Beispiel #1
0
     //process new user data
 } elseif (isset($_POST["addUser"])) {
     $user_data = $_POST;
     //check for pre-existing username
     if (!empty($_POST["username"])) {
         $existing_user = phorum_api_user_search("username", $_POST["username"]);
         if (!empty($existing_user)) {
             $error = 'The user name "' . htmlspecialchars($_POST['username']) . '" is already in use!';
         }
     } else {
         $error = "You must provide a user name!";
     }
     //check for a valid email
     if (!empty($_POST["email"])) {
         include './include/email_functions.php';
         $valid_email = phorum_valid_email($_POST["email"]);
         if ($valid_email !== true) {
             $error = 'The email "' . htmlspecialchars($_POST[email]) . '" is not valid!';
         }
     }
     //check for password and password confirmation
     if (isset($_POST['password1']) && !empty($_POST['password1']) && !empty($_POST['password2']) && $_POST['password1'] != $_POST['password2']) {
         $error = "Passwords don't match!";
     } elseif (!empty($_POST['password1']) && !empty($_POST['password2'])) {
         $user_data['password'] = $_POST['password1'];
         $user_data['password_temp'] = $_POST['password1'];
     } else {
         $error = "You must assign a password!";
     }
     unset($user_data["password1"]);
     unset($user_data["password2"]);
Beispiel #2
0
// need this for banlist-checks
include_once("./include/profile_functions.php");

// email-verification
if($PHORUM['registration_control']) {
    //$PHORUM['DATA']['PROFILE']['email_temp']="email_address@bogus.com|bla";
    if (!empty($PHORUM['DATA']['PROFILE']['email_temp'])) {
            list($PHORUM['DATA']['PROFILE']['email_temp_part'],$bogus)=explode("|",$PHORUM['DATA']['PROFILE']['email_temp']);
    }
}

if ( count( $_POST ) ) {

    if ( empty( $_POST["email"] ) ) {
        $error = $PHORUM["DATA"]["LANG"]["ErrRequired"];
    } elseif (!phorum_valid_email( $_POST["email"])) {
        $error = $PHORUM["DATA"]["LANG"]["ErrEmail"];
    } elseif ($PHORUM['user']['email'] != $_POST["email"] && phorum_user_check_email($_POST["email"])) {
        $error = $PHORUM["DATA"]["LANG"]["ErrEmailExists"];
    } elseif (!phorum_check_ban_lists($_POST["email"], PHORUM_BAD_EMAILS)) {
        $error = $PHORUM["DATA"]["LANG"]["ErrBannedEmail"];
    } elseif (isset($PHORUM['DATA']['PROFILE']['email_temp_part']) && !empty($_POST['email_verify_code']) && $PHORUM['DATA']['PROFILE']['email_temp_part']."|".$_POST['email_verify_code'] != $PHORUM['DATA']['PROFILE']['email_temp']) {
        $error = $PHORUM['DATA']['LANG']['ErrWrongMailcode'];
    } else {
        // flip this due to db vs. UI wording.
        $_POST["hide_email"] = ( isset($_POST["hide_email"]) ) ? 0 : 1;

        $_POST['moderation_email'] = ( isset($_POST['moderation_email']) && phorum_user_moderate_allowed(PHORUM_MODERATE_ALLOWED_ANYWHERE) ) ? 1 : 0;

        // Remember this for the template.
        if (isset($PHORUM['DATA']['PROFILE']['email_temp_part'])) {
Beispiel #3
0
 *     <hookcode>
 *     function phorum_mod_foo_check_post ($args) {
 *        list ($message, $error) = $args;
 *        if (!empty($error)) return $args;
 *
 *        if (stristr($message["body"], "bar") !== false) {
 *            return array($message, "The body may not contain 'bar'");
 *        }
 *
 *        return $args;
 *    }
 *     </hookcode>
 */
if (!$error && isset($PHORUM["hooks"]["check_post"])) {
    list($message, $error) = phorum_hook("check_post", array($message, $error));
}
// Data integrity checks for all messages.
if (!$error) {
    if (!isset($message["subject"]) || trim($message["subject"]) == '') {
        $error = $PHORUM["DATA"]["LANG"]["ErrSubject"];
    } elseif (!isset($message["body"]) || trim($message["body"]) == '') {
        $error = $PHORUM["DATA"]["LANG"]["ErrBody"];
    } elseif (!empty($message["email"]) && !phorum_valid_email($message["email"])) {
        $error = $PHORUM["DATA"]["LANG"]["ErrEmail"];
    } elseif (strlen($message["body"]) > 64000) {
        $error = $PHORUM["DATA"]["LANG"]["ErrBodyTooLarge"];
    }
}
if ($error) {
    $PHORUM["DATA"]["ERROR"] = $error;
}
    }
}

// A hook entry for checking the data from a module.
if (! $error) {
    list($message, $error) =
        phorum_hook("check_post", array($message, $error));
}

// Data integrity checks for all messages.
if (! $error)
{
    if (empty($message["subject"])) {
        $error = $PHORUM["DATA"]["LANG"]["ErrSubject"];
    } elseif (empty($message["body"])) {
        $error = $PHORUM["DATA"]["LANG"]["ErrBody"];
    } elseif (!empty($message["email"]) &&
              !phorum_valid_email($message["email"])) {
        $error = $PHORUM["DATA"]["LANG"]["ErrEmail"];
    } elseif (strlen($message["body"]) > 64000) {
        $error = $PHORUM["DATA"]["LANG"]["ErrBodyTooLarge"];
    }
}

if ($error) {
    $PHORUM["DATA"]["ERROR"] = $error;
    $error_flag = true;
}

?>
Beispiel #5
0
if (count($_POST)) {
    // Sanitize input data.
    foreach ($_POST as $key => $val) {
        if ($key == 'username' || $key == 'name' || $key == 'surname') {
            // Trim and space-collapse usernames, so people can't
            // impersonate as other users using the same username,
            // but with extra spaces in it.
            $_POST[$key] = preg_replace('/\\s+/', ' ', trim($val));
        } else {
            $_POST[$key] = trim($val);
        }
    }
    // Check if all required fields are filled and valid.
    if (!isset($_POST["username"]) || empty($_POST['username'])) {
        $error = $PHORUM["DATA"]["LANG"]["ErrUsername"];
    } elseif (!isset($_POST["email"]) || !phorum_valid_email($_POST["email"])) {
        $error = $PHORUM["DATA"]["LANG"]["ErrEmail"];
    } elseif (empty($_POST["password"])) {
        $error = $PHORUM["DATA"]["LANG"]["ErrPasswordEmpty"];
    } elseif ($_POST["password"] != $_POST["password2"]) {
        $error = $PHORUM["DATA"]["LANG"]["ErrPassword"];
    } elseif (strlen($_POST["password"]) < 8) {
        $error = $PHORUM["DATA"]["LANG"]["ErrPasswordLen"];
    } elseif (!preg_match('/[^a-zA-Z]/', $_POST["password"])) {
        $error = $PHORUM["DATA"]["LANG"]["ErrPasswordNoSpecial"];
    }
    // Check additional data - name, surname, clubid ...
    if (!isset($_POST["name"]) || empty($_POST["name"]) || !isset($_POST["surname"]) || empty($_POST["surname"])) {
        $error = $PHORUM["DATA"]["LANG"]["ErrRealname"];
    }
    if (!isset($_POST["clubid"]) || empty($_POST["clubid"])) {