/**
* Apply whatever escaping is requested to the given value.
*
* @param array A list of escaping to do
* @param string The string to apply the escapings to
* @return string Output string
*/
function apply_tempcode_escaping_inline($escaped, $value)
{
global $HTML_ESCAPE_1_STRREP, $HTML_ESCAPE_2;
foreach (array_reverse($escaped) as $escape) {
if ($escape == ENTITY_ESCAPED) {
$value = str_replace($HTML_ESCAPE_1_STRREP, $HTML_ESCAPE_2, $value);
} elseif ($escape == FORCIBLY_ENTITY_ESCAPED) {
$value = str_replace($HTML_ESCAPE_1_STRREP, $HTML_ESCAPE_2, $value);
} elseif ($escape == SQ_ESCAPED) {
$value = str_replace(''', '\\'', str_replace('\'', '\\\'', str_replace('\\', '\\\\', $value)));
} elseif ($escape == DQ_ESCAPED) {
$value = str_replace('"', '\\"', str_replace('"', '\\"', str_replace('\\', '\\\\', $value)));
} elseif ($escape == NL_ESCAPED) {
$value = str_replace(chr(13), '', str_replace(chr(10), '', $value));
} elseif ($escape == NL2_ESCAPED) {
$value = str_replace(chr(13), '', str_replace(chr(10), '\\n', $value));
} elseif ($escape == CC_ESCAPED) {
$value = str_replace('[', '\\[', str_replace('\\', '\\\\', $value));
} elseif ($escape == UL_ESCAPED) {
$value = ocp_url_encode($value);
} elseif ($escape == UL2_ESCAPED) {
$value = rawurlencode($value);
} elseif ($escape == JSHTML_ESCAPED) {
$value = str_replace(']]>', ']]\'+\'>', str_replace('</', '<\\/', $value));
} elseif ($escape == ID_ESCAPED) {
$value = fix_id($value);
} elseif ($escape == CSS_ESCAPED) {
$value = preg_replace('#[^\\w\\#\\.\\-\\%]#', '_', $value);
} elseif ($escape == NAUGHTY_ESCAPED) {
$value = filter_naughty_harsh($value, true);
}
}
if ($GLOBALS['XSS_DETECT'] && $escaped != array()) {
ocp_mark_as_escaped($value);
}
return $value;
}
/**
* String to tack onto URL to keep 'keep_' parameters
*
* @param array Parameters passed to the symbol (0=whether this starts off the query string, 1=force session append even if it's also available a session cookie e.g. when put into download manager)
* @return string The result.
*/
function keep_symbol($param)
{
$value = '';
$get_vars = $_GET;
if (isset($param[1]) && $param[1] == '1' && is_null(get_bot_type()) && !array_key_exists('keep_session', $get_vars)) {
$get_vars['keep_session'] = strval(get_session_id());
}
if (count($get_vars) > 0) {
$first = false;
if (isset($param[0]) && $param[0] == '1') {
$first = true;
}
foreach ($get_vars as $key => $val) {
if (!is_string($key)) {
$key = strval($key);
}
if (get_magic_quotes_gpc() && is_string($val)) {
$val = stripslashes($val);
}
if (substr($key, 0, 5) == 'keep_' && strpos($key, '_expand_') === false && (!skippable_keep($key, $val) || $key == 'keep_session' && is_null(get_bot_type()) && isset($param[1]) && $param[1] == '1') && is_string($val)) {
$value .= ($first ? '?' : '&') . urlencode($key) . '=' . ocp_url_encode($val);
$first = false;
}
}
}
return $value;
}
/**
* Attempt to use mod_rewrite to improve this URL.
