Project

General

Profile

1 1673 Luisehahne
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         account
6
 * @author          WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link            http://www.websitebaker.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id$
13
 * @filesource      $HeadURL$
14
 * @lastmodified    $Date$
15
 *
16
 */
17
18
/* -------------------------------------------------------- */
19 1777 Luisehahne
// Must include code to stop this file being accessed directly
20
if(!defined('WB_PATH')) {
21
	require_once(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php');
22
	throw new IllegalFileException();
23 1673 Luisehahne
}
24
/* -------------------------------------------------------- */
25 1773 Luisehahne
$bDebugSignup = false;
26
if (!function_exists('ObfuscateIp')) {
27
	function ObfuscateIp() {
28
	    $sClientIp = (isset($_SERVER['REMOTE_ADDR']))
29
	                         ? $_SERVER['REMOTE_ADDR'] : '000.000.000.000';
30
//	    $iClientIp = ip2long($sClientIp);
31
//	    $sClientIp = long2ip(($iClientIp & ~65535));
32
	    return $sClientIp;
33
	}
34
}
35 1673 Luisehahne
36
if (!function_exists('emailAdmin')) {
37
	function emailAdmin() {
38
		global $database,$admin;
39 1777 Luisehahne
        $retval = false;
40
		$sql  = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
41
		$sql .= 'WHERE `user_id`=\'1\' ';
42
        if(!($retval = $database->get_one($sql))){
43
            $retval = false;
44 1673 Luisehahne
        }
45
		return $retval;
46
	}
47
}
48
49 1773 Luisehahne
if (!function_exists('deleteOutdatedConfirmations')) {
50
	function deleteOutdatedConfirmations() {
51
		$sql = 'DELETE FROM `'.TABLE_PREFIX.'users` WHERE `confirm_timeout` BETWEEN 1 AND '.time();
52
		WbDatabase::getInstance()->query($sql);
53
	}
54
}
55 1673 Luisehahne
56 1773 Luisehahne
if (!function_exists('checkPassWordConfirmCode')) {
57
	function checkPassWordConfirmCode( $sPassword, $sConfirmCode ) {
58
		if( preg_match('/[0-9a-f]{32}/i', $sConfirmCode) ) {
59
			$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` '
60
			     . 'WHERE `password`=\''.md5($sPassword).'\' '
61
			     .       'AND `confirm_code`=\''.$sConfirmCode.'\'';
62
			if( WbDatabase::getInstance()->get_one($sql)) {
63
				return true;
64
			}
65
		}
66
		return false;
67
	}
68
}
69
70 1777 Luisehahne
//if(isset($_POST['action']) && $_POST['action']=='send')
71
if($wb->StripCodeFromText($wb->get_post('action'))=='send')
72 1773 Luisehahne
{
73
	$database = WbDatabase::getInstance();
74
75
// add new fields in users
76
	$table_name = TABLE_PREFIX.'users';
77
	$field_name = 'confirm_code';
78
	$description = "VARCHAR( 32 ) NOT NULL DEFAULT '' AFTER `password`";
79
	if(!$database->field_exists($table_name,$field_name)) {
80
		$database->field_add($table_name, $field_name, $description);
81
	}
82
	if($database->set_error()){
83
		msgQueue::add($database->get_error());
84
	}
85
86
	$field_name = 'confirm_timeout';
87
	$description = "INT NOT NULL DEFAULT '0' AFTER `confirm_code`";
88
