Example #1
0
 public function process_login()
 {
     if (!$this->user->is_signedin()) {
         //Check Password Length
         if (strlen($this->in->get('password')) > 64) {
             $this->core->message($this->user->lang('password_too_long'), $this->user->lang('error'), 'red');
             $this->display();
             return;
         }
         //Check Honeypot
         if (strlen($this->in->get($this->user->csrfGetToken("honeypot")))) {
             $this->core->message($this->user->lang('invalid_login'), $this->user->lang('error'), 'red');
             $this->display();
             return;
         }
         //Check Captcha
         $blnShowCaptcha = false;
         if ((int) $this->config->get('failed_logins_inactivity') - 2 > 0) {
             if ($this->user->data['session_failed_logins'] >= (int) $this->config->get('failed_logins_inactivity') - 2) {
                 $blnShowCaptcha = true;
             }
             if (!$blnShowCaptcha) {
                 $objQuery = $this->db->prepare("SELECT SUM(session_failed_logins) as failed_logins FROM __sessions WHERE session_ip =?")->execute($this->env->ip);
                 if ($objQuery && $objQuery->numRows) {
                     $arrResult = $objQuery->fetchAssoc();
                     if ($arrResult['failed_logins'] >= (int) $this->config->get('failed_logins_inactivity') - 2) {
                         $blnShowCaptcha = true;
                     }
                 }
             }
         }
         if ($blnShowCaptcha && $this->config->get('lib_recaptcha_pkey') && strlen($this->config->get('lib_recaptcha_pkey'))) {
             require $this->root_path . 'libraries/recaptcha/recaptcha.class.php';
             $captcha = new recaptcha();
             $response = $captcha->check_answer($this->config->get('lib_recaptcha_pkey'), $this->env->ip, $this->in->get('g-recaptcha-response'));
             if (!$response->is_valid) {
                 $this->core->message($this->user->lang('lib_captcha_wrong'), $this->user->lang('error'), 'red');
                 $this->display();
                 return;
             }
         }
         $blnAutoLogin = $this->in->exists('auto_login') ? true : false;
         //Login
         if (!$this->user->login($this->in->get('username'), $this->in->get('password'), $blnAutoLogin)) {
             //error
             $strErrorCode = $this->user->error;
             switch ($strErrorCode) {
                 case 'user_inactive':
                     $strErrorMessage = $this->user->lang('error_account_inactive');
                     break;
                 case 'user_inactive_failed_logins':
                     $strErrorMessage = $this->user->lang('error_account_inactive_failed_logins');
                     break;
                 case 'wrong_password':
                 case 'wrong_username':
                     $strErrorMessage = $this->user->lang('invalid_login');
                     break;
                 default:
                     $strErrorMessage = $strErrorCode;
             }
             $this->core->global_warning($strErrorMessage . $this->user->lang('invalid_login_goto_admin'), 'fa-exclamation-circle');
             $this->display();
         } else {
             //success
             if ($this->in->exists('redirect')) {
                 $redirect_url = preg_replace('#^.*?redirect=(.+?)&(.+?)$#', '\\1' . $this->SID . '&\\2', base64_decode($this->in->get('redirect')));
                 if (strpos($redirect_url, '?') === false) {
                     $redirect_url = $redirect_url . $this->SID;
                 } else {
                     $redirect_url = str_replace("?&", $this->SID . '&', $redirect_url);
                 }
             } else {
                 $redirect_url = $this->controller_path_plain . $this->SID;
             }
             redirect($redirect_url);
         }
     } else {
         redirect($this->controller_path_plain . $this->SID);
     }
 }
    public function submit()
    {
        if ((int) $this->config->get('cmsbridge_active') == 1 && strlen($this->config->get('cmsbridge_reg_url'))) {
            redirect($this->config->get('cmsbridge_reg_url'), false, true);
        }
        //Check Honeypot
        if (strlen($this->in->get($this->user->csrfGetToken("honeypot")))) {
            $this->core->message($this->user->lang('lib_captcha_wrong'), $this->user->lang('error'), 'red');
            $this->display();
            return;
        }
        //Check User Profilefields
        $arrUserProfileFields = $this->pdh->get('user_profilefields', 'registration_fields');
        if (count($arrUserProfileFields)) {
            $form = register('form', array('register'));
            $form->validate = true;
