/**
* This function allows the admin to register a new member by hand.
* It also allows assigning a primary group to the member being registered.
* Accessed by ?action=admin;area=regcenter;sa=register
* Requires the moderate_forum permission.
*
* @uses Register template, admin_register sub-template.
*/
function AdminRegister()
{
global $txt, $context, $sourcedir, $scripturl, $smcFunc;
if (!empty($_POST['regSubmit'])) {
checkSession();
validateToken('admin-regc');
foreach ($_POST as $key => $value) {
if (!is_array($_POST[$key])) {
$_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
}
}
$regOptions = array('interface' => 'admin', 'username' => $_POST['user'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'password_check' => $_POST['password'], 'check_reserved_name' => true, 'check_password_strength' => false, 'check_email_ban' => false, 'send_welcome_email' => isset($_POST['emailPassword']) || empty($_POST['password']), 'require' => isset($_POST['emailActivate']) ? 'activation' : 'nothing', 'memberGroup' => empty($_POST['group']) || !allowedTo('manage_membergroups') ? 0 : (int) $_POST['group']);
require_once $sourcedir . '/Subs-Members.php';
$memberID = registerMember($regOptions);
if (!empty($memberID)) {
$context['new_member'] = array('id' => $memberID, 'name' => $_POST['user'], 'href' => $scripturl . '?action=profile;u=' . $memberID, 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $memberID . '">' . $_POST['user'] . '</a>');
$context['registration_done'] = sprintf($txt['admin_register_done'], $context['new_member']['link']);
}
}
// Load the assignable member groups.
if (allowedTo('manage_membergroups')) {
$request = $smcFunc['db_query']('', '
SELECT group_name, id_group
FROM {db_prefix}membergroups
WHERE id_group != {int:moderator_group}
AND min_posts = {int:min_posts}' . (allowedTo('admin_forum') ? '' : '
AND id_group != {int:admin_group}
AND group_type != {int:is_protected}') . '
AND hidden != {int:hidden_group}
ORDER BY min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name', array('moderator_group' => 3, 'min_posts' => -1, 'admin_group' => 1, 'is_protected' => 1, 'hidden_group' => 2, 'newbie_group' => 4));
$context['member_groups'] = array(0 => $txt['admin_register_group_none']);
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['member_groups'][$row['id_group']] = $row['group_name'];
}
$smcFunc['db_free_result']($request);
} else {
$context['member_groups'] = array();
}
// Basic stuff.
$context['sub_template'] = 'admin_register';
$context['page_title'] = $txt['registration_center'];
createToken('admin-regc');
}
public function createUserHandle($email, $username, $password, $verified, $custom_register_fields, $profile, &$errors)
{
global $sourcedir, $context, $modSettings, $maintenance, $mmessage, $scripturl;
checkSession();
$_POST['emailActivate'] = true;
if (empty($password)) {
get_error('password cannot be empty');
}
if (!($maintenance == 0)) {
get_error('Forum is in maintenance model or Tapatalk is disabled by forum administrator.');
}
if ($modSettings['registration_method'] == 0) {
$register_mode = 'nothing';
} else {
if ($modSettings['registration_method'] == 1) {
$register_mode = $verified ? 'nothing' : 'activation';
} else {
$register_mode = isset($modSettings['auto_approval_tp_user']) && $modSettings['auto_approval_tp_user'] && $verified ? 'nothing' : 'approval';
}
}
$email = htmltrim__recursive(str_replace(array("\n", "\r"), '', $email));
$username = htmltrim__recursive(str_replace(array("\n", "\r"), '', $username));
$password = htmltrim__recursive(str_replace(array("\n", "\r"), '', $password));
$group = 0;
if ($register_mode == 'nothing' && isset($modSettings['tp_iar_usergroup_assignment'])) {
$group = $modSettings['tp_iar_usergroup_assignment'];
}
$regOptions = array('interface' => $register_mode == 'approval' ? 'guest' : 'admin', 'username' => $username, 'email' => $email, 'password' => $password, 'password_check' => $password, 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => false, 'send_welcome_email' => isset($_POST['emailPassword']) || empty($password), 'require' => $register_mode, 'memberGroup' => (int) $group);
define('mobi_register', 1);
require_once $sourcedir . '/Subs-Members.php';
$memberID = registerMember($regOptions);
if (!empty($memberID)) {
$context['new_member'] = array('id' => $memberID, 'name' => $username, 'href' => $scripturl . '?action=profile;u=' . $memberID, 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $memberID . '">' . $username . '</a>');
$context['registration_done'] = sprintf($txt['admin_register_done'], $context['new_member']['link']);
//update profile
if (isset($profile) && !empty($profile) && is_array($profile)) {
$profile_vars = array('avatar' => $profile['avatar_url']);
updateMemberData($memberID, $profile_vars);
}
return get_user_by_name_or_email($username, false);
}
return null;
}
/**
* Actually register the member.
* @todo split this function in two functions:
* - a function that handles action=register2, which needs no parameter;
* - a function that processes the case of OpenID verification.
*
* @param bool $verifiedOpenID = false
*/
public function action_register2($verifiedOpenID = false)
{
global $txt, $modSettings, $context, $user_info;
// Start collecting together any errors.
$reg_errors = Error_Context::context('register', 0);
// We can't validate the token and the session with OpenID enabled.
if (!$verifiedOpenID) {
checkSession();
if (!validateToken('register', 'post', true, false)) {
$reg_errors->addError('token_verification');
}
}
// Did we save some open ID fields?
if ($verifiedOpenID && !empty($context['openid_save_fields'])) {
foreach ($context['openid_save_fields'] as $id => $value) {
$_POST[$id] = $value;
}
}
// You can't register if it's disabled.
if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3) {
fatal_lang_error('registration_disabled', false);
}
// If we're using an agreement checkbox, did they check it?
if (!empty($modSettings['checkboxAgreement']) && !empty($_POST['checkbox_agreement'])) {
$_SESSION['registration_agreed'] = true;
}
// Things we don't do for people who have already confirmed their OpenID allegances via register.
if (!$verifiedOpenID) {
// Well, if you don't agree, you can't register.
if (!empty($modSettings['requireAgreement']) && empty($_SESSION['registration_agreed'])) {
redirectexit();
}
// Make sure they came from *somewhere*, have a session.
if (!isset($_SESSION['old_url'])) {
redirectexit('action=register');
}
// If we don't require an agreement, we need a extra check for coppa.
if (empty($modSettings['requireAgreement']) && !empty($modSettings['coppaAge'])) {
$_SESSION['skip_coppa'] = !empty($_POST['accept_agreement']);
}
// Are they under age, and under age users are banned?
if (!empty($modSettings['coppaAge']) && empty($modSettings['coppaType']) && empty($_SESSION['skip_coppa'])) {
loadLanguage('Login');
fatal_lang_error('under_age_registration_prohibited', false, array($modSettings['coppaAge']));
}
// Check the time gate for miscreants. First make sure they came from somewhere that actually set it up.
if (empty($_SESSION['register']['timenow']) || empty($_SESSION['register']['limit'])) {
redirectexit('action=register');
}
// Failing that, check the time limit for exessive speed.
if (time() - $_SESSION['register']['timenow'] < $_SESSION['register']['limit']) {
loadLanguage('Login');
$reg_errors->addError('too_quickly');
}
// Check whether the visual verification code was entered correctly.
if (!empty($modSettings['reg_verification'])) {
require_once SUBSDIR . '/VerificationControls.class.php';
$verificationOptions = array('id' => 'register');
$context['visual_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['visual_verification'])) {
foreach ($context['visual_verification'] as $error) {
$reg_errors->addError($error);
}
}
}
}
foreach ($_POST as $key => $value) {
if (!is_array($_POST[$key])) {
$_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
}
}
// Collect all extra registration fields someone might have filled in.
$possible_strings = array('birthdate', 'time_format', 'buddy_list', 'pm_ignore_list', 'smiley_set', 'personal_text', 'avatar', 'lngfile', 'location', 'secret_question', 'secret_answer', 'website_url', 'website_title');
$possible_ints = array('pm_email_notify', 'notify_types', 'id_theme', 'gender');
$possible_floats = array('time_offset');
$possible_bools = array('notify_announcements', 'notify_regularity', 'notify_send_body', 'hide_email', 'show_online');
if (isset($_POST['secret_answer']) && $_POST['secret_answer'] != '') {
$_POST['secret_answer'] = md5($_POST['secret_answer']);
}
// Needed for isReservedName() and registerMember().
require_once SUBSDIR . '/Members.subs.php';
// Validation... even if we're not a mall.
if (isset($_POST['real_name']) && (!empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum'))) {
$_POST['real_name'] = trim(preg_replace('~[\\t\\n\\r \\x0B\\0\\x{A0}\\x{AD}\\x{2000}-\\x{200F}\\x{201F}\\x{202F}\\x{3000}\\x{FEFF}]+~u', ' ', $_POST['real_name']));
if (trim($_POST['real_name']) != '' && !isReservedName($_POST['real_name']) && Util::strlen($_POST['real_name']) < 60) {
$possible_strings[] = 'real_name';
}
}
// Handle a string as a birthdate...
if (isset($_POST['birthdate']) && $_POST['birthdate'] != '') {
$_POST['birthdate'] = strftime('%Y-%m-%d', strtotime($_POST['birthdate']));
} elseif (!empty($_POST['bday1']) && !empty($_POST['bday2'])) {
$_POST['birthdate'] = sprintf('%04d-%02d-%02d', empty($_POST['bday3']) ? 0 : (int) $_POST['bday3'], (int) $_POST['bday1'], (int) $_POST['bday2']);
}
// By default assume email is hidden, only show it if we tell it to.
$_POST['hide_email'] = !empty($_POST['allow_email']) ? 0 : 1;
// Validate the passed language file.
if (isset($_POST['lngfile']) && !empty($modSettings['userLanguage'])) {
// Do we have any languages?
$context['languages'] = getLanguages();
// Did we find it?
if (isset($context['languages'][$_POST['lngfile']])) {
$_SESSION['language'] = $_POST['lngfile'];
} else {
unset($_POST['lngfile']);
}
} else {
unset($_POST['lngfile']);
}
// Some of these fields we may not want.
if (!empty($modSettings['registration_fields'])) {
// But we might want some of them if the admin asks for them.
$standard_fields = array('location', 'gender');
$reg_fields = explode(',', $modSettings['registration_fields']);
$exclude_fields = array_diff($standard_fields, $reg_fields);
// Website is a little different
if (!in_array('website', $reg_fields)) {
$exclude_fields = array_merge($exclude_fields, array('website_url', 'website_title'));
}
// We used to accept signature on registration but it's being abused by spammers these days, so no more.
