| [ Index ] |
PHP Cross Reference of E107 v0.7.22 code documentation |
[Summary view] [Print] [Text view]
1 <?php 2 /* 3 + ----------------------------------------------------------------------------+ 4 | e107 website system 5 | 6 | Steve Dunstan 2001-2002 7 | http://e107.org 8 | jalist@e107.org 9 | 10 | Released under the terms and conditions of the 11 | GNU General Public License (http://gnu.org). 12 | 13 | $URL: https://e107.svn.sourceforge.net/svnroot/e107/trunk/e107_0.7/signup.php $ 14 | $Id: signup.php 11541 2010-05-19 22:01:19Z secretr $ 15 +----------------------------------------------------------------------------+ 16 */ 17 18 require_once ("class2.php"); 19 $qs = explode(".", e_QUERY); 20 //@TODO what fix? 21 if($qs[0] != "activate"){ // multi-language fix. 22 e107_include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_signup.php"); 23 e107_include_once(e_LANGUAGEDIR."English/lan_signup.php"); 24 e107_include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_usersettings.php"); 25 } 26 27 include_once(e_HANDLER."user_extended_class.php"); 28 $usere = new e107_user_extended; 29 require_once(e_HANDLER."calendar/calendar_class.php"); 30 $cal = new DHTML_Calendar(true); 31 32 if (is_readable(THEME."signup_template.php")) { 33 require_once(THEME."signup_template.php"); 34 } else { 35 require_once(e_THEME."templates/signup_template.php"); 36 } 37 38 include_once(e_FILE."shortcode/batch/signup_shortcodes.php"); 39 40 $signup_imagecode = ($pref['signcode'] && extension_loaded("gd")); 41 42 // Resend Activation Email -------------------------------------------> 43 if(e_QUERY == "resend" && !USER && ($pref['user_reg_veri'] == 1)) 44 { 45 e107_include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_".e_PAGE); 46 e107_include_once(e_LANGUAGEDIR."English/lan_".e_PAGE); 47 require_once(HEADERF); 48 49 if(!$clean_email = check_email($tp -> toDB($_POST['resend_email']))) 50 { 51 $clean_email = "xxx"; 52 } 53 54 if(!$new_email = check_email($tp -> toDB($_POST['resend_newemail']))) 55 { 56 $new_email = FALSE; 57 } 58 59 if($_POST['submit_resend']) 60 { 61 if($_POST['resend_email'] && !$new_email && $sql->db_Select_gen("SELECT * FROM #user WHERE user_ban=0 AND user_sess='' AND (user_loginname= \"".$tp->toDB($_POST['resend_email'])."\" OR user_name = \"".$tp->toDB($_POST['resend_email'])."\" OR user_email = \"".$clean_email."\" ) ")) 62 { 63 $ns -> tablerender(LAN_SIGNUP_40,LAN_SIGNUP_41."<br />"); 64 require_once(FOOTERF); 65 exit; 66 } 67 68 if(trim($_POST['resend_password']) !="" && $new_email) 69 { 70 if($sql->db_Select("user", "user_id", "user_password = \"".md5($_POST['resend_password'])."\" AND user_ban=2 AND user_sess !='' LIMIT 1")) 71 { 72 $row = $sql -> db_Fetch(); 73 if($sql->db_Update("user", "user_email='".$new_email."' WHERE user_id = '".$row['user_id']."' LIMIT 1 ")) 74 { 75 $clean_email = $new_email; 76 } 77 } 78 else 79 { 80 require_once(e_HANDLER."message_handler.php"); 81 message_handler("ALERT",LAN_SIGNUP_52); // Incorrect Password. 82 } 83 } 84 85 86 if($sql->db_Select("user", "*", "(user_loginname = \"".$tp->toDB($_POST['resend_email'])."\" OR user_name = \"".$tp->toDB($_POST['resend_email'])."\" OR user_email = \"".$clean_email."\" ) AND user_ban=2 AND user_sess !='' LIMIT 1")) 87 { 88 $row = $sql -> db_Fetch(); 89 90 $_POST['password1'] = "xxxxxxxxx"; 91 $_POST['loginname'] = $row['user_loginname']; 92 $_POST['name'] = $row['user_name']; 93 $nid = $row['user_id']; 94 $u_key = $row['user_sess']; 95 96 $eml = render_email(); 97 $mailheader_e107id = $nid; 98 require_once(e_HANDLER."mail.php"); 99 100 /* 101 echo "Sending to: ".$row['user_email']; 102 require_once(FOOTERF); 103 exit; 104 */ 105 106 if(!sendemail($row['user_email'], $eml['subject'], $eml['message'], $row['user_name'], "", "", $eml['attachments'], $eml['cc'], $eml['bcc'], $returnpath, $returnreceipt,$eml['inline-images'])) 107 { 108 $ns -> tablerender(LAN_ERROR,LAN_SIGNUP_42); 109 require_once(FOOTERF); 110 exit; 111 } 112 else 113 { 114 $ns -> tablerender(LAN_SIGNUP_43,LAN_SIGNUP_44." ".$row['user_email']." - ".LAN_SIGNUP_45."<br /><br />"); 115 require_once(FOOTERF); 116 exit; 117 } 118 } 119 120 require_once(e_HANDLER."message_handler.php"); 121 message_handler("ALERT",LAN_106); // email not valid. 