function do_recover() {
global $site_key, $globals;
require_once(mnminclude.'ts.php');
echo '<fieldset>'."\n";
echo '<legend><span class="sign">'._("recuperación de contraseñas").'</span></legend>'."\n";
if(!empty($_POST['recover'])) {
if (!ts_is_human()) {
recover_error(_('El código de seguridad no es correcto!'));
} else {
require_once(mnminclude.'user.php');
$user=new User();
$user->username=$_POST['username'];
if(!$user->read()) {
recover_error(_('el usuario no existe'));
return false;
}
if($user->level == 'disabled') {
recover_error(_('cuenta deshabilitada'));
return false;
}
require_once(mnminclude.'mail.php');
$sent = send_recover_mail($user);
}
}
if (!$sent) {
echo '<form action="/login.php" id="thisform-recover" method="post">'."\n";
echo '<label for="name">'._('usuario').':</label><br />'."\n";
echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="'.$username.'" />'."\n";
echo '<p class="nobold">'._('(recibirás un e-mail para cambiar la contraseña)').'</p>';
echo '<input type="hidden" name="recover" value="1"/>'."\n";
echo '<input type="hidden" name="return" value="'.htmlspecialchars(preg_replace('/ /', '', $_REQUEST['return'])).'"/>'."\n";
ts_print_form();
echo '<br /><input type="submit" value="'._('recibir e-mail').'" class="genericsubmit" />'."\n";
echo '</form>'."\n";
}
echo '</fieldset>'."\n";
}
function do_register2() {
global $db, $current_user, $globals;
if ( !ts_is_human()) {
register_error(_('El código de seguridad no es correcto.'));
return;
}
$username=preg_replace('/ /', '_', trim($_POST['username'])); // sanity check
$password=md5(trim($_POST['password']));
$email=preg_replace('/ /', '_', trim($_POST['email'])); // sanity check
$user_ip = $globals['user_ip'];
if (!user_exists($username)) {
if ($db->query("INSERT INTO users (user_login, user_email, user_pass, user_date, user_ip) VALUES ('$username', '$email', '$password', now(), '$user_ip')")) {
//register_error(_("Usuario creado").'.<a href="login.php">'._(Login).'</a>');
/***
if($current_user->Authenticate($username, $password, false) == false) {
register_error(_("Error insertando usuario en la base de datos"));
} else {
****/
echo '<fieldset>'."\n";
echo '<legend><span class="sign">'._("registro de usuario").'</span></legend>'."\n";
require_once(mnminclude.'user.php');
$user=new User();
$user->username=$username;
if(!$user->read()) {
register_error(_('Error insertando usuario en la base de datos'));
} else {
require_once(mnminclude.'mail.php');
$sent = send_recover_mail($user);
}
//header('Location: ./user.php?login='******'</fieldset>'."\n";
} else {
register_error(_("Error insertando usuario en la base de datos"));
}
} else {
register_error(_("El usuario ya existe"));
}
}
function do_register2() {
global $db, $current_user, $globals;
if ( !ts_is_human()) {
register_error(_('el código de seguridad no es correcto'));
return;
}
if (!check_user_fields()) return;
$username=clean_input_string(trim($_POST['username'])); // sanity check
$dbusername=$db->escape($username); // sanity check
$password=md5(trim($_POST['password']));
$email=clean_input_string(trim($_POST['email'])); // sanity check
$dbemail=$db->escape($email); // sanity check
$user_ip = $globals['form_user_ip'];
$standard = (int)$_POST['standard'];
if (!user_exists($username)) {
if ($db->query("INSERT INTO users (user_login, user_login_register, user_email, user_email_register, user_pass, user_date, user_ip, user_standard) VALUES ('$dbusername', '$dbusername', '$dbemail', '$dbemail', '$password', now(), '$user_ip', '$standard')")) {
echo '<fieldset>'."\n";
echo '<legend><span class="sign">'._("registro de usuario").'</span></legend>'."\n";
$user=new User();
$user->username=$username;
if(!$user->read()) {
register_error(_('error insertando usuario en la base de datos'));
} else {
require_once(mnminclude.'mail.php');
$sent = send_recover_mail($user);
$globals['user_ip'] = $user_ip; //we force to insert de log with the same IP as the form
log_insert('user_new', $user->id, $user->id);
}
echo '</fieldset>'."\n";
} else {
register_error(_("error insertando usuario en la base de datos"));
}
} else {
register_error(_("el usuario ya existe"));
}
}
function do_recover()
{
global $site_key, $globals;
echo '<div class="genericform">' . "\n";
