| [ Index ] |
PHP Cross Reference of e107 v1 |
[Summary view] [Print] [Text view]
1 <?php 2 /* 3 + ----------------------------------------------------------------------------+ 4 | e107 website system 5 | 6 | Steve Dunstan 2001-2002 7 | Copyright (C) 2008-2010 e107 Inc (e107.org) 8 | 9 | 10 | Released under the terms and conditions of the 11 | GNU General Public License (http://gnu.org). 12 | 13 | $URL: https://e107.svn.sourceforge.net/svnroot/e107/trunk/e107_0.7/signup.php $ 14 | $Id: signup.php 12130 2011-04-12 21:09:45Z e107steved $ 15 +----------------------------------------------------------------------------+ 16 */ 17 18 // Experimental e-token 19 if((isset($_POST['newver']) || isset($_POST['register']) || isset($_POST['submit_resend'])) && !isset($_POST['e-token'])) 20 { 21 // set e-token so it can be processed by class2 22 $_POST['e-token'] = ''; 23 } 24 define("e_NOCACHE",TRUE); 25 require_once ("class2.php"); 26 $qs = explode(".", e_QUERY); 27 //@TODO what fix? 28 if($qs[0] != "activate"){ // multi-language fix. 29 e107_include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_signup.php"); 30 e107_include_once(e_LANGUAGEDIR."English/lan_signup.php"); 31 e107_include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_usersettings.php"); 32 } 33 34 include_once(e_HANDLER."user_extended_class.php"); 35 $usere = new e107_user_extended; 36 require_once(e_HANDLER."calendar/calendar_class.php"); 37 $cal = new DHTML_Calendar(true); 38 39 if (is_readable(THEME."signup_template.php")) { 40 require_once(THEME."signup_template.php"); 41 } else { 42 require_once(e_THEME."templates/signup_template.php"); 43 } 44 45 include_once(e_FILE."shortcode/batch/signup_shortcodes.php"); 46 47 $signup_imagecode = ($pref['signcode'] && extension_loaded("gd")); 48 49 // Resend Activation Email -------------------------------------------> 50 if(e_QUERY == "resend" && !USER && ($pref['user_reg_veri'] == 1)) 51 { 52 e107_include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_".e_PAGE); 53 e107_include_once(e_LANGUAGEDIR."English/lan_".e_PAGE); 54 $errmsg = ''; 55 require_once(HEADERF); 56 57 if (!($clean_email = check_email($tp -> toDB($_POST['resend_email'])))) 58 { 59 $clean_email = "xxx"; 60 } 61 62 if (!($new_email = check_email($tp -> toDB($_POST['resend_newemail'])))) 63 { 64 $new_email = FALSE; 65 } 66 67 if($_POST['submit_resend']) 68 { 69 if($_POST['resend_email'] && !$new_email && $sql->db_Select_gen("SELECT * FROM #user WHERE user_ban=0 AND user_sess='' AND (user_loginname= \"".$tp->toDB($_POST['resend_email'])."\" OR user_name = \"".$tp->toDB($_POST['resend_email'])."\" OR user_email = \"".$clean_email."\" ) ")) 70 { 71 $ns -> tablerender(LAN_SIGNUP_40,LAN_SIGNUP_41."<br />"); 72 require_once(FOOTERF); 73 exit; 74 } 75 76 if(trim($_POST['resend_password']) !="" && $new_email) 77 { 78 if (($count = $sql->db_Select("user", "user_id", "user_password = \"".md5($_POST['resend_password'])."\" AND user_ban=2 AND user_sess !=''")) === 1) 79 { 80 // Check for duplicate email 81 $row = $sql -> db_Fetch(); 82 if ($sql->db_select('user', 'user_id, user_email', "user_email='".$new_email."'")) 83 { // Email address already used by someone 84 $ns -> tablerender(LAN_ERROR,LAN_SIGNUP_106); 85 require_once(FOOTERF); 86 exit; 87 } 88 elseif($sql->db_Update("user", "user_email='".$new_email."' WHERE user_id = '".$row['user_id']."' LIMIT 1 ")) 89 { 90 $clean_email = $new_email; 91 } 92 } 93 else 94 { 95 // Incorrect password, or multiple users with same password 96 $ns -> tablerender(LAN_ERROR,LAN_SIGNUP_105); 97 require_once(FOOTERF); 98 exit; 99 } 100 } 101 102 103 if($sql->db_Select("user", "*", "(user_loginname = \"".$tp->toDB($_POST['resend_email'])."\" OR user_name = \"".$tp->toDB($_POST['resend_email'])."\" OR user_email = \"".$clean_email."\" ) AND user_ban=2 AND user_sess !='' LIMIT 1")) 104 { 105 $row = $sql -> db_Fetch(); 106 107 $_POST['password1'] = "xxxxxxxxx"; 108 $_POST['loginname'] = $row['user_loginname']; 109 $_POST['name'] = $row['user_name']; 110 $nid = $row['user_id']; 111 $u_key = $row['user_sess']; 112 113 $eml = render_email(); 114 $mailheader_e107id = $nid; 115 require_once(e_HANDLER."mail.php"); 116 117 /* 118 echo "Sending to: ".$row['user_email']; 119 require_once(FOOTERF); 120 exit; 121 */ 122 123 if(!sendemail($row['user_email'], $eml['subject'], $eml['message'], $row['user_name'], "", "", $eml['attachments'], $eml['cc'], $eml['bcc'], $returnpath, $returnreceipt,$eml['inline-images'])) 124 { 125 $ns -> tablerender(LAN_ERROR,LAN_SIGNUP_42); 126 require_once(FOOTERF); 127 exit; 128 } 129 else 130 { 131 $ns -> tablerender(LAN_SIGNUP_43,LAN_SIGNUP_44." ".