/** * User password recovery. * (By email) */ function user_password_recovery_controller() { if (isset($_REQUEST['token'])) { $user_source = User_by_password_recovery_token($_REQUEST['token']); if ($user_source === false) { engelsystem_error("Unable to load user."); } if ($user_source == null) { error(_("Token is not correct.")); redirect(page_link_to('login')); } if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) { if ($_REQUEST['password'] != $_REQUEST['password2']) { $ok = false; error(_("Your passwords don't match.")); } } else { $ok = false; error(_("Your password is to short (please use at least 6 characters).")); } if ($ok) { $result = set_password($user_source['UID'], $_REQUEST['password']); if ($result === false) { engelsystem_error(_("Password could not be updated.")); } success(_("Password saved.")); redirect(page_link_to('login')); } } return User_password_set_view(); } else { if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) { $email = strip_request_item('email'); if (check_email($email)) { $user_source = User_by_email($email); if ($user_source === false) { engelsystem_error("Unable to load user."); } if ($user_source == null) { $ok = false; error(_("E-mail address is not correct.")); } } else { $ok = false; error(_("E-mail address is not correct.")); } } else { $ok = false; error(_("Please enter your e-mail.")); } if ($ok) { $token = User_generate_password_recovery_token($user_source); if ($token === false) { engelsystem_error("Unable to generate password recovery token."); } $result = engelsystem_email_to_user($user_source, _("Password recovery"), sprintf(_("Please visit %s to recover your password."), page_link_to_absolute('user_password_recovery') . '&token=' . $token)); if ($result === false) { engelsystem_error("Unable to send password recovery email."); } success(_("We sent an email containing your password recovery link.")); redirect(page_link_to('login')); } } return User_password_recovery_view(); } }
function user_resend_verification_token() { global $user, $privileges; $success = false; if (isset($_GET['uid'])) { $uid = $_GET['uid']; if (is_numeric($uid)) { $user = User($uid); if ($user != null && $user['user_account_approved'] == 0) { // found user entry, check verification bit set? and send email user_send_verification_email($user['email'], $user['mailaddress_verification_token']); success(_("Verification E-Mail was send again to your E-Mail address. If you still don't receive it, please check your spam folder and ask a Dispatcher.")); $success = true; } } } elseif (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) { $email = strip_request_item('email'); if (check_email($email)) { $user = User_by_email($email); if ($user != null && $user['user_account_approved'] == 0) { user_send_verification_email($user['email'], $user['mailaddress_verification_token']); success(_("Verification E-Mail was send again to your E-Mail address. If you still don't receive it, please check your spam folder and ask a Dispatcher.")); $success = true; } } } else { // show page to input E-Mail return User_request_verification_token_view(); } $admin_priv = in_array('admin_user', $privileges); if ($success == false) { // failure, couldn't find user or something went wrong error(_("Verification E-Mail Could not be send. Please ask a Dispatcher.")); } if ($admin_priv && $success == true && isset($user) && isset($user['UID'])) { redirect(user_link($user)); } else { redirect('?'); } }
function guest_register() { global $default_theme, $genders; $msg = ""; $nick = ""; $lastname = ""; $prename = ""; $age = ""; $tel = ""; $mobile = ""; $mail = ""; $email_shiftinfo = false; $hometown = ""; $comment = ""; $password_hash = ""; $selected_angel_types = array(); $gender = "none"; $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); $angel_types = array(); foreach ($angel_types_source as $angel_type) { $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : ""); if (!$angel_type['restricted']) { $selected_angel_types[] = $angel_type['id']; } } if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) { $nick = User_validate_Nick($_REQUEST['nick']); if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) { $ok = false; $msg .= error(sprintf(_("Your nick "%s" already exists."), $nick), true); } } else { $ok = false; $msg .= error(sprintf(_("Your nick "%s" is too short (min. 2 characters)."), User_validate_Nick($_REQUEST['nick'])), true); } if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { $mail = strip_request_item('mail'); if (!check_email($mail)) { $ok = false; $msg .= error(_("E-mail address is not correct."), true); } if ($ok == true && User_by_email($mail) != null) { $ok = false; $msg .= error(_("A user with this E-mail address already exists."), true); } } else { $ok = false; $msg .