function validate_member($use_screen_name = 'yes') { /** ------------------------------------- /** Instantiate validation class /** -------------------------------------*/ if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate' . EXT; } $VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $_POST['username'], 'cur_username' => '', 'screen_name' => $_POST['screen_name'], 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => $_POST['email'], 'cur_email' => '')); $VAL->validate_username(); $VAL->validate_email(); $VAL->validate_password(); if ($use_screen_name == 'yes') { $VAL->validate_screen_name(); } // Display errors if there are any if (count($VAL->errors) > 0) { return array('result' => 'failed', 'errors' => $VAL->errors); } else { return TRUE; } }
/** ---------------------------------------- /** Email Update /** ----------------------------------------*/ function update_email() { // Safety. if (!isset($_POST['email'])) { return ee()->output->show_user_error('general', array(ee()->lang->line('invalid_action'))); } /** ---------------------------------------- /** Blacklist/Whitelist Check /** ----------------------------------------*/ if (ee()->blacklist->blacklisted == 'y' && ee()->blacklist->whitelisted == 'n') { return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized'))); } /** ------------------------------------- /** Validate submitted data /** -------------------------------------*/ if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate.php'; } $query = ee()->db->query("SELECT email, password FROM exp_members WHERE member_id = '" . ee()->session->userdata('member_id') . "'"); $VAL = new EE_Validate(array('member_id' => ee()->session->userdata('member_id'), 'val_type' => 'update', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'email' => $_POST['email'], 'cur_email' => $query->row('email'), 'cur_password' => $_POST['password'])); $VAL->validate_email(); if ($_POST['email'] != $query->row('email')) { $VAL->password_safety_check(); } if (count($VAL->errors) > 0) { return ee()->output->show_user_error('submission', $VAL->errors); } /** ------------------------------------- /** Assign the query data /** -------------------------------------*/ $data = array('email' => $_POST['email'], 'accept_admin_email' => isset($_POST['accept_admin_email']) ? 'y' : 'n', 'accept_user_email' => isset($_POST['accept_user_email']) ? 'y' : 'n', 'notify_by_default' => isset($_POST['notify_by_default']) ? 'y' : 'n', 'notify_of_pm' => isset($_POST['notify_of_pm']) ? 'y' : 'n', 'smart_notifications' => isset($_POST['smart_notifications']) ? 'y' : 'n'); ee()->db->query(ee()->db->update_string('exp_members', $data, "member_id = '" . ee()->session->userdata('member_id') . "'")); /** ------------------------------------- /** Update comments and log email change /** -------------------------------------*/ if ($query->row('email') != $_POST['email']) { ee()->db->query(ee()->db->update_string('exp_comments', array('email' => $_POST['email']), "author_id = '" . ee()->session->userdata('member_id') . "'")); } /** ------------------------------------- /** Success message /** -------------------------------------*/ return $this->_var_swap($this->_load_element('success'), array('lang:heading' => ee()->lang->line('mbr_email_updated'), 'lang:message' => ee()->lang->line('mbr_email_has_been_updated'))); }
/** * insert new entry to db * * @access public * @return null */ function insert_new_entry() { $default = array('name', 'email'); $all_fields = ''; $fields = array(); $entry_id = ''; $msg = array(); foreach ($default as $val) { if ( ! isset($_POST[$val])) { $_POST[$val] = ''; } } // ---------------------------------------- // Fetch the freeform language pack // ---------------------------------------- ee()->lang->loadfile('freeform'); // ---------------------------------------- // Is the user banned? // ---------------------------------------- if (ee()->session->userdata['is_banned'] == TRUE) { return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized'))); } // ---------------------------------------- // Is the IP address and User Agent