*
* @param ID_TEXT The name of the zone for this
* @param array A map of variables to include in our URL
* @param boolean Force inclusion of the index.php name into a short URL, so something may tack on extra parameters to the result here
* @return ?URLPATH The improved URL (NULL: couldn't do anything)
*/
function _url_rewrite_params($zone_name, $vars, $force_index_php = false)
{
global $URL_REMAPPINGS;
if ($URL_REMAPPINGS === NULL) {
$old_style = get_option('htm_short_urls') != '1';
require_code('url_remappings');
$URL_REMAPPINGS = get_remappings($old_style);
}
// Find mapping
foreach ($URL_REMAPPINGS as $_remapping) {
list($remapping, $target, $require_full_coverage) = $_remapping;
// if (count($remapping)!=$num_vars) continue;
$good = true;
$last_key_num = count($remapping);
$loop_cnt = 0;
foreach ($remapping as $key => $val) {
$loop_cnt++;
$last = $loop_cnt == $last_key_num;
if (!is_string($val) && $val !== NULL) {
$val = strval($val);
}
if (array_key_exists($key, $vars) && is_integer($vars[$key])) {
$vars[$key] = strval($vars[$key]);
}
if (!((isset($vars[$key]) || $val === NULL && $key == 'type' && array_key_exists('id', $vars)) && ($key != 'page' || $vars[$key] != '' || $val === '') && (!array_key_exists($key, $vars) || $vars[$key] != '' || !$last) && ($val === NULL || $vars[$key] == $val))) {
$good = false;
break;
}
}
if ($require_full_coverage) {
foreach ($_GET as $key => $val) {
if (!is_string($val)) {
continue;
}
if (substr($key, 0, 5) == 'keep_' && !skippable_keep($key, $val)) {
$good = false;
}
}
foreach ($vars as $key => $val) {
if (!array_key_exists($key, $remapping) && $val !== NULL && ($key != 'page' || $vars[$key] != '')) {
$good = false;
}
}
}
if ($good) {
// We've found one, now let's sort out the target
$makeup = $target;
if ($GLOBALS['DEBUG_MODE']) {
foreach ($vars as $key => $val) {
if (is_integer($val)) {
$vars[$key] = strval($val);
}
}
}
$extra_vars = array();
foreach (array_keys($remapping) as $key) {
if (!isset($vars[$key])) {
continue;
}
$val = $vars[$key];
unset($vars[$key]);
$makeup = str_replace(strtoupper($key), ocp_url_encode_mini($val, true), $makeup);
}
if (!$require_full_coverage) {
$extra_vars += $vars;
}
$makeup = str_replace('TYPE', 'misc', $makeup);
if ($makeup == '') {
$makeup .= get_zone_default_page($zone_name) . '.htm';
}
if ($extra_vars != array() || $force_index_php) {
if (get_option('htm_short_urls') != '1') {
$makeup .= '/index.php';
}
$first = true;
foreach ($extra_vars as $key => $val) {
if ($val === NULL) {
continue;
}
if (is_integer($key)) {
$key = strval($key);
}
if ($val === SELF_REDIRECT) {
$val = get_self_url(true, true);
}
$makeup .= ($first ? '?' : '&') . $key . '=' . ocp_url_encode($val, true);
$first = false;
}
}
return $makeup;
}
}
return NULL;
}
/**
* Actualise the join form.
