/** * Performs the resend user password action. * * @access public * @since 3.0 * */ function resend_password_action() { global $_POST, $SANITIZER, $CONFIG; $str_error = ''; // init if (isset($_POST["un"])) { $un = trim($_POST["un"]); $un = $SANITIZER->sanitize($un); } else { $un = ""; } if (isset($_POST["email"])) { $email = trim($_POST["email"]); $email = $SANITIZER->sanitize($email); } else { $email = ""; } /** Send email instructions about how to reset the password **/ if (isset($_POST["cmd_resend_password"])) { if (trim($un) == "" || trim($email) == "") { $str_error .= JText::_('Required field cannot be left blank.') . '<BR />'; } if (!ZEmail::check($email)) { $str_error .= JText::_('Email should look like an email address.') . '<BR />'; } $email_address_owner_found = false; if (empty($str_error)) { $sql = "\n\t\t\t\t\t\t\t\tSELECT u.id, u.un, u.firstname, u.lastname\n\t\t\t\t\t\t\t\tFROM users AS u\n\t\t\t\t\t\t\t\tWHERE u.un = '{$un}'\n\t\t\t\t\t\t\t\tAND u.email = '{$email}'\n\t\t\t\t\t\t\t\tLIMIT 0, 1\n\t\t\t\t\t\t\t "; $result = mysql_query($sql); if ($result) { $record_count = MySQL_NUM_ROWS($result); if ($record_count == 1) { $u_id = mysql_result($result, 0, "u.id"); // at least one user using the supplied email address was found $u_username = mysql_result($result, 0, "u.un"); $u_firstname = mysql_result($result, 0, "u.firstname"); $u_lastname = mysql_result($result, 0, "u.lastname"); $u_fullname = $u_firstname . " " . $u_lastname; $email_address_owner_found = true; } } if ($email_address_owner_found) { /** Send instructions here **/ /** Encrypt email address **/ $strongCipher = new Cipher_blowfish(); $strongCipher->setKey(@$CONFIG->secret); $activation = $strongCipher->zf_encrypt(date("Y-m-d H:i:s") . "_" . $u_id); /** Send email with password reset instructions **/ $name = JText::_('ZIME Service'); //senders name $sender = "*****@*****.**"; //senders e-mail adress $recipient = $email; //recipient $subject = JText::_('Reset your ZIME Password'); //subject $mail_body = JText::__('email_pw_reset_instructions.txt'); $mail_body = str_replace("[USER]", $u_fullname . " ({$u_username})", $mail_body); $mail_body = str_replace("[URL]", "{$CONFIG->basedir_rewrite}validate.php?option=reset&activation={$activation}", $mail_body); $header = "From: " . $name . " <" . $sender . ">\r\n"; //optional headerfields ini_set('sendmail_from', $sender); //Suggested by "Some Guy" mail($recipient, $subject, $mail_body, $header); //mail command :) } else { $str_error .= JText::_('Email address was not found.') . '<BR />'; } } } return $str_error; }
/** * Performs a new user registration. * * @access public * @since 3.0 * */ function register_action() { global $_POST, $CONFIG, $SANITIZER, $SecureSession; $str_error = ''; // init if (isset($_POST["fullname"])) { $fullname = trim($SANITIZER->sanitize($_POST["fullname"])); } else { $fullname = ""; } if (isset($_POST["un"])) { $un = trim($SANITIZER->sanitize($_POST["un"])); } else { $un = ""; } /* if (isset($_POST["pw"])) { $pw = trim($SANITIZER->sanitize($_POST["pw"])); } else { $pw = ""; } */ if (isset($_POST["pw"])) { //$pw_hash = trim($SANITIZER->sanitize($_POST["pw_hash"])); $pw_hash = md5(trim($SANITIZER->sanitize($_POST["pw"]))); } else { $pw_hash = ""; } if (isset($_POST["email"])) { $email = trim($SANITIZER->sanitize($_POST["email"])); } else { $email = ""; } $email_validation_required = true; /** Save new user's data */ if (isset($_POST["cmd_register"])) { /** Check inputs**/ //echo $pw_hash; if ($fullname == "" || $pw_hash == md5("")) { $str_error .= JText::_("Required field cannot be left blank.") . '<br />'; //return $str_error; } /** Test integrity username **/ $str_error .