/** * Process password forgotten * * @access public * @return void */ public function process() { $email_address = $this->input->post('email_address'); if (validate_email_address($email_address)) { //load model $this->load->model('account_model'); $data = $this->account_model->get_data($email_address); if ($data !== NULL) { $password = create_random_string(config('ACCOUNT_PASSWORD')); if ($this->account_model->save_password($data['customers_id'], $password)) { $this->load->library('email_template'); $email = $this->email_template->get_email_template('password_forgotten'); $email->set_data($data['customers_firstname'], $data['customers_lastname'], getenv('REMOTE_ADDR'), $password, $data['customers_gender'], $data['customers_email_address']); $email->build_message(); $email->send_email(); $this->message_stack->add_session('login', lang('success_password_forgotten_sent'), 'success'); redirect('account/login'); } } else { $this->message_stack->add('password_forgotten', lang('error_password_forgotten_no_email_address_found')); } } else { $this->message_stack->add('password_forgotten', lang('error_password_forgotten_no_email_address_found')); } $this->template->build('account/password_forgotten'); }
function content() { if (!user_logged_in()) { return must_log_in(); } $user = fetch_one_or_none('users', 'id', user_logged_in()); $errors = array(); if (array_key_exists('change', $_POST)) { if (!isset($_POST['email']) || !$_POST['email']) { $errors[] = "Please enter an email address"; } else { $email = $_POST['email']; if ($email && !validate_email_address($email)) { $errors[] = "Invalid email address"; } if (count($errors) == 0 && count(fetch_all('users', 'email_address', $email))) { $errors[] = "A user with this email address already exists"; } if (count($errors) == 0) { update_all('users', array('new_email_address' => $email), 'id', user_logged_in()); send_email_change_email($email, $user->name); ?> <p>We have sent an email to your new address requesting that you confirm that change of address.</p> <?php return; } } } $fields = array(); page_header('Change email address'); show_error_list($errors); ?> <form method="post" action="" accept-charset="UTF-8"> <div class="fieldrow"> <div class="field"> <label>Current address:</label> <div><tt><?php esc($user->email_address); ?> </tt></div> </div> </div> <div class="fieldrow"> <?php text_field($fields, 'email', 'New address'); ?> </div> <div class="fieldrow"> <input type="submit" name="change" value="Change"/> </div> </form> <?php }
/** * Set Data * * @access public * @return void */ function set_data($from_name, $from_email_address, $to_email_address, $message, $wishlist_url) { $this->from_name = $from_name; $this->from_email_address = $from_email_address; $this->to_email_address = $to_email_address; $this->message = $message; $this->wishlist_url = $wishlist_url; $emails = explode(',', $this->to_email_address); foreach ($emails as $email) { if (validate_email_address($email)) { $this->add_recipient('', $email); } } }
/** * Registers a user, returning false if the username already exists * * @param string $username The username of the new user * @param string $password The password * @param string $name The user's display name * @param string $email The user's email address * @param bool $allow_multiple_emails Allow the same email address to be * registered multiple times? * * @return int|false The new user's GUID; false on failure * @throws \RegistrationException */ function register($username, $password, $name, $email, $allow_multiple_emails = false) { // no need to trim password. $username = trim($username); $name = trim(strip_tags($name)); $email = trim($email); // A little sanity checking if (empty($username) || empty($password) || empty($name) || empty($email)) { return false; } // Make sure a user with conflicting details hasn't registered and been disabled $access_status = access_get_show_hidden_status(); access_show_hidden_entities(true); if (!validate_email_address($email)) { throw new \RegistrationException(_elgg_services()->translator->translate('registration:emailnotvalid')); } if (!validate_password($password)) { throw new \RegistrationException(_elgg_services()->translator->translate('registration:passwordnotvalid')); } if (!validate_username($username)) { throw new \RegistrationException(_elgg_services()->translator->translate('registration:usernamenotvalid')); } if ($user = get_user_by_username($username)) { throw new \RegistrationException(_elgg_services()->translator->translate('registration:userexists')); } if (!$allow_multiple_emails && get_user_by_email($email)) { throw new \RegistrationException(_elgg_services()->translator->translate('registration:dupeemail')); } access_show_hidden_entities($access_status); // Create user $user = new \ElggUser(); $user->username = $username; $user->email = $email; $user->name = $name; $user->access_id = ACCESS_PUBLIC; $user->setPassword($password); $user->owner_guid = 0; // Users aren't owned by anyone, even if they are admin created. $user->container_guid = 0; // Users aren't contained by anyone, even if they are admin created. $user->language = _elgg_services()->translator->getCurrentLanguage(); if ($user->save() === false) { return false; } // Turn on email notifications by default set_user_notification_setting($user->getGUID(), 'email', true); return $user->getGUID(); }
foreach ($_POST as $key => $value) { $_POST[$key] = remove_email_injection(trim($value)); } // Loop into required fields and make sure they match our needs foreach ($required_fields as $field) { // the field has been submitted? if (!array_key_exists($field, $_POST)) { array_push($validation, $field); } // check there is information in the field? if ($_POST[$field] == '') { array_push($validation, $field); } // validate the email address supplied if ($field == 'email') { if (!validate_email_address($_POST[$field])) { array_push($validation, $field); } } } // basic validation result if (count($validation) == 0) { // Prepare our content string $email_content = 'New Website Comment: ' . "\n\n"; // simple email content foreach ($_POST as $key => $value) { if ($key != 'submit') { $email_content .= $key . ': ' . $value . "\n"; } } // if validation passed ok then send the email