required? // ---------------------------------------- if ( $this->check_yes($this->_param('require_ip')) ) { if (ee()->session->userdata['group_id'] != 1 AND ee()->input->ip_address() == '0.0.0.0') { return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized'))); } } // ---------------------------------------- // Is the nation of the user banned? // ---------------------------------------- ee()->session->nation_ban_check(); // ---------------------------------------- // Blacklist/Whitelist Check // ---------------------------------------- if ($this->check_yes(ee()->blacklist->blacklisted) && $this->check_no(ee()->blacklist->whitelisted)) { return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized'))); } // ---------------------------------------- // Check duplicates // ---------------------------------------- if ( $this->_param('prevent_duplicate_on') AND $this->_param('prevent_duplicate_on') != '' AND ( ee()->session->userdata['group_id'] != 1 OR ee()->input->get_post('email') != '' ) ) { $sql = " SELECT COUNT(*) AS count FROM exp_freeform_entries WHERE status != 'closed'"; if ( $this->_param('form_name') ) { $sql .= " AND form_name = '".ee()->db->escape_str($this->_param('form_name'))."'"; } if ( $this->_param('prevent_duplicate_on') == 'member_id' AND ee()->session->userdata['member_id'] != '0' ) { $sql .= " AND author_id = '".ee()->db->escape_str(ee()->session->userdata['member_id'])."'"; } elseif ( $this->_param('prevent_duplicate_on') == 'ip_address' AND ee()->input->ip_address() != '0.0.0.0' AND ee()->session->userdata['group_id'] != 1) { $sql .= " AND ip_address = '".ee()->db->escape_str(ee()->input->ip_address())."'"; } else { $sql .= " AND email = '".ee()->db->escape_str(ee()->input->get_post('email'))."'"; } $dup = ee()->db->query( $sql ); if ( $dup->row('count') > 0 ) { return ee()->output->show_user_error('general', array(ee()->lang->line('no_duplicates'))); } } // ---------------------------------------- // Start error trapping on required fields // ---------------------------------------- $errors = array(); // Are there any required fields? if ( $this->_param('ee_required') != '' ) { $required_fields = preg_split("/,|\|/" ,$this->_param('ee_required')); // ---------------------------------------- // Let's get labels from the DB // ---------------------------------------- $query = ee()->db->query( "SELECT * FROM exp_freeform_fields" ); $labels = array(); if ( $query->num_rows() > 0 ) { foreach ($query->result_array() as $row) { $labels[$row['name']] = $row['label']; } // Check for empty fields foreach ( $required_fields as $val ) { if ( ! ee()->input->post($val) OR ee()->input->post($val) == '' ) { if (array_key_exists($val, $labels)) { $errors[] = ee()->lang->line('field_required') . ' ' . $labels[$val]; } else { $errors[] = ee()->lang->line('not_in_field_list') . ' ' . $val; } } } // End empty check } // End labels from DB // ---------------------------------------- // Do we require an email address? // ---------------------------------------- if ( isset( $labels['email'] ) AND ee()->input->get_post('email') ) { // ---------------------------------------- // Valid email address? // ---------------------------------------- //1.x if (APP_VER < 2.0) { if ( ! class_exists('Validate')) { require PATH_CORE.'core.validate'.EXT; } $VAL = new Validate( array( 'email' => ee()->input->get_post('email') ) ); } //2.x else { if ( ! class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate'.EXT; } $VAL = new EE_Validate( array( 'email' => ee()->input->get_post('email') ) ); } $VAL->validate_email(); // ---------------------------------------- // Display errors if there are any // ---------------------------------------- if (count($VAL->errors) > 0) { return ee()->output->show_user_error('general', $VAL->errors ); } } } // ---------------------------------------- // Are we trying to accept file uploads? // ---------------------------------------- if ( $this->_param('file_upload') != '' AND $this->upload_limit = $this->_param('upload_limit') ) { $this->_upload_files( TRUE ); } // ---------------------------------------- // 'freeform_module_validate_end' hook. // - This