval = $database->get_one($sql))){
43
            $retval = false;
44 1673 Luisehahne
        }
45
		return $retval;
46
	}
47
}
48
49 1773 Luisehahne
if (!function_exists('deleteOutdatedConfirmations')) {
50
	function deleteOutdatedConfirmations() {
51
		$sql = 'DELETE FROM `'.TABLE_PREFIX.'users` WHERE `confirm_timeout` BETWEEN 1 AND '.time();
52
		WbDatabase::getInstance()->query($sql);
53
	}
54
}
55 1673 Luisehahne
56 1773 Luisehahne
if (!function_exists('checkPassWordConfirmCode')) {
57
	function checkPassWordConfirmCode( $sPassword, $sConfirmCode ) {
58
		if( preg_match('/[0-9a-f]{32}/i', $sConfirmCode) ) {
59
			$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` '
60
			     . 'WHERE `password`=\''.md5($sPassword).'\' '
61
			     .       'AND `confirm_code`=\''.$sConfirmCode.'\'';
62
			if( WbDatabase::getInstance()->get_one($sql)) {
63
				return true;
64
			}
65
		}
66
		return false;
67
	}
68
}
69
70 1777 Luisehahne
//if(isset($_POST['action']) && $_POST['action']=='send')
71
if($wb->StripCodeFromText($wb->get_post('action'))=='send')
72 1773 Luisehahne
{
73
	$database = WbDatabase::getInstance();
74
75
// add new fields in users
76
	$table_name = TABLE_PREFIX.'users';
77
	$field_name = 'confirm_code';
78
	$description = "VARCHAR( 32 ) NOT NULL DEFAULT '' AFTER `password`";
79
	if(!$database->field_exists($table_name,$field_name)) {
80
		$database->field_add($table_name, $field_name, $description);
81
	}
82
	if($database->set_error()){
83
		msgQueue::add($database->get_error());
84
	}
85
86
	$field_name = 'confirm_timeout';
87
	$description = "INT NOT NULL DEFAULT '0' AFTER `confirm_code`";
88
	if(!$database->field_exists($table_name,$field_name)) {
89
		$database->field_add($table_name, $field_name, $description);
90
	}
91
	if($database->set_error()){
92
		msgQueue::add($database->get_error());
93
	}
94
95 1777 Luisehahne
	$_SESSION['USERNAME'] = strtolower($wb->StripCodeFromText($wb->get_post('login_name')));
96
	$_SESSION['DISPLAY_NAME'] = strip_tags($wb->StripCodeFromText($wb->get_post('display_name')));
97
	$_SESSION['EMAIL'] = strip_tags($wb->StripCodeFromText($wb->get_post('email')));
98
	$_SESSION['LANGUAGE'] = strip_tags($wb->StripCodeFromText($wb->get_post('language')));
99 1773 Luisehahne
//	$aErrorMsg = array();
100 1673 Luisehahne
101 1777 Luisehahne
	if($wb->get_session('USERNAME') != "") {
102 1673 Luisehahne
		// Check if username already exists
103 1777 Luisehahne
		$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `username` = \''.$_SESSION['USERNAME'].'\'';
104 1673 Luisehahne
		if($database->get_one($sql)){
105 1773 Luisehahne
//			$aErrorMsg[] = $MESSAGE['USERS_USERNAME_TAKEN'];
106
			msgQueue::add($MESSAGE['USERS_USERNAME_TAKEN']);
107 1777 Luisehahne
			$_SESSION['USERNAME'] = '';
108 1673 Luisehahne
		} else {
109 1777 Luisehahne
			if(preg_match('/^[a-z]{1}[a-z0-9_-]{3,}$/i', $_SESSION['USERNAME'])==false) {
110 1773 Luisehahne
//				$aErrorMsg[] = $MESSAGE['USERS_NAME_INVALID_CHARS'];
111
				msgQueue::add($MESSAGE['USERS_NAME_INVALID_CHARS']);
112 1777 Luisehahne
				$_SESSION['USERNAME'] = '';
113 1673 Luisehahne
		 	}
114
		}
115
	} else {
116 1773 Luisehahne
//		$aErrorMsg[] = $MESSAGE['LOGIN_USERNAME_BLANK'];
117
		msgQueue::add($MESSAGE['LOGIN_USERNAME_BLANK']);
118 1673 Luisehahne
	}
119
120 1810 Luisehahne
// check that display_name is unique in whoole system (prevents from User-faking)
121
    	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
122
    	$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$wb->get_session('DISPLAY_NAME').'"';
123
    	if( ($iFoundUser = intval($database->get_one($sql))) > 0 ){
124