function content() { $errors = array(); if (array_key_exists('register', $_POST)) { $name = $_POST['name']; $email = $_POST['email']; $password = $_POST['password']; $password2 = $_POST['password2']; if (!$name || !$email || !$password || !$password2) { $errors[] = "Please fill in all the fields"; } if ($password && $password2 && $password != $password2) { $errors[] = "Passwords do not match"; $_POST['password'] = ''; $_POST['password2'] = ''; } if ($email && !validate_email_address($email)) { error_log("Invalid email address <{$email}> while registering"); $errors[] = "Invalid email address"; } if (count($errors) == 0 && count(fetch_all('users', 'email_address', $email))) { $errors[] = "A user with this email address already exists"; } if (count($errors) == 0) { $token = make_random_token(); $data = array('name' => $name, 'email_address' => $email, 'password_crypt' => crypt($password), 'date_registered' => date('Y-m-d H:i:s'), 'activation_token' => $token); insert_array_contents('users', $data); send_activation_email($email, $name, $token); ?> <h2>Account registered</h2> <p>An email has just been sent to the email address you supplied. This contains a link which you should follow to activate your account.</p> <?php return; } } page_header('Register for an account'); show_error_list($errors); ?> <form method="post" action="" accept-charset="UTF-8"> <div class="fieldrow"> <?php text_field($_POST, 'name', 'Name', 'publicly visible'); ?> </div> <div class="fieldrow"> <?php text_field($_POST, 'email', 'Email address'); ?> </div> <div class="fieldrow"> <div> <label for="password">Password</label> <input type="password" id="password" name="password" value="<?php esc($_POST['password']); ?> " /> </div> <div> <label for="password2">Confirm password</label> <input type="password" id="password2" name="password2" value="<?php esc($_POST['password2']); ?> " /> </div> </div> <div class="fieldrow"> <input type="submit" name="register" value="Register" /> </div> </form> <?php }
/** * Save billing form */ public function save_billing_form() { $data = array(); $errors = array(); $this->load->model('account_model'); //checkout method: 'register' or 'guest' $checkout_method = $this->input->post('checkout_method'); //if the customer is not logged on //check email if (!$this->customer->is_logged_on()) { $billing_email_address = $this->input->post('billing_email_address'); if ($billing_email_address === NULL || strlen(trim($billing_email_address)) < config('ACCOUNT_EMAIL_ADDRESS')) { $errors[] = sprintf(lang('field_customer_email_address_error'), config('ACCOUNT_EMAIL_ADDRESS')); } else { //validate email address if (!validate_email_address($billing_email_address)) { $errors[] = lang('field_customer_email_address_check_error'); } else { //check whether email exists $data = $this->account_model->get_data($billing_email_address); if ($data !== NULL) { $errors[] = lang('field_customer_email_address_exists_error'); } else { $data['email_address'] = $billing_email_address; } } } //if checkout method is 'register' then check the password $data['password'] = NULL; if ($checkout_method == 'register') { $billing_password = $this->input->post('billing_password'); $confirmation = $this->input->post('confirmation'); if ($billing_password === NULL || $billing_password !== NULL && strlen(trim($billing_password)) < config('ACCOUNT_PASSWORD')) { $errors[] = sprintf(lang('field_customer_password_error'), config('ACCOUNT_PASSWORD')); } elseif ($confirmation === NULL || $confirmation !== NULL && trim($billing_password) != trim($confirmation)) { $errors[] = lang('field_customer_password_mismatch_with_confirmation'); } else { $data['password'] = $billing_password; } } } //if the create_billing_address equals 1 then get the data $data['create_billing_address'] = $this->input->post('create_billing_address'); if ($data['create_billing_address'] == 'on') { //gender $billing_gender = $this->input->post('billing_gender'); if (config('ACCOUNT_GENDER') == '1') { if ($billing_gender == 'm' || $billing_gender == 'f') { $data['gender'] = $billing_gender; } else { $errors[] = lang('field_customer_gender_error'); } } else { $data['gender'] = $billing_gender !== NULL ? $billing_gender : 'm'; } //firstname $billing_firstname = $this->input->post('billing_firstname'); if ($billing_firstname !== NULL && strlen(trim($billing_firstname)) >= config('ACCOUNT_FIRST_NAME')) { $data['firstname'] = $billing_firstname; } else { $errors[] = sprintf(lang('field_customer_first_name_error'), config('ACCOUNT_FIRST_NAME')); } //lastname $billing_lastname = $this->input->post('billing_lastname'); if ($billing_lastname !== NULL && strlen(trim($billing_lastname)) >= config('ACCOUNT_LAST_NAME')) { $data['lastname'] = $billing_lastname; } else { $errors[] = sprintf(lang('field_customer_last_name_error'), config('ACCOUNT_LAST_NAME')); } //company if (config('ACCOUNT_COMPANY') > -1) { $billing_company = $this->input->post('billing_company'); if ($billing_company !== NULL && strlen(trim($billing_company)) >= config('ACCOUNT_COMPANY')) { $data['company'] = $billing_company; } else { $errors[] = sprintf(lang('field_customer_company_error'), config('ACCOUNT_COMPANY')); } } //street address $billing_street_address = $this->input->post('billing_street_address'); if ($billing_street_address !== NULL && strlen(trim($billing_street_address)) >= config('ACCOUNT_STREET_ADDRESS')) { $data['street_address'] = $billing_street_address; } else { $errors[] = sprintf(lang('field_customer_street_address_error'), config('ACCOUNT_STREET_ADDRESS')); } //suburb if (config('ACCOUNT_SUBURB') >= 0) { $billing_suburb = $this->input->post('billing_suburb'); if ($billing_suburb !== NULL && strlen(trim($billing_suburb)) >= config('ACCOUNT_SUBURB')) { $data['suburb'] = $billing_suburb; } else { $errors[] = sprintf(lang('field_customer_suburb_error'), config('ACCOUNT_SUBURB')); } } //postcode if (config('ACCOUNT_POST_CODE') > -1) { $billing_postcode = $this->input->post('billing_postcode'); if ($billing_postcode !== NULL && strlen(trim($billing_postcode)) >= config('ACCOUNT_POST_CODE')) { $data['postcode'] = $billing_postcode; } else { $errors[] = sprintf(lang('field_customer_post_code_error'), config('ACCOUNT_POST_CODE')); } } //city $billing_city = $this->input->post('billing_city'); if ($billing_city !== NULL && strlen(trim($billing_city)) >= config('ACCOUNT_CITY')) { $data['city'] = $billing_city; } else { $errors[] = sprintf(lang('field_customer_city_error'), config('ACCOUNT_CITY')); } //country $billing_country = $this->input->post('billing_country'); if ($billing_country !