/** * Direct access to field for custom operations, like for Ajax * * WARNING: direct unchecked access, except if $user is set, then check * that the logged-in user has rights to edit that $user. * * @param FieldTable $field * @param UserTable $user * @param array $postdata * @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches * @return string Expected output. */ public function fieldClass(&$field, &$user, &$postdata, $reason) { global $_CB_framework, $_CB_database, $ueConfig, $_GET; parent::fieldClass($field, $user, $postdata, $reason); // Performs spoof check $function = cbGetParam($_GET, 'function', ''); $valid = true; $message = null; if ($function == 'checkvalue' || $function == 'testexists') { $emailChecker = $field->params->get('field_check_email', 0); if ($emailChecker && ($reason == 'edit' || $reason == 'register')) { $email = stripslashes(cbGetParam($postdata, 'value', '')); $emailConfirmation = $field->name == 'email' && $ueConfig['reg_confirmation']; foreach ($field->getTableColumns() as $col) { if (!$user || strtolower(trim($email)) != strtolower(trim($user->{$col}))) { if (!$this->validate($field, $user, $col, $email, $postdata, $reason)) { global $_PLUGINS; $valid = false; $message = $_PLUGINS->getErrorMSG('<br />'); } else { // Advanced: if ($emailChecker == 2) { $query = 'SELECT COUNT(*)' . "\n FROM " . $_CB_database->NameQuote($field->table); if ($_CB_database->isDbCollationCaseInsensitive()) { $query .= "\n WHERE " . $_CB_database->NameQuote($col) . " = " . $_CB_database->Quote(trim($email)); } else { $query .= "\n WHERE LOWER( " . $_CB_database->NameQuote($col) . " ) = " . $_CB_database->Quote(strtolower(trim($email))); } $_CB_database->setQuery($query); $exists = $_CB_database->loadResult(); if ($function == 'testexists') { if ($exists) { $message = CBTxt::Th('UE_EMAIL_EXISTS_ON_SITE', "The email '[email]' exists on this site.", array('[email]' => htmlspecialchars($email))); } else { $valid = false; $message = CBTxt::Th('UE_EMAIL_DOES_NOT_EXISTS_ON_SITE', "The email '[email]' does not exist on this site.", array('[email]' => htmlspecialchars($email))); } } else { if ($exists) { $valid = false; $message = CBTxt::Th('UE_EMAIL_NOT_AVAILABLE', "The email '[email]' is already in use.", array('[email]' => htmlspecialchars($email))); } else { $message = CBTxt::Th('UE_EMAIL_AVAILABLE', "The email '[email]' is available.", array('[email]' => htmlspecialchars($email))); } } } // Simple: if ($function != 'testexists' && $valid) { $checkResult = cbCheckMail($_CB_framework->getCfg('mailfrom'), $email); switch ($checkResult) { case -2: // Wrong Format $valid = false; $message = CBTxt::Th('UE_EMAIL_NOVALID', 'This is not a valid email address.', array('[email]' => htmlspecialchars($email))); break; case -1: // Couldn't Check break; case 0: // Invalid $valid = false; if ($emailConfirmation) { $message = CBTxt::Th('UE_EMAIL_INCORRECT_CHECK_NEEDED', 'This address does not accept email: Needed for confirmation.', array('[email]' => htmlspecialchars($email))); } else { $message = CBTxt::Th('UE_EMAIL_INCORRECT_CHECK', 'This email does not accept email: Please check.', array('[email]' => htmlspecialchars($email))); } break; } } } } } } } return json_encode(array('valid' => $valid, 'message' => $message)); }
/** * Direct access to field for custom operations, like for Ajax * * WARNING: direct unchecked access, except if $user is set, then check * that the logged-in user has rights to edit that $user. * * @param moscomprofilerFields $field * @param moscomprofilerUser $user * @param array $postdata * @param string $reason 'profile' for user profile view, 'edit' for profile edit, 'register' for registration, 'search' for searches * @return string Expected output. */ function fieldClass(&$field, &$user, &$postdata, $reason) { global $_CB_framework, $_CB_database, $ueConfig, $_GET; parent::fieldClass($field, $user, $postdata, $reason); // performs spoofcheck. if (($field->type == 'primaryemailaddress' && (isset($ueConfig['reg_email_checker']) && $ueConfig['reg_email_checker'] > 0) || $field->params->get('field_check_email', 0) || $_CB_framework->getUi() == 2) && ($reason == 'edit' || $reason == 'register')) { $function = cbGetParam($_GET, 'function', ''); if ($function == 'checkvalue') { $email = stripslashes(cbGetParam($postdata, 'value', '')); $emailISO = CBTxt::utf8ToISO($email); // ajax sends in utf8, we need to