/**
* Check the email address
*
* @return @e void [Outputs to screen]
*/
public function checkEmail()
{
//-----------------------------------------
// INIT
//-----------------------------------------
$email = '';
$banfilters = array();
if (is_string($_REQUEST['email'])) {
$email = strtolower(IPSText::parseCleanValue(rawurldecode($_REQUEST['email'])));
}
if (!$email) {
$this->returnString('found');
}
if (!IPSText::checkEmailAddress($email)) {
$this->returnString('found');
}
//-----------------------------------------
// Got the member?
//-----------------------------------------
if (!IPSMember::checkByEmail($email)) {
//-----------------------------------------
// Load ban filters
//-----------------------------------------
$this->DB->build(array('select' => '*', 'from' => 'banfilters'));
$this->DB->execute();
while ($r = $this->DB->fetch()) {
$banfilters[$r['ban_type']][] = $r['ban_content'];
}
//-----------------------------------------
// Are they banned [EMAIL]?
//-----------------------------------------
if (is_array($banfilters['email']) and count($banfilters['email'])) {
foreach ($banfilters['email'] as $memail) {
$memail = str_replace("*", '.*', preg_quote($memail, "/"));
if (preg_match("/^{$memail}\$/", $email)) {
$this->returnString('banned');
break;
}
}
}
//-----------------------------------------
// Load handler...
//-----------------------------------------
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$han_login = new $classToLoad($this->registry);
$han_login->init();
$han_login->emailExistsCheck($email);
if ($han_login->return_code and $han_login->return_code != 'METHOD_NOT_DEFINED' and $han_login->return_code != 'EMAIL_NOT_IN_USE') {
$this->returnString('found');
}
$this->returnString('notfound');
} else {
$this->returnString('found');
}
}
/**
* Execute selected method
*
* @access public
* @param object Registry object
* @return @e void
*/
public function doExecute(ipsRegistry $registry)
{
$_e = 0;
/* Check input? */
if ($this->request['do'] == 'check') {
if (!$this->request['username']) {
$_e = 1;
$this->registry->output->addWarning('Необходимо указать отображаемое имя пользователя');
}
if (!$this->request['password']) {
$_e = 1;
$this->registry->output->addWarning('Необходимо ввести пароль');
} else {
if ($this->request['password'] != $this->request['confirm_password']) {
$_e = 1;
$this->registry->output->addWarning('Введенные пароли не совпадают');
}
}
if (!$this->request['email'] or IPSText::checkEmailAddress($this->request['email']) !== TRUE) {
$_e = 1;
$this->registry->output->addWarning('Необходимо указать Email');
}
if ($_e) {
$this->registry->output->setTitle("Администратор: Ошибка");
$this->registry->output->setNextAction('admin&do=check');
$this->registry->output->addContent($this->registry->output->template()->page_admin());
$this->registry->output->sendOutput();
} else {
/* Save Form Data */
IPSSetUp::setSavedData('admin_user', $this->request['username']);
IPSSetUp::setSavedData('admin_pass', $this->request['password']);
IPSSetUp::setSavedData('admin_email', $this->request['email']);
/* Next Action */
$this->registry->autoLoadNextAction('install');
return;
}
}
/* Output */
$this->registry->output->setTitle("Создание учетной записи администратора");
$this->registry->output->setNextAction('admin&do=check');
$this->registry->output->addContent($this->registry->output->template()->page_admin());
$this->registry->output->sendOutput();
}
/**
* Execute selected method
*
* @access public
* @param object Registry object
* @return @e void
*/
public function doExecute(ipsRegistry $registry)
{
$_e = 0;
/* Check input? */
if ($this->request['do'] == 'check') {
if (!$this->request['username']) {
$_e = 1;
$this->registry->output->addWarning('You must specify a display name for the admin account');
}
if (!$this->request['password']) {
$_e = 1;
$this->registry->output->addWarning('You must specify a password for the admin account');
} else {
if ($this->request['password'] != $this->request['confirm_password']) {
$_e = 1;
$this->registry->output->addWarning('The admin passwords did not match');
}
}
if (!$this->request['email'] or IPSText::checkEmailAddress($this->request['email']) !== TRUE) {
$_e = 1;
$this->registry->output->addWarning('You must specify an email address for the admin account');
}
if ($_e) {
$this->registry->output->setTitle("Admin: Errors");
$this->registry->output->setNextAction('admin&do=check');
$this->registry->output->addContent($this->registry->output->template()->page_admin());
$this->registry->output->sendOutput();
} else {
/* Save Form Data */
IPSSetUp::setSavedData('admin_user', $this->request['username']);
IPSSetUp::setSavedData('admin_pass', $this->request['password']);
IPSSetUp::setSavedData('admin_email', $this->request['email']);
/* Next Action */
$this->registry->autoLoadNextAction('install');
return;
}
}
/* Output */
$this->registry->output->setTitle("Admin Account Creation");
$this->registry->output->setNextAction('admin&do=check');
$this->registry->output->addContent($this->registry->output->template()->page_admin());
$this->registry->output->sendOutput();
}
/**
* Processes the registration form
*
* @access public
* @return void
*/
public function registerProcessForm()
{
$form_errors = array();
$coppa = $this->request['coppa_user'] == 1 ? 1 : 0;
$in_password = trim($this->request['PassWord']);
$in_email = strtolower(trim($this->request['EmailAddress']));
$_SFS_FOUND = FALSE;
/* Check */
if ($this->settings['no_reg'] == 1) {
$this->registry->output->showError('registration_disabled', 2016, true);
}
/* Custom profile field stuff */
require_once IPS_ROOT_PATH . 'sources/classes/customfields/profileFields.php';
$custom_fields = new customProfileFields();
$custom_fields->initData('edit');
$custom_fields->parseToSave($this->request, 'register');
/* Check */
if ($custom_fields->error_messages) {
$form_errors['general'] = $custom_fields->error_messages;
}
/* Check the email address */
if (!$in_email or strlen($in_email) < 6 or !IPSText::checkEmailAddress($in_email)) {
$form_errors['email'][$this->lang->words['err_invalid_email']] = $this->lang->words['err_invalid_email'];
}
if (trim($this->request['PassWord_Check']) != $in_password) {
$form_errors['password'][$this->lang->words['passwords_not_match']] = $this->lang->words['passwords_not_match'];
}
/* Test email address */
$this->request['EmailAddress_two'] = strtolower(trim($this->request['EmailAddress_two']));
$this->request['EmailAddress'] = strtolower(trim($this->request['EmailAddress']));
if (!IPSText::checkEmailAddress($this->request['EmailAddress_two'])) {
$form_errors['email'][$this->lang->words['reg_error_email_invalid']] = $this->lang->words['reg_error_email_invalid'];
} else {
if ($in_email and $this->request['EmailAddress_two'] != $in_email) {
$form_errors['email'][$this->lang->words['reg_error_email_nm']] = $this->lang->words['reg_error_email_nm'];
}
}
/* Need username? */
$uses_name = false;
foreach ($this->cache->getCache('login_methods') as $method) {
if ($method['login_user_id'] == 'username') {
$uses_name = true;
}
}
if (!$uses_name) {
$_REQUEST['UserName'] = $_REQUEST['members_display_name'];
$this->request['UserName'] = $this->request['members_display_name'];
}
/* Check the username */
$user_check = IPSMember::getFunction()->cleanAndCheckName($this->request['UserName'], array(), 'name');
if ($this->settings['auth_allow_dnames']) {
$disp_check = IPSMember::getFunction()->cleanAndCheckName($this->request['members_display_name'], array(), 'members_display_name');
}
if (is_array($user_check['errors']) && count($user_check['errors'])) {
foreach ($user_check['errors'] as $key => $error) {
$form_errors[$key][] = $error;
}
}
if ($this->settings['auth_allow_dnames'] and is_array($disp_check['errors']) && count($disp_check['errors'])) {
foreach ($disp_check['errors'] as $key => $error) {
$form_errors[$key][] = $error;
}
}
/* CHECK 1: Any errors (missing fields, etc)? */
if (count($form_errors)) {
$this->registerForm($form_errors);
return;
}
/* Is this email addy taken? */
if (IPSMember::checkByEmail($in_email) == TRUE) {
$form_errors['email'][$this->lang->words['reg_error_email_taken']] = $this->lang->words['reg_error_email_taken'];
}
/* Load handler... */
require_once IPS_ROOT_PATH . 'sources/handlers/han_login.php';
$this->han_login = new han_login($this->registry);
$this->han_login->init();
$this->han_login->emailExistsCheck($in_email);
if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'EMAIL_NOT_IN_USE') {
$form_errors['email'][$this->lang->words['reg_error_email_taken']] = $this->lang->words['reg_error_email_taken'];
}
/* Are they banned [EMAIL]? */
if (IPSMember::isBanned('email', $in_email) === TRUE) {
$form_errors['email'][$this->lang->words['reg_error_email_ban']] = $this->lang->words['reg_error_email_ban'];
}
/* Check the CAPTCHA */
if ($this->settings['bot_antispam']) {
if ($this->registry->getClass('class_captcha')->validate() !== TRUE) {
$form_errors['general'][$this->lang->words['err_reg_code']] = $this->lang->words['err_reg_code'];
}
}
/* Check the Q and A */
if ($this->settings['registration_qanda']) {
$qanda = intval($this->request['qanda_id']);
$pass = false;
if ($qanda) {
$data = $this->DB->buildAndFetch(array('select' => '*', 'from' => 'question_and_answer', 'where' => 'qa_id=' . $qanda));
if ($data['qa_id']) {
$answers = explode("\n", str_replace("\r", "", $data['qa_answers']));
if (count($answers)) {
foreach ($answers as $answer) {
if (strtolower($answer) == strtolower($this->request['qa_answer'])) {
$pass = true;
break;
}
}
}
}
} else {
//-----------------------------------------
// Do we have any questions?