$exclude_fields[] = 'signature';
} else {
$exclude_fields = array('signature', 'location', 'gender', 'website_url', 'website_title');
}
$possible_strings = array_diff($possible_strings, $exclude_fields);
$possible_ints = array_diff($possible_ints, $exclude_fields);
$possible_floats = array_diff($possible_floats, $exclude_fields);
$possible_bools = array_diff($possible_bools, $exclude_fields);
// Set the options needed for registration.
$regOptions = array('interface' => 'guest', 'username' => !empty($_POST['user']) ? $_POST['user'] : '', 'email' => !empty($_POST['email']) ? $_POST['email'] : '', 'password' => !empty($_POST['passwrd1']) ? $_POST['passwrd1'] : '', 'password_check' => !empty($_POST['passwrd2']) ? $_POST['passwrd2'] : '', 'openid' => !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : '', 'auth_method' => !empty($_POST['authenticate']) ? $_POST['authenticate'] : '', 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => !empty($modSettings['coppaAge']) && !$verifiedOpenID && empty($_SESSION['skip_coppa']) ? 'coppa' : (empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval')), 'extra_register_vars' => array(), 'theme_vars' => array());
// Include the additional options that might have been filled in.
foreach ($possible_strings as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = Util::htmlspecialchars($_POST[$var], ENT_QUOTES);
}
}
foreach ($possible_ints as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = (int) $_POST[$var];
}
}
foreach ($possible_floats as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = (double) $_POST[$var];
}
}
foreach ($possible_bools as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1;
}
}
// Registration options are always default options...
if (isset($_POST['default_options'])) {
$_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
}
$regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? $_POST['options'] : array();
// Make sure they are clean, dammit!
$regOptions['theme_vars'] = htmlspecialchars__recursive($regOptions['theme_vars']);
// Check whether we have fields that simply MUST be displayed?
require_once SUBSDIR . '/Profile.subs.php';
loadCustomFields(0, 'register');
foreach ($context['custom_fields'] as $row) {
// Don't allow overriding of the theme variables.
if (isset($regOptions['theme_vars'][$row['colname']])) {
unset($regOptions['theme_vars'][$row['colname']]);
}
// Prepare the value!
$value = isset($_POST['customfield'][$row['colname']]) ? trim($_POST['customfield'][$row['colname']]) : '';
// We only care for text fields as the others are valid to be empty.
if (!in_array($row['type'], array('check', 'select', 'radio'))) {
// Is it too long?
if ($row['field_length'] && $row['field_length'] < Util::strlen($value)) {
$reg_errors->addError(array('custom_field_too_long', array($row['name'], $row['field_length'])));
}
// Any masks to apply?
if ($row['type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none') {
// @todo We never error on this - just ignore it at the moment...
if ($row['mask'] == 'email' && !isValidEmail($value)) {
$reg_errors->addError(array('custom_field_invalid_email', array($row['name'])));
} elseif ($row['mask'] == 'number' && preg_match('~[^\\d]~', $value)) {
$reg_errors->addError(array('custom_field_not_number', array($row['name'])));
} elseif (substr($row['mask'], 0, 5) == 'regex' && trim($value) !== '' && preg_match(substr($row['mask'], 5), $value) === 0) {
$reg_errors->addError(array('custom_field_inproper_format', array($row['name'])));
}
}
}
// Is this required but not there?
if (trim($value) == '' && $row['show_reg'] > 1) {
$reg_errors->addError(array('custom_field_empty', array($row['name'])));
}
}
// Lets check for other errors before trying to register the member.
if ($reg_errors->hasErrors()) {
$_REQUEST['step'] = 2;
// If they've filled in some details but made an error then they need less time to finish
$_SESSION['register']['limit'] = 4;
return $this->action_register();
}
// If they're wanting to use OpenID we need to validate them first.
if (empty($_SESSION['openid']['verified']) && !empty($_POST['authenticate']) && $_POST['authenticate'] == 'openid') {
// What do we need to save?
$save_variables = array();
foreach ($_POST as $k => $v) {
if (!in_array($k, array('sc', 'sesc', $context['session_var'], 'passwrd1', 'passwrd2', 'regSubmit'))) {
$save_variables[$k] = $v;
}
}
require_once SUBSDIR . '/OpenID.subs.php';
$openID = new OpenID();
$openID->validate($_POST['openid_identifier'], false, $save_variables);
} elseif ($verifiedOpenID || (!empty($_POST['openid_identifier']) || !empty($_SESSION['openid']['openid_uri'])) && $_POST['authenticate'] == 'openid') {
$regOptions['username'] = !empty($_POST['user']) && trim($_POST['user']) != '' ? $_POST['user'] : $_SESSION['openid']['nickname'];
$regOptions['email'] = !empty($_POST['email']) && trim($_POST['email']) != '' ? $_POST['email'] : $_SESSION['openid']['email'];
$regOptions['auth_method'] = 'openid';
$regOptions['openid'] = !empty($_SESSION['openid']['openid_uri']) ? $_SESSION['openid']['openid_uri'] : (!empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : '');
}
// Registration needs to know your IP
$req = request();
$regOptions['ip'] = $user_info['ip'];
$regOptions['ip2'] = $req->ban_ip();
$memberID = registerMember($regOptions, 'register');
// If there are "important" errors and you are not an admin: log the first error
// Otherwise grab all of them and don't log anything
if ($reg_errors->hasErrors(1) && !$user_info['is_admin']) {
foreach ($reg_errors->prepareErrors(1) as $error) {
fatal_error($error, 'general');
}
}
// Was there actually an error of some kind dear boy?
if ($reg_errors->hasErrors()) {
$_REQUEST['step'] = 2;
return $this->action_register();
}
// Do our spam protection now.
spamProtection('register');
// We'll do custom fields after as then we get to use the helper function!
if (!empty($_POST['customfield'])) {
require_once SUBSDIR . '/Profile.subs.php';
makeCustomFieldChanges($memberID, 'register');
}
// If COPPA has been selected then things get complicated, setup the template.
if (!empty($modSettings['coppaAge']) && empty($_SESSION['skip_coppa'])) {
redirectexit('action=coppa;member=' . $memberID);
} elseif (!empty($modSettings['registration_method'])) {
loadTemplate('Register');
$context += array('page_title' => $txt['register'], 'title' => $txt['registration_successful'], 'sub_template' => 'after', 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']);
} else {
call_integration_hook('integrate_activate', array($regOptions['username']));
setLoginCookie(60 * $modSettings['cookieTime'], $memberID, hash('sha256', Util::strtolower($regOptions['username']) . $regOptions['password'] . $regOptions['register_vars']['password_salt']));
redirectexit('action=auth;sa=check;member=' . $memberID, $context['server']['needs_login_fix']);
}
}
function Login2()
{
global $txt, $scripturl, $user_info, $user_settings, $smcFunc;
global $cookiename, $maintenance, $modSettings, $context, $sc, $sourcedir;
// Load cookie authentication stuff.
require_once $sourcedir . '/Subs-Auth.php';
if (isset($_GET['sa']) && $_GET['sa'] == 'salt' && !$user_info['is_guest']) {
if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\\{i:0;(i:\\d{1,6}|s:[1-8]:"\\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\\d{1,14};(i:3;i:\\d;)?\\}$~', $_COOKIE[$cookiename]) === 1) {
list(, , $timeout) = safe_unserialize($_COOKIE[$cookiename]);
} elseif (isset($_SESSION['login_' . $cookiename])) {
list(, , $timeout) = safe_unserialize($_SESSION['login_' . $cookiename]);
} else {
trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR);
}
$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
updateMemberData($user_info['id'], array('password_salt' => $user_settings['password_salt']));
setLoginCookie($timeout - time(), $user_info['id'], sha1($user_settings['passwd'] . $user_settings['password_salt']));
redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']);
} elseif (isset($_GET['sa']) && $_GET['sa'] == 'check') {
// Strike! You're outta there!
if ($_GET['member'] != $user_info['id']) {
fatal_lang_error('login_cookie_error', false);
}
// Some whitelisting for login_url...
if (empty($_SESSION['login_url'])) {
redirectexit();
} else {
// Best not to clutter the session data too much...
$temp = $_SESSION['login_url'];
unset($_SESSION['login_url']);
redirectexit($temp);
}
}
// Beyond this point you are assumed to be a guest trying to login.
if (!$user_info['is_guest']) {
redirectexit();
}
// Are you guessing with a script?
spamProtection('login');
// Set the login_url if it's not already set (but careful not to send us to an attachment).
if (empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) {
$_SESSION['login_url'] = $_SESSION['old_url'];
}
// Been guessing a lot, haven't we?
if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) {
fatal_lang_error('login_threshold_fail', 'critical');
}
// Set up the cookie length. (if it's invalid, just fall through and use the default.)
if (isset($_POST['cookieneverexp']) || !empty($_POST['cookielength']) && $_POST['cookielength'] == -1) {
$modSettings['cookieTime'] = 3153600;
} elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 || $_POST['cookielength'] <= 525600)) {
$modSettings['cookieTime'] = (int) $_POST['cookielength'];
}
loadLanguage('Login');
// Load the template stuff - wireless or normal.
if (WIRELESS) {
$context['sub_template'] = WIRELESS_PROTOCOL . '_login';
} else {
loadTemplate('Login');
$context['sub_template'] = 'login';
}
// Set up the default/fallback stuff.
$context['default_username'] = isset($_POST['user']) ? preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', htmlspecialchars($_POST['user'])) : '';
$context['default_password'] = '';
$context['never_expire'] = $modSettings['cookieTime'] == 525600 || $modSettings['cookieTime'] == 3153600;
$context['login_errors'] = array($txt['error_occured']);
$context['page_title'] = $txt['login'];
// Add the login chain to the link tree.
