public function process_login()
{
if (!$this->user->is_signedin()) {
//Check Password Length
if (strlen($this->in->get('password')) > 64) {
$this->core->message($this->user->lang('password_too_long'), $this->user->lang('error'), 'red');
$this->display();
return;
}
//Check Honeypot
if (strlen($this->in->get($this->user->csrfGetToken("honeypot")))) {
$this->core->message($this->user->lang('invalid_login'), $this->user->lang('error'), 'red');
$this->display();
return;
}
//Check Captcha
$blnShowCaptcha = false;
if ((int) $this->config->get('failed_logins_inactivity') - 2 > 0) {
if ($this->user->data['session_failed_logins'] >= (int) $this->config->get('failed_logins_inactivity') - 2) {
$blnShowCaptcha = true;
}
if (!$blnShowCaptcha) {
$objQuery = $this->db->prepare("SELECT SUM(session_failed_logins) as failed_logins FROM __sessions WHERE session_ip =?")->execute($this->env->ip);
if ($objQuery && $objQuery->numRows) {
$arrResult = $objQuery->fetchAssoc();
if ($arrResult['failed_logins'] >= (int) $this->config->get('failed_logins_inactivity') - 2) {
$blnShowCaptcha = true;
}
}
}
}
if ($blnShowCaptcha && $this->config->get('lib_recaptcha_pkey') && strlen($this->config->get('lib_recaptcha_pkey'))) {
require $this->root_path . 'libraries/recaptcha/recaptcha.class.php';
$captcha = new recaptcha();
$response = $captcha->check_answer($this->config->get('lib_recaptcha_pkey'), $this->env->ip, $this->in->get('g-recaptcha-response'));
if (!$response->is_valid) {
$this->core->message($this->user->lang('lib_captcha_wrong'), $this->user->lang('error'), 'red');
$this->display();
return;
}
}
$blnAutoLogin = $this->in->exists('auto_login') ? true : false;
//Login
if (!$this->user->login($this->in->get('username'), $this->in->get('password'), $blnAutoLogin)) {
//error
$strErrorCode = $this->user->error;
switch ($strErrorCode) {
case 'user_inactive':
$strErrorMessage = $this->user->lang('error_account_inactive');
break;
case 'user_inactive_failed_logins':
$strErrorMessage = $this->user->lang('error_account_inactive_failed_logins');
break;
case 'wrong_password':
case 'wrong_username':
$strErrorMessage = $this->user->lang('invalid_login');
break;
default:
$strErrorMessage = $strErrorCode;
}
$this->core->global_warning($strErrorMessage . $this->user->lang('invalid_login_goto_admin'), 'fa-exclamation-circle');
$this->display();
} else {
//success
if ($this->in->exists('redirect')) {
$redirect_url = preg_replace('#^.*?redirect=(.+?)&(.+?)$#', '\\1' . $this->SID . '&\\2', base64_decode($this->in->get('redirect')));
if (strpos($redirect_url, '?') === false) {
$redirect_url = $redirect_url . $this->SID;
} else {
$redirect_url = str_replace("?&", $this->SID . '&', $redirect_url);
}
} else {
$redirect_url = $this->controller_path_plain . $this->SID;
}
redirect($redirect_url);
}
} else {
redirect($this->controller_path_plain . $this->SID);
}
}
public function submit()
{
if ((int) $this->config->get('cmsbridge_active') == 1 && strlen($this->config->get('cmsbridge_reg_url'))) {
redirect($this->config->get('cmsbridge_reg_url'), false, true);
}
//Check Honeypot
if (strlen($this->in->get($this->user->csrfGetToken("honeypot")))) {
$this->core->message($this->user->lang('lib_captcha_wrong'), $this->user->lang('error'), 'red');
$this->display();
return;
}
//Check User Profilefields
$arrUserProfileFields = $this->pdh->get('user_profilefields', 'registration_fields');
if (count($arrUserProfileFields)) {
$form = register('form', array('register'));
$form->validate = true;
$form->add_fields($arrUserProfileFields);
$arrFieldValues = $form->return_values();
$this->userProfileData = $arrFieldValues;
}
//Check CAPTCHA
if ($this->config->get('enable_captcha') == 1 && $this->config->get('lib_recaptcha_pkey') && strlen($this->config->get('lib_recaptcha_pkey'))) {