$row['user_email']." - ".LAN_SIGNUP_45."<br /><br />"); 132 require_once(FOOTERF); 133 exit; 134 } 135 } 136 137 //require_once(e_HANDLER."message_handler.php"); 138 //message_handler("ALERT",LAN_106); // email not valid. 139 //message_handler("MESSAGE",LAN_106); 140 $errmsg = LAN_106; 141 //exit; 142 } 143 if(!$_POST['submit_resend'] || $errmsg) 144 { 145 146 $text .= "<div style='text-align:center'> 147 <form method='post' action='".e_SELF."?resend' id='resend_form'> 148 <table style='".USER_WIDTH."' class='fborder'> 149 <tr> 150 <td class='forumheader3' style='text-align:right'>".LAN_SIGNUP_48."</td> 151 <td class='forumheader3'> 152 <input type='text' name='resend_email' class='tbox' size='50' style='max-width:80%' value='' maxlength='80' /> 153 </td> 154 </tr> 155 156 <tr> 157 <td class='forumheader3' colspan='2'>".LAN_SIGNUP_49."</td> 158 </tr> 159 <tr> 160 <td class='forumheader3' style='text-align:right;width:30%'>".LAN_SIGNUP_50."</td> 161 <td class='forumheader3'><input type='text' name='resend_newemail' class='tbox' size='50' style='max-width:80%' value='' maxlength='80' /></td> 162 </tr> 163 <tr> 164 <td class='forumheader3' style='text-align:right'>".LAN_SIGNUP_51."</td> 165 <td class='forumheader3'><input type='text' name='resend_password' class='tbox' size='50' style='max-width:80%' value='' maxlength='80' /></td> 166 </tr> 167 "; 168 169 $text .="<tr style='vertical-align:top'> 170 <td colspan='2' style='text-align:center' class='forumheader'>"; 171 $text .= "<input class='button' type='submit' name='submit_resend' value=\"".LAN_SIGNUP_47."\" /> 172 <input type='hidden' name='e-token' value='".e_TOKEN."' />"; // resend activation email. 173 $text .= "</td> 174 </tr> 175 </table> 176 </form> 177 </div>"; 178 if($errmsg) message_handler("MESSAGE",$errmsg); 179 $ns -> tablerender(LAN_SIGNUP_47, $text); 180 require_once(FOOTERF); 181 exit; 182 } 183 184 exit; 185 } 186 187 // ------------------------------------------------------------------ 188 189 if(!$_POST) // Notice Removal. 190 { 191 192 $error = ""; 193 $text = " "; 194 $password1 = ""; 195 $password2 = ""; 196 $email = ""; // Used in shortcodes 197 $loginname = ""; 198 $realname = ""; 199 $user_timezone = ""; 200 $image = ""; 201 $avatar_upload = ""; 202 $photo_upload = ""; 203 $_POST['ue'] = ""; 204 $signature = ""; 205 } 206 207 if(ADMIN && (e_QUERY == "preview" || e_QUERY == "test" || e_QUERY == "preview.aftersignup")) 208 { 209 e107_include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_".e_PAGE); 210 e107_include_once(e_LANGUAGEDIR."English/lan_".e_PAGE); 211 if(e_QUERY == "preview.aftersignup") 212 { 213 require_once(HEADERF); 214 $srch = array("[sitename]","[email]"); 215 $repl = array(SITENAME,"<b>example@email.com</b>"); 216 217 if(trim($pref['signup_text_after'])) 218 { 219 $text = str_replace($srch,$repl,$tp->toHTML($pref['signup_text_after'], TRUE, 'parse_sc,defs'))."<br />"; 220 } 221 else 222 { 223 $LAN_AFTERSIGNUP = defined("LAN_SIGNUP_72") ? LAN_SIGNUP_72 : LAN_405; 224 $text = ($pref['user_reg_veri'] == 2) ? LAN_SIGNUP_37 : str_replace($srch,$repl,$LAN_AFTERSIGNUP); // Admin Approval / Email Approval 225 } 226 227 $caption_arr = array(); 228 $caption_arr[0] = LAN_406; // Thank you! (No Approval). 229 $caption_arr[1] = defined("LAN_SIGNUP_98") ? LAN_SIGNUP_98 : LAN_406; // Confirm Email (Email Confirmation) 230 $caption_arr[2] = defined("LAN_SIGNUP_100") ? LAN_SIGNUP_100 : LAN_406; // Approval Pending (Admin Approval) 231 $caption = $caption_arr[$pref['user_reg_veri']]; 232 233 $ns->tablerender($caption, $text); 234 require_once(FOOTERF); 235 exit; 236 } 237 238 $eml = render_email(TRUE); 239 echo $eml['preview']; 240 241 if(e_QUERY == "test") 242 { 243 require_once(e_HANDLER."mail.php"); 244 $message = $eml['message']; 245 $subj = $eml['subject']; 246 $inline = $eml['inline-images']; 247 $Cc = $eml['cc']; 248 $Bcc = $eml['bcc']; 249 $attachments = $eml['attachments']; 250 251 if(!sendemail(USEREMAIL, $subj, $message, USERNAME, "", "", $attachments, $Cc, $Bcc, $returnpath, $returnreceipt,$inline)) 252 { 253 echo "<br /><br /><br /><br > >> ".LAN_SIGNUP_42; // there was a problem. 254 } 255 else 256 { 257 echo "<br /><br /> >> ".LAN_SIGNUP_43." [ ".USEREMAIL." ] - ".LAN_SIGNUP_45; 258 } 259 } 260 exit; 261 } 262 263 if ($pref['membersonly_enabled']) 264 { 265 $HEADER = "<div style='text-align:center; width:100%;margin-left:auto;margin-right:auto;text-align:center'><div style='width:70%;text-align:center;margin-left:auto;margin-right:auto'><br />"; 266 if (file_exists(THEME."images/login_logo.png")) 267 { 268 $HEADER .