122 exit; 123 } 124 elseif(!$_POST['submit_resend']) 125 { 126 127 $text .= "<div style='text-align:center'> 128 <form method='post' action='".e_SELF."?resend' id='resend_form'> 129 <table style='".USER_WIDTH."' class='fborder'> 130 <tr> 131 <td class='forumheader3' style='text-align:right'>".LAN_SIGNUP_48."</td> 132 <td class='forumheader3'> 133 <input type='text' name='resend_email' class='tbox' size='50' style='max-width:80%' value='' maxlength='80' /> 134 </td> 135 </tr> 136 137 <tr> 138 <td class='forumheader3' colspan='2'>".LAN_SIGNUP_49."</td> 139 </tr> 140 <tr> 141 <td class='forumheader3' style='text-align:right;width:30%'>".LAN_SIGNUP_50."</td> 142 <td class='forumheader3'><input type='text' name='resend_newemail' class='tbox' size='50' style='max-width:80%' value='' maxlength='80' /></td> 143 </tr> 144 <tr> 145 <td class='forumheader3' style='text-align:right'>".LAN_SIGNUP_51."</td> 146 <td class='forumheader3'><input type='text' name='resend_password' class='tbox' size='50' style='max-width:80%' value='' maxlength='80' /></td> 147 </tr> 148 "; 149 150 $text .="<tr style='vertical-align:top'> 151 <td colspan='2' style='text-align:center' class='forumheader'>"; 152 $text .= "<input class='button' type='submit' name='submit_resend' value=\"".LAN_SIGNUP_47."\" />"; // resend activation email. 153 $text .= "</td> 154 </tr> 155 </table> 156 </form> 157 </div>"; 158 159 $ns -> tablerender(LAN_SIGNUP_47, $text); 160 require_once(FOOTERF); 161 exit; 162 } 163 164 exit; 165 } 166 167 // ------------------------------------------------------------------ 168 169 if(!$_POST) // Notice Removal. 170 { 171 172 $error = ""; 173 $text = " "; 174 $password1 = ""; 175 $password2 = ""; 176 $email = ""; // Used in shortcodes 177 $loginname = ""; 178 $realname = ""; 179 $user_timezone = ""; 180 $image = ""; 181 $avatar_upload = ""; 182 $photo_upload = ""; 183 $_POST['ue'] = ""; 184 $signature = ""; 185 } 186 187 if(ADMIN && (e_QUERY == "preview" || e_QUERY == "test" || e_QUERY == "preview.aftersignup")) 188 { 189 e107_include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_".e_PAGE); 190 e107_include_once(e_LANGUAGEDIR."English/lan_".e_PAGE); 191 if(e_QUERY == "preview.aftersignup") 192 { 193 require_once(HEADERF); 194 $srch = array("[sitename]","[email]"); 195 $repl = array(SITENAME,"<b>example@email.com</b>"); 196 197 if(trim($pref['signup_text_after'])) 198 { 199 $text = str_replace($srch,$repl,$tp->toHTML($pref['signup_text_after'], TRUE, 'parse_sc,defs'))."<br />"; 200 } 201 else 202 { 203 $LAN_AFTERSIGNUP = defined("LAN_SIGNUP_72") ? LAN_SIGNUP_72 : LAN_405; 204 $text = ($pref['user_reg_veri'] == 2) ? LAN_SIGNUP_37 : str_replace($srch,$repl,$LAN_AFTERSIGNUP); // Admin Approval / Email Approval 205 } 206 207 $caption_arr = array(); 208 $caption_arr[0] = LAN_406; // Thank you! (No Approval). 209 $caption_arr[1] = defined("LAN_SIGNUP_98") ? LAN_SIGNUP_98 : LAN_406; // Confirm Email (Email Confirmation) 210 $caption_arr[2] = defined("LAN_SIGNUP_100") ? LAN_SIGNUP_100 : LAN_406; // Approval Pending (Admin Approval) 211 $caption = $caption_arr[$pref['user_reg_veri']]; 212 213 $ns->tablerender($caption, $text); 214 require_once(FOOTERF); 215 exit; 216 } 217 218 $eml = render_email(TRUE); 219 echo $eml['preview']; 220 221 if(e_QUERY == "test") 222 { 223 require_once(e_HANDLER."mail.php"); 224 $message = $eml['message']; 225 $subj = $eml['subject']; 226 $inline = $eml['inline-images']; 227 $Cc = $eml['cc']; 228 $Bcc = $eml['bcc']; 229 $attachments = $eml['attachments']; 230 231 if(!sendemail(USEREMAIL, $subj, $message, USERNAME, "", "", $attachments, $Cc, $Bcc, $returnpath, $returnreceipt,$inline)) 232 { 233 echo "<br /><br /><br /><br > >> ".LAN_SIGNUP_42; // there was a problem. 234 } 235 else 236 { 237 echo "<br /><br /> >> ".LAN_SIGNUP_43." [ ".USEREMAIL." ] - ".LAN_SIGNUP_45; 238 } 239 } 240 exit; 241 } 242 243 if ($pref['membersonly_enabled']) 244 { 245 $HEADER = "<div style='text-align:center; width:100%;margin-left:auto;margin-right:auto;text-align:center'><div style='width:70%;text-align:center;margin-left:auto;margin-right:auto'><br />"; 246 if (file_exists(THEME."images/login_logo.png")) 247 { 248 $HEADER .