//-----------------------------------------
$data = $this->DB->buildAndFetch(array('select' => 'COUNT(*) as questions', 'from' => 'question_and_answer'));
if (!$data['questions']) {
$pass = true;
}
}
if (!$pass) {
$form_errors['general'][$this->lang->words['err_q_and_a']] = $this->lang->words['err_q_and_a'];
}
}
/* CHECK 2: Any errors ? */
if (count($form_errors)) {
$this->registerForm($form_errors);
return;
}
/* Build up the hashes */
$mem_group = $this->settings['member_group'];
/* Are we asking the member or admin to preview? */
if ($this->settings['reg_auth_type']) {
$mem_group = $this->settings['auth_group'];
} else {
if ($coppa == 1) {
$mem_group = $this->settings['auth_group'];
}
}
/* Create member */
$member = array('name' => $this->request['UserName'], 'password' => $in_password, 'members_display_name' => $this->settings['auth_allow_dnames'] ? $this->request['members_display_name'] : $this->request['UserName'], 'email' => $in_email, 'member_group_id' => $mem_group, 'joined' => time(), 'ip_address' => $this->member->ip_address, 'time_offset' => $this->request['time_offset'], 'coppa_user' => $coppa, 'members_auto_dst' => intval($this->request['dst']), 'allow_admin_mails' => intval($this->request['allow_admin_mail']), 'hide_email' => $this->request['allow_member_mail'] ? 0 : 1);
/* Spam Service */
$spamCode = 0;
if ($this->settings['spam_service_enabled'] && $this->settings['spam_service_api_key']) {
/* Query the service */
$spamCode = IPSMember::querySpamService($in_email);
/* Action to perform */
$action = $this->settings['spam_service_action_' . $spamCode];
/* Perform Action */
switch ($action) {
/* Proceed with registraction */
case 1:
break;
/* Flag for admin approval */
/* Flag for admin approval */
case 2:
$member['member_group_id'] = $this->settings['auth_group'];
$this->settings['reg_auth_type'] = 'admin';
break;
/* Approve the account, but ban it */
/* Approve the account, but ban it */
case 3:
$member['member_banned'] = 1;
$member['member_group_id'] = $this->settings['banned_group'];
$this->settings['reg_auth_type'] = '';
break;
}
}
//-----------------------------------------
// Create the account
//-----------------------------------------
$member = IPSMember::create(array('members' => $member, 'pfields_content' => $this->request));
//-----------------------------------------
// Login handler create account callback
//-----------------------------------------
$this->han_login->createAccount(array('email' => $member['email'], 'joined' => $member['joined'], 'password' => $in_password, 'ip_address' => $this->member->ip_address, 'username' => $member['members_display_name']));
//-----------------------------------------
// We'll just ignore if this fails - it shouldn't hold up IPB anyways
//-----------------------------------------
/*if ( $han_login->return_code AND ( $han_login->return_code != 'METHOD_NOT_DEFINED' AND $han_login->return_code != 'SUCCESS' ) )
{
$this->registry->output->showError( 'han_login_create_failed', 2017, true );
}*/
//-----------------------------------------
// Validation
//-----------------------------------------
$validate_key = md5(IPSLib::makePassword() . time());
$time = time();
if ($coppa != 1) {
if ($this->settings['reg_auth_type'] == 'user' or $this->settings['reg_auth_type'] == 'admin' or $this->settings['reg_auth_type'] == 'admin_user') {
//-----------------------------------------
// We want to validate all reg's via email,
// after email verificiation has taken place,
// we restore their previous group and remove the validate_key
//-----------------------------------------
$this->DB->insert('validating', array('vid' => $validate_key, 'member_id' => $member['member_id'], 'real_group' => $this->settings['member_group'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => $time, 'coppa_user' => $coppa, 'new_reg' => 1, 'ip_address' => $member['ip_address']));
if ($this->settings['reg_auth_type'] == 'user' or $this->settings['reg_auth_type'] == 'admin_user') {
IPSText::getTextClass('email')->getTemplate("reg_validate");
IPSText::getTextClass('email')->buildMessage(array('THE_LINK' => $this->settings['base_url'] . "app=core&module=global§ion=register&do=auto_validate&uid=" . urlencode($member['member_id']) . "&aid=" . urlencode($validate_key), 'NAME' => $member['members_display_name'], 'MAN_LINK' => $this->settings['base_url'] . "app=core&module=global§ion=register&do=05", 'EMAIL' => $member['email'], 'ID' => $member['member_id'], 'CODE' => $validate_key));
IPSText::getTextClass('email')->subject = $this->lang->words['new_registration_email'] . $this->settings['board_name'];
IPSText::getTextClass('email')->to = $member['email'];
IPSText::getTextClass('email')->sendMail();
$this->output = $this->registry->output->getTemplate('register')->showAuthorize($member);
} else {
if ($this->settings['reg_auth_type'] == 'admin') {
$this->output = $this->registry->output->getTemplate('register')->showPreview($member);
}
}
if ($this->settings['new_reg_notify']) {
$date = $this->registry->class_localization->getDate(time(), 'LONG', 1);
IPSText::getTextClass('email')->getTemplate('admin_newuser');
IPSText::getTextClass('email')->buildMessage(array('DATE' => $date, 'MEMBER_NAME' => $member['members_display_name']));
IPSText::getTextClass('email')->subject = $this->lang->words['new_registration_email1'] . $this->settings['board_name'];
IPSText::getTextClass('email')->to = $this->settings['email_in'];
IPSText::getTextClass('email')->sendMail();
}
$this->registry->output->setTitle($this->lang->words['reg_success']);
$this->registry->output->addNavigation($this->lang->words['nav_reg'], '');
} else {
/* We don't want to preview, or get them to validate via email. */
$stat_cache = $this->caches['stats'];
if ($member['members_display_name'] and $member['member_id']) {
$stat_cache['last_mem_name'] = $member['members_display_name'];
$stat_cache['last_mem_id'] = $member['member_id'];
}
$stat_cache['mem_count'] += 1;
$this->cache->setCache('stats', $stat_cache, array('array' => 1, 'deletefirst' => 0));
if ($this->settings['new_reg_notify']) {
$date = $this->registry->class_localization->getDate(time(), 'LONG', 1);
IPSText::getTextClass('email')->getTemplate('admin_newuser');
IPSText::getTextClass('email')->buildMessage(array('DATE' => $date, 'MEMBER_NAME' => $member['members_display_name']));
IPSText::getTextClass('email')->subject = $this->lang->words['new_registration_email1'] . $this->settings['board_name'];
IPSText::getTextClass('email')->to = $this->settings['email_in'];
IPSText::getTextClass('email')->sendMail();
}
IPSCookie::set('pass_hash', $member['member_login_key'], 1);
IPSCookie::set('member_id', $member['member_id'], 1);
//-----------------------------------------
// Fix up session
//-----------------------------------------
$privacy = $this->request['Privacy'] ? 1 : 0;
if ($member['g_hide_online_list']) {
$privacy = 1;
}
$this->member->sessionClass()->convertGuestToMember(array('member_name' => $member['members_display_name'], 'member_id' => $member['member_id'], 'member_group' => $member['member_group_id'], 'login_type' => $privacy));
$this->registry->output->silentRedirect($this->settings['base_url'] . '&app=core&module=global§ion=login&do=autologin&fromreg=1');
}
} else {
/* This is a COPPA user, so lets tell them they registered OK and redirect to the form. */
$this->DB->insert('validating', array('vid' => $validate_key, 'member_id' => $member['member_id'], 'real_group' => $this->settings['member_group'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => $time, 'coppa_user' => $coppa, 'new_reg' => 1, 'ip_address' => $member['ip_address']));
$this->registry->output->redirectScreen($this->lang->words['cp_success'], $this->settings['base_url'] . 'app=core&module=global&section=register&do=12');
}
}
/**
* Authenticate log in
*
* @access public
* @param string Username (from $this->request)
* @param string Password (from $this->request)
* @return mixed TRUE if successful, string (message) if not
*/
public function authenticateLogIn($username, $password)
{
require_once IPS_ROOT_PATH . 'sources/handlers/han_login.php';
$han_login = new han_login($this->registry);
$han_login->is_admin_auth = 1;
$han_login->init();
$email = '';
/* Is this a username or email address? */
if (IPSText::checkEmailAddress($username)) {
$email = $username;
$username = '';
}
$han_login->loginAuthenticate($username, $email, $password);
$mem = $han_login->member_data;
if (!$mem['member_id'] or $han_login->return_code == 'NO_USER') {
return 'No user found by that sign in name';
}
if ($han_login->return_code == 'NO_ACCESS') {
return 'You do not have access to the upgrade system';
} else {
if ($han_login->return_code != 'SUCCESS') {
return 'Password or sign in name incorrect';
}
}
/* Test seconday groups */
$mem = ipsRegistry::member()->setUpSecondaryGroups($mem);
if ($mem['g_access_cp'] != 1) {
return 'You do not have access to the upgrade system';
}
/* Set up _member */
$this->loadMemberData($mem['member_id']);
/* Still here? */
return TRUE;
}
/**
* Processes the registration form
*
* @return @e void
*/
public function registerProcessForm()
{
$this->_resetMember();
$form_errors = array();
$coppa = $this->request['coppa_user'] == 1 ? 1 : 0;
$in_password = trim($this->request['PassWord']);
$in_email = strtolower(trim($this->request['EmailAddress']));
/* Did we agree to the t&c? */
if (!$this->request['agree_tos']) {
$form_errors['tos'] = array($this->lang->words['must_agree_to_terms']);
}
/* Custom profile field stuff */
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/classes/customfields/profileFields.php', 'customProfileFields');
$custom_fields = new $classToLoad();
$custom_fields->initData('edit');
$custom_fields->parseToSave($_POST, 'register');
/* Check */
if ($custom_fields->error_messages) {
$form_errors['general'] = $custom_fields->error_messages;
}
/* Check the email address */
if (!$in_email or strlen($in_email) < 6 or !IPSText::checkEmailAddress($in_email)) {
$form_errors['email'][$this->lang->words['err_invalid_email']] = $this->lang->words['err_invalid_email'];
}
if (trim($this->request['PassWord_Check']) != $in_password or !$in_password) {
$form_errors['password'][$this->lang->words['passwords_not_match']] = $this->lang->words['passwords_not_match'];
}
/*
There's no reason for this - http://community.invisionpower.com/resources/bugs.html/_/ip-board/registrations-limit-passwords-to-32-characters-for-no-apparent-reason-r37770
elseif ( strlen( $in_password ) < 3 )
{
$form_errors['password'][$this->lang->words['pass_too_short']] = $this->lang->words['pass_too_short'];
}
elseif ( strlen( $in_password ) > 32 )
{
$form_errors['password'][$this->lang->words['pass_too_long']] = $this->lang->words['pass_too_long'];
}
*/
/* Check the username */
$user_check = IPSMember::getFunction()->cleanAndCheckName($this->request['members_display_name'], array(), 'name');
$disp_check = IPSMember::getFunction()->cleanAndCheckName($this->request['members_display_name'], array(), 'members_display_name');
if (is_array($user_check['errors']) && count($user_check['errors'])) {
foreach ($user_check['errors'] as $key => $error) {
$form_errors['dname'][$error] = isset($this->lang->words[$error]) ? $this->lang->words[$error] : $error;
}
}
/* this duplicates username error above */
/*if( is_array( $disp_check['errors'] ) && count( $disp_check['errors'] ) )
{
foreach( $disp_check['errors'] as $key => $error )
{
$form_errors['dname'][ $error ] = isset($this->lang->words[ $error ]) ? $this->lang->words[ $error ] : $error;
}
}*/
/* Is this email addy taken? */
if (IPSMember::checkByEmail($in_email) == TRUE) {
$form_errors['email'][$this->lang->words['reg_error_email_taken']] = $this->lang->words['reg_error_email_taken'];
}
/* Load handler... */
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$this->han_login = new $classToLoad($this->registry);
$this->han_login->init();
$this->han_login->emailExistsCheck($in_email);
if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'EMAIL_NOT_IN_USE') {
$form_errors['email'][$this->lang->words['reg_error_email_taken']] = $this->lang->words['reg_error_email_taken'];
}
/* Are they banned [EMAIL]? */
if (IPSMember::isBanned('email', $in_email) === TRUE) {
$form_errors['email'][$this->lang->words['reg_error_email_ban']] = $this->lang->words['reg_error_email_ban'];
}
/* Check the CAPTCHA */
if ($this->settings['bot_antispam_type'] != 'none') {
if ($this->registry->getClass('class_captcha')->validate() !== TRUE) {
$form_errors['general'][$this->lang->words['err_reg_code']] = $this->lang->words['err_reg_code'];
}
}
/* Check the Q and A */
$qanda = intval($this->request['qanda_id']);
$pass = true;
if ($qanda) {
$pass = false;
$data = $this->DB->buildAndFetch(array('select' => '*', 'from' => 'question_and_answer', 'where' => 'qa_id=' . $qanda));
if ($data['qa_id']) {
$answers = explode("\n", str_replace("\r", "", $data['qa_answers']));
if (count($answers)) {
foreach ($answers as $answer) {
$answer = trim($answer);
if (IPSText::mbstrlen($answer) and mb_strtolower($answer) == mb_strtolower($this->request['qa_answer'])) {
$pass = true;
break;
}
}
}
}
} else {
//-----------------------------------------
// Do we have any questions?