            msgQueue::add($MESSAGE['USERS_USERNAME_TAKEN'].' ('.$TEXT['DISPLAY_NAME'].')');
125
            $_SESSION['DISPLAY_NAME'] = '';
126
       } else {
127
            if($wb->get_session('DISPLAY_NAME') == '') {
128
        	   msgQueue::add($MESSAGE['GENERIC_FILL_IN_ALL'].' ('.$TEXT['DISPLAY_NAME'].')');
129
            }
130
       }
131
132 1777 Luisehahne
	if($wb->get_session('EMAIL') != "") {
133 1673 Luisehahne
		// Check if the email already exists
134 1777 Luisehahne
		$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `email` = \''.$_SESSION['EMAIL'].'\'';
135 1673 Luisehahne
		if($database->get_one($sql)){
136 1773 Luisehahne
			msgQueue::add($MESSAGE['USERS_EMAIL_TAKEN']);
137 1777 Luisehahne
			$_SESSION['EMAIL'] = '';
138 1673 Luisehahne
		} else {
139 1777 Luisehahne
			if(!$wb->validate_email($_SESSION['EMAIL'])){
140 1773 Luisehahne
				msgQueue::add($MESSAGE['USERS_INVALID_EMAIL']);
141 1777 Luisehahne
				$_SESSION['EMAIL'] = '';
142 1673 Luisehahne
			}
143
		}
144
	} else {
145 1773 Luisehahne
		msgQueue::add($MESSAGE['SIGNUP_NO_EMAIL']);
146 1673 Luisehahne
	}
147
148 1810 Luisehahne
//	if($wb->get_session('DISPLAY_NAME') == "") {
149
////		$aErrorMsg[] = $MESSAGE['GENERIC_FILL_IN_ALL'];
150
//		msgQueue::add($MESSAGE['GENERIC_FILL_IN_ALL'].' ('.$TEXT['DISPLAY_NAME'].')');
151
//	}
152 1792 Luisehahne
153 1773 Luisehahne
	if(CONFIRMED_REGISTRATION) {
154
		$iMinPassLength = 6;
155
// receive password vars and calculate needed action
156 1777 Luisehahne
//		$sNewPassword = $wb->get_post('new_password_1');
157
    	$sNewPassword = ($wb->StripCodeFromText($wb->get_post('new_password_1')));
158 1773 Luisehahne
		$sNewPassword = (is_null($sNewPassword) ? '' : $sNewPassword);
159 1777 Luisehahne
//		$sNewPasswordRetyped = $wb->get_post('new_password_2');
160
    	$sNewPasswordRetyped = ($wb->StripCodeFromText($wb->get_post('new_password_2')));
161 1773 Luisehahne
		$sNewPasswordRetyped= (is_null($sNewPasswordRetyped) ? '' : $sNewPasswordRetyped);
162
// validate new password
163
		$sPwHashNew = false;
164
		if($sNewPassword != '') {
165
			if(strlen($sNewPassword) < $iMinPassLength) {
166
				msgQueue::add($MESSAGE['USERS_PASSWORD_TOO_SHORT']);
167
			} else {
168
				if($sNewPassword != $sNewPasswordRetyped) {
169
					msgQueue::add($MESSAGE['USERS_PASSWORD_MISMATCH']);
170
				} else {
171 1792 Luisehahne
					$pattern = '/[^'.$wb->password_chars.']/';
172 1773 Luisehahne
					if (preg_match($pattern, $sNewPassword)) {
173
						msgQueue::add($MESSAGE['PREFERENCES_INVALID_CHARS']);
174
					}else {
175
						$sPwHashNew = md5($sNewPassword);
176
					}
177
				}
178 1673 Luisehahne
			}
179
		} else {
180 1773 Luisehahne
			msgQueue::add($MESSAGE['LOGIN_PASSWORD_BLANK']);
181 1673 Luisehahne
		}
182
183 1773 Luisehahne
	} else {
184
		// Captcha
185
		if(ENABLED_CAPTCHA) {
186 1777 Luisehahne
//			if(isset($_POST['captcha']) AND $_POST['captcha'] != '')
187
			if($wb->StripCodeFromText($wb->get_post('captcha')) != '')
188 1773 Luisehahne
			{
189
				// Check for a mismatch get email user_id
190
				if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
191 1777 Luisehahne
					$replace = array('webmaster_email' => emailAdmin() );
192 1773 Luisehahne
	//				$aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'], $replace);
193
					msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'], $replace));
194
				}
195
			} else {
196 1777 Luisehahne
				$replace = array('webmaster_email'=> emailAdmin() );
197 1773 Luisehahne
	//			$aErrorMsg[] = replace_vars($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'],$replace );
198
				msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'],$replace ));
