/** * AJAX script for checking if a new username is valid. */ function username_check_script() { header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past header('Content-Type: text/plain'); require_code('ocf_members_action'); require_code('ocf_members_action2'); require_lang('ocf'); $username = trim(get_param('username', false, true)); $password = either_param('password', NULL); if (!is_null($password)) { $password = trim($password); } $error = ocf_check_name_valid($username, NULL, $password, true); if (!is_null($error)) { $error->evaluate_echo(); } }
function handle_facebook_connection_login($current_logged_in_member) { if (!class_exists('ocp_tempcode')) { return NULL; } if (is_guest($current_logged_in_member)) { $current_logged_in_member = NULL; // We are not a normal cookie login so ocPortal has loaded up a Guest session already in the expectation of keeping it. Unsetting it will force a rebind (existing session may be reused though) require_code('users_inactive_occasionals'); set_session_id(-1); } // If already session-logged-in onto a Facebook account, don't bother doing anything if (!is_null($current_logged_in_member) && $GLOBALS['FORUM_DRIVER']->get_member_row_field($current_logged_in_member, 'm_password_compat_scheme') == 'facebook') { return $current_logged_in_member; } // Who is this user, from Facebook's point of view? global $FACEBOOK_CONNECT; $facebook_uid = $FACEBOOK_CONNECT->getUser(); if (is_null($facebook_uid)) { return $current_logged_in_member; } try { $details = $FACEBOOK_CONNECT->api('/me'); } catch (Exception $e) { return $current_logged_in_member; } $details2 = $FACEBOOK_CONNECT->api('/me', array('fields' => 'picture', 'type' => 'normal')); if (!is_array($details) || !is_array($details2)) { return $current_logged_in_member; } $details = array_merge($details, $details2); if (!isset($details['name'])) { return $current_logged_in_member; } $username = $details['name']; $photo_url = array_key_exists('picture', $details) ? $details['picture'] : ''; if (is_array($photo_url)) { $photo_url = $photo_url['data']['url']; } if ($photo_url != '') { $photo_url = 'http://graph.facebook.com/' . strval($facebook_uid) . '/picture?type=large'; // In case URL changes } $avatar_url = $photo_url == '' ? mixed() : $photo_url; $photo_thumb_url = ''; if ($photo_url != '') { $photo_thumb_url = $photo_url; } $email_address = array_key_exists('email', $details) ? $details['email'] : ''; $timezone = mixed(); if (isset($details['timezone'])) { require_code('temporal'); $timezone = convert_timezone_offset_to_formal_timezone($details['timezone']); } $language = mixed(); if (isset($details['locale'])) { $language = strtoupper($details['locale']); } if ($language !== NULL) { if (!file_exists(get_custom_file_base() . '/lang_custom/' . $language)) { $language = preg_replace('#\\_.*$#', '', $language); if (!file_exists(get_custom_file_base() . '/lang_custom/' . $language)) { $language = ''; } } } $dob = array_key_exists('birthday', $details) ? $details['birthday'] : ''; $dob_day = mixed(); $dob_month = mixed(); $dob_year = mixed(); if ($dob != '') { $_dob = explode('/', $dob); $dob_day = intval($_dob[1]); $dob_month = intval($_dob[0]); $dob_year = intval($_dob[2]); } // See if they have logged in before - i.e. have a synched account $member_row = $GLOBALS['FORUM_DB']->query_select('f_members', array('*'), array('m_password_compat_scheme' => 'facebook', 'm_pass_hash_salted' => $facebook_uid), 'ORDER BY id DESC', 1); $member = array_key_exists(0, $member_row) ? $member_row[0]['id'] : NULL; if (is_guest($member)) { $member = NULL; } /*if (!is_null($member)) // Useful for debugging { require_code('ocf_members_action2'); ocf_delete_member($member); $member=NULL; }*/ // If logged in before using Facebook, see if they've changed their name or email or timezone on Facebook -- if so, try and update locally to match if (!is_null($member)) { if (!is_null($current_logged_in_member) && $current_logged_in_member !== NULL && !is_guest($current_logged_in_member) && $current_logged_in_member != $member) { return $current_logged_in_member; } // User has an active login, and the Facebook account is bound to a DIFFERENT login. Take precedence to the other login that is active on top of this $last_visit_time = $member[0]['m_last_visit_time']; if ($timezone !== NULL) { if (tz_time(time(), $timezone) == tz_time(time(), $member[0]['m_timezone_offset'])) { $timezone = $member[0]['m_timezone_offset']; } // If equivalent, don't change } $test = $GLOBALS['FORUM_DB']->query_value_null_ok('f_members', 'id', array('m_username' => $username)); if (!is_null($test)) { $update_map = array('m_username' => $username, 'm_dob_day' => $dob_day, 'm_dob_month' => $dob_month, 'm_dob_year' => $dob_year); if ($email_address != '') { $update_map['m_email_address'] = $email_address; } if ($avatar_url !== NULL && ($test == '' || strpos($test, 'facebook') !== false || strpos($test, 'fbcdn') !== false)) { if ($timezone !