= "<img src='".THEME."images/login_logo.png' alt='' />\n"; 269 } 270 else 271 { 272 $HEADER .= "<img src='".e_IMAGE."logo.png' alt='' />\n"; 273 } 274 $HEADER .= "<br />"; 275 $FOOTER = "</div></div>"; 276 } 277 278 if($signup_imagecode) 279 { 280 require_once(e_HANDLER."secure_img_handler.php"); 281 $sec_img = new secure_image; 282 } 283 284 if($pref['user_reg'] == 0) 285 { 286 header("location: ".e_HTTP."index.php"); 287 exit; 288 } 289 290 if(USER) 291 { 292 header("location: ".e_HTTP."index.php"); 293 exit; 294 } 295 296 // After clicking the activation link ------------------------- 297 if (e_QUERY) 298 { 299 $qs = explode(".", e_QUERY); 300 if ($qs[0] == "activate" && (count($qs) == 3 || count($qs) == 4) && $qs[2]) 301 { 302 // return the message in the correct language. 303 if($qs[3] && strlen($qs[3]) == 2 ) 304 { 305 require_once(e_HANDLER."language_class.php"); 306 $slng = new language; 307 $the_language = $slng->convert($qs[3]); 308 if(is_readable(e_LANGUAGEDIR.$the_language."/lan_signup.php")) 309 { 310 include(e_LANGUAGEDIR.$the_language."/lan_signup.php"); 311 } 312 else 313 { 314 require_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_signup.php"); 315 } 316 } 317 else 318 { 319 include_lan(e_LANGUAGEDIR.e_LANGUAGE."/lan_signup.php"); 320 } 321 322 323 $e107cache->clear("online_menu_totals"); 324 if ($sql->db_Select("user", "*", "user_sess='".$tp -> toDB($qs[2], true)."' ")) 325 { 326 if ($row = $sql->db_Fetch()) 327 { 328 $sql->db_Update("user", "user_ban='0', user_sess='' WHERE user_sess='".$tp -> toDB($qs[2], true)."' "); 329 $e_event->trigger("userveri", $row); 330 require_once(HEADERF); 331 $text = LAN_401." <a href='index.php'>".LAN_SIGNUP_22."</a> ".LAN_SIGNUP_23."<br />".LAN_SIGNUP_24." ".SITENAME; 332 $ns->tablerender(LAN_402, $text); 333 require_once(FOOTERF); 334 exit; 335 } 336 } 337 else 338 { 339 header("location: ".e_BASE."index.php"); 340 exit; 341 } 342 } 343 } 344 345 346 if (isset($_POST['register'])) 347 { 348 $_POST['xupexist'] = trim(varset($_POST['xupexist'],'')); 349 $e107cache->clear("online_menu_totals"); 350 $error_message = ""; 351 require_once(e_HANDLER."message_handler.php"); 352 if (isset($_POST['rand_num']) && $signup_imagecode && !$_POST['xupexist'] ) 353 { 354 if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) 355 { 356 $error_message .= LAN_SIGNUP_3."\\n"; 357 $error = TRUE; 358 } 359 } 360 361 if($invalid = $e_event->trigger("usersup_veri", $_POST)) 362 { 363 $error_message .= $invalid."\\n"; 364 $error = TRUE; 365 } 366 367 if(varsettrue($pref['xup_enabled']) && $_POST['xupexist']) 368 { 369 require_once(e_HANDLER."xml_class.php"); 370 $xml = new parseXml; 371 if(!$rawData = $xml -> getRemoteXmlFile($_POST['xupexist'])) 372 { 373 echo "Error: Unable to open remote XUP file"; 374 } 375 preg_match_all("#\<meta name=\"(.*?)\" content=\"(.*?)\" \/\>#si", $rawData, $match); 376 $count = 0; 377 foreach($match[1] as $value) 378 { 379 $xup[$value] = $match[2][$count]; 380 $count++; 381 } 382 383 $_POST['name'] = $xup['NICKNAME']; 384 $_POST['email'] = $xup['EMAIL']; 385 $_POST['email_confirm'] = $xup['EMAIL']; 386 $_POST['signature'] = $xup['SIG']; 387 $_POST['hideemail'] = $xup['EMAILHIDE']; 388 $_POST['timezone'] = $xup['TZ']; 389 $_POST['realname'] = $xup['FN']; 390 $_POST['image'] = $xup['AV']; 391 392 $_POST['ue']['user_homepage'] = $xup['URL']; 393 $_POST['ue']['user_icq'] = $xup['ICQ']; 394 $_POST['ue']['user_aim'] = $xup['AIM']; 395 $_POST['ue']['user_msn'] = $xup['MSN']; 396 $_POST['ue']['user_yahoo'] = $xup['YAHOO']; 397 $_POST['ue']['user_location'] = $xup['GEO']; 398 $_POST['ue']['user_birthday'] = $xup['BDAY']; 399 400 unset($xup); 401 } 402 if($_POST['loginnamexup']) $_POST['loginname'] = $_POST['loginnamexup']; 403 if($_POST['password1xup']) $_POST['password1'] = $_POST['password1xup']; 404 if($_POST['password2xup']) $_POST['password2'] = $_POST['password2xup']; 405 406 // Strip most invalid characters now %*|/| |\#|\=|\$% 407 // another option would be /[^\w\pL\.]/u (non latin words) 408 409 // /[\^\*\|\/;:#=\$'!#`\s\(\)%\?<>\\{}~@] // check for invalid characters 410 // [^a-z0-9_\.] this is not multi-language compatible 411 412 //$temp_name = trim(preg_replace("/[\^\*\|\/;:#=\$'!#`\s\(\)%\?<>\\{}~@]/", "", strip_tags($_POST['loginname']))); 413 $temp_name = str_replace('--', '', trim(preg_replace("/[\^\*\|\/;:#=\$'\"!