/**
* Check form values of registration form,
* do some cautious corrections
*
* @param unknown_type $vars
* @return unknown
*/
public function checkRegistrationForm(&$vars)
{
$errors = array();
// geonameid
if (empty($vars['geonameid']) || empty($vars['countryname'])) {
$errors[] = 'SignupErrorProvideLocation';
unset($vars['geonameid']);
}
// username
if (!isset($vars['username']) || !preg_match(self::HANDLE_PREGEXP, $vars['username']) || strpos($vars['username'], 'xn--') !== false) {
$errors[] = 'SignupErrorWrongUsername';
} elseif ($this->UsernameInUse($vars['username'])) {
$errors[] = 'SignupErrorUsernameAlreadyTaken';
}
// email (e-mail duplicates in BW database *not* allowed (as of 1st May 2013, ticket ))
if (!isset($vars['email']) || !PFunctions::isEmailAddress($vars['email'])) {
$errors[] = 'SignupErrorInvalidEmail';
}
if (!isset($vars['emailcheck']) || strcmp($vars['email'], $vars['emailcheck']) != 0) {
$errors[] = 'SignupErrorEmailCheck';
}
$users = $this->takeCareForNonUniqueEmailAddress($vars['email']);
if ($users != '') {
$errors[] = 'SignupErrorEmailAddressAlreadyInUse';
}
// password
if (!isset($vars['password']) || !isset($vars['passwordcheck']) || strlen($vars['password']) < 6 || strcmp($vars['password'], $vars['passwordcheck']) != 0) {
$errors[] = 'SignupErrorPasswordCheck';
}
// accommodation
if (empty($vars['accommodation']) || $vars['accommodation'] != 'anytime' && $vars['accommodation'] != 'dependonrequest' && $vars['accommodation'] != 'neverask') {
$errors[] = 'SignupErrorProvideAccommodation';
}
if (!empty($vars['sweet'])) {
$errors[] = 'SignupErrorSomethingWentWrong';
}
// firstname, lastname
if (empty($vars['firstname']) || empty($vars['lastname'])) {
$errors[] = 'SignupErrorFullNameRequired';
}
// (skipped:) secondname
if (!isset($vars['mothertongue']) || $vars['mothertongue'] == -1) {
$errors[] = 'SignupErrorNoMotherTongue';
}
// gender
if (empty($vars['gender']) || $vars['gender'] != 'female' && $vars['gender'] != 'male' && $vars['gender'] != 'other') {
$errors[] = 'SignupErrorProvideGender';
}
// birthyear
$birthmonth = 12;
if (!empty($vars['birthmonth'])) {
$birthmonth = $vars['birthmonth'];
}
$birthday = 28;
// TODO: could sometimes be 29, 30, 31
if (!empty($vars['birthday'])) {
$birthday = $vars['birthday'];
}
if (empty($vars['birthyear']) || !checkdate($birthmonth, $birthday, $vars['birthyear'])) {
$errors[] = 'SignupErrorBirthDate';
} else {
$vars['iso_date'] = $vars['birthyear'] . "-" . $birthmonth . "-" . $birthday;
if ($this->ageValue($vars['iso_date']) < self::YOUNGEST_MEMBER) {
$errors[] = 'SignupErrorBirthDateToLow';
}
}
// (skipped:) birthmonth
// (skipped:) birthday
// (skipped:) age hidden
// terms
if (empty($vars['terms']) || !$vars['terms']) {
$errors[] = 'SignupMustacceptTerms';
// TODO: looks like a wrong case in "Accept"
}
return $errors;
}
/**
* Processing registration
*
* This is a POST callback function
*
* Sets following errors in POST-vars:
* username - general username fault
* uinuse - username already in use
* email - general email fault, email format error
* einuse - email in use
* pw - general password fault
* pwmismatch - password mismatch
* inserror - error performing db insertion
*
* @param void
*/
public function registerProcess()
{
$c = PFunctions::hex2base64(sha1(__METHOD__));
if (PPostHandler::isHandling()) {
$vars =& PPostHandler::getVars();
$errors = array();
// check username
if (!isset($vars['u']) || !preg_match(User::HANDLE_PREGEXP, $vars['u']) || strpos($vars['u'], 'xn--') !== false) {
$errors[] = 'username';
} elseif ($this->handleInUse($vars['u'])) {
$errors[] = 'uinuse';
}
// email
if (!isset($vars['e']) || !PFunctions::isEmailAddress($vars['e'])) {
$errors[] = 'email';
} elseif ($this->emailInUse($vars['e'])) {
$errors[] = 'einuse';
}
// password
if (!isset($vars['p']) || !isset($vars['pc']) || !$vars['p'] || !$vars['pc'] || strlen($vars['p']) < 8) {