== NULL && is_numeric($billing_country) && $billing_country >= 1) { $data['country_id'] = $billing_country; } else { $errors[] = lang('field_customer_country_error'); } //states if (config('ACCOUNT_STATE') >= 0) { $this->load->model('address_model'); $billing_state = $this->input->post('billing_state'); if ($this->address_model->has_zones($billing_country)) { $zone_id = $this->address_model->get_zone_id($billing_country, $billing_state); if ($zone_id !== NULL) { $data['zone_id'] = $zone_id; } else { $errors[] = lang('field_customer_state_select_pull_down_error'); } } else { if (strlen(trim($billing_state)) >= config('ACCOUNT_STATE')) { $data['state'] = $billing_state; } else { $errors[] = sprintf(lang('field_customer_state_error'), config('ACCOUNT_STATE')); } } } else { if (strlen(trim($billing_state)) >= config('ACCOUNT_STATE')) { $data['state'] = $billing_state; } else { $errors[] = sprintf(lang('field_customer_state_error'), config('ACCOUNT_STATE')); } } //telephone if (config('ACCOUNT_TELEPHONE') >= 0) { $billing_telephone = $this->input->post('billing_telephone'); if ($billing_telephone !== NULL && strlen(trim($billing_telephone)) >= config('ACCOUNT_TELEPHONE')) { $data['telephone'] = $billing_telephone; } else { $errors[] = sprintf(lang('field_customer_telephone_number_error'), config('ACCOUNT_TELEPHONE')); } } //fax if (config('ACCOUNT_FAX') >= 0) { $billing_fax = $this->input->post('billing_fax'); if ($billing_fax !== NULL && strlen(trim($billing_fax)) >= config('ACCOUNT_FAX')) { $data['fax'] = $billing_fax; } else { $errors[] = sprintf(lang('field_customer_fax_number_error'), config('ACCOUNT_FAX')); } } } if (sizeof($errors) > 0) { $response = array('success' => FALSE, 'errors' => $errors); } else { $response = array('success' => TRUE); //set checkout method $data['checkout_method'] = $checkout_method; //if ship_to_this_address is on $data['ship_to_this_address'] = $this->input->post('ship_to_this_address'); if ($this->customer->is_logged_on()) { $data['email_address'] = $this->customer->get_email_address(); $data['password'] = ''; if ($data['create_billing_address'] !== NULL && $data['create_billing_address'] == 'on') { $this->shopping_cart->set_raw_billing_address($data); if ($data['ship_to_this_address'] == 'on') { $this->shopping_cart->set_raw_shipping_address($data); } } else { $billing_address_id = $this->input->post('sel_billing_address'); $this->shopping_cart->set_billing_address($billing_address_id); if ($data['ship_to_this_address'] == 'on') { $this->shopping_cart->set_shipping_address($billing_address_id); } } } else { $this->shopping_cart->set_raw_billing_address($data); if ($data['ship_to_this_address'] == 'on') { $this->shopping_cart->set_raw_shipping_address($data); } } } $this->output->set_output(json_encode($response)); }
/** * Registers a user, returning false if the username already exists * * @param string $username The username of the new user * @param string $password The password * @param string $name The user's display name * @param string $email Their email address * @param bool $allow_multiple_emails Allow the same email address to be registered multiple times? * @param int $friend_guid Optionally, GUID of a user this user will friend once fully registered * @return int|false The new user's GUID; false on failure */ function register_user($username, $password, $name, $email, $allow_multiple_emails = false, $friend_guid = 0, $invitecode = '') { // Load the configuration global $CONFIG; $username = trim($username); $password = trim($password); $name = trim($name); $email = trim($email); // A little sanity checking if (empty($username) || empty($password) || empty($name) || empty($email)) { return false; } // See if it exists and is disabled $access_status = access_get_show_hidden_status(); access_show_hidden_entities(true); // Validate email address if (!validate_email_address($email)) { throw new RegistrationException(elgg_echo('registration:emailnotvalid')); } // Validate password if (!validate_password($password)) { throw new RegistrationException(elgg_echo('registration:passwordnotvalid')); } // Validate the username if (!validate_username($username)) { throw new RegistrationException(elgg_echo('registration:usernamenotvalid')); } // Check to see if $username exists already if ($user = get_user_by_username($username)) { //return false; throw new RegistrationException(elgg_echo('registration:userexists')); } // If we're not allowed multiple emails then see if this address has been used before if (!$allow_multiple_emails && get_user_by_email($email)) { throw new RegistrationException(elgg_echo('registration:dupeemail')); } access_show_hidden_entities($access_status); // Check to see if we've registered the first admin yet. // If not, this is the first admin user! $admin = datalist_get('admin_registered'); // Otherwise ... $user = new ElggUser(); $user->username = $username; $user->email = $email; $user->name = $name; $user->access_id = ACCESS_PUBLIC; $user->salt = generate_random_cleartext_password(); // Note salt generated before password! $user->password = generate_user_password($user, $password); $user->owner_guid = 0; // Users aren't owned by anyone, even if they are admin created. $user->container_guid = 0; // Users aren't contained by anyone, even if they are admin created. $user->save(); // If $friend_guid has been set, make mutual friends if ($friend_guid) { if ($friend_user = get_user($friend_guid)) { if ($invitecode == generate_invite_code($friend_user->username)) { $user->addFriend($friend_guid); $friend_user->addFriend($user->guid); } } } global $registering_admin; if (!$admin) { $user->admin = true; datalist_set('admin_registered', 1); $registering_admin = true; } else { $registering_admin = false; } // Turn on email notifications by default set_user_notification_setting($user->getGUID(), 'email', true); return $user->getGUID(); }
} else { $result['status'] = false; $result['text'] = elgg_echo('registration:usernamenotvalid'); } } catch (Exception $e) { $result['status'] = false; $result['text'] = $e->getMessage(); } } break; case 'email': $email = get_input('email'); if ($email) { $result['status'] = true; try { if (validate_email_address($email)) { $hidden = access_show_hidden_entities(true); if (get_user_by_email($email)) { $result['status'] = false; $result['text'] = elgg_echo('registration:dupeemail'); } access_show_hidden_entities($hidden); } else { $result['status'] = false; $result['text'] = elgg_echo('registration:notemail'); } } catch (Exception $e) { $result['status'] = false; $result['text'] = $e->getMessage(); } }
