static function UserIDfromUsername($username)
{
$db = JFactory::getDBO();
$query = 'SELECT id' . ' FROM #__users' . ' WHERE username = \'' . aecEscape($username, array('string', 'badchars')) . '\'';
$db->setQuery($query);
return $db->loadResult();
}
public function onAfterRoute()
{
if (strpos(JPATH_BASE, '/administrator')) {
// Don't act when on backend
return true;
}
$vars = $this->getVars();
// Make sure we need to make a call at all
if (!($vars['j_reg'] || $vars['k2_regsv'] || $vars['ccb'] || $vars['joms'] || $vars['alpha'] || $vars['aec'])) {
return true;
}
$vars = $this->getAdditionalVars($vars);
if (($vars['isreg'] || $vars['cb_sregsv'] || $vars['k2_regsv'] || $vars['alpha_regsv']) && $vars['int_reg']) {
// Joomla or CB registration...
if ($vars['pfirst'] && !$vars['has_usage']) {
// Plans first and not yet selected -> select!
$this->deleteToken();
$app = JFactory::getApplication();
$app->redirect(AECToolbox::deadsureURL('index.php?option=com_acctexp&task=subscribe', false, true));
} elseif (!$vars['pfirst'] && $vars['joms_regs'] && !$vars['has_user'] && !$vars['has_usage']) {
$this->redirectToken();
} elseif ($vars['has_user'] && $vars['joms_regs']) {
$this->redirectToken();
} elseif ($vars['has_user'] && ($vars['alpha_regsv'] || $vars['joms_regsv'] || $vars['cb_sregsv'] || $vars['k2_regsv'])) {
if ($vars['joms_regsv']) {
$name = aecGetParam('jsname', "", true, array('string', 'clear_nonalnum'));
$username = aecGetParam('jsusername', "", true, array('string', 'clear_nonalnumwhitespace'));
$password = aecGetParam('jspassword', "", true, array('string'));
$password2 = aecGetParam('jspassword2', "", true, array('string'));
$email = aecGetParam('jsemail', "", true, array('string', 'clear_nonemail'));
} else {
$name = aecGetParam('name', "", true, array('string', 'clear_nonalnum'));
$username = aecGetParam('username', "", true, array('string', 'clear_nonalnumwhitespace'));
$password = aecGetParam('password', "", true, array('string'));
$password2 = aecGetParam('password2', "", true, array('string'));
if (empty($password2)) {
$password2 = aecGetParam('password__verify', "", true, array('string'));
}
$email = aecGetParam('email', "", true, array('string', 'clear_nonemail'));
if (empty($username)) {
$name = aecEscape($_REQUEST['jform']['name'], array('string', 'clear_nonalnum'));
$username = aecEscape($_REQUEST['jform']['username'], array('string', 'clear_nonalnum'));
$password = aecEscape($_REQUEST['jform']['password1'], array('string', 'clear_nonalnum'));
$password2 = aecEscape($_REQUEST['jform']['password2'], array('string', 'clear_nonalnum'));
if (empty($password2)) {
$password2 = aecEscape($_REQUEST['jform']['password__verify'], array('string', 'clear_nonalnum'));
}
$email = aecEscape($_REQUEST['jform']['email1'], array('string', 'clear_nonalnum'));
}
}
if (!empty($username) && !empty($password) && !empty($email)) {
$temptoken = new aecTempToken();
$temptoken->getComposite();
$skip = array('coupon_code', 'task', 'option');
foreach ($_POST as $k => $v) {
if (!in_array($k, $skip)) {
$temptoken->content[$k] = aecGetParam($k, "", true, array('string'));
}
}
$temptoken->content['name'] = $name;
$temptoken->content['username'] = $username;
$temptoken->content['password'] = $password;
$temptoken->content['password2'] = $password2;
$temptoken->content['email'] = $email;
if ($vars['k2_regsv']) {
$temptoken->content['handler'] = 'k2';
} elseif ($vars['joms_regsv']) {
$temptoken->content['handler'] = 'jomsocial';
} elseif ($vars['cb_sregsv']) {
$temptoken->content['handler'] = 'cb';
}
$temptoken->storeload();
if ($vars['cb_sregsv'] || $vars['k2_regsv']) {
$this->redirectToken();
}
}
if ($vars['alpha_regsv']) {
$this->redirectToken();
}
} elseif ($vars['has_usage']) {
$existing = $this->saveToToken($vars);
if ($vars['joms_reg'] && !$existing) {
// I have... seen things you people wouldn't believe
// Logic on fire on the shore of JomSocial
$uri = JFactory::getURI();
$app = JFactory::getApplication();
$app->redirect($uri->toString());
}
}
} elseif ($vars['has_usage'] && !$vars['checkout']) {
$this->saveToToken($vars);
} elseif ($vars['cbsreg']) {
// Any kind of user profile edit = trigger MIs
$row = new stdClass();
$row->username = $vars['username'];
$mih = new microIntegrationHandler();
