Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        frontend
5
 * @package         account
6
 * @author          WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link            http://www.websitebaker.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: save_signup.php 2070 2014-01-03 01:21:42Z darkviper $
13
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/account/save_signup.php $
14
 * @lastmodified    $Date: 2014-01-03 02:21:42 +0100 (Fri, 03 Jan 2014) $
15
 *
16
 */
17

    
18
/* -------------------------------------------------------- */
19
// Must include code to stop this file being accessed directly
20
if(!defined('WB_PATH')) {
21
	require_once(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php');
22
	throw new IllegalFileException();
23
}
24
/* -------------------------------------------------------- */
25
$bDebugSignup = false;
26
if (!function_exists('ObfuscateIp')) {
27
	function ObfuscateIp() {
28
	    $sClientIp = (isset($_SERVER['REMOTE_ADDR']))
29
	                         ? $_SERVER['REMOTE_ADDR'] : '000.000.000.000';
30
//	    $iClientIp = ip2long($sClientIp);
31
//	    $sClientIp = long2ip(($iClientIp & ~65535));
32
	    return $sClientIp;
33
	}
34
}
35

    
36
if (!function_exists('emailAdmin')) {
37
	function emailAdmin() {
38
		global $database,$admin;
39
        $retval = false;
40
		$sql  = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ';
41
		$sql .= 'WHERE `user_id`=\'1\' ';
42
        if(!($retval = $database->get_one($sql))){
43
            $retval = false;
44
        }
45
		return $retval;
46
	}
47
}
48

    
49
if (!function_exists('deleteOutdatedConfirmations')) {
50
	function deleteOutdatedConfirmations() {
51
		$sql = 'DELETE FROM `'.TABLE_PREFIX.'users` WHERE `confirm_timeout` BETWEEN 1 AND '.time();
52
		WbDatabase::getInstance()->query($sql);
53
	}
54
}
55

    
56
if (!function_exists('checkPassWordConfirmCode')) {
57
	function checkPassWordConfirmCode( $sPassword, $sConfirmCode ) {
58
		if( preg_match('/[0-9a-f]{32}/i', $sConfirmCode) ) {
59
			$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` '
60
			     . 'WHERE `password`=\''.md5($sPassword).'\' '
61
			     .       'AND `confirm_code`=\''.$sConfirmCode.'\'';
62
			if( WbDatabase::getInstance()->get_one($sql)) {
63
				return true;
64
			}
65
		}
66
		return false;
67
	}
68
}
69
// load module language file
70
//$lang = (dirname(__FILE__)) . '/languages/' . LANGUAGE . '.php';
71
//require_once(!file_exists($lang) ? (dirname(__FILE__)) . '/languages/EN.php' : $lang );
72

    
73
//if(isset($_POST['action']) && $_POST['action']=='send')
74
if($wb->StripCodeFromText($wb->get_post('action'))=='send')
75
{
76
	$database = WbDatabase::getInstance();
77

    
78
// add new fields in users
79
	$table_name = TABLE_PREFIX.'users';
80
	$field_name = 'confirm_code';
81
	$description = "VARCHAR( 32 ) NOT NULL DEFAULT '' AFTER `password`";
82
	if(!$database->field_exists($table_name,$field_name)) {
83
		$database->field_add($table_name, $field_name, $description);
84
	}
85
	if($database->set_error()){
86
		msgQueue::add($database->get_error());
87
	}
88

    
89
	$field_name = 'confirm_timeout';
90
	$description = "INT NOT NULL DEFAULT '0' AFTER `confirm_code`";
91
	if(!$database->field_exists($table_name,$field_name)) {
92
		$database->field_add($table_name, $field_name, $description);
93
	}
94
	if($database->set_error()){
95
		msgQueue::add($database->get_error());
96
	}
97

    
98
	$_SESSION['USERNAME'] = strtolower($wb->StripCodeFromText($wb->get_post('login_name')));
99
	$_SESSION['DISPLAY_NAME'] = strip_tags($wb->StripCodeFromText($wb->get_post('display_name')));
100
	$_SESSION['EMAIL'] = strip_tags($wb->StripCodeFromText($wb->get_post('email')));
101
	$_SESSION['LANGUAGE'] = strip_tags($wb->StripCodeFromText($wb->get_post('language')));
102
//	$aErrorMsg = array();
103