= ZRegister::test_integrity_username($un); /** Test integrity email **/ $str_error .= ZRegister::test_integrity_email($email); /** Extract firstname, lastname from full name **/ $fullname_array = ZRegister::extract_fullname_parts($fullname); $firstname = $fullname_array[0]; $lastname = $fullname_array[1]; if (empty($str_error)) { $sql = "\n\t\t\t\t\t\t\t\tINSERT INTO users (\n\t\t\t\t\t\t\t\t\tproj_fid\n\t\t\t\t\t\t\t\t\t, proj_item_id\n\t\t\t\t\t\t\t\t\t, un\n\t\t\t\t\t\t\t\t\t, pw\n\t\t\t\t\t\t\t\t\t, firstname\n\t\t\t\t\t\t\t\t\t, lastname\n\t\t\t\t\t\t\t\t\t, gender\n\t\t\t\t\t\t\t\t\t, email\n\t\t\t\t\t\t\t\t\t, birth_date\n\t\t\t\t\t\t\t\t\t, age_rule\n\t\t\t\t\t\t\t\t\t, country\n\t\t\t\t\t\t\t\t\t, language\n\t\t\t\t\t\t\t\t\t, timezone\n\t\t\t\t\t\t\t\t\t, newsletter\n\t\t\t\t\t\t\t\t\t, isconfirmed\n\t\t\t\t\t\t\t\t\t, created)\n\t\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t\t\t7\n\t\t\t\t\t\t\t\t\t, 1\n\t\t\t\t\t\t\t\t\t, '{$un}'\n\t\t\t\t\t\t\t\t\t, '{$pw_hash}'\n\t\t\t\t\t\t\t\t\t, '{$firstname}'\n\t\t\t\t\t\t\t\t\t, '{$lastname}'\n\t\t\t\t\t\t\t\t\t, 2\n\t\t\t\t\t\t\t\t\t, '{$email}'\n\t\t\t\t\t\t\t\t\t, '2100-01-01'\n\t\t\t\t\t\t\t\t\t, 0\n\t\t\t\t\t\t\t\t\t, ''\n\t\t\t\t\t\t\t\t\t, ''\n\t\t\t\t\t\t\t\t\t, 0\n\t\t\t\t\t\t\t\t\t, 0\n\t\t\t\t\t\t\t\t\t, 0\n\t\t\t\t\t\t\t\t\t, now()\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t "; // if ($_SERVER["REMOTE_ADDR"] == @$CONFIG->debug_ip) { //echo $sql; } $result = mysql_query($sql); $new_user_id = mysql_insert_id(); /* */ if ($new_user_id && mysql_affected_rows() > 0) { @setcookie("registered", 1, time() + 60 * 60 * 24 * 365, "/"); /* expire in 1 year */ /** Add default Josta (News-Josta) **/ //$str_error = ZCollection::add_josta($new_user_id, JText::_("Friends"), "", $str_error); $str_error = ZCollection::add_josta($new_user_id, "Default Josta", "", $str_error); //ZUser::add_user_to_josta($new_user_id); } else { @session_destroy(); $str_error .= JText::_('Registration was not successful. Please try again.'); } } /** Send email validation request **/ if ($email_validation_required && empty($str_error)) { // Encrypt email address $strongCipher = new Cipher_blowfish(); $strongCipher->setKey(@$CONFIG->secret); $activation = $strongCipher->zf_encrypt(date("Y-m-d H:i:s") . "_" . $new_user_id); // Send email with password reset instructions $name = JText::_('ZIME Service'); //senders name $sender = "*****@*****.**"; //senders e-mail adress $recipient = $email; //recipient $subject = ZString::replaceVars(JText::_('Welcome to ZIME'), $un); //subject $mail_body = JText::__('email_registration.txt'); $mail_body = str_replace("[USER]", $fullname . " ({$un})", $mail_body); $mail_body = str_replace("[URL]", "{$CONFIG->basedir_rewrite}validate.php?option=register&activation={$activation}", $mail_body); $header = "From: " . $name . " <" . $sender . ">\r\n"; //optional headerfields //echo $mail_body ini_set('sendmail_from', $sender); //Suggested by "Some Guy" if (!@mail($recipient, $subject, $mail_body, $header)) { //mail command :) $str_error .= JText::_('Could not send the notification.'); } } /** Set default notices **/ $_POST["notice_new_follower"] = "1"; ZSettings::notices_action($new_user_id); // catch $str_error ?? /** Log in user **/ if (empty($str_error)) { $str_error .= ZLogin::login($un, $pw_hash); } else { //@session_destroy(); //$str_error .= JText::_('We cannot log you into your account at this time. Please try again later.') . '<br />'; } if (!empty($str_error)) { return $str_error; } else { @header("Location: {$CONFIG->basedir_rewrite}"); } } }