/** * Registers a user, returning false if the username already exists * * @param string $username The username of the new user * @param string $password The password * @param string $name The user's display name * @param string $email Their email address * @param bool $allow_multiple_emails Allow the same email address to be * registered multiple times? * @param int $friend_guid GUID of a user to friend once fully registered * @param string $invitecode An invite code from a friend * * @return int|false The new user's GUID; false on failure */ function register_user($username, $password, $name, $email, $allow_multiple_emails = false, $friend_guid = 0, $invitecode = '') { // Load the configuration global $CONFIG; // no need to trim password. $username = trim($username); $name = trim(strip_tags($name)); $email = trim($email); // A little sanity checking if (empty($username) || empty($password) || empty($name) || empty($email)) { return false; } // Make sure a user with conflicting details hasn't registered and been disabled $access_status = access_get_show_hidden_status(); access_show_hidden_entities(true); if (!validate_email_address($email)) { throw new RegistrationException(elgg_echo('registration:emailnotvalid')); } if (!validate_password($password)) { throw new RegistrationException(elgg_echo('registration:passwordnotvalid')); } if (!validate_username($username)) { throw new RegistrationException(elgg_echo('registration:usernamenotvalid')); } if ($user = get_user_by_username($username)) { throw new RegistrationException(elgg_echo('registration:userexists')); } if (!$allow_multiple_emails && get_user_by_email($email)) { throw new RegistrationException(elgg_echo('registration:dupeemail')); } access_show_hidden_entities($access_status); // Create user $user = new ElggUser(); $user->username = $username; $user->email = $email; $user->name = $name; $user->access_id = ACCESS_PUBLIC; $user->salt = generate_random_cleartext_password(); // Note salt generated before password! $user->password = generate_user_password($user, $password); $user->owner_guid = 0; // Users aren't owned by anyone, even if they are admin created. $user->container_guid = 0; // Users aren't contained by anyone, even if they are admin created. $user->language = get_current_language(); $user->save(); // If $friend_guid has been set, make mutual friends if ($friend_guid) { if ($friend_user = get_user($friend_guid)) { if ($invitecode == generate_invite_code($friend_user->username)) { $user->addFriend($friend_guid); $friend_user->addFriend($user->guid); // @todo Should this be in addFriend? add_to_river('river/relationship/friend/create', 'friend', $user->getGUID(), $friend_guid); add_to_river('river/relationship/friend/create', 'friend', $friend_guid, $user->getGUID()); } } } // Turn on email notifications by default set_user_notification_setting($user->getGUID(), 'email', true); return $user->getGUID(); }
/** * Web service to get all users registered with an email ID * * @param string $email Email ID to check for * @return string $foundusers Array of usernames registered with this email ID * @throws InvalidParameterException * @throws RegistrationException */ function user_get_user_by_email($email) { if (!validate_email_address($email)) { throw new RegistrationException(elgg_echo('registration:notemail')); } $user = get_user_by_email($email); if (!$user) { throw new InvalidParameterException('registration:emailnotvalid'); } foreach ($user as $key => $singleuser) { $foundusers[$key] = $singleuser->username; } return $foundusers; }
/** * Save the edited account * * @access public */ public function save() { $data = array(); //validate gender if (config('ACCOUNT_GENDER') == '1') { $gender = $this->input->post('gender'); if ($gender == 'm' || $gender == 'f') { $data['customers_gender'] = $gender; } else { $this->message_stack->add('account_edit', lang('field_customer_gender_error')); } } else { $data['customers_gender'] = !empty($gender) ? $gender : ''; } //validate firstname $firstname = $this->input->post('firstname'); if (!empty($firstname) || strlen(trim($firstname)) >= config('ACCOUNT_FIRST_NAME')) { $data['customers_firstname'] = $this->security->xss_clean($firstname); } else { $this->message_stack->add('account_edit', sprintf(lang('field_customer_first_name_error'), config('ACCOUNT_FIRST_NAME'))); } //validate lastname $lastname = $this->input->post('lastname'); if (!empty($lastname) || strlen(trim($lastname)) >= config('ACCOUNT_LAST_NAME')) { $data['customers_lastname'] = $this->security->xss_clean($lastname); } else { $this->message_stack->add('account_edit', sprintf(lang('field_customer_last_name_error'), config('ACCOUNT_LAST_NAME'))); } //validate dob days if (config('ACCOUNT_DATE_OF_BIRTH') == '1') { $dob_days = $this->input->post('dob_days'); if (!empty($dob_days)) { $data['customers_dob'] = $dob_days; } else { $this->message_stack->add('account_edit', lang('field_customer_date_of_birth_error')); } } //email address $email_address = $this->input->post('email_address'); if (!empty($email_address) && strlen(trim($email_address)) >= config('ACCOUNT_EMAIL_ADDRESS')) { if (validate_email_address($email_address)) { if ($this->account_model->check_duplicate_entry($email_address, $this->customer->get_id()) === FALSE) { $data['customers_email_address'] = $email_address; } else { $this->message_stack->add('account_edit', lang('field_customer_email_address_exists_error')); } } else { $this->message_stack->add('account_edit', lang('field_customer_email_address_check_error')); } } else { $this->message_stack->add('account_edit', sprintf(lang('field_customer_email_address_error'), config('ACCOUNT_EMAIL_ADDRESS'))); } //newsletter if (config('ACCOUNT_NEWSLETTER') == '1') { $data['customers_newsletter'] = $this->input->post('newsletter') == 1 ? '1' : '0'; } if ($this->message_stack->size('account_edit') === 0) { if ($this->account_model->save($data, $this->customer->get_id())) { $this->customer->set_data($data['customers_email_address']); $this->message_stack->add_session('account', lang('success_account_updated'), 'success'); redirect(site_url('account')); } else { $this->message_stack->add('account_edit', lang('error_database')); } } //setup view $this->template->build('account/account_edit'); }
