/**
* Проверяем e-mail
* @param string $mail - проверяемый e-mail
*
* @return bool|string TRUE or Error message
*/
function subscribe_checkEmail($mail = '')
{
global $db_banlist, $db;
// Проверяем бан-лист
if (cot_plugin_active('banlist')) {
$sql = cot::$db->query("SELECT banlist_reason, banlist_email FROM {$db_banlist}\n WHERE banlist_email LIKE " . cot::$db->quote('%' . $mail . '%'));
if ($row = $sql->fetch()) {
$ret = cot::$L['aut_emailbanned'] . $row['banlist_reason'];
return $ret;
}
$sql->closeCursor();
}
if (!cot_check_email($mail)) {
$ret = cot::$L['subscribe_err_wrongmail'];
return $ret;
}
return true;
}
$ruser['user_birthdate'] = cot_import_date('ruserbirthdate', false);
if (!is_null($ruser['user_birthdate']) && $ruser['user_birthdate'] > cot::$sys['now']) {
cot_error('pro_invalidbirthdate', 'ruserbirthdate');
}
$user_exists = (bool) cot::$db->query("SELECT user_id FROM " . cot::$db->users . " WHERE user_name = ? LIMIT 1", array($ruser['user_name']))->fetch();
$email_exists = (bool) cot::$db->query("SELECT user_id FROM " . cot::$db->users . " WHERE user_email = ? LIMIT 1", array($ruser['user_email']))->fetch();
if (preg_match('/&#\\d+;/', $ruser['user_name']) || preg_match('/[<>#\'"\\/]/', $ruser['user_name'])) {
cot_error('aut_invalidloginchars', 'rusername');
}
if (mb_strlen($ruser['user_name']) < 2) {
cot_error('aut_usernametooshort', 'rusername');
}
if (mb_strlen($rpassword1) < 4) {
cot_error('aut_passwordtooshort', 'rpassword1');
}
if (!cot_check_email($ruser['user_email'])) {
cot_error('aut_emailtooshort', 'ruseremail');
}
if ($user_exists) {
cot_error('aut_usernamealreadyindb', 'rusername');
}
if ($email_exists && !$cfg['useremailduplicate']) {
cot_error('aut_emailalreadyindb', 'ruseremail');
}
if ($rpassword1 != $rpassword2) {
cot_error('aut_passwordmismatch', 'rpassword2');
}
/* === Hook for the plugins === */
foreach (cot_getextplugins('users.register.add.validate') as $pl) {
include $pl;
}
break;
case 3:
// Misc settings and admin account
if (empty($cfg['mainurl'])) {
cot_error('install_error_mainurl', 'mainurl');
}
if ($user['pass'] != $user['pass2']) {
cot_error('aut_passwordmismatch', 'user_pass');
}
if (mb_strlen($user['name']) < 2) {
cot_error('aut_usernametooshort', 'user_name');
}
if (mb_strlen($user['pass']) < 4) {
cot_error('aut_passwordtooshort', 'user_pass');
}
if (mb_strlen($user['email']) < 4 || !cot_check_email($user['email'])) {
cot_error('aut_emailtooshort', 'user_email');
}
if (!file_exists($file['config_sample'])) {
cot_error(cot_rc('install_error_missing_file', array('file' => $file['config_sample'])));
}
if (!cot_error_found()) {
$config_contents = file_get_contents($file['config']);
cot_install_config_replace($config_contents, 'defaultlang', $rlang);
cot_install_config_replace($config_contents, 'defaulttheme', $rtheme);
cot_install_config_replace($config_contents, 'defaultscheme', $rscheme);
cot_install_config_replace($config_contents, 'mainurl', $cfg['mainurl']);
$new_site_id = cot_unique(32);
cot_install_config_replace($config_contents, 'site_id', $new_site_id);
$new_secret_key = cot_unique(32);
cot_install_config_replace($config_contents, 'secret_key', $new_secret_key);
/* === Hook for the plugins === */
foreach (cot_getextplugins('users.auth.check') as $pl) {
include $pl;
}
/* ===== */
$rusername = cot_import('rusername', 'P', 'TXT', 100);
$rpassword = cot_import('rpassword', 'P', 'HTM', 32);