$errors[] = 'pw';
} elseif ($vars['p'] != $vars['pc']) {
$errors[] = 'pwmismatch';
} else {
if (substr_count($vars['p'], '*') != strlen($vars['p'])) {
// set encoded pw
$vars['pwenc'] = MOD_user::passwordEncrypt($vars['p']);
$shadow = str_repeat('*', strlen($vars['p']));
$vars['p'] = $shadow;
$vars['pc'] = $shadow;
}
}
if (count($errors) > 0) {
$vars['errors'] = $errors;
return false;
}
$Auth = new MOD_user_Auth();
$authId = $Auth->checkAuth('defaultUser');
$query = '
INSERT INTO `user`
(`id`, `auth_id`, `handle`, `email`, `pw`, `active`)
VALUES
(
' . $this->dao->nextId('user') . ',
' . (int) $authId . ',
\'' . $this->dao->escape($vars['u']) . '\',
\'' . $this->dao->escape($vars['e']) . '\',
\'' . $this->dao->escape($vars['pwenc']) . '\',
0
)';
$s = $this->dao->query($query);
if (!$s->insertId()) {
$vars['errors'] = array('inserror');
return false;
}
$userId = $s->insertId();
$key = PFunctions::randomString(16);
// save register key
if (!APP_User::addSetting($userId, 'regkey', $key)) {
$vars['errors'] = array('inserror');
return false;
}
// save lang
if (!APP_User::addSetting($userId, 'lang', PVars::get()->lang)) {
$vars['errors'] = array('inserror');
return false;
}
$View = new UserView($this);
$View->registerMail($userId);
PPostHandler::clearVars();
return PVars::getObj('env')->baseuri . 'user/register/finish';
} else {
PPostHandler::setCallback($c, __CLASS__, __FUNCTION__);
return $c;
}
}
/**
* Index function
*
* Currently the index consists of following possible requests:
* register - registration form to page content
* confirm - confirmation redirect to signup
*
* @param void
*/
public function index($args = false)
{
// In case Signup is closed
if (isset($_SESSION['Param']->FeatureSignupClose) && $_SESSION['Param']->FeatureSignupClose == "Yes") {
return new SignupClosedPage();
}
/*
* Enable to check against DNS Blocklists
if (MOD_dnsblock::get()->checkRemoteIp()) {
return new SignupDNSBlockPage();
}
*/
$request = $args->request;
$model = new SignupModel();
if (isset($_SESSION['IdMember']) && !MOD_right::get()->hasRight('words')) {
if (!isset($_SESSION['Username'])) {
unset($_SESSION['IdMember']);
$page = new SignupProblemPage();
} else {
$this->redirect('members/' . $_SESSION['Username']);
}
} else {
switch (isset($request[1]) ? $request[1] : '') {
// copied from TB:
// checks e-mail address for validity and availability
case 'checkemail':
// ignore current request, so we can use the last request
PRequest::ignoreCurrentRequest();
if (!isset($_GET['email'])) {
echo '0';
PPHP::PExit();
}
if (!PFunctions::isEmailAddress($_GET['email'])) {
echo '0';
PPHP::PExit();
}
$users = $model->takeCareForNonUniqueEmailAddress($_GET['email']);
if ($users == '') {
echo "1";
} else {
echo "0";
}
PPHP::PExit();
break;
// copied from TB: rewiewed by JeanYves
// checks Username for validity and availability
// copied from TB: rewiewed by JeanYves
// checks Username for validity and availability
case 'checkhandle':
// ignore current request, so we can use the last request
PRequest::ignoreCurrentRequest();
if (!isset($request[2])) {
echo '0';
PPHP::PExit();
}
if (!preg_match(User::HANDLE_PREGEXP, $request[2])) {
echo '0';
PPHP::PExit();
}
if (strpos($request[2], 'xn--') !== false) {
// Don't allow IDN-Prefixes
echo '0';
PPHP::PExit();
}
echo (bool) (!$model->UsernameInUse($request[2]));
PPHP::PExit();
break;
case 'getRegions':
// ignore current request, so we can use the last request
PRequest::ignoreCurrentRequest();
if (!isset($request[2])) {
PPHP::PExit();
}
case 'terms':
MOD_log::get()->write("Viewing terms", "Signup");
// the termsandconditions popup
$page = new SignupTermsPopup();
break;
case 'privacy':
MOD_log::get()->write("Viewing privacy", "Signup");
$page = new SignupPrivacyPopup();
break;
case 'confirm':
// or give it a different name?