allows developers to do more form validation. // ---------------------------------------- if (ee()->extensions->active_hook('freeform_module_validate_end') === TRUE) { $errors = ee()->extensions->universal_call('freeform_module_validate_end', $errors); if (ee()->extensions->end_script === TRUE) return; } // ---------------------------------------- // ---------------------------------------- // Do we have errors to display? // ---------------------------------------- if (count($errors) > 0) { return ee()->output->show_user_error('submission', $errors); } // ---------------------------------------- // Do we require captcha? // ---------------------------------------- if ( $this->_param('require_captcha') AND $this->check_yes($this->_param('require_captcha')) ) { if ( $this->check_yes(ee()->config->item('captcha_require_members')) OR ( $this->check_no(ee()->config->item('captcha_require_members')) AND ee()->session->userdata('member_id') == 0) ) { if ( ! ee()->input->post('captcha') OR ee()->input->post('captcha') == '') { return ee()->output->show_user_error('submission', ee()->lang->line('captcha_required')); } else { $res = ee()->db->query( "SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . ee()->db->escape_str(ee()->input->post('captcha')) . "' AND ip_address = '" . ee()->db->escape_str(ee()->input->ip_address()) . "' AND date > UNIX_TIMESTAMP()-7200" ); if ($res->row('count') == 0) { return ee()->output->show_user_error('submission', ee()->lang->line('captcha_incorrect')); } // Moved because of file uploading errors /* ee()->db->query("DELETE FROM exp_captcha WHERE (word='".ee()->db->escape_str($_POST['captcha'])."' AND ip_address = '".ee()->db->escape_str(ee()->input->ip_address())."') OR date < UNIX_TIMESTAMP()-7200"); */ } } } // ---------------------------------------- // Check Form Hash // ---------------------------------------- if ( $this->check_yes(ee()->config->item('secure_forms')) ) { $query = ee()->db->query( "SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='" . ee()->db->escape_str(ee()->input->post('XID')) . "' AND ip_address = '" . ee()->db->escape_str(ee()->input->ip_address())."' AND date > UNIX_TIMESTAMP()-7200" ); //email_change if ($query->row('count') == 0) { return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized'))); } // Moved because of file uploading errors /* ee()->db->query("DELETE FROM exp_security_hashes WHERE (hash='".ee()->db->escape_str($_POST['XID'])."' AND ip_address = '".ee()->db->escape_str(ee()->input->ip_address())."') OR date < UNIX_TIMESTAMP()-7200"); */ } // ---------------------------------------- // Let's get all of the fields from the // database for testing purposes // ---------------------------------------- $fields['form_name'] = "Collection Name"; $query = ee()->db->query( "SELECT name, label FROM exp_freeform_fields ORDER BY field_order ASC" ); if ($query->num_rows() > 0) { foreach($query->result_array() as $row) { $fields[$row['name']] = $row['label']; } } else { return false; } // ---------------------------------------- // Build the data array // ---------------------------------------- $exclude = array('ACT', 'RET', 'URI', 'PRV', 'XID', 'return', 'ee_notify', 'ee_required', 'submit'); $include = array('status'); $data = array( 'author_id' => ee()->session->userdata['member_id'], 'group_id' => ee()->session->userdata['group_id'], 'ip_address' => ee()->input->ip_address(), 'entry_date' => ee()->localize->now, 'edit_date' => ee()->localize->now ); foreach ( $_POST as $key => $val ) { // ---------------------------------------- // If the given field is not a FreeForm // field or not in our include list, then // skip it. // ---------------------------------------- if ( ! array_key_exists( $key, $fields ) AND ! in_array( $key, $include ) ) continue; // ---------------------------------------- // If the given field is in our exclude // list, then skip it. // ---------------------------------------- if ( in_array( $key, $exclude ) ) continue; if ( $key == 'website' ) { ee()->security->xss_clean( prep_url( ee()->input->post('website') ) ); $data[$key] = ee()->input->post($key); } // If the field is a multi-select field, then handle it as such. if ( is_array( $val ) ) { $val = implode( "\n", $val ); $data[$key] = ee()->security->xss_clean($val); } else { $data[$key] = ee()->security->xss_clean($val); } } //backup for form name in case it isnt in the post data if ( ! isset($data['form_name']) AND $this->_param('form_name') !