$rcookiettl = cot_import('rcookiettl', 'P', 'INT');
$rremember = cot_import('rremember', 'P', 'BOL');
$token = cot_import('token', 'G', 'ALP');
$v = cot_import('v', 'G', 'ALP');
$validating = FALSE;
if (empty($rremember) && $rcookiettl > 0 || $cfg['forcerememberme']) {
$rremember = true;
}
$login_param = !$cfg['useremailduplicate'] && cot_check_email($rusername) ? 'user_email' : 'user_name';
if (!empty($v) && mb_strlen($v) == 32) {
$validating = TRUE;
$login_param = 'user_lostpass';
}
// Load salt and algo from db
$sql = $db->query("SELECT user_passsalt, user_passfunc FROM {$db_users} WHERE {$login_param}=" . $db->quote($rusername));
if ($sql->rowCount() == 0) {
// If login has e-mail format, try to find it as user_name
$sql = $db->query("SELECT user_passsalt, user_passfunc FROM {$db_users} WHERE user_name=" . $db->quote($rusername));
}
if ($sql->rowCount() == 1) {
$hash_params = $sql->fetch();
$rmdpass = cot_hash($rpassword, $hash_params['user_passsalt'], $hash_params['user_passfunc']);
unset($hash_params);
}
/**
* Returns user email link
*
* @param string $email E-mail address
* @param bool $hide Hide email option
* @return string
*/
function cot_build_email($email, $hide = false)
{
global $L;
if ($hide) {
return $L['Hidden'];
} elseif (!empty($email) && cot_check_email($email)) {
$link = cot_rc('link_email', array('email' => $email));
return function_exists('cot_obfuscate') ? cot_obfuscate($link) : $link;
}
}
}
if (!cot_check_email($rcontact['contact_email'])) {
cot_error('contact_emailnotvalid', 'remail');
}
if (mb_strlen($rcontact['contact_text']) < cot::$cfg['plugin']['contact']['minchars']) {
cot_error('contact_entrytooshort', 'rtext');
}
if (!cot_error_found()) {
$rcontact['contact_authorid'] = (int) $usr['id'];
$rcontact['contact_date'] = (int) $sys['now'];
$rcontact['contact_val'] = 0;
if (in_array($cfg['plugin']['contact']['save'], array('db', 'both'))) {
$db->insert($db_contact, $rcontact);
}
$semail = !empty($cfg['plugin']['contact']['email']) ? $cfg['plugin']['contact']['email'] : $cfg['adminemail'];
if (cot_check_email($semail) && in_array($cfg['plugin']['contact']['save'], array('email', 'both'))) {
$headers = "From: \"" . $rcontact['contact_author'] . "\" <" . $rcontact['contact_email'] . ">\n";
$context = array('sitetitle' => $cfg["maintitle"], 'siteurl' => $cfg['mainurl'], 'author' => $rcontact['contact_author'], 'email' => $rcontact['contact_email'], 'subject' => $rcontact['contact_subject'], 'text' => $rcontact['contact_text']);
$rextras = '';
if (!empty(cot::$extrafields[cot::$db->contact])) {
foreach (cot::$extrafields[cot::$db->contact] as $exfld) {
$exfld_title = cot_extrafield_title($exfld, 'contact_');
$ex_body = cot_build_extrafields_data('contact', $exfld, $rcontact['contact_' . $exfld['field_name']]);
$rextras .= "\n" . $exfld_title . ": " . $ex_body;
$context['extra' . $exfld['field_name']] = $ex_body;
$context['extra' . $exfld['field_name'] . '_title'] = $exfld_title;
$context['extra' . $exfld['field_name'] . '_value'] = $rcontact['contact_' . $exfld['field_name']];
}
}
$context['extra'] = $rextras;
$rtextm = cot_rc(empty(cot::$cfg['plugin']['contact']['template']) ? cot::$R['contact_message'] : cot::$cfg['plugin']['contact']['template'], $context);
/**
* Adds new user
*
* @param array $ruser User data array
* @param string $email Email address