/** * Validate records and create update and create queues * * @param mixed $data */ function queueRecords($data = null) { if (!$this->records->mapped) { $this->mapRecords($data); } $this->records->queue = array(); foreach ($this->records->mapped as $record) { $create = true; $update = false; $messages = array(); // First check if the user already exists if ($record['guid']) { $create = false; $record_entity = get_entity($record['guid']); if (elgg_instanceof($record_entity, 'user')) { $messages[] = elgg_echo('upload_users:error:userexists'); if ($this->update_existing_users) { $update = true; } } else { if ($this->update_existing_users) { $messages[] = elgg_echo('upload_users:error:invalid_guid'); } } } else { try { validate_email_address($record['email']); $record_by_username = get_user_by_username($record['username']); $record_by_email = get_user_by_email($record['email']); if (elgg_instanceof($record_by_username, 'user') || elgg_instanceof($record_by_email[0], 'user')) { $create = false; if ($record_by_username->guid != $record_by_email[0]->guid) { if ($this->fix_usernames && !$this->update_existing_users) { $create = true; while (get_user_by_username($record['username'])) { $record['username'] = $record['username'] . rand(1000, 9999); } } else { $messages[] = elgg_echo('upload_users:error:update_email_username_mismatch'); // username does not match with the email we have in the database } } else { $messages[] = elgg_echo('upload_users:error:userexists'); if ($this->update_existing_users) { $record['guid'] = $record_by_username->guid; $update = true; } } } } catch (RegistrationException $r) { $create = false; $messages[] = $r->getMessage(); } } // No existing accounts found; validate details for registration if ($create) { if (!$record['name']) { $create = false; $messages[] = elgg_echo('upload_users:error:empty_name'); } try { validate_username($record['username']); } catch (RegistrationException $r) { $create = false; $messages[] = $r->getMessage(); } if ($record['password']) { try { validate_password($record['password']); } catch (RegistrationException $r) { $create = false; $messages[] = $r->getMessage(); } } } $record['__upload_users_messages'] = $messages; $record['__upload_users_status'] = false; if ($create || $update) { $record['__upload_users_status'] = true; } $this->records->queue[] = $record; } }
/** * Save the guest book * * @access public * @return void */ public function save() { //validate title $title = $this->input->post('title'); if (!empty($title)) { $data['title'] = $this->security->xss_clean($title); } else { $this->message_stack->add('guestbook', lang('field_guestbook_title_error')); } //validate email $email = $this->input->post('email'); if (!empty($email) && validate_email_address($email)) { $data['email'] = $this->security->xss_clean($email); } else { $this->message_stack->add('guestbook', lang('field_guestbook_email_error')); } //validate content $content = $this->input->post('content'); if (!empty($content)) { $data['content'] = $this->security->xss_clean($content); } else { $this->message_stack->add('guestbook', lang('field_guestbook_content_error')); } //url $url = $this->input->post('url'); $data['url'] = $this->security->xss_clean($url); if ($this->message_stack->size('guestbook') === 0) { if ($this->guestbooks_model->save($data)) { $this->message_stack->add_session('guestbook', lang('success_guestbook_saved'), 'success'); redirect(site_url('info/guestbooks')); } } else { $this->template->build('info/guestbook_add'); } }
/** * the main apiController function that outputs json_encoded results * @param $path * @param $request * @param $files */ function apiController($path, $request, $files = null) { global $dao, $smarty; list($reqPath, $queryString) = explode('?', $path); $pathParts = explode('/', substr($reqPath, 1)); list($action) = $pathParts; Log::getInstance()->log("Reached server"); Log::getInstance()->log("{$path} , {$request}"); if ($action != "addExpeditionPoint" && $action != "getDeviceByAuthKey") { $log = Log::getInstance(); $log->log("{$action}"); $log->log("{$path}, {$request}"); } $authKey = $request["authKey"]; if ($action != "isreachable" && $action != "login" && $action != "registerUser" && $action != "registerDevice" && $action != "getPendingDeviceStatus" && !$authKey) { $response = array("errorCode" => ERR_AUTHKEY_MISSING, "errorMessage" => "You must provide an authentication key with each request."); echo json_encode($response); die; } if ($action != isreachable && $action != "login" && $action != "registerUser") { $device = $dao->getDeviceByAuthKey($authKey); if ($action != "registerDevice" && $action != "getPendingDeviceStatus" && !$device) { $response = errorResponseCode(ERR_AUTHKEY_INVALID, "Invalid authentication key."); echo json_encode($response); die; } $deviceUserId = $device["user_id"]; $deviceIdentifier = $device["imei"]; } switch ($action) { case 'isreachable': jsonMessage(AUTHN_OK, "The server is reachable"); break; case 'login': extract($request); Log::getInstance()->log("Login = {$request} email={$email} imei={$imei}"); if (!$email) { jsonError(ERR_EMAIL_MISSING, "Email Address is required"); } else { if (!validate_email_address($email)) { jsonError(ERR_EMAIL_INVALID, "Email Address is invalid"); } } if (!$password) { jsonError(ERR_PASSWORD_MISSING, "Password is required"); } // NOTE: Tablets don't have imei. So this will only work for phones. // if (!$imei){ // jsonError(ERR_IMEI_MISSING, "IMEI Code is required"); // } if ($login = $dao->checkLogin($email, $password)) { $authKey = genAuthKey(); $userId = $login["id"]; if ($dao->registerDevicePending($userId, $authKey)) { jsonMessage(AUTHN_OK, $authKey); } else { jsonError(ERR_SERVER, "Authentication Key cannot be generated"); } } else { jsonError(AUTHN_FAILED, "Authentication failed. Please Check email address or password."); } break; case 'registerUser': extract($request); if (!$email) { jsonError(ERR_EMAIL_MISSING, "Email Address is required"); } else { if (!validate_email_address($email)) { jsonError(ERR_EMAIL_INVALID, "Email Address is invalid"); } } if (!$firstname) { jsonError(ERR_FIRSTNAME_MISSING, "Firstname is required"); } if (!