            $form->add_fields($arrUserProfileFields);
            $arrFieldValues = $form->return_values();
            $this->userProfileData = $arrFieldValues;
        }
        //Check CAPTCHA
        if ($this->config->get('enable_captcha') == 1 && $this->config->get('lib_recaptcha_pkey') && strlen($this->config->get('lib_recaptcha_pkey'))) {
            require $this->root_path . 'libraries/recaptcha/recaptcha.class.php';
            $captcha = new recaptcha();
            $response = $captcha->check_answer($this->config->get('lib_recaptcha_pkey'), $this->env->ip, $this->in->get('g-recaptcha-response'));
            if (!$response->is_valid) {
                $this->core->message($this->user->lang('lib_captcha_wrong'), $this->user->lang('error'), 'red');
                $this->display_form();
                return;
            }
        }
        //Check Password
        if ($this->in->get('new_user_password1') !== $this->in->get('new_user_password2')) {
            $this->core->message($this->user->lang('password_not_match'), $this->user->lang('error'), 'red');
            $this->display_form();
            return;
        }
        if (strlen($this->in->get('new_user_password1')) > 64) {
            $this->core->message($this->user->lang('password_too_long'), $this->user->lang('error'), 'red');
            $this->display_form();
            return;
        }
        //Check Email
        if ($this->pdh->get('user', 'check_email', array($this->in->get('user_email'))) == 'false') {
            $this->core->message(str_replace("{0}", $this->in->get('user_email'), $this->user->lang('fv_email_alreadyuse')), $this->user->lang('error'), 'red');
            $this->display_form();
            return;
        } elseif (!preg_match("/^([a-zA-Z0-9])+([\\.a-zA-Z0-9_\\-\\+])*@([a-zA-Z0-9_-])+(\\.[a-zA-Z0-9_-]+)+/", $this->in->get('user_email'))) {
            $this->core->message($this->user->lang('fv_invalid_email'), $this->user->lang('error'), 'red');
            $this->display_form();
            return;
        }
        //Check Username
        if ($this->pdh->get('user', 'check_username', array($this->in->get('username'))) == 'false') {
            $this->core->message(str_replace("{0}", $this->in->get('username'), $this->user->lang('fv_username_alreadyuse')), $this->user->lang('error'), 'red');
            $this->display_form();
            return;
        }
        //Check User Profilefields - Part 2
        if (is_object($form) && $form->error) {
            $this->display_form();
            return;
        }
        // If the config requires account activation, generate a random key for validation
        if ((int) $this->config->get('account_activation') == 1 || (int) $this->config->get('account_activation') == 2) {
            $user_key = random_string(true);
            $key_len = 54 - strlen($this->server_url);
            $key_len = $key_len > 6 ? $key_len : 6;
            $user_key = substr($user_key, 0, $key_len);
            $user_active = '0';
            if ($this->user->is_signedin()) {
                $this->user->destroy();
            }
        } else {
            $user_key = '';
            $user_active = '1';
        }
        //Insert the user into the DB
        $user_id = $this->pdh->put('user', 'register_user', array($this->data, $user_active, $user_key, true, $this->in->get('lmethod'), $this->userProfileData));
        //Add auth-account
        if ($this->in->exists('auth_account')) {
            $auth_account = $this->crypt->decrypt($this->in->get('auth_account'));
            if ($this->pdh->get('user', 'check_auth_account', array($auth_account, $this->in->get('lmethod')))) {
                $this->pdh->put('user', 'add_authaccount', array($user_id, $auth_account, $this->in->get('lmethod')));
            }
        }
        //Give permissions if there is no default group
        $default_group = $this->pdh->get('user_groups', 'standard_group', array());
        if (!$default_group) {
            $sql = 'SELECT auth_id, auth_default
					FROM __auth_options
					ORDER BY auth_id';
            $result = $this->db->query($sql);
            if ($result) {
                while ($row = $result->fetchAssoc()) {
                    $arrSet = array('user_id' => $user_id, 'auth_id' => $row['auth_id'], 'auth_setting' => $row['auth_default']);
                    $this->db->prepare("INSERT INTO __auth_users :p")->set($arrSet)->execute();
                }
            }
        }
        $title = '';
        if ($this->config->get('account_activation') == 1) {
            $success_message = sprintf($this->user->lang('register_activation_self'), $this->in->get('user_email'));
            $email_template = 'register_activation_self';