* @param string $name User name; defaults to $email if omitted
* @param string $password Password; randomly generated if omitted
* @param string $maingrp Custom main grp
* @param float $sendemail Send email if need activation
* @return int New user ID or false
* @global CotDB $db
*/
function cot_add_user($ruser, $email = null, $name = null, $password = null, $maingrp = null, $sendemail = true)
{
global $cfg, $cot_extrafields, $db, $db_users, $db_groups_users, $db_x, $L, $R, $sys, $uploadfiles, $usr;
$ruser['user_email'] = !empty($email) ? $email : $ruser['user_email'];
$ruser['user_name'] = !empty($name) ? $name : $ruser['user_name'];
$ruser['user_password'] = !empty($password) ? $password : $ruser['user_password'];
empty($ruser['user_password']) && ($ruser['user_password'] = cot_randomstring());
empty($ruser['user_name']) && ($ruser['user_name'] = $ruser['user_email']);
$password = $ruser['user_password'];
$user_exists = (bool) $db->query("SELECT user_id FROM {$db_users} WHERE user_name = ? LIMIT 1", array($ruser['user_name']))->fetch();
$email_exists = (bool) $db->query("SELECT user_id FROM {$db_users} WHERE user_email = ? LIMIT 1", array($ruser['user_email']))->fetch();
if (!cot_check_email($ruser['user_email']) || $user_exists || !$cfg['useremailduplicate'] && $email_exists) {
return false;
}
$ruser['user_gender'] = in_array($ruser['user_gender'], array('M', 'F')) ? $ruser['user_gender'] : 'U';
$ruser['user_country'] = mb_strlen($ruser['user_country']) < 4 ? $ruser['user_country'] : '';
$ruser['user_timezone'] = !$ruser['user_timezone'] ? 'GMT' : $ruser['user_timezone'];
$ruser['user_maingrp'] = $db->countRows($db_users) == 0 ? 5 : $cfg['users']['regnoactivation'] ? 4 : 2;
$ruser['user_maingrp'] = (int) $maingrp > 0 ? $maingrp : $ruser['user_maingrp'];
$ruser['user_passsalt'] = cot_unique(16);
$ruser['user_passfunc'] = empty($cfg['hashfunc']) ? 'sha256' : $cfg['hashfunc'];
$ruser['user_password'] = cot_hash($ruser['user_password'], $ruser['user_passsalt'], $ruser['user_passfunc']);
$ruser['user_birthdate'] = is_null($ruser['user_birthdate']) || $ruser['user_birthdate'] > $sys['now'] ? '0000-00-00' : cot_stamp2date($ruser['user_birthdate']);
$ruser['user_lostpass'] = md5(microtime());
cot_shield_update(20, "Registration");
$ruser['user_hideemail'] = 1;
$ruser['user_theme'] = $cfg['defaulttheme'];
$ruser['user_scheme'] = $cfg['defaultscheme'];
$ruser['user_lang'] = empty($ruser['user_lang']) ? $cfg['defaultlang'] : $ruser['user_lang'];
$ruser['user_regdate'] = (int) $sys['now'];
$ruser['user_logcount'] = 0;
$ruser['user_lastip'] = empty($ruser['user_lastip']) ? $usr['ip'] : $ruser['user_lastip'];
$ruser['user_token'] = cot_unique(16);
if (!$db->insert($db_users, $ruser)) {
return;
}
$userid = $db->lastInsertId();
$db->insert($db_groups_users, array('gru_userid' => (int) $userid, 'gru_groupid' => (int) $ruser['user_maingrp']));
cot_extrafield_movefiles();
/* === Hook for the plugins === */
foreach (cot_getextplugins('users.adduser.done') as $pl) {
include $pl;
}
/* ===== */
if ($ruser['user_maingrp'] == 2 && $sendemail) {
if ($cfg['users']['regrequireadmin']) {
$subject = $L['aut_regrequesttitle'];
$body = sprintf($L['aut_regrequest'], $ruser['user_name']);
$body .= "\n\n" . $L['aut_contactadmin'];
cot_mail($ruser['user_email'], $subject, $body);
$subject = $L['aut_regreqnoticetitle'];