= "<img src='".THEME."images/login_logo.png' alt='' />\n"; 249 } 250 else 251 { 252 $HEADER .= "<img src='".e_IMAGE."logo.png' alt='' />\n"; 253 } 254 $HEADER .= "<br />"; 255 $FOOTER = "</div></div>"; 256 } 257 258 if($signup_imagecode) 259 { 260 require_once(e_HANDLER."secure_img_handler.php"); 261 $sec_img = new secure_image; 262 } 263 264 if($pref['user_reg'] == 0) 265 { 266 header("location: ".e_HTTP."index.php"); 267 exit; 268 } 269 270 if(USER) 271 { 272 header("location: ".e_HTTP."index.php"); 273 exit; 274 } 275 276 // After clicking the activation link ------------------------- 277 if (e_QUERY) 278 { 279 $qs = explode(".", e_QUERY); 280 if ($qs[0] == "activate" && (count($qs) == 3 || count($qs) == 4) && $qs[2]) 281 { 282 // return the message in the correct language. 283 if($qs[3] && strlen($qs[3]) == 2 ) 284 { 285 require_once(e_HANDLER."language_class.php"); 286 $slng = new language; 287 $the_language = $slng->convert($qs[3]); 288 if(is_readable(e_LANGUAGEDIR.$the_language."/lan_signup.php")) 289 { 290 include(e_LANGUAGEDIR.$the_language."/lan_signup.php"); 291 } 292 else 293 { 294 require_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_signup.php"); 295 } 296 } 297 else 298 { 299 include_lan(e_LANGUAGEDIR.e_LANGUAGE."/lan_signup.php"); 300 } 301 302 303 $e107cache->clear("online_menu_totals"); 304 if ($sql->db_Select("user", "*", "user_sess='".$tp -> toDB($qs[2], true)."' ")) 305 { 306 if ($row = $sql->db_Fetch()) 307 { 308 $sql->db_Update("user", "user_ban='0', user_sess='' WHERE user_sess='".$tp -> toDB($qs[2], true)."' "); 309 $e_event->trigger("userveri", $row); 310 require_once(HEADERF); 311 $text = LAN_401." <a href='index.php'>".LAN_SIGNUP_22."</a> ".LAN_SIGNUP_23."<br />".LAN_SIGNUP_24." ".SITENAME; 312 $ns->tablerender(LAN_402, $text); 313 require_once(FOOTERF); 314 exit; 315 } 316 } 317 else 318 { 319 header("location: ".e_BASE."index.php"); 320 exit; 321 } 322 } 323 } 324 325 326 if (isset($_POST['register'])) 327 { 328 $_POST['xupexist'] = trim(varset($_POST['xupexist'],'')); 329 $e107cache->clear("online_menu_totals"); 330 $error_message = ""; 331 require_once(e_HANDLER."message_handler.php"); 332 if (isset($_POST['rand_num']) && $signup_imagecode && !$_POST['xupexist'] ) 333 { 334 if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) 335 { 336 $error_message .= LAN_SIGNUP_3."\\n"; 337 $error = TRUE; 338 } 339 } 340 341 if($invalid = $e_event->trigger("usersup_veri", $_POST)) 342 { 343 $error_message .= $invalid."\\n"; 344 $error = TRUE; 345 } 346 347 if(varsettrue($pref['xup_enabled']) && $_POST['xupexist']) 348 { 349 require_once(e_HANDLER."xml_class.php"); 350 $xml = new parseXml; 351 if(!$rawData = $xml -> getRemoteXmlFile($_POST['xupexist'])) 352 { 353 echo "Error: Unable to open remote XUP file"; 354 } 355 preg_match_all("#\<meta name=\"(.*?)\" content=\"(.*?)\" \/\>#si", $rawData, $match); 356 $count = 0; 357 foreach($match[1] as $value) 358 { 359 $xup[$value] = $match[2][$count]; 360 $count++; 361 } 362 363 $_POST['name'] = $xup['NICKNAME']; 364 $_POST['email'] = $xup['EMAIL']; 365 $_POST['email_confirm'] = $xup['EMAIL']; 366 $_POST['signature'] = $xup['SIG']; 367 $_POST['hideemail'] = $xup['EMAILHIDE']; 368 $_POST['timezone'] = $xup['TZ']; 369 $_POST['realname'] = $xup['FN']; 370 $_POST['image'] = $xup['AV']; 371 372 $_POST['ue']['user_homepage'] = $xup['URL']; 373 $_POST['ue']['user_icq'] = $xup['ICQ']; 374 $_POST['ue']['user_aim'] = $xup['AIM']; 375 $_POST['ue']['user_msn'] = $xup['MSN']; 376 $_POST['ue']['user_yahoo'] = $xup['YAHOO']; 377 $_POST['ue']['user_location'] = $xup['GEO']; 378 $_POST['ue']['user_birthday'] = $xup['BDAY']; 379 380 unset($xup); 381 } 382 if($_POST['loginnamexup']) $_POST['loginname'] = $_POST['loginnamexup']; 383 if($_POST['password1xup']) $_POST['password1'] = $_POST['password1xup']; 384 if($_POST['password2xup']) $_POST['password2'] = $_POST['password2xup']; 385 386 // Strip most invalid characters now %*|/| |\#|\=|\$% 387 // another option would be /[^\w\pL\.]/u (non latin words) 388 $temp_name = trim(preg_replace('#[^a-z0-9_\.]#i', "", strip_tags($_POST['loginname']))); 389 if ($temp_name != $_POST['loginname']) 390 { 391 $error_message .= LAN_409."