            $email_subject = $this->user->lang('email_subject_activation_self');
            $title = $this->user->lang('email_subject_activation_self');
        } elseif ($this->config->get('account_activation') == 2) {
            $success_message = sprintf($this->user->lang('register_activation_admin'), $this->in->get('user_email'));
            $email_template = 'register_activation_admin';
            $email_subject = $this->user->lang('email_subject_activation_admin');
            $title = $this->user->lang('email_subject_activation_admin');
        } else {
            $success_message = sprintf($this->user->lang('register_activation_none'), '<a href="' . $this->controller_path . 'Login/' . $this->SID . '">', '</a>', $this->in->get('user_email'));
            $email_template = 'register_activation_none';
            $email_subject = $this->user->lang('email_subject_activation_none');
            $title = $this->user->lang('success');
        }
        // Email a notice
        $this->email->Set_Language($this->in->get('user_lang'));
        $bodyvars = array('USERNAME' => stripslashes($this->in->get('username')), 'PASSWORD' => stripslashes($this->in->get('user_password1')), 'U_ACTIVATE' => $this->server_url . 'Activate/?key=' . $user_key, 'GUILDTAG' => $this->config->get('guildtag'));
        if (!$this->email->SendMailFromAdmin($this->in->get('user_email'), $email_subject, $email_template . '.html', $bodyvars)) {
            $success_message = $this->user->lang('email_subject_send_error');
        }
        // Now email the admin if we need to
        if ($this->config->get('account_activation') == 2) {
            $this->email->Set_Language($this->config->get('default_lang'));
            $bodyvars = array('USERNAME' => $this->in->get('username'), 'U_ACTIVATE' => $this->server_url . 'Activate/?key=' . $user_key);
            if (!$this->email->SendMailFromAdmin(register('encrypt')->decrypt($this->config->get('admin_email')), $this->user->lang('email_subject_activation_admin_act'), 'register_activation_admin_activate.html', $bodyvars)) {
                $success_message = $this->user->lang('email_subject_send_error');
                $title = '';
            }
        }
        message_die($success_message, $title);
    }
 public function save()
 {
     //Build Field-Array
     $arrFields = $this->pdh->get('guildrequest_fields', 'id_list', array());
     $arrInput = $arrValues = array();
     foreach ($arrFields as $id) {
         $row = $this->pdh->get('guildrequest_fields', 'id', array($id));
         if ($row['type'] == 3 || $row['type'] == 4) {
             continue;
         }
         $arrInput[$row['id']] = array('id' => $row['id'], 'name' => $row['name'], 'input' => $this->in->get('gr_field_' . $row['id']), 'required' => $row['required'], 'dep_field' => $row['dep_field'], 'dep_value' => $row['dep_value']);
         $arrValues[$row['id']] = $this->in->get('gr_field_' . $row['id']);
         //Checkboxes
         if ($row['type'] == 5) {
             $arrInput[$row['id']] = array('id' => $row['id'], 'name' => $row['name'], 'input' => serialize($this->in->getArray('gr_field_' . $row['id'], 'int')), 'required' => $row['required'], 'dep_field' => $row['dep_field'], 'dep_value' => $row['dep_value']);
             $arrValues[$row['id']] = $this->in->getArray('gr_field_' . $row['id'], 'int');
         }
     }
     if (!$this->user->is_signedin()) {
         $arrInput['email'] = array('input' => $this->in->get('gr_email'), 'name' => $this->user->lang('email'), 'required' => true, 'id' => 'email');
         $arrInput['name'] = array('input' => $this->in->get('gr_name'), 'name' => $this->user->lang('name'), 'required' => true, 'id' => 'name');
     }
     $this->data = $arrInput;
     //Check Captcha
     if (!$this->user->is_signedin() && $this->config->get('enable_captcha')) {
         require $this->root_path . 'libraries/recaptcha/recaptcha.class.php';
         $captcha = new recaptcha();
         $response = $captcha->check_answer($this->config->get('lib_recaptcha_pkey'), $this->env->ip, $this->in->get('g-recaptcha-response'));
         if (!$response->is_valid) {
             $this->core->message($this->user->lang('lib_captcha_wrong'), $this->user->lang('error'), 'red');
             $this->display;
             return;
         }
         //Check Username/Email for account creation
         if ($this->config->get('create_account', 'guildrequest') && !$this->config->get('cmsbrige_active')) {
             if ($this->pdh->get('user', 'check_email', array($this->in->get('gr_email'))) == 'false') {
                 $this->core->message(str_replace("{0}", sanitize($this->in->get('gr_email')), $this->user->lang('fv_email_alreadyuse')), $this->user->lang('error'), 'red');