== NULL) { $update_map['m_timezone_offset'] = $timezone; } $update_map['m_avatar_url'] = $avatar_url; $update_map['m_photo_url'] = $photo_url; $update_map['m_photo_thumb_url'] = $photo_thumb_url; } $GLOBALS['FORUM_DB']->query_update('f_members', $update_map, array('m_password_compat_scheme' => 'facebook', 'm_pass_hash_salted' => strval($facebook_uid)), '', 1); if ($username != $member[0]['m_username']) { // Fix cacheing for usernames $to_fix = array('f_forums/f_cache_last_username', 'f_posts/p_poster_name_if_guest', 'f_topics/t_cache_first_username', 'f_topics/t_cache_last_username'); foreach ($to_fix as $fix) { list($table, $field) = explode('/', $fix); $GLOBALS['FORUM_DB']->query_update($table, array($field => $username), array($field => $member[0]['m_username'])); } } } } // Not logged in before using Facebook, so we need to create an account, or bind to the active ocPortal login if there is one $in_a_sane_place = get_page_name() != 'login' && (running_script('index') || running_script('execute_temp')); // If we're in some weird script, or the login module UI, it's not a sane place, don't be doing account creation yet if (is_null($member) && $in_a_sane_place) { // Bind to existing ocPortal login? if (!is_null($current_logged_in_member)) { /*if (post_param_integer('associated_confirm',0)==0) Won't work because Facebook is currently done in JS and cookies force this. If user wishes to cancel they must go to http://www.facebook.com/settings?tab=applications and remove the app, then run a lost password reset. { $title=get_page_title('LOGIN_FACEBOOK_HEADER'); $message=do_lang_tempcode('LOGGED_IN_SURE_FACEBOOK',escape_html($GLOBALS['FORUM_DRIVER']->get_username($current_logged_in_member))); $middle=do_template('YESNO_SCREEN',array('TITLE'=>$title,'TEXT'=>$message,'HIDDEN'=>form_input_hidden('associated_confirm','1'),'URL'=>get_self_url_easy())); $tpl=globalise($middle,NULL,'',true); $tpl->evaluate_echo(); exit(); }*/ $GLOBALS['FORUM_DB']->query_update('f_members', array('m_password_compat_scheme' => 'facebook', 'm_pass_hash_salted' => $facebook_uid), array('id' => $current_logged_in_member), '', 1); require_code('site'); require_lang('facebook'); attach_message(do_lang_tempcode('FACEBOOK_ACCOUNT_CONNECTED', escape_html(get_site_name()), escape_html($GLOBALS['FORUM_DRIVER']->get_username($current_logged_in_member)), array(escape_html($username))), 'inform'); return $current_logged_in_member; } // If we're still here, we have to create a new account... // ------------------------------------------------------- $completion_form_submitted = post_param('email_address', '') != ''; // If there's a conflicting username, we may need to change it (suffix a number) require_code('ocf_members_action2'); $username = get_username_from_human_name($username); // Ask ocP to finish off the profile from the information presented in the POST environment (a standard mechanism in ocPortal, for third party logins of various kinds) require_lang('ocf'); require_code('ocf_members'); require_code('ocf_groups'); require_code('ocf_members2'); require_code('ocf_members_action'); $_custom_fields = ocf_get_all_custom_fields_match(ocf_get_all_default_groups(true), NULL, NULL, NULL, 1); if (!$completion_form_submitted && count($_custom_fields) != 0 && get_value('no_finish_profile') !== '1') { $GLOBALS['FACEBOOK_FINISHING_PROFILE'] = true; $middle = ocf_member_external_linker_ask($username, 'facebook', $email_address, $dob_day, $dob_month, $dob_year); $tpl = globalise($middle, NULL, '', true); $tpl->evaluate_echo(); exit; } else { $username = post_param('username', $username); if (count($_custom_fields) != 0 && get_value('no_finish_profile') !== '1') { // Was not auto-generated, so needs to be checked ocf_check_name_valid($username, NULL, NULL); } $member = ocf_member_external_linker($username, $facebook_uid, 'facebook', false, $email_address, $dob_day, $dob_month, $dob_year, $timezone, $language, $avatar_url, $photo_url, $photo_thumb_url); } } if (!is_null($member)) { require_code('users_inactive_occasionals'); create_session($member, 1, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1'); // This will mark it as confirmed } return $member; }
/** * Add a member. * * @param SHORT_TEXT The username. * @param SHORT_TEXT The password. * @param SHORT_TEXT The e-mail address. * @param ?array A list of usergroups (NULL: default/current usergroups). * @param ?integer Day of date of birth (NULL: unknown). * @param ?integer Month of date of birth (NULL: unknown). * @param ?integer Year of date of birth (NULL: unknown). * @param array A map of custom field values (field-id=>value). * @param ?ID_TEXT The member timezone (NULL: auto-detect). * @param ?GROUP The member's primary (NULL: default). * @param BINARY Whether the profile has been validated. * @param ?TIME When the member joined (NULL: now). * @param ?TIME When the member last visited (NULL: now). * @param ID_TEXT The member's default theme. * @param ?URLPATH The URL to the member's avatar (blank: none) (NULL: choose one automatically). * @param LONG_TEXT The member's signature (blank: none). * @param BINARY Whether the member is permanently banned. * @param BINARY Whether posts are previewed before they are made. * @param BINARY Whether the member's age may be shown. * @param SHORT_TEXT The member's title (blank: get from primary). * @param URLPATH The URL to the member's photo (blank: none). * @param URLPATH The URL to the member's photo thumbnail (blank: none). * @param BINARY Whether the member sees signatures in posts. * @param ?BINARY Whether the member automatically is enabled for notifications for content they contribute to (NULL: get default from config). * @param ?LANGUAGE_NAME The member's language (NULL: auto detect). * @param BINARY Whether the member allows e-mails via the site. * @param BINARY Whether the member allows e-mails from staff via the site. * @param LONG_TEXT Personal notes of the member. * @param ?IP The member's IP address (NULL: IP address of current user). * @param SHORT_TEXT The code required before the