\\n"; 392 $error = TRUE; 393 } 394 $_POST['loginname'] = $temp_name; 395 396 if (strcasecmp($_POST['loginname'],"Anonymous") == 0) 397 { 398 $error_message .= LAN_103."\\n"; 399 $error = TRUE; 400 } 401 402 403 // Use LoginName for DisplayName if restricted **** MOVED FORWARD **** 404 if (!check_class($pref['displayname_class'])) 405 { 406 $_POST['name'] = $_POST['loginname']; 407 } 408 409 410 // Impose a minimum length on display name 411 $_POST['name'] = trim($_POST['name']); 412 if (strlen($_POST['name']) < 2) 413 { 414 $error_message .= LAN_SIGNUP_56."\\n"; 415 $error = TRUE; 416 } 417 418 global $db_debug; 419 // Check for disallowed names. 420 if(varsettrue($pref['signup_disallow_text'])) 421 { 422 $tmp = explode(",", $pref['signup_disallow_text']); 423 if (E107_DEBUG_LEVEL) $db_debug->log('disallowed ('.count($tmp).'), like "'.$tmp[0].'"'); 424 foreach($tmp as $disallow) 425 { 426 if( strstr($_POST['name'], $disallow) || strstr($_POST['loginname'], $disallow) ){ 427 $error_message .= LAN_103."\\n"; 428 $error = TRUE; 429 } 430 } 431 } 432 433 // Check if form maxlength has been bypassed (need to allow 100 chars for both here - can have display name and login name the same, and want an error message) 434 if ( strlen($_POST['name']) > 100 || strlen($_POST['loginname']) > 100) 435 { 436 exit; 437 } 438 439 // Check if display name exceeds maximum allowed length 440 if (strlen($_POST['name']) > varset($pref['displayname_maxlength'],15)) 441 { 442 $error_message .= LAN_SIGNUP_55."\\n"; 443 $error = TRUE; 444 } 445 446 // Check if login name exceeds maximum allowed length 447 if (strlen($_POST['loginname']) > varset($pref['loginname_maxlength'],30)) 448 { 449 $error_message .= LAN_SIGNUP_57."\\n"; 450 $error = TRUE; 451 } 452 453 // Display Name exists. 454 if ($sql->db_Select("user", "*", "user_name='".$tp -> toDB($_POST['name'])."'")) 455 { 456 $error_message .= LAN_411.": ".$tp -> toDB($_POST['name'])."\\n"; 457 $error = TRUE; 458 } 459 // Login Name exists 460 if ($sql->db_Select("user", "*", "user_loginname='".$tp -> toDB($_POST['loginname'])."' ")) 461 { 462 $error_message .= LAN_104.": ".$tp -> toDB($_POST['loginname'])."\\n"; 463 $error = TRUE; 464 } 465 466 467 // check for multiple signups from the same IP address. 468 if($ipcount = $sql->db_Select("user", "*", "user_ip='".$e107->getip()."' and user_ban !='2' ")) 469 { 470 if($ipcount >= $pref['signup_maxip'] && trim($pref['signup_maxip']) != "") 471 { 472 $error_message .= LAN_202."\\n"; 473 $error = TRUE; 474 } 475 } 476 477 // Check password fields are matching. 478 if ($_POST['password1'] != $_POST['password2']) 479 { 480 $error_message .= LAN_105."\\n"; 481 $error = TRUE; 482 $password1 = ""; 483 $password2 = ""; 484 } 485 486 487 // Email address confirmation. 488 $email_address_OK = TRUE; 489 if ($_POST['email'] != $_POST['email_confirm']) 490 { 491 $error_message .= LAN_SIGNUP_38."\\n"; 492 $error = TRUE; 493 $email = ""; 494 $email_confirm = ""; 495 $email_address_OK = FALSE; 496 } 497 498 // Always validate an email address if entered. If its blank, that's OK if checking disabled 499 $_POST['email'] = $tp->toDB(trim(varset($_POST['email'],''))); 500 $do_email_validate = !varset($pref['disable_emailcheck'],FALSE) || ($_POST['email'] !=''); 501 502 503 // Password length check. 504 if (trim(strlen($_POST['password1'])) < $pref['signup_pass_len']) 505 { 506 $error_message .= LAN_SIGNUP_4.$pref['signup_pass_len'].LAN_SIGNUP_5."\\n"; 507 $error = TRUE; 508 $password1 = ""; 509 $password2 = ""; 510 } 511 512 // Check for emtpy fields 513 if (trim($_POST['name']) == "" || trim($_POST['loginname']) == "" || trim($_POST['password1']) == "" || trim($_POST['password2']) == "") 514 { 515 $error_message .= LAN_185."\\n"; 516 $error = TRUE; 517 } 518 519 520 // ========== Verify Custom Signup options if selected ======================== 521 $signup_option_title = array(LAN_308, LAN_120, LAN_121, LAN_122, LAN_SIGNUP_28); 522 $signup_option_names = array("realname", "signature", "image", "timezone", "class"); 523 524 foreach($signup_option_names as $key => $value) 525 { 526 if ($pref['signup_option_'.$value] == 2 && !$_POST[$value]) 527 { 528 $error_message .= LAN_SIGNUP_6.$signup_option_title[$key].LAN_SIGNUP_7."