                 $this->display();
                 return;
             }
             if ($this->pdh->get('user', 'check_username', array($this->in->get('gr_name'))) == 'false') {
                 $this->core->message(str_replace("{0}", sanitize($this->in->get('gr_name')), $this->user->lang('fv_username_alreadyuse')), $this->user->lang('error'), 'red');
                 $this->display();
                 return;
             }
         }
         //Check email
         if (!preg_match("/^([a-zA-Z0-9])+([\\.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(\\.[a-zA-Z0-9_-]+)+/", $this->in->get('gr_email'))) {
             $this->core->message($this->user->lang('fv_invalid_email'), $this->user->lang('error'), 'red');
             $this->display();
             return;
         }
     }
     //Check Required
     $arrRequired = array();
     foreach ($arrInput as $val) {
         if (!$val['required']) {
             continue;
         }
         if (isset($val['dep_field']) && $val['dep_field'] && $val['dep_field'] != 999999999) {
             $intDepField = $val['dep_field'];
             if (!isset($arrValues[$intDepField])) {
                 continue;
             }
             if (is_array($arrValues[$intDepField])) {
                 if (!isset($arrValues[$intDepField][$val['dep_value']])) {
                     continue;
                 }
             } else {
                 if ($arrValues[$intDepField] != $val["dep_value"]) {
                     continue;
                 }
             }
         }
         if ($val['input'] == '' || $val['input'] == 'a:0:{}') {
             $arrRequired[] = $val['name'];
         }
     }
     if (count($arrRequired) > 0) {
         $this->core->message(implode(', ', $arrRequired), $this->user->lang('missing_values'), 'red');
         $this->display();
         return;
     }
     //Hook for checking values
     $arrHookResult = $this->hooks->process('gr_addrequest_formcheck', array('name' => $strName, 'email' => $strEmail, 'auth_key' => $strAuthKey, 'data' => $arrToSave), true);
     if (isset($arrHookResult['error']) && $arrHookResult['error'] !== false) {
         $this->core->message($arrHookResult['error'], $this->user->lang('error'), 'red');
         $this->display();
         return;
     }
     //Insert into DB
     if ($this->user->is_signedin()) {
         $arrInput['name']['input'] = $this->user->data['username'];
         $arrInput['email']['input'] = $this->user->data['user_email'];
     }
     $strName = $arrInput['name']['input'];
     $strEmail = $arrInput['email']['input'];
     $strAuthKey = random_string(false, 40);
     $strActivationKey = random_string(false, 32);
     $arrInput['email']['input'] = register('encrypt')->encrypt($arrInput['email']['input']);
     $arrToSave = array();
     foreach ($arrInput as $val) {
         $arrToSave[$val['id']] = $val['input'];
     }
     $strContent = serialize($arrToSave);
     $blnResult = $this->pdh->put('guildrequest_requests', 'add', array($strName, $strEmail, $strAuthKey, $strActivationKey, $strContent));
     //Hook for e.g. creating users
     $this->hooks->process('gr_addrequest', array('name' => $strName, 'email' => $strEmail, 'auth_key' => $strAuthKey, 'data' => $arrToSave));
     $this->pdh->process_hook_queue();
     if (!$blnResult) {
         $this->core->message($this->user->lang('error'), $this->user->lang('error'), 'red');
         $this->display();
         return;
     }
     //Send Email to User with auth key
     $server_url = $this->env->link . $this->routing->build('ViewApplication', $strName, $blnResult, false, true);
     $bodyvars = array('USERNAME' => sanitize($strName), 'U_ACTIVATE' => $server_url . '?key=' . $strAuthKey, 'GUILDTAG' => $this->config->get('guildtag'));
     if (!$this->email->SendMailFromAdmin($strEmail, $this->user->lang('gr_viewlink_subject'), $this->root_path . 'plugins/guildrequest/language/' . $this->user->data['user_lang'] . '/email/request_viewlink.html', $bodyvars)) {
         $this->core->message($this->user->lang('email_subject_send_error'), $this->user->lang('error'), 'red');
         $this->display();
         return;
     } else {
         if ($blnResult) {
             $arrUsers = $this->pdh->get('user', 'users_with_permission', array('u_guildrequest_view'));
             $this->ntfy->add('guildrequest_new_application', $blnResult, sanitize($strName), $this->routing->build('ListApplications'), $arrUsers, sanitize($strName));
         }
         //Redirect to viewrequest page
         redirect($this->routing->build('ViewApplication', $strName, $blnResult, false, true) . '?key=' . $strAuthKey . '&msg=success');
     }
 }