convert back to the site's encoding. if ($field->type == 'primaryemailaddress' && ((isset($ueConfig['reg_email_checker']) ? $ueConfig['reg_email_checker'] > 1 : false) && ($reason == 'register' || $reason == 'edit' && $user && $emailISO != $user->email) || $_CB_framework->getUi() == 2)) { if ($_CB_database->isDbCollationCaseInsensitive()) { $query = "SELECT COUNT(*) AS result FROM #__users WHERE email = " . $_CB_database->Quote(trim($emailISO)); } else { $query = "SELECT COUNT(*) AS result FROM #__users WHERE LOWER(email) = " . $_CB_database->Quote(strtolower(trim($emailISO))); } $_CB_database->setQuery($query); $dataObj = null; if ($_CB_database->loadObject($dataObj)) { if ($function == 'testexists') { if ($dataObj->result) { return '<span class="cb_result_ok">' . sprintf(ISOtoUtf8(_UE_EMAIL_EXISTS_ON_SITE), htmlspecialchars($email)) . "</span>"; } else { return '<span class="cb_result_error">' . sprintf(ISOtoUtf8(_UE_EMAIL_DOES_NOT_EXISTS_ON_SITE), htmlspecialchars($email)) . "</span>"; } } else { if ($dataObj->result) { return '<span class="cb_result_error">' . sprintf(ISOtoUtf8(_UE_EMAIL_ALREADY_REGISTERED), htmlspecialchars($email)) . "</span>"; } } } } if ($function == 'testexists') { return ISOtoUtf8(_UE_NOT_AUTHORIZED); } else { if ($reason == 'register' || $reason == 'edit' && $user && $emailISO != $user->email || $_CB_framework->getUi() == 2) { $checkResult = cbCheckMail($_CB_framework->getCfg('mailfrom'), $emailISO); } else { return '<span class="cb_result_info">' . sprintf(ISOtoUtf8(CBTxt::T("No changes.")), htmlspecialchars($email)) . "</span>"; } } switch ($checkResult) { case -2: return '<span class="cb_result_error">' . sprintf(ISOtoUtf8(_UE_EMAIL_NOVALID), htmlspecialchars($email)) . "</span>"; break; case -1: return '<span class="cb_result_warning">' . sprintf(ISOtoUtf8(_UE_EMAIL_COULD_NOT_CHECK), htmlspecialchars($email)) . "</span>"; break; case 0: if ($ueConfig['reg_confirmation'] == 0) { return '<span class="cb_result_error">' . sprintf(ISOtoUtf8(_UE_EMAIL_INCORRECT_CHECK), htmlspecialchars($email)) . "</span>"; } else { return '<span class="cb_result_error">' . sprintf(ISOtoUtf8(_UE_EMAIL_INCORRECT_CHECK_NEEDED), htmlspecialchars($email)) . "</span>"; } break; case 1: return '<span class="cb_result_ok">' . sprintf(ISOtoUtf8(_UE_EMAIL_VERIFIED), htmlspecialchars($email)) . "</span>"; break; default: return '<span class="cb_result_error">' . sprintf(CBTxt::T('Unexpected cbCheckMail result: %s'), $checkResult) . '.</span>'; break; } } return null; } else { return ISOtoUtf8(_UE_NOT_AUTHORIZED); } }
/** * Ajax function: Checks the availability of a username for registration and echoes a text containing the result of username search. * * @param string $username */ function performCheckEmail( $email, $function ) { global $_CB_framework, $_CB_database, $ueConfig; if ( ( ! isset( $ueConfig['reg_email_checker'] ) ) || ( ! $ueConfig['reg_email_checker'] ) ) { echo ISOtoUtf8( _UE_NOT_AUTHORIZED ); exit(); } // simple spoof check security if ( ( ! cbSpoofCheck( 'registerForm', 'POST', 2 ) ) || ( ! cbRegAntiSpamCheck( 2 ) ) ) { echo '<span class="cb_result_error">' . ISOtoUtf8( _UE_SESSION_EXPIRED ) . "</span>"; exit; } $email = stripslashes( $email ); $emailISO = utf8ToISO( $email ); // ajax sends in utf8, we need to convert back to the site's encoding. if ( $ueConfig['reg_email_checker'] > 1 ) { if ( $_CB_database->isDbCollationCaseInsensitive() ) { $query = "SELECT COUNT(*) AS result FROM #__users WHERE email = " . $_CB_database->Quote( ( trim( $emailISO ) ) ); } else { $query = "SELECT COUNT(*) AS result FROM #__users WHERE LOWER(email) = " . $_CB_database->Quote( ( strtolower( trim( $emailISO ) ) ) ); } $_CB_database->setQuery($query); $dataObj = null; if ( $_CB_database->loadObject( $dataObj ) ) { if ( $function == 'testexists' ) { if ( $dataObj->result ) { echo '<span class="cb_result_ok">' . sprintf( ISOtoUtf8( _UE_EMAIL_EXISTS_ON_SITE ), htmlspecialchars( $email ) ) . "</span>"; return; } else { echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_DOES_NOT_EXISTS_ON_SITE ), htmlspecialchars( $email ) ) . "</span>"; return; } } else { if ( $dataObj->result ) { echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_ALREADY_REGISTERED ), htmlspecialchars( $email ) ) . "</span>"; return; } } } } if ( $function == 'testexists' ) { echo ISOtoUtf8( _UE_NOT_AUTHORIZED ); return; } else { $checkResult = cbCheckMail( $_CB_framework->getCfg( 'mailfrom' ), $email ); } switch ( $checkResult ) { case -2: echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_NOVALID ), htmlspecialchars( $email ) ) . "</span>"; break; case -1: echo '<span class="cb_result_warning">' . sprintf( ISOtoUtf8( _UE_EMAIL_COULD_NOT_CHECK ), htmlspecialchars( $email ) ) . "</span>"; break; case 0: if ( $ueConfig['reg_confirmation'] == 0 ) { echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_INCORRECT_CHECK ), htmlspecialchars( $email ) ) . "</span>"; } else { echo '<span class="cb_result_error">' . sprintf( ISOtoUtf8( _UE_EMAIL_INCORRECT_CHECK_NEEDED ), htmlspecialchars( $email ) ) . "</span>"; } break; case 1: echo '<span class="cb_result_ok">' . sprintf( ISOtoUtf8( _UE_EMAIL_VERIFIED ), htmlspecialchars( $email ) ) . "</span>"; break; default: echo '<span class="cb_result_error">performCheckEmail:: Unexpected cbCheckMail result.</span>'; break; } }
/** * Ajax function: Checks the availability of a username for registration and echoes a text containing the result of username search. * * @deprecated 2.0.0 use cbValidator::getRuleHtmlAttributes instead * * @param string $email * @param string $function */ function performCheckEmail($email, $function) { global $_CB_framework, $_CB_database, $ueConfig; $field = new \CB\Database\Table\FieldTable(); $field->load(array('name' => 'email')); $field->params = new \CBLib\Registry\Registry($field->params); if (!$field->params->get('field_check_email', 0)) { echo CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!'); exit; } // simple spoof check security if (!cbSpoofCheck('registerForm', 'POST', 2) || !cbRegAntiSpamCheck(2)) { echo '<div class="alert alert-danger">' . CBTxt::Th('UE_SESSION_EXPIRED', 'Session expired or cookies are not enabled in your browser. Please press "reload page" in your browser, and enable cookies in your browser.') . "</div>"; exit; } $email = stripslashes($email); $emailISO = $email; // ajax sends in utf8, but no need to change encoding anymore. if ($field->params->get('field_check_email', 0) > 1) { if ($_CB_database->isDbCollationCaseInsensitive()) { $query = "SELECT COUNT(*) AS result FROM #__users WHERE email = " . $_CB_database->Quote(trim($emailISO)); } else { $query = "SELECT COUNT(*) AS result FROM #__users WHERE LOWER(email) = " . $_CB_database->Quote(strtolower(trim($emailISO))); } $_CB_database->setQuery($query); $dataObj = null; if ($_CB_database->loadObject($dataObj)) { /** @var StdClass $dataObj */ if ($function == 'testexists') { if ($dataObj->result) { echo '<div class="alert alert-success">' . CBTxt::Th('UE_EMAIL_EXISTS_ON_SITE', "The email '[email]' exists on this site.", array('[email]' => htmlspecialchars($email))) . "</div>"; return; } else { echo '<div class="alert alert-danger">' . CBTxt::Th('UE_EMAIL_DOES_NOT_EXISTS_ON_SITE', "The email '[email]' does not exist on this site.", array('[email]' => htmlspecialchars($email))) . "</div>"; return; } } else { if ($dataObj->result) { echo '<div class="alert alert-danger">' . CBTxt::Th('UE_EMAIL_NOT_AVAILABLE', "The email '[email]' is already in use.", array('[email]' => htmlspecialchars($email))) . "</div>"; return; } } } } if ($function == 'testexists') { echo CBTxt::Th('UE_NOT_AUTHORIZED', 'You are not authorized to view this page!'); return; } else { $checkResult = cbCheckMail($_CB_framework->getCfg('mailfrom'), $email); } switch ($checkResult) { case -2: // Wrong Format echo '<span class="alert alert-danger">' . sprintf(CBTxt::Th('UE_EMAIL_NOVALID', 'This is not a valid email address.')), htmlspecialchars($email) . "</span>"; break; case -1: // Couldn't Check break; case 0: // Invalid if ($ueConfig['reg_confirmation'] == 0) { echo '<span class="alert alert-danger">' . sprintf(CBTxt::Th('UE_EMAIL_INCORRECT_CHECK', 'This email does not accept email: Please check.')), htmlspecialchars($email) . "</span>"; } else { echo '<span class="alert alert-danger">' . sprintf(CBTxt::Th('UE_EMAIL_INCORRECT_CHECK_NEEDED', 'This address does not accept email: Needed for confirmation.')), htmlspecialchars($email) . "</span>"; } break; case 1: // Valid echo '<span class="alert alert-success">' . sprintf(CBTxt::Th('UE_EMAIL_VERIFIED', 'This email address seems valid.')), htmlspecialchars($email) . "</span>"; break; default: echo '<span class="alert alert-danger">performCheckEmail:: Unexpected cbCheckMail result.</span>'; break; } }