echo '<fieldset>' . "\n";
echo '<legend><span class="sign">' . _("recuperación de contraseñas") . '</span></legend>' . "\n";
if (!empty($_POST['recover'])) {
if (!ts_is_human()) {
recover_error(_('el código de seguridad no es correcto'));
} else {
$error = false;
$user = new User();
if (preg_match('/.+@.+\\..+$/', $_POST['email'])) {
// It's an email address
$user->email = $_POST['email'];
} else {
recover_error(_('el email no es válido'));
$error = true;
}
if (!$error && !$user->read()) {
recover_error(_('el email no está relacionado con ninguna cuenta'));
$error = true;
}
if (!$error && $user->disabled()) {
recover_error(_('cuenta deshabilitada'));
$error = true;
}
if (!$error) {
require_once mnminclude . 'mail.php';
$sent = send_recover_mail($user);
}
}
}
if (!$sent) {
echo '<form action="login.php" id="thisform-recover" method="post">' . "\n";
echo '<label for="name" style="font-size:120%">' . _('indica el email de la cuenta') . ':</label><br />' . "\n";
echo '<input type="text" name="email" size="25" tabindex="1" id="name" value="' . htmlspecialchars($_POST['email']) . '" />' . "\n";
echo '<p>' . _('(recibirás un e-mail que te permitirá editar tus datos)') . '</p> <br/>';
echo '<input type="hidden" name="recover" value="1"/>' . "\n";
echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n";
ts_print_form();
echo '<br /><input type="submit" value="' . _('recibir e-mail') . '" class="button" />' . "\n";
echo '</form>' . "\n";
}
echo '</fieldset>' . "\n";
echo '</div>' . "\n";
}
function do_recover()
{
global $site_key, $globals;
if (!empty($_POST['recover'])) {
if (!ts_is_human()) {
recover_error(_('el código de seguridad no es correcto'));
} else {
$error = false;
$user = new User();
if (preg_match('/.+@.+/', $_POST['email'])) {
$user->email = $_POST['email'];
} else {
recover_error(_('el email no es válido'));
$error = true;
}
if (!$error && !$user->read()) {
recover_error(_('el email no está relacionado con ninguna cuenta'));
$error = true;
}
if (!$error && $user->disabled()) {
recover_error(_('cuenta deshabilitada'));
$error = true;
}
if (!$error) {
require_once mnminclude . 'mail.php';
$sent = send_recover_mail($user);
}
}
}
if (!$sent) {
echo '<form action="login.php" method="post">' . "\n";
echo '<label for="name">' . _('indica el email de la cuenta') . ':</label><br />' . "\n";
echo '<input type="text" name="email" size="25" id="name" value="' . htmlspecialchars($_POST['email']) . '" />' . "\n";
echo '<p>' . _('(recibirás un e-mail que te permitirá editar tus datos)') . '</p> <br/>';
echo '<input type="hidden" name="recover" value="1"/>' . "\n";
echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n";
ts_print_form();
echo '<br /><input type="submit" value="' . _('recibir e-mail') . '"/>' . "\n";
echo '</form>' . "\n";
}
}
function do_register2()
{
global $db, $current_user, $globals;
if (!ts_is_human()) {
register_error(_('el código de seguridad no es correcto'));
return;
}
if (!check_user_fields()) {
return;
}
// Extra check
if (!check_security_key($_POST['base_key'])) {
register_error(_('código incorrecto o pasó demasiado tiempo'));
return;
}
$username = clean_input_string(trim($_POST['username']));
// sanity check
$dbusername = $db->escape($username);
// sanity check
$password = UserAuth::hash(trim($_POST['password']));
$email = clean_input_string(trim($_POST['email']));
// sanity check
$dbemail = $db->escape($email);
// sanity check
$user_ip = $globals['form_user_ip'];
if (!user_exists($username)) {
if ($db->query("INSERT INTO users (user_login, user_login_register, user_email, user_email_register, user_pass, user_date, user_ip) VALUES ('{$dbusername}', '{$dbusername}', '{$dbemail}', '{$dbemail}', '{$password}', now(), '{$user_ip}')")) {
echo '<fieldset>' . "\n";
echo '<legend><span class="sign">' . _("registro de usuario") . '</span></legend>' . "\n";
$user = new User();
$user->username = $username;
if (!$user->read()) {
register_error(_('error insertando usuario en la base de datos'));
} else {
require_once mnminclude . 'mail.php';
$sent = send_recover_mail($user);
if ($sent) {
$globals['user_ip'] = $user_ip;
//we force to insert de log with the same IP as the form
Log::insert('user_new', $user->id, $user->id);
