function cimy_registration_check($user_login, $user_email, $errors) { global $wpdb, $rule_canbeempty, $rule_email, $rule_maxlen, $fields_name_prefix, $wp_fields_name_prefix, $rule_equalto_case_sensitive, $apply_equalto_rule, $cimy_uef_domain, $cimy_uef_file_types, $rule_equalto_regex, $user_level, $cimy_uef_file_images_types, $wp_hidden_fields, $rule_maxlen_is_str; if (cimy_is_at_least_wordpress35()) { cimy_switch_to_blog(); } $options = cimy_get_options(); if (!in_array("username", $options["wp_hidden_fields"])) { // ok username is empty, we are replacing it with the email, don't bother if (isset($errors->errors['empty_username'])) { unset($errors->errors['empty_username']); } // remove username exists error only if email exists error is there covering for us if (isset($errors->errors['username_exists']) && isset($errors->errors['email_exists'])) { unset($errors->errors['username_exists']); } } // code for confirmation email check if (!is_multisite() && $options["confirm_email"]) { $errors = cimy_check_user_on_signups($errors, $user_login, $user_email); } // avoid to save stuff if user is being added from: /wp-admin/user-new.php and shit WP 3.1 changed the value just to create new bugs :@ if (!empty($_POST["action"]) && ($_POST["action"] == "adduser" || $_POST["action"] == "createuser")) { return $errors; } $my_user_level = $user_level; // -1 == anonymous if (!is_user_logged_in()) { $my_user_level = -1; } $extra_fields = get_cimyFields(false, true); $wp_fields = get_cimyFields(true); $from_profile = false; if (!empty($_POST["from"]) && $_POST["from"] == "profile") { $from_profile = true; } $i = 1; // do first for the WP fields then for EXTRA fields while ($i <= 2) { if ($i == 1) { $fields = $wp_fields; $prefix = $wp_fields_name_prefix; } else { $fields = $extra_fields; $prefix = $fields_name_prefix; } foreach ($fields as $thisField) { $field_id = $thisField['ID']; $name = $thisField['NAME']; $rules = $thisField['RULES']; $type = $thisField['TYPE']; $label = esc_html($thisField['LABEL']); $description = $thisField['DESCRIPTION']; $unique_id = $prefix . $field_id; // Usernames cannot be changed after the registration if ($i == 1 && $name == "USERNAME" && $from_profile) { continue; } // use WP input name for the username (always) or when updating the profile if ($i == 1 && ($name == "USERNAME" || $from_profile)) { $input_name = $wp_hidden_fields[strtolower($name)]['post_name']; } else { $input_name = $prefix . esc_attr($name); } $field_id_data = $input_name . "_" . $field_id . "_data"; // if the current user LOGGED IN has not enough permissions to see the field, skip it if ($rules['show_level'] == 'view_cimy_extra_fields') { if (!current_user_can($rules['show_level'])) { continue; } } else { if ($my_user_level < $rules['show_level']) { continue; } } // if show_level == anonymous then do NOT ovverride other show_xyz rules if ($rules['show_level'] == -1) { // if we are updating the profile check correct rule if ($from_profile) { // if flag to show the field in the profile is NOT activated, skip it if (!$rules['show_in_profile']) { continue; } } else { // we are registering new user // if flag to show the field in the registration is NOT activated, skip it if (!$rules['show_in_reg']) { continue; } } } // uploading a file is not supported when confirmation email is enabled (on MS is turned on by default yes) if ((is_multisite() || $options["confirm_email"]) && in_array($type, $cimy_uef_file_types)) { continue; } if ($from_profile) { if ($i == 1) { // Do not bother with the rules if encountered an empty password field on profile update if ($type == "password") { continue; } } else { $old_value = $_POST[$input_name . "_" . $field_id . "_prev_value"]; // Hey, no need to check for rules if anyway I can't edit due to low permissions, neeeext! if (cimy_uef_is_field_disabled($type, $rules['edit'], $old_value)) { continue; } } } if (isset($_POST[$input_name])) { if ($type == "dropdown-multi" && is_array($_POST[$input_name])) { $value = stripslashes(implode(",", $_POST[$input_name])); } else { $value = stripslashes($_POST[$input_name]); } } else { $value = ""; } if ($type == "dropdown") { $ret = cimy_dropDownOptions($label, $value); $label = esc_html($ret['label']); $html = $ret['html']; } // upload of a file, avatar or picture if (in_array($type, $cimy_uef_file_types)) { // confirmation page if (!empty($_POST["register_confirmation"]) && $_POST["register_confirmation"] == 2) { $file_size = $_POST[$field_id_data . "_size"]; $file_type1 = $_POST[$field_id_data . "_type"]; // this can be faked! $old_file = ""; $del_old_file = ""; } else { if (!empty($_FILES[$input_name])) { // filesize in Byte transformed in KiloByte $file_size = $_FILES[$input_name]['size'] / 1024; $file_type1 = $_FILES[$input_name]['type']; // this can be faked! $value = $_FILES[$input_name]['name']; $old_file = $from_profile && !empty($_POST[$input_name . "_" . $field_id . "_prev_value"]) ? $_POST[$input_name . "_" . $field_id . "_prev_value"] : ''; $del_old_file = $from_profile && !empty($_POST[$input_name . "_del"]) ? $_POST[$input_name . "_del"] : ''; } else { $file_size = 0; $file_type1 = ""; $value = ""; $old_file = $from_profile && !empty($_POST[$input_name . "_" . $field_id . "_prev_value"]) ? $_POST[$input_name . "_" . $field_id . "_prev_value"] : ''; $del_old_file = $from_profile && !empty($_POST[$input_name . "_del"]) ? $_POST[$input_name . "_del"] : ''; } } } switch ($type) { case 'checkbox': $value == 1 ? $value = "YES" : ($value = "NO"); break; case 'radio': intval($value) == intval($field_id) ? $value = "YES" : ($value = "NO"); break; } // if the flag can be empty is NOT set OR the field is not empty then other check can be useful, otherwise skip all if (!$rules['can_be_empty'] || !empty($value)) { if ($i == 1 && $input_name == $prefix . "PASSWORD2") { if ($value != $_POST[$prefix . "PASSWORD"]) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('does not match.', $cimy_uef_domain)); } } if ($rules['email'] && in_array($type, $rule_email)) { if (!is_email($value)) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('hasn’t a correct email syntax.', $cimy_uef_domain)); } } if (!$rules['can_be_empty'] && in_array($type, $rule_canbeempty) && empty($value)) { $empty_error = true; // IF 1. it's a file type // AND 2. there is an old one uploaded // AND 3. this old one is not gonna be deleted // THEN do not throw the empty error. if (in_array($type, $cimy_uef_file_types) && !empty($old_file) && empty($del_old_file)) { $empty_error = false; } if ($empty_error) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t be empty.', $cimy_uef_domain)); } } if (isset($rules['equal_to']) && in_array($type, $apply_equalto_rule)) { $equalTo = $rules['equal_to']; // if the type is not allowed to be case sensitive // OR if case sensitive is not checked // AND // if the type is not allowed to be a regex // OR if regex rule is not set // THEN switch to uppercase if ((!in_array($type, $rule_equalto_case_sensitive) || !$rules['equal_to_case_sensitive']) && (!in_array($type, $rule_equalto_regex) || !$rules['equal_to_regex'])) { $value = strtoupper($value); $equalTo = strtoupper($equalTo); } if ($rules['equal_to_regex']) { $equalTo = $rules['equal_to_case_sensitive'] ? $equalTo . 'u' : $equalTo . 