// this happens when you click the link in the confirmation email
if (!isset($request[2]) || !isset($request[3]) || !preg_match(User::HANDLE_PREGEXP, $request[2]) || !$model->UsernameInUse($request[2]) || !preg_match('/^[a-f0-9]{16}$/', $request[3])) {
$error = 'InvalidLink';
} else {
$error = $model->confirmSignup($request[2], $request[3]);
}
$page = new SignupMailConfirmPage();
$page->error = $error;
break;
case 'resendmail':
// shown when clicking on the link in the MailToConfirm error message
$error = '';
if (!isset($request[2])) {
$error = 'InvalidLink';
} else {
$resent = $model->resendConfirmationMail($request[2]);
if ($resent !== true) {
$error = $resent;
}
}
$page = new SignupResentMailPage();
$page->error = $error;
break;
case 'finish':
$page = new SignupFinishPage();
break;
default:
$page = new SignupPage();
$page->step = isset($request[1]) && $request[1] ? $request[1] : '1';
$StrLog = "Entering Signup step: #" . $page->step;
MOD_log::get()->write($StrLog, "Signup");
$page->model = $model;
}
}
return $page;
}
/**
* Check form values of Mandatory form,
* should always be analog to /build/signup/signup.model.php !!
*
* @param unknown_type $vars
* @return unknown
*/
public function checkProfileForm(&$vars)
{
$errors = array();
if ($vars['BirthYear'] == 0 || $vars['BirthMonth'] == 0 || $vars['BirthDay'] == 0) {
$errors[] = 'SignupErrorInvalidBirthDate';
} else {
$res = $this->validateBirthdate($vars['BirthYear'] . '-' . $vars['BirthMonth'] . '-' . $vars['BirthDay']);
if ($res === self::DATE_INVALID) {
$errors[] = 'SignupErrorInvalidBirthDate';
}
if ($res === self::TOO_YOUNG) {
$errors[] = 'MembersErrorTooYoung';
}
}
if (empty($vars['gender']) || !in_array($vars['gender'], array('male', 'female', 'other'))) {
$errors[] = 'SignupErrorInvalidGender';
}
if (empty($vars['FirstName'])) {
$errors[] = 'SignupErrorInvalidFirstName';
}
if (empty($vars['LastName'])) {
$errors[] = 'SignupErrorInvalidLastName';
}
if ((empty($vars['Email']) || !PFunctions::isEmailAddress($vars['Email'])) && $vars['Email'] != 'cryptedhidden') {
$errors[] = 'SignupErrorInvalidEmail';
}
if (!empty($_FILES['profile_picture']['name']) && $_FILES['profile_picture']['error'] != UPLOAD_ERR_OK) {
switch ($_FILES['profile_picture']['error']) {
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
$errors[] = 'UploadedProfileImageTooBig';
break;
default:
$errors[] = 'ProfileImageUploadFailed';
break;
}
}
return $errors;
}
/**
* Index function
*
* Currently the index consists of following possible requests:
* checkemail - prints either "0" or "1" depending on e-mail validity
* checkhandle - like "checkemail" with user handle
* register - registration form to page content
*
* @param void
*/
public function index()
{
// index is called when http request = ./user
$request = PRequest::get()->request;
if (!isset($request[1])) {
$request[1] = '';
}
switch ($request[1]) {
case 'avatar':
PRequest::ignoreCurrentRequest();
if (!isset($request[2]) || !preg_match(User::HANDLE_PREGEXP, $request[2]) || !($userId = $this->_model->handleInUse($request[2]))) {
PPHP::PExit();
}
$this->_view->avatar($userId);
break;
// checks e-mail address for validity and availability
// checks e-mail address for validity and availability
case 'checkemail':
// ignore current request, so we can use the last request
PRequest::ignoreCurrentRequest();
if (!isset($_GET['e'])) {
echo '0';
PPHP::PExit();
}
if (!PFunctions::isEmailAddress($_GET['e'])) {
echo '0';
PPHP::PExit();
}
echo (bool) (!$this->_model->emailInUse($_GET['e']));
PPHP::PExit();
break;
// checks handle for validity and availability