account becomes active (blank: already entered). * @param boolean Whether to check details for correctness. * @param ?ID_TEXT The compatibility scheme that the password operates in (blank: none) (NULL: none [meaning normal ocPortal salted style] or plain, depending on whether passwords are encrypted). * @param SHORT_TEXT The password salt (blank: password compatibility scheme does not use a salt / auto-generate). * @param BINARY Whether the member likes to view zones without menus, when a choice is available. * @param ?TIME The time the member last made a submission (NULL: set to now). * @param ?AUTO_LINK Force an ID (NULL: don't force an ID) * @param BINARY Whether the member username will be highlighted. * @param SHORT_TEXT Usergroups that may PT the member. * @param LONG_TEXT Rules that other members must agree to before they may start a PT with the member. * @return AUTO_LINK The ID of the new member. */ function ocf_make_member($username, $password, $email_address, $secondary_groups, $dob_day, $dob_month, $dob_year, $custom_fields, $timezone = NULL, $primary_group = NULL, $validated = 1, $join_time = NULL, $last_visit_time = NULL, $theme = '', $avatar_url = NULL, $signature = '', $is_perm_banned = 0, $preview_posts = 0, $reveal_age = 1, $title = '', $photo_url = '', $photo_thumb_url = '', $views_signatures = 1, $auto_monitor_contrib_content = NULL, $language = NULL, $allow_emails = 1, $allow_emails_from_staff = 1, $personal_notes = '', $ip_address = NULL, $validated_email_confirm_code = '', $check_correctness = true, $password_compatibility_scheme = NULL, $salt = '', $zone_wide = 1, $last_submit_time = NULL, $id = NULL, $highlighted_name = 0, $pt_allow = '*', $pt_rules_text = '') { if (is_null($auto_monitor_contrib_content)) { $auto_monitor_contrib_content = get_value('no_auto_notifications') === '1' ? 0 : 1; } if (is_null($password_compatibility_scheme)) { if (get_value('no_password_hashing') === '1') { $password_compatibility_scheme = 'plain'; } else { $password_compatibility_scheme = ''; } } if (is_null($language)) { $language = ''; } if (is_null($signature)) { $signature = ''; } if (is_null($title)) { $title = ''; } if (is_null($timezone)) { $timezone = get_site_timezone(); } if (is_null($allow_emails)) { $allow_emails = 1; } if (is_null($allow_emails_from_staff)) { $allow_emails_from_staff = 1; } if (is_null($personal_notes)) { $personal_notes = ''; } if (is_null($avatar_url)) { if ($GLOBALS['IN_MINIKERNEL_VERSION'] == 1 || !addon_installed('ocf_member_avatars')) { $avatar_url = ''; } else { if (get_option('random_avatars') == '1' && !running_script('stress_test_loader')) { require_code('themes2'); $codes = get_all_image_ids_type('ocf_default_avatars/default_set', false, $GLOBALS['FORUM_DB']); shuffle($codes); $results = array(); foreach ($codes as $code) { if (strpos($code, 'ocp_fanatic') !== false) { continue; } $count = $GLOBALS['FORUM_DB']->query_value_null_ok_full('SELECT SUM(m_cache_num_posts) FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_members WHERE ' . db_string_equal_to('m_avatar_url', find_theme_image($code, false, true))); if (is_null($count)) { $count = 0; } $results[$code] = $count; } @asort($results); // @'d as type checker fails for some odd reason $found_avatars = array_keys($results); $avatar_url = find_theme_image(array_shift($found_avatars), true, true); } if (is_null($avatar_url)) { $GLOBALS['SITE_DB']->query_delete('theme_images', array('id' => 'ocf_default_avatars/default', 'path' => '')); // In case failure cached, gets very confusing $avatar_url = find_theme_image('ocf_default_avatars/default', true, true); if (is_null($avatar_url)) { $avatar_url = ''; } } } } if ($check_correctness) { if (!in_array($password_compatibility_scheme, array('ldap', 'httpauth'))) { ocf_check_name_valid($username, NULL, $password_compatibility_scheme == '' ? $password : NULL); } if (!function_exists('has_actual_page_access') || !has_actual_page_access(get_member(), 'admin_ocf_join')) { require_code('type_validation'); if (!is_valid_email_address($email_address) && $email_address != '') { warn_exit(do_lang_tempcode('_INVALID_EMAIL_ADDRESS', escape_html($email_address))); } } } require_code('ocf_members'); require_code('ocf_groups'); if (is_null($last_submit_time)) { $last_submit_time = time(); } if (is_null($join_time)) { $join_time = time(); } if (is_null($last_visit_time)) { $last_visit_time = time(); } if (is_null($primary_group)) { $primary_group = get_first_default_group(); // This is members } if (is_null($secondary_groups)) { $secondary_groups = ocf_get_all_default_groups(false); } foreach ($secondary_groups as $_g_id => $g_id) { if ($g_id == $primary_group) { unset($secondary_groups[$_g_id]); } } if (is_null($ip_address)) { $ip_address = get_ip_address(); } if ($password_compatibility_scheme == '' && get_value('no_password_hashing') === '1') { $password_compatibility_scheme = 'plain'; $salt = ''; } if ($salt == '' && $password_compatibility_scheme == '') { $salt = produce_salt(); $password_salted = md5($salt . md5($password)); } else { $password_salted = $password; } // Supplement custom field values given with defaults, and check constraints $all_fields = list_to_map('id', ocf_get_all_custom_fields_match($secondary_groups)); require_code('fields'); foreach ($all_fields as $field) { $field_id = $field['id']; if (array_key_exists($field_id, $custom_fields)) { if ($check_correctness && $field[array_key_exists('cf_show_on_join_form', $field) ? 