$context['linktree'][] = array('url' => $scripturl . '?action=login', 'name' => $txt['login']);
if (!empty($_POST['openid_identifier']) && !empty($modSettings['enableOpenID'])) {
require_once $sourcedir . '/Subs-OpenID.php';
if (($open_id = smf_openID_validate($_POST['openid_identifier'])) !== 'no_data') {
return $open_id;
}
}
// You forgot to type your username, dummy!
if (!isset($_POST['user']) || $_POST['user'] == '') {
$context['login_errors'] = array($txt['need_username']);
return;
}
// Hmm... maybe 'admin' will login with no password. Uhh... NO!
if ((!isset($_POST['passwrd']) || $_POST['passwrd'] == '') && (!isset($_POST['hash_passwrd']) || strlen($_POST['hash_passwrd']) != 40)) {
$context['login_errors'] = array($txt['no_password']);
return;
}
// No funky symbols either.
if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~(&#(\\d{1,7}|x[0-9a-fA-F]{1,6});)~', '', $_POST['user'])) != 0) {
$context['login_errors'] = array($txt['error_invalid_characters_username']);
return;
}
// And if it's too long, trim it back.
if ($smcFunc['strlen']($_POST['user']) > 80) {
$_POST['user'] = $smcFunc['substr']($_POST['user'], 0, 79);
$context['default_username'] = preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', $smcFunc['htmlspecialchars']($_POST['user']));
}
// Are we using any sort of integration to validate the login?
if (in_array('retry', call_integration_hook('integrate_validate_login', array($_POST['user'], isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) == 40 ? $_POST['hash_passwrd'] : null, $modSettings['cookieTime'])), true)) {
$context['login_errors'] = array($txt['login_hash_error']);
$context['disable_login_hashing'] = true;
return;
}
// Load the data up!
$request = $smcFunc['db_query']('', '
SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt,
openid_uri, passwd_flood, ldap_user
FROM {db_prefix}members
WHERE ' . ($smcFunc['db_case_sensitive'] ? 'LOWER(member_name) = LOWER({string:user_name})' : 'member_name = {string:user_name}') . '
LIMIT 1', array('user_name' => $smcFunc['db_case_sensitive'] ? strtolower($_POST['user']) : $_POST['user']));
$ldap_esc_username = ldap_escape($_POST['user']);
// Probably mistyped or their email, try it as an email address. (member_name first, though!)
if ($smcFunc['db_num_rows']($request) == 0) {
$smcFunc['db_free_result']($request);
$request = $smcFunc['db_query']('', '
SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt, openid_uri,
passwd_flood, ldap_user
FROM {db_prefix}members
WHERE email_address = {string:user_name}
LIMIT 1', array('user_name' => $_POST['user']));
}
// It didn't match anything in the local db...
if ($smcFunc['db_num_rows']($request) == 0) {
$smcFunc['db_free_result']($request);
// Try ldap
if (!function_exists('ldap_connect')) {
die('The PHP LDAP extension is required');
return;
}
$ldap = ldap_connect(LDAP_SERVER, LDAP_PORT);
if (!is_resource($ldap)) {
die('Unable to connect to the LDAP server: ' . LDAP_SERVER);
return;
}
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if (ldap_bind($ldap, 'uid=' . $ldap_esc_username . ',' . LDAP_BASE_DN, $_POST['passwrd'])) {
// User exists in ldap, copy to local db
$ldap_search = ldap_search($ldap, LDAP_BASE_DN, 'uid=' . $ldap_esc_username, array('uid', 'cn', 'mail'), 0, 1);
$ldap_result = @ldap_first_entry($ldap, $ldap_search);
$ldap_fields = @ldap_get_attributes($ldap, $ldap_result);
if (!$ldap_fields) {
die('Failed to query LDAP user');
return;
}
$regOptions = array('interface' => 'guest', 'check_reserved_name' => true, 'check_password_strength' => false, 'check_email_ban' => false, 'send_welcome_email' => false, 'require' => 'nothing', 'extra_register_vars' => array('real_name' => $ldap_fields['cn'][0]), 'theme_vars' => array(), 'auth_method' => 'ldap', 'username' => $ldap_fields['uid'][0], 'email' => $ldap_fields['mail'][0]);
require_once $sourcedir . '/Subs-Members.php';
//require the file, so that we can call the function
require_once $sourcedir . '/Subs.php';
//require the file, so that we can call the function
$memberID = registerMember($regOptions);
//call the function. $memberID should return a value.
//Retry the query
$request = $smcFunc['db_query']('', '
SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt,
openid_uri, passwd_flood, ldap_user
FROM {db_prefix}members
WHERE id_member = {int:id_member}
LIMIT 1', array('id_member' => $memberID));
if ($smcFunc['db_num_rows']($request) == 0) {
die('Failed to add LDAP user to the database');
return;
}
ldap_close($ldap);
} else {
$context['login_errors'] = array($txt['incorrect_password']);
return;
}
}
$user_settings = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
if ((bool) ord($user_settings['ldap_user'])) {
// Try ldap
if (!function_exists('ldap_connect')) {
$context['login_errors'] = 'The PHP LDAP extension is required';
return;
}
$ldap = ldap_connect(LDAP_SERVER, LDAP_PORT);
if (!is_resource($ldap)) {
$context['login_errors'] = 'Unable to connect to the LDAP server: "' . LDAP_SERVER . '"';
return;
}
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if (!ldap_bind($ldap, 'uid=' . $ldap_esc_username . ',' . LDAP_BASE_DN, $_POST['passwrd'])) {
// They've messed up again - keep a count to see if they need a hand.
$_SESSION['failed_login'] = @$_SESSION['failed_login'] + 1;
// Hmm... don't remember it, do you? Here, try the password reminder ;).
if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
redirectexit('action=reminder');
} else {
// Log an error so we know that it didn't go well in the error log.
log_error($txt['incorrect_password'] . ' - ldap: <span class="remove">' . $user_settings['member_name'] . '</span>', 'user');
$context['login_errors'] = array($txt['incorrect_password']);
return;
}
}
} else {
// Figure out the password using SMF's encryption - if what they typed is right.
if (isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) == 40) {
// Needs upgrading?
if (strlen($user_settings['passwd']) != 40) {
$context['login_errors'] = array($txt['login_hash_error']);
$context['disable_login_hashing'] = true;
unset($user_settings);
return;
} elseif ($_POST['hash_passwrd'] == sha1($user_settings['passwd'] . $sc)) {
$sha_passwd = $user_settings['passwd'];
} else {
// Don't allow this!
validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']);
$_SESSION['failed_login'] = @$_SESSION['failed_login'] + 1;
if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
redirectexit('action=reminder');
} else {
log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user');
$context['disable_login_hashing'] = true;
$context['login_errors'] = array($txt['incorrect_password']);
unset($user_settings);
return;
}
}
} else {
$sha_passwd = sha1(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd']));
}
// Bad password! Thought you could fool the database?!
if ($user_settings['passwd'] != $sha_passwd) {
// Let's be cautious, no hacking please. thanx.
validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']);
// Maybe we were too hasty... let's try some other authentication methods.
$other_passwords = array();
// None of the below cases will be used most of the time (because the salt is normally set.)
if ($user_settings['password_salt'] == '') {
// YaBB SE, Discus, MD5 (used a lot), SHA-1 (used some), SMF 1.0.x, IkonBoard, and none at all.
$other_passwords[] = crypt($_POST['passwrd'], substr($_POST['passwrd'], 0, 2));
$other_passwords[] = crypt($_POST['passwrd'], substr($user_settings['passwd'], 0, 2));
$other_passwords[] = md5($_POST['passwrd']);
$other_passwords[] = sha1($_POST['passwrd']);
$other_passwords[] = md5_hmac($_POST['passwrd'], strtolower($user_settings['member_name']));
$other_passwords[] = md5($_POST['passwrd'] . strtolower($user_settings['member_name']));
$other_passwords[] = md5(md5($_POST['passwrd']));
$other_passwords[] = $_POST['passwrd'];
// This one is a strange one... MyPHP, crypt() on the MD5 hash.
$other_passwords[] = crypt(md5($_POST['passwrd']), md5($_POST['passwrd']));
// Snitz style - SHA-256. Technically, this is a downgrade, but most PHP configurations don't support sha256 anyway.
if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256')) {
$other_passwords[] = bin2hex(mhash(MHASH_SHA256, $_POST['passwrd']));
}
// phpBB3 users new hashing. We now support it as well ;).
$other_passwords[] = phpBB3_password_check($_POST['passwrd'], $user_settings['passwd']);
// APBoard 2 Login Method.
$other_passwords[] = md5(crypt($_POST['passwrd'], 'CRYPT_MD5'));
} elseif (strlen($user_settings['passwd']) == 32) {
// vBulletin 3 style hashing? Let's welcome them with open arms \o/.
$other_passwords[] = md5(md5($_POST['passwrd']) . $user_settings['password_salt']);
// Hmm.. p'raps it's Invision 2 style?
$other_passwords[] = md5(md5($user_settings['password_salt']) . md5($_POST['passwrd']));
// Some common md5 ones.
$other_passwords[] = md5($user_settings['password_salt'] . $_POST['passwrd']);
$other_passwords[] = md5($_POST['passwrd'] . $user_settings['password_salt']);
} elseif (strlen($user_settings['passwd']) == 40) {
// Maybe they are using a hash from before the password fix.
$other_passwords[] = sha1(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd']));
// BurningBoard3 style of hashing.
$other_passwords[] = sha1($user_settings['password_salt'] . sha1($user_settings['password_salt'] . sha1($_POST['passwrd'])));
// Perhaps we converted to UTF-8 and have a valid password being hashed differently.
if ($context['character_set'] == 'utf8' && !empty($modSettings['previousCharacterSet']) && $modSettings['previousCharacterSet'] != 'utf8') {
// Try iconv first, for no particular reason.
if (function_exists('iconv')) {
$other_passwords['iconv'] = sha1(strtolower(iconv('UTF-8', $modSettings['previousCharacterSet'], $user_settings['member_name'])) . un_htmlspecialchars(iconv('UTF-8', $modSettings['previousCharacterSet'], $_POST['passwrd'])));
}
// Say it aint so, iconv failed!
if (empty($other_passwords['iconv']) && function_exists('mb_convert_encoding')) {
$other_passwords[] = sha1(strtolower(mb_convert_encoding($user_settings['member_name'], 'UTF-8', $modSettings['previousCharacterSet'])) . un_htmlspecialchars(mb_convert_encoding($_POST['passwrd'], 'UTF-8', $modSettings['previousCharacterSet'])));
}
}
}
// SMF's sha1 function can give a funny result on Linux (Not our fault!). If we've now got the real one let the old one be valid!
if (strpos(strtolower(PHP_OS), 'win') !== 0) {
require_once $sourcedir . '/Subs-Compat.php';
$other_passwords[] = sha1_smf(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd']));
}
// Whichever encryption it was using, let's make it use SMF's now ;).
if (in_array($user_settings['passwd'], $other_passwords)) {
$user_settings['passwd'] = $sha_passwd;
$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
// Update the password and set up the hash.
updateMemberData($user_settings['id_member'], array('passwd' => $user_settings['passwd'], 'password_salt' => $user_settings['password_salt'], 'passwd_flood' => ''));
} else {
// They've messed up again - keep a count to see if they need a hand.