$lastname) { jsonError(ERR_LASTNAME_MISSING, "LastName is required"); } if (strlen($password1) < 6) { jsonError(ERR_PASSWORD1_INVALID, "Password must be 6 characters or longer"); } if ($password1 != $password2) { jsonError(ERR_PASSWORD_UNMATCHED, "Passwords must match"); } $newUser = array($email, $firstname, $lastname, $password1); $result = $dao->registerUser($newUser); if ($result === REGISTRATION_EMAILEXISTS) { jsonError(ERR_EMAIL_INVALID, "Email already exists"); } $smarty->assign('link', SERVER_BASE_URI . "/web/verifyEmail?email={$email}"); sendEmail($email, "email verification", $smarty->fetch("emails/new_user.tpl")); jsonMessage(AUTHN_OK, "Registration Successful"); break; case 'getDeltaFindsIds': echo $dao->getDeltaFindsIds($authKey, $request["projectId"]); break; case 'recordSync': $projectId = -1; if ($request["projectId"]) { $projectId = (int) $request["projectId"]; } echo $dao->recordSync($request["imei"], $authKey, $projectId); //echo $dao->recordSync($deviceIdentifier, $authKey); break; case 'registerDevice': $imei = $request["imei"]; $name = null; if (strstr($authKey, "sb_")) { $result = $dao->addSandboxDevice($authKey, $imei); } else { $result = $dao->confirmDevice($authKey, $imei, $name); } echo json_encode($result); break; case 'addExpedition': echo $dao->addExpedition($request["projectId"]); break; case 'addExpeditionPoint': echo $request["expedition"] . ","; echo $dao->addExpeditionPoint($request["expedition"], $request["latitude"], $request["longitude"], $request["altitude"], $request["swath"], $request["time"]); break; case 'getPendingDeviceStatus': $device = $dao->getDeviceByAuthKey($authKey); if ($device["status"] == "ok") { echo json_encode($device); } else { echo json_encode(false); } break; case 'listOpenProjects': $result = $dao->getProjects(PROJECTS_OPEN); echo json_encode($result); break; case 'listMyProjects': $result = $dao->getUserProjects($deviceUserId); echo json_encode($result); break; case 'newProject': extract($request); if (!$name) { jsonError(ERR_NAME_INVALID, "Project name is invalid."); } $result = $dao->newProject($name, $description, $deviceUserId); if (is_string($result)) { jsonMessage(PROJ_CREATE_SUCCESS, "Project created successfully."); } else { jsonError(PROJ_CREATE_FAIL, "Project creation failed."); } break; case 'projectExists': if ($request["projectId"]) { echo $dao->projectExists($request["projectId"]); } break; case 'listFinds': echo json_encode($dao->getFinds($request["project_id"])); break; case 'getFind': $result = $dao->getFind($request["guid"]); echo json_encode($result); break; case 'deleteFind': echo $dao->deleteFind($request["id"]); break; case 'deleteProject': $dao->deleteProject($request["projectId"]); break; case 'deleteAllFinds': $dao->deleteAllFinds($request["projectId"]); break; case 'createFind': echo $dao->createFind($authKey, $request["imei"], $request["guid"], $request["project_id"], $request["name"], $request["description"], $request["latitude"], $request["longitude"], $request["revision"], $request["data"]); break; case 'updateFind': echo $dao->updateFind($authKey, $request["imei"], $request["guid"], $request["project_id"], $request["name"], $request["description"], $request["revision"], $request["data"], $request["latitude"], $request["longitude"]); break; case 'attachPicture': $imagedata = base64_decode($request["data_full"]); $imagethumbdata = base64_decode($request["data_thumbnail"]); $result = $dao->addPictureToFind($request["imei"], $request["guid"], $request["identifier"], $request["project_id"], $request["mime_type"], $request["timestamp"], $imagedata, $imagethumbdata, $authKey); echo json_encode($result); break; case 'attachVideo': $video_data = $files['file']['tmp_name']; $video_type = $request["mimeType"]; $video_name = str_replace(' ', '_', $files["file"]["name"]); move_uploaded_file($video_data, "uploads/{$video_name}"); $result = $dao->addVideoToFind($request['id'], $request["findId"], $video_type, $video_name); return $result; break; case 'attachAudio': $audio_data = $files['file']['tmp_name']; $audio_type = $request["mimeType"]; $audio_name = str_replace(' ', '_', $files["file"]["name"]); move_uploaded_file($audio_data, "uploads/{$audio_name}"); $result = $dao->addAudioClipToFind($request['id'], $request["findId"], $audio_type, $audio_name); return $result; break; case 'removePicture': $dao->deletePictureFromFind($request["id"]); break; case 'removeVideo': $dao->deleteVideoFromFind($request["id"]); break; case 'removeAudioClip': $dao->deleteAudioClipFromFind($request["id"]); break; case 'deleteAllPictures': $dao->deleteImages($request["findId"]); break; case 'deleteAllVideos': $dao->deleteVideos($request["findId"]); break; case 'deleteAllAudioClips': $dao->deleteAudioClips($request["findId"]); break; case 'getPicture': $picture = $dao->getPicture($request["id"]); $imageEncoded = base64_encode($picture["data_full"]); $imageThumbEncoded = base64_encode($picture["data_thumb"]); $pictureEncoded = $picture; if ($imageEncoded != "") { $pictureEncoded["data_full"] = $imageEncoded; } if ($imageThumbEncoded != "") { $pictureEncoded["data_thumb"] = $imageThumbEncoded; } if (count($pictureEncoded) > 0) { echo json_encode($pictureEncoded); } else { echo "false"; } break; case 'getPicturesByFind': $pictures = $dao->getPicturesByFind($request["guid"]); $result = array(); foreach ($pictures as $pic) { $imageEncoded = base64_encode($pic["data_full"]); $imageThumbEncoded = base64_encode($pic["data_thumb"]); $pictureEncoded = $pic; if ($imageEncoded != "") { $pictureEncoded["data_full"] = $imageEncoded; } if ($imageThumbEncoded != "") { $pictureEncoded["data_thumb"] = $imageThumbEncoded; } if (count($pictureEncoded) > 0) { $result[] = $pictureEncoded; } } if (count($result) > 0) { echo json_encode($result); } else { echo "false"; } break; case 'getVideo': $video = $dao->getVideo($request["id"]); $video_name = $video["data_path"]; $video_path = "uploads/{$video_name}"; $fp_v = fopen($video_path, 'r'); $video_data = fread($fp_v, filesize($video_path)); $videoEncoded = base64_encode($video_data); $clipEncoded = $video; $clipEncoded["data_full"] = $videoEncoded; echo json_encode($clipEncoded); break; case 'getAudio': $audio = $dao->getAudioClip($request["id"]); $audio_name = $audio["data_path"]; $audio_path = "uploads/{$audio_name}"; $fp_v = fopen($audio_path, 'r'); $audio_data = fread($fp_v, filesize($audio_path)); $audioEncoded = base64_encode($audio_data); $clipEncoded = $audio; $clipEncoded["data_full"] = $audioEncoded; echo json_encode($clipEncoded); break; case 'searchFinds': $search_value = $request['search_value']; $project_id = $request['project_id']; $result = $dao->searchFinds($search_value, $project_id); echo json_encode($result); break; case 'execCommand': $command = $request['command']; echo $dao->execCommand($command); break; default: break; } }
