/** * gets an ESCAPED and urldecoded request parameter for the plugin * you need to call stripslashes to remove escapes, and htmlspecialchars before displaying. * * @param string $name name of parameter in REQUEST URL * @param string $def default value of parameter in REQUEST URL if none found * @param string $postfix postfix for identifying multiple pagings/search/sorts (optional) * @return string value of the parameter (urldecode processed for international and special chars) and ESCAPED! and ALLOW HTML! */ function _getReqParam($name, $def = null, $postfix = "") { global $_GET, $_POST; $prefix = $this->_getPrefix($postfix); $value = cbGetParam($_POST, $prefix . $name, false); if ($value !== false) { $value = cbGetParam($_POST, $prefix . $name, $def); } else { $value = cbGetParam($_GET, $prefix . $name, $def); if ($value && is_string($value)) { $value = utf8ToISO(urldecode($value)); } } return $value; }
/** * Ajax function: Checks the availability of a username for registration and echoes a text containing the result of username search. * * @param string $username */ function performCheckEmail( $email, $function ) { global $_CB_framework, $_CB_database, $ueConfig; if ( ( ! isset( $ueConfig['reg_email_checker'] ) ) || ( ! $ueConfig['reg_email_checker'] ) ) { echo ISOtoUtf8( _UE_NOT_AUTHORIZED ); exit(); } // simple spoof check security if ( ( ! cbSpoofCheck( 'registerForm', 'POST', 2 ) ) || ( ! cbRegAntiSpamCheck( 2 ) ) ) { echo '<span class="cb_result_error">' . ISOtoUtf8( _UE_SESSION_EXPIRED ) . "</span>"; exit; } $email = stripslashes( $email ); $emailISO = utf8ToISO( $email ); // ajax sends in utf8, we need to convert back to the site's encoding. if ( $ueConfig['reg_email_checker'] > 1 ) { if ( $_CB_database->isDbCollationCaseInsensitive() ) { $query = "SELECT COUNT(*) AS result FROM #__users WHERE email = " . $_CB_database->Quote( ( trim( $emailISO ) ) ); } else { $query = "SELECT COUNT(*) AS result FROM #__users WHERE LOWER(email) = " . $_CB_database->Quote( ( strtolower( trim( $emailISO ) ) ) ); } $_CB_database->setQuery($query); $dataObj = null; if ( $_CB_database->loadObject( $dataObj ) ) { if ( $function == 'testexists' ) { if ( $dataObj->result ) { echo '<span class="cb_result_ok">' . sprintf( ISOtoUtf8( _UE_EMAIL_EXISTS_ON_SITE ), htmlspecialchars( $email ) ) . "</span>"; return; } else { echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_DOES_NOT_EXISTS_ON_SITE ), htmlspecialchars( $email ) ) . "</span>"; return; } } else { if ( $dataObj->result ) { echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_ALREADY_REGISTERED ), htmlspecialchars( $email ) ) . "</span>"; return; } } } } if ( $function == 'testexists' ) { echo ISOtoUtf8( _UE_NOT_AUTHORIZED ); return; } else { $checkResult = cbCheckMail( $_CB_framework->getCfg( 'mailfrom' ), $email ); } switch ( $checkResult ) { case -2: echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_NOVALID ), htmlspecialchars( $email ) ) . "</span>"; break; case -1: echo '<span class="cb_result_warning">' . sprintf( ISOtoUtf8( _UE_EMAIL_COULD_NOT_CHECK ), htmlspecialchars( $email ) ) . "</span>"; break; case 0: if ( $ueConfig['reg_confirmation'] == 0 ) { echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_INCORRECT_CHECK ), htmlspecialchars( $email ) ) . "</span>"; } else { echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_INCORRECT_CHECK_NEEDED ), htmlspecialchars( $email ) ) . "</span>"; } break; case 1: echo '<span class="cb_result_ok">' . sprintf( ISOtoUtf8( _UE_EMAIL_VERIFIED ), htmlspecialchars( $email ) ) . "</span>"; break; default: echo '<span class="cb_result_error">performCheckEmail:: Unexpected cbCheckMail result.</span>'; break; } }