$_SESSION['failed_login'] = @$_SESSION['failed_login'] + 1;
// Hmm... don't remember it, do you? Here, try the password reminder ;).
if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
redirectexit('action=reminder');
} else {
// Log an error so we know that it didn't go well in the error log.
log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user');
$context['login_errors'] = array($txt['incorrect_password']);
return;
}
}
} elseif (!empty($user_settings['passwd_flood'])) {
// Let's be sure they weren't a little hacker.
validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood'], true);
// If we got here then we can reset the flood counter.
updateMemberData($user_settings['id_member'], array('passwd_flood' => ''));
}
// Correct password, but they've got no salt; fix it!
if ($user_settings['password_salt'] == '') {
$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
updateMemberData($user_settings['id_member'], array('password_salt' => $user_settings['password_salt']));
}
}
// Check their activation status.
if (!checkActivation()) {
return;
}
DoLogin();
}
function Register2($verifiedOpenID = false)
{
global $txt, $modSettings, $context, $sourcedir;
// Start collecting together any errors.
$reg_errors = array();
// Did we save some open ID fields?
if ($verifiedOpenID && !empty($context['openid_save_fields'])) {
foreach ($context['openid_save_fields'] as $id => $value) {
$_POST[$id] = $value;
}
}
// You can't register if it's disabled.
if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3) {
fatal_lang_error('registration_disabled', false);
}
// Things we don't do for people who have already confirmed their OpenID allegances via register.
if (!$verifiedOpenID) {
// Well, if you don't agree, you can't register.
if (!empty($modSettings['requireAgreement']) && empty($_SESSION['registration_agreed'])) {
redirectexit();
}
// Make sure they came from *somewhere*, have a session.
if (!isset($_SESSION['old_url'])) {
redirectexit('action=register');
}
// Are they under age, and under age users are banned?
if (!empty($modSettings['coppaAge']) && empty($modSettings['coppaType']) && empty($_SESSION['skip_coppa'])) {
// !!! This should be put in Errors, imho.
loadLanguage('Login');
fatal_lang_error('under_age_registration_prohibited', false, array($modSettings['coppaAge']));
}
// Check whether the visual verification code was entered correctly.
if (!empty($modSettings['reg_verification'])) {
require_once $sourcedir . '/lib/Subs-Editor.php';
$verificationOptions = array('id' => 'register');
$context['visual_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['visual_verification'])) {
loadLanguage('Errors');
foreach ($context['visual_verification'] as $error) {
$reg_errors[] = $txt['error_' . $error];
}
}
}
}
foreach ($_POST as $key => $value) {
if (!is_array($_POST[$key])) {
$_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
}
}
// Collect all extra registration fields someone might have filled in.
$possible_strings = array('location', 'birthdate', 'time_format', 'buddy_list', 'pm_ignore_list', 'smiley_set', 'signature', 'personal_text', 'avatar', 'lngfile', 'secret_question', 'secret_answer');
$possible_ints = array('pm_email_notify', 'notify_types', 'gender', 'id_theme');
$possible_floats = array('time_offset');
$possible_bools = array('notify_announcements', 'notify_regularity', 'notify_send_body', 'hide_email', 'show_online');
if (isset($_POST['secret_answer']) && $_POST['secret_answer'] != '') {
$_POST['secret_answer'] = md5($_POST['secret_answer']);
}
// Needed for isReservedName() and registerMember().
require_once $sourcedir . '/lib/Subs-Members.php';
// Validation... even if we're not a mall.
if (isset($_POST['real_name']) && (!empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum'))) {
$_POST['real_name'] = trim(preg_replace('~[\\s]~u', ' ', $_POST['real_name']));
if (trim($_POST['real_name']) != '' && !isReservedName($_POST['real_name']) && commonAPI::strlen($_POST['real_name']) < 60) {
$possible_strings[] = 'real_name';
}
}
// Handle a string as a birthdate...
if (isset($_POST['birthdate']) && $_POST['birthdate'] != '') {
$_POST['birthdate'] = strftime('%Y-%m-%d', strtotime($_POST['birthdate']));
} elseif (!empty($_POST['bday1']) && !empty($_POST['bday2'])) {
$_POST['birthdate'] = sprintf('%04d-%02d-%02d', empty($_POST['bday3']) ? 0 : (int) $_POST['bday3'], (int) $_POST['bday1'], (int) $_POST['bday2']);
}
// By default assume email is hidden, only show it if we tell it to.
$_POST['hide_email'] = !empty($_POST['allow_email']) ? 0 : 1;
// Validate the passed language file.
if (isset($_POST['lngfile']) && !empty($modSettings['userLanguage'])) {
// Do we have any languages?
if (empty($context['languages'])) {
getLanguages();
}
// Did we find it?
if (isset($context['languages'][$_POST['lngfile']])) {
$_SESSION['language'] = $_POST['lngfile'];
} else {
unset($_POST['lngfile']);
}
} else {
unset($_POST['lngfile']);
}
// Set the options needed for registration.
$regOptions = array('interface' => 'guest', 'username' => !empty($_POST['user']) ? $_POST['user'] : '', 'email' => !empty($_POST['email']) ? $_POST['email'] : '', 'password' => !empty($_POST['passwrd1']) ? $_POST['passwrd1'] : '', 'password_check' => !empty($_POST['passwrd2']) ? $_POST['passwrd2'] : '', 'openid' => !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : '', 'auth_method' => !empty($_POST['authenticate']) ? $_POST['authenticate'] : '', 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => !empty($modSettings['coppaAge']) && !$verifiedOpenID && empty($_SESSION['skip_coppa']) ? 'coppa' : (empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval')), 'extra_register_vars' => array(), 'theme_vars' => array());
// Include the additional options that might have been filled in.
foreach ($possible_strings as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = commonAPI::htmlspecialchars($_POST[$var], ENT_QUOTES);
}
}
foreach ($possible_ints as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = (int) $_POST[$var];
}
}
foreach ($possible_floats as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = (double) $_POST[$var];
}
}
foreach ($possible_bools as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1;
}
}
// Registration options are always default options...
if (isset($_POST['default_options'])) {
$_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
}
$regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? $_POST['options'] : array();
// Make sure they are clean, dammit!
$regOptions['theme_vars'] = htmlspecialchars__recursive($regOptions['theme_vars']);
// If Quick Reply hasn't been set then set it to be shown but collapsed.
if (!isset($regOptions['theme_vars']['display_quick_reply'])) {
$regOptions['theme_vars']['display_quick_reply'] = 1;
}
// Check whether we have fields that simply MUST be displayed?
$request = smf_db_query('
SELECT col_name, field_name, field_type, field_length, mask, show_reg
FROM {db_prefix}custom_fields
WHERE active = {int:is_active}', array('is_active' => 1));
$custom_field_errors = array();
while ($row = mysql_fetch_assoc($request)) {
// Don't allow overriding of the theme variables.
if (isset($regOptions['theme_vars'][$row['col_name']])) {
unset($regOptions['theme_vars'][$row['col_name']]);
}
// Not actually showing it then?
if (!$row['show_reg']) {
continue;
}
// Prepare the value!
$value = isset($_POST['customfield'][$row['col_name']]) ? trim($_POST['customfield'][$row['col_name']]) : '';
// We only care for text fields as the others are valid to be empty.
if (!in_array($row['field_type'], array('check', 'select', 'radio'))) {
// Is it too long?
if ($row['field_length'] && $row['field_length'] < commonAPI::strlen($value)) {
$custom_field_errors[] = array('custom_field_too_long', array($row['field_name'], $row['field_length']));
}
// Any masks to apply?
if ($row['field_type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none') {
//!!! We never error on this - just ignore it at the moment...
if ($row['mask'] == 'email' && (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $value) === 0 || strlen($value) > 255)) {
$custom_field_errors[] = array('custom_field_invalid_email', array($row['field_name']));
} elseif ($row['mask'] == 'number' && preg_match('~[^\\d]~', $value)) {
$custom_field_errors[] = array('custom_field_not_number', array($row['field_name']));
} elseif (substr($row['mask'], 0, 5) == 'regex' && preg_match(substr($row['mask'], 5), $value) === 0) {
$custom_field_errors[] = array('custom_field_inproper_format', array($row['field_name']));
}
}
}
// Is this required but not there?
if (trim($value) == '' && $row['show_reg'] > 1) {
$custom_field_errors[] = array('custom_field_empty', array($row['field_name']));
}
}
mysql_free_result($request);
// Process any errors.
if (!empty($custom_field_errors)) {
loadLanguage('Errors');
foreach ($custom_field_errors as $error) {
$reg_errors[] = vsprintf($txt['error_' . $error[0]], $error[1]);
}
}
// Lets check for other errors before trying to register the member.
if (!empty($reg_errors)) {
$_REQUEST['step'] = 2;
return Register($reg_errors);
}
// If they're wanting to use OpenID we need to validate them first.
if (empty($_SESSION['openid']['verified']) && !empty($_POST['authenticate']) && $_POST['authenticate'] == 'openid') {
// What do we need to save?
$save_variables = array();
foreach ($_POST as $k => $v) {
if (!in_array($k, array('sc', 'sesc', $context['session_var'], 'passwrd1', 'passwrd2', 'regSubmit'))) {
$save_variables[$k] = $v;
}
}
require_once $sourcedir . '/lib/Subs-OpenID.php';
smf_openID_validate($_POST['openid_identifier'], false, $save_variables);
} elseif ($verifiedOpenID || !empty($_POST['openid_identifier']) && $_POST['authenticate'] == 'openid') {
$regOptions['username'] = !empty($_POST['user']) && trim($_POST['user']) != '' ? $_POST['user'] : $_SESSION['openid']['nickname'];
$regOptions['email'] = !empty($_POST['email']) && trim($_POST['email']) != '' ? $_POST['email'] : $_SESSION['openid']['email'];
$regOptions['auth_method'] = 'openid';
$regOptions['openid'] = !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : $_SESSION['openid']['openid_uri'];
}
$memberID = registerMember($regOptions, true);
// What there actually an error of some kind dear boy?
if (is_array($memberID)) {
$reg_errors = array_merge($reg_errors, $memberID);
$_REQUEST['step'] = 2;
return Register($reg_errors);
}
// Do our spam protection now.
spamProtection('register');
HookAPI::callHook('register_process');
// We'll do custom fields after as then we get to use the helper function!
if (!empty($_POST['customfield'])) {
require_once $sourcedir . '/Profile.php';
require_once $sourcedir . '/Profile-Modify.php';
makeCustomFieldChanges($memberID, 'register');
}
// If COPPA has been selected then things get complicated, setup the template.
if (!empty($modSettings['coppaAge']) && empty($_SESSION['skip_coppa'])) {
redirectexit('action=coppa;member=' . $memberID);
} elseif (!empty($modSettings['registration_method'])) {
EoS_Smarty::loadTemplate('register/base');
EoS_Smarty::getConfigInstance()->registerHookTemplate('register_content_area', 'register/done');
$context += array('page_title' => $txt['register'], 'title' => $txt['registration_successful'], 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']);
} else {
HookAPI::callHook('integrate_activate', array($row['member_name']));
setLoginCookie(60 * $modSettings['cookieTime'], $memberID, sha1(sha1(strtolower($regOptions['username']) . $regOptions['password']) . $regOptions['register_vars']['password_salt']));
redirectexit('action=login2;sa=check;member=' . $memberID, $context['server']['needs_login_fix']);
}
}
/**
* This checks to see if the user exists in WP or not. If they do but don't
* exist in SMF, the SMF user is created. If they are in SMF but not WP,
* they are created in WP. If they exist in both or don't exist in either,
* we fall through and let SMF handle it.