\\n"; 529 $error = TRUE; 530 } 531 } 532 533 534 // Split up an email address to check for banned domains. 535 // Return false if invalid address 536 function make_email_query($email, $fieldname = 'banlist_ip') 537 { 538 global $tp; 539 $tmp = strtolower($tp -> toDB(trim(substr($email, strrpos($email, "@")+1)))); 540 if ($tmp == '') return FALSE; 541 if (strpos($tmp,'.') === FALSE) return FALSE; 542 $em = array_reverse(explode('.',$tmp)); 543 $line = ''; 544 $out = array($fieldname."='*@{$tmp}'"); // First element looks for domain as email address 545 foreach ($em as $e) 546 { 547 $line = '.'.$e.$line; 548 $out[] = $fieldname."='*{$line}'"; 549 } 550 return implode(' OR ',$out); 551 } 552 553 //-------------------------------------- 554 // Email address checks 555 //-------------------------------------- 556 // Email syntax validation. 557 if ($do_email_validate) 558 { 559 if (!$_POST['email'] || !check_email($_POST['email'])) 560 { 561 $error_message .= LAN_106."\\n"; 562 $error = TRUE; 563 $email_address_OK = FALSE; 564 } 565 else 566 { 567 // Check Email against banlist. 568 $wc = make_email_query($_POST['email']); 569 if ($wc) $wc = ' OR '.$wc; 570 571 if (($wc === FALSE) || ($do_email_validate && $sql->db_Select("banlist", "*", "banlist_ip='".$_POST['email']."'".$wc))) 572 { 573 $email_address_OK = FALSE; 574 $brow = $sql -> db_Fetch(); 575 $error = TRUE; 576 if($brow['banlist_reason']) 577 { 578 $repl = array("\n","\r","<br />"); 579 $error_message = str_replace($repl,"\\n",$tp->toHTML($brow['banlist_reason'],"","nobreak, defs"))."\\n"; 580 $email = ""; 581 } 582 else 583 { 584 exit; 585 } 586 } 587 } 588 } 589 590 // Check email address on remote server (if enabled) - but only if previous checks passed. 591 if ($do_email_validate && $email_address_OK && varsettrue($pref['signup_remote_emailcheck']) && $error != TRUE) 592 { 593 require_once(e_HANDLER."mail_validation_class.php"); 594 list($adminuser,$adminhost) = split ("@", SITEADMINEMAIL); 595 $validator = new email_validation_class; 596 $validator->localuser= $adminuser; 597 $validator->localhost= $adminhost; 598 $validator->timeout=3; 599 // $validator->debug=1; 600 // $validator->html_debug=1; 601 if($validator->ValidateEmailBox(trim($_POST['email'])) != 1) 602 { 603 $email_address_OK = FALSE; 604 $error_message .= LAN_106."\\n"; 605 $error = TRUE; 606 $email = ""; 607 $email_confirm = ""; 608 } 609 } 610 611 // Check for Duplicate Email address - but only if previous checks passed. 612 if ($do_email_validate && $email_address_OK && $sql->db_Select("user", "user_email, user_ban, user_sess", "user_email='".$_POST['email']."' ")) 613 { 614 $chk = $sql -> db_Fetch(); 615 if($chk['user_ban']== 2 && $chk['user_sess']) 616 { // duplicate because unactivated 617 $error = TRUE; 618 header("Location: ".e_BASE."signup.php?resend"); 619 exit; 620 } 621 else 622 { 623 $email_address_OK = FALSE; 624 $error_message .= LAN_408."\\n"; 625 $error = TRUE; 626 } 627 } 628 629 630 // Avatar validation (already checked if compulsory field not filled in) 631 if ((varset($pref['signup_option_image'],0) > 0) && $_POST['image']) 632 { 633 $_POST['image'] = str_replace(array('\'', '"', '(', ')'), '', $_POST['image']); // these are invalid anyway, so why allow them? (XSS Fix) 634 $avName = e_IMAGE.'avatars/'.$tp -> toDB($_POST['image']); 635 if ($size = getimagesize($avName)) 636 { 637 $avwidth = $size[0]; 638 $avheight = $size[1]; 639 $avmsg = ""; 640 641 $pref['im_width'] = varset($pref['im_width'], 120); 642 $pref['im_height'] = varset($pref['im_height'], 100); 643 if ($avwidth > $pref['im_width']) 644 { 645 $avmsg .= LAN_USET_1." ({$avwidth})<br />".LAN_USET_2.": {$pref['im_width']}<br /><br />"; 646 } 647 if ($avheight > $pref['im_height']) 648 { 649 $avmsg .= LAN_USET_3." ({$avheight})<br />".LAN_USET_4.": {$pref['im_height']}"; 650 } 651 } 652 else 653 { 654 $avmsg = LAN_SIGNUP_60; // Error accessing avatar 655 } 656 if ($avmsg) 657 { 658 $_POST['image'] = ""; 659 $error_message .= $avmsg; 660 $error = TRUE; 661 } 662 } 663 else 664 { 665 $_POST['image'] = ""; 666 } 667 668 669 // Extended Field validation 670 $extList = $usere->user_extended_get_fieldList(); 671 $eufVals = array(); 672 673 foreach($extList as $ext) 674 { 675 $eufName = 'user_'.