//-----------------------------------------
$data = $this->DB->buildAndFetch(array('select' => 'COUNT(*) as questions', 'from' => 'question_and_answer'));
if ($data['questions']) {
$pass = false;
}
}
if (!$pass) {
$form_errors['general'][$this->lang->words['err_q_and_a']] = $this->lang->words['err_q_and_a'];
}
/* CHECK 2: Any errors ? */
if (count($form_errors)) {
$this->registerForm($form_errors);
return;
}
/* Build up the hashes */
$mem_group = $this->settings['member_group'];
/* Are we asking the member or admin to preview? */
if ($this->settings['reg_auth_type']) {
$mem_group = $this->settings['auth_group'];
} else {
if ($coppa == 1) {
$mem_group = $this->settings['auth_group'];
}
}
/* Create member */
$member = array('name' => $this->request['members_display_name'], 'password' => $in_password, 'members_display_name' => $this->request['members_display_name'], 'email' => $in_email, 'member_group_id' => $mem_group, 'joined' => time(), 'ip_address' => $this->member->ip_address, 'time_offset' => $this->request['time_offset'], 'coppa_user' => $coppa, 'members_auto_dst' => intval($this->settings['time_dst_auto_correction']), 'allow_admin_mails' => intval($this->request['allow_admin_mail']), 'language' => $this->member->language_id);
/* Spam Service */
$spamCode = 0;
$_spamFlag = 0;
if ($this->settings['spam_service_enabled']) {
/* Query the service */
$spamCode = IPSMember::querySpamService($in_email);
/* Action to perform */
$action = $this->settings['spam_service_action_' . $spamCode];
/* Perform Action */
switch ($action) {
/* Proceed with registration */
case 1:
break;
/* Flag for admin approval */
/* Flag for admin approval */
case 2:
$member['member_group_id'] = $this->settings['auth_group'];
$this->settings['reg_auth_type'] = 'admin';
$_spamFlag = 1;
break;
/* Approve the account, but ban it */
/* Approve the account, but ban it */
case 3:
$member['member_banned'] = 1;
$member['bw_is_spammer'] = 1;
$this->settings['reg_auth_type'] = '';
break;
/* Deny registration */
/* Deny registration */
case 4:
$this->registry->output->showError('spam_denied_account', '100x001', FALSE, '', 200);
break;
}
}
//-----------------------------------------
// Create the account
//-----------------------------------------
$member = IPSMember::create(array('members' => $member, 'pfields_content' => $custom_fields->out_fields), FALSE, FALSE, FALSE);
//-----------------------------------------
// Login handler create account callback
//-----------------------------------------
$this->han_login->createAccount(array('member_id' => $member['member_id'], 'email' => $member['email'], 'joined' => $member['joined'], 'password' => $in_password, 'ip_address' => $this->member->ip_address, 'username' => $member['members_display_name'], 'name' => $member['name'], 'members_display_name' => $member['members_display_name']));
//-----------------------------------------
// We'll just ignore if this fails - it shouldn't hold up IPB anyways
//-----------------------------------------
/*if ( $han_login->return_code AND ( $han_login->return_code != 'METHOD_NOT_DEFINED' AND $han_login->return_code != 'SUCCESS' ) )
{
$this->registry->output->showError( 'han_login_create_failed', 2017, true );
}*/
//-----------------------------------------
// Validation
//-----------------------------------------
$validate_key = md5(IPSMember::makePassword() . time());
$time = time();
if ($coppa != 1) {
if ($this->settings['reg_auth_type'] == 'user' or $this->settings['reg_auth_type'] == 'admin' or $this->settings['reg_auth_type'] == 'admin_user') {
//-----------------------------------------
// We want to validate all reg's via email,
// after email verificiation has taken place,
// we restore their previous group and remove the validate_key
//-----------------------------------------
$this->DB->insert('validating', array('vid' => $validate_key, 'member_id' => $member['member_id'], 'real_group' => $this->settings['member_group'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => $time, 'coppa_user' => $coppa, 'new_reg' => 1, 'ip_address' => $member['ip_address'], 'spam_flag' => $_spamFlag));
if ($this->settings['reg_auth_type'] == 'user' or $this->settings['reg_auth_type'] == 'admin_user') {
/* Send out the email. */
$message = array('THE_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=auto_validate&uid=" . urlencode($member['member_id']) . "&aid=" . urlencode($validate_key), 'publicNoSession', 'false'), 'NAME' => $member['members_display_name'], 'MAN_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=05", 'publicNoSession', 'false'), 'EMAIL' => $member['email'], 'ID' => $member['member_id'], 'CODE' => $validate_key);
IPSText::getTextClass('email')->setPlainTextTemplate(IPSText::getTextClass('email')->getTemplate("reg_validate", $this->member->language_id));
IPSText::getTextClass('email')->buildPlainTextContent($message);
IPSText::getTextClass('email')->buildHtmlContent($message);
IPSText::getTextClass('email')->subject = sprintf($this->lang->words['new_registration_email'], $this->settings['board_name']);
IPSText::getTextClass('email')->to = $member['email'];
IPSText::getTextClass('email')->sendMail();
$this->output = $this->registry->output->getTemplate('register')->showAuthorize($member);
} else {
if ($this->settings['reg_auth_type'] == 'admin') {
$this->output = $this->registry->output->getTemplate('register')->showPreview($member);
}
}
/* Only send new registration email if the member wasn't banned */
if ($this->settings['new_reg_notify'] and !$member['member_banned']) {
$date = $this->registry->class_localization->getDate(time(), 'LONG', 1);
IPSText::getTextClass('email')->getTemplate('admin_newuser');
IPSText::getTextClass('email')->buildMessage(array('DATE' => $date, 'LOG_IN_NAME' => $member['name'], 'EMAIL' => $member['email'], 'IP' => $member['ip_address'], 'DISPLAY_NAME' => $member['members_display_name']));
IPSText::getTextClass('email')->subject = sprintf($this->lang->words['new_registration_email1'], $this->settings['board_name']);
IPSText::getTextClass('email')->to = $this->settings['email_in'];
IPSText::getTextClass('email')->sendMail();
}
$this->registry->output->setTitle($this->lang->words['reg_success'] . ' - ' . ipsRegistry::$settings['board_name']);
$this->registry->output->addNavigation($this->lang->words['nav_reg'], '');
} else {
/* We don't want to preview, or get them to validate via email. */
$stat_cache = $this->cache->getCache('stats');
if ($member['members_display_name'] and $member['member_id'] and !$this->caches['group_cache'][$member['member_group_id']]['g_hide_online_list']) {
$stat_cache['last_mem_name'] = $member['members_display_name'];
$stat_cache['last_mem_name_seo'] = IPSText::makeSeoTitle($member['members_display_name']);
$stat_cache['last_mem_id'] = $member['member_id'];
}
$stat_cache['mem_count'] += 1;
$this->cache->setCache('stats', $stat_cache, array('array' => 1));
/* Only send new registration email if the member wasn't banned */
if ($this->settings['new_reg_notify'] and !$member['member_banned']) {
$date = $this->registry->class_localization->getDate(time(), 'LONG', 1);
IPSText::getTextClass('email')->getTemplate('admin_newuser');
IPSText::getTextClass('email')->buildMessage(array('DATE' => $date, 'LOG_IN_NAME' => $member['name'], 'EMAIL' => $member['email'], 'IP' => $member['ip_address'], 'DISPLAY_NAME' => $member['members_display_name']));
IPSText::getTextClass('email')->subject = sprintf($this->lang->words['new_registration_email1'], $this->settings['board_name']);
IPSText::getTextClass('email')->to = $this->settings['email_in'];
IPSText::getTextClass('email')->sendMail();
}
IPSCookie::set('pass_hash', $member['member_login_key'], 1);
IPSCookie::set('member_id', $member['member_id'], 1);
//-----------------------------------------
// Fix up session
//-----------------------------------------
$privacy = $member['g_hide_online_list'] || empty($this->settings['disable_anonymous']) && !empty($this->request['Privacy']) ? 1 : 0;
# Update value for onCompleteAccount call
$member['login_anonymous'] = $privacy . '&1';
$this->member->sessionClass()->convertGuestToMember(array('member_name' => $member['members_display_name'], 'member_id' => $member['member_id'], 'member_group' => $member['member_group_id'], 'login_type' => $privacy));
IPSLib::runMemberSync('onCompleteAccount', $member);
$this->registry->output->silentRedirect($this->settings['base_url'] . '&app=core&module=global§ion=login&do=autologin&fromreg=1');
}
} else {
/* This is a COPPA user, so lets tell them they registered OK and redirect to the form. */
$this->DB->insert('validating', array('vid' => $validate_key, 'member_id' => $member['member_id'], 'real_group' => $this->settings['member_group'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => $time, 'coppa_user' => $coppa, 'new_reg' => 1, 'ip_address' => $member['ip_address']));
$this->registry->output->redirectScreen($this->lang->words['cp_success'], $this->settings['base_url'] . 'app=core&module=global&section=register&do=12');
}
}
/**
* Wrapper for loginAuthenticate - returns more information
*
* @access public
* @return mixed array [0=Words to show, 1=URL to send to, 2=error message language key]
*/
public function verifyLogin()
{
$url = "";
$member = array();
$username = '';
$email = '';
$password = trim($this->request['password']);
$errors = '';
$core = array();
//-----------------------------------------
// Is this a username or email address?
//-----------------------------------------
if (IPSText::checkEmailAddress($this->request['username'])) {
$email = $this->request['username'];
} else {
$username = $this->request['username'];
}
//-----------------------------------------
// Check auth
//-----------------------------------------
$this->loginAuthenticate($username, $email, $password);
$member = $this->member_data;
//-----------------------------------------
// Check return code...
//-----------------------------------------
if ($this->return_code != 'SUCCESS') {
if ($this->return_code == 'MISSING_DATA') {
return array(null, null, 'complete_form');
}
if ($this->return_code == 'ACCOUNT_LOCKED') {
$extra = "<!-- -->";
if ($this->settings['ipb_bruteforce_unlock']) {
if ($this->account_unlock) {
$time = time() - $this->account_unlock;
$time = $this->settings['ipb_bruteforce_period'] - ceil($time / 60) > 0 ? $this->settings['ipb_bruteforce_period'] - ceil($time / 60) : 1;
}
}
return array(null, null, 'bruteforce_account_unlock', $time);
} else {
if ($this->return_code == 'WRONG_OPENID') {
return array(null, null, 'wrong_openid');
} else {
if ($this->return_code == 'FLAGGED_REMOTE') {
return array(null, null, 'flagged_remote');
} else {
return array(null, null, 'wrong_auth');
}
}
}
}
//-----------------------------------------
// Is this a partial member?
// Not completed their sign in?
//-----------------------------------------
if ($member['members_created_remote'] and isset($member['full']) and !$member['full']) {
return array($this->lang->words['partial_login'], $this->settings['base_url'] . 'app=core&module=global&section=register&do=complete_login&mid=' . $member['member_id'] . '&key=' . $member['timenow']);
}
//-----------------------------------------
// Generate a new log in key
//-----------------------------------------
$_ok = 1;
$_time = $this->settings['login_key_expire'] ? time() + intval($this->settings['login_key_expire']) * 86400 : 0;
$_sticky = $_time ? 0 : 1;
$_days = $_time ? $this->settings['login_key_expire'] : 365;
if ($this->settings['login_change_key'] or !$member['member_login_key'] or $this->settings['login_key_expire'] and time() > $member['member_login_key_expire']) {
$member['member_login_key'] = IPSMember::generateAutoLoginKey();
$core['member_login_key'] = $member['member_login_key'];
$core['member_login_key_expire'] = $_time;
}
//-----------------------------------------
// Cookie me softly?