	if(!$database->field_exists($table_name,$field_name)) {
89
		$database->field_add($table_name, $field_name, $description);
90
	}
91
	if($database->set_error()){
92
		msgQueue::add($database->get_error());
93
	}
94
95 1777 Luisehahne
	$_SESSION['USERNAME'] = strtolower($wb->StripCodeFromText($wb->get_post('login_name')));
96
	$_SESSION['DISPLAY_NAME'] = strip_tags($wb->StripCodeFromText($wb->get_post('display_name')));
97
	$_SESSION['EMAIL'] = strip_tags($wb->StripCodeFromText($wb->get_post('email')));
98
	$_SESSION['LANGUAGE'] = strip_tags($wb->StripCodeFromText($wb->get_post('language')));
99 1773 Luisehahne
//	$aErrorMsg = array();
100 1673 Luisehahne
101 1777 Luisehahne
	if($wb->get_session('USERNAME') != "") {
102 1673 Luisehahne
		// Check if username already exists
103 1777 Luisehahne
		$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `username` = \''.$_SESSION['USERNAME'].'\'';
104 1673 Luisehahne
		if($database->get_one($sql)){
105 1773 Luisehahne
//			$aErrorMsg[] = $MESSAGE['USERS_USERNAME_TAKEN'];
106
			msgQueue::add($MESSAGE['USERS_USERNAME_TAKEN']);
107 1777 Luisehahne
			$_SESSION['USERNAME'] = '';
108 1673 Luisehahne
		} else {
109 1777 Luisehahne
			if(preg_match('/^[a-z]{1}[a-z0-9_-]{3,}$/i', $_SESSION['USERNAME'])==false) {
110 1773 Luisehahne
//				$aErrorMsg[] = $MESSAGE['USERS_NAME_INVALID_CHARS'];
111
				msgQueue::add($MESSAGE['USERS_NAME_INVALID_CHARS']);
112 1777 Luisehahne
				$_SESSION['USERNAME'] = '';
113 1673 Luisehahne
		 	}
114
		}
115
	} else {
116 1773 Luisehahne
//		$aErrorMsg[] = $MESSAGE['LOGIN_USERNAME_BLANK'];
117
		msgQueue::add($MESSAGE['LOGIN_USERNAME_BLANK']);
118 1673 Luisehahne
	}
119
120 1810 Luisehahne
// check that display_name is unique in whoole system (prevents from User-faking)
121
    	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
122
    	$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$wb->get_session('DISPLAY_NAME').'"';
123
    	if( ($iFoundUser = intval($database->get_one($sql))) > 0 ){
124
            msgQueue::add($MESSAGE['USERS_USERNAME_TAKEN'].' ('.$TEXT['DISPLAY_NAME'].')');
125
            $_SESSION['DISPLAY_NAME'] = '';
126
       } else {
127
            if($wb->get_session('DISPLAY_NAME') == '') {
128
        	   msgQueue::add($MESSAGE['GENERIC_FILL_IN_ALL'].' ('.$TEXT['DISPLAY_NAME'].')');
129
            }
130
       }
131
132 1777 Luisehahne
	if($wb->get_session('EMAIL') != "") {
133 1673 Luisehahne
		// Check if the email already exists
134 1777 Luisehahne
		$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `email` = \''.$_SESSION['EMAIL'].'\'';
135 1673 Luisehahne
		if($database->get_one($sql)){
136 1773 Luisehahne
			msgQueue::add($MESSAGE['USERS_EMAIL_TAKEN']);
137 1777 Luisehahne
			$_SESSION['EMAIL'] = '';
138 1673 Luisehahne
		} else {
139 1777 Luisehahne
			if(!$wb->validate_email($_SESSION['EMAIL'])){
140 1773 Luisehahne
				msgQueue::add($MESSAGE['USERS_INVALID_EMAIL']);
141 1777 Luisehahne
				$_SESSION['EMAIL'] = '';
142 1673 Luisehahne
			}
143
		}
144
	} else {
145 1773 Luisehahne
		msgQueue::add($MESSAGE['SIGNUP_NO_EMAIL']);