'cf_show_on_join_form' : 'cf_required'] == 0 && $field['cf_owner_set'] == 0 && !has_actual_page_access(get_member(), 'admin_ocf_join')) { access_denied('I_ERROR'); } } else { $custom_fields[$field_id] = ''; } } if (!addon_installed('unvalidated')) { $validated = 1; } $map = array('m_username' => $username, 'm_pass_hash_salted' => $password_salted, 'm_pass_salt' => $salt, 'm_theme' => $theme, 'm_avatar_url' => $avatar_url, 'm_validated' => $validated, 'm_validated_email_confirm_code' => $validated_email_confirm_code, 'm_cache_num_posts' => 0, 'm_cache_warnings' => 0, 'm_max_email_attach_size_mb' => 5, 'm_join_time' => $join_time, 'm_timezone_offset' => $timezone, 'm_primary_group' => $primary_group, 'm_last_visit_time' => $last_visit_time, 'm_last_submit_time' => $last_submit_time, 'm_signature' => insert_lang_comcode($signature, 4, $GLOBALS['FORUM_DB']), 'm_is_perm_banned' => $is_perm_banned, 'm_preview_posts' => $preview_posts, 'm_notes' => $personal_notes, 'm_dob_day' => $dob_day, 'm_dob_month' => $dob_month, 'm_dob_year' => $dob_year, 'm_reveal_age' => $reveal_age, 'm_email_address' => $email_address, 'm_title' => $title, 'm_photo_url' => $photo_url, 'm_photo_thumb_url' => $photo_thumb_url, 'm_views_signatures' => $views_signatures, 'm_auto_monitor_contrib_content' => $auto_monitor_contrib_content, 'm_highlighted_name' => $highlighted_name, 'm_pt_allow' => $pt_allow, 'm_pt_rules_text' => insert_lang_comcode($pt_rules_text, 4, $GLOBALS['FORUM_DB']), 'm_language' => $language, 'm_ip_address' => $ip_address, 'm_zone_wide' => $zone_wide, 'm_allow_emails' => $allow_emails, 'm_allow_emails_from_staff' => $allow_emails_from_staff, 'm_password_change_code' => '', 'm_password_compat_scheme' => $password_compatibility_scheme, 'm_on_probation_until' => NULL); if (!is_null($id)) { $map['id'] = $id; } $member_id = $GLOBALS['FORUM_DB']->query_insert('f_members', $map, true); if ($check_correctness) { // If it was an invite/recommendation, award the referrer if (addon_installed('recommend')) { $inviter = $GLOBALS['FORUM_DB']->query_value_null_ok('f_invites', 'i_inviter', array('i_email_address' => $email_address), 'ORDER BY i_time'); if (!is_null($inviter)) { if (addon_installed('points')) { require_code('points2'); require_lang('recommend'); system_gift_transfer(do_lang('RECOMMEND_SITE_TO', $username, get_site_name()), intval(get_option('points_RECOMMEND_SITE')), $inviter); } if (addon_installed('chat')) { require_code('chat2'); buddy_add($inviter, $member_id); buddy_add($member_id, $inviter); } } } } $value = mixed(); // Store custom fields $row = array('mf_member_id' => $member_id); $all_fields_types = collapse_2d_complexity('id', 'cf_type', $all_fields); foreach ($custom_fields as $field_num => $value) { if (!array_key_exists($field_num, $all_fields_types)) { continue; } // Trying to set a field we're not allowed to (doesn't apply to our group) $ob = get_fields_hook($all_fields_types[$field_num]); list(, , $storage_type) = $ob->get_field_value_row_bits($all_fields[$field_num]); if (strpos($storage_type, '_trans') !== false) { $value = insert_lang($value, 3, $GLOBALS['FORUM_DB']); } $row['field_' . strval($field_num)] = $value; } // Set custom field row $all_fields_regardless = $GLOBALS['FORUM_DB']->query_select('f_custom_fields', array('id', 'cf_type')); foreach ($all_fields_regardless as $field) { if (!array_key_exists('field_' . strval($field['id']), $row)) { $ob = get_fields_hook($field['cf_type']); list(, , $storage_type) = $ob->get_field_value_row_bits($field); $value = ''; if (strpos($storage_type, '_trans') !== false) { $value = insert_lang($value, 3, $GLOBALS['FORUM_DB']); } $row['field_' . strval($field['id'])] = $value; } } $GLOBALS['FORUM_DB']->query_insert('f_member_custom_fields', $row); // Any secondary work foreach ($secondary_groups as $g) { if ($g != $primary_group) { $GLOBALS['FORUM_DB']->query_delete('f_group_members', array('gm_member_id' => $member_id, 'gm_group_id' => $g), '', 1); $GLOBALS['FORUM_DB']->query_insert('f_group_members', array('gm_group_id' => $g, 'gm_member_id' => $member_id, 'gm_validated' => 1)); } } if ($check_correctness) { if (function_exists('decache')) { decache('side_stats'); } } return $member_id; }
/** * Edit a member. * * @param AUTO_LINK The ID of the member. * @param ?SHORT_TEXT The e-mail address. (NULL: don't change) * @param ?BINARY Whether posts are previewed before they are made. (NULL: don't change) * @param ?integer Day of date of birth. (NULL: don't change) (-1: deset) * @param ?integer Month of date of birth. (NULL: don't change) (-1: deset) * @param ?integer Year of date of birth. (NULL: don't change) (-1: deset) * @param ?ID_TEXT The member timezone. (NULL: don't change) * @param ?GROUP The members primary (NULL: don't change). * @param array A map of custom fields values (field-id=>value). * @param ?ID_TEXT The members default theme. (NULL: don't change) * @param ?BINARY Whether the members age may be shown. (NULL: don't change) * @param ?BINARY Whether the member sees signatures in posts. (NULL: don't change) * @param ?BINARY Whether the member automatically is enabled for notifications for content they contribute to. (NULL: don't change) * @param ?LANGUAGE_NAME The members language. (NULL: don't change) * @param ?BINARY Whether the member allows e-mails via the site. (NULL: don't change) * @param ?BINARY Whether the member allows e-mails from staff via the site. (NULL: don't change) * @param ?BINARY Whether the profile has been validated (NULL: do not change this). (NULL: don't