#`\s\(\)%\?<>\\{}]/", '', strip_tags($_POST['loginname'])))); 414 if ($temp_name != $_POST['loginname']) 415 { 416 $error_message .= LAN_409."\\n"; 417 $error = TRUE; 418 } 419 $_POST['loginname'] = $temp_name; 420 421 if ((strcasecmp($_POST['loginname'],"Anonymous") == 0) || (strcasecmp($_POST['loginname'],LAN_ANONYMOUS) == 0)) 422 { 423 $error_message .= LAN_103."\\n"; 424 $error = TRUE; 425 } 426 427 428 // Use LoginName for DisplayName if restricted **** MOVED FORWARD **** 429 if (!check_class($pref['displayname_class'])) 430 { 431 $_POST['name'] = $_POST['loginname']; 432 } 433 434 435 // Impose a minimum length on display name 436 $_POST['name'] = trim($_POST['name']); 437 if (strlen($_POST['name']) < 2) 438 { 439 $error_message .= LAN_SIGNUP_56."\\n"; 440 $error = TRUE; 441 } 442 443 global $db_debug; 444 // Check for disallowed names. 445 if(varsettrue($pref['signup_disallow_text'])) 446 { 447 $tmp = explode(",", $pref['signup_disallow_text']); 448 if (E107_DEBUG_LEVEL) $db_debug->log('disallowed ('.count($tmp).'), like "'.$tmp[0].'"'); 449 foreach($tmp as $disallow) 450 { 451 if( strstr($_POST['name'], $disallow) || strstr($_POST['loginname'], $disallow) ){ 452 $error_message .= LAN_103."\\n"; 453 $error = TRUE; 454 } 455 } 456 } 457 458 // Check if form maxlength has been bypassed (need to allow 100 chars for both here - can have display name and login name the same, and want an error message) 459 if ( strlen($_POST['name']) > 100 || strlen($_POST['loginname']) > 100) 460 { 461 exit; 462 } 463 464 // Check if display name exceeds maximum allowed length 465 if (strlen($_POST['name']) > varset($pref['displayname_maxlength'],15)) 466 { 467 $error_message .= LAN_SIGNUP_55."\\n"; 468 $error = TRUE; 469 } 470 471 // Check if login name exceeds maximum allowed length 472 if (strlen($_POST['loginname']) > varset($pref['loginname_maxlength'],30)) 473 { 474 $error_message .= LAN_SIGNUP_57."\\n"; 475 $error = TRUE; 476 } 477 478 // Display Name exists. 479 if ($sql->db_Select("user", "*", "user_name='".$tp -> toDB($_POST['name'])."'")) 480 { 481 $error_message .= LAN_411.": ".$tp -> toDB($_POST['name'])."\\n"; 482 $error = TRUE; 483 } 484 // Login Name exists 485 if ($sql->db_Select("user", "*", "user_loginname='".$tp -> toDB($_POST['loginname'])."' ")) 486 { 487 $error_message .= LAN_104.": ".$tp -> toDB($_POST['loginname'])."\\n"; 488 $error = TRUE; 489 } 490 491 492 // check for multiple signups from the same IP address. 493 if($ipcount = $sql->db_Select("user", "*", "user_ip='".$e107->getip()."' and user_ban !='2' ")) 494 { 495 if($ipcount >= $pref['signup_maxip'] && trim($pref['signup_maxip']) != "") 496 { 497 $error_message .= LAN_202."\\n"; 498 $error = TRUE; 499 $admin_log->log_event(LAN_SIGNUP_102,LAN_SIGNUP_103.$e107->getip(),4); 500 } 501 } 502 503 // Check password fields are matching. 504 if ($_POST['password1'] != $_POST['password2']) 505 { 506 $error_message .= LAN_105."\\n"; 507 $error = TRUE; 508 $password1 = ""; 509 $password2 = ""; 510 } 511 512 513 // Email address confirmation. 514 $email_address_OK = TRUE; 515 if ($_POST['email'] != $_POST['email_confirm']) 516 { 517 $error_message .= LAN_SIGNUP_38."\\n"; 518 $error = TRUE; 519 $email = ""; 520 $email_confirm = ""; 521 $email_address_OK = FALSE; 522 } 523 524 // Always validate an email address if entered. If its blank, that's OK if checking disabled 525 $_POST['email'] = $tp->toDB(trim(varset($_POST['email'],''))); 526 $do_email_validate = !varset($pref['disable_emailcheck'],FALSE) || ($_POST['email'] !=''); 527 528 529 // Password length check. 530 if (trim(strlen($_POST['password1'])) < $pref['signup_pass_len']) 531 { 532 $error_message .= LAN_SIGNUP_4.$pref['signup_pass_len'].LAN_SIGNUP_5."\\n"; 533 $error = TRUE; 534 $password1 = ""; 535 $password2 = ""; 536 } 537 538 // Check for emtpy fields 539 if (trim($_POST['name']) == "" || trim($_POST['loginname']) == "" || trim($_POST['password1']) == "" || trim($_POST['password2']) == "") 540 { 541 $error_message .= LAN_185."\\n"; 542 $error = TRUE; 543 } 544 545 546 // ========== Verify Custom Signup options if selected ======================== 547 $signup_option_title = array(LAN_308, LAN_120, LAN_121, LAN_122, LAN_SIGNUP_28); 548 $signup_option_names = array("realname", "signature", "image", "timezone", "class"); 549 550 foreach($signup_option_names as $key => $value) 551 { 552 if ($pref['signup_option_'.$value] == 2 && !$_POST[$value]) 553 { 554 $error_message .= LAN_SIGNUP_6.