    
104
	if($wb->get_session('USERNAME') != "") {
105
		// Check if username already exists
106
		$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `username` = \''.$_SESSION['USERNAME'].'\'';
107
		if($database->get_one($sql)){
108
			msgQueue::add($mLang->MESSAGE_USERS_USERNAME_TAKEN);
109
			$_SESSION['USERNAME'] = '';
110
		} else {
111
			if(preg_match('/^[a-z]{1}[a-z0-9_-]{3,}$/i', $_SESSION['USERNAME'])==false) {
112
				msgQueue::add($mLang->MESSAGE_USERS_NAME_INVALID_CHARS);
113
				$_SESSION['USERNAME'] = '';
114
		 	}
115
		}
116
	} else {
117
		msgQueue::add($mLang->MESSAGE_LOGIN_USERNAME_BLANK);
118
	}
119

    
120
// check that display_name is unique in whoole system (prevents from User-faking)
121
    	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
122
    	$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$wb->get_session('DISPLAY_NAME').'"';
123
    	if( ($iFoundUser = intval($database->get_one($sql))) > 0 ){
124
//            msgQueue::add($mLang->MESSAGE_USERS_USERNAME_TAKEN );
125
//			$_SESSION['USERNAME'] = '';
126
//       } else {
127
            if($wb->get_session('DISPLAY_NAME') == '') {
128
        	   msgQueue::add($mLang->MESSAGE_GENERIC_FILL_IN_ALL.' ('.$mLang->TEXT_DISPLAY_NAME.')');
129
            $_SESSION['DISPLAY_NAME'] = '';
130
            }
131
       }
132

    
133
	if($wb->get_session('EMAIL') != "") {
134
		// Check if the email already exists
135
		$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `email` = \''.$_SESSION['EMAIL'].'\'';
136
		if($database->get_one($sql)){
137
			msgQueue::add($mLang->MESSAGE_USERS_EMAIL_TAKEN);
138
			$_SESSION['EMAIL'] = '';
139
		} else {
140
			if(!$wb->validate_email($_SESSION['EMAIL'])){
141
				msgQueue::add($mLang->MESSAGE_USERS_INVALID_EMAIL);
142
				$_SESSION['EMAIL'] = '';
143
			}
144
		}
145
	} else {
146
		msgQueue::add($mLang->MESSAGE_SIGNUP_NO_EMAIL);
147
	}
148

    
149
	if(CONFIRMED_REGISTRATION) {
150
		$iMinPassLength = 6;
151
// receive password vars and calculate needed action
152
//		$sNewPassword = $wb->get_post('new_password_1');
153
    	$sNewPassword = ($wb->StripCodeFromText($wb->get_post('new_password_1')));
154
		$sNewPassword = (is_null($sNewPassword) ? '' : $sNewPassword);
155
//		$sNewPasswordRetyped = $wb->get_post('new_password_2');
156
    	$sNewPasswordRetyped = ($wb->StripCodeFromText($wb->get_post('new_password_2')));
157
		$sNewPasswordRetyped= (is_null($sNewPasswordRetyped) ? '' : $sNewPasswordRetyped);
158
// validate new password
159
		$sPwHashNew = false;
160
		if($sNewPassword != '') {
161
			if(strlen($sNewPassword) < $iMinPassLength) {
162
				msgQueue::add($mLang->MESSAGE_USERS_PASSWORD_TOO_SHORT);
163
			} else {
164
				if($sNewPassword != $sNewPasswordRetyped) {
165
					msgQueue::add($mLang->MESSAGE_USERS_PASSWORD_MISMATCH);
166
				} else {
167
					$pattern = '/[^'.$wb->password_chars.']/';
168
					if (preg_match($pattern, $sNewPassword)) {
169
						msgQueue::add($mLang->MESSAGE_PREFERENCES_INVALID_CHARS);
170
					}else {
171
						$sPwHashNew = md5($sNewPassword);
172
					}
173
				}
174
			}
175
		} else {
176
			msgQueue::add($mLang->MESSAGE_LOGIN_PASSWORD_BLANK);
177
		}
178

    
179
	} else {
180
		// Captcha
181
		if(ENABLED_CAPTCHA) {
182
//			if(isset($_POST['captcha']) AND $_POST['captcha'] != '')
183
			$aReplacement = array('webmaster_email' =>
184
			                      ((defined('OWNER_EMAIL') && OWNER_EMAIL != '') ? OWNER_EMAIL : emailAdmin()));
185
			if($wb->StripCodeFromText($wb->get_post('captcha')) != '')
186
			{
187
				// Check for a mismatch get email user_id
188
				if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
189
					msgQueue::add(replace_vars($mLang->MESSAGE_INCORRECT_CAPTCHA, $aReplacement));
190
				}
191
			} else {
192
				msgQueue::add(replace_vars($mLang->MESSAGE_INCORRECT_CAPTCHA,$aReplacement ));
193
			}
194
		}
195
		if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
196