change) * @param ?string The username. (NULL: don't change) * @param ?string The password. (NULL: don't change) * @param ?BINARY Whether the member likes to view zones without menus, when a choice is available. (NULL: don't change) * @param ?BINARY Whether the member username will be highlighted. (NULL: don't change) * @param ?SHORT_TEXT Usergroups that may PT the member. (NULL: don't change) * @param ?LONG_TEXT Rules that other members must agree to before they may start a PT with the member. (NULL: don't change) * @param ?TIME When the member is on probation until (NULL: don't change) * @param ?TIME When the member joined (NULL: don't change) * @param ?URLPATH Avatar (NULL: don't change) * @param ?LONG_TEXT Signature (NULL: don't change) * @param ?BINARY Banned status (NULL: don't change) * @param ?URLPATH Photo URL (NULL: don't change) * @param ?URLPATH URL of thumbnail of photo (NULL: don't change) * @param ?SHORT_TEXT Password salt (NULL: don't change) * @param ?ID_TEXT Password compatibility scheme (NULL: don't change) * @param boolean Whether to skip security checks and most of the change-triggered emails */ function ocf_edit_member($member_id, $email_address, $preview_posts, $dob_day, $dob_month, $dob_year, $timezone, $primary_group, $custom_fields, $theme, $reveal_age, $views_signatures, $auto_monitor_contrib_content, $language, $allow_emails, $allow_emails_from_staff, $validated = NULL, $username = NULL, $password = NULL, $zone_wide = 1, $highlighted_name = NULL, $pt_allow = '*', $pt_rules_text = '', $on_probation_until = NULL, $join_time = NULL, $avatar_url = NULL, $signature = NULL, $is_perm_banned = NULL, $photo_url = NULL, $photo_thumb_url = NULL, $salt = NULL, $password_compatibility_scheme = NULL, $skip_checks = false) { require_code('type_validation'); if (!$skip_checks) { $old_email_address = $GLOBALS['OCF_DRIVER']->get_member_row_field($member_id, 'm_email_address'); if (!is_null($email_address) && ($email_address != '' || $old_email_address != '' && !has_specific_permission(get_member(), 'member_maintenance')) && !is_valid_email_address($email_address)) { warn_exit(do_lang_tempcode('_INVALID_EMAIL_ADDRESS', escape_html($email_address))); } } if (!is_null($username) && $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id, 'm_password_compat_scheme') != 'remote') { if (!$skip_checks) { ocf_check_name_valid($username, $member_id, $password); require_code('urls2'); suggest_new_idmoniker_for('members', 'view', strval($member_id), $username); } } // Supplement custom field values given with defaults, and check constraints $all_fields = ocf_get_all_custom_fields_match($GLOBALS['OCF_DRIVER']->get_members_groups($member_id)); foreach ($all_fields as $field) { $field_id = $field['id']; if (array_key_exists($field_id, $custom_fields)) { if (!$skip_checks) { if ($field['cf_public_view'] == 0 && $member_id != get_member() && !has_specific_permission(get_member(), 'view_any_profile_field')) { access_denied('I_ERROR'); } if ($field['cf_owner_view'] == 0 && $member_id == get_member() && !has_specific_permission(get_member(), 'view_any_profile_field')) { access_denied('I_ERROR'); } if ($field['cf_owner_set'] == 0 && $member_id == get_member() && !has_specific_permission(get_member(), 'view_any_profile_field')) { access_denied('I_ERROR'); } } } } // Set custom profile field values $all_fields_types = collapse_2d_complexity('id', 'cf_type', $all_fields); $changes = array(); foreach ($custom_fields as $field => $value) { if (!array_key_exists($field, $all_fields_types)) { continue; } // Trying to set a field we're not allowed to (doesn't apply to our group) $change = ocf_set_custom_field($member_id, $field, $value, $all_fields_types[$field], true); if (!is_null($change)) { $changes = array_merge($changes, $change); } } if (count($changes) != 0) { $GLOBALS['FORUM_DB']->query_update('f_member_custom_fields', $changes, array('mf_member_id' => $member_id), '', 1); } $old_primary_group = $GLOBALS['OCF_DRIVER']->get_member_row_field($member_id, 'm_primary_group'); $_pt_rules_text = $GLOBALS['OCF_DRIVER']->get_member_row_field($member_id, 'm_pt_rules_text'); $_signature = $GLOBALS['OCF_DRIVER']->get_member_row_field($member_id, 'm_signature'); $update = array(); if (!is_null($theme)) { $update['m_theme'] = $theme; } if (!is_null($preview_posts)) { $update['m_preview_posts'] = $preview_posts; } if (!is_null($dob_day)) { $update['m_dob_day'] = $dob_day == -1 ? NULL : $dob_day; } if (!is_null($dob_month)) { $update['m_dob_month'] = $dob_month == -1 ? NULL : $dob_month; } if (!is_null($dob_year)) { $update['m_dob_year'] = $dob_year == -1 ? NULL : $dob_year; } if (!is_null($timezone)) { $update['m_timezone_offset'] = $timezone; } if (!is_null($reveal_age)) { $update['m_reveal_age'] = $reveal_age; } if (!is_null($email_address)) { $update['m_email_address'] = $email_address; } if (!is_null($views_signatures)) { $update['m_views_signatures'] = $views_signatures; } if (!is_null($auto_monitor_contrib_content)) { $update['m_auto_monitor_contrib_content'] = $auto_monitor_contrib_content; } if (!is_null($language)) { $update['m_language'] = $language; } if (!is_null($allow_emails)) { $update['m_allow_emails'] = $allow_emails; } if (!is_null($allow_emails_from_staff)) { $update['m_allow_emails_from_staff'] = $allow_emails_from_staff; } if (!is_null($zone_wide)) { $update['m_zone_wide'] = $zone_wide; } if (!is_null($pt_allow)) { $update['m_pt_allow'] = $pt_allow; } if (!is_null($pt_rules_text)) { $update['m_pt_rules_text'] = lang_remap_comcode($_pt_rules_text, $pt_rules_text, $GLOBALS['FORUM_DB']); } if ($skip_checks || has_specific_permission(get_member(), 'probate_members')) { $update['m_on_probation_until'] = $on_probation_until; } if (!is_null($join_time)) { $update['m_join_time'] = $join_time; } if (!is_null($avatar_url)) { $update['m_avatar_url'] = $avatar_url; } if (!is_null($signature)) { $update['m_signature'] = lang_remap_comcode($_signature, $signature, $GLOBALS['FORUM_DB']); } if (!is_null($is_perm_banned)) { $update['m_is_perm_banned'] = $is_perm_banned; } if (!is_null($photo_url)) { $update['m_photo_url'] = $photo_url; } if (!is_null($photo_thumb_url)) { $update['m_photo_thumb_url'] = $photo_thumb_url; } $old_username = $GLOBALS['OCF_DRIVER']->get_member_row_field($member_id, 'm_username'); if (!is_null($username) && $username != $old_username && ($skip_checks || has_actual_page_access(get_member(), 'admin_ocf_join') || has_specific_permission($member_id, 'rename_self'))) { $update['m_username'] = $username; // Reassign personal galleries if (addon_installed('galleries')) { require_lang('galleries'); $personal_galleries = $GLOBALS['SITE_DB']->query('SELECT fullname,parent_id FROM ' . get_table_prefix() . 'galleries WHERE name LIKE \'member_' . strval($member_id) . '_%\''); foreach ($personal_galleries as $gallery) { $parent_title = get_translated_text($GLOBALS['SITE_DB']->query_value('galleries', 'fullname', array('name' => $gallery['parent_id']))); if (get_translated_text($gallery['fullname']) == do_lang('PERSONAL_GALLERY_OF', $old_username, $parent_title)) { lang_remap($gallery['fullname'], do_lang('PERSONAL_GALLERY_OF', $username, $parent_title), $GLOBALS['FORUM_DB']); } } } require_code('notifications'); $subject = do_lang('USERNAME_CHANGED_MAIL_SUBJECT', $username, $old_username, NULL, get_lang($member_id)); $mail = do_lang('USERNAME_CHANGED_MAIL', comcode_escape(get_site_name()), comcode_escape($username), comcode_escape($old_username), get_lang($member_id)); dispatch_notification('ocf_username_changed', NULL, $subject, $mail, array($member_id)); $subject = do_lang('STAFF_USERNAME_CHANGED_MAIL_SUBJECT', $username, $old_username, NULL, get_site_default_lang()); $mail = do_lang('STAFF_USERNAME_CHANGED_MAIL', comcode_escape(get_site_name()), comcode_escape($username), comcode_escape($old_username), get_site_default_lang()); dispatch_notification('ocf_username_changed_staff', NULL, $subject, $mail); // Fix cacheing for usernames $to_fix = array('f_forums/f_cache_last_username', 'f_posts/p_poster_name_if_guest', 'f_topics/t_cache_first_username', 'f_topics/t_cache_last_username'); foreach ($to_fix as $fix) { list($table, $field) = explode('/', $fix); $GLOBALS['FORUM_DB']->query_update($table, array($field => $username), array($field => $old_username)); } } if (!is_null($password)) { if (is_null($password_compatibility_scheme) && get_value('no_password_hashing') === '1') { $password_compatibility_scheme = 'plain'; $update['m_password_change_code'] = ''; $salt = ''; } if (!is_null($salt) || !is_null($password_compatibility_scheme)) { if (!is_null($salt)) { $update['m_pass_salt'] = $salt; } if (!is_null($password_compatibility_scheme)) { $update['m_password_compat_scheme'] = $password_compatibility_scheme; } $update['m_pass_hash_salted'] = $password; } else { $update['m_password_change_code'] = ''; $salt = $GLOBALS['OCF_DRIVER']->get_member_row_field($member_id, 'm_pass_salt'); $update['m_pass_hash_salted'] = md5($salt . md5($password)); $update['m_password_compat_scheme'] = ''; } if (!$skip_checks) { $part_b = ''; if (!has_actual_page_access(get_member(), 'admin_ocf_join')) { $part_b = do_lang('PASSWORD_CHANGED_MAIL_BODY_2', get_ip_address()); } $mail = do_lang('PASSWORD_CHANGED_MAIL_BODY', get_site_name(), $part_b, NULL, get_lang($member_id)); $old_email_address = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id, 'm_email_address'); if ($old_email_address != $email_address) { $GLOBALS['FORUM_DB']->query_update('f_invites', array('i_email_address' => $old_email_address), array('i_email_address' => $email_address)); } if ($member_id == get_member() || get_value('disable_password_change_mails_for_staff') !== '1') { if (get_page_name() != 'admin_ocf_join') { require_code('notifications'); dispatch_notification('ocf_password_changed', NULL, do_lang('PASSWORD_CHANGED_MAIL_SUBJECT', NULL, NULL, NULL, get_lang($member_id)), $mail, array($member_id), NULL, 2); } } } } if (!is_null($validated)) { $update['m_validated_email_confirm_code'] = ''; if (addon_installed('unvalidated')) { $update['m_validated'] = $validated; } } if (!is_null($highlighted_name)) { $update['m_highlighted_name'] = $highlighted_name; } if (!is_null($primary_group)) { $update['m_primary_group'] = $primary_group; } $old_validated = $GLOBALS['OCF_DRIVER']->get_member_row_field($member_id, 'm_validated'); $GLOBALS['FORUM_DB']->query_update('f_members', $update, array('id' => $member_id), '', 1); if (get_member() != $member_id) { log_it('EDIT_MEMBER_PROFILE', strval($member_id), $username); } if ($old_validated == 0 && $validated == 1) { require_code('mail'); $_login_url = build_url(array('page' => 'login'), get_module_zone('login'), NULL, false, false, true); $login_url = $_login_url->evaluate(); mail_wrap(do_lang('VALIDATED_MEMBER_SUBJECT', get_site_name(), NULL, get_lang($member_id)), do_lang('MEMBER_VALIDATED', get_site_name(), $username, $login_url, get_lang($member_id)), array($email_address), $username); } // Decache from run-time cache unset($GLOBALS['FORUM_DRIVER']->MEMBER_ROWS_CACHED[$member_id]); unset($GLOBALS['MEMBER_CACHE_FIELD_MAPPINGS'][$member_id]); unset($GLOBALS['TIMEZONE_MEMBER_CACHE'][$member_id]); unset($GLOBALS['USER_NAME_CACHE'][$member_id]); }