$signup_option_title[$key].LAN_SIGNUP_7."\\n"; 555 $error = TRUE; 556 } 557 } 558 559 560 // Split up an email address to check for banned domains. 561 // Return false if invalid address 562 function make_email_query($email, $fieldname = 'banlist_ip') 563 { 564 global $tp; 565 $tmp = strtolower($tp -> toDB(trim(substr($email, strrpos($email, "@")+1)))); 566 if ($tmp == '') return FALSE; 567 if (strpos($tmp,'.') === FALSE) return FALSE; 568 $em = array_reverse(explode('.',$tmp)); 569 $line = ''; 570 $out = array($fieldname."='*@{$tmp}'"); // First element looks for domain as email address 571 foreach ($em as $e) 572 { 573 $line = '.'.$e.$line; 574 $out[] = $fieldname."='*{$line}'"; 575 } 576 return implode(' OR ',$out); 577 } 578 579 //-------------------------------------- 580 // Email address checks 581 //-------------------------------------- 582 // Email syntax validation. 583 if ($do_email_validate) 584 { 585 if (!$_POST['email'] || !check_email($_POST['email'])) 586 { 587 $error_message .= LAN_106."\\n"; 588 $error = TRUE; 589 $email_address_OK = FALSE; 590 } 591 else 592 { 593 // Check Email against banlist. 594 $wc = make_email_query($_POST['email']); 595 if ($wc) $wc = ' OR '.$wc; 596 597 if (($wc === FALSE) || ($do_email_validate && $sql->db_Select("banlist", "*", "banlist_ip='".$_POST['email']."'".$wc))) 598 { 599 $email_address_OK = FALSE; 600 $brow = $sql -> db_Fetch(); 601 $error = TRUE; 602 if($brow['banlist_reason']) 603 { 604 $repl = array("\n","\r","<br />"); 605 $error_message = str_replace($repl,"\\n",$tp->toHTML($brow['banlist_reason'],"","nobreak, defs"))."\\n"; 606 $email = ""; 607 } 608 else 609 { 610 exit; 611 } 612 } 613 } 614 } 615 616 // Check email address on remote server (if enabled) - but only if previous checks passed. 617 if ($do_email_validate && $email_address_OK && varsettrue($pref['signup_remote_emailcheck']) && $error != TRUE) 618 { 619 require_once(e_HANDLER."mail_validation_class.php"); 620 list($adminuser,$adminhost) = split ("@", SITEADMINEMAIL); 621 $validator = new email_validation_class; 622 $validator->localuser= $adminuser; 623 $validator->localhost= $adminhost; 624 $validator->timeout=3; 625 // $validator->debug=1; 626 // $validator->html_debug=1; 627 if($validator->ValidateEmailBox(trim($_POST['email'])) != 1) 628 { 629 $email_address_OK = FALSE; 630 $error_message .= LAN_106."\\n"; 631 $error = TRUE; 632 $email = ""; 633 $email_confirm = ""; 634 } 635 } 636 637 // Check for Duplicate Email address - but only if previous checks passed. 638 if ($do_email_validate && $email_address_OK && $sql->db_Select("user", "user_email, user_ban, user_sess", "user_email='".$_POST['email']."' ")) 639 { 640 $chk = $sql -> db_Fetch(); 641 if($chk['user_ban']== 2 && $chk['user_sess']) 642 { // duplicate because unactivated 643 $error = TRUE; 644 header("Location: ".e_BASE."signup.php?resend"); 645 exit; 646 } 647 else 648 { 649 $email_address_OK = FALSE; 650 $error_message .= LAN_408."\\n"; 651 $error = TRUE; 652 } 653 } 654 655 656 657 658 /** 659 * Does some basic checks on a string claiming to represent an off-site image 660 * 661 * @param string $imageName 662 * 663 * @return boolean|string FALSE for unacceptable, potentially modified string if acceptable 664 */ 665 function checkRemoteImage($imageName) 666 { 667 $newImageName = trim(str_replace(array('\'', '"', '(', ')'), '', $imageName)); // Strip invalid characters 668 if ($imageName != $newImageName) 669 { 670 return FALSE; 671 } 672 if (!preg_match('#(?:localhost|\..{2,6})\/.+\.(?:jpg|jpeg|png|svg|gif)$#i', $newImageName)) 673 { 674 return FALSE; 675 } 676 return $newImageName; 677 } 678 679 680 // Avatar validation (already checked if compulsory field not filled in) 681 $avName = varset($_POST['image'], ''); 682 $_POST['image'] = ''; 683 if ((varset($pref['signup_option_image'],0) > 0) && $avName) 684 { 685 $avmsg = ''; 686 $avName = str_replace(array('\'', '"', '(', ')'), '', $avName); // these are invalid anyway, so why allow them? (XSS Fix) 687 if (strpos($avName, '/') !== FALSE) 688 { // Assume an off-site image 689 $avFullName = $avName = checkRemoteImage($avName); 690 if ($avName === FALSE) 691 { 692 $avmsg = LAN_SIGNUP_104; 693 } 694 } 695 else 696 { // Its one of the standard choices 697 $avName = $tp -> toDB($avName); 698 $avFullName = e_IMAGE.'avatars/'.$avName; 699 if (!is_readable($avFullName)) 700 { 701 $avmsg = LAN_SIGNUP_60; // Error accessing avatar 702 } 703 } 704 if (!