syslog(LOG_INFO, "new user {$user->id} {$user->username} {$email} {$user_ip}");
} else {
register_error(_("error enviando el correo electrónico, seguramente está bloqueado"));
}
}
echo '</fieldset>' . "\n";
} else {
register_error(_("error insertando usuario en la base de datos"));
}
} else {
register_error(_("el usuario ya existe"));
}
}
function do_register2()
{
global $db, $current_user, $globals;
if (!ts_is_human()) {
register_error(_('El código de seguridad no es correcto.'));
return;
}
if (!check_user_fields()) {
return;
}
$username = clean_input_string(trim($_POST['username']));
// sanity check
$dbusername = $db->escape($username);
// sanity check
$password = md5(trim($_POST['password']));
$email = clean_input_string(trim($_POST['email']));
// sanity check
$dbemail = $db->escape($email);
// sanity check
$user_ip = $globals['user_ip'];
if (!user_exists($username)) {
if ($db->query("INSERT INTO users (user_login, user_login_register, user_email, user_email_register, user_pass, user_date, user_ip) VALUES ('{$dbusername}', '{$dbusername}', '{$dbemail}', '{$dbemail}', '{$password}', now(), '{$user_ip}')")) {
echo '<fieldset>' . "\n";
echo '<legend><span class="sign">' . _("registro de usuario") . '</span></legend>' . "\n";
require_once mnminclude . 'user.php';
$user = new User();
$user->username = $username;
if (!$user->read()) {
register_error(_('Error insertando usuario en la base de datos'));
} else {
require_once mnminclude . 'mail.php';
$sent = send_recover_mail($user);
}
echo '</fieldset>' . "\n";
} else {
register_error(_("Error insertando usuario en la base de datos"));
}
} else {
register_error(_("El usuario ya existe"));
}
}
function do_register2()
{
global $db, $current_user, $main_smarty, $the_template;
if (enable_captcha == 'true') {
if (!ts_is_human()) {
$main_smarty->assign('register_error_text', "badcode");
$main_smarty->display($the_template . '/register_error.tpl');
return;
}
$reghash = $_POST["reghash"];
$mycombo = $_POST["username"] . $_POST["email"] . $_POST["password"];
if (generateHash($mycombo, substr($reghash, 0, SALT_LENGTH)) != $reghash) {
loghack('Register Step 2', 'username: '******'|email: ' . $_POST["email"]);
}
}
$error = false;
$error = verify_reg($_POST["username"], $_POST["email"], $_POST["password"], $_POST["password"]);
// (use password here not password2)
if ($error) {
return;
}
$username = $db->escape(trim($_POST['username']));
$password = $db->escape(trim($_POST['password']));
$userip = $_SERVER['REMOTE_ADDR'];
$saltedpass = generateHash($password);
$email = $db->escape(trim($_POST['email']));
if (!user_exists($username)) {
if ($db->query("INSERT INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip) VALUES ('{$username}', '{$email}', '{$saltedpass}', now(), '{$userip}')")) {
if ($current_user->Authenticate($username, $password, false) == false) {
$main_smarty->assign('register_error_text', "errorinserting");
$main_smarty->display($the_template . '/register_error.tpl');
} else {
define('registerdetails', $username . ';' . $password . ';' . $email . ';' . $return);
check_actions('register_success_pre_redirect');
header('Location: ' . getmyurl('user', $username));
}
} else {
$main_smarty->assign('register_error_text', "errorinserting");
$main_smarty->display($the_template . '/register_error.tpl');
}
} else {
$main_smarty->assign('register_error_text', "usernameexists");
$main_smarty->display($the_template . '/register_error.tpl');
}
}
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as
// published by the Free Software Foundation, either version 3 of the
// License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
// It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise.
// You can get copies of the licenses here:
// http://www.affero.org/oagpl.html
// AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING".
include 'config.php';
include mnminclude . 'html1.php';
include_once mnminclude . 'recaptcha2.php';
do_header("test de captcha");
echo '<br/><form action="" method="post">';
if ($_POST["g-recaptcha-response"]) {
if (ts_is_human()) {
echo "Captcha OK<br/>";
} else {
echo "Failed!<br/>";
}
}
ts_print_form();
echo '<br/> <input type="submit" value="submit" /> </form> </body>';
do_footer();