*
* @param boolean Whether to handle CAPTCHA (if enabled at all)
* @param boolean Whether to ask for intro messages (if enabled at all)
* @param boolean Whether to check for invites (if enabled at all)
* @param boolean Whether to check email-address restrictions (if enabled at all)
* @param boolean Whether to require staff confirmation (if enabled at all)
* @param boolean Whether to force email address validation (if enabled at all)
* @param boolean Whether to do COPPA checks (if enabled at all)
* @param boolean Whether to instantly log the user in
* @return array A tuple: Messages to show (currently nothing else in tuple)
*/
function ocf_join_actual($captcha_if_enabled = true, $intro_message_if_enabled = true, $invites_if_enabled = true, $one_per_email_address_if_enabled = true, $confirm_if_enabled = true, $validate_if_enabled = true, $coppa_if_enabled = true, $instant_login = false)
{
ocf_require_all_forum_stuff();
require_css('ocf');
require_code('ocf_members_action');
require_code('ocf_members_action2');
// Read in data
$username = trim(post_param('username'));
ocf_check_name_valid($username, NULL, NULL, true);
// Adjusts username if needed
$password = trim(post_param('password'));
$password_confirm = trim(post_param('password_confirm'));
if ($password != $password_confirm) {
warn_exit(make_string_tempcode(escape_html(do_lang('PASSWORD_MISMATCH'))));
}
$confirm_email_address = post_param('email_address_confirm', NULL);
$email_address = trim(post_param('email_address'));
if (!is_null($confirm_email_address)) {
if (trim($confirm_email_address) != $email_address) {
warn_exit(make_string_tempcode(escape_html(do_lang('EMAIL_ADDRESS_MISMATCH'))));
}
}
require_code('type_validation');
if (!is_valid_email_address($email_address)) {
warn_exit(do_lang_tempcode('INVALID_EMAIL_ADDRESS'));
}
if ($invites_if_enabled) {
if (get_option('is_on_invites') == '1') {
$test = $GLOBALS['FORUM_DB']->query_value_null_ok('f_invites', 'i_inviter', array('i_email_address' => $email_address, 'i_taken' => 0));
if (is_null($test)) {
warn_exit(do_lang_tempcode('NO_INVITE'));
}
}
$GLOBALS['FORUM_DB']->query_update('f_invites', array('i_taken' => 1), array('i_email_address' => $email_address, 'i_taken' => 0), '', 1);
}
$dob_day = post_param_integer('dob_day', NULL);
$dob_month = post_param_integer('dob_month', NULL);
$dob_year = post_param_integer('dob_year', NULL);
$reveal_age = post_param_integer('reveal_age', 0);
$timezone = post_param('timezone', get_users_timezone());
$language = post_param('language', get_site_default_lang());
$allow_emails = post_param_integer('allow_emails', 0);
$allow_emails_from_staff = post_param_integer('allow_emails_from_staff', 0);
$groups = ocf_get_all_default_groups(true);
// $groups will contain the built in default primary group too (it is not $secondary_groups)
$primary_group = post_param_integer('primary_group', NULL);
if ($primary_group !== NULL && !in_array($primary_group, $groups)) {
// Check security
$test = $GLOBALS['FORUM_DB']->query_value('f_groups', 'g_is_presented_at_install', array('id' => $primary_group));
if ($test == 1) {
$groups = ocf_get_all_default_groups(false);
// Get it so it does not include the built in default primary group
$groups[] = $primary_group;
// And add in the *chosen* primary group
} else {
$primary_group = NULL;
}
} else {
$primary_group = NULL;
}
if ($primary_group === NULL) {
$primary_group = get_first_default_group();
}
$custom_fields = ocf_get_all_custom_fields_match($groups, NULL, NULL, NULL, NULL, NULL, NULL, 0, true);
$actual_custom_fields = ocf_read_in_custom_fields($custom_fields);