*
* @param string $user Username
* @param string $hashPasswd Hashed password from SMF
* @return string 'retry' if we need a non-hashed password or '' if we are okay
*/
public function integrate_validate_login($user, $hashPasswd)
{
global $smcFunc, $sourcedir, $modSettings, $txt;
if (!$this->enabled) {
return '';
}
$this->loadWordpressSettings();
// Check if they exist in Wordpress
$this->wpUser = new WordpressUser($this->db_prefix, $this->db_connection, $user);
// We need to know if they exist in SMF too
$request = $smcFunc['db_query']('', '
SELECT *
FROM {db_prefix}members
WHERE member_name = {string:user}
LIMIT 1', array('user' => $user));
$smfUser = $smcFunc['db_num_rows']($request) > 0 ? $smcFunc['db_fetch_assoc']($request) : FALSE;
$smcFunc['db_free_result']($request);
// Not in either table, or in both, fall through
if (!isset($this->wpUser->ID) && !$smfUser || isset($this->wpUser->ID) && $smfUser) {
return '';
}
// A hashed password but missing user requires a retry to populate the user
if ($hashPasswd !== NULL) {
return 'retry';
}
$roleMaps = !empty($modSettings['wordpress_role_maps']) ? unserialize($modSettings['wordpress_role_maps']) : array('smf' => array(), 'wp' => array());
// Create a SMF user
if (isset($this->wpUser->ID)) {
// First make sure they used the right password
if (!$this->wpUser->isLegit($_POST['passwrd'])) {
return 'retry';
}
$role = array_shift(array_flip(@unserialize($this->wpUser->role)));
$regOptions = array('interface' => 'wordpress_bridge', 'auth_method' => 'password', 'username' => $this->wpUser->user_login, 'email' => $this->wpUser->user_email, 'require' => 'nothing', 'password' => $_POST['passwrd'], 'password_check' => $_POST['passwrd'], 'check_password_strength' => FALSE, 'check_email_ban' => FALSE, 'extra_register_vars' => array('id_group' => !empty($roleMaps['wp'][$role]) ? $roleMaps['wp'][$role] : 0, 'real_name' => !empty($this->wpUser->display_name) ? $this->wpUser->display_name : $this->wpUser->user_login, 'date_registered' => strtotime($this->wpUser->user_registered)));
require_once $sourcedir . '/Subs-Members.php';
$this->bypassRegisterHook = TRUE;
$errors = registerMember($regOptions, TRUE);
// Errors have to be dealt with
if (!is_array($errors)) {
return '';
}
log_error(sprintf($txt['wordpress cannot sync'], $this->wpUser->user_login) . "\n" . print_r($errors, TRUE), 'user');
fatal_lang_error('wordpress cannot sync', FALSE, array($this->wpUser->user_login));
} else {
$this->wpUser->user_login = $smfUser['member_name'];
$this->wpUser->user_nicename = $smfUser['member_name'];
$this->wpUser->user_email = $smfUser['email_address'];
$this->wpUser->user_pass = $_POST['passwrd'];
$this->wpUser->user_url = $smfUser['website_url'];
$this->wpUser->user_registered = gmdate("Y-m-d H:i:s", $smfUser['date_registered']);
$this->wpUser->user_status = 0;
$this->wpUser->display_name = $smfUser['real_name'];
$this->wpUser->role = $smfUser['id_group'];
$this->wpUser->save();
return '';
}
}
private function _makeMembers()
{
require_once SUBSDIR . '/Members.subs.php';
while ($this->counters['members']['current'] < $this->counters['members']['max'] && $this->blockSize--) {
$regOptions = array('interface' => 'admin', 'username' => 'Member ' . ++$this->counters['members']['current'], 'email' => 'member_' . $this->counters['members']['current'] . '@' . $_SERVER['SERVER_NAME'] . (strpos($_SERVER['SERVER_NAME'], '.') === FALSE ? '.com' : ''), 'password' => '', 'require' => 'nothing');
registerMember($regOptions);
}
$this->_pause();
}
function action_register()
{
global $sourcedir, $context, $modSettings, $request_name, $maintenance, $mmessage, $tid_sign_in;
checkSession();
if (empty($_POST['password'])) {
get_error('password cannot be empty');
}
if (!($maintenance == 0)) {
get_error('Forum is in maintenance model or Tapatalk is disabled by forum administrator.');
}
if ($modSettings['registration_method'] == 0) {
$register_mode = 'nothing';
} else {
if ($modSettings['registration_method'] == 1) {
$register_mode = $_POST['emailActivate'] === false ? 'nothing' : 'activation';
} else {
$register_mode = 'approval';
}
}
foreach ($_POST as $key => $value) {
if (!is_array($_POST[$key])) {
$_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
}
}
$_POST['group'] = 0;
if ($register_mode == 'nothing' && isset($modSettings['tp_iar_usergroup_assignment'])) {
$_POST['group'] = $modSettings['tp_iar_usergroup_assignment'];
}
$regOptions = array('interface' => $register_mode == 'approval' ? 'guest' : 'admin', 'username' => $_POST['user'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'password_check' => $_POST['password'], 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => false, 'send_welcome_email' => isset($_POST['emailPassword']) || empty($_POST['password']), 'require' => $register_mode, 'memberGroup' => (int) $_POST['group']);
define('mobi_register', 1);
require_once $sourcedir . '/Subs-Members.php';
$memberID = registerMember($regOptions);
if (!empty($memberID)) {
$context['new_member'] = array('id' => $memberID, 'name' => $_POST['user'], 'href' => $scripturl . '?action=profile;u=' . $memberID, 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $memberID . '">' . $_POST['user'] . '</a>');
$context['registration_done'] = sprintf($txt['admin_register_done'], $context['new_member']['link']);
}
if (!empty($memberID) && $tid_sign_in) {
//update profile
if (isset($_POST['tid_profile']) && !empty($_POST['tid_profile']) && is_array($_POST['tid_profile'])) {
$profile_vars = array('avatar' => $_POST['tid_profile']['avatar_url']);
updateMemberData($memberID, $profile_vars);
}
//simulate login
$request_name = 'login';
$_REQUEST['action'] = $_GET['action'] = $_POST['action'] = 'login2';
before_action_login();
require_once 'include/LogInOut.php';
Login2();
}
}
function AdminRegister()
{
global $txt, $context, $db_prefix, $sourcedir, $scripturl;
// Setup the "tab", just incase an error occurs.
$context['admin_tabs']['tabs']['register']['is_selected'] = true;
if (!empty($_POST['regSubmit'])) {
checkSession();
foreach ($_POST as $key => $value) {
if (!is_array($_POST[$key])) {
$_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
}
}
$regOptions = array('interface' => 'admin', 'username' => $_POST['user'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'password_check' => $_POST['password'], 'check_reserved_name' => true, 'check_password_strength' => false, 'check_email_ban' => false, 'send_welcome_email' => isset($_POST['emailPassword']), 'require' => isset($_POST['emailActivate']) ? 'activation' : 'nothing', 'memberGroup' => empty($_POST['group']) ? 0 : (int) $_POST['group']);
require_once $sourcedir . '/Subs-Members.php';
$memberID = registerMember($regOptions);
if (!empty($memberID)) {
$context['new_member'] = array('id' => $memberID, 'name' => $_POST['user'], 'href' => $scripturl . '?action=profile;u=' . $memberID, 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $memberID . '">' . $_POST['user'] . '</a>');
$context['registration_done'] = sprintf($txt['admin_register_done'], $context['new_member']['link']);
}
}
// Basic stuff.
$context['sub_template'] = 'admin_register';
$context['page_title'] = $txt['registration_center'];
// Load the assignable member groups.
$request = db_query("\n\t\tSELECT groupName, ID_GROUP\n\t\tFROM {$db_prefix}membergroups\n\t\tWHERE ID_GROUP != 3\n\t\t\tAND minPosts = -1" . (allowedTo('admin_forum') ? '' : "\n\t\t\tAND ID_GROUP != 1") . "\n\t\tORDER BY minPosts, IF(ID_GROUP < 4, ID_GROUP, 4), groupName", __FILE__, __LINE__);
$context['member_groups'] = array(0 => &$txt['admin_register_group_none']);
while ($row = mysql_fetch_assoc($request)) {
$context['member_groups'][$row['ID_GROUP']] = $row['groupName'];
}
mysql_free_result($request);
}
function Register2($verifiedOpenID = false)
{
global $scripturl, $txt, $modSettings, $context, $sourcedir;
global $user_info, $options, $settings, $smcFunc;
// Start collecting together any errors.
$reg_errors = array();
// Did we save some open ID fields?
if ($verifiedOpenID && !empty($context['openid_save_fields'])) {
foreach ($context['openid_save_fields'] as $id => $value) {
$_POST[$id] = $value;
}
}
// You can't register if it's disabled.
if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3) {
fatal_lang_error('registration_disabled', false);
}
// Things we don't do for people who have already confirmed their OpenID allegances via register.
if (!$verifiedOpenID) {
// Well, if you don't agree, you can't register.
if (!empty($modSettings['requireAgreement']) && empty($_SESSION['registration_agreed'])) {
redirectexit();
}
// Make sure they came from *somewhere*, have a session.
if (!isset($_SESSION['old_url'])) {
redirectexit('action=register');
}
// Are they under age, and under age users are banned?
if (!empty($modSettings['coppaAge']) && empty($modSettings['coppaType']) && empty($_SESSION['skip_coppa'])) {
// !!! This should be put in Errors, imho.
loadLanguage('Login');
fatal_lang_error('under_age_registration_prohibited', false, array($modSettings['coppaAge']));
}
// Check whether the visual verification code was entered correctly.
if (!empty($modSettings['reg_verification'])) {
require_once $sourcedir . '/Subs-Editor.php';
$verificationOptions = array('id' => 'register');
$context['visual_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['visual_verification'])) {
loadLanguage('Errors');
foreach ($context['visual_verification'] as $error) {
$reg_errors[] = $txt['error_' . $error];
}
}
}
}
foreach ($_POST as $key => $value) {
if (!is_array($_POST[$key])) {
$_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
}
}
// Collect all extra registration fields someone might have filled in.
