Example #1
0
 /**
  * Direct access to field for custom operations, like for Ajax
  *
  * WARNING: direct unchecked access, except if $user is set, then check
  * that the logged-in user has rights to edit that $user.
  *
  * @param  FieldTable  $field
  * @param  UserTable   $user
  * @param  array       $postdata
  * @param  string      $reason     'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches
  * @return string                  Expected output.
  */
 public function fieldClass(&$field, &$user, &$postdata, $reason)
 {
     global $_CB_framework, $_CB_database, $ueConfig, $_GET;
     parent::fieldClass($field, $user, $postdata, $reason);
     // Performs spoof check
     $function = cbGetParam($_GET, 'function', '');
     $valid = true;
     $message = null;
     if ($function == 'checkvalue' || $function == 'testexists') {
         $emailChecker = $field->params->get('field_check_email', 0);
         if ($emailChecker && ($reason == 'edit' || $reason == 'register')) {
             $email = stripslashes(cbGetParam($postdata, 'value', ''));
             $emailConfirmation = $field->name == 'email' && $ueConfig['reg_confirmation'];
             foreach ($field->getTableColumns() as $col) {
                 if (!$user || strtolower(trim($email)) != strtolower(trim($user->{$col}))) {
                     if (!$this->validate($field, $user, $col, $email, $postdata, $reason)) {
                         global $_PLUGINS;
                         $valid = false;
                         $message = $_PLUGINS->getErrorMSG('<br />');
                     } else {
                         // Advanced:
                         if ($emailChecker == 2) {
                             $query = 'SELECT COUNT(*)' . "\n FROM " . $_CB_database->NameQuote($field->table);
                             if ($_CB_database->isDbCollationCaseInsensitive()) {
                                 $query .= "\n WHERE " . $_CB_database->NameQuote($col) . " = " . $_CB_database->Quote(trim($email));
                             } else {
                                 $query .= "\n WHERE LOWER( " . $_CB_database->NameQuote($col) . " ) = " . $_CB_database->Quote(strtolower(trim($email)));
                             }
                             $_CB_database->setQuery($query);
                             $exists = $_CB_database->loadResult();
                             if ($function == 'testexists') {
                                 if ($exists) {
                                     $message = CBTxt::Th('UE_EMAIL_EXISTS_ON_SITE', "The email '[email]' exists on this site.", array('[email]' => htmlspecialchars($email)));
                                 } else {
                                     $valid = false;
                                     $message = CBTxt::Th('UE_EMAIL_DOES_NOT_EXISTS_ON_SITE', "The email '[email]' does not exist on this site.", array('[email]' => htmlspecialchars($email)));
                                 }
                             } else {
                                 if ($exists) {
                                     $valid = false;
                                     $message = CBTxt::Th('UE_EMAIL_NOT_AVAILABLE', "The email '[email]' is already in use.", array('[email]' => htmlspecialchars($email)));
                                 } else {
                                     $message = CBTxt::Th('UE_EMAIL_AVAILABLE', "The email '[email]' is available.", array('[email]' => htmlspecialchars($email)));
                                 }
                             }
                         }
                         // Simple:
                         if ($function != 'testexists' && $valid) {
                             $checkResult = cbCheckMail($_CB_framework->getCfg('mailfrom'), $email);
                             switch ($checkResult) {
                                 case -2:
                                     // Wrong Format
                                     $valid = false;
                                     $message = CBTxt::Th('UE_EMAIL_NOVALID', 'This is not a valid email address.', array('[email]' => htmlspecialchars($email)));
                                     break;
                                 case -1:
                                     // Couldn't Check
                                     break;
                                 case 0:
                                     // Invalid
                                     $valid = false;
                                     if ($emailConfirmation) {
                                         $message = CBTxt::Th('UE_EMAIL_INCORRECT_CHECK_NEEDED', 'This address does not accept email: Needed for confirmation.', array('[email]' => htmlspecialchars($email)));
                                     } else {
                                         $message = CBTxt::Th('UE_EMAIL_INCORRECT_CHECK', 'This email does not accept email: Please check.', array('[email]' => htmlspecialchars($email)));
                                     }
                                     break;
                             }
                         }
                     }
                 }
             }
         }
     }
     return json_encode(array('valid' => $valid, 'message' => $message));
 }
 /**
  * Direct access to field for custom operations, like for Ajax
  *
  * WARNING: direct unchecked access, except if $user is set, then check
  * that the logged-in user has rights to edit that $user.