$avmsg && ($size = getimagesize($avFullName))) 705 { 706 $avwidth = $size[0]; 707 $avheight = $size[1]; 708 709 $pref['im_width'] = varset($pref['im_width'], 120); 710 $pref['im_height'] = varset($pref['im_height'], 100); 711 if ($avwidth > $pref['im_width']) 712 { 713 $avmsg .= LAN_USET_1." ({$avwidth})<br />".LAN_USET_2.": {$pref['im_width']}<br /><br />"; 714 } 715 if ($avheight > $pref['im_height']) 716 { 717 $avmsg .= LAN_USET_3." ({$avheight})<br />".LAN_USET_4.": {$pref['im_height']}"; 718 } 719 } 720 else 721 { 722 $avmsg = LAN_SIGNUP_60; // Error accessing avatar 723 } 724 if ($avmsg) 725 { 726 $error_message .= $avmsg; 727 $error = TRUE; 728 } 729 else 730 { 731 $_POST['image'] = $avName; 732 } 733 } 734 735 736 // Extended Field validation 737 $extList = $usere->user_extended_get_fieldList(); 738 $eufVals = array(); 739 740 foreach($extList as $ext) 741 { 742 $eufName = 'user_'.$ext['user_extended_struct_name']; 743 if(isset($_POST['ue'][$eufName]) || ($ext['user_extended_struct_required'] == 1)) 744 { 745 $newval = trim(varset($_POST['ue'][$eufName],'')); 746 // echo "Vetting field ".'user_'.$ext['user_extended_struct_name'].": {$newval} = ".trim($_POST['ue']['user_'.$ext['user_extended_struct_name']])."<br />"; 747 if($ext['user_extended_struct_required'] == 1 && (($newval == "") || (($ext['user_extended_struct_type'] == 7) && ($newval == '0000-00-00')) )) 748 { // Required field not present 749 $_ftext = (defined($ext['user_extended_struct_text']) ? constant($ext['user_extended_struct_text']) : $ext['user_extended_struct_text']); 750 $error_message .= LAN_SIGNUP_6.$_ftext.LAN_SIGNUP_7."\\n"; 751 $error = TRUE; 752 } 753 else 754 { 755 $parms = explode("^,^", $ext['user_extended_struct_parms']); 756 $regex = (isset($parms[1]) ? $tp->toText($parms[1]) : ""); 757 $regexfail = (isset($parms[2]) ? trim($tp->toText($parms[2])) : ""); 758 759 if($regexfail == "") 760 { 761 $regexfail = $ext['user_extended_struct_name']." ".LAN_SIGNUP_53; 762 } 763 764 if(defined($regexfail)) {$regexfail = constant($regexfail);} 765 766 if($regex != "" && $newval != "" && !preg_match($regex, $newval)) 767 { 768 $error_message .= $regexfail."\\n"; 769 $error = TRUE; 770 } 771 else 772 { 773 $eufVals[$eufName] = $newval; 774 } 775 } 776 } 777 } 778 779 780 if($error_message) 781 { 782 require_once(HEADERF); 783 message_handler("P_ALERT", $error_message); 784 $error_message = ''; 785 } 786 787 // ========== End of verification.. ==================================================== 788 789 if (!$error) 790 { 791 $fp = new floodprotect; 792 if ($fp->flood("user", "user_join") == FALSE) 793 { 794 header("location:".e_BASE."index.php"); 795 exit; 796 } 797 798 if ($_POST['email'] && $sql->db_Select("user", "*", "user_email='".$_POST['email']."' AND user_ban='1'")) 799 { 800 exit; 801 } 802 803 $username = $tp -> toDB(strip_tags($_POST['name'])); 804 $loginname = $tp -> toDB(strip_tags($_POST['loginname'])); 805 $time = time(); 806 $ip = $e107->getip(); 807 808 $ue_fields = ""; 809 if (count($eufVals)) 810 { 811 foreach($eufVals as $key => $val) // We've already ensured only valid keys here 812 { 813 $key = $tp->toDB($key); 814 $val = $tp->toDB($val); 815 $ue_fields .= ($ue_fields) ? ", " : ""; 816 $ue_fields .= $key."='".$val."'"; 817 } 818 } 819 820 $u_key = md5(uniqid(rand(), 1)); 821 $nid = $sql->db_Insert("user", "0, '{$username}', '{$loginname}', '', '".md5($_POST['password1'])."', '{$u_key}', '".$_POST['email']."', '".$tp -> toDB($_POST['signature'])."', '".$tp -> toDB($_POST['image'])."', '".$tp -> toDB($_POST['timezone'])."', '".$tp -> toDB($_POST['hideemail'])."', '".$time."', '0', '".$time."', '0', '0', '0', '0', '".$ip."', '2', '0', '', '', '0', '0', '".$tp -> toDB($_POST['realname'])."', '', '', '', '0', '".$tp -> toDB($_POST['xupexist'])."' "); 822 if(!$nid) 823 { 824 require_once(HEADERF); 825 $ns->tablerender("", LAN_SIGNUP_36); 826 require_once(FOOTERF); 827 } 828 829 830 if ($pref['user_reg_veri']) 831 { 832 // ==== Update Userclass =======> 833 834 if ($_POST['class']) 835 { 836 unset($insert_class); 837 sort($_POST['class']); 838 $insert_class = implode(",",$_POST['class']); 839 $sql->db_Update("user", "user_class='".$tp -> toDB($insert_class)."' WHERE user_id='".