// Check that the given address isn't already used (if one_per_email_address on)
$member_id = NULL;
if ($one_per_email_address_if_enabled) {
if (get_option('one_per_email_address') == '1') {
$test = $GLOBALS['FORUM_DB']->query_select('f_members', array('id', 'm_username'), array('m_email_address' => $email_address), '', 1);
if (array_key_exists(0, $test)) {
if ($test[0]['m_username'] != $username) {
$reset_url = build_url(array('page' => 'lostpassword', 'email_address' => $email_address), get_module_zone('lostpassword'));
warn_exit(do_lang_tempcode('EMAIL_ADDRESS_IN_USE', escape_html(get_site_name()), escape_html($reset_url->evaluate())));
}
$member_id = $test[0]['id'];
}
}
}
if ($captcha_if_enabled) {
if (addon_installed('captcha')) {
require_code('captcha');
enforce_captcha();
}
}
if (addon_installed('ldap')) {
require_code('ocf_ldap');
if (ocf_is_ldap_member_potential($username)) {
warn_exit(do_lang_tempcode('DUPLICATE_JOIN_AUTH'));
}
}
// Add member
$skip_confirm = get_option('skip_email_confirm_join') == '1';
if (!$confirm_if_enabled) {
$skip_confirm = true;
}
$validated_email_confirm_code = $skip_confirm ? '' : strval(mt_rand(1, 32000));
$require_new_member_validation = get_option('require_new_member_validation') == '1';
if (!$validate_if_enabled) {
$require_new_member_validation = false;
}
$coppa = get_option('is_on_coppa') == '1' && utctime_to_usertime(time() - mktime(0, 0, 0, $dob_month, $dob_day, $dob_year)) / 31536000.0 < 13.0;
if (!$coppa_if_enabled) {
$coppa = false;
}
$validated = $require_new_member_validation || $coppa ? 0 : 1;
if (is_null($member_id)) {
$member_id = ocf_make_member($username, $password, $email_address, $groups, $dob_day, $dob_month, $dob_year, $actual_custom_fields, $timezone, $primary_group, $validated, time(), time(), '', NULL, '', 0, get_option('default_preview_guests') == '1' ? 1 : 0, $reveal_age, '', '', '', 1, get_value('no_auto_notifications') === '1' ? 0 : 1, $language, $allow_emails, $allow_emails_from_staff, '', get_ip_address(), $validated_email_confirm_code, true, '', '');
}
// Send confirm mail
if (!$skip_confirm) {
$zone = get_module_zone('join');
if ($zone != '') {
$zone .= '/';
}
$_url = build_url(array('page' => 'join', 'type' => 'step4', 'email' => $email_address, 'code' => $validated_email_confirm_code), $zone, NULL, false, false, true);
$url = $_url->evaluate();
$_url_simple = build_url(array('page' => 'join', 'type' => 'step4'), $zone, NULL, false, false, true);
$url_simple = $_url_simple->evaluate();
$redirect = get_param('redirect', '');
if ($redirect != '') {
$url .= '&redirect=' . ocp_url_encode($redirect);
}
$message = do_lang('OCF_SIGNUP_TEXT', comcode_escape(get_site_name()), comcode_escape($url), array($url_simple, $email_address, $validated_email_confirm_code), $language);
require_code('mail');
if (!$coppa) {
mail_wrap(do_lang('CONFIRM_EMAIL_SUBJECT', get_site_name(), NULL, NULL, $language), $message, array($email_address), $username, '', '', 3, NULL, false, NULL, false, false, false, 'MAIL', true);
}
}
// Send COPPA mail
if ($coppa) {
$fields_done = do_lang('THIS_WITH_COMCODE', do_lang('USERNAME'), $username) . "\n\n";
foreach ($custom_fields as $custom_field) {
if ($custom_field['cf_type'] != 'upload') {
$fields_done .= do_lang('THIS_WITH_COMCODE', $custom_field['trans_name'], post_param('custom_' . $custom_field['id'] . '_value')) . "\n";
}
}
$_privacy_url = build_url(array('page' => 'privacy'), '_SEARCH', NULL, false, false, true);
$privacy_url = $_privacy_url->evaluate();