$inactive = $cfg['mainurl'] . '/' . cot_url('users', 'gm=2&s=regdate&w=desc', '', true);
$body = sprintf($L['aut_regreqnotice'], $ruser['user_name'], $inactive);
cot_mail($cfg['adminemail'], $subject, $body);
} else {
$subject = $L['Registration'];
$activate = $cfg['mainurl'] . '/' . cot_url('users', 'm=register&a=validate&token=' . $ruser['user_token'] . '&v=' . $ruser['user_lostpass'] . '&y=1', '', true);
$deactivate = $cfg['mainurl'] . '/' . cot_url('users', 'm=register&a=validate&token=' . $ruser['user_token'] . '&v=' . $ruser['user_lostpass'] . '&y=0', '', true);
$body = sprintf($L['aut_emailreg'], $ruser['user_name'], $activate, $deactivate);
$body .= "\n\n" . $L['aut_contactadmin'];
cot_mail($ruser['user_email'], $subject, $body);
}
}
return $userid;
}
$ruserpass['user_password'] = cot_hash($rnewpass1, $ruserpass['user_passsalt'], $ruserpass['user_passfunc']);
$db->update($db_users, $ruserpass, "user_id={$usr['id']}");
unset($ruserpass);
cot_message('Password_updated');
}
}
if (!empty($ruseremail) && (!empty($rmailpass) || $cfg['users']['user_email_noprotection']) && $cfg['users']['useremailchange'] && $ruseremail != $urr['user_email']) {
$sqltmp = $db->query("SELECT COUNT(*) FROM {$db_users} WHERE user_email='" . $db->prep($ruseremail) . "'");
$res = $sqltmp->fetchColumn();
if (!$cfg['users']['user_email_noprotection']) {
$rmailpass = cot_hash($rmailpass, $urr['user_passsalt'], $urr['user_passfunc']);
if ($rmailpass != $urr['user_password']) {
cot_error('pro_wrongpass', 'rmailpass');
}
}
if (!cot_check_email($ruseremail)) {
cot_error('aut_emailtooshort', 'ruseremail');
}
if ($res > 0) {
cot_error('aut_emailalreadyindb', 'ruseremail');
}
if (!cot_error_found()) {
if (!$cfg['users']['user_email_noprotection']) {
$validationkey = md5(microtime());
$db->update($db_users, array('user_email' => $ruseremail, 'user_lostpass' => $validationkey, 'user_maingrp' => '-1', 'user_sid' => $urr['user_maingrp']), "user_id='" . $usr['id'] . "'");
$rsubject = $L['aut_mailnoticetitle'];
$ractivate = $cfg['mainurl'] . '/' . cot_url('users', 'm=register&a=validate&v=' . $validationkey, '', true);
$rbody = sprintf($L['aut_emailchange'], $usr['name'], $ractivate);
$rbody .= "\n\n" . $L['aut_contactadmin'];
cot_mail($ruseremail, $rsubject, $rbody);
if (cot_import($sys['site_id'], 'COOKIE', 'ALP')) {
cot_shield_protect();
/* === Hook === */
foreach (cot_getextplugins('marketorders.neworder.add.first') as $pl) {
include $pl;
}
/* ===== */
$rorder['order_count'] = cot_import('rcount', 'P', 'INT');
$rorder['order_text'] = cot_import('rtext', 'P', 'TXT');
$email = cot_import('remail', 'P', 'TXT', 100, TRUE);
/* === Hook === */
foreach (cot_getextplugins('marketorders.neworder.add.import') as $pl) {
include $pl;
}
/* ===== */
//cot_check(empty($rorder['order_count']), 'marketorders_neworder_error_count', 'rcount');
if (!cot_check_email($email) && $usr['id'] == 0) {
cot_error('aut_emailtooshort', 'remail');
}
if (!empty($email) && $usr['id'] == 0) {
$rorder['order_userid'] = $db->query("SELECT user_id FROM {$db_users} WHERE user_email = ? LIMIT 1", array($email))->fetchColumn();
} else {
$rorder['order_userid'] = $usr['id'];
}
/* === Hook === */
foreach (cot_getextplugins('marketorders.neworder.add.error') as $pl) {
include $pl;
}
/* ===== */
$rorder['order_count'] = $rorder['order_count'] > 0 ? $rorder['order_count'] : 1;
if (!cot_error_found()) {
$rorder['order_pid'] = $pid;