$possible_strings = array('website_url', 'website_title', 'aim', 'yim', 'skype', 'gtalk', 'location', 'birthdate', 'time_format', 'buddy_list', 'pm_ignore_list', 'smiley_set', 'signature', 'personal_text', 'avatar', 'lngfile', 'secret_question', 'secret_answer');
$possible_ints = array('pm_email_notify', 'notify_types', 'icq', 'gender', 'id_theme');
$possible_floats = array('time_offset');
$possible_bools = array('notify_announcements', 'notify_regularity', 'notify_send_body', 'hide_email', 'show_online');
if (isset($_POST['secret_answer']) && $_POST['secret_answer'] != '') {
$_POST['secret_answer'] = md5($_POST['secret_answer']);
}
// Needed for isReservedName() and registerMember().
require_once $sourcedir . '/Subs-Members.php';
// Validation... even if we're not a mall.
if (isset($_POST['real_name']) && (!empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum'))) {
$_POST['real_name'] = trim(preg_replace('~[\\t\\n\\r \\x0B\\0' . ($context['utf8'] ? $context['server']['complex_preg_chars'] ? '\\x{A0}\\x{AD}\\x{2000}-\\x{200F}\\x{201F}\\x{202F}\\x{3000}\\x{FEFF}' : " -‟ ‟ " : '\\x00-\\x08\\x0B\\x0C\\x0E-\\x19\\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $_POST['real_name']));
if (trim($_POST['real_name']) != '' && !isReservedName($_POST['real_name']) && $smcFunc['strlen']($_POST['real_name']) < 60) {
$possible_strings[] = 'real_name';
}
}
if (isset($_POST['msn']) && preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['msn']) != 0) {
$profile_strings[] = 'msn';
}
// Handle a string as a birthdate...
if (isset($_POST['birthdate']) && $_POST['birthdate'] != '') {
$_POST['birthdate'] = strftime('%Y-%m-%d', strtotime($_POST['birthdate']));
} elseif (!empty($_POST['bday1']) && !empty($_POST['bday2'])) {
$_POST['birthdate'] = sprintf('%04d-%02d-%02d', empty($_POST['bday3']) ? 0 : (int) $_POST['bday3'], (int) $_POST['bday1'], (int) $_POST['bday2']);
}
// By default assume email is hidden, only show it if we tell it to.
$_POST['hide_email'] = !empty($_POST['allow_email']) ? 0 : 1;
// Validate the passed language file.
if (isset($_POST['lngfile']) && !empty($modSettings['userLanguage'])) {
// Do we have any languages?
if (empty($context['languages'])) {
getLanguages();
}
// Did we find it?
if (isset($context['languages'][$_POST['lngfile']])) {
$_SESSION['language'] = $_POST['lngfile'];
} else {
unset($_POST['lngfile']);
}
} else {
unset($_POST['lngfile']);
}
// Some of these fields we may not want.
if (!empty($modSettings['registration_fields'])) {
// But we might want some of them if the admin asks for them.
$standard_fields = array('icq', 'msn', 'aim', 'yim', 'location', 'gender');
$reg_fields = explode(',', $modSettings['registration_fields']);
$exclude_fields = array_diff($standard_fields, $reg_fields);
// Website is a little different
if (!in_array('website', $reg_fields)) {
$exclude_fields = array_merge($exclude_fields, array('website_url', 'website_title'));
}
// We used to accept signature on registration but it's being abused by spammers these days, so no more.
$exclude_fields[] = 'signature';
} else {
$exclude_fields = array('signature', 'icq', 'msn', 'aim', 'yim', 'location', 'gender', 'website_url', 'website_title');
}
$possible_strings = array_diff($possible_strings, $exclude_fields);
$possible_ints = array_diff($possible_ints, $exclude_fields);
$possible_floats = array_diff($possible_floats, $exclude_fields);
$possible_bools = array_diff($possible_bools, $exclude_fields);
// Set the options needed for registration.
$regOptions = array('interface' => 'guest', 'username' => !empty($_POST['user']) ? $_POST['user'] : '', 'email' => !empty($_POST['email']) ? $_POST['email'] : '', 'password' => !empty($_POST['passwrd1']) ? $_POST['passwrd1'] : '', 'password_check' => !empty($_POST['passwrd2']) ? $_POST['passwrd2'] : '', 'openid' => !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : '', 'auth_method' => !empty($_POST['authenticate']) ? $_POST['authenticate'] : '', 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => !empty($modSettings['coppaAge']) && !$verifiedOpenID && empty($_SESSION['skip_coppa']) ? 'coppa' : (empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval')), 'extra_register_vars' => array(), 'theme_vars' => array());
// Include the additional options that might have been filled in.
foreach ($possible_strings as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = $smcFunc['htmlspecialchars']($_POST[$var], ENT_QUOTES);
}
}
foreach ($possible_ints as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = (int) $_POST[$var];
}
}
foreach ($possible_floats as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = (double) $_POST[$var];
}
}
foreach ($possible_bools as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1;
}
}
// Registration options are always default options...
if (isset($_POST['default_options'])) {
$_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
}
$regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? $_POST['options'] : array();
// Make sure they are clean, dammit!
$regOptions['theme_vars'] = htmlspecialchars__recursive($regOptions['theme_vars']);
// If Quick Reply hasn't been set then set it to be shown but collapsed.
if (!isset($regOptions['theme_vars']['display_quick_reply'])) {
$regOptions['theme_vars']['display_quick_reply'] = 1;
}
// Check whether we have fields that simply MUST be displayed?
$request = $smcFunc['db_query']('', '
SELECT col_name, field_name, field_type, field_length, mask, show_reg
FROM {db_prefix}custom_fields
WHERE active = {int:is_active}', array('is_active' => 1));
$custom_field_errors = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
// Don't allow overriding of the theme variables.
if (isset($regOptions['theme_vars'][$row['col_name']])) {
unset($regOptions['theme_vars'][$row['col_name']]);
}
// Not actually showing it then?
if (!$row['show_reg']) {
continue;
}
// Prepare the value!
$value = isset($_POST['customfield'][$row['col_name']]) ? trim($_POST['customfield'][$row['col_name']]) : '';
// We only care for text fields as the others are valid to be empty.
if (!in_array($row['field_type'], array('check', 'select', 'radio'))) {
// Is it too long?
if ($row['field_length'] && $row['field_length'] < $smcFunc['strlen']($value)) {
$custom_field_errors[] = array('custom_field_too_long', array($row['field_name'], $row['field_length']));
}
// Any masks to apply?
if ($row['field_type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none') {
//!!! We never error on this - just ignore it at the moment...
if ($row['mask'] == 'email' && (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $value) === 0 || strlen($value) > 255)) {
$custom_field_errors[] = array('custom_field_invalid_email', array($row['field_name']));
} elseif ($row['mask'] == 'number' && preg_match('~[^\\d]~', $value)) {
$custom_field_errors[] = array('custom_field_not_number', array($row['field_name']));
} elseif (substr($row['mask'], 0, 5) == 'regex' && trim($value) != '' && preg_match(substr($row['mask'], 5), $value) === 0) {
$custom_field_errors[] = array('custom_field_inproper_format', array($row['field_name']));
}
}
}
// xxx if we are editing our minecraft name, make sure there are no duplicates
if (($row['col_name'] == "cust_minecra" || $row['col_name'] == "cust_rscnam") && $value != '') {
$already_taken_memID = -1;
$already_taken_memName = 'This user';
// first check the custom names
$mc_request = $smcFunc['db_query']('', '
SELECT `id_member`
FROM `{db_prefix}themes`
WHERE `variable` = {string:col_name}
AND `value` = {string:value}', array('col_name' => $row['col_name'], 'value' => strtolower($value)));
if ($mc_row = $smcFunc['db_fetch_assoc']($mc_request)) {
$already_taken_memID = $mc_row['id_member'];
}
$smcFunc['db_free_result']($mc_request);
// if custom name is not taken, compare it to account names, or just grab name
$mc_request = $smcFunc['db_query']('', '
SELECT `id_member`, `real_name`
FROM `{db_prefix}members`
WHERE id_member = {int:already_taken_memID} OR
(
(
`real_name` = {string:value}
OR `member_name` = {string:value}
)
)', array('already_taken_memID' => $already_taken_memID, 'value' => strtolower($value)));
if ($mc_row = $smcFunc['db_fetch_assoc']($mc_request)) {
$already_taken_memID = $mc_row['id_member'];
$already_taken_memName = $mc_row['real_name'];
}
$smcFunc['db_free_result']($mc_request);
if ($already_taken_memID != -1) {
// then someone already is using this name
global $boardurl;
$what_name = $row['col_name'] == "cust_minecra" ? 'Minecraft' : 'RSC';
die('<html>Error: <a href="' . $boardurl . '/index.php?action=profile;u=' . $already_taken_memID . "\">{$already_taken_memName}</a> has already registered this {$what_name} name!</html>");
}
}
if ($row['col_name'] == "cust_moparcr" && $value != '' && strlen($value) != 40) {
if (strlen($value) > 30) {
die("<html>Error: Maximum length for MoparCraft server password is 30 characters.</html>");
}
if ($value == $regOptions['password']) {
die("<html>Error: You can't set your MoparCraft server password to be the same as your forum password, if you want to use your forum password, leave this blank.</html>");
}
$value = sha1(strtolower($regOptions['username']) . htmlspecialchars_decode($value));
$_POST['customfield'][$row['col_name']] = $value;
}
// xxx end if we are editing our minecraft name, make sure there are no duplicates
// Is this required but not there?
if (trim($value) == '' && $row['show_reg'] > 1) {
$custom_field_errors[] = array('custom_field_empty', array($row['field_name']));
}
}
$smcFunc['db_free_result']($request);
// Process any errors.
if (!empty($custom_field_errors)) {
loadLanguage('Errors');
foreach ($custom_field_errors as $error) {
$reg_errors[] = vsprintf($txt['error_' . $error[0]], $error[1]);
}
}
// Lets check for other errors before trying to register the member.
if (!empty($reg_errors)) {
$_REQUEST['step'] = 2;
return Register($reg_errors);
}
// If they're wanting to use OpenID we need to validate them first.
if (empty($_SESSION['openid']['verified']) && !empty($_POST['authenticate']) && $_POST['authenticate'] == 'openid') {
// What do we need to save?