/** * Actualise the join form. * * @param boolean Whether to handle CAPTCHA (if enabled at all) * @param boolean Whether to ask for intro messages (if enabled at all) * @param boolean Whether to check for invites (if enabled at all) * @param boolean Whether to check email-address restrictions (if enabled at all) * @param boolean Whether to require staff confirmation (if enabled at all) * @param boolean Whether to force email address validation (if enabled at all) * @param boolean Whether to do COPPA checks (if enabled at all) * @param boolean Whether to instantly log the user in * @return array A tuple: Messages to show (currently nothing else in tuple) */ function ocf_join_actual($captcha_if_enabled = true, $intro_message_if_enabled = true, $invites_if_enabled = true, $one_per_email_address_if_enabled = true, $confirm_if_enabled = true, $validate_if_enabled = true, $coppa_if_enabled = true, $instant_login = false) { ocf_require_all_forum_stuff(); require_css('ocf'); require_code('ocf_members_action'); require_code('ocf_members_action2'); // Read in data $username = trim(post_param('username')); ocf_check_name_valid($username, NULL, NULL, true); // Adjusts username if needed $password = trim(post_param('password')); $password_confirm = trim(post_param('password_confirm')); if ($password != $password_confirm) { warn_exit(make_string_tempcode(escape_html(do_lang('PASSWORD_MISMATCH')))); } $confirm_email_address = post_param('email_address_confirm', NULL); $email_address = trim(post_param('email_address')); if (!is_null($confirm_email_address)) { if (trim($confirm_email_address) != $email_address) { warn_exit(make_string_tempcode(escape_html(do_lang('EMAIL_ADDRESS_MISMATCH')))); } } require_code('type_validation'); if (!is_valid_email_address($email_address)) { warn_exit(do_lang_tempcode('INVALID_EMAIL_ADDRESS')); } if ($invites_if_enabled) { if (get_option('is_on_invites') == '1') { $test = $GLOBALS['FORUM_DB']->query_value_null_ok('f_invites', 'i_inviter', array('i_email_address' => $email_address, 'i_taken' => 0)); if (is_null($test)) { warn_exit(do_lang_tempcode('NO_INVITE')); } } $GLOBALS['FORUM_DB']->query_update('f_invites', array('i_taken' => 1), array('i_email_address' => $email_address, 'i_taken' => 0), '', 1); } $dob_day = post_param_integer('dob_day', NULL); $dob_month = post_param_integer('dob_month', NULL); $dob_year = post_param_integer('dob_year', NULL); $reveal_age = post_param_integer('reveal_age', 0); $timezone = post_param('timezone', get_users_timezone()); $language = post_param('language', get_site_default_lang()); $allow_emails = post_param_integer('allow_emails', 0); $allow_emails_from_staff = post_param_integer('allow_emails_from_staff', 0); $groups = ocf_get_all_default_groups(true); // $groups will contain the built in default primary group too (it is not $secondary_groups) $primary_group = post_param_integer('primary_group', NULL); if ($primary_group !== NULL && !in_array($primary_group, $groups)) { // Check security $test = $GLOBALS['FORUM_DB']->query_value('f_groups', 'g_is_presented_at_install', array('id' => $primary_group)); if ($test == 1) { $groups = ocf_get_all_default_groups(false); // Get it so it does not include the built in default primary group $groups[] = $primary_group; // And add in the *chosen* primary group } else { $primary_group = NULL; } } else { $primary_group = NULL; } if ($primary_group === NULL) { $primary_group = get_first_default_group(); } $custom_fields = ocf_get_all_custom_fields_match($groups, NULL, NULL, NULL, NULL, NULL, NULL, 0, true); $actual_custom_fields = ocf_read_in_custom_fields($custom_fields); // Check that the given address isn't already used (if one_per_email_address on) $member_id = NULL; if ($one_per_email_address_if_enabled) { if (get_option('one_per_email_address') == '1') { $test = $GLOBALS['FORUM_DB']->query_select('f_members', array('id', 'm_username'), array('m_email_address' => $email_address), '', 1); if (array_key_exists(0, $test)) { if ($test[0]['m_username'] != $username) { $reset_url = build_url(array('page' => 'lostpassword', 'email_address' => $email_address), get_module_zone('lostpassword')); warn_exit(do_lang_tempcode('EMAIL_ADDRESS_IN_USE', escape_html(get_site_name()), escape_html($reset_url->evaluate()))); } $member_id = $test[0]['id']; } } } if ($captcha_if_enabled) { if (addon_installed('captcha')) { require_code('captcha'); enforce_captcha(); } } if (addon_installed('ldap')) { require_code('ocf_ldap'); if (ocf_is_ldap_member_potential($username)) { warn_exit(do_lang_tempcode('DUPLICATE_JOIN_AUTH')); } } // Add member $skip_confirm = get_option('skip_email_confirm_join') == '1'; if (!$confirm_if_enabled) { $skip_confirm = true; } $validated_email_confirm_code = $skip_confirm ? '' : strval(mt_rand(1, 32000)); $require_new_member_validation = get_option('require_new_member_validation') == '1'; if (!$validate_if_enabled) { $require_new_member_validation = false; } $coppa = get_option('is_on_coppa') == '1' && utctime_to_usertime(time() - mktime(0, 0, 0, $dob_month, $dob_day, $dob_year)) / 31536000.0 < 13.0; if (!$coppa_if_enabled) { $coppa = false; } $validated = $require_new_member_validation || $coppa ? 