/** * Generate a unique username based on a provided email address. * * The first part (before @) of the email address will be used as a base. * Numbers will be added to the end to make it unique. * * @param string $email the email address to use * * @see simplesaml_generate_unique_username() * * @return bool|string a unique username, false on failure */ function simplesaml_generate_username_from_email($email) { $result = false; if (!empty($email) && validate_email_address($email)) { list($username) = explode("@", $email); // make sure the username is unique $result = simplesaml_generate_unique_username($username); } return $result; }
/** * Generate a unique username based on a provided email address. * * The first part (before @) of the email address will be used as a base. * Numbers will be added to the end to make it unique. * * @param string $email the email address to use * * @see simplesaml_generate_unique_username() * * @return false|string */ function simplesaml_generate_username_from_email($email) { if (empty($email) || !validate_email_address($email)) { return false; } list($username) = explode('@', $email); // make sure the username is unique return simplesaml_generate_unique_username($username); }
/** * Save contact us * * @access public * @return void */ public function save() { //validate department email $department_email = $this->input->post('department_email'); if (!empty($department_email)) { $department_email = $this->security->xss_clean($department_email); if (!validate_email_address($department_email)) { $this->message_stack->add('contact', lang('field_departments_email_error')); } } else { $department_email = config('STORE_OWNER_EMAIL_ADDRESS'); } //validate customer name field $name = $this->input->post('name'); if (!empty($name)) { $name = $this->security->xss_clean($name); } else { $this->message_stack->add('contact', lang('field_customer_name_error')); } //validate customer email field $email = $this->input->post('email'); if (!empty($email) && validate_email_address($email)) { $email = $this->security->xss_clean($email); } else { $this->message_stack->add('contact', lang('field_customer_concat_email_error')); } //validate customer telephone $telephone = $this->input->post('telephone'); if (!empty($telephone)) { $telephone = $this->security->xss_clean($telephone); } //validate enquiry $enquiry = $this->input->post('enquiry'); if (!empty($enquiry)) { $enquiry = $this->security->xss_clean($enquiry); } else { $this->message_stack->add('contact', lang('field_enquiry_error')); } if ($this->message_stack->size('contact') === 0) { //ignore the send email action //setup view $this->template->build('info/contact_success', $this->_data); } else { //setup view $this->template->build('info/contact_us', $this->_data); } }
if (filter_var($emailString, FILTER_VALIDATE_EMAIL) == $emailString) { preg_match('/(.+)@(.+)/', $emailString, $matches); if (sizeof($matches) != 3) { /*original string + matches*/ return false; } if (checkdnsrr($matches[2], "MX")) { // check if there's a MX record in DNS return true; } else { return false; } } return false; } $emails = array("*****@*****.**" => false, "test" => false, "*****@*****.**" => true, "*****@*****.**" => true, "*****@*****.**" => true, "robert');drop table students;" => false); //var_dump(checkdnsrr("example.com", "MX")); //var_dump(checkdnsrr("gmail.com", "MX")); $success = 0; $fail = 0; foreach ($emails as $email => $expected_result) { //var_dump(filter_var($email, FILTER_VALIDATE_EMAIL)); $result = validate_email_address($email); //print "$email => ".var_dump($result)."\n "; if ($result == $expected_result) { $success++; } else { $fail++; } } print "success = " . $success . " " . " fail =" . $fail . "\n";
function checkUsers() { global $CONFIG; $final_report = array(); /// Final report of the upload process /// Check all the users from $users_to_confirm array foreach ($this->users_to_confirm as $user) { /// CHeck for password or generate a new one if (empty($user['password'])) { $user['password'] = $this->generatePassword(); } $report = array('username' => $user['username'], 'password' => $user['password'], 'name' => $user['name'], 'email' => $user['email'], 'status' => '', 'create_user' => true); /// Check if the username has already been registered if (get_user_by_username($user['username'])) { $report['status'] .= '<span class="error">' . elgg_echo('registration:userexists') . '</span>'; $report['create_user'] = false; } /// Check if the email has already been registered if (get_user_by_email($user['email'])) { $report['status'] .= '<span class="error">' . elgg_echo('registration:dupeemail') . '</span>'; $report['create_user'] = false; } /// Check that the email is valid try { validate_email_address($user['email']); } catch (RegistrationException $r) { $report['status'] .= ' <span class="error">' . $r->getMessage() . '</span>'; $report['create_user'] = false; } /// CHeck for valid password try { validate_password($user['password']); } catch (RegistrationException $r) { $report['status'] .= ' <span class="error">' . $r->getMessage() . '</span>'; $report['create_user'] = false; } /// Process metadata foreach ($user['metadata'] as $key => $metadata) { $report[$key] = $metadata; } /// Add the user to the creation list if we can create the user if ($report['status'] == '') { $report['status'] = elgg_echo('upload_users:statusok'); /// Set status to ok $this->users_to_create[] = $user; } else { $this->number_of_failed_users++; } $final_report[] = $report; } $this->confirmation_report = $final_report; return true; }