//-----------------------------------------
if ($this->request['rememberMe']) {
IPSCookie::set("member_id", $member['member_id'], 1);
IPSCookie::set("pass_hash", $member['member_login_key'], $_sticky, $_days);
} else {
IPSCookie::set("member_id", $member['member_id'], 0);
IPSCookie::set("pass_hash", $member['member_login_key'], 0);
}
//-----------------------------------------
// Remove any COPPA cookies previously set
//-----------------------------------------
IPSCookie::set("coppa", '0', 0);
//-----------------------------------------
// Update profile if IP addr missing
//-----------------------------------------
if ($member['ip_address'] == "" or $member['ip_address'] == '127.0.0.1') {
$core['ip_address'] = $this->member->ip_address;
}
//-----------------------------------------
// Create / Update session
//-----------------------------------------
$privacy = $this->request['anonymous'] ? 1 : 0;
if ($member['g_hide_online_list']) {
$privacy = 1;
}
$session_id = $this->member->sessionClass()->convertGuestToMember(array('member_name' => $member['members_display_name'], 'member_id' => $member['member_id'], 'member_group' => $member['member_group_id'], 'login_type' => $privacy));
if ($this->request['referer'] and $this->request['referer'] and $this->request['section'] != 'register') {
if (stripos($this->request['referer'], 'section=register') or stripos($this->request['referer'], 'section=login') or stripos($this->request['referer'], 'section=lostpass') or stripos($this->request['referer'], CP_DIRECTORY . '/')) {
$url = $this->settings['base_url'] . '?';
} else {
$url = str_replace('&', '&', $this->request['referer']);
$url = preg_replace("#s=(\\w){32}#", "", $url);
if ($this->member->session_type != 'cookie') {
$url = $this->settings['board_url'] . '/index.php?s=' . $session_id;
}
}
} else {
$url = $this->settings['base_url'] . '?';
}
//-----------------------------------------
// Set our privacy status
//-----------------------------------------
$core['login_anonymous'] = intval($privacy) . '&1';
$core['failed_logins'] = '';
$core['failed_login_count'] = 0;
IPSMember::save($member['member_id'], array('core' => $core));
//-----------------------------------------
// Clear out any passy change stuff
//-----------------------------------------
$this->DB->delete('validating', 'member_id=' . $this->memberData['member_id'] . ' AND lost_pass=1');
//-----------------------------------------
// Redirect them to either the board
// index, or where they came from
//-----------------------------------------
if ($this->request['return']) {
$return = urldecode($this->request['return']);
if (strpos($return, "http://") === 0) {
return array($this->lang->words['partial_login'], $return);
}
}
//-----------------------------------------
// Still here?
//-----------------------------------------
/* Member Sync */
IPSLib::runMemberSync('onLogin', $member);
return array($this->lang->words['partial_login'], $url);
}
/**
* Wrapper for loginAuthenticate - returns more information
*
* @return mixed array [0=Words to show, 1=URL to send to, 2=error message language key]
*/
public function verifyLogin()
{
$url = "";
$member = array();
$username = '';
$email = '';
$password = trim($this->request['ips_password']);
$errors = '';
$core = array();
$mobileSSO = false;
$memberData = $this->registry->member()->fetchMemberData();
/* Mobile app + sso */
if ($memberData['userAgentType'] == 'mobileApp') {
$file = IPS_ROOT_PATH . 'sources/classes/session/ssoMobileAppLogIn.php';
if (is_file($file)) {
require_once $file;
if (class_exists('ssoMobileAppLogIn')) {
$mobileSSO = true;
$logIn = new ssoMobileAppLogIn($this->registry);
$done = $logIn->authenticate($this->request['ips_username'], $password);
$this->return_code = $done['code'];
$this->member_data = IPSMember::load(intval($done['memberId']));
$member = $this->member_data;
}
}
}
/* No mobile log in? Log in normally */
if (!$mobileSSO) {
//-----------------------------------------
// Is this a username or email address?
//-----------------------------------------
if (IPSText::checkEmailAddress($this->request['ips_username'])) {
$email = $this->request['ips_username'];
} else {
$username = $this->request['ips_username'];
}
//-----------------------------------------
// Check auth
//-----------------------------------------
$this->loginAuthenticate($username, $email, $password);
$member = $this->member_data;
}
//-----------------------------------------
// Check return code...
//-----------------------------------------
if ($this->return_code != 'SUCCESS') {
if ($this->return_code == 'MISSING_DATA') {
return array(null, null, 'complete_form');
}
if ($this->return_code == 'ACCOUNT_LOCKED') {
$extra = "<!-- -->";
if ($this->settings['ipb_bruteforce_unlock']) {
if ($this->account_unlock) {
$time = time() - $this->account_unlock;
$time = $this->settings['ipb_bruteforce_period'] - ceil($time / 60) > 0 ? $this->settings['ipb_bruteforce_period'] - ceil($time / 60) : 1;
}
}
return array(null, null, $this->settings['ipb_bruteforce_unlock'] ? 'bruteforce_account_unlock' : 'bruteforce_account_lock', $time);
} else {
if ($this->return_code == 'MISSING_EXTENSIONS') {
return array(null, null, 'missing_extensions');
} else {
if ($this->return_code == 'FLAGGED_REMOTE') {
return array(null, null, 'flagged_remote');
} else {
if ($this->return_code == 'VALIDATING') {
if ($this->revalidate_url == 'ADMIN_VALIDATION') {
return array(null, null, 'validating_remote', ipsRegistry::getClass('class_localization')->words['admin_validation_msg']);
} else {
return array(null, null, 'validating_remote', "<a href='{$this->revalidate_url}' target='_blank'>" . ipsRegistry::getClass('class_localization')->words['resend_val'] . "</a>");
}
} else {
return array(null, null, 'wrong_auth');
}
}
}
}
}
//-----------------------------------------
// Is this a partial member?
// Not completed their sign in?
//-----------------------------------------
if ($member['members_created_remote'] and isset($member['full']) and !$member['full']) {
return array($this->registry->getClass('class_localization')->words['partial_login'], $this->settings['base_url'] . 'app=core&module=global&section=register&do=complete_login&mid=' . $member['member_id'] . '&key=' . $member['timenow']);
}
//-----------------------------------------
// Generate a new log in key
//-----------------------------------------
$_ok = 1;
$_time = $this->settings['login_key_expire'] ? time() + intval($this->settings['login_key_expire']) * 86400 : 0;
$_sticky = $_time ? 0 : 1;
$_days = $_time ? $this->settings['login_key_expire'] : 365;
if (!$member['member_login_key'] or $this->settings['login_key_expire'] and time() > $member['member_login_key_expire']) {
$member['member_login_key'] = IPSMember::generateAutoLoginKey();
$core['member_login_key'] = $member['member_login_key'];
$core['member_login_key_expire'] = $_time;
}
//-----------------------------------------
// Cookie me softly?
//-----------------------------------------
if ($this->request['rememberMe']) {
IPSCookie::set("member_id", $member['member_id'], 1, 0, FALSE, TRUE);
IPSCookie::set("pass_hash", $member['member_login_key'], $_sticky, $_days, FALSE, TRUE);
IPSCookie::set("ipsconnect_" . md5($this->settings['board_url'] . '/interface/ipsconnect/ipsconnect.php'), '1', $_sticky, $_days, FALSE, FALSE);
} else {
// Ticket 824266
// IPSCookie::set( "member_id" , $member['member_id'], 0 );
// IPSCookie::set( "pass_hash" , $member['member_login_key'], 0 );
IPSCookie::set("ipsconnect_" . md5($this->settings['board_url'] . '/interface/ipsconnect/ipsconnect.php'), '1', 0, 0, FALSE, FALSE);
}
//-----------------------------------------
// Remove any COPPA cookies previously set
//-----------------------------------------
IPSCookie::set("coppa", '0', 0);
//-----------------------------------------
// Update profile if IP addr missing
//-----------------------------------------
if ($member['ip_address'] == "" or $member['ip_address'] == '127.0.0.1') {
$core['ip_address'] = $this->registry->member()->ip_address;
}
//-----------------------------------------
// Create / Update session
//-----------------------------------------
$privacy = $member['g_hide_online_list'] || empty($this->settings['disable_anonymous']) && !empty($this->request['anonymous']) ? 1 : 0;
$session_id = $this->registry->member()->sessionClass()->convertGuestToMember(array('member_name' => $member['members_display_name'], 'member_id' => $member['member_id'], 'member_group' => $member['member_group_id'], 'login_type' => $privacy));
if (!empty($this->request['referer']) and $this->request['section'] != 'register') {
if (stripos($this->request['referer'], 'section=register') or stripos($this->request['referer'], 'section=login') or stripos($this->request['referer'], 'section=lostpass') or stripos($this->request['referer'], CP_DIRECTORY . '/')) {
$url = $this->settings['base_url'];
} else {
$url = str_replace('&', '&', $this->request['referer']);
if ($this->registry->member()->session_type == 'cookie') {
$url = preg_replace('#s=(\\w){32}#', "", $url);
}
}
} else {
$url = $this->settings['base_url'];
}
//-----------------------------------------
// Set our privacy status
//-----------------------------------------
$core['login_anonymous'] = intval($privacy) . '&1';
$core['failed_logins'] = '';
$core['failed_login_count'] = 0;
IPSMember::save($member['member_id'], array('core' => $core));
//-----------------------------------------
// Clear out any passy change stuff
//-----------------------------------------
$this->DB->delete('validating', 'member_id=' . $this->registry->member()->getProperty('member_id') . ' AND lost_pass=1');
//-----------------------------------------
// Run member sync
//-----------------------------------------
$member['plainPassword'] = $password;
IPSLib::runMemberSync('onLogin', $member);
unset($member['plainPassword']);
//-----------------------------------------
// Redirect them to either the board
// index, or where they came from
//-----------------------------------------
if (!empty($this->request['return'])) {
$return = urldecode($this->request['return']);
if (strpos($return, "http://") === 0 || strpos($return, "https://") === 0) {
return array($this->registry->getClass('class_localization')->words['partial_login'], $return);
}
}
//-----------------------------------------
// Still here?
//-----------------------------------------
return array($this->registry->getClass('class_localization')->words['partial_login'], $url);
}
/**
* Check and verify the login was successful
*
* @access public
* @return void
*/
public function loginComplete()
{
//-----------------------------------------
// Check form details.
//-----------------------------------------
$this->request['email'] = str_replace('|', '|', $this->request['email']);
$username = '';
$email = '';
//-----------------------------------------
// Is this a username or email address?
//-----------------------------------------
if (IPSText::checkEmailAddress($this->request['username'])) {
$email = $this->request['username'];
} else {
$username = $this->request['username'];
}
//-----------------------------------------
// Check auth
//-----------------------------------------
$this->han_login->loginAuthenticate($username, $email, trim($this->request['password']));
//-----------------------------------------
// Check return code...
//-----------------------------------------
$mem = $this->han_login->member_data;
if (!$mem['member_id'] or $this->han_login->return_code == 'NO_USER') {
$this->_writeToLog($this->request['username'], 'fail');
$this->loginForm($this->lang->words['bad_email_password']);
}
if ($this->han_login->return_code == 'NO_ACCESS') {
$this->_writeToLog($this->request['username'], 'fail');
$this->loginForm($this->lang->words['no_acp_access']);
} else {
if ($this->han_login->return_code != 'SUCCESS') {
$this->_writeToLog($this->request['username'], 'fail');
$this->loginForm($this->lang->words['bad_email_password']);
}
}
//-----------------------------------------
// And sort secondary groups...
//-----------------------------------------
$mem = $this->member->setUpSecondaryGroups($mem);
//-----------------------------------------
// Check access...
//-----------------------------------------
if ($mem['g_access_cp'] != 1) {
$this->_writeToLog($this->request['username'], 'fail');
$this->loginForm($this->lang->words['no_acp_access']);
} else {
//-----------------------------------------
// Fix up query string...