  *
  * @param  moscomprofilerFields  $field
  * @param  moscomprofilerUser    $user
  * @param  array                 $postdata
  * @param  string                $reason     'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches
  * @return string                            Expected output.
  */
 function fieldClass(&$field, &$user, &$postdata, $reason)
 {
     global $_CB_framework, $_CB_database, $ueConfig, $_GET;
     parent::fieldClass($field, $user, $postdata, $reason);
     // performs spoofcheck.
     if (($field->type == 'primaryemailaddress' && (isset($ueConfig['reg_email_checker']) && $ueConfig['reg_email_checker'] > 0) || $field->params->get('field_check_email', 0) || $_CB_framework->getUi() == 2) && ($reason == 'edit' || $reason == 'register')) {
         $function = cbGetParam($_GET, 'function', '');
         if ($function == 'checkvalue') {
             $email = stripslashes(cbGetParam($postdata, 'value', ''));
             $emailISO = CBTxt::utf8ToISO($email);
             // ajax sends in utf8, we need to convert back to the site's encoding.
             if ($field->type == 'primaryemailaddress' && ((isset($ueConfig['reg_email_checker']) ? $ueConfig['reg_email_checker'] > 1 : false) && ($reason == 'register' || $reason == 'edit' && $user && $emailISO != $user->email) || $_CB_framework->getUi() == 2)) {
                 if ($_CB_database->isDbCollationCaseInsensitive()) {
                     $query = "SELECT COUNT(*) AS result FROM #__users WHERE email = " . $_CB_database->Quote(trim($emailISO));
                 } else {
                     $query = "SELECT COUNT(*) AS result FROM #__users WHERE LOWER(email) = " . $_CB_database->Quote(strtolower(trim($emailISO)));
                 }
                 $_CB_database->setQuery($query);
                 $dataObj = null;
                 if ($_CB_database->loadObject($dataObj)) {
                     if ($function == 'testexists') {
                         if ($dataObj->result) {
                             return '<span class="cb_result_ok">' . sprintf(ISOtoUtf8(_UE_EMAIL_EXISTS_ON_SITE), htmlspecialchars($email)) . "</span>";
                         } else {
                             return '<span class="cb_result_error">' . sprintf(ISOtoUtf8(_UE_EMAIL_DOES_NOT_EXISTS_ON_SITE), htmlspecialchars($email)) . "</span>";
                         }
                     } else {
                         if ($dataObj->result) {
                             return '<span class="cb_result_error">' . sprintf(ISOtoUtf8(_UE_EMAIL_ALREADY_REGISTERED), htmlspecialchars($email)) . "</span>";
                         }
                     }
                 }
             }
             if ($function == 'testexists') {
                 return ISOtoUtf8(_UE_NOT_AUTHORIZED);
             } else {
                 if ($reason == 'register' || $reason == 'edit' && $user && $emailISO != $user->email || $_CB_framework->getUi() == 2) {
                     $checkResult = cbCheckMail($_CB_framework->getCfg('mailfrom'), $emailISO);
                 } else {
                     return '<span class="cb_result_info">' . sprintf(ISOtoUtf8(CBTxt::T("No changes.")), htmlspecialchars($email)) . "</span>";
                 }
             }
             switch ($checkResult) {
                 case -2:
                     return '<span class="cb_result_error">' . sprintf(ISOtoUtf8(_UE_EMAIL_NOVALID), htmlspecialchars($email)) . "</span>";
                     break;
                 case -1:
                     return '<span class="cb_result_warning">' . sprintf(ISOtoUtf8(_UE_EMAIL_COULD_NOT_CHECK), htmlspecialchars($email)) . "</span>";
                     break;
                 case 0:
                     if ($ueConfig['reg_confirmation'] == 0) {
                         return '<span class="cb_result_error">' . sprintf(ISOtoUtf8(_UE_EMAIL_INCORRECT_CHECK), htmlspecialchars($email)) . "</span>";
                     } else {
                         return '<span class="cb_result_error">' . sprintf(ISOtoUtf8(_UE_EMAIL_INCORRECT_CHECK_NEEDED), htmlspecialchars($email)) . "</span>";
                     }
                     break;
                 case 1:
                     return '<span class="cb_result_ok">' . sprintf(ISOtoUtf8(_UE_EMAIL_VERIFIED), htmlspecialchars($email)) . "</span>";
                     break;
                 default:
                     return '<span class="cb_result_error">' . sprintf(CBTxt::T('Unexpected cbCheckMail result: %s'), $checkResult) . '.</span>';
                     break;
             }
         }
         return null;
     } else {
         return ISOtoUtf8(_UE_NOT_AUTHORIZED);
     }
 }
Example #3
0
/**
 * Ajax function: Checks the availability of a username for registration and echoes a text containing the result of username search.