$ext['user_extended_struct_name']; 676 if(isset($_POST['ue'][$eufName]) || ($ext['user_extended_struct_required'] == 1)) 677 { 678 $newval = trim(varset($_POST['ue'][$eufName],'')); 679 // echo "Vetting field ".'user_'.$ext['user_extended_struct_name'].": {$newval} = ".trim($_POST['ue']['user_'.$ext['user_extended_struct_name']])."<br />"; 680 if($ext['user_extended_struct_required'] == 1 && (($newval == "") || (($ext['user_extended_struct_type'] == 7) && ($newval == '0000-00-00')) )) 681 { // Required field not present 682 $_ftext = (defined($ext['user_extended_struct_text']) ? constant($ext['user_extended_struct_text']) : $ext['user_extended_struct_text']); 683 $error_message .= LAN_SIGNUP_6.$_ftext.LAN_SIGNUP_7."\\n"; 684 $error = TRUE; 685 } 686 else 687 { 688 $parms = explode("^,^", $ext['user_extended_struct_parms']); 689 $regex = (isset($parms[1]) ? $tp->toText($parms[1]) : ""); 690 $regexfail = (isset($parms[2]) ? trim($tp->toText($parms[2])) : ""); 691 692 if($regexfail == "") 693 { 694 $regexfail = $ext['user_extended_struct_name']." ".LAN_SIGNUP_53; 695 } 696 697 if(defined($regexfail)) {$regexfail = constant($regexfail);} 698 699 if($regex != "" && $newval != "" && !preg_match($regex, $newval)) 700 { 701 $error_message .= $regexfail."\\n"; 702 $error = TRUE; 703 } 704 else 705 { 706 $eufVals[$eufName] = $newval; 707 } 708 } 709 } 710 } 711 712 713 if($error_message) 714 { 715 require_once(HEADERF); 716 message_handler("P_ALERT", $error_message); 717 $error_message = ''; 718 } 719 720 // ========== End of verification.. ==================================================== 721 722 if (!$error) 723 { 724 $fp = new floodprotect; 725 if ($fp->flood("user", "user_join") == FALSE) 726 { 727 header("location:".e_BASE."index.php"); 728 exit; 729 } 730 731 if ($_POST['email'] && $sql->db_Select("user", "*", "user_email='".$_POST['email']."' AND user_ban='1'")) 732 { 733 exit; 734 } 735 736 $username = $tp -> toDB(strip_tags($_POST['name'])); 737 $loginname = $tp -> toDB(strip_tags($_POST['loginname'])); 738 $time = time(); 739 $ip = $e107->getip(); 740 741 $ue_fields = ""; 742 if (count($eufVals)) 743 { 744 foreach($eufVals as $key => $val) // We've already ensured only valid keys here 745 { 746 $key = $tp->toDB($key); 747 $val = $tp->toDB($val); 748 $ue_fields .= ($ue_fields) ? ", " : ""; 749 $ue_fields .= $key."='".$val."'"; 750 } 751 } 752 753 $u_key = md5(uniqid(rand(), 1)); 754 $nid = $sql->db_Insert("user", "0, '{$username}', '{$loginname}', '', '".md5($_POST['password1'])."', '{$u_key}', '".$_POST['email']."', '".$tp -> toDB($_POST['signature'])."', '".$tp -> toDB($_POST['image'])."', '".$tp -> toDB($_POST['timezone'])."', '".$tp -> toDB($_POST['hideemail'])."', '".$time."', '0', '".$time."', '0', '0', '0', '0', '".$ip."', '2', '0', '', '', '0', '0', '".$tp -> toDB($_POST['realname'])."', '', '', '', '0', '".$tp -> toDB($_POST['xupexist'])."' "); 755 if(!$nid) 756 { 757 require_once(HEADERF); 758 $ns->tablerender("", LAN_SIGNUP_36); 759 require_once(FOOTERF); 760 } 761 762 763 if ($pref['user_reg_veri']) 764 { 765 // ==== Update Userclass =======> 766 767 if ($_POST['class']) 768 { 769 unset($insert_class); 770 sort($_POST['class']); 771 $insert_class = implode(",",$_POST['class']); 772 $sql->db_Update("user", "user_class='".$tp -> toDB($insert_class)."' WHERE user_id='".$nid."' "); 773 } 774 775 // ========= save extended fields into db table. ===== 776 777 if($ue_fields) 778 { 779 $sql->db_Select_gen("INSERT INTO #user_extended (user_extended_id) values ('{$nid}')"); 780 $sql->db_Update("user_extended", $ue_fields." WHERE user_extended_id = '{$nid}'"); 781 } 782 783 // ========== Send Email =========> 784 785 if (($pref['user_reg_veri'] != 2) && $_POST['email']) // Don't send if email address blank - means that its not compulsory 786 { 787 $eml = render_email(); 788 $mailheader_e107id = $eml['userid']; 789 require_once(e_HANDLER."mail.php"); 790 791 792 if(!sendemail($_POST['email'], $eml['subject'], $eml['message'], "", "", "", $eml['attachments'], $eml['cc'], $eml['bcc'], "", "", $eml['inline-images'])) 793 { 794 $error_message = LAN_SIGNUP_42; // There was a problem, the registration mail was not sent, please contact the website administrator. 