//-----------------------------------------
$extra_query = "";
if ($_POST['qstring']) {
$extra_query = stripslashes($_POST['qstring']);
$extra_query = str_replace($this->settings['_original_base_url'], "", $extra_query);
$extra_query = str_ireplace("?index." . $this->settings['php_ext'], "", $extra_query);
$extra_query = ltrim($extra_query, '?');
$extra_query = preg_replace("!adsess=(\\w){32}!", "", $extra_query);
$extra_query = str_replace("adsess=x", "", $extra_query);
$extra_query = str_replace(array('old_&', 'old_&'), "", $extra_query);
$extra_query = preg_replace("!s=(\\w){32}!", "", $extra_query);
$extra_query = str_replace("module=login", "", $extra_query);
$extra_query = str_replace("do=login-complete", "", $extra_query);
$extra_query = str_replace("/admin", "", $extra_query);
$extra_query = str_replace('&', '&', $extra_query);
$extra_query = preg_replace("#&{1,}#", "&", $extra_query);
}
//-----------------------------------------
// Insert session
//-----------------------------------------
$sess_id = md5(uniqid(microtime()));
$this->DB->delete('core_sys_cp_sessions', 'session_member_id=' . $mem['member_id']);
/* Grab user agent */
$uAgent = array();
$this->DB->insert('core_sys_cp_sessions', array('session_id' => $sess_id, 'session_ip_address' => $this->member->ip_address, 'session_member_name' => $mem['members_display_name'], 'session_member_id' => $mem['member_id'], 'session_member_login_key' => $mem['member_login_key'], 'session_location' => 'index', 'session_log_in_time' => time(), 'session_running_time' => time(), 'session_app_data' => serialize($uAgent), 'session_url' => ''));
$this->request['adsess'] = $sess_id;
//-----------------------------------------
// Redirect...
//-----------------------------------------
$url = $this->settings['_original_base_url'] . '/' . CP_DIRECTORY . '/index.php?adsess=' . $sess_id . '&' . $extra_query;
$this->_writeToLog($this->request['username'], 'ok');
ipsRegistry::getClass('output')->redirect($url, $this->lang->words['login_successful']);
}
}
/**
* UserCP Save Form: Email Address
*
* @return mixed Array of errors / boolean true
*/
public function saveFormEmailPassword()
{
//-----------------------------------------
// INIT
//-----------------------------------------
$_emailOne = strtolower(trim($this->request['in_email_1']));
$_emailTwo = strtolower(trim($this->request['in_email_2']));
$cur_pass = trim($this->request['current_pass']);
$new_pass = trim($this->request['new_pass_1']);
$chk_pass = trim($this->request['new_pass_2']);
$isRemote = (!$this->memberData['bw_local_password_set'] and $this->memberData['members_created_remote']) ? true : false;
if ($cur_pass or $new_pass) {
if ($this->memberData['g_access_cp']) {
return array(0 => $this->lang->words['admin_emailpassword']);
}
if ($isRemote === false and (!$_POST['current_pass'] or empty($new_pass) or empty($chk_pass))) {
return array(0 => $this->lang->words['complete_entire_form']);
}
//-----------------------------------------
// Do the passwords actually match?
//-----------------------------------------
if ($new_pass != $chk_pass) {
return array(0 => $this->lang->words['passwords_not_matchy']);
}
//-----------------------------------------
// Check password...
//-----------------------------------------
if ($isRemote === false) {
if ($this->_checkPassword($cur_pass) !== TRUE) {
return array(0 => $this->lang->words['current_pw_bad']);
}
} else {
/* This is INIT in _checkPassword */
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$this->han_login = new $classToLoad($this->registry);
$this->han_login->init();
}
//-----------------------------------------
// Create new password...
//-----------------------------------------
$md5_pass = md5($new_pass);
//-----------------------------------------
// han_login was loaded during check_password
//-----------------------------------------
$this->han_login->changePass($this->memberData['email'], $md5_pass, $new_pass, $this->memberData);
if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'SUCCESS') {
return array(0 => $this->lang->words['hanlogin_pw_failed']);
}
//-----------------------------------------
// Update the DB
//-----------------------------------------
IPSMember::updatePassword($this->memberData['email'], $md5_pass);
IPSLib::runMemberSync('onPassChange', $this->memberData['member_id'], $new_pass);
//-----------------------------------------
// Update members log in key...
//-----------------------------------------
$key = IPSMember::generateAutoLoginKey();
IPSMember::save($this->memberData['member_id'], array('core' => array('member_login_key' => $key, 'bw_local_password_set' => 1)));
$this->ok_message = $this->lang->words['pw_change_successful'];
}
if ($_emailOne or $_emailTwo) {
//-----------------------------------------
// Do not allow validating members to change
// email when admin validation is on
// @see http://community.invisionpower.com/tracker/issue-19964-loophole-in-registration-procedure/
//-----------------------------------------
if ($this->memberData['member_group_id'] == $this->settings['auth_group'] and in_array($this->settings['reg_auth_type'], array('admin', 'admin_user'))) {
$this->registry->output->showError($this->lang->words['admin_val_no_email_chg'], 10190);
}
//-----------------------------------------
// Check input
//-----------------------------------------
if ($this->memberData['g_access_cp']) {
return array(0 => $this->lang->words['admin_emailpassword']);
}
if (!$_POST['in_email_1'] or !$_POST['in_email_2']) {
return array(0 => $this->lang->words['complete_entire_form']);
}
//-----------------------------------------
// Check password...
//-----------------------------------------
if (!$this->_isFBUser) {
if ($this->_checkPassword($this->request['password']) === FALSE) {
return array(0 => $this->lang->words['current_pw_bad']);
}
}
//-----------------------------------------
// Test email addresses
//-----------------------------------------
if ($_emailOne != $_emailTwo) {
return array(0 => $this->lang->words['emails_no_matchy']);
}
if (IPSText::checkEmailAddress($_emailOne) !== TRUE) {
return array(0 => $this->lang->words['email_not_valid']);
}
//-----------------------------------------
// Is this email addy taken?
//-----------------------------------------
if (IPSMember::checkByEmail($_emailOne) == TRUE) {
return array(0 => $this->lang->words['email_is_taken']);
}
//-----------------------------------------
// Load ban filters
//-----------------------------------------
$banfilters = array();
$this->DB->build(array('select' => '*', 'from' => 'banfilters'));
$this->DB->execute();
while ($r = $this->DB->fetch()) {
$banfilters[$r['ban_type']][] = $r['ban_content'];
}
//-----------------------------------------
// Check in banned list
//-----------------------------------------
if (isset($banfilters['email']) and is_array($banfilters['email']) and count($banfilters['email'])) {
foreach ($banfilters['email'] as $email) {
$email = str_replace('\\*', '.*', preg_quote($email, "/"));
if (preg_match("/^{$email}\$/i", $_emailOne)) {
return array(0 => $this->lang->words['email_is_taken']);
}
}
}
//-----------------------------------------
// Load handler...
//-----------------------------------------
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$this->han_login = new $classToLoad($this->registry);
$this->han_login->init();
if ($this->han_login->emailExistsCheck($_emailOne) !== FALSE) {
return array(0 => $this->lang->words['email_is_taken']);
}
$this->han_login->changeEmail($this->memberData['email'], $_emailOne, $this->memberData);
if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'SUCCESS') {
return array(0 => $this->lang->words['email_is_taken']);
}
//-----------------------------------------
// Want a new validation? NON ADMINS ONLY
//-----------------------------------------
if ($this->settings['reg_auth_type'] and !$this->memberData['g_access_cp']) {
//-----------------------------------------
// Remove any existing entries
//-----------------------------------------
$_previous = $this->DB->buildAndFetch(array('select' => 'prev_email, real_group', 'from' => 'validating', 'where' => "member_id={$this->memberData['member_id']} AND email_chg=1"));
if ($_previous['prev_email']) {
$this->DB->delete('validating', "member_id={$this->memberData['member_id']} AND email_chg=1");
$this->memberData['email'] = $_previous['prev_email'];
$this->memberData['member_group_id'] = $_previous['real_group'];
}
$validate_key = md5(IPSMember::makePassword() . time());
//-----------------------------------------
// Update the new email, but enter a validation key
// and put the member in "awaiting authorisation"
// and send an email..
//-----------------------------------------
$db_str = array('vid' => $validate_key, 'member_id' => $this->memberData['member_id'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => time(), 'coppa_user' => 0, 'email_chg' => 1, 'ip_address' => $this->member->ip_address, 'prev_email' => $this->memberData['email']);
if ($this->memberData['member_group_id'] != $this->settings['auth_group']) {
$db_str['real_group'] = $this->memberData['member_group_id'];
}
$this->DB->insert('validating', $db_str);
IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($_emailOne), $this->memberData['email']);
IPSMember::save($this->memberData['member_id'], array('core' => array('member_group_id' => $this->settings['auth_group'], 'email' => $_emailOne)));
//-----------------------------------------
// Update their session with the new member group
//-----------------------------------------
if ($this->member->session_id) {
$this->member->sessionClass()->convertMemberToGuest();
}
//-----------------------------------------
// Kill the cookies to stop auto log in
//-----------------------------------------
IPSCookie::set('pass_hash', '-1', 0);
IPSCookie::set('member_id', '-1', 0);
IPSCookie::set('session_id', '-1', 0);
//-----------------------------------------
// Dispatch the mail, and return to the activate form.
//-----------------------------------------
IPSText::getTextClass('email')->getTemplate("newemail");
IPSText::getTextClass('email')->buildMessage(array('NAME' => $this->memberData['members_display_name'], 'THE_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=auto_validate&type=newemail&uid=" . $this->memberData['member_id'] . "&aid=" . $validate_key, 'publicNoSession', 'false'), 'ID' => $this->memberData['member_id'], 'MAN_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=07", 'publicNoSession', 'false'), 'CODE' => $validate_key));
IPSText::getTextClass('email')->subject = $this->lang->words['lp_subject'] . ' ' . $this->settings['board_name'];
IPSText::getTextClass('email')->to = $_emailOne;
IPSText::getTextClass('email')->sendMail();
$this->registry->getClass('output')->silentRedirect($this->settings['base_url'] . 'app=core&module=global&section=register&do=07');
} else {
//-----------------------------------------
// No authorisation needed, change email addy and return
//-----------------------------------------
IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($_emailOne), $this->memberData['email']);
IPSMember::save($this->memberData['member_id'], array('core' => array('email' => $_emailOne)));
//-----------------------------------------
// Add to OK message
//-----------------------------------------
$this->ok_message = $this->lang->words['ok_email_changed'];
}
}
return TRUE;
}
/**
* Forward the page (sends the email)
*
* @access private
* @return void [Outputs to screen/redirects]
*/
private function _sendEmail()
{
//-----------------------------------------
// Check
//-----------------------------------------
if ($this->request['k'] != $this->member->form_hash) {
$this->registry->getClass('output')->showError('no_permission', 2029);
}
$lang_to_use = 1;
foreach (ipsRegistry::cache()->getCache('lang_data') as $l) {
if ($this->request['lang'] == $l['lang_id']) {
$lang_to_use = $l['lang_id'];
}
}
$check_array = array('to_name' => 'stf_no_name', 'to_email' => 'stf_no_email', 'message' => 'stf_no_msg', 'subject' => 'stf_no_subject');
foreach ($check_array as $input => $msg) {
if (!$this->request[$input]) {
$this->registry->output->showError($msg, 10325);
}
}
if (!IPSText::checkEmailAddress($this->request['to_email'])) {
$this->registry->output->showError('email_address_invalid', 10326);
}
IPSText::getTextClass('email')->getTemplate("forward_page", $lang_to_use);
IPSText::getTextClass('email')->buildMessage(array('THE_MESSAGE' => $this->request['message'], 'TO_NAME' => $this->request['to_name'], 'FROM_NAME' => $this->memberData['members_display_name']));
IPSText::getTextClass('email')->subject = $this->request['subject'];
IPSText::getTextClass('email')->to = $this->request['to_email'];
IPSText::getTextClass('email')->from = $this->memberData['email'];
IPSText::getTextClass('email')->sendMail();
$this->registry->output->redirectScreen($this->lang->words['redirect'], $this->settings['base_url'] . "showtopic=" . $this->topic['tid'] . "&st=" . $this->request['st']);
}
/**
* Add a member [process]
*
* @return @e void
*/
protected function _memberDoAdd()
{
/* Init vars */
$in_username = trim($this->request['name']);
$in_password = trim($this->request['password']);
$in_email = trim(strtolower($this->request['email']));
$members_display_name = $this->request['mirror_loginname'] ? $in_username : trim($this->request['members_display_name']);
$this->registry->output->global_error = '';
$this->registry->class_localization->loadLanguageFile(array('public_register'), 'core');
/* Check erros */
foreach (array('name', 'password', 'email', 'member_group_id') as $field) {
if (!$_POST[$field]) {
$this->registry->output->showError($this->lang->words['m_completeform'], 11238);
}
}
//-----------------------------------------
// Check
//-----------------------------------------
if (!IPSText::checkEmailAddress($in_email)) {
$this->registry->output->global_error = $this->lang->words['m_emailinv'];
}
$userName = IPSMember::getFunction()->cleanAndCheckName($in_username, array(), 'name');
$displayName = IPSMember::getFunction()->cleanAndCheckName($members_display_name, array(), 'members_display_name');
if (count($userName['errors'])) {
$_message = $this->lang->words[$userName['errors']['username']] ? $this->lang->words[$userName['errors']['username']] : $userName['errors']['username'];
$this->registry->output->global_error .= '<p>' . $this->lang->words['sm_loginname'] . ': ' . $_message . '</p>';
}
if ($this->settings['auth_allow_dnames'] and count($displayName['errors'])) {
$_message = $this->lang->words[$displayName['errors']['dname']] ? $this->lang->words[$displayName['errors']['dname']] : $displayName['errors']['dname'];
$this->registry->output->global_error .= '<p>' . $this->lang->words['sm_display'] . ': ' . $_message . '</p>';
}
/* Errors? */
if ($this->registry->output->global_error) {
$this->_memberAddForm();
return;
}
//-----------------------------------------
// Load handler...
