static function UserIDfromUsername($username) { $db = JFactory::getDBO(); $query = 'SELECT id' . ' FROM #__users' . ' WHERE username = \'' . aecEscape($username, array('string', 'badchars')) . '\''; $db->setQuery($query); return $db->loadResult(); }
public function onAfterRoute() { if (strpos(JPATH_BASE, '/administrator')) { // Don't act when on backend return true; } $vars = $this->getVars(); // Make sure we need to make a call at all if (!($vars['j_reg'] || $vars['k2_regsv'] || $vars['ccb'] || $vars['joms'] || $vars['alpha'] || $vars['aec'])) { return true; } $vars = $this->getAdditionalVars($vars); if (($vars['isreg'] || $vars['cb_sregsv'] || $vars['k2_regsv'] || $vars['alpha_regsv']) && $vars['int_reg']) { // Joomla or CB registration... if ($vars['pfirst'] && !$vars['has_usage']) { // Plans first and not yet selected -> select! $this->deleteToken(); $app = JFactory::getApplication(); $app->redirect(AECToolbox::deadsureURL('index.php?option=com_acctexp&task=subscribe', false, true)); } elseif (!$vars['pfirst'] && $vars['joms_regs'] && !$vars['has_user'] && !$vars['has_usage']) { $this->redirectToken(); } elseif ($vars['has_user'] && $vars['joms_regs']) { $this->redirectToken(); } elseif ($vars['has_user'] && ($vars['alpha_regsv'] || $vars['joms_regsv'] || $vars['cb_sregsv'] || $vars['k2_regsv'])) { if ($vars['joms_regsv']) { $name = aecGetParam('jsname', "", true, array('string', 'clear_nonalnum')); $username = aecGetParam('jsusername', "", true, array('string', 'clear_nonalnumwhitespace')); $password = aecGetParam('jspassword', "", true, array('string')); $password2 = aecGetParam('jspassword2', "", true, array('string')); $email = aecGetParam('jsemail', "", true, array('string', 'clear_nonemail')); } else { $name = aecGetParam('name', "", true, array('string', 'clear_nonalnum')); $username = aecGetParam('username', "", true, array('string', 'clear_nonalnumwhitespace')); $password = aecGetParam('password', "", true, array('string')); $password2 = aecGetParam('password2', "", true, array('string')); if (empty($password2)) { $password2 = aecGetParam('password__verify', "", true, array('string')); } $email = aecGetParam('email', "", true, array('string', 'clear_nonemail')); if (empty($username)) { $name = aecEscape($_REQUEST['jform']['name'], array('string', 'clear_nonalnum')); $username = aecEscape($_REQUEST['jform']['username'], array('string', 'clear_nonalnum')); $password = aecEscape($_REQUEST['jform']['password1'], array('string', 'clear_nonalnum')); $password2 = aecEscape($_REQUEST['jform']['password2'], array('string', 'clear_nonalnum')); if (empty($password2)) { $password2 = aecEscape($_REQUEST['jform']['password__verify'], array('string', 'clear_nonalnum')); } $email = aecEscape($_REQUEST['jform']['email1'], array('string', 'clear_nonalnum')); } } if (!empty($username) && !empty($password) && !empty($email)) { $temptoken = new aecTempToken(); $temptoken->getComposite(); $skip = array('coupon_code', 'task', 'option'); foreach ($_POST as $k => $v) { if (!in_array($k, $skip)) { $temptoken->content[$k] = aecGetParam($k, "", true, array('string')); } } $temptoken->content['name'] = $name; $temptoken->content['username'] = $username; $temptoken->content['password'] = $password; $temptoken->content['password2'] = $password2; $temptoken->content['email'] = $email; if ($vars['k2_regsv']) { $temptoken->content['handler'] = 'k2'; } elseif ($vars['joms_regsv']) { $temptoken->content['handler'] = 'jomsocial'; } elseif ($vars['cb_sregsv']) { $temptoken->content['handler'] = 'cb'; } $temptoken->storeload(); if ($vars['cb_sregsv'] || $vars['k2_regsv']) { $this->redirectToken(); } } if ($vars['alpha_regsv']) { $this->redirectToken(); } } elseif ($vars['has_usage']) { $existing = $this->saveToToken($vars); if ($vars['joms_reg'] && !$existing) { // I have... seen things you people wouldn't believe // Logic on fire on the shore of JomSocial $uri = JFactory::getURI(); $app = JFactory::getApplication(); $app->redirect($uri->toString()); } } } elseif ($vars['has_usage'] && !$vars['checkout']) { $this->saveToToken($vars); } elseif ($vars['cbsreg']) { // Any kind of user profile edit = trigger MIs $row = new stdClass(); $row->username = $vars['username']; $mih = new microIntegrationHandler(); $mih->userchange($row, $_POST, 'registration'); } }