0 : 1; if (is_null($member_id)) { $member_id = ocf_make_member($username, $password, $email_address, $groups, $dob_day, $dob_month, $dob_year, $actual_custom_fields, $timezone, $primary_group, $validated, time(), time(), '', NULL, '', 0, get_option('default_preview_guests') == '1' ? 1 : 0, $reveal_age, '', '', '', 1, get_value('no_auto_notifications') === '1' ? 0 : 1, $language, $allow_emails, $allow_emails_from_staff, '', get_ip_address(), $validated_email_confirm_code, true, '', ''); } // Send confirm mail if (!$skip_confirm) { $zone = get_module_zone('join'); if ($zone != '') { $zone .= '/'; } $_url = build_url(array('page' => 'join', 'type' => 'step4', 'email' => $email_address, 'code' => $validated_email_confirm_code), $zone, NULL, false, false, true); $url = $_url->evaluate(); $_url_simple = build_url(array('page' => 'join', 'type' => 'step4'), $zone, NULL, false, false, true); $url_simple = $_url_simple->evaluate(); $redirect = get_param('redirect', ''); if ($redirect != '') { $url .= '&redirect=' . ocp_url_encode($redirect); } $message = do_lang('OCF_SIGNUP_TEXT', comcode_escape(get_site_name()), comcode_escape($url), array($url_simple, $email_address, $validated_email_confirm_code), $language); require_code('mail'); if (!$coppa) { mail_wrap(do_lang('CONFIRM_EMAIL_SUBJECT', get_site_name(), NULL, NULL, $language), $message, array($email_address), $username, '', '', 3, NULL, false, NULL, false, false, false, 'MAIL', true); } } // Send COPPA mail if ($coppa) { $fields_done = do_lang('THIS_WITH_COMCODE', do_lang('USERNAME'), $username) . "\n\n"; foreach ($custom_fields as $custom_field) { if ($custom_field['cf_type'] != 'upload') { $fields_done .= do_lang('THIS_WITH_COMCODE', $custom_field['trans_name'], post_param('custom_' . $custom_field['id'] . '_value')) . "\n"; } } $_privacy_url = build_url(array('page' => 'privacy'), '_SEARCH', NULL, false, false, true); $privacy_url = $_privacy_url->evaluate(); $message = do_lang('COPPA_MAIL', comcode_escape(get_option('site_name')), comcode_escape(get_option('privacy_fax')), array(comcode_escape(get_option('privacy_postal_address')), comcode_escape($fields_done), comcode_escape($privacy_url)), $language); require_code('mail'); mail_wrap(do_lang('COPPA_JOIN_SUBJECT', $username, get_site_name(), NULL, $language), $message, array($email_address), $username); } // Send 'validate this member' notification if ($require_new_member_validation) { require_code('notifications'); $_validation_url = build_url(array('page' => 'members', 'type' => 'view', 'id' => $member_id), get_module_zone('members'), NULL, false, false, true, 'tab__edit'); $validation_url = $_validation_url->evaluate(); $message = do_lang('VALIDATE_NEW_MEMBER_MAIL', comcode_escape($username), comcode_escape($validation_url), comcode_escape(strval($member_id)), get_site_default_lang()); dispatch_notification('ocf_member_needs_validation', NULL, do_lang('VALIDATE_NEW_MEMBER_SUBJECT', $username, NULL, NULL, get_site_default_lang()), $message, NULL, A_FROM_SYSTEM_PRIVILEGED); } // Send new member notification require_code('notifications'); $_member_url = build_url(array('page' => 'members', 'type' => 'view', 'id' => $member_id), get_module_zone('members'), NULL, false, false, true); $member_url = $_member_url->evaluate(); $message = do_lang('NEW_MEMBER_NOTIFICATION_MAIL', comcode_escape($username), comcode_escape(get_site_name()), array(comcode_escape($member_url), comcode_escape(strval($member_id))), get_site_default_lang()); dispatch_notification('ocf_new_member', NULL, do_lang('NEW_MEMBER_NOTIFICATION_MAIL_SUBJECT', $username, get_site_name(), NULL, get_site_default_lang()), $message, NULL, A_FROM_SYSTEM_PRIVILEGED); // Intro post if ($intro_message_if_enabled) { $forum_id = get_option('intro_forum_id'); if ($forum_id != '') { if (!is_numeric($forum_id)) { $_forum_id = $GLOBALS['FORUM_DB']->query_value_null_ok('f_forums', 'id', array('f_name' => $forum_id)); if (is_null($_forum_id)) { $forum_id = strval(db_get_first_id()); } else { $forum_id = strval($_forum_id); } } $intro_title = post_param('intro_title', ''); $intro_post = post_param('intro_post', ''); if ($intro_post != '') { require_code('ocf_topics_action'); if ($intro_title == '') { $intro_title = do_lang('INTRO_POST_DEFAULT', $username); } $topic_id = ocf_make_topic(intval($forum_id)); require_code('ocf_posts_action'); ocf_make_post($topic_id, $intro_title, $intro_post, 0, true, NULL, 0, NULL, NULL, NULL, $member_id); } } } // Alert user to situation $message = new ocp_tempcode(); if ($coppa) { if (!$skip_confirm) { $message->attach(do_lang_tempcode('OCF_WAITING_CONFIRM_MAIL')); } $message->attach(do_lang_tempcode('OCF_WAITING_CONFIRM_MAIL_COPPA')); } elseif ($require_new_member_validation) { if (!$skip_confirm) { $message->attach(do_lang_tempcode('OCF_WAITING_CONFIRM_MAIL')); } $message->attach(do_lang_tempcode('OCF_WAITING_CONFIRM_MAIL_VALIDATED', escape_html(get_custom_base_url()))); } elseif ($skip_confirm) { if ($instant_login) { require_code('users_active_actions'); handle_active_login($username); $message->attach(do_lang_tempcode('OCF_LOGIN_AUTO')); } else { $_login_url = build_url(array('page' => 'login', 'redirect' => get_param('redirect', NULL)), get_module_zone('login')); $login_url = $_login_url->evaluate(); $message->attach(do_lang_tempcode('OCF_LOGIN_INSTANT', escape_html($login_url))); } } else { if (!$skip_confirm) { $message->attach(do_lang_tempcode('OCF_WAITING_CONFIRM_MAIL')); } $message->attach(do_lang_tempcode('OCF_WAITING_CONFIRM_MAIL_INSTANT')); } $message = protect_from_escaping($message); return array($message); }