$mih->userchange($row, $_POST, 'registration');
}
}
static function saveUserRegistration($var, $internal = false, $overrideActivation = false, $overrideEmails = false, $overrideJS = false)
{
$db = JFactory::getDBO();
global $task, $aecConfig;
$app = JFactory::getApplication();
ob_start();
// Let CB/JUSER think that everything is going fine
if (aecComponentHelper::detect_component('anyCB')) {
if (aecComponentHelper::detect_component('CBE') || $overrideActivation) {
global $ueConfig;
}
$savetask = $task;
$_REQUEST['task'] = 'done';
include_once JPATH_SITE . '/components/com_comprofiler/comprofiler.php';
$task = $savetask;
if ($overrideActivation) {
$ueConfig['reg_confirmation'] = 0;
}
if ($overrideEmails) {
$ueConfig['reg_welcome_sub'] = '';
// Only disable "Pending Approval / Confirmation" emails if it makes sense
if (!$ueConfig['reg_confirmation'] || !$ueConfig['reg_admin_approval']) {
$ueConfig['reg_pend_appr_sub'] = '';
}
}
} elseif (aecComponentHelper::detect_component('JUSER')) {
$savetask = $task;
$task = 'blind';
include_once JPATH_SITE . '/components/com_juser/juser.php';
include_once JPATH_SITE . '/administrator/components/com_juser/juser.class.php';
$task = $savetask;
} elseif (aecComponentHelper::detect_component('JOMSOCIAL')) {
}
// For joomla and CB, we must filter out some internal variables before handing over the POST data
$badbadvars = array('userid', 'method_name', 'usage', 'processor', 'recurring', 'currency', 'amount', 'invoice', 'id', 'gid');
foreach ($badbadvars as $badvar) {
if (isset($var[$badvar])) {
unset($var[$badvar]);
}
}
if (empty($var['name']) && !empty($var['jform'])) {
// Must be K2
$var['name'] = aecEscape($var['jform']['name'], array('string', 'clear_nonalnum'));
unset($var['jform']);
}
$_POST = $var;
$var['username'] = aecEscape($var['username'], array('string', 'badchars'));
$savepwd = aecEscape($var['password'], array('string', 'badchars'));
if (aecComponentHelper::detect_component('anyCB')) {
// This is a CB registration, borrowing their code to save the user
if ($internal && !aecComponentHelper::detect_component('CBE')) {
include_once JPATH_SITE . '/components/com_acctexp/lib/codeofshame/cbregister.php';
if (empty($_POST['firstname']) && !empty($_POST['name'])) {
$name = metaUser::_explodeName($_POST['name']);
$_POST['firstname'] = $name['first'];
if (empty($name['last'])) {
$_POST['lastname'] = $name['first'];
} else {
$_POST['lastname'] = $name['last'];
}
}
$_POST['password__verify'] = $_POST['password2'];
unset($_POST['password2']);
@saveRegistrationNOCHECKSLOL('com_acctexp');
} else {
@saveRegistration('com_acctexp');
$cbreply = ob_get_contents();
$indicator = '<script type="text/javascript">alert(\'';
$alertstart = strpos($cbreply, $indicator);
// Emergency fallback
if ($alertstart !== false) {
ob_clean();
$alertend = strpos($cbreply, '\'); </script>', $alertstart);
$alert = substr($cbreply, $alertstart + strlen($indicator), $alertend - $alertstart - strlen($indicator));
if ($aecConfig->cfg['plans_first']) {
aecErrorAlert($alert, $action = 'window.history.go(-2);');
} else {
aecErrorAlert($alert, $action = 'window.history.go(-3);');
}
}
}
} elseif (aecComponentHelper::detect_component('JUSER')) {
// This is a JUSER registration, borrowing their code to save the user
saveRegistration('com_acctexp');
$query = 'SELECT `id`' . ' FROM #__users' . ' WHERE `username` = \'' . $var['username'] . '\'';
$db->setQuery($query);
$uid = $db->loadResult();
JUser::saveUser_ext($uid);
//synchronize dublicate user data
$query = 'SELECT `id`' . ' FROM #__juser_integration' . ' WHERE `published` = \'1\'' . ' AND `export_status` = \'1\'';
$db->setQuery($query);
$components = $db->loadObjectList();
if (!empty($components)) {
foreach ($components as $component) {
$synchronize = require_integration($component->id);
$synchronize->synchronizeFrom($uid);
}
}
} elseif (aecComponentHelper::detect_component('JOMSOCIAL') && !$overrideJS) {
} else {
$data = array('username' => $var['username'], 'password' => $var['password'], 'password2' => $var['password2'], 'email' => $var['email'], 'name' => $var['name']);
if (isset($var['jform']['profile'])) {
$data['profile'] = $var['jform']['profile'];
}
if (defined('JPATH_MANIFESTS')) {
$params = JComponentHelper::getParams('com_users');
// Initialise the table with JUser.