static function saveUserRegistration($var, $internal = false, $overrideActivation = false, $overrideEmails = false, $overrideJS = false) { $db = JFactory::getDBO(); global $task, $aecConfig; $app = JFactory::getApplication(); ob_start(); // Let CB/JUSER think that everything is going fine if (aecComponentHelper::detect_component('anyCB')) { if (aecComponentHelper::detect_component('CBE') || $overrideActivation) { global $ueConfig; } $savetask = $task; $_REQUEST['task'] = 'done'; include_once JPATH_SITE . '/components/com_comprofiler/comprofiler.php'; $task = $savetask; if ($overrideActivation) { $ueConfig['reg_confirmation'] = 0; } if ($overrideEmails) { $ueConfig['reg_welcome_sub'] = ''; // Only disable "Pending Approval / Confirmation" emails if it makes sense if (!$ueConfig['reg_confirmation'] || !$ueConfig['reg_admin_approval']) { $ueConfig['reg_pend_appr_sub'] = ''; } } } elseif (aecComponentHelper::detect_component('JUSER')) { $savetask = $task; $task = 'blind'; include_once JPATH_SITE . '/components/com_juser/juser.php'; include_once JPATH_SITE . '/administrator/components/com_juser/juser.class.php'; $task = $savetask; } elseif (aecComponentHelper::detect_component('JOMSOCIAL')) { } // For joomla and CB, we must filter out some internal variables before handing over the POST data $badbadvars = array('userid', 'method_name', 'usage', 'processor', 'recurring', 'currency', 'amount', 'invoice', 'id', 'gid'); foreach ($badbadvars as $badvar) { if (isset($var[$badvar])) { unset($var[$badvar]); } } if (empty($var['name']) && !empty($var['jform'])) { // Must be K2 $var['name'] = aecEscape($var['jform']['name'], array('string', 'clear_nonalnum')); unset($var['jform']); } $_POST = $var; $var['username'] = aecEscape($var['username'], array('string', 'badchars')); $savepwd = aecEscape($var['password'], array('string', 'badchars')); if (aecComponentHelper::detect_component('anyCB')) { // This is a CB registration, borrowing their code to save the user if ($internal && !aecComponentHelper::detect_component('CBE')) { include_once JPATH_SITE . '/components/com_acctexp/lib/codeofshame/cbregister.php'; if (empty($_POST['firstname']) && !empty($_POST['name'])) { $name = metaUser::_explodeName($_POST['name']); $_POST['firstname'] = $name['first']; if (empty($name['last'])) { $_POST['lastname'] = $name['first']; } else { $_POST['lastname'] = $name['last']; } } $_POST['password__verify'] = $_POST['password2']; unset($_POST['password2']); @saveRegistrationNOCHECKSLOL('com_acctexp'); } else { @saveRegistration('com_acctexp'); $cbreply = ob_get_contents(); $indicator = '<script type="text/javascript">alert(\''; $alertstart = strpos($cbreply, $indicator); // Emergency fallback if ($alertstart !== false) { ob_clean(); $alertend = strpos($cbreply, '\'); </script>', $alertstart); $alert = substr($cbreply, $alertstart + strlen($indicator), $alertend - $alertstart - strlen($indicator)); if ($aecConfig->cfg['plans_first']) { aecErrorAlert($alert, $action = 'window.history.go(-2);'); } else { aecErrorAlert($alert, $action = 'window.history.go(-3);'); } } } } elseif (aecComponentHelper::detect_component('JUSER')) { // This is a JUSER registration, borrowing their code to save the user saveRegistration('com_acctexp'); $query = 'SELECT `id`' . ' FROM #__users' . ' WHERE `username` = \'' . $var['username'] . '\''; $db->setQuery($query); $uid = $db->loadResult(); JUser::saveUser_ext($uid); //synchronize dublicate user data $query = 'SELECT `id`' . ' FROM #__juser_integration' . ' WHERE `published` = \'1\'' . ' AND `export_status` = \'1\''; $db->setQuery($query); $components = $db->loadObjectList(); if (!empty($components)) { foreach ($components as $component) { $synchronize = require_integration($component->id); $synchronize->synchronizeFrom($uid); } } } elseif (aecComponentHelper::detect_component('JOMSOCIAL') && !