 *
 * @param string $username
 */
function performCheckEmail( $email, $function ) {
	global $_CB_framework, $_CB_database, $ueConfig;

	if ( ( ! isset( $ueConfig['reg_email_checker'] ) ) || ( ! $ueConfig['reg_email_checker'] ) ) {
		echo ISOtoUtf8( _UE_NOT_AUTHORIZED );
		exit();
	}
	// simple spoof check security
	if ( ( ! cbSpoofCheck( 'registerForm', 'POST', 2 ) ) || ( ! cbRegAntiSpamCheck( 2 ) ) ) {
		echo '<span class="cb_result_error">' . ISOtoUtf8( _UE_SESSION_EXPIRED ) . "</span>";
		exit;
	}

	$email		=	stripslashes( $email );
	$emailISO 	=	utf8ToISO( $email );				// ajax sends in utf8, we need to convert back to the site's encoding.

	if ( $ueConfig['reg_email_checker'] > 1 ) {
		if ( $_CB_database->isDbCollationCaseInsensitive() ) {
			$query	=	"SELECT COUNT(*) AS result FROM #__users WHERE email = " . $_CB_database->Quote( ( trim( $emailISO ) ) );
		} else {
			$query	=	"SELECT COUNT(*) AS result FROM #__users WHERE LOWER(email) = " . $_CB_database->Quote( ( strtolower( trim( $emailISO ) ) ) );
		}
		$_CB_database->setQuery($query);
		$dataObj	=	null;
		if ( $_CB_database->loadObject( $dataObj ) ) {
			if ( $function == 'testexists' ) {
				if ( $dataObj->result ) {
					echo '<span class="cb_result_ok">' . sprintf( ISOtoUtf8( _UE_EMAIL_EXISTS_ON_SITE ), htmlspecialchars( $email ) ) . "</span>";
					return;
				} else {
					echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_DOES_NOT_EXISTS_ON_SITE ), htmlspecialchars( $email ) ) . "</span>";
					return;
				}
			} else {
				if ( $dataObj->result ) {
					echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_ALREADY_REGISTERED ), htmlspecialchars( $email ) ) . "</span>";
					return;
				}
			}
		}
	}
	if ( $function == 'testexists' ) {
		echo ISOtoUtf8( _UE_NOT_AUTHORIZED );
		return;
	} else {
		$checkResult	=	cbCheckMail( $_CB_framework->getCfg( 'mailfrom' ), $email );
	}
	switch ( $checkResult ) {
		case -2:
			echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_NOVALID ), htmlspecialchars( $email ) ) . "</span>";
			break;
		case -1:
			echo '<span class="cb_result_warning">' . sprintf( ISOtoUtf8( _UE_EMAIL_COULD_NOT_CHECK ), htmlspecialchars( $email ) ) . "</span>";
			break;
		case 0:
			if ( $ueConfig['reg_confirmation'] == 0 ) {
				echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_INCORRECT_CHECK ), htmlspecialchars( $email ) ) . "</span>";
			} else {
				echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_INCORRECT_CHECK_NEEDED ), htmlspecialchars( $email ) ) . "</span>";
			}
			break;
		case 1:
			echo '<span class="cb_result_ok">' . sprintf( ISOtoUtf8( _UE_EMAIL_VERIFIED ), htmlspecialchars( $email ) ) . "</span>";
			break;
		default:
			echo '<span class="cb_result_error">performCheckEmail:: Unexpected cbCheckMail result.</span>';
			break;
	}
}
Example #4
0
/**
 * Ajax function: Checks the availability of a username for registration and echoes a text containing the result of username search.