$save_variables = array();
foreach ($_POST as $k => $v) {
if (!in_array($k, array('sc', 'sesc', $context['session_var'], 'passwrd1', 'passwrd2', 'regSubmit'))) {
$save_variables[$k] = $v;
}
}
require_once $sourcedir . '/Subs-OpenID.php';
smf_openID_validate($_POST['openid_identifier'], false, $save_variables);
} elseif ($verifiedOpenID || !empty($_POST['openid_identifier']) && $_POST['authenticate'] == 'openid') {
$regOptions['username'] = !empty($_POST['user']) && trim($_POST['user']) != '' ? $_POST['user'] : $_SESSION['openid']['nickname'];
$regOptions['email'] = !empty($_POST['email']) && trim($_POST['email']) != '' ? $_POST['email'] : $_SESSION['openid']['email'];
$regOptions['auth_method'] = 'openid';
$regOptions['openid'] = !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : $_SESSION['openid']['openid_uri'];
}
$memberID = registerMember($regOptions, true);
// What there actually an error of some kind dear boy?
if (is_array($memberID)) {
$reg_errors = array_merge($reg_errors, $memberID);
$_REQUEST['step'] = 2;
return Register($reg_errors);
}
// Do our spam protection now.
spamProtection('register');
// We'll do custom fields after as then we get to use the helper function!
if (!empty($_POST['customfield'])) {
require_once $sourcedir . '/Profile.php';
require_once $sourcedir . '/Profile-Modify.php';
makeCustomFieldChanges($memberID, 'register');
}
// If COPPA has been selected then things get complicated, setup the template.
if (!empty($modSettings['coppaAge']) && empty($_SESSION['skip_coppa'])) {
redirectexit('action=coppa;member=' . $memberID);
} elseif (!empty($modSettings['registration_method'])) {
loadTemplate('Register');
$context += array('page_title' => $txt['register'], 'title' => $txt['registration_successful'], 'sub_template' => 'after', 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']);
} else {
call_integration_hook('integrate_activate', array($row['member_name']));
setLoginCookie(60 * $modSettings['cookieTime'], $memberID, sha1(sha1(strtolower($regOptions['username']) . $regOptions['password']) . $regOptions['register_vars']['password_salt']));
redirectexit('action=login2;sa=check;member=' . $memberID, $context['server']['needs_login_fix']);
}
}
function Register2()
{
global $scripturl, $txt, $modSettings, $db_prefix, $context, $sourcedir;
global $user_info, $options, $settings, $func;
// Well, if you don't agree, you can't register.
if (!empty($modSettings['requireAgreement']) && (empty($_POST['regagree']) || $_POST['regagree'] == 'no')) {
redirectexit();
}
// Make sure they came from *somewhere*, have a session.
if (!isset($_SESSION['old_url'])) {
redirectexit('action=register');
}
// You can't register if it's disabled.
if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3) {
fatal_lang_error('registration_disabled', false);
}
foreach ($_POST as $key => $value) {
if (!is_array($_POST[$key])) {
$_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
}
}
// Did they answer the verification questions correctly?
if (!empty($modSettings['anti_spam_ver_enable'])) {
if (!empty($modSettings['anti_spam_ver_ques_1']) && strcmp(strtolower($modSettings['anti_spam_ver_ans_1']), isset($_POST['anti_spam_ver_resp_1']) ? strtolower($_POST['anti_spam_ver_resp_1']) : '') || !empty($modSettings['anti_spam_ver_ques_2']) && strcmp(strtolower($modSettings['anti_spam_ver_ans_2']), isset($_POST['anti_spam_ver_resp_2']) ? strtolower($_POST['anti_spam_ver_resp_2']) : '') || !empty($modSettings['anti_spam_ver_ques_3']) && strcmp(strtolower($modSettings['anti_spam_ver_ans_3']), isset($_POST['anti_spam_ver_resp_3']) ? strtolower($_POST['anti_spam_ver_resp_3']) : '') || !empty($modSettings['anti_spam_ver_ques_4']) && strcmp(strtolower($modSettings['anti_spam_ver_ans_4']), isset($_POST['anti_spam_ver_resp_4']) ? strtolower($_POST['anti_spam_ver_resp_4']) : '') || !empty($modSettings['anti_spam_ver_ques_5']) && strcmp(strtolower($modSettings['anti_spam_ver_ans_5']), isset($_POST['anti_spam_ver_resp_5']) ? strtolower($_POST['anti_spam_ver_resp_5']) : '')) {
fatal_lang_error('anti_spam_ver_failed', false);
}
}
// Are they under age, and under age users are banned?
if (!empty($modSettings['coppaAge']) && empty($modSettings['coppaType']) && !isset($_POST['skip_coppa'])) {
// !!! This should be put in Errors, imho.
loadLanguage('Login');
fatal_lang_error('under_age_registration_prohibited', false, array($modSettings['coppaAge']));
}
// Check whether the visual verification code was entered correctly.
if ((empty($modSettings['disable_visual_verification']) || $modSettings['disable_visual_verification'] != 1) && (empty($_REQUEST['visual_verification_code']) || strtoupper($_REQUEST['visual_verification_code']) !== $_SESSION['visual_verification_code'])) {
$_SESSION['visual_errors'] = isset($_SESSION['visual_errors']) ? $_SESSION['visual_errors'] + 1 : 1;
if ($_SESSION['visual_errors'] > 3 && isset($_SESSION['visual_verification_code'])) {
unset($_SESSION['visual_verification_code']);
}
fatal_lang_error('visual_verification_failed', false);
} elseif (isset($_SESSION['visual_errors'])) {
unset($_SESSION['visual_errors']);
}
// Collect all extra registration fields someone might have filled in.
$possible_strings = array('websiteUrl', 'websiteTitle', 'AIM', 'YIM', 'location', 'birthdate', 'timeFormat', 'buddy_list', 'pm_ignore_list', 'smileySet', 'signature', 'personalText', 'avatar', 'lngfile', 'secretQuestion', 'secretAnswer');
$possible_ints = array('pm_email_notify', 'notifyTypes', 'ICQ', 'gender', 'ID_THEME');
$possible_floats = array('timeOffset');
$possible_bools = array('notifyAnnouncements', 'notifyOnce', 'notifySendBody', 'hideEmail', 'showOnline');
if (isset($_POST['secretAnswer']) && $_POST['secretAnswer'] != '') {
$_POST['secretAnswer'] = md5($_POST['secretAnswer']);
}
// Needed for isReservedName() and registerMember().
require_once $sourcedir . '/Subs-Members.php';
// Validation... even if we're not a mall.
if (isset($_POST['realName']) && (!empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum'))) {
$_POST['realName'] = trim(preg_replace('~[\\s]~' . ($context['utf8'] ? 'u' : ''), ' ', $_POST['realName']));
if (trim($_POST['realName']) != '' && !isReservedName($_POST['realName']) && $func['strlen']($_POST['realName']) <= 60) {
$possible_strings[] = 'realName';
}
}
if (isset($_POST['MSN']) && preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['MSN']) != 0) {
$profile_strings[] = 'MSN';
}
// Handle a string as a birthdate...
if (isset($_POST['birthdate']) && $_POST['birthdate'] != '') {
$_POST['birthdate'] = strftime('%Y-%m-%d', strtotime($_POST['birthdate']));
} elseif (!empty($_POST['bday1']) && !empty($_POST['bday2'])) {
$_POST['birthdate'] = sprintf('%04d-%02d-%02d', empty($_POST['bday3']) ? 0 : (int) $_POST['bday3'], (int) $_POST['bday1'], (int) $_POST['bday2']);
}
// Validate the passed langauge file.
if (isset($_POST['lngfile']) && !empty($modSettings['userLanguage'])) {
$language_directories = array($settings['default_theme_dir'] . '/languages', $settings['actual_theme_dir'] . '/languages');
if (!empty($settings['base_theme_dir'])) {
$language_directories[] = $settings['base_theme_dir'] . '/languages';
}
$language_directories = array_unique($language_directories);
foreach ($language_directories as $language_dir) {
if (!file_exists($language_dir)) {
continue;
}
$dir = dir($language_dir);
while ($entry = $dir->read()) {
if (preg_match('~^index\\.(.+)\\.php$~', $entry, $matches) && $matches[1] == $_POST['lngfile']) {
// Got it!
$found = true;
$_SESSION['language'] = $_POST['lngfile'];
break 2;
}
}
$dir->close();
}
if (empty($found)) {
unset($_POST['lngfile']);
}
} else {
unset($_POST['lngfile']);
}
// Set the options needed for registration.
$regOptions = array('interface' => 'guest', 'username' => $_POST['user'], 'email' => $_POST['email'], 'password' => $_POST['passwrd1'], 'password_check' => $_POST['passwrd2'], 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => !empty($modSettings['coppaAge']) && !isset($_POST['skip_coppa']) ? 'coppa' : (empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval')), 'extra_register_vars' => array(), 'theme_vars' => array());
// Include the additional options that might have been filled in.
foreach ($possible_strings as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = '\'' . $func['htmlspecialchars']($_POST[$var]) . '\'';
}
}
foreach ($possible_ints as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = (int) $_POST[$var];
}
}
foreach ($possible_floats as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = (double) $_POST[$var];
}
}
foreach ($possible_bools as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1;
}
}
// Registration options are always default options...
if (isset($_POST['default_options'])) {
$_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
}
$regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? htmlspecialchars__recursive($_POST['options']) : array();
$memberID = registerMember($regOptions);
// If COPPA has been selected then things get complicated, setup the template.