'iu'; if (!preg_match($equalTo, $value)) { $equalmsg = " " . __("isn’t correct", $cimy_uef_domain); $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . $equalmsg . '.'); } } else { if ($value != $equalTo) { if ($type == "radio" || $type == "checkbox") { $equalTo == "YES" ? $equalTo = __("YES", $cimy_uef_domain) : __("NO", $cimy_uef_domain); } if ($type == "password") { $equalmsg = " " . __("isn’t correct", $cimy_uef_domain); } else { $equalmsg = ' ' . __("should be", $cimy_uef_domain) . ' ' . esc_html($equalTo); } $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . $equalmsg . '.'); } } } // CHECK IF IT IS A REAL PICTURE if (in_array($type, $cimy_uef_file_images_types)) { $allowed_mime_types = get_allowed_mime_types(); $validate = wp_check_filetype($value, $allowed_mime_types); $file_type2 = ""; if (!empty($validate['type'])) { $file_type2 = $validate['type']; } if ((stristr($file_type1, "image/") === false || stristr($file_type2, "image/") === false) && !empty($value)) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('should be an image.', $cimy_uef_domain)); } } else { if (in_array($type, $cimy_uef_file_types)) { $allowed_mime_types = get_allowed_mime_types(); $validate = wp_check_filetype($value, $allowed_mime_types); $file_type2 = ""; if (!empty($validate['type'])) { $file_type2 = $validate['type']; } if (empty($file_type2) && !empty($value)) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('does not accept this file type.', $cimy_uef_domain)); } } } // MIN LEN if (isset($rules['min_length'])) { $minlen = intval($rules['min_length']); if (in_array($type, $cimy_uef_file_types)) { if ($file_size < $minlen) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have size less than', $cimy_uef_domain) . ' ' . $minlen . ' KB.'); } } else { if (!in_array($type, $rule_maxlen_is_str)) { if (cimy_strlen($value) < $minlen) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have length less than', $cimy_uef_domain) . ' ' . $minlen . '.'); } } } } // EXACT LEN if (isset($rules['exact_length'])) { $exactlen = intval($rules['exact_length']); if (in_array($type, $cimy_uef_file_types)) { if ($file_size != $exactlen) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have size different than', $cimy_uef_domain) . ' ' . $exactlen . ' KB.'); } } else { if (!in_array($type, $rule_maxlen_is_str)) { if (cimy_strlen($value) != $exactlen) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have length different than', $cimy_uef_domain) . ' ' . $exactlen . '.'); } } } } // MAX LEN if (isset($rules['max_length'])) { $maxlen = intval($rules['max_length']); if (in_array($type, $cimy_uef_file_types)) { if ($file_size > $maxlen) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have size more than', $cimy_uef_domain) . ' ' . $maxlen . ' KB.'); } } else { if (!in_array($type, $rule_maxlen_is_str)) { if (cimy_strlen($value) > $maxlen) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have length more than', $cimy_uef_domain) . ' ' . $maxlen . '.'); } } } } } } $i++; } if ($options['confirm_form']) { // this is executed to test registration for errors, to avoid a real registration we put a fake error if (empty($errors->errors) && isset($_POST["register_confirmation"]) && $_POST["register_confirmation"] == 1) { $errors->add('register_confirmation', 'true'); } } cimy_switch_current_blog(); return $errors; }
function cimy_registration_check($user_login, $user_email, $errors) { global $wpdb, $rule_canbeempty, $rule_email, $rule_maxlen, $fields_name_prefix, $wp_fields_name_prefix, $rule_equalto_case_sensitive, $apply_equalto_rule, $cimy_uef_domain, $cimy_uef_file_types, $rule_equalto_regex, $user_level; // cimy_switch_to_blog(); $options = cimy_get_options(); // code for confirmation email check if (!is_multisite() && $options["confirm_email"]) { $errors = cimy_check_user_on_signups($errors, $user_login, $user_email); } // avoid to save stuff if user is being added from: /wp-admin/user-new.php if ($_POST["action"] == "adduser") { return $errors; } // if not set, set to -1 == anonymous if (!isset($user_level)) { $user_level = -1; } $extra_fields = get_cimyFields(false, true); $wp_fields = get_cimyFields(true); // if we are updating profile don't bother with WordPress fields' rules if ($_POST["from"] == "profile") { $i = 2; } else { $i = 1; } // do first for the WP fields then for EXTRA fields while ($i <= 2) { if ($i == 1) { $fields = $wp_fields; $prefix = $wp_fields_name_prefix; } else { $fields = $extra_fields; $prefix = $fields_name_prefix; } $i++; foreach ($fields as $thisField) { $field_id = $thisField['ID']; $name = $thisField['NAME']; $rules = $thisField['RULES']; $type = $thisField['TYPE']; $label = $thisField['LABEL']; $description = $thisField['DESCRIPTION']; $input_name = $prefix . $wpdb->escape($name); $unique_id = $prefix . $field_id; // if the current user LOGGED IN has not enough permissions to see the field, skip it // apply only for EXTRA FIELDS if ($user_level < $rules['show_level']) { continue; } // if show_level == anonymous then do NOT ovverride other show_xyz rules if ($rules['show_level'] == -1) { // if we are updating the profile check correct rule if ($_POST["from"] == "profile") { // if flag to show the field in the profile is NOT activated, skip it if (!$rules['show_in_profile']) { continue; } } else { // we are registering new user // if flag to show the field in the registration is NOT activated, skip it if (!$rules['show_in_reg']) { continue; } } } // uploading a file is not supported when confirmation email is enabled (on MS is turned on by default yes) if ((is_multisite() || $options["confirm_email"]) && in_array($type, $cimy_uef_file_types)) { continue; } if ($_POST["from"] == "profile") { // if editing a different user (only admin) if (isset($_GET['user_id'])) { $get_user_id = $_GET['user_id']; } else { if (isset($_POST['user_id'])) { $get_user_id = $_POST['user_id']; } else { $get_user_id = $user_ID; } } if (!empty($get_user_id)) { global $wpdb_data_table; $get_user_id = intval($get_user_id); // we need the freaking old value $old_value = $wpdb->get_var($wpdb->prepare("SELECT VALUE FROM " . $wpdb_data_table . " WHERE USER_ID=" . $get_user_id . " AND FIELD_ID=" . $field_id)); // Hey, no need to check for rules if anyway I can't edit due to low permissions, neeeext! if ($old_value != "" && $rules['edit'] == 'edit_only_if_empty' || $old_value != "" && !current_user_can('edit_users') && $rules['edit'] == 'edit_only_by_admin_or_if_empty' || $rules['edit'] == 'no_edit' || $rules['edit'] == 'edit_only_by_admin' && !current_user_can('edit_users')) { continue; } } } if (isset($_POST[$input_name])) { if ($type == "dropdown-multi") { $value = stripslashes(implode(",", $_POST[$input_name])); } else { $value = stripslashes($_POST[$input_name]); } } else { $value = ""; } if ($type == "dropdown") { $ret = cimy_dropDownOptions($label, $value); $label = $ret['label']; $html = $ret['html']; } if (in_array($type, $cimy_uef_file_types)) { // filesize in Byte transformed in KiloByte $file_size = $_FILES[$input_name]['size'] / 1024; $file_type = $_FILES[$input_name]['type']; $value = $_FILES[$input_name]['name']; $old_file = $_POST[$input_name . "_oldfile"]; $del_old_file = $_POST[$input_name . "_del"]; } switch ($type) { case 'checkbox': $value == 1 ? $value = "YES" : ($value = "NO"); break; case 'radio': intval($value) == intval($field_id) ? $value = "YES" : ($value = "NO"); break; } // if the flag can be empty is NOT set OR the field is not empty then other check can be useful, otherwise skip all if (!$rules['can_be_empty'] || $value != "") { // yea $i should be == 1 but ++ already so == 2 :) if ($i == 2 && $input_name == $prefix . "PASSWORD2") { if ($value != $_POST[$prefix . "PASSWORD"]) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('does not match.', $cimy_uef_domain)); } } if ($rules['email'] && in_array($type, $rule_email)) { if (!is_email($value)) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('hasn’t a correct email syntax.', $cimy_uef_domain)); } } if (!