JUser::getTable('User', 'JTable');
$user = new JUser();
// Prepare the data for the user object.
$useractivation = $params->get('useractivation');
// Check if the user needs to activate their account.
if (($useractivation == 1 || $useractivation == 2) && !$overrideActivation) {
jimport('joomla.user.helper');
$data['activation'] = xJ::getHash();
$data['block'] = 1;
}
$usersConfig = JComponentHelper::getParams('com_users');
$system = $usersConfig->get('new_usertype', 2);
$data['groups'][] = $system;
// Bind the data.
if (!$user->bind($data)) {
JError::raiseWarning(500, JText::sprintf('COM_USERS_REGISTRATION_BIND_FAILED', $user->getError()));
return false;
}
// Load the users plugin group.
JPluginHelper::importPlugin('users');
// Store the data.
if (!$user->save()) {
JError::raiseWarning(500, JText::sprintf('COM_USERS_REGISTRATION_SAVE_FAILED', $user->getError()));
return false;
}
} else {
// This is a joomla registration, borrowing their code to save the user
// Check for request forgeries
if (!$internal) {
JRequest::checkToken() or die('Invalid Token');
}
// Get required system objects
$user = clone JFactory::getUser();
//$pathway =& $app->getPathway();
$config = JFactory::getConfig();
$authorize = JFactory::getACL();
$document = JFactory::getDocument();
// If user registration is not allowed, show 403 not authorized.
$usersConfig = JComponentHelper::getParams('com_users');
if ($usersConfig->get('allowUserRegistration') == '0') {
JError::raiseError(403, JText::_('Access Forbidden'));
return;
}
// Initialize new usertype setting
$newUsertype = $usersConfig->get('new_usertype');
if (!$newUsertype) {
$newUsertype = 'Registered';
}
// Bind the post array to the user object
if (!$user->bind($data)) {
JError::raiseError(500, $user->getError());
unset($_POST);
subscribe('com_acctexp');
return false;
}
// Set some initial user values
$user->set('id', 0);
$user->set('usertype', '');
$user->set('gid', $authorize->get_group_id('', $newUsertype, 'ARO'));
$user->set('sendEmail', 0);
$user->set('registerDate', date('Y-m-d H:i:s', (int) gmdate('U')));
// If user activation is turned on, we need to set the activation information
$useractivation = $usersConfig->get('useractivation');
if ($useractivation == '1' && !$overrideActivation) {
jimport('joomla.user.helper');
$user->set('activation', md5(JUserHelper::genRandomPassword()));
$user->set('block', '1');
}
// If there was an error with registration, set the message and display form
if (!$user->save()) {
JError::raiseWarning('', JText::_($user->getError()));
echo JText::_($user->getError());
return false;
}
}
$row = $user;
$name = $row->name;
$email = $row->email;
$username = $row->username;
$subject = sprintf(JText::_('AEC_SEND_SUB'), $name, $app->getCfg('sitename'));
$subject = html_entity_decode($subject, ENT_QUOTES, 'UTF-8');
$usersConfig = JComponentHelper::getParams('com_users');
$activation = $usersConfig->get('useractivation');
if ($activation > 0 && !$overrideActivation) {
$atext = JText::_('AEC_USEND_MSG_ACTIVATE');
if (defined('JPATH_MANIFESTS')) {
$activation_link = JURI::root() . 'index.php?option=com_users&task=registration.activate&token=' . $row->activation;
if ($activation == 2) {
$atext = JText::_('COM_USERS_MSG_ADMIN_ACTIVATE');
}
} else {
$activation_link = JURI::root() . 'index.php?option=com_user&task=activate&activation=' . $row->activation;
}
$message = sprintf($atext, $name, $app->getCfg('sitename'), $activation_link, JURI::root(), $username, $savepwd);
} else {