199
			}
200
		}
201
		if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
202 1673 Luisehahne
203 1773 Luisehahne
		$sNewPassword = '';
204 1673 Luisehahne
		$salt = "abchefghjkmnpqrstuvwxyz0123456789";
205
		srand((double)microtime()*1000000);
206
		$i = 0;
207
		while ($i <= 7) {
208
			$num = rand() % 33;
209
			$tmp = substr($salt, $num, 1);
210 1773 Luisehahne
			$sNewPassword = $sNewPassword . $tmp;
211 1673 Luisehahne
			$i++;
212
		}
213 1773 Luisehahne
		$sPwHashNew = md5($sNewPassword);
214
	}
215 1673 Luisehahne
216 1773 Luisehahne
	if( ($msg = msgQueue::getError()) != '') {
217
// back to signup_form to show errors, otherwise save user and send mail
218
	} else {
219
		$get_ip = ObfuscateIp();
220
		$get_ts = time();
221 1777 Luisehahne
		$sLoginName = $_SESSION['USERNAME'];
222 1773 Luisehahne
//		$sDisplayName = $_SESSION['DISPLAY_NAME'];
223
		$sDisplayName = $wb->add_slashes($_SESSION['DISPLAY_NAME']);
224 1673 Luisehahne
		$groups_id = FRONTEND_SIGNUP;
225 1792 Luisehahne
		$email_to = $_SESSION['EMAIL'];
226 1673 Luisehahne
227 1773 Luisehahne
// Delete outdated confirmation IDs
228
		deleteOutdatedConfirmations();
229 1673 Luisehahne
230 1773 Luisehahne
// Create confirmation ID and Timestamp
231
		$sTimeOut = 0; // now + 24hours
232
		$sConfirmationId = '';
233 1673 Luisehahne
234 1773 Luisehahne
		if(CONFIRMED_REGISTRATION) {
235
			$sTimeOut = (string)(time() + 86400); // now + 24hours
236
			$sConfirmationId = md5(md5($sLoginName.$sTimeOut).$sTimeOut);
237
			$sConfirmedLink = WB_URL.'/account/confirm.php?id='.$sConfirmationId;
238
            $sConfirmedLink = '<a href="'.$sConfirmedLink.'">'.$sConfirmedLink.'</a>';
239
		}
240 1673 Luisehahne
241 1773 Luisehahne
// Save new user
242
243
		$sql  = 'INSERT INTO `'.TABLE_PREFIX.'users` SET ';
244
		$sql .= '`group_id` = \''.$groups_id.'\', ';
245
		$sql .= '`groups_id` = \''.$groups_id.'\', ';
246
		$sql .= '`active` = \''.(CONFIRMED_REGISTRATION ? '0' : '1').'\', ';
247
		$sql .= '`username` = \''.$sLoginName.'\', ';
248
		$sql .= '`password` = \''.$sPwHashNew.'\', ';
249
		$sql .= '`confirm_code` = \''.$sConfirmationId.'\', ';
250
		$sql .= '`confirm_timeout` = \''.$sTimeOut.'\', ';
251
		$sql .= '`display_name` = \''.$sDisplayName.'\', ';
252
		$sql .= '`email` = \''.$email_to.'\', ';
253 1777 Luisehahne
		$sql .= '`language` = \''.$_SESSION['LANGUAGE'].'\', ';
254 1773 Luisehahne
		$sql .= '`login_when` = \''.$get_ts.'\', ';
255
		$sql .= '`login_ip` = \''.$get_ip.'\' ';
256
257
		if(!$database->query($sql))
258
		{
259
// cancel and break script
260
			$bSaveRegistration = false;
261
			$_SESSION['display_form'] = false;
262 1777 Luisehahne
			unset($_SESSION['USERNAME']);
263 1773 Luisehahne
			unset($_SESSION['DISPLAY_NAME']);
264 1777 Luisehahne
			unset($_SESSION['EMAIL']);
265
			unset($_SESSION['TIMEZONE']);
266
			unset($_SESSION['LANGUAGE']);
267 1773 Luisehahne
			unset($_POST);
268
			if($database->set_error()){
269
				msgQueue::add($database->get_error());
270 1673 Luisehahne
			}
271 1773 Luisehahne
		} else {
272 1792 Luisehahne
    		$bSaveRegistration = true;
273 1773 Luisehahne
			msgQueue::add($MESSAGE['SIGNUP_NEW_USER'],true);
274 1673 Luisehahne
275 1773 Luisehahne
			include(dirname(__FILE__).'/signup_mails.php');
276 1673 Luisehahne
277 1773 Luisehahne
			if($bSaveRegistration && $bSendRegistrationMailtoUser) {
278
			// send success message to screen, no signup form
279 1673 Luisehahne
				$_SESSION['display_form'] = false;
280
			}
281 1773 Luisehahne
282
		} // end success $bSaveRegistration
283 1673 Luisehahne
	}
284 1773 Luisehahne
} // end $_POST['action']