// checks handle for validity and availability
case 'checkhandle':
// ignore current request, so we can use the last request
PRequest::ignoreCurrentRequest();
if (!isset($request[2])) {
echo '0';
PPHP::PExit();
}
if (!preg_match(User::HANDLE_PREGEXP, $request[2])) {
echo '0';
PPHP::PExit();
}
if (strpos($request[2], 'xn--') !== false) {
// Don't allow IDN-Prefixes
echo '0';
PPHP::PExit();
}
echo (bool) (!$this->_model->handleInUse($request[2]));
PPHP::PExit();
break;
// confirms a registration
// confirms a registration
case 'confirm':
if (!isset($request[2]) || !isset($request[3]) || !preg_match(User::HANDLE_PREGEXP, $request[2]) || !$this->_model->handleInUse($request[2]) || !preg_match('/^[a-f0-9]{16}$/', $request[3])) {
$error = true;
} else {
if ($this->_model->confirmRegister($request[2], $request[3])) {
$error = false;
} else {
$error = true;
}
}
ob_start();
$this->_view->registerConfirm($error);
$str = ob_get_contents();
ob_end_clean();
$P = PVars::getObj('page');
$P->content .= $str;
break;
case 'find':
$res = $this->_model->find($_GET['q']);
ob_start();
$this->_view->searchResult($res);
$str = ob_get_contents();
ob_end_clean();
$P = PVars::getObj('page');
$P->content .= $str;
break;
case 'friends':
if (!($User = APP_User::login())) {
return false;
}
$friends = $this->_model->getFriends($User->getId());
ob_start();
$this->_view->friends($friends);
$str = ob_get_contents();
ob_end_clean();
$P = PVars::getObj('page');
$P->content .= $str;
break;
case 'logout':
$this->_model->logout();
header("Location: " . PVars::getObj('env')->baseuri);
break;
// waiting approval message
// waiting approval message
case 'waitingapproval':
// now the teaser content
ob_start();
$this->_view->ShowInfoMessage('', '');
$str = ob_get_contents();
$Page = PVars::getObj('page');
$Page->teaserBar .= $str;
ob_end_clean();
// now the message content
ob_start();
$this->_view->ShowInfoMessage('WaitingForApprovalText', 'WaitingForApprovalTitle');
$str = ob_get_contents();
ob_end_clean();
$P = PVars::getObj('page');
$P->content .= $str;
break;
case 'settings':
ob_start();
$this->_view->settingsForm();
$str = ob_get_contents();
ob_end_clean();
$P = PVars::getObj('page');
$P->content .= $str;
break;
case 'password':
ob_start();
$this->_view->customStyles();
$str = ob_get_contents();
$Page = PVars::getObj('page');
$Page->addStyles .= $str;
ob_end_clean();
// now the teaser content
ob_start();
$this->_view->teaser();
$str = ob_get_contents();
$Page = PVars::getObj('page');
$Page->teaserBar .= $str;
ob_end_clean();
// now the content on the right
ob_start();
$this->_view->rightContent();
$str = ob_get_contents();
$Page = PVars::getObj('page');
$Page->rContent .= $str;
ob_end_clean();
// main content
ob_start();
$this->_view->passwordForm();
$str = ob_get_contents();
$P = PVars::getObj('page');
$P->content .= $str;
ob_end_clean();
break;
default:
if (preg_match(User::HANDLE_PREGEXP, $request[1])) {
if (!isset($request[2])) {
$request[2] = '';
}
switch ($request[2]) {
case 'pic':
if (!($User = APP_User::login())) {
return false;
}
ob_start();
$picture = $this->_model->getPicture($request[1]);
$this->_view->picture($picture);
$str = ob_get_contents();
ob_end_clean();
$P = PVars::getObj('page');
$P->content .= $str;
break;
default:
// redirects to the old bw-based profile
header("Location: " . PVars::getObj('env')->baseuri . "bw/member.php?cid=" . $request[1]);
// disabled TB-based userpage for now
/* ob_start();
$this->_view->userPage($request[1]);
$str = ob_get_contents();
ob_end_clean();
$P = PVars::getObj('page');
$P->content .= $str; */
break;
}
}
}
}