 *
 * @deprecated 2.0.0 use cbValidator::getRuleHtmlAttributes instead
 *
 * @param  string  $email
 * @param  string  $function
 */
function performCheckEmail($email, $function)
{
    global $_CB_framework, $_CB_database, $ueConfig;
    $field = new \CB\Database\Table\FieldTable();
    $field->load(array('name' => 'email'));
    $field->params = new \CBLib\Registry\Registry($field->params);
    if (!$field->params->get('field_check_email', 0)) {
        echo CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!');
        exit;
    }
    // simple spoof check security
    if (!cbSpoofCheck('registerForm', 'POST', 2) || !cbRegAntiSpamCheck(2)) {
        echo '<div class="alert alert-danger">' . CBTxt::Th('UE_SESSION_EXPIRED', 'Session expired or cookies are not enabled in your browser. Please press "reload page" in your browser, and enable cookies in your browser.') . "</div>";
        exit;
    }
    $email = stripslashes($email);
    $emailISO = $email;
    // ajax sends in utf8, but no need to change encoding anymore.
    if ($field->params->get('field_check_email', 0) > 1) {
        if ($_CB_database->isDbCollationCaseInsensitive()) {
            $query = "SELECT COUNT(*) AS result FROM #__users WHERE email = " . $_CB_database->Quote(trim($emailISO));
        } else {
            $query = "SELECT COUNT(*) AS result FROM #__users WHERE LOWER(email) = " . $_CB_database->Quote(strtolower(trim($emailISO)));
        }
        $_CB_database->setQuery($query);
        $dataObj = null;
        if ($_CB_database->loadObject($dataObj)) {
            /** @var StdClass $dataObj */
            if ($function == 'testexists') {
                if ($dataObj->result) {
                    echo '<div class="alert alert-success">' . CBTxt::Th('UE_EMAIL_EXISTS_ON_SITE', "The email '[email]' exists on this site.", array('[email]' => htmlspecialchars($email))) . "</div>";
                    return;
                } else {
                    echo '<div class="alert alert-danger">' . CBTxt::Th('UE_EMAIL_DOES_NOT_EXISTS_ON_SITE', "The email '[email]' does not exist on this site.", array('[email]' => htmlspecialchars($email))) . "</div>";
                    return;
                }
            } else {
                if ($dataObj->result) {
                    echo '<div class="alert alert-danger">' . CBTxt::Th('UE_EMAIL_NOT_AVAILABLE', "The email '[email]' is already in use.", array('[email]' => htmlspecialchars($email))) . "</div>";
                    return;
                }
            }
        }
    }
    if ($function == 'testexists') {
        echo CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!');
        return;
    } else {
        $checkResult = cbCheckMail($_CB_framework->getCfg('mailfrom'), $email);
    }
    switch ($checkResult) {
        case -2:
            // Wrong Format
            echo '<span class="alert alert-danger">' . sprintf(CBTxt::Th('UE_EMAIL_NOVALID', 'This is not a valid email address.')), htmlspecialchars($email) . "</span>";
            break;
        case -1:
            // Couldn't Check
            break;
        case 0:
            // Invalid
            if ($ueConfig['reg_confirmation'] == 0) {
                echo '<span class="alert alert-danger">' . sprintf(CBTxt::Th('UE_EMAIL_INCORRECT_CHECK', 'This email does not accept email: Please check.')), htmlspecialchars($email) . "</span>";
            } else {
                echo '<span class="alert alert-danger">' . sprintf(CBTxt::Th('UE_EMAIL_INCORRECT_CHECK_NEEDED', 'This address does not accept email: Needed for confirmation.')), htmlspecialchars($email) . "</span>";
            }
            break;
        case 1:
            // Valid
            echo '<span class="alert alert-success">' . sprintf(CBTxt::Th('UE_EMAIL_VERIFIED', 'This email address seems valid.')), htmlspecialchars($email) . "</span>";
            break;
        default:
            echo '<span class="alert alert-danger">performCheckEmail:: Unexpected cbCheckMail result.</span>';
            break;
    }
}