//-----------------------------------------
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$this->han_login = new $classToLoad($this->registry);
$this->han_login->init();
//-----------------------------------------
// Only check local, else a user being in Converge
// means that you can't manually add the user to the board
//-----------------------------------------
$email_check = $this->DB->buildAndFetch(array('select' => 'member_id', 'from' => 'members', 'where' => "email='" . $in_email . "'"));
if ($email_check['member_id']) {
$this->registry->output->global_error = $this->lang->words['m_emailalready'];
$this->_memberAddForm();
return;
}
//$this->han_login->emailExistsCheck( $in_email );
//if( $this->han_login->return_code AND $this->han_login->return_code != 'METHOD_NOT_DEFINED' AND $this->han_login->return_code != 'EMAIL_NOT_IN_USE' )
//{
// $this->registry->output->global_message = $this->lang->words['m_emailalready'];
// $this->_memberAddForm();
// return;
//}
//-----------------------------------------
// Allowed to add administrators?
//-----------------------------------------
if ($this->caches['group_cache'][intval($this->request['member_group_id'])]['g_access_cp'] and !$this->registry->getClass('class_permissions')->checkPermission('member_add_admin')) {
$this->registry->output->global_error = $this->lang->words['m_addadmin'];
$this->_memberAddForm();
return;
}
$member = array('name' => $in_username, 'members_display_name' => $members_display_name ? $members_display_name : $in_username, 'email' => $in_email, 'member_group_id' => intval($this->request['member_group_id']), 'joined' => time(), 'ip_address' => $this->member->ip_address, 'time_offset' => $this->settings['time_offset'], 'coppa_user' => intval($this->request['coppa']), 'allow_admin_mails' => 1, 'password' => $in_password, 'language' => IPSLib::getDefaultLanguage());
//-----------------------------------------
// Create the account
//-----------------------------------------
$member = IPSMember::create(array('members' => $member, 'pfields_content' => $this->request), FALSE, FALSE, FALSE);
//-----------------------------------------
// Login handler create account callback
//-----------------------------------------
$this->han_login->createAccount(array('email' => $in_email, 'joined' => $member['joined'], 'password' => $in_password, 'ip_address' => $member['ip_address'], 'username' => $member['members_display_name']));
/*if( $this->han_login->return_code AND $this->han_login->return_code != 'METHOD_NOT_DEFINED' AND $this->han_login->return_code != 'SUCCESS' )
{
$this->registry->output->global_message = sprintf( $this->lang->words['m_cantadd'], $this->han_login->return_code ) . $this->han_login->return_details;
$this->_memberAddForm();
return;
}*/
//-----------------------------------------
// Restriction permissions stuff
//-----------------------------------------
if ($this->memberData['row_perm_cache']) {
if ($this->caches['group_cache'][intval($this->request['member_group_id'])]['g_access_cp']) {
//-----------------------------------------
// Copy restrictions...
//-----------------------------------------
$this->DB->insert('admin_permission_rows', array('row_member_id' => $member['member_id'], 'row_perm_cache' => $this->memberData['row_perm_cache'], 'row_updated' => time()));
}
}
//-----------------------------------------
// Send teh email (I love 'teh' as much as !!11!!1)
//-----------------------------------------
if ($this->request['sendemail']) {
IPSText::getTextClass('email')->setPlainTextTemplate(IPSText::getTextClass('email')->getTemplate("account_created"));
IPSText::getTextClass('email')->buildMessage(array('NAME' => $member['name'], 'EMAIL' => $member['email'], 'PASSWORD' => $in_password));
IPSText::getTextClass('email')->to = $member['email'];
IPSText::getTextClass('email')->sendMail();
}
//-----------------------------------------
// Stats
//-----------------------------------------
$this->cache->rebuildCache('stats', 'global');
$this->cache->rebuildCache('birthdays', 'calendar');
//-----------------------------------------
// Log and bog?
//-----------------------------------------
ipsRegistry::getClass('adminFunctions')->saveAdminLog(sprintf($this->lang->words['m_createlog'], $this->request['name']));
$this->registry->output->global_message = $this->lang->words['m_memadded'];
$this->request['member_id'] = $member['member_id'];
$this->_showAdminForm($member, array());
$this->_memberView();
}
/**
* Save new email and/or pass
*
* @return @e void
*/
protected function _saveForm()
{
if (!$this->request['email'] and !$this->request['password']) {
$this->registry->output->global_error = $this->lang->words['change_nothing_update'];
$this->_showForm();
return;
}
if ($this->request['email']) {
if (!$this->request['email_confirm']) {
$this->registry->output->global_error = $this->lang->words['change_both_fields'];
$this->_showForm();
return;
} else {
if ($this->request['email'] != $this->request['email_confirm']) {
$this->registry->output->global_error = $this->lang->words['change_not_match'];
$this->_showForm();
return;
}
}
$email = trim($this->request['email']);
if (!IPSText::checkEmailAddress($email)) {
$this->registry->output->global_error = $this->lang->words['bad_email_supplied'];
$this->_showForm();
return;
}
$email_check = IPSMember::load(strtolower($email));
if ($email_check['member_id']) {
if ($email_check['member_id'] == $this->memberData['member_id']) {
$this->registry->output->global_error = $this->lang->words['already_using_email'];
} else {
$this->registry->output->global_error = $this->lang->words['change_email_already_used'];
}
$this->_showForm();
return;
}
//-----------------------------------------
// Load handler...
//-----------------------------------------
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$han_login = new $classToLoad($this->registry);
$han_login->init();
$han_login->changeEmail(trim(strtolower($this->memberData['email'])), trim(strtolower($email)), $this->memberData);
IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($email), $this->memberData['email']);
IPSMember::save($this->memberData['member_id'], array('core' => array('email' => strtolower($email))));
ipsRegistry::getClass('adminFunctions')->saveAdminLog(sprintf($this->lang->words['changed_email'], $email));
}
if ($this->request['password']) {
if (!$this->request['password_confirm']) {
$this->registry->output->global_error = $this->lang->words['change_both_fields'];
$this->_showForm();
return;
} else {
if ($this->request['password'] != $this->request['password_confirm']) {
$this->registry->output->global_error = $this->lang->words['change_not_match_pw'];
$this->_showForm();
return;
}
}
$password = $this->request['password'];
$salt = str_replace('\\', "\\\\", IPSMember::generatePasswordSalt(5));
$key = IPSMember::generateAutoLoginKey();
$md5_once = md5(trim($password));
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$han_login = new $classToLoad($this->registry);
$han_login->init();
$han_login->changePass($this->memberData['email'], $md5_once, $password, $this->memberData);
IPSMember::save($this->memberData['member_id'], array('core' => array('members_pass_salt' => $salt, 'member_login_key' => $key)));
IPSMember::updatePassword($this->memberData['member_id'], $md5_once);
IPSLib::runMemberSync('onPassChange', $this->memberData['member_id'], $password);
ipsRegistry::getClass('adminFunctions')->saveAdminLog($this->lang->words['changed_password']);
}
$this->registry->output->global_message = $this->lang->words['details_updated'];
$this->registry->output->silentRedirectWithMessage($this->settings['base_url']);
}
/**
* Authenticate log in
*
* @access public
* @param string Username (from $this->request)
* @param string Password (from $this->request)
* @return mixed TRUE if successful, string (message) if not
*/
public function authenticateLogIn($username, $password)
{
require_once IPS_ROOT_PATH . 'sources/handlers/han_login.php';
/*noLibHook*/
$han_login = new han_login($this->registry);
$han_login->is_admin_auth = 1;
$han_login->init();
$email = '';
/* Is this a username or email address? */
if (IPSText::checkEmailAddress($username)) {
$email = $username;
$username = '';
}
$han_login->loginAuthenticate($username, $email, $password);
$mem = $han_login->member_data;
if (!$mem['member_id'] or $han_login->return_code == 'NO_USER') {
return 'Пользователь не найден';
}
if ($han_login->return_code == 'NO_ACCESS') {
return 'У вас нет доступа к системе обновления';
} else {
if ($han_login->return_code != 'SUCCESS') {
return 'Имя пользователя или пароль неверны';
}
}
/* Test seconday groups */
$mem = ipsRegistry::member()->setUpSecondaryGroups($mem);
if ($mem['g_access_cp'] != 1) {
return 'У вас нет доступа к системе обновления';
}
/* Set up _member */
$this->loadMemberData($mem['member_id']);
/* Still here? */
return TRUE;
}
/**
* Parse event object in an ical feed
*
* @param int $start Line number
* @return @e void
* @link http://community.invisionpower.com/resources/bugs.html/_/ip-calendar/recurring-events-can-sometimes-be-skipped-in-ics-r41033
*/
protected function _processEventObject($start)
{
//-----------------------------------------
// Init
//-----------------------------------------
$_break = false;
$_event = array();
//-----------------------------------------
// Loop over lines
//-----------------------------------------
$_recid = null;
for ($i = $start, $j = count($this->_rawIcsData); $i < $j; $i++) {
//-----------------------------------------
// Unparse and get the data
//-----------------------------------------
$tmp = $this->_unparseContent($this->_rawIcsData[$i], $i);
if (!$tmp) {
continue;
}
$_type = $tmp['type'];
$_data = $tmp['data'];
switch ($_type) {
case 'CLASS':
$_event['access_class'] = $_data;
break;
case 'CREATED':
if (!$_event['created']) {
$_event['created'] = strtotime($_data);
}
break;
case 'SUMMARY':
/* @link http://community.invisionpower.com/tracker/issue-32941-ical-summary/ */
if (strpos($_data, 'LANGUAGE=') === 0) {
$_data = preg_replace("/^LANGUAGE=(.+?):(.+?)\$/i", "\\2", $_data);
}
$_event['summary'] = $this->_unencodeSpecialCharacters($_data);
break;
case 'DESCRIPTION':
$_event['description'] = $this->_unencodeSpecialCharacters($_data);
break;
case 'DURATION':
$_event['duration'] = $_data;
break;
case 'DTSTART':
$_event['start'] = $this->_unparseTimeInfo($this->_rawIcsData[$i]);
break;
case 'DTEND':
$_event['end'] = $this->_unparseTimeInfo($this->_rawIcsData[$i]);
break;
case 'DTSTAMP':
$_event['created'] = strtotime($_data);
break;
case 'LAST-MODIFIED':
$_event['last_modified'] = strtotime($_data);
break;
case 'TRANSP':
$_event['time_transparent'] = $_data;
break;
case 'GEO':
$_event['geo'] = $_data;
break;
case 'ORGANIZER':
$line = explode(':', $_data);
$_event['organizer'] = array('name' => str_replace('CN=', '', $line[0]), 'email' => $line[2]);
break;
case 'ATTENDEE':
$line = explode(':', $_data);
$_email = '';
foreach ($line as $_line) {
$_line = str_replace('cn=', '', strtolower($_line));
if (IPSText::checkEmailAddress($_line)) {
$_email = $_line;
}
}
$_event['attendee'][] = array('name' => str_replace('CN=', '', $line[0]), 'email' => $_email);
break;
case 'UID':
$_event['uid'] = $_data;
break;
case 'STATUS':