require $this->root_path . 'libraries/recaptcha/recaptcha.class.php';
$captcha = new recaptcha();
$response = $captcha->check_answer($this->config->get('lib_recaptcha_pkey'), $this->env->ip, $this->in->get('g-recaptcha-response'));
if (!$response->is_valid) {
$this->core->message($this->user->lang('lib_captcha_wrong'), $this->user->lang('error'), 'red');
$this->display_form();
return;
}
}
//Check Password
if ($this->in->get('new_user_password1') !== $this->in->get('new_user_password2')) {
$this->core->message($this->user->lang('password_not_match'), $this->user->lang('error'), 'red');
$this->display_form();
return;
}
if (strlen($this->in->get('new_user_password1')) > 64) {
$this->core->message($this->user->lang('password_too_long'), $this->user->lang('error'), 'red');
$this->display_form();
return;
}
//Check Email
if ($this->pdh->get('user', 'check_email', array($this->in->get('user_email'))) == 'false') {
$this->core->message(str_replace("{0}", $this->in->get('user_email'), $this->user->lang('fv_email_alreadyuse')), $this->user->lang('error'), 'red');
$this->display_form();
return;
} elseif (!preg_match("/^([a-zA-Z0-9])+([\\.a-zA-Z0-9_\\-\\+])*@([a-zA-Z0-9_-])+(\\.[a-zA-Z0-9_-]+)+/", $this->in->get('user_email'))) {
$this->core->message($this->user->lang('fv_invalid_email'), $this->user->lang('error'), 'red');
$this->display_form();
return;
}
//Check Username
if ($this->pdh->get('user', 'check_username', array($this->in->get('username'))) == 'false') {
$this->core->message(str_replace("{0}", $this->in->get('username'), $this->user->lang('fv_username_alreadyuse')), $this->user->lang('error'), 'red');
$this->display_form();
return;
}
//Check User Profilefields - Part 2
if (is_object($form) && $form->error) {
$this->display_form();
return;
}
// If the config requires account activation, generate a random key for validation
if ((int) $this->config->get('account_activation') == 1 || (int) $this->config->get('account_activation') == 2) {
$user_key = random_string(true);
$key_len = 54 - strlen($this->server_url);
$key_len = $key_len > 6 ? $key_len : 6;
$user_key = substr($user_key, 0, $key_len);
$user_active = '0';
if ($this->user->is_signedin()) {
$this->user->destroy();
}
} else {
$user_key = '';
$user_active = '1';
}
//Insert the user into the DB
$user_id = $this->pdh->put('user', 'register_user', array($this->data, $user_active, $user_key, true, $this->in->get('lmethod'), $this->userProfileData));
//Add auth-account
if ($this->in->exists('auth_account')) {
$auth_account = $this->crypt->decrypt($this->in->get('auth_account'));
if ($this->pdh->get('user', 'check_auth_account', array($auth_account, $this->in->get('lmethod')))) {
$this->pdh->put('user', 'add_authaccount', array($user_id, $auth_account, $this->in->get('lmethod')));
}
}
//Give permissions if there is no default group
$default_group = $this->pdh->get('user_groups', 'standard_group', array());
if (!$default_group) {
$sql = 'SELECT auth_id, auth_default
FROM __auth_options
ORDER BY auth_id';
$result = $this->db->query($sql);
if ($result) {
while ($row = $result->fetchAssoc()) {
$arrSet = array('user_id' => $user_id, 'auth_id' => $row['auth_id'], 'auth_setting' => $row['auth_default']);
$this->db->prepare("INSERT INTO __auth_users :p")->set($arrSet)->execute();
}
}
}
$title = '';
if ($this->config->get('account_activation') == 1) {
$success_message = sprintf($this->user->lang('register_activation_self'), $this->in->get('user_email'));
$email_template = 'register_activation_self';
$email_subject = $this->user->lang('email_subject_activation_self');
$title = $this->user->lang('email_subject_activation_self');
} elseif ($this->config->get('account_activation') == 2) {
$success_message = sprintf($this->user->lang('register_activation_admin'), $this->in->get('user_email'));
$email_template = 'register_activation_admin';