if (!empty($modSettings['coppaAge']) && !isset($_POST['skip_coppa'])) {
redirectexit('action=coppa;member=' . $memberID);
} elseif (!empty($modSettings['registration_method'])) {
loadTemplate('Register');
$context += array('page_title' => &$txt[97], 'sub_template' => 'after', 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']);
} else {
setLoginCookie(60 * $modSettings['cookieTime'], $memberID, sha1(sha1(strtolower($regOptions['username']) . $regOptions['password']) . substr($regOptions['register_vars']['passwordSalt'], 1, -1)));
redirectexit('action=login2;sa=check;member=' . $memberID, $context['server']['needs_login_fix']);
}
}
public static function fb_do_register()
{
global $context, $fb_object, $fb_hook_object, $sourcedir, $txt, $user_info, $modSettings;
if (isset($_GET['register'])) {
if (empty($_POST['real_name'])) {
fatal_error($fb_hook_object->txt['fb_regname1'], false);
}
$face_user['real_name'] = $fb_hook_object->face_USettings($_POST['real_name'], 'real_name', 'real_name');
if ($face_user['real_name']) {
redirectexit('action=facebookintegrate;area=logsync;nt;u=' . $_POST['real_name'] . '');
}
if (!empty($modSettings['fb_app_enablecp'])) {
$fb_object->fbc_custom_regfeild_check();
}
$real_name = $fb_hook_object->character_clean($_POST['real_name']);
$newEmail = $fb_object->user_info_fbemail;
$regOptions = array('interface' => 'guest', 'auth_method' => 'password', 'username' => $real_name, 'email' => $newEmail, 'require' => 'nothing', 'password' => $_POST['passwrd1'], 'password_check' => $_POST['passwrd2'], 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'password_salt' => substr(md5(mt_rand()), 0, 4), 'check_password_strength' => false, 'check_email_ban' => false, 'extra_register_vars' => array('id_group' => !empty($fb_hook_object->modSettings['fb_admin_mem_groupe']) ? $fb_hook_object->modSettings['fb_admin_mem_groupe'] : '0'));
require_once $sourcedir . '/Subs-Members.php';
$memberID = registerMember($regOptions);
if (!empty($fb_hook_object->modSettings['fb_app_enablecp'])) {
if (!empty($_POST['customfield'])) {
require_once $sourcedir . '/Profile.php';
require_once $sourcedir . '/Profile-Modify.php';
makeCustomFieldChanges($memberID, 'register');
}
}
updateMemberData($memberID, array('fbname' => $fb_object->user_info_fbname, 'fbid' => $fb_object->user_info_fbid));
$face_profile = 'http://facebook.com/profile.php?id=' . $fb_object->user_info_fbid . '';
$fb_hook_object->update_themes_face($memberID, 'face_pro', $face_profile);
redirectexit('action=facebookintegrate');
}
}
function gplus_connect()
{
global $modSettings, $sourcedir, $context;
$context['sub_template'] = 'gplus_cconnect';
$gdata = !empty($_SESSION['gplusdata']) ? $_SESSION['gplusdata'] : '';
$_SESSION['gplus']['id'] = $gdata['id'];
$_SESSION['gplus']['name'] = $gdata['name'];
if (empty($gdata)) {
fatal_lang_error('gp__app_error3', false);
}
gplus_do_agree();
if (isset($_REQUEST['register'])) {
$member_load = gplus_loadUser($_POST['real_name'], 'real_name');
if ($member_load['real_name']) {
redirectexit('action=gplus;area=logsync;nt;u=' . $member_load['real_name'] . '');
}
$regOptions = array('interface' => 'guest', 'auth_method' => 'password', 'username' => $_POST['real_name'], 'email' => $_POST['email'], 'require' => 'nothing', 'password' => !empty($_POST['passwrd1']) ? $_POST['passwrd1'] : '', 'password_check' => !empty($_POST['passwrd2']) ? $_POST['passwrd2'] : '', 'password_salt' => substr(md5(mt_rand()), 0, 4), 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'check_password_strength' => false, 'check_email_ban' => false, 'extra_register_vars' => array('id_group' => !empty($modSettings['gp_app_detait_gid']) ? $modSettings['gp_app_detait_gid'] : '0'));
require_once $sourcedir . '/Subs-Members.php';
$memberID = registerMember($regOptions);
updateMemberData($memberID, array('gpid' => $_SESSION['gplus']['id'], 'gpname' => $_SESSION['gplus']['name']));
redirectexit('action=gplus;auth=done');
}
}
public function action_register2()
{
global $txt, $modSettings, $context, $user_info;
// Start collecting together any errors.
$reg_errors = Error_Context::context('register', 0);
// Check they are who they should be
checkSession();
if (!validateToken('register', 'post', true, false)) {
$reg_errors->addError('token_verification');
}
// You can't register if it's disabled.
if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3) {
fatal_lang_error('registration_disabled', false);
}
// Well, if you don't agree, you can't register.
if (!empty($modSettings['requireAgreement']) && !isset($_POST['checkbox_agreement'])) {
$reg_errors->addError('agreement_unchecked');
}
// Make sure they came from *somewhere*, have a session.
if (!isset($_SESSION['old_url'])) {
redirectexit('action=register');
}
// Check their provider deatils match up correctly in case they're pulling something funny
if ($_POST['provider'] != $_SESSION['extauth_info']['provider']) {
redirectexit('action=register');
}
// Clean up
foreach ($_POST as $key => $value) {
if (!is_array($_POST[$key])) {
$_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
}
}
// Needed for isReservedName() and registerMember()
require_once SUBSDIR . '/Members.subs.php';
// Needed for generateValidationCode()
require_once SUBSDIR . '/Auth.subs.php';
// Set the options needed for registration.
$regOptions = array('interface' => 'guest', 'username' => !empty($_POST['user']) ? $_POST['user'] : '', 'email' => !empty($_POST['email']) ? $_POST['email'] : '', 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval'));
// Lets check for other errors before trying to register the member.
if ($reg_errors->hasErrors()) {
return $this->action_register();
}
mt_srand(time() + 1277);
$regOptions['password'] = generateValidationCode();
$regOptions['password_check'] = $regOptions['password'];
// Registration needs to know your IP
$req = request();
$regOptions['ip'] = $user_info['ip'];
$regOptions['ip2'] = $req->ban_ip();
$memberID = registerMember($regOptions, 'register');
// If there are "important" errors and you are not an admin: log the first error
// Otherwise grab all of them and don't log anything
if ($reg_errors->hasErrors(1) && !$user_info['is_admin']) {
foreach ($reg_errors->prepareErrors(1) as $error) {
fatal_error($error, 'general');
}
}
// One last error check
if ($reg_errors->hasErrors()) {
return $this->action_register();
}
// Do our spam protection now.
spamProtection('register');
// Since all is well, we'll go ahead and associate the member's external account
addAuth($memberID, $_SESSION['extauth_info']['provider'], $_SESSION['extauth_info']['uid'], $_SESSION['extauth_info']['name']);
// Basic template variable setup.
if (!empty($modSettings['registration_method'])) {
loadTemplate('Register');
$context += array('page_title' => $txt['register'], 'title' => $txt['registration_successful'], 'sub_template' => 'after', 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']);
} else {
call_integration_hook('integrate_activate', array($regOptions['username']));
setLoginCookie(60 * $modSettings['cookieTime'], $memberID, hash('sha256', Util::strtolower($regOptions['username']) . $regOptions['password'] . $regOptions['register_vars']['password_salt']));
redirectexit('action=auth;sa=check;member=' . $memberID, $context['server']['needs_login_fix']);
}
}
/**
* This function allows the admin to register a new member by hand.
*
* - It also allows assigning a primary group to the member being registered.
* - Accessed by ?action=admin;area=regcenter;sa=register
* - Requires the moderate_forum permission.
*
* @uses Register template, admin_register sub-template.
*/
public function action_register()
{
global $txt, $context, $scripturl, $user_info;
if (!empty($_POST['regSubmit'])) {
checkSession();
validateToken('admin-regc');
foreach ($_POST as $key => $dummy) {
if (!is_array($_POST[$key])) {
$_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
}
}
$regOptions = array('interface' => 'admin', 'username' => $_POST['user'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'password_check' => $_POST['password'], 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => false, 'send_welcome_email' => isset($_POST['emailPassword']) || empty($_POST['password']), 'require' => isset($_POST['emailActivate']) ? 'activation' : 'nothing', 'memberGroup' => empty($_POST['group']) || !allowedTo('manage_membergroups') ? 0 : (int) $_POST['group']);
require_once SUBSDIR . '/Members.subs.php';
$reg_errors = Error_Context::context('register', 0);
$memberID = registerMember($regOptions, 'register');
// If there are "important" errors and you are not an admin: log the first error
// Otherwise grab all of them and don't log anything
$error_severity = $reg_errors->hasErrors(1) && !$user_info['is_admin'] ? 1 : null;
foreach ($reg_errors->prepareErrors($error_severity) as $error) {
fatal_error($error, $error_severity === null ? false : 'general');
}
if (!empty($memberID)) {
$context['new_member'] = array('id' => $memberID, 'name' => $_POST['user'], 'href' => $scripturl . '?action=profile;u=' . $memberID, 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $memberID . '">' . $_POST['user'] . '</a>');
$context['registration_done'] = sprintf($txt['admin_register_done'], $context['new_member']['link']);
}
}
// Load the assignable member groups.
if (allowedTo('manage_membergroups')) {
require_once SUBSDIR . '/Membergroups.subs.php';
if (allowedTo('admin_forum')) {
$includes = array('admin', 'globalmod', 'member');
} else {
$includes = array('globalmod', 'member', 'custom');
}
$groups = array();
$membergroups = getBasicMembergroupData($includes, array('hidden', 'protected'));
foreach ($membergroups as $membergroup) {
$groups[$membergroup['id']] = $membergroup['name'];
}
$context['member_groups'] = $groups;
} else {
$context['member_groups'] = array();
}
// Basic stuff.
addInlineJavascript('disableAutoComplete();', true);
$context['sub_template'] = 'admin_register';
$context['page_title'] = $txt['registration_center'];
createToken('admin-regc');
}
<?php
function __autoload($class_name)
{
$path = str_replace('_', '/', $class_name);
require_once $path . '.class.php';
}
session_start();
if (isset($_REQUEST['cexp'])) {
$id = registerMember($_REQUEST['name'], $_REQUEST['phoneNumber'], $_REQUEST['email'], $_REQUEST['creditNumber']);
//first become a Member then a regular.
registerRegularMember($id, $_REQUEST['userID'], $_REQUEST['password'], $_REQUEST['address'], $_REQUEST['cexp']);
echo '<h1> sign up sucessful. Redirecting..<h1>';
header("refresh:2; url=index.php");
} else {
$uid = registerMember($_REQUEST['name'], $_REQUEST['phoneNumber'], $_REQUEST['email'], $_REQUEST['creditNumber']);
$_SESSION['uID'] = $uid;
$sID = $_SESSION['sID'];
echo "<a href=\"order.php?sID={$sID}\">GO BACK TO CONTINUE PURCHASE</a>";
}
function registerMember($name, $phone, $email, $Card)
{
$dao = new DAO();
$newID = $dao->getLastMemberID() + 1;
$isRegular = 'N';
$dao->registerMember($newID, $name, $phone, $email, $Card, $isRegular);
return $newID;
}
function registerRegularMember($id, $userID, $userPass, $address, $cexp)
{
$dao = new DAO();