$message = do_lang('COPPA_MAIL', comcode_escape(get_option('site_name')), comcode_escape(get_option('privacy_fax')), array(comcode_escape(get_option('privacy_postal_address')), comcode_escape($fields_done), comcode_escape($privacy_url)), $language);
require_code('mail');
mail_wrap(do_lang('COPPA_JOIN_SUBJECT', $username, get_site_name(), NULL, $language), $message, array($email_address), $username);
}
// Send 'validate this member' notification
if ($require_new_member_validation) {
require_code('notifications');
$_validation_url = build_url(array('page' => 'members', 'type' => 'view', 'id' => $member_id), get_module_zone('members'), NULL, false, false, true, 'tab__edit');
$validation_url = $_validation_url->evaluate();
$message = do_lang('VALIDATE_NEW_MEMBER_MAIL', comcode_escape($username), comcode_escape($validation_url), comcode_escape(strval($member_id)), get_site_default_lang());
dispatch_notification('ocf_member_needs_validation', NULL, do_lang('VALIDATE_NEW_MEMBER_SUBJECT', $username, NULL, NULL, get_site_default_lang()), $message, NULL, A_FROM_SYSTEM_PRIVILEGED);
}
// Send new member notification
require_code('notifications');
$_member_url = build_url(array('page' => 'members', 'type' => 'view', 'id' => $member_id), get_module_zone('members'), NULL, false, false, true);
$member_url = $_member_url->evaluate();
$message = do_lang('NEW_MEMBER_NOTIFICATION_MAIL', comcode_escape($username), comcode_escape(get_site_name()), array(comcode_escape($member_url), comcode_escape(strval($member_id))), get_site_default_lang());
dispatch_notification('ocf_new_member', NULL, do_lang('NEW_MEMBER_NOTIFICATION_MAIL_SUBJECT', $username, get_site_name(), NULL, get_site_default_lang()), $message, NULL, A_FROM_SYSTEM_PRIVILEGED);
// Intro post
if ($intro_message_if_enabled) {
$forum_id = get_option('intro_forum_id');
if ($forum_id != '') {
if (!is_numeric($forum_id)) {
$_forum_id = $GLOBALS['FORUM_DB']->query_value_null_ok('f_forums', 'id', array('f_name' => $forum_id));
if (is_null($_forum_id)) {
$forum_id = strval(db_get_first_id());
} else {
$forum_id = strval($_forum_id);
}
}
$intro_title = post_param('intro_title', '');
$intro_post = post_param('intro_post', '');
if ($intro_post != '') {
require_code('ocf_topics_action');
if ($intro_title == '') {
$intro_title = do_lang('INTRO_POST_DEFAULT', $username);
}
$topic_id = ocf_make_topic(intval($forum_id));
require_code('ocf_posts_action');
ocf_make_post($topic_id, $intro_title, $intro_post, 0, true, NULL, 0, NULL, NULL, NULL, $member_id);
}
}
}
// Alert user to situation
$message = new ocp_tempcode();
if ($coppa) {
if (!$skip_confirm) {
$message->attach(do_lang_tempcode('OCF_WAITING_CONFIRM_MAIL'));
}
$message->attach(do_lang_tempcode('OCF_WAITING_CONFIRM_MAIL_COPPA'));
} elseif ($require_new_member_validation) {
if (!$skip_confirm) {
$message->attach(do_lang_tempcode('OCF_WAITING_CONFIRM_MAIL'));
}
$message->attach(do_lang_tempcode('OCF_WAITING_CONFIRM_MAIL_VALIDATED', escape_html(get_custom_base_url())));
} elseif ($skip_confirm) {
if ($instant_login) {
require_code('users_active_actions');
handle_active_login($username);
$message->attach(do_lang_tempcode('OCF_LOGIN_AUTO'));
} else {
$_login_url = build_url(array('page' => 'login', 'redirect' => get_param('redirect', NULL)), get_module_zone('login'));
$login_url = $_login_url->evaluate();
$message->attach(do_lang_tempcode('OCF_LOGIN_INSTANT', escape_html($login_url)));
}
} else {
if (!$skip_confirm) {
$message->attach(do_lang_tempcode('OCF_WAITING_CONFIRM_MAIL'));
}
$message->attach(do_lang_tempcode('OCF_WAITING_CONFIRM_MAIL_INSTANT'));
}
$message = protect_from_escaping($message);
return array($message);
}