$_event['status'] = $_data;
break;
case 'LOCATION':
$_event['location'] = $_data;
break;
case 'SEQUENCE':
$_event['sequence'] = intval($_data);
break;
case 'RRULE':
$_event['recurr'] = $_event['recurr'] ? $_event['recurr'] : array();
$_event['recurr'] = array_merge($_event['recurr'], $this->_getRecurrenceData($_data));
break;
case 'BEGIN':
$this->_parseBeginBlock($_data, $i);
break;
case 'RECURRENCE-ID':
$_recid = $_data;
break;
case 'END':
$_break = true;
break;
}
if ($_break) {
if ($_recid) {
$event['uid'] = md5($event['uid'] . $_recid);
}
$this->_parsedIcsData['events'][] = $_event;
break;
}
}
}
/**
* Forward the page (sends the email)
*
* @return @e void [Outputs to screen/redirects]
*/
protected function _sendEmail()
{
//-----------------------------------------
// Check
//-----------------------------------------
if ($this->request['k'] != $this->member->form_hash) {
$this->registry->getClass('output')->showError('no_permission', 2029, null, null, 403);
}
/* Check the CAPTCHA */
if ($this->settings['bot_antispam_type'] != 'none') {
if ($this->registry->getClass('class_captcha')->validate() !== TRUE) {
return $this->_showForm('err_reg_code');
}
}
$lang_to_use = '';
foreach (ipsRegistry::cache()->getCache('lang_data') as $l) {
if ($this->request['lang'] == $l['lang_id']) {
$lang_to_use = $l['lang_id'];
}
}
$check_array = array('to_name' => 'stf_no_name', 'to_email' => 'stf_no_email', 'message' => 'stf_no_msg', 'subject' => 'stf_no_subject');
foreach ($check_array as $input => $msg) {
if (!$this->request[$input]) {
$this->registry->output->showError($msg, 10325);
}
}
if (!IPSText::checkEmailAddress($this->request['to_email'])) {
$this->registry->output->showError('email_address_invalid', 10326);
}
IPSText::getTextClass('email')->getTemplate("forward_page", $lang_to_use);
IPSText::getTextClass('email')->buildMessage(array('THE_MESSAGE' => $this->request['message'], 'TO_NAME' => $this->request['to_name'], 'FROM_NAME' => $this->memberData['members_display_name']));
IPSText::getTextClass('email')->subject = $this->request['subject'];
IPSText::getTextClass('email')->to = $this->request['to_email'];
IPSText::getTextClass('email')->from = $this->memberData['email'];
IPSText::getTextClass('email')->sendMail();
$this->registry->output->redirectScreen($this->lang->words['redirect'], $this->page['url']);
}
/**
* Check against XSS
*
* NOTE: When this function is updated, please also update classIncomingEmail::cleanMessage()
*
* @access public
* @param string Original string
* @param boolean Fix script HTML tags
* @return string "Cleaned" text
*/
public function checkXss($txt = '', $fixScript = false, $tag = '')
{
//-----------------------------------------
// Opening script tags...
// Check for spaces and new lines...
//-----------------------------------------
if ($fixScript) {
$txt = preg_replace('#<(\\s+?)?s(\\s+?)?c(\\s+?)?r(\\s+?)?i(\\s+?)?p(\\s+?)?t#is', "<script", $txt);
$txt = preg_replace('#<(\\s+?)?/(\\s+?)?s(\\s+?)?c(\\s+?)?r(\\s+?)?i(\\s+?)?p(\\s+?)?t#is', "</script", $txt);
}
/* got a tag? */
if ($tag) {
$tag = strip_tags($tag, '<br>');
switch ($tag) {
case 'entry':
case 'blog':
case 'topic':
case 'post':
$test = str_replace(array('"', "'", '"', '''), "", $txt);
if (!is_numeric($test)) {
$txt = false;
}
break;
case 'acronym':
$test = str_replace(array('"', "'", '"', '''), "", $txt);
$test1 = str_replace(array('<', ">", '[', ']'), "", $test);
//IPSText::alphanumericalClean( $test, '.+&#; ' );
if ($test != $test1) {
$txt = false;
}
break;
case 'email':
$test = str_replace(array('"', "'", '"', '''), "", $txt);
$test = IPSText::checkEmailAddress($test) ? $txt : FALSE;
break;
case 'font':
/* Make sure it's clean */
$test = str_replace(array('"', "'", '"', '''), "", $txt);
$test1 = IPSText::alphanumericalClean($test, '#.+, ');
if ($test != $test1) {
$txt = false;
}
break;
case 'background':
case 'color':
/* Make sure it's clean */
$test = str_replace(array('"', "'", '"', '''), "", $txt);
/* Make rgb() safe */
$test = preg_replace('#rgb(a)?\\(([^\\)]+?)\\)#i', '', $test);
$test1 = IPSText::alphanumericalClean($test, '#.+, ');
if ($test != $test1) {
$txt = false;
}
break;
default:
$_regex = null;
$_bbcodes = $this->cache->getCache('bbcode');
$_regex = $_bbcodes[$tag]['bbcode_custom_regex'];
if ($_regex) {
$test = str_replace(array('"', "'", '"', '''), "", $txt);
if (!preg_match($_regex, $test)) {
$txt = false;
}
}
break;
}
/* If we didn't actually get any option data, then return false */
$test = str_replace(array('"', "'", '"', '''), "", $txt);
if (strlen($txt) and strlen($test) < 1) {
$txt = false;
}
if ($txt === false) {
return false;
}
/* Still here? Safety, then */
$txt = strip_tags($txt, '<br>');
if (strpos($txt, '[') !== false or strpos($txt, ']') !== false) {
$txt = str_replace(array('[', ']'), array('[', ']'), $txt);
}
}
/* Attempt to make JS safe */
$txt = IPSText::xssMakeJavascriptSafe($txt);
return $txt;
}
/**
* Add a member [process]
*
* @access private
* @return void [Outputs to screen]
*/
private function _memberDoAdd()
{
//-----------------------------------------
// INIT
//-----------------------------------------
$in_username = trim($this->request['name']);
$in_password = trim($this->request['password']);
$in_email = trim(strtolower($this->request['email']));
$members_display_name = trim($this->request['members_display_name']);
$this->registry->output->global_message = '';
//-----------------------------------------
// Check form
//-----------------------------------------
foreach (array('name', 'password', 'email', 'member_group_id') as $field) {
if (!$_POST[$field]) {
$this->registry->output->showError($this->lang->words['m_completeform'], 11238);
}
}
//-----------------------------------------
// Check
//-----------------------------------------
if (!IPSText::checkEmailAddress($in_email)) {
$this->registry->output->global_message = $this->lang->words['m_emailinv'];
}
$userName = IPSMember::getFunction()->cleanAndCheckName($in_username, array(), 'name');
$displayName = IPSMember::getFunction()->cleanAndCheckName($members_display_name, array(), 'members_display_name');
if (count($userName['errors'])) {
$this->registry->output->global_message .= '<p>' . $this->lang->words['sm_loginname'] . ' ' . $userName['errors']['username'] . '</p>';
}
if ($this->settings['auth_allow_dnames'] and count($displayName['errors'])) {
$this->registry->output->global_message .= '<p>' . $this->lang->words['sm_display'] . ' ' . $displayName['errors']['dname'] . '</p>';
}
/* Errors? */
if ($this->registry->output->global_message) {
$this->_memberAddForm();
return;
}
//-----------------------------------------
// Load handler...
//-----------------------------------------
require_once IPS_ROOT_PATH . 'sources/handlers/han_login.php';
$this->han_login = new han_login($this->registry);
$this->han_login->init();
$this->han_login->emailExistsCheck($in_email);
if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'EMAIL_NOT_IN_USE') {
$this->registry->output->global_message = $this->lang->words['m_emailalready'];
$this->_memberAddForm();
return;
}
//-----------------------------------------
// Allowed to add administrators?
//-----------------------------------------
if ($this->caches['group_cache'][intval($this->request['member_group_id'])]['g_access_cp'] and !$this->registry->getClass('class_permissions')->checkPermission('member_add_admin')) {
$this->registry->output->global_message = $this->lang->words['m_addadmin'];
$this->_memberAddForm();
return;
}
$member = array('name' => $in_username, 'members_display_name' => $members_display_name ? $members_display_name : $in_username, 'email' => $in_email, 'member_group_id' => intval($this->request['member_group_id']), 'joined' => time(), 'ip_address' => $this->member->ip_address, 'time_offset' => $this->settings['time_offset'], 'coppa_user' => intval($this->request['coppa']), 'allow_admin_mails' => 1, 'password' => $in_password);
//-----------------------------------------
// Create the account
//-----------------------------------------
$member = IPSMember::create(array('members' => $member, 'pfields_content' => $this->request));
//-----------------------------------------
// Login handler create account callback
//-----------------------------------------
$this->han_login->createAccount(array('email' => $in_email, 'joined' => $member['joined'], 'password' => $in_password, 'ip_address' => $member['ip_address'], 'username' => $member['members_display_name']));
/*if( $this->han_login->return_code AND $this->han_login->return_code != 'METHOD_NOT_DEFINED' AND $this->han_login->return_code != 'SUCCESS' )
{
$this->registry->output->global_message = sprintf( $this->lang->words['m_cantadd'], $this->han_login->return_code ) . $this->han_login->return_details;
$this->_memberAddForm();
return;
}*/
//-----------------------------------------
// Restriction permissions stuff
//-----------------------------------------
if ($this->memberData['row_perm_cache']) {
if ($this->caches['group_cache'][intval($this->request['member_group_id'])]['g_access_cp']) {
//-----------------------------------------
// Copy restrictions...
//-----------------------------------------
$this->DB->insert('admin_permission_rows', array('row_member_id' => $member_id, 'row_perm_cache' => $this->memberData['row_perm_cache'], 'row_updated' => time()));
}
}
//-----------------------------------------
// Send teh email (I love 'teh' as much as !!11!!1)
//-----------------------------------------
if ($this->request['sendemail']) {
IPSText::getTextClass('email')->getTemplate("account_created");
IPSText::getTextClass('email')->buildMessage(array('NAME' => $member['name'], 'EMAIL' => $member['email'], 'PASSWORD' => $in_password));
IPSText::getTextClass('email')->to = $member['email'];
IPSText::getTextClass('email')->sendMail();
}
//-----------------------------------------
// Stats
//-----------------------------------------
$this->cache->rebuildCache('stats', 'global');
//-----------------------------------------
// Log and bog?
//-----------------------------------------
ipsRegistry::getClass('adminFunctions')->saveAdminLog(sprintf($this->lang->words['m_createlog'], $this->request['name']));
$this->registry->output->global_message = $this->lang->words['m_memadded'];
$this->request['member_id'] = $member['member_id'];
$this->_showAdminForm($member, array());
$this->_memberView();
}
/**
* UserCP Save Form: Email Address
*
* @access public
* @return mixed Array of errors / boolean true
*/
public function saveFormEmail()
{
//-----------------------------------------
// INIT
//-----------------------------------------
$_emailOne = strtolower(trim($this->request['in_email_1']));
$_emailTwo = strtolower(trim($this->request['in_email_2']));
$captchaInput = trim(ipsRegistry::$request['captchaInput']);
$captchaUniqueID = trim(ipsRegistry::$request['captchaUniqueID']);
//-----------------------------------------
// Check input
//-----------------------------------------
if ($this->memberData['g_access_cp']) {
return array(0 => $this->lang->words['admin_emailpassword']);
}
if (!$_POST['in_email_1'] or !$_POST['in_email_2']) {
return array(0 => $this->lang->words['complete_entire_form']);
}
//-----------------------------------------
// Check password...