== FALSE) { $data['form_name'] = $this->_param('form_name'); } //check to see if there is any missing data that we have in the params: /*foreach($fields as $f_key => $f_value) { if ( ! isset($data[$f_key]) AND $this->_param($f_key) !== FALSE) { $data[$f_key] = $this->_param($f_key); } }*/ //i dont want to remove this because we might need it for some god awful reason, but it screws with stuff. $fields['subject'] = "Subject"; // ---------------------------------------- // 'freeform_module_insert_begin' hook. // - This allows developers to do one last thing before Freeform submit is ended. // ---------------------------------------- if (ee()->extensions->active_hook('freeform_module_insert_begin') === TRUE) { $data = ee()->extensions->universal_call('freeform_module_insert_begin', $data); if (ee()->extensions->end_script === TRUE) return; } // ------------------------------------------------------------------------------------ // Discarded data email_change // ------------------------------------------------------------------------------------ // ---------------------------------------- // Are we discarding some field values and preventing data save on them? // ---------------------------------------- if ( $this->_param('discard_field') != '' ) { foreach ( explode( "|", $this->_param('discard_field') ) as $val ) { if ( ! empty( $data[ $val ] ) ) { $data[ $val ] = ee()->lang->line('discarded_field_data'); } } } // ------------------------------------------------------------------------------------ // end Discarded data email_change // ------------------------------------------------------------------------------------ // ---------------------------------------- // Submit data into DB // ---------------------------------------- $sql = ee()->db->insert_string( 'exp_freeform_entries', $data ); //email_change $query = ee()->db->query( $sql ); $this->entry_id = ee()->db->insert_id(); // ---------------------------------------- // Process file uploads // ---------------------------------------- if ( count( $this->upload ) > 0 ) { $this->_upload_files(); } //---------------------------------------- // Delete CAPTCHA and Form Hash - Moved here because of File Upload Error possibilities // ---------------------------------------- if ( $this->check_yes($this->_param('require_captcha')) && isset($_POST['captcha'])) { ee()->db->query( "DELETE FROM exp_captcha WHERE (word='" . ee()->db->escape_str(ee()->input->post('captcha')) . "' AND ip_address = '" . ee()->db->escape_str(ee()->input->ip_address()) . "') OR date < UNIX_TIMESTAMP()-7200" ); } if ( $this->check_yes(ee()->config->item('secure_forms')) && ee()->input->post('XID') ) { ee()->db->query( "DELETE FROM exp_security_hashes WHERE (hash='" . ee()->db->escape_str(ee()->input->post('XID')) . "' AND ip_address = '" . ee()->db->escape_str(ee()->input->ip_address()) . "') OR date < UNIX_TIMESTAMP()-7200" ); } // ---------------------------------------- // Send notifications // ---------------------------------------- if ( $this->_param('ee_notify') != '' ) { $recipients = preg_split("/,|\|/" , $this->_param('ee_notify') ); $template = ( $this->_param('template') AND $this->_param('template') != '' ) ? $this->_param('template'): 'default_template'; // ---------------------------------------- // Generate message // ---------------------------------------- $msg = array(); $query = ee()->db->query( "SELECT * FROM exp_freeform_templates WHERE template_name = '" . ee()->db->escape_str($template) . "' AND enable_template = 'y' LIMIT 1" ); if ( $query->num_rows() == 0 ) { return