$overrideJS) { } else { $data = array('username' => $var['username'], 'password' => $var['password'], 'password2' => $var['password2'], 'email' => $var['email'], 'name' => $var['name']); if (isset($var['jform']['profile'])) { $data['profile'] = $var['jform']['profile']; } if (defined('JPATH_MANIFESTS')) { $params = JComponentHelper::getParams('com_users'); // Initialise the table with JUser. JUser::getTable('User', 'JTable'); $user = new JUser(); // Prepare the data for the user object. $useractivation = $params->get('useractivation'); // Check if the user needs to activate their account. if (($useractivation == 1 || $useractivation == 2) && !$overrideActivation) { jimport('joomla.user.helper'); $data['activation'] = xJ::getHash(); $data['block'] = 1; } $usersConfig = JComponentHelper::getParams('com_users'); $system = $usersConfig->get('new_usertype', 2); $data['groups'][] = $system; // Bind the data. if (!$user->bind($data)) { JError::raiseWarning(500, JText::sprintf('COM_USERS_REGISTRATION_BIND_FAILED', $user->getError())); return false; } // Load the users plugin group. JPluginHelper::importPlugin('users'); // Store the data. if (!$user->save()) { JError::raiseWarning(500, JText::sprintf('COM_USERS_REGISTRATION_SAVE_FAILED', $user->getError())); return false; } } else { // This is a joomla registration, borrowing their code to save the user // Check for request forgeries if (!$internal) { JRequest::checkToken() or die('Invalid Token'); } // Get required system objects $user = clone JFactory::getUser(); //$pathway =& $app->getPathway(); $config = JFactory::getConfig(); $authorize = JFactory::getACL(); $document = JFactory::getDocument(); // If user registration is not allowed, show 403 not authorized. $usersConfig = JComponentHelper::getParams('com_users'); if ($usersConfig->get('allowUserRegistration') == '0') { JError::raiseError(403, JText::_('Access Forbidden')); return; } // Initialize new usertype setting $newUsertype = $usersConfig->get('new_usertype'); if (!$newUsertype) { $newUsertype = 'Registered'; } // Bind the post array to the user object if (!$user->bind($data)) { JError::raiseError(500, $user->getError()); unset($_POST); subscribe('com_acctexp'); return false; } // Set some initial user values $user->set('id', 0); $user->set('usertype', ''); $user->set('gid', $authorize->get_group_id('', $newUsertype, 'ARO')); $user->set('sendEmail', 0); $user->set('registerDate', date('Y-m-d H:i:s', (int) gmdate('U'))); // If user activation is turned on, we need to set the activation information $useractivation = $usersConfig->get('useractivation'); if ($useractivation == '1' && !$overrideActivation) { jimport('joomla.user.helper'); $user->set('activation', md5(JUserHelper::genRandomPassword())); $user->set('block', '1'); } // If there was an error with registration, set the message and display form if (!$user->save()) { JError::raiseWarning('', JText::_($user->getError())); echo JText::_($user->getError()); return false; } } $row = $user; $name = $row->name; $email = $row->email; $username = $row->username; $subject = sprintf(JText::_('AEC_SEND_SUB'), $name, $app->getCfg('sitename')); $subject = html_entity_decode($subject, ENT_QUOTES, 'UTF-8'); $usersConfig = JComponentHelper::getParams('com_users'); $activation = $usersConfig->get('useractivation'); if ($activation > 0 && !$overrideActivation) { $atext = JText::_('AEC_USEND_MSG_ACTIVATE'); if (defined('JPATH_MANIFESTS')) { $activation_link = JURI::root() . 