//-----------------------------------------
if (!$this->_isFBUser) {
if ($this->_checkPassword($this->request['password']) === FALSE) {
return array(0 => $this->lang->words['current_pw_bad']);
}
}
//-----------------------------------------
// Test email addresses
//-----------------------------------------
if ($_emailOne != $_emailTwo) {
return array(0 => $this->lang->words['emails_no_matchy']);
}
if (IPSText::checkEmailAddress($_emailOne) !== TRUE) {
return array(0 => $this->lang->words['email_not_valid']);
}
//-----------------------------------------
// Is this email addy taken?
//-----------------------------------------
if (IPSMember::checkByEmail($_emailOne) == TRUE) {
return array(0 => $this->lang->words['email_is_taken']);
}
//-----------------------------------------
// Load ban filters
//-----------------------------------------
$this->DB->build(array('select' => '*', 'from' => 'banfilters'));
$this->DB->execute();
while ($r = $this->DB->fetch()) {
$banfilters[$r['ban_type']][] = $r['ban_content'];
}
//-----------------------------------------
// Check in banned list
//-----------------------------------------
if (isset($banfilters['email']) and is_array($banfilters['email']) and count($banfilters['email'])) {
foreach ($banfilters['email'] as $email) {
$email = str_replace('\\*', '.*', preg_quote($email, "/"));
if (preg_match("/^{$email}\$/i", $_emailOne)) {
return array(0 => $this->lang->words['email_is_taken']);
}
}
}
//-----------------------------------------
// Anti bot flood...
//-----------------------------------------
if ($this->settings['bot_antispam']) {
if ($this->registry->getClass('class_captcha')->validate() !== TRUE) {
return array(0 => $this->lang->words['captcha_email_invalid']);
}
}
//-----------------------------------------
// Load handler...
//-----------------------------------------
require_once IPS_ROOT_PATH . 'sources/handlers/han_login.php';
$this->han_login = new han_login($this->registry);
$this->han_login->init();
if ($this->han_login->emailExistsCheck($_emailOne) !== FALSE) {
return array(0 => $this->lang->words['email_is_taken']);
}
$this->han_login->changeEmail($this->memberData['email'], $_emailOne);
if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'SUCCESS') {
return array(0 => $this->lang->words['email_is_taken']);
}
//-----------------------------------------
// Require new validation? NON ADMINS ONLY
//-----------------------------------------
if ($this->settings['reg_auth_type'] and !$this->memberData['g_access_cp']) {
$validate_key = md5(IPSLib::makePassword() . time());
//-----------------------------------------
// Update the new email, but enter a validation key
// and put the member in "awaiting authorisation"
// and send an email..
//-----------------------------------------
$db_str = array('vid' => $validate_key, 'member_id' => $this->memberData['member_id'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => time(), 'coppa_user' => 0, 'email_chg' => 1, 'ip_address' => $this->request['IP_ADDRESS'], 'prev_email' => $this->memberData['email']);
if ($this->memberData['member_group_id'] != $this->settings['auth_group']) {
$db_str['real_group'] = $this->memberData['member_group_id'];
}
$this->DB->insert('validating', $db_str);
IPSMember::save($this->memberData['member_id'], array('core' => array('member_group_id' => $this->settings['auth_group'], 'email' => $_emailOne)));
IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($_emailOne));
//-----------------------------------------
// Update their session with the new member group
//-----------------------------------------
if ($this->member->session_id) {
$this->member->sessionClass()->convertMemberToGuest();
}
//-----------------------------------------
// Kill the cookies to stop auto log in
//-----------------------------------------
IPSCookie::set('pass_hash', '-1', 0);
IPSCookie::set('member_id', '-1', 0);
IPSCookie::set('session_id', '-1', 0);
//-----------------------------------------
// Dispatch the mail, and return to the activate form.
//-----------------------------------------
IPSText::getTextClass('email')->getTemplate("newemail");
IPSText::getTextClass('email')->buildMessage(array('NAME' => $this->memberData['members_display_name'], 'THE_LINK' => $this->settings['base_url'] . "app=core&module=global§ion=register&do=auto_validate&type=newemail&uid=" . $this->memberData['member_id'] . "&aid=" . $validate_key, 'ID' => $this->memberData['member_id'], 'MAN_LINK' => $this->settings['base_url'] . "app=core&module=global§ion=register&do=07", 'CODE' => $validate_key));
IPSText::getTextClass('email')->subject = $this->lang->words['lp_subject'] . ' ' . $this->settings['board_name'];
IPSText::getTextClass('email')->to = $_emailOne;
IPSText::getTextClass('email')->sendMail();
$this->registry->getClass('output')->redirectScreen($this->lang->words['ce_redirect'], $this->settings['base_url'] . 'app=core&module=global&section=register&do=07');
} else {
//-----------------------------------------
// No authorisation needed, change email addy and return
//-----------------------------------------
IPSMember::save($this->memberData['member_id'], array('core' => array('email' => $_emailOne)));
IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($_emailOne));
//-----------------------------------------
// Add to OK message
//-----------------------------------------
$this->ok_message = $this->lang->words['ok_email_changed'];
return TRUE;
}
}
/**
* Send Bulk Mail via Mandrill
*/
protected function _mailSendMandrill()
{
//-----------------------------------------
// Load it
//-----------------------------------------
$id = intval($this->request['id']);
$mail = $this->DB->buildAndFetch(array('select' => '*', 'from' => 'bulk_mail', 'where' => 'mail_id=' . $id));
if (!$mail['mail_id'] or !$mail['mail_subject'] or !$mail['mail_content']) {
$this->registry->output->global_message = $this->lang->words['b_nosend'];
$this->_mailStart();
return;
}
$opts = unserialize($mail['mail_opts']);
//-----------------------------------------
// Work out which vars we've actually used
//-----------------------------------------
$usedVars = array('unsubscribe');
foreach (array_keys($this->_getVariableInformation($this->memberData)) as $k) {
if (strpos($mail['mail_content'], '{' . $k . '}') !== FALSE) {
$usedVars[] = $k;
}
}
//-----------------------------------------
// Build the JSON document
//-----------------------------------------
$pergo = 2000;
$recipientsTo = array();
$recipientsMerge = array();
/* Start with a basic query */
$queryData = array('select' => 'm.*', 'from' => array('members' => 'm'), 'order' => 'm.member_id', 'limit' => array($this->request['st'], $pergo));
/* Add in filters */
$done = 0;
$complete = FALSE;
$_queryData = $this->_buildMembersQuery($opts['filters']);
$queryData['add_join'] = $_queryData['add_join'];
$queryData['where'] = implode(' AND ', $_queryData['where']);
/* Write the file */
$this->DB->build($queryData);
$e = $this->DB->execute();
if (!$this->DB->getTotalRows($e)) {
$complete = TRUE;
}
while ($r = $this->DB->fetch($e)) {
/* Skip any invalid emails - the chars presented here are allowed via RFC (note that _ and - are already allowed in alphanumericClean and don't need to be specified) */
if (!$r['email'] or !$r['members_display_name'] or !IPSText::checkEmailAddress($r['email']) or $r['email'] != IPSText::alphanumericalClean($r['email'], '@.+!#$%&\'*/=?^`{|}~ ')) {
continue;
}
$recipientsTo[] = array('email' => $r['email'], 'name' => $r['members_display_name']);
$vars = array();
foreach ($this->_getVariableInformation($r, 1) as $k => $v) {
if (in_array($k, $usedVars)) {
$vars[] = array('name' => $k, 'content' => $v);
}
}
if (!empty($vars)) {
$recipientsMerge[] = array('rcpt' => $r['email'], 'vars' => $vars);
}
$done++;
}
//-----------------------------------------
// Build Content
//-----------------------------------------
/* Sort out member vars */
$content = $mail['mail_content'];
foreach ($this->_getVariableInformation($this->memberData) as $k => $v) {
$content = str_replace('{' . $k . '}', '*|' . $k . '|*', $content);
}
/* Sort out global vars */
$globalMergeVars = array();
foreach ($this->_getVariableInformation(NULL, 2) as $k => $v) {
if (in_array($k, $usedVars)) {
$globalMergeVars[] = array('name' => $k, 'content' => $v);
}
}
/* Get the full content */
IPSText::getTextClass('email')->clearContent();
IPSText::getTextClass('email')->unsubscribe = true;
if ($opts['mail_html_on']) {
IPSText::getTextClass('email')->setHtmlEmail(true);
IPSText::getTextClass('email')->setHtmlTemplate(str_replace("\n", "", $content));
IPSText::getTextClass('email')->setHtmlWrapper('<#content#>');
} else {
if ($this->settings['email_use_html']) {
IPSText::getTextClass('email')->setHtmlEmail(true);
IPSText::getTextClass('email')->setHtmlTemplate($content);
} else {
IPSText::getTextClass('email')->setPlainTextTemplate($content, true);
}
}
if ($opts['mail_html_on'] or $this->settings['email_use_html']) {
IPSText::getTextClass('email')->buildMessage(array('UNSUBSCRIBE' => '*|unsubscribe|*'), true, true);
$content = IPSText::getTextClass('email')->getHtmlContent();
} else {
IPSText::getTextClass('email')->buildMessage(array('UNSUBSCRIBE' => '*|unsubscribe|*'));
$content = nl2br(IPSText::getTextClass('email')->getPlainTextContent());
}
//-----------------------------------------
// Send to Mandrill
//-----------------------------------------
if (IPS_DOC_CHAR_SET != "UTF-8") {
$mail['mail_subject'] = IPSText::convertCharsets($mail['mail_subject'], IPS_DOC_CHAR_SET, "UTF-8");
}
require_once IPSLib::getAppDir('members') . '/sources/classes/mandrill.php';
$mandrill = new Mandrill();
$response = $mandrill->messages_send(array('message' => array('html' => $content, 'subject' => $mail['mail_subject'], 'from_email' => $this->settings['email_out'], 'from_name' => $this->settings['board_name'], 'to' => $recipientsTo, 'auto_text' => true, 'url_strip_qs' => false, 'preserve_recipients' => false, 'merge' => true, 'global_merge_vars' => $globalMergeVars, 'merge_vars' => $recipientsMerge, 'tags' => array_merge(array('ips'), array_filter($opts['mandrill_tags'], create_function('$v', 'return (bool) $v;')))), 'async' => true));
if (isset($response->status) and $response->status == 'error') {
$this->registry->output->showError('mandrill_error');
}
//-----------------------------------------
// Save
//-----------------------------------------
$this->DB->update('bulk_mail', array('mail_active' => 0, 'mail_updated' => time(), 'mail_sentto' => $mail['mail_sentto'] + count($recipientsTo)), 'mail_id=' . $mail['mail_id']);
if ($complete !== TRUE) {
$url = "{$this->settings['base_url']}app=members&module=bulkmail§ion=bulkmail&do=mail_send_mandrill&id={$id}&countmembers={$this->request['countmembers']}&st=" . ($this->request['st'] + $pergo);
if (!$this->request['st']) {
$this->registry->output->multipleRedirectInit($url);
$this->registry->getClass('output')->html_main .= $this->registry->getClass('output')->global_template->global_frame_wrapper();
$this->registry->getClass('output')->sendOutput();
} else {
$percentage = 100 / $this->request['countmembers'] * $this->request['st'];
$percentage = floor($percentage);
$this->registry->output->multipleRedirectHit($url, "Processing ({$percentage}% complete)");
}
return;
} else {
$this->registry->output->multipleRedirectFinish();
}
}