    
197
		$sNewPassword = '';
198
		$salt = "abchefghjkmnpqrstuvwxyz0123456789";
199
		srand((double)microtime()*1000000);
200
		$i = 0;
201
		while ($i <= 7) {
202
			$num = rand() % 33;
203
			$tmp = substr($salt, $num, 1);
204
			$sNewPassword = $sNewPassword . $tmp;
205
			$i++;
206
		}
207
		$sPwHashNew = md5($sNewPassword);
208
	}
209

    
210
	if( ($msg = msgQueue::getError()) != '') {
211
// back to signup_form to show errors, otherwise save user and send mail
212

    
213
	} else {
214
		$get_ip = ObfuscateIp();
215
		$get_ts = time();
216
		$sLoginName = $_SESSION['USERNAME'];
217
//		$sDisplayName = $_SESSION['DISPLAY_NAME'];
218
		$sDisplayName = $wb->add_slashes($_SESSION['DISPLAY_NAME']);
219
		$groups_id = FRONTEND_SIGNUP;
220
		$email_to = $_SESSION['EMAIL'];
221

    
222
// Delete outdated confirmation IDs
223
		deleteOutdatedConfirmations();
224

    
225
// Create confirmation ID and Timestamp
226
		$sTimeOut = 0; // now + 24hours
227
		$sConfirmationId = '';
228

    
229
		if(CONFIRMED_REGISTRATION) {
230
			$sTimeOut = (string)(time() + 86400); // now + 24hours
231
			$sConfirmationId = md5(md5($sLoginName.$sTimeOut).$sTimeOut);
232
			$sConfirmedLink = WB_URL.'/account/confirm.php?id='.$sConfirmationId;
233
            $sConfirmedLink = '<a href="'.$sConfirmedLink.'">'.$sConfirmedLink.'</a>';
234
		}
235

    
236
// Save new user
237

    
238
		$sql  = 'INSERT INTO `'.TABLE_PREFIX.'users` SET ';
239
		$sql .= '`group_id` = \''.$groups_id.'\', ';
240
		$sql .= '`groups_id` = \''.$groups_id.'\', ';
241
		$sql .= '`active` = \''.(CONFIRMED_REGISTRATION ? '0' : '1').'\', ';
242
		$sql .= '`username` = \''.$sLoginName.'\', ';
243
		$sql .= '`password` = \''.$sPwHashNew.'\', ';
244
		$sql .= '`confirm_code` = \''.$sConfirmationId.'\', ';
245
		$sql .= '`confirm_timeout` = \''.$sTimeOut.'\', ';
246
		$sql .= '`display_name` = \''.$sDisplayName.'\', ';
247
		$sql .= '`email` = \''.$email_to.'\', ';
248
		$sql .= '`language` = \''.$_SESSION['LANGUAGE'].'\', ';
249
		$sql .= '`login_when` = \''.$get_ts.'\', ';
250
		$sql .= '`login_ip` = \''.$get_ip.'\' ';
251

    
252
		if(!$database->query($sql))
253
		{
254
// cancel and break script
255
			$bSaveRegistration = false;
256
			$_SESSION['display_form'] = false;
257
			unset($_SESSION['USERNAME']);
258
			unset($_SESSION['DISPLAY_NAME']);
259
			unset($_SESSION['EMAIL']);
260
			unset($_SESSION['TIMEZONE']);
261
			unset($_SESSION['LANGUAGE']);
262
			unset($_POST);
263
			if($database->set_error()){
264
				msgQueue::add($database->get_error());
265
			}
266
		} else {
267
    		$bSaveRegistration = true;
268
			msgQueue::add($mLang->MESSAGE_SIGNUP_NEW_USER,true);
269
            // send mails and check if $bSendRegistrationMailtoUser was send
270
			include(dirname(__FILE__).'/signup_mails.php');
271

    
272
			if($bSaveRegistration && $bSendRegistrationMailtoUser) {
273
			// send success message to screen, no signup form
274
				$_SESSION['display_form'] = false;
275
			} else {
276
				msgQueue::add('No Activation E-Mail was send! Contact your Administrator');
277
			}
278

    
279
		} // end success $bSaveRegistration
280
	}
281
} // end $_POST['action']
(19-19/22)