795 } 796 } 797 798 $_POST['ip'] = $ip; 799 $_POST['user_id'] = $nid; 800 $e_event->trigger("usersup", $_POST); // send everything in the template, including extended fields. 801 802 require_once(HEADERF); 803 804 $srch = array("[sitename]","[email]"); 805 $repl = array(SITENAME,"<b>".$_POST['email']."</b>"); 806 807 if(trim($pref['signup_text_after'])) 808 { 809 $text = str_replace($srch,$repl,$tp->toHTML($pref['signup_text_after'], TRUE, 'parse_sc,defs'))."<br />"; 810 } 811 else 812 { 813 $LAN_AFTERSIGNUP = defined("LAN_SIGNUP_72") ? LAN_SIGNUP_72 : LAN_405; 814 $text = ($pref['user_reg_veri'] == 2) ? LAN_SIGNUP_37 : str_replace($srch,$repl,$LAN_AFTERSIGNUP); // Admin Approval / Email Approval 815 } 816 817 $caption_arr = array(); 818 $caption_arr[0] = LAN_406; // Thank you! (No Approval). 819 $caption_arr[1] = defined("LAN_SIGNUP_98") ? LAN_SIGNUP_98 : LAN_406; // Confirm Email (Email Confirmation) 820 $caption_arr[2] = defined("LAN_SIGNUP_100") ? LAN_SIGNUP_100 : LAN_406; // Approval Pending (Admin Approval) 821 $caption = $caption_arr[$pref['user_reg_veri']]; 822 823 if($error_message) 824 { 825 $text = "<br /><b>".$error_message."</b><br />"; // Just display the error message 826 $caption = defined("LAN_SIGNUP_99") ? LAN_SIGNUP_99 : LAN_406; // Problem Detected // Default for backwards compat. 827 } 828 829 $ns->tablerender($caption, $text); 830 require_once(FOOTERF); 831 exit; 832 } 833 else 834 { 835 require_once(HEADERF); 836 837 if(!$sql -> db_Select("user", "user_id", "user_name='{$username}' AND user_password='".md5($_POST['password1'])."'")) 838 { 839 $ns->tablerender("", LAN_SIGNUP_36); 840 require_once(FOOTERF); 841 exit; 842 } 843 $sql->db_Update("user", "user_ban = '0' WHERE user_id = '{$nid}'"); 844 845 // ==== Update Userclass ======= 846 if ($_POST['class']) 847 { 848 unset($insert_class); 849 sort($_POST['class']); 850 $insert_class = implode(",",$_POST['class']); 851 $sql->db_Update("user", "user_class='".$tp -> toDB($insert_class)."' WHERE user_id='".$nid."' "); 852 } 853 // ======== save extended fields to DB table. 854 855 if($ue_fields) 856 { 857 $sql->db_Select_gen("INSERT INTO #user_extended (user_extended_id) values ('{$nid}')"); 858 $sql->db_Update("user_extended", $ue_fields." WHERE user_extended_id = '{$nid}'"); 859 } 860 861 // ========================================================== 862 $_POST['ip'] = $ip; 863 $_POST['user_id'] = $nid; 864 $e_event->trigger("usersup", $_POST); // send everything in the template, including extended fields. 865 866 if($pref['signup_text_after']) 867 { 868 $text = $tp->toHTML($pref['signup_text_after'], TRUE, 'parse_sc,defs')."<br />"; 869 } 870 else 871 { 872 $text = LAN_107." ".SITENAME.", ".LAN_SIGNUP_12."<br /><br />".LAN_SIGNUP_13; 873 } 874 $ns->tablerender(LAN_SIGNUP_8,$text); 875 require_once(FOOTERF); 876 exit; 877 } 878 } 879 880 } 881 require_once(HEADERF); 882 883 $qs = ($error ? "stage" : e_QUERY); 884 if ($pref['use_coppa'] == 1 && strpos($qs, "stage") === FALSE) 885 { 886 $text = $tp->parseTemplate($COPPA_TEMPLATE, TRUE, $signup_shortcodes); 887 $ns->tablerender(LAN_110, $text); 888 require_once(FOOTERF); 889 exit; 890 } 891 892 if (!$website) 893 { 894 $website = "http://"; 895 } 896 897 if ($qs == 'stage1' && $pref['use_coppa'] == 1) 898 { 899 if(isset($_POST['newver'])) 900 { 901 if(!varsettrue($_POST['coppa'])) 902 { 903 $text = $tp->parseTemplate($COPPA_FAIL); 904 $ns->tablerender(LAN_110, $text); 905 require_once(FOOTERF); 906 exit; 907 } 908 } 909 else 910 { 911 header('Location: '.e_BASE.'signup.php'); 912 exit; 913 } 914 } 915 916 require_once(e_HANDLER."form_handler.php"); 917 $rs = new form; 918 919 920 $text = $tp->parseTemplate($SIGNUP_BEGIN.$SIGNUP_BODY.$SIGNUP_END, TRUE, $signup_shortcodes); 921 $ns->tablerender(LAN_123, $text); 922 require_once(FOOTERF); 923 exit; 924 925 // Default Signup Form -----> 926 927 $ns->tablerender(LAN_123, $text); 928 929 require_once(FOOTERF); 930 931 //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------// 932 933 function req($field) 934 { 935 return ($field == 2 ? REQUIRED_FIELD_MARKER : ""); 936 } 937 //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------// 938 939 function headerjs() 940 { 941 $script_txt = " 942 <script type=\"text/javascript\"> 943 function addtext3(sc){ 944 document.getElementById('signupform').image.value = sc; 945 } 946 947 function addsig(sc){ 948 document.getElementById('signupform').signature.value += sc; 949 } 950 function help(help){ 951 document.getElementById('signupform').helpb.value = help; 952 } 953 </script>\n"; 954 955 global $cal; 956 $script_txt .