$message = sprintf(JText::_('AEC_USEND_MSG'), $name, $app->getCfg('sitename'), JURI::root());
}
$message = html_entity_decode($message, ENT_QUOTES, 'UTF-8');
// check if Global Config `mailfrom` and `fromname` values exist
if ($app->getCfg('mailfrom') != '' && $app->getCfg('fromname') != '') {
$adminName2 = $app->getCfg('fromname');
$adminEmail2 = $app->getCfg('mailfrom');
} else {
// use email address and name of first superadmin for use in email sent to user
$rows = xJACLhandler::getSuperAdmins();
$row2 = $rows[0];
$adminName2 = $row2->name;
$adminEmail2 = $row2->email;
}
// Send email to user
if (!($aecConfig->cfg['nojoomlaregemails'] || $overrideEmails)) {
xJ::sendMail($adminEmail2, $adminEmail2, $email, $subject, $message);
}
// Send notification to all administrators
$aecUser = AECToolbox::aecIP();
$subject2 = sprintf(JText::_('AEC_SEND_SUB'), $name, $app->getCfg('sitename'));
$message2 = sprintf(JText::_('AEC_ASEND_MSG_NEW_REG'), $adminName2, $app->getCfg('sitename'), $row->name, $email, $username, $aecUser['ip'], $aecUser['isp']);
$subject2 = html_entity_decode($subject2, ENT_QUOTES, 'UTF-8');
$message2 = html_entity_decode($message2, ENT_QUOTES, 'UTF-8');
// get email addresses of all admins and superadmins set to recieve system emails
$admins = AECToolbox::getAdminEmailList();
foreach ($admins as $adminemail) {
if (!empty($adminemail)) {
xJ::sendMail($adminEmail2, $adminEmail2, $adminemail, $subject2, $message2);
}
}
}
ob_clean();
// We need the new userid, so we're fetching it from the newly created entry here
$query = 'SELECT `id`' . ' FROM #__users' . ' WHERE `username` = \'' . $var['username'] . '\'';
$db->setQuery($query);
return $db->loadResult();
}
function aecEscape($value, $safe_params)
{
if (is_array($value)) {
$array = array();
foreach ($value as $k => $v) {
$array[$k] = aecEscape($v, $safe_params);
}
return $array;
}
$regex = "#{aecjson}(.*?){/aecjson}#s";
// find all instances of json code
$matches = array();
preg_match_all($regex, $value, $matches, PREG_SET_ORDER);
if (count($matches)) {
$value = str_replace($matches, array(''), $value);
}
if (get_magic_quotes_gpc()) {
$return = stripslashes($value);
} else {
$return = $value;
}
if (in_array('clear_nonemail', $safe_params)) {
if (strpos($value, '@') === false) {
if (!in_array('clear_nonalnum', $safe_params)) {
// This is not a valid email adress to begin with, so strip everything hazardous
$safe_params[] = 'clear_nonalnum';
}
} else {
$array = explode('@', $return, 2);
$username = preg_replace('/[^a-z0-9._+-]+/i', '', $array[0]);
$domain = preg_replace('/[^a-z0-9.-]+/i', '', $array[1]);
$return = $username . '@' . $domain;
}
}
if (in_array('clear_nonalnumwhitespace', $safe_params)) {
$return = preg_replace("/[^a-z0-9\\s@._+-]/i", '', $return);
}
if (in_array('clear_nonalnum', $safe_params)) {
$return = preg_replace("/[^a-z0-9@._+-]/i", '', $return);
}
if (in_array('clear_nonslug', $safe_params)) {
$return = preg_replace("/[^a-z0-9_-]/i", '', $return);
}
if (!empty($safe_params)) {
foreach ($safe_params as $param) {
$r = $return;
switch ($param) {
case 'word':
$e = strpos($return, ' ');
if ($e !== false) {
$r = substr($return, 0, $e);
}
break;
case 'badchars':
$r = preg_replace("#[<>\"'%;()&]#i", '', $return);
break;
case 'int':
$r = (int) $return;
break;
case 'bool':
$r = (bool) $return;
break;
case 'string':
$r = (string) $return;
break;
case 'float':
$r = (double) $return;
break;
}
$return = $r;
}
}
$db = JFactory::getDBO();
return xJ::escape($db, $return);
}