146 1673 Luisehahne
	}
147
148 1810 Luisehahne
//	if($wb->get_session('DISPLAY_NAME') == "") {
149
////		$aErrorMsg[] = $MESSAGE['GENERIC_FILL_IN_ALL'];
150
//		msgQueue::add($MESSAGE['GENERIC_FILL_IN_ALL'].' ('.$TEXT['DISPLAY_NAME'].')');
151
//	}
152 1792 Luisehahne
153 1773 Luisehahne
	if(CONFIRMED_REGISTRATION) {
154
		$iMinPassLength = 6;
155
// receive password vars and calculate needed action
156 1777 Luisehahne
//		$sNewPassword = $wb->get_post('new_password_1');
157
    	$sNewPassword = ($wb->StripCodeFromText($wb->get_post('new_password_1')));
158 1773 Luisehahne
		$sNewPassword = (is_null($sNewPassword) ? '' : $sNewPassword);
159 1777 Luisehahne
//		$sNewPasswordRetyped = $wb->get_post('new_password_2');
160
    	$sNewPasswordRetyped = ($wb->StripCodeFromText($wb->get_post('new_password_2')));
161 1773 Luisehahne
		$sNewPasswordRetyped= (is_null($sNewPasswordRetyped) ? '' : $sNewPasswordRetyped);
162
// validate new password
163
		$sPwHashNew = false;
164
		if($sNewPassword != '') {
165
			if(strlen($sNewPassword) < $iMinPassLength) {
166
				msgQueue::add($MESSAGE['USERS_PASSWORD_TOO_SHORT']);
167
			} else {
168
				if($sNewPassword != $sNewPasswordRetyped) {
169
					msgQueue::add($MESSAGE['USERS_PASSWORD_MISMATCH']);
170
				} else {
171 1792 Luisehahne
					$pattern = '/[^'.$wb->password_chars.']/';
172 1773 Luisehahne
					if (preg_match($pattern, $sNewPassword)) {
173
						msgQueue::add($MESSAGE['PREFERENCES_INVALID_CHARS']);
174
					}else {
175
						$sPwHashNew = md5($sNewPassword);
176
					}
177
				}
178 1673 Luisehahne
			}
179
		} else {
180 1773 Luisehahne
			msgQueue::add($MESSAGE['LOGIN_PASSWORD_BLANK']);
181 1673 Luisehahne
		}
182
183 1773 Luisehahne
	} else {
184
		// Captcha
185
		if(ENABLED_CAPTCHA) {
186 1777 Luisehahne
//			if(isset($_POST['captcha']) AND $_POST['captcha'] != '')
187 1934 darkviper
			$aReplacement = array('webmaster_email' =>
188
			                      ((defined('OWNER_EMAIL') && OWNER_EMAIL != '') ? OWNER_EMAIL : emailAdmin()));
189 1777 Luisehahne
			if($wb->StripCodeFromText($wb->get_post('captcha')) != '')
190 1773 Luisehahne
			{
191
				// Check for a mismatch get email user_id
192
				if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
193 1934 darkviper
					msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'], $aReplacement));
194 1773 Luisehahne
				}
195
			} else {
196 1934 darkviper
				msgQueue::add(replace_vars($MESSAGE['INCORRECT_CAPTCHA'],$aReplacement ));
197 1773 Luisehahne
			}
198
		}
199
		if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
200 1673 Luisehahne
201 1773 Luisehahne
		$sNewPassword = '';
202 1673 Luisehahne
		$salt = "abchefghjkmnpqrstuvwxyz0123456789";
203
		srand((double)microtime()*1000000);
204
		$i = 0;
205
		while ($i <= 7) {
206
			$num = rand() % 33;
207
			$tmp = substr($salt, $num, 1);
208 1773 Luisehahne
			$sNewPassword = $sNewPassword . $tmp;
209 1673 Luisehahne
			$i++;
210
		}
211 1773 Luisehahne
		$sPwHashNew = md5($sNewPassword);
212
	}
213 1673 Luisehahne
214 1773 Luisehahne