$nid."' "); 840 } 841 842 // ========= save extended fields into db table. ===== 843 844 if($ue_fields) 845 { 846 $sql->db_Select_gen("INSERT INTO #user_extended (user_extended_id) values ('{$nid}')"); 847 $sql->db_Update("user_extended", $ue_fields." WHERE user_extended_id = '{$nid}'"); 848 } 849 850 // ========== Send Email =========> 851 852 if (($pref['user_reg_veri'] != 2) && $_POST['email']) // Don't send if email address blank - means that its not compulsory 853 { 854 $eml = render_email(); 855 $mailheader_e107id = $eml['userid']; 856 require_once(e_HANDLER."mail.php"); 857 858 859 if(!sendemail($_POST['email'], $eml['subject'], $eml['message'], "", "", "", $eml['attachments'], $eml['cc'], $eml['bcc'], "", "", $eml['inline-images'])) 860 { 861 $error_message = LAN_SIGNUP_42; // There was a problem, the registration mail was not sent, please contact the website administrator. 862 } 863 } 864 865 $_POST['ip'] = $ip; 866 $_POST['user_id'] = $nid; 867 $e_event->trigger("usersup", $_POST); // send everything in the template, including extended fields. 868 869 require_once(HEADERF); 870 871 $srch = array("[sitename]","[email]"); 872 $repl = array(SITENAME,"<b>".$_POST['email']."</b>"); 873 874 if(trim($pref['signup_text_after'])) 875 { 876 $text = str_replace($srch,$repl,$tp->toHTML($pref['signup_text_after'], TRUE, 'parse_sc,defs'))."<br />"; 877 } 878 else 879 { 880 $LAN_AFTERSIGNUP = defined("LAN_SIGNUP_72") ? LAN_SIGNUP_72 : LAN_405; 881 $text = ($pref['user_reg_veri'] == 2) ? LAN_SIGNUP_37 : str_replace($srch,$repl,$LAN_AFTERSIGNUP); // Admin Approval / Email Approval 882 } 883 884 $caption_arr = array(); 885 $caption_arr[0] = LAN_406; // Thank you! (No Approval). 886 $caption_arr[1] = defined("LAN_SIGNUP_98") ? LAN_SIGNUP_98 : LAN_406; // Confirm Email (Email Confirmation) 887 $caption_arr[2] = defined("LAN_SIGNUP_100") ? LAN_SIGNUP_100 : LAN_406; // Approval Pending (Admin Approval) 888 $caption = $caption_arr[$pref['user_reg_veri']]; 889 890 if($error_message) 891 { 892 $text = "<br /><b>".$error_message."</b><br />"; // Just display the error message 893 $caption = defined("LAN_SIGNUP_99") ? LAN_SIGNUP_99 : LAN_406; // Problem Detected // Default for backwards compat. 894 } 895 896 $ns->tablerender($caption, $text); 897 require_once(FOOTERF); 898 exit; 899 } 900 else 901 { 902 require_once(HEADERF); 903 904 if(!$sql -> db_Select("user", "user_id", "user_name='{$username}' AND user_password='".md5($_POST['password1'])."'")) 905 { 906 $ns->tablerender("", LAN_SIGNUP_36); 907 require_once(FOOTERF); 908 exit; 909 } 910 $sql->db_Update("user", "user_ban = '0' WHERE user_id = '{$nid}'"); 911 912 // ==== Update Userclass ======= 913 if ($_POST['class']) 914 { 915 unset($insert_class); 916 sort($_POST['class']); 917 $insert_class = implode(",",$_POST['class']); 918 $sql->db_Update("user", "user_class='".$tp -> toDB($insert_class)."' WHERE user_id='".$nid."' "); 919 } 920 // ======== save extended fields to DB table. 921 922 if($ue_fields) 923 { 924 $sql->db_Select_gen("INSERT INTO #user_extended (user_extended_id) values ('{$nid}')"); 925 $sql->db_Update("user_extended", $ue_fields." WHERE user_extended_id = '{$nid}'"); 926 } 927 928 // ========================================================== 929 $_POST['ip'] = $ip; 930 $_POST['user_id'] = $nid; 931 $e_event->trigger("usersup", $_POST); // send everything in the template, including extended fields. 932 933 if($pref['signup_text_after']) 934 { 935 $text = $tp->toHTML($pref['signup_text_after'], TRUE, 'parse_sc,defs')."<br />"; 936 } 937 else 938 { 939 $text = LAN_107." ".SITENAME.", ".LAN_SIGNUP_12."<br /><br />".LAN_SIGNUP_13; 940 } 941 $ns->tablerender(LAN_SIGNUP_8,$text); 942 require_once(FOOTERF); 943 exit; 944 } 945 } 946 947 } 948 require_once(HEADERF); 949 950 $qs = ($error ? "stage" : e_QUERY); 951 if ($pref['use_coppa'] == 1 && strpos($qs, "stage") === FALSE) 952 { 953 $text = $tp->parseTemplate($COPPA_TEMPLATE, TRUE, $signup_shortcodes); 954 $ns->tablerender(LAN_110, $text); 955 require_once(FOOTERF); 956 exit; 957 } 958 959 if (!$website) 960 { 961 $website = "http://"; 962 } 963 964 if ($qs == 'stage1' && $pref['use_coppa'] == 1) 965 { 966 if(isset($_POST['newver'])) 967 { 968 if(!varsettrue($_POST['coppa'])) 969 { 970 $text = $tp->parseTemplate($COPPA_FAIL); 971 $ns->tablerender(LAN_110, $text); 972 require_once(FOOTERF); 973 exit; 974 } 975 } 976 else 977 { 978 header('Location: '.e_BASE.'signup.php'); 979 exit; 980 } 981 } 982 983 require_once(e_HANDLER."form_handler.php"); 984 $rs = new form; 985 986 987 $text = $tp->parseTemplate($SIGNUP_BEGIN.$SIGNUP_BODY.