= error(_("Please enter your e-mail."), true); } if (isset($_REQUEST['email_shiftinfo'])) { $email_shiftinfo = true; } if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) { if ($_REQUEST['password'] != $_REQUEST['password2']) { $ok = false; $msg .= error(_("Your passwords don't match."), true); } } else { $ok = false; $msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), MIN_PASSWORD_LENGTH), true); } $selected_angel_types = array(); foreach ($angel_types as $angel_type_id => $angel_type_name) { if (isset($_REQUEST['angel_types_' . $angel_type_id])) { $selected_angel_types[] = $angel_type_id; } } // Trivia if (isset($_REQUEST['lastname']) && strlen($_REQUEST['lastname']) > 0) { $lastname = strip_request_item('lastname'); } else { $ok = false; $msg .= error(_("Please enter Lastname"), true); } if (isset($_REQUEST['prename']) && strlen($_REQUEST['prename']) > 0) { $prename = strip_request_item('prename'); } else { $ok = false; $msg .= error(_("Please enter Prename"), true); } if (isset($_REQUEST['age']) && preg_match("/^[0-9]{0,4}\$/", $_REQUEST['age'])) { $age = strip_request_item('age'); } if (isset($_REQUEST['tel'])) { $tel = strip_request_item('tel'); } if (isset($_REQUEST['mobile'])) { $mobile = strip_request_item('mobile'); } if (isset($_REQUEST['hometown'])) { $hometown = strip_request_item('hometown'); } if (isset($_REQUEST['comment'])) { $comment = strip_request_item_nl('comment'); } if (isset($_REQUEST['gender']) && array_key_exists($_REQUEST['gender'], $genders)) { $gender = $_REQUEST['gender']; } if ($ok) { $confirmationToken = bin2hex(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)); sql_query("\n INSERT INTO `User` SET \n `color`='" . sql_escape($default_theme) . "', \n `Nick`='" . sql_escape($nick) . "', \n `Vorname`='" . sql_escape($prename) . "', \n `Name`='" . sql_escape($lastname) . "', \n `Alter`='" . sql_escape($age) . "', \n `gender`='" . sql_escape($gender) . "',\n `Telefon`='" . sql_escape($tel) . "', \n `Handy`='" . sql_escape($mobile) . "', \n `email`='" . sql_escape($mail) . "', \n `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ", \n `Passwort`='" . sql_escape($password_hash) . "', \n `kommentar`='" . sql_escape($comment) . "', \n `Hometown`='" . sql_escape($hometown) . "', \n `CreateDate`=NOW(), \n `Sprache`='" . sql_escape($_SESSION["locale"]) . "',\n `arrival_date`=NULL,\n `planned_arrival_date`= 0,\n `mailaddress_verification_token` = '" . sql_escape($confirmationToken) . "',\n `user_account_approved` = 0"); // Assign user-group and set password $user_id = sql_id(); sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`=-2"); set_password($user_id, $_REQUEST['password']); // Assign angel-types $user_angel_types_info = array(); foreach ($selected_angel_types as $selected_angel_type_id) { sql_query("INSERT INTO `UserAngelTypes` SET `user_id`='" . sql_escape($user_id) . "', `angeltype_id`='" . sql_escape($selected_angel_type_id) . "'"); $user_angel_types_info[] = $angel_types[$selected_angel_type_id]; } engelsystem_log("User " . $nick . " signed up as: " . join(", ", $user_angel_types_info)); user_send_verification_email($mail, $confirmationToken); success(_("Angel registration successful! Please click the confirmation link in the eMail we sent you to activate your account.")); redirect('?'); } } return page_with_title(register_title(), array(_("By completing this form you're registering as an helper. Please enter a username/nick of your choice, your e-mail adress and your full name. Only your nick will be shown to other users."), $msg, msg(), form(array(div('row', array(div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('nick', _("Nick") . ' ' . entry_required(), $nick))), div('col-sm-8', array(form_email('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please keep me informed by e-mail, e.g. if my shifts change"), $email_shiftinfo))), div('col-sm-4', array(form_text('prename', _("First name") . ' ' . entry_required(), $prename))), div('col-sm-4', array(form_text('lastname', _("Last name") . ' ' . entry_required(), $lastname))))), div('row', array(div('col-sm-6', array()), div('col-sm-6', array()))), div('row', array(div('col-sm-6', array(form_password('password', _("Password") . ' ' . entry_required()))), div('col-sm-6', array(form_password('password2', _("Confirm password") . ' ' . entry_required()))))))), div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('mobile', _("Mobile"), $mobile))), div('col-sm-4', array(form_text('tel', _("Phone"), $tel))))), div('row', array(div('col-sm-3', array(form_text('age', _("Age"), $age))), div('col-sm-6', array(form_text('comment', _("Additional Information(Language / Profession)"), $comment))))), form_info(entry_required() . ' = ' . _("Entry required!")))))), form_submit('submit', _("Register")))), buttons(array(button(page_link_to('user_password_recovery'), _("I forgot my password")), button(page_link_to('user_resend_verification_token'), _("Request E-Mail verification token")))))); }