'index.php?option=com_users&task=registration.activate&token=' . $row->activation; if ($activation == 2) { $atext = JText::_('COM_USERS_MSG_ADMIN_ACTIVATE'); } } else { $activation_link = JURI::root() . 'index.php?option=com_user&task=activate&activation=' . $row->activation; } $message = sprintf($atext, $name, $app->getCfg('sitename'), $activation_link, JURI::root(), $username, $savepwd); } else { $message = sprintf(JText::_('AEC_USEND_MSG'), $name, $app->getCfg('sitename'), JURI::root()); } $message = html_entity_decode($message, ENT_QUOTES, 'UTF-8'); // check if Global Config `mailfrom` and `fromname` values exist if ($app->getCfg('mailfrom') != '' && $app->getCfg('fromname') != '') { $adminName2 = $app->getCfg('fromname'); $adminEmail2 = $app->getCfg('mailfrom'); } else { // use email address and name of first superadmin for use in email sent to user $rows = xJACLhandler::getSuperAdmins(); $row2 = $rows[0]; $adminName2 = $row2->name; $adminEmail2 = $row2->email; } // Send email to user if (!($aecConfig->cfg['nojoomlaregemails'] || $overrideEmails)) { xJ::sendMail($adminEmail2, $adminEmail2, $email, $subject, $message); } // Send notification to all administrators $aecUser = AECToolbox::aecIP(); $subject2 = sprintf(JText::_('AEC_SEND_SUB'), $name, $app->getCfg('sitename')); $message2 = sprintf(JText::_('AEC_ASEND_MSG_NEW_REG'), $adminName2, $app->getCfg('sitename'), $row->name, $email, $username, $aecUser['ip'], $aecUser['isp']); $subject2 = html_entity_decode($subject2, ENT_QUOTES, 'UTF-8'); $message2 = html_entity_decode($message2, ENT_QUOTES, 'UTF-8'); // get email addresses of all admins and superadmins set to recieve system emails $admins = AECToolbox::getAdminEmailList(); foreach ($admins as $adminemail) { if (!empty($adminemail)) { xJ::sendMail($adminEmail2, $adminEmail2, $adminemail, $subject2, $message2); } } } ob_clean(); // We need the new userid, so we're fetching it from the newly created entry here $query = 'SELECT `id`' . ' FROM #__users' . ' WHERE `username` = \'' . $var['username'] . '\''; $db->setQuery($query); return $db->loadResult(); }
function aecEscape($value, $safe_params) { if (is_array($value)) { $array = array(); foreach ($value as $k => $v) { $array[$k] = aecEscape($v, $safe_params); } return $array; } $regex = "#{aecjson}(.*?){/aecjson}#s"; // find all instances of json code $matches = array(); preg_match_all($regex, $value, $matches, PREG_SET_ORDER); if (count($matches)) { $value = str_replace($matches, array(''), $value); } if (get_magic_quotes_gpc()) { $return = stripslashes($value); } else { $return = $value; } if (in_array('clear_nonemail', $safe_params)) { if (strpos($value, '@') === false) { if (!in_array('clear_nonalnum', $safe_params)) { // This is not a valid email adress to begin with, so strip everything hazardous $safe_params[] = 'clear_nonalnum'; } } else { $array = explode('@', $return, 2); $username = preg_replace('/[^a-z0-9._+-]+/i', '', $array[0]); $domain = preg_replace('/[^a-z0-9.-]+/i', '', $array[1]); $return = $username . '@' . $domain; } } if (in_array('clear_nonalnumwhitespace', $safe_params)) { $return = preg_replace("/[^a-z0-9\\s@._+-]/i", '', $return); } if (in_array('clear_nonalnum', $safe_params)) { $return = preg_replace("/[^a-z0-9@._+-]/i", '', $return); } if (in_array('clear_nonslug', $safe_params)) { $return = preg_replace("/[^a-z0-9_-]/i", '', $return); } if (!empty($safe_params)) { foreach ($safe_params as $param) { $r = $return; switch ($param) { case 'word': $e = strpos($return, ' '); if ($e !== false) { $r = substr($return, 0, $e); } break; case 'badchars': $r = preg_replace("#[<>\"'%;()&]#i", '', $return); break; case 'int': $r = (int) $return; break; case 'bool': $r = (bool) $return; break; case 'string': $r = (string) $return; break; case 'float': $r = (double) $return; break; } $return = $r; } } $db = JFactory::getDBO(); return xJ::escape($db, $return); }