	if( ($msg = msgQueue::getError()) != '') {
215
// back to signup_form to show errors, otherwise save user and send mail
216
	} else {
217
		$get_ip = ObfuscateIp();
218
		$get_ts = time();
219 1777 Luisehahne
		$sLoginName = $_SESSION['USERNAME'];
220 1773 Luisehahne
//		$sDisplayName = $_SESSION['DISPLAY_NAME'];
221
		$sDisplayName = $wb->add_slashes($_SESSION['DISPLAY_NAME']);
222 1673 Luisehahne
		$groups_id = FRONTEND_SIGNUP;
223 1792 Luisehahne
		$email_to = $_SESSION['EMAIL'];
224 1673 Luisehahne
225 1773 Luisehahne
// Delete outdated confirmation IDs
226
		deleteOutdatedConfirmations();
227 1673 Luisehahne
228 1773 Luisehahne
// Create confirmation ID and Timestamp
229
		$sTimeOut = 0; // now + 24hours
230
		$sConfirmationId = '';
231 1673 Luisehahne
232 1773 Luisehahne
		if(CONFIRMED_REGISTRATION) {
233
			$sTimeOut = (string)(time() + 86400); // now + 24hours
234
			$sConfirmationId = md5(md5($sLoginName.$sTimeOut).$sTimeOut);
235
			$sConfirmedLink = WB_URL.'/account/confirm.php?id='.$sConfirmationId;
236
            $sConfirmedLink = '<a href="'.$sConfirmedLink.'">'.$sConfirmedLink.'</a>';
237
		}
238 1673 Luisehahne
239 1773 Luisehahne
// Save new user
240
241
		$sql  = 'INSERT INTO `'.TABLE_PREFIX.'users` SET ';
242
		$sql .= '`group_id` = \''.$groups_id.'\', ';
243
		$sql .= '`groups_id` = \''.$groups_id.'\', ';
244
		$sql .= '`active` = \''.(CONFIRMED_REGISTRATION ? '0' : '1').'\', ';
245
		$sql .= '`username` = \''.$sLoginName.'\', ';
246
		$sql .= '`password` = \''.$sPwHashNew.'\', ';
247
		$sql .= '`confirm_code` = \''.$sConfirmationId.'\', ';
248
		$sql .= '`confirm_timeout` = \''.$sTimeOut.'\', ';
249
		$sql .= '`display_name` = \''.$sDisplayName.'\', ';
250
		$sql .= '`email` = \''.$email_to.'\', ';
251 1777 Luisehahne
		$sql .= '`language` = \''.$_SESSION['LANGUAGE'].'\', ';
252 1773 Luisehahne
		$sql .= '`login_when` = \''.$get_ts.'\', ';
253
		$sql .= '`login_ip` = \''.$get_ip.'\' ';
254
255
		if(!$database->query($sql))
256
		{
257
// cancel and break script
258
			$bSaveRegistration = false;
259
			$_SESSION['display_form'] = false;
260 1777 Luisehahne
			unset($_SESSION['USERNAME']);
261 1773 Luisehahne
			unset($_SESSION['DISPLAY_NAME']);
262 1777 Luisehahne
			unset($_SESSION['EMAIL']);
263
			unset($_SESSION['TIMEZONE']);
264
			unset($_SESSION['LANGUAGE']);
265 1773 Luisehahne
			unset($_POST);
266
			if($database->set_error()){
267
				msgQueue::add($database->get_error());
268 1673 Luisehahne
			}
269 1773 Luisehahne
		} else {
270 1792 Luisehahne
    		$bSaveRegistration = true;
271 1773 Luisehahne
			msgQueue::add($MESSAGE['SIGNUP_NEW_USER'],true);
272 1673 Luisehahne
273 1773 Luisehahne
			include(dirname(__FILE__).'/signup_mails.php');
274 1673 Luisehahne
275 1773 Luisehahne
			if($bSaveRegistration && $bSendRegistrationMailtoUser) {
276
			// send success message to screen, no signup form
277 1673 Luisehahne
				$_SESSION['display_form'] = false;
278
			}
279 1773 Luisehahne
280
		} // end success $bSaveRegistration
281 1673 Luisehahne
	}
282 1773 Luisehahne
} // end $_POST['action']