public function validateEmailDomain($user_guid = 0, $email_address = "") { $result = false; if ($this->getMembership() == self::MEMBERSHIP_DOMAIN || $this->getMembership() == self::MEMBERSHIP_DOMAIN_APPROVAL) { if (empty($user_guid)) { $user = elgg_get_logged_in_user_entity(); } else { $user = get_user($user_guid); } $domains = $this->domains; $domains = strtolower($domains); // need to be lowercase if (!empty($domains)) { $domains = explode(",", str_replace(" ", "", $domains)); if (!is_array($domains)) { $domains = array($domains); } if (!empty($user)) { // check user's email $email = $user->email; $email = strtolower($email); // need to be lowercase list($dummy, $u_domain) = explode("@", $email); if (in_array($u_domain, $domains)) { $result = true; } else { foreach ($domains as $domain) { $domain = trim($domain); if (substr($domain, 0, 1) == ".") { $len = strlen($domain); if (substr($u_domain, -$len) == $domain) { $result = true; break; } } } } } // check given email address if (!$result && !empty($email_address)) { if (validate_email_address($email_address)) { list($dummy, $u_domain) = explode("@", $email_address); if (in_array($u_domain, $domains)) { $result = true; } else { foreach ($domains as $domain) { $domain = trim($domain); if (substr($domain, 0, 1) == ".") { $len = strlen($domain); if (substr($u_domain, -$len) == $domain) { $result = true; break; } } } } } } } } return $result; }
/** * save customer * * @access public */ public function save() { //load model $this->load->model('account_model'); $data = array(); //validate privacy conditions if (config('DISPLAY_PRIVACY_CONDITIONS') == '1') { if ($this->input->post('privacy_conditions') != '1') { $this->message_stack->add('create', lang('error_privacy_statement_not_accepted')); } } //validate gender if (config('ACCOUNT_GENDER') == '1') { if ($this->input->post('gender') == 'm' || $this->input->post('gender') == 'f') { $data['customers_gender'] = $this->input->post('gender'); } else { $this->message_stack->add('create', lang('field_customer_gender_error')); } } else { $gender = $this->input->post('gender'); $data['customers_gender'] = $this->input->post('gender') == NULL ? '' : $this->input->post('gender'); } //validate firstname if ($this->input->post('firstname') !== NULL && strlen(trim($this->input->post('firstname'))) >= config('ACCOUNT_FIRST_NAME')) { $data['customers_firstname'] = $this->input->post('firstname'); } else { $this->message_stack->add('create', sprintf(lang('field_customer_first_name_error'), config('ACCOUNT_FIRST_NAME'))); } //validate lastname if ($this->input->post('lastname') !== NULL && strlen(trim($this->input->post('lastname'))) >= config('ACCOUNT_LAST_NAME')) { $data['customers_lastname'] = $this->input->post('lastname'); } else { $this->message_stack->add('create', sprintf(lang('field_customer_last_name_error'), config('ACCOUNT_LAST_NAME'))); } //newsletter $data['customers_newsletter'] = $this->input->post('newsletter') == 1 ? '1' : '0'; //validate dob days if (config('ACCOUNT_DATE_OF_BIRTH') == '1') { $dob_days = $this->input->post('dob_days'); if (!empty($dob_days)) { $data['customers_dob'] = $this->input->post('dob_days'); } else { $this->message_stack->add('create', lang('field_customer_date_of_birth_error')); } } //email address if ($this->input->post('email_address') !== NULL && strlen(trim($this->input->post('email_address'))) >= config('ACCOUNT_EMAIL_ADDRESS')) { if (validate_email_address($this->input->post('email_address'))) { if ($this->account_model->check_duplicate_entry($this->input->post('email_address')) === FALSE) { $data['customers_email_address'] = $this->input->post('email_address'); } else { $this->message_stack->add('create', lang('field_customer_email_address_exists_error')); } } else { $this->message_stack->add('create', lang('field_customer_email_address_check_error')); } } else { $this->message_stack->add('create', sprintf(lang('field_customer_email_address_error'), config('ACCOUNT_EMAIL_ADDRESS'))); } //validate password if ($this->input->post('password') === NULL || $this->input->post('password') !== NULL && strlen(trim($this->input->post('password'))) < config('ACCOUNT_PASSWORD')) { $this->message_stack->add('create', sprintf(lang('field_customer_password_error'), config('ACCOUNT_PASSWORD'))); } elseif ($this->input->post('confirmation') === NULL || $this->input->post('confirmation') !== NULL && trim($this->input->post('password')) != trim($this->input->post('confirmation'))) { $this->message_stack->add('create', lang('field_customer_password_mismatch_with_confirmation')); } else { $data['customers_password'] = encrypt_password($this->input->post('password')); } if ($this->message_stack->size('create') === 0) { $data['customers_status'] = 1; //if create account success send email if ($this->account_model->insert($data)) { //set data to session $this->customer->set_data($data['customers_email_address']); //synchronize shopping cart content with database $this->shopping_cart->synchronize_with_database(); //synchronize wishlist with database $this->wishlist->synchronize_with_database(); //send email $this->load->library('email_template'); $email = $this->email_template->get_email_template('create_account_email'); $email->set_data($data['customers_password']); $email->build_message(); $email->send_email(); } //set page title $this->set_page_title(lang('create_account_success_heading')); //setup view $this->template->build('account/create_success'); } else { //setup view $this->template->build('account/create', $this->data); } }
function register_process($post_values, $config) { $errors = array(); $username = $post_values['username']; $password = $post_values['password']; $email = validate_email_address($post_values['email']); if (!$username || strlen($username) < 5) { $errors['username'] = "******"; } if ($user = user_exists('username', $username)) { $errors['username'] = "******"; } if (!$password || strlen($password) < 8) { $errors['password'] = "******"; } if (!$email) { $errors['email'] = "Please provide a <strong>valid email addresss</strong>"; } if ($user = user_exists('email_address', $email)) { $errors['email'] = "Your email address is already associated with an account"; } // Error checking done - now on to processing it proper if (count($errors) == 0) { $passhash = str_shuffle(sha1(time() . $config['hash_salt'])); $password = sha1($passhash . $password); $user_insert_sql = ' INSERT INTO users ( `username`, `password`, `password_hash`, `email_address`, `created_at`, `updated_at` ) VALUES ( "' . $username . '", "' . $password . '", "' . $passhash . '", "' . $email . '", NOW(), NOW() ) '; $user_insert = mysql_query($user_insert_sql) or die (mysql_error()); if ($user_insert) { $user_id = mysql_insert_id(); accounts_start_session($user_id); } } // Done.. Now, what are we returning? return array($post_values, $errors); }