$rules['can_be_empty'] && in_array($type, $rule_canbeempty) && $value == "") { $empty_error = true; // IF 1. it's a file type // AND 2. there is an old one uploaded // AND 3. this old one is not gonna be deleted // THEN do not throw the empty error. if (in_array($type, $cimy_uef_file_types) && $old_file != "" && $del_old_file == "") { $empty_error = false; } if ($empty_error) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t be empty.', $cimy_uef_domain)); } } if (isset($rules['equal_to']) && in_array($type, $apply_equalto_rule)) { $equalTo = $rules['equal_to']; // if the type is not allowed to be case sensitive // OR if case sensitive is not checked // AND // if the type is not allowed to be a regex // OR if regex rule is not set // THEN switch to uppercase if ((!in_array($type, $rule_equalto_case_sensitive) || !$rules['equal_to_case_sensitive']) && (!in_array($type, $rule_equalto_regex) || !$rules['equal_to_regex'])) { $value = strtoupper($value); $equalTo = strtoupper($equalTo); } if ($rules['equal_to_regex']) { if (!preg_match($equalTo, $value)) { $equalmsg = " " . __("isn’t correct", $cimy_uef_domain); $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . $equalmsg . '.'); } } else { if ($value != $equalTo) { if ($type == "radio" || $type == "checkbox") { $equalTo == "YES" ? $equalTo = __("YES", $cimy_uef_domain) : __("NO", $cimy_uef_domain); } if ($type == "password") { $equalmsg = " " . __("isn’t correct", $cimy_uef_domain); } else { $equalmsg = ' ' . __("should be", $cimy_uef_domain) . ' ' . $equalTo; } $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . $equalmsg . '.'); } } } // CHECK IF IT IS A REAL PICTURE if ($type == "picture" || $type == "avatar") { if (stristr($file_type, "image/") === false && $value != "") { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('should be an image.', $cimy_uef_domain)); } } // MIN LEN if (isset($rules['min_length'])) { $minlen = intval($rules['min_length']); if (in_array($type, $cimy_uef_file_types)) { if ($file_size < $minlen) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have size less than', $cimy_uef_domain) . ' ' . $minlen . ' KB.'); } } else { if (strlen($value) < $minlen) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have length less than', $cimy_uef_domain) . ' ' . $minlen . '.'); } } } // EXACT LEN if (isset($rules['exact_length'])) { $exactlen = intval($rules['exact_length']); if (in_array($type, $cimy_uef_file_types)) { if ($file_size != $exactlen) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have size different than', $cimy_uef_domain) . ' ' . $exactlen . ' KB.'); } } else { if (strlen($value) != $exactlen) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have length different than', $cimy_uef_domain) . ' ' . $exactlen . '.'); } } } // MAX LEN if (isset($rules['max_length'])) { $maxlen = intval($rules['max_length']); if (in_array($type, $cimy_uef_file_types)) { if ($file_size > $maxlen) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have size more than', $cimy_uef_domain) . ' ' . $maxlen . ' KB.'); } } else { if (strlen($value) > $maxlen) { $errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have length more than', $cimy_uef_domain) . ' ' . $maxlen . '.'); } } } } } } if (isset($_POST["securimage_response_field"])) { global $cuef_plugin_dir; require_once $cuef_plugin_dir . '/securimage/securimage.php'; $securimage = new Securimage(); if ($securimage->check($_POST['securimage_response_field']) == false) { $errors->add("securimage_code", '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . __('Typed code is not correct.', $cimy_uef_domain)); } } if (isset($_POST["recaptcha_response_field"])) { $recaptcha_code_ok = false; if ($_POST["recaptcha_response_field"]) { global $cuef_plugin_dir; require_once $cuef_plugin_dir . '/recaptcha/recaptchalib.php'; $recaptcha_resp = recaptcha_check_answer($options["recaptcha_private_key"], $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); $recaptcha_code_ok = $recaptcha_resp->is_valid; } if (!$recaptcha_code_ok) { $errors->add("recaptcha_code", '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . __('Typed code is not correct.', $cimy_uef_domain)); } } cimy_switch_current_blog(); return $errors; }