$SIGNUP_END, TRUE, $signup_shortcodes); 988 $ns->tablerender(LAN_123, $text); 989 require_once(FOOTERF); 990 exit; 991 992 // Default Signup Form -----> 993 994 $ns->tablerender(LAN_123, $text); 995 996 require_once(FOOTERF); 997 998 //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------// 999 1000 function req($field) 1001 { 1002 return ($field == 2 ? REQUIRED_FIELD_MARKER : ""); 1003 } 1004 //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------// 1005 1006 function headerjs() 1007 { 1008 $script_txt = " 1009 <script type=\"text/javascript\"> 1010 function addtext3(sc){ 1011 document.getElementById('signupform').image.value = sc; 1012 } 1013 1014 function addsig(sc){ 1015 document.getElementById('signupform').signature.value += sc; 1016 } 1017 function help(help){ 1018 document.getElementById('signupform').helpb.value = help; 1019 } 1020 </script>\n"; 1021 1022 global $cal; 1023 $script_txt .= $cal->load_files(); 1024 return $script_txt; 1025 } 1026 1027 1028 function render_email($preview = FALSE) 1029 { 1030 // 1 = Body 1031 // 2 = Subject 1032 1033 global $pref,$nid,$u_key,$_POST,$SIGNUPEMAIL_LINKSTYLE,$SIGNUPEMAIL_SUBJECT,$SIGNUPEMAIL_TEMPLATE; 1034 1035 if($preview == TRUE) 1036 { 1037 $_POST['password1'] = "test-password"; 1038 $_POST['loginname'] = "test-loginname"; 1039 $_POST['name'] = "test-username"; 1040 $_POST['website'] = "www.test-site.com"; 1041 $nid = 0; 1042 $u_key = "1234567890ABCDEFGHIJKLMNOP"; 1043 } 1044 1045 define("RETURNADDRESS", (substr(SITEURL, -1) == "/" ? SITEURL."signup.php?activate.".$nid.".".$u_key : SITEURL."/signup.php?activate.".$nid.".".$u_key.".".e_LAN)); 1046 $pass_show = ($pref['user_reg_secureveri'])? "*******" : $_POST['password1']; 1047 1048 if (file_exists(THEME."email_template.php")) 1049 { 1050 require_once(THEME."email_template.php"); 1051 } 1052 else 1053 { 1054 require_once(e_THEME."templates/email_template.php"); 1055 } 1056 1057 $inline_images = explode(",",$SIGNUPEMAIL_IMAGES); 1058 if($SIGNUPEMAIL_BACKGROUNDIMAGE) 1059 { 1060 $inline_images[] = $SIGNUPEMAIL_BACKGROUNDIMAGE; 1061 } 1062 1063 $ret['userid'] = $nid; 1064 $ret['cc'] = $SIGNUPEMAIL_CC; 1065 $ret['bcc'] = $SIGNUPEMAIL_BCC; 1066 $ret['attachments'] = $SIGNUPEMAIL_ATTACHMENTS; 1067 $ret['inline-images'] = implode(",",$inline_images); 1068 1069 $style = ($SIGNUPEMAIL_LINKSTYLE) ? "style='$SIGNUPEMAIL_LINKSTYLE'" : ""; 1070 1071 $search[0] = "{LOGINNAME}"; 1072 $replace[0] = $_POST['loginname']; 1073 1074 $search[1] = "{PASSWORD}"; 1075 $replace[1] = $pass_show; 1076 1077 $search[2] = "{ACTIVATION_LINK}"; 1078 $replace[2] = "<a href='".RETURNADDRESS."' $style>".RETURNADDRESS."</a>"; 1079 1080 $search[3] = "{SITENAME}"; 1081 $replace[3] = SITENAME; 1082 1083 $search[4] = "{SITEURL}"; 1084 $replace[4] = "<a href='".SITEURL."' $style>".SITEURL."</a>"; 1085 1086 $search[5] = "{USERNAME}"; 1087 $replace[5] = $_POST['name']; 1088 1089 $search[6] = "{USERURL}"; 1090 $replace[6] = ($_POST['website']) ? $_POST['website'] : ""; 1091 1092 $cnt=1; 1093 1094 foreach($inline_images as $img) 1095 { 1096 if(is_readable($inline_images[$cnt-1])) 1097 { 1098 $cid_search[] = "{IMAGE".$cnt."}"; 1099 $cid_replace[] = "<img alt=\"".SITENAME."\" src='cid:".md5($inline_images[$cnt-1])."' />\n"; 1100 $path_search[] = "{IMAGE".$cnt."}"; 1101 $path_replace[] = "<img alt=\"".SITENAME."\" src=\"".$inline_images[$cnt-1]."\" />\n"; 1102 } 1103 $cnt++; 1104 } 1105 1106 $subject = str_replace($search,$replace,$SIGNUPEMAIL_SUBJECT); 1107 $ret['subject'] = $subject; 1108 1109 $HEAD = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n"; 1110 $HEAD .= "<html xmlns='http://www.w3.org/1999/xhtml' >\n"; 1111 $HEAD .= "<head><meta http-equiv='content-type' content='text/html; charset=utf-8' />\n"; 1112 $HEAD .= ($SIGNUPEMAIL_USETHEME == 1) ? "<link rel=\"stylesheet\" href=\"".SITEURL.THEME."style.css\" type=\"text/css\" />\n" : ""; 1113 $HEAD .= ($preview) ? "<title>".LAN_SIGNUP_58."</title>\n" : ""; 1114 if($SIGNUPEMAIL_USETHEME == 2) 1115 { 1116 $CSS = file_get_contents(THEME."style.css"); 1117 $HEAD .= "<style>\n".$CSS."\n</style>"; 1118 } 1119 1120 $HEAD .= "</head>\n"; 1121 if($SIGNUPEMAIL_BACKGROUNDIMAGE) 1122 { 1123 $HEAD .= "<body background=\"cid:".md5($SIGNUPEMAIL_BACKGROUNDIMAGE)."\" >\n"; 1124 } 1125 else 1126 { 1127 $HEAD .= "<body>\n"; 1128 } 1129 $FOOT = "\n</body>\n</html>\n"; 1130 1131 $SIGNUPEMAIL_TEMPLATE = $HEAD.$SIGNUPEMAIL_TEMPLATE.$FOOT; 1132 $message = str_replace($search,$replace,$SIGNUPEMAIL_TEMPLATE); 1133 1134 $ret['message'] = str_replace($cid_search,$cid_replace,$message); 1135 $ret['preview'] = str_replace($path_search,$path_replace,$message); 1136 1137 return $ret; 1138 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon Mar 12 16:28:38 2012 | Cross Reference PHPXref |