$email_subject = $this->user->lang('email_subject_activation_admin');
$title = $this->user->lang('email_subject_activation_admin');
} else {
$success_message = sprintf($this->user->lang('register_activation_none'), '<a href="' . $this->controller_path . 'Login/' . $this->SID . '">', '</a>', $this->in->get('user_email'));
$email_template = 'register_activation_none';
$email_subject = $this->user->lang('email_subject_activation_none');
$title = $this->user->lang('success');
}
// Email a notice
$this->email->Set_Language($this->in->get('user_lang'));
$bodyvars = array('USERNAME' => stripslashes($this->in->get('username')), 'PASSWORD' => stripslashes($this->in->get('user_password1')), 'U_ACTIVATE' => $this->server_url . 'Activate/?key=' . $user_key, 'GUILDTAG' => $this->config->get('guildtag'));
if (!$this->email->SendMailFromAdmin($this->in->get('user_email'), $email_subject, $email_template . '.html', $bodyvars)) {
$success_message = $this->user->lang('email_subject_send_error');
}
// Now email the admin if we need to
if ($this->config->get('account_activation') == 2) {
$this->email->Set_Language($this->config->get('default_lang'));
$bodyvars = array('USERNAME' => $this->in->get('username'), 'U_ACTIVATE' => $this->server_url . 'Activate/?key=' . $user_key);
if (!$this->email->SendMailFromAdmin(register('encrypt')->decrypt($this->config->get('admin_email')), $this->user->lang('email_subject_activation_admin_act'), 'register_activation_admin_activate.html', $bodyvars)) {
$success_message = $this->user->lang('email_subject_send_error');
$title = '';
}
}
message_die($success_message, $title);
}
public function save()
{
//Build Field-Array
$arrFields = $this->pdh->get('guildrequest_fields', 'id_list', array());
$arrInput = $arrValues = array();
foreach ($arrFields as $id) {
$row = $this->pdh->get('guildrequest_fields', 'id', array($id));
if ($row['type'] == 3 || $row['type'] == 4) {
continue;
}
$arrInput[$row['id']] = array('id' => $row['id'], 'name' => $row['name'], 'input' => $this->in->get('gr_field_' . $row['id']), 'required' => $row['required'], 'dep_field' => $row['dep_field'], 'dep_value' => $row['dep_value']);
$arrValues[$row['id']] = $this->in->get('gr_field_' . $row['id']);
//Checkboxes
if ($row['type'] == 5) {
$arrInput[$row['id']] = array('id' => $row['id'], 'name' => $row['name'], 'input' => serialize($this->in->getArray('gr_field_' . $row['id'], 'int')), 'required' => $row['required'], 'dep_field' => $row['dep_field'], 'dep_value' => $row['dep_value']);
$arrValues[$row['id']] = $this->in->getArray('gr_field_' . $row['id'], 'int');
}
}
if (!$this->user->is_signedin()) {
$arrInput['email'] = array('input' => $this->in->get('gr_email'), 'name' => $this->user->lang('email'), 'required' => true, 'id' => 'email');
$arrInput['name'] = array('input' => $this->in->get('gr_name'), 'name' => $this->user->lang('name'), 'required' => true, 'id' => 'name');
}
$this->data = $arrInput;
//Check Captcha
if (!$this->user->is_signedin() && $this->config->get('enable_captcha')) {
require $this->root_path . 'libraries/recaptcha/recaptcha.class.php';
$captcha = new recaptcha();
$response = $captcha->check_answer($this->config->get('lib_recaptcha_pkey'), $this->env->ip, $this->in->get('g-recaptcha-response'));
if (!$response->is_valid) {
$this->core->message($this->user->lang('lib_captcha_wrong'), $this->user->lang('error'), 'red');
$this->display;
return;
}
//Check Username/Email for account creation
if ($this->config->get('create_account', 'guildrequest') && !$this->config->get('cmsbrige_active')) {
if ($this->pdh->get('user', 'check_email', array($this->in->get('gr_email'))) == 'false') {
$this->core->message(str_replace("{0}", sanitize($this->in->get('gr_email')), $this->user->lang('fv_email_alreadyuse')), $this->user->lang('error'), 'red');
$this->display();