= $cal->load_files(); 957 return $script_txt; 958 } 959 960 961 function render_email($preview = FALSE) 962 { 963 // 1 = Body 964 // 2 = Subject 965 966 global $pref,$nid,$u_key,$_POST,$SIGNUPEMAIL_LINKSTYLE,$SIGNUPEMAIL_SUBJECT,$SIGNUPEMAIL_TEMPLATE; 967 968 if($preview == TRUE) 969 { 970 $_POST['password1'] = "test-password"; 971 $_POST['loginname'] = "test-loginname"; 972 $_POST['name'] = "test-username"; 973 $_POST['website'] = "www.test-site.com"; 974 $nid = 0; 975 $u_key = "1234567890ABCDEFGHIJKLMNOP"; 976 } 977 978 define("RETURNADDRESS", (substr(SITEURL, -1) == "/" ? SITEURL."signup.php?activate.".$nid.".".$u_key : SITEURL."/signup.php?activate.".$nid.".".$u_key.".".e_LAN)); 979 $pass_show = ($pref['user_reg_secureveri'])? "*******" : $_POST['password1']; 980 981 if (file_exists(THEME."email_template.php")) 982 { 983 require_once(THEME."email_template.php"); 984 } 985 else 986 { 987 require_once(e_THEME."templates/email_template.php"); 988 } 989 990 $inline_images = explode(",",$SIGNUPEMAIL_IMAGES); 991 if($SIGNUPEMAIL_BACKGROUNDIMAGE) 992 { 993 $inline_images[] = $SIGNUPEMAIL_BACKGROUNDIMAGE; 994 } 995 996 $ret['userid'] = $nid; 997 $ret['cc'] = $SIGNUPEMAIL_CC; 998 $ret['bcc'] = $SIGNUPEMAIL_BCC; 999 $ret['attachments'] = $SIGNUPEMAIL_ATTACHMENTS; 1000 $ret['inline-images'] = implode(",",$inline_images); 1001 1002 $style = ($SIGNUPEMAIL_LINKSTYLE) ? "style='$SIGNUPEMAIL_LINKSTYLE'" : ""; 1003 1004 $search[0] = "{LOGINNAME}"; 1005 $replace[0] = $_POST['loginname']; 1006 1007 $search[1] = "{PASSWORD}"; 1008 $replace[1] = $pass_show; 1009 1010 $search[2] = "{ACTIVATION_LINK}"; 1011 $replace[2] = "<a href='".RETURNADDRESS."' $style>".RETURNADDRESS."</a>"; 1012 1013 $search[3] = "{SITENAME}"; 1014 $replace[3] = SITENAME; 1015 1016 $search[4] = "{SITEURL}"; 1017 $replace[4] = "<a href='".SITEURL."' $style>".SITEURL."</a>"; 1018 1019 $search[5] = "{USERNAME}"; 1020 $replace[5] = $_POST['name']; 1021 1022 $search[6] = "{USERURL}"; 1023 $replace[6] = ($_POST['website']) ? $_POST['website'] : ""; 1024 1025 $cnt=1; 1026 1027 foreach($inline_images as $img) 1028 { 1029 if(is_readable($inline_images[$cnt-1])) 1030 { 1031 $cid_search[] = "{IMAGE".$cnt."}"; 1032 $cid_replace[] = "<img alt=\"".SITENAME."\" src='cid:".md5($inline_images[$cnt-1])."' />\n"; 1033 $path_search[] = "{IMAGE".$cnt."}"; 1034 $path_replace[] = "<img alt=\"".SITENAME."\" src=\"".$inline_images[$cnt-1]."\" />\n"; 1035 } 1036 $cnt++; 1037 } 1038 1039 $subject = str_replace($search,$replace,$SIGNUPEMAIL_SUBJECT); 1040 $ret['subject'] = $subject; 1041 1042 $HEAD = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n"; 1043 $HEAD .= "<html xmlns='http://www.w3.org/1999/xhtml' >\n"; 1044 $HEAD .= "<head><meta http-equiv='content-type' content='text/html; charset=utf-8' />\n"; 1045 $HEAD .= ($SIGNUPEMAIL_USETHEME == 1) ? "<link rel=\"stylesheet\" href=\"".SITEURL.THEME."style.css\" type=\"text/css\" />\n" : ""; 1046 $HEAD .= ($preview) ? "<title>".LAN_SIGNUP_58."</title>\n" : ""; 1047 if($SIGNUPEMAIL_USETHEME == 2) 1048 { 1049 $CSS = file_get_contents(THEME."style.css"); 1050 $HEAD .= "<style>\n".$CSS."\n</style>"; 1051 } 1052 1053 $HEAD .= "</head>\n"; 1054 if($SIGNUPEMAIL_BACKGROUNDIMAGE) 1055 { 1056 $HEAD .= "<body background=\"cid:".md5($SIGNUPEMAIL_BACKGROUNDIMAGE)."\" >\n"; 1057 } 1058 else 1059 { 1060 $HEAD .= "<body>\n"; 1061 } 1062 $FOOT = "\n</body>\n</html>\n"; 1063 1064 $SIGNUPEMAIL_TEMPLATE = $HEAD.$SIGNUPEMAIL_TEMPLATE.$FOOT; 1065 $message = str_replace($search,$replace,$SIGNUPEMAIL_TEMPLATE); 1066 1067 $ret['message'] = str_replace($cid_search,$cid_replace,$message); 1068 $ret['preview'] = str_replace($path_search,$path_replace,$message); 1069 1070 return $ret; 1071 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Aug 3 00:19:13 2010 |