ee()->output->show_user_error('general', array(ee()->lang->line('template_not_available'))); } $msg['from_name'] = ( $query->row('data_from_name') != '' ) ? $query->row('data_from_name'): ee()->config->item('webmaster_name'); $msg['from_email'] = ( $query->row('data_from_email') != '' ) ? $query->row('data_from_email'): ee()->config->item('webmaster_email'); $msg['subject'] = $query->row('data_title'); $msg['msg'] = $query->row('template_data'); $wordwrap = $this->check_yes($query->row('wordwrap')); $msg['subject'] = str_replace( LD.'entry_date'.RD, ee()->localize->set_human_time(ee()->localize->now), $msg['subject'] ); $msg['msg'] = str_replace( LD.'entry_date'.RD, ee()->localize->set_human_time(ee()->localize->now), $msg['msg'] ); $msg['subject'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['subject'] ); $msg['msg'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['msg'] ); if (preg_match_all("/".LD."(entry_date)\s+format=([\"'])(.*?)\\2".RD."/is", $msg['subject'].$msg['msg'], $matches) ) { for ($j = 0; $j < count($matches[0]); $j++) { $val = $matches[3][$j]; foreach (ee()->localize->fetch_date_params($matches[3][$j]) AS $dvar) { $val = str_replace($dvar, ee()->localize->convert_timestamp($dvar, ee()->localize->now, TRUE), $val); } $msg['subject'] = str_replace( $matches[0][$j], $val, $msg['subject'] ); $msg['msg'] = str_replace( $matches[0][$j], $val, $msg['msg'] ); } } // ---------------------------------------- // Parse conditionals // ---------------------------------------- //template isn't defined yet, so we have to fetch it //1.x if(APP_VER < 2.0) { if ( ! class_exists('Template')) { require PATH_CORE.'core.template'.EXT; } $local_TMPL = new Template(); } //2.x else { ee()->load->library('template'); $local_TMPL =& ee()->template; } $data['attachment_count'] = count( $this->attachments ); //i have no idea why this is being done instead of just using $data... $cond = $data; foreach( $msg as $key => $val ) { $msg[$key] = $local_TMPL->advanced_conditionals( ee()->functions->prep_conditionals( $msg[$key], $cond ) ); } unset( $cond ); // ---------------------------------------- // Parse individual fields // ---------------------------------------- $exclude = array('submit'); foreach ( $msg as $key => $val ) { // ---------------------------------------- // Handle attachments // ---------------------------------------- $msg[$key] = str_replace( LD."attachment_count".RD, $data['attachment_count'], $msg[$key] ); if ( $key == 'msg' ) { $all_fields .= "Attachments: ".$data['attachment_count']."\n"; $n = 0; foreach ( $this->attachments as $file ) { $n++; $all_fields .= "Attachment $n: ".$file['filename']." ".$this->upload['url'].$file['filename']."\n"; } } if ( preg_match( "/".LD."attachments".RD."(.*?)".LD."\/attachments".RD."/s", $msg[$key], $match ) ) { if ( count( $this->attachments ) > 0 ) { $str = ''; foreach ( $this->attachments as $file ) { $tagdata = $match['1']; $tagdata = str_replace( LD."fileurl".RD, $this->upload['url'].$file['filename'], $tagdata ); $tagdata = str_replace( LD."filename".RD, $file['filename'], $tagdata ); $str .= $tagdata; } $msg[$key] = str_replace( $match['0'], $str, $msg[$key] ); } else { $msg[$key] = str_replace( $match['0'], "", $msg[$key] ); } } // ---------------------------------------- // Loop // ---------------------------------------- foreach ( $fields as $name => $label ) { if ( isset( $data[$name] ) AND ! in_array( $name, $exclude ) ) { $msg[$key] = str_replace( LD.$name.RD, $data[$name], $msg[$key] ); // ---------------------------------------- // We don't want to concatenate for every // time through the main loop. // ---------------------------------------- if ( $key == 'msg' ) { $all_fields .= $label.": ".$data[$name]."\n"; } } else { $msg[$key] = str_replace( LD.$name.RD, '', $msg[$key] ); } } } // ---------------------------------------- // Parse all fields variable // ---------------------------------------- if ( stristr( $msg['msg'], LD.'all_custom_fields'.RD ) ) { $msg['msg'] = str_replace( LD.'all_custom_fields'.RD, $all_fields, $msg['msg'] ); } // ---------------------------------------- // 'freeform_module_admin_notification' hook. // - This allows developers to alter the // $msg array before admin notification is sent. // ---------------------------------------- if (ee()->extensions->active_hook('freeform_module_admin_notification') === TRUE) { $msg = ee()->extensions->universal_call('freeform_module_admin_notification', $fields, $this->entry_id, $msg); if (ee()->extensions->end_script === TRUE) return; } // ---------------------------------------- // ---------------------------------------- // Send email // ---------------------------------------- ee()->email->wordwrap = $wordwrap; ee()->email->mailtype = ( $this->check_yes($query->row('html')) ) ? 