return;
}
if ($this->pdh->get('user', 'check_username', array($this->in->get('gr_name'))) == 'false') {
$this->core->message(str_replace("{0}", sanitize($this->in->get('gr_name')), $this->user->lang('fv_username_alreadyuse')), $this->user->lang('error'), 'red');
$this->display();
return;
}
}
//Check email
if (!preg_match("/^([a-zA-Z0-9])+([\\.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(\\.[a-zA-Z0-9_-]+)+/", $this->in->get('gr_email'))) {
$this->core->message($this->user->lang('fv_invalid_email'), $this->user->lang('error'), 'red');
$this->display();
return;
}
}
//Check Required
$arrRequired = array();
foreach ($arrInput as $val) {
if (!$val['required']) {
continue;
}
if (isset($val['dep_field']) && $val['dep_field'] && $val['dep_field'] != 999999999) {
$intDepField = $val['dep_field'];
if (!isset($arrValues[$intDepField])) {
continue;
}
if (is_array($arrValues[$intDepField])) {
if (!isset($arrValues[$intDepField][$val['dep_value']])) {
continue;
}
} else {
if ($arrValues[$intDepField] != $val["dep_value"]) {
continue;
}
}
}
if ($val['input'] == '' || $val['input'] == 'a:0:{}') {
$arrRequired[] = $val['name'];
}
}
if (count($arrRequired) > 0) {
$this->core->message(implode(', ', $arrRequired), $this->user->lang('missing_values'), 'red');
$this->display();
return;
}
//Hook for checking values
$arrHookResult = $this->hooks->process('gr_addrequest_formcheck', array('name' => $strName, 'email' => $strEmail, 'auth_key' => $strAuthKey, 'data' => $arrToSave), true);
if (isset($arrHookResult['error']) && $arrHookResult['error'] !== false) {
$this->core->message($arrHookResult['error'], $this->user->lang('error'), 'red');
$this->display();
return;
}
//Insert into DB
if ($this->user->is_signedin()) {
$arrInput['name']['input'] = $this->user->data['username'];
$arrInput['email']['input'] = $this->user->data['user_email'];
}
$strName = $arrInput['name']['input'];
$strEmail = $arrInput['email']['input'];
$strAuthKey = random_string(false, 40);
$strActivationKey = random_string(false, 32);
$arrInput['email']['input'] = register('encrypt')->encrypt($arrInput['email']['input']);
$arrToSave = array();
foreach ($arrInput as $val) {
$arrToSave[$val['id']] = $val['input'];
}
$strContent = serialize($arrToSave);
$blnResult = $this->pdh->put('guildrequest_requests', 'add', array($strName, $strEmail, $strAuthKey, $strActivationKey, $strContent));
//Hook for e.g. creating users
$this->hooks->process('gr_addrequest', array('name' => $strName, 'email' => $strEmail, 'auth_key' => $strAuthKey, 'data' => $arrToSave));
$this->pdh->process_hook_queue();
if (!$blnResult) {
$this->core->message($this->user->lang('error'), $this->user->lang('error'), 'red');
$this->display();
return;
}
//Send Email to User with auth key
$server_url = $this->env->link . $this->routing->build('ViewApplication', $strName, $blnResult, false, true);
$bodyvars = array('USERNAME' => sanitize($strName), 'U_ACTIVATE' => $server_url . '?key=' . $strAuthKey, 'GUILDTAG' => $this->config->get('guildtag'));
if (!$this->email->SendMailFromAdmin($strEmail, $this->user->lang('gr_viewlink_subject'), $this->root_path . 'plugins/guildrequest/language/' . $this->user->data['user_lang'] . '/email/request_viewlink.html', $bodyvars)) {
$this->core->message($this->user->lang('email_subject_send_error'), $this->user->lang('error'), 'red');
$this->display();
return;
} else {
if ($blnResult) {
$arrUsers = $this->pdh->get('user', 'users_with_permission', array('u_guildrequest_view'));
$this->ntfy->add('guildrequest_new_application', $blnResult, sanitize($strName), $this->routing->build('ListApplications'), $arrUsers, sanitize($strName));
}
//Redirect to viewrequest page
redirect($this->routing->build('ViewApplication', $strName, $blnResult, false, true) . '?key=' . $strAuthKey . '&msg=success');
}
}