'html': 'text'; if ( count( $this->attachments ) > 0 AND $this->check_yes($this->_param('send_attachment')) ) { foreach ( $this->attachments as $file_name ) { ee()->email->attach( $file_name['filepath'] ); } ee()->db->query( ee()->db->update_string( 'exp_freeform_attachments', array( 'emailed' => 'y' ), array( 'entry_id' => $this->entry_id ) ) ); } foreach ($recipients as $val) { ee()->email->initialize(); ee()->email->from($msg['from_email'], $msg['from_name']); ee()->email->to($val); ee()->email->subject($msg['subject']); ee()->email->message(entities_to_ascii($msg['msg'])); ee()->email->send(); } ee()->email->clear(TRUE); $msg = array(); // ---------------------------------------- // Register the template used // ---------------------------------------- ee()->db->query( ee()->db->update_string( 'exp_freeform_entries', array( 'template' => $template), array( 'entry_id' => $this->entry_id ) ) ); } // ---------------------------------------- // Send user email email_change // ---------------------------------------- if ($this->check_yes($this->_param('recipients')) AND ( ee()->session->userdata['group_id'] == 1 OR ee()->input->ip_address() != '0.0.0.0' ) AND ee()->input->post('recipient_email') !== FALSE) { $all_fields = ''; //don't we already do this...? $template = ( $this->_param('recipient_template') AND $this->_param('recipient_template') != '' ) ? $this->_param('recipient_template') : 'default_template'; // ---------------------------------------- // Array of recipients? // ---------------------------------------- if ( is_array( ee()->input->post('recipient_email') ) === TRUE AND count( ee()->input->post('recipient_email') ) > 0 ) { $recipient_email = ee()->input->post('recipient_email'); } else { $recipient_email = array( ee()->input->post('recipient_email') ); } // if we are using 'static recipients'. e.g., recipient1='bob|bob@email.com' // parse out the uniqids and replace them with the real stored emails if ( $this->_param('static_recipients') == TRUE ) { //prevents injection and only uses hashed emails from the form $temp_email = $recipient_email; $recipient_email = array(); //parse email $stored_recipients = $this->_param('static_recipients_list'); //have to check each email against the entire list. foreach ( $temp_email as $key => $value ) { foreach ( $stored_recipients as $recipient_data ) { if ( $value == $recipient_data['key'] ) { $recipient_email[] = $recipient_data['email']; } } } } // ---------------------------------------- // Validate recipients? // ---------------------------------------- $array = $this->_validate_recipients( implode( ",", $recipient_email ) ); $error = $array['error']; $approved_tos = $array['approved']; // ---------------------------------------- // Over our spam limit? // ---------------------------------------- if ( $this->_param('static_recipients') != TRUE AND count( $approved_tos ) > $this->_param( 'recipient_limit' ) ) { $error[] = ee()->lang->line( 'recipient_limit_exceeded' ); } // ---------------------------------------- // Errors? // ---------------------------------------- if ( count( $error ) > 0 ) { return ee()->output->show_user_error( 'general', $error ); } // ---------------------------------------- // Check for spamming or hacking // ---------------------------------------- $query = ee()->db->query( "SELECT SUM(exp_freeform_user_email.email_count) AS count FROM exp_freeform_entries, exp_freeform_user_email WHERE exp_freeform_entries.entry_id = exp_freeform_user_email.entry_id AND exp_freeform_entries.ip_address = '" . ee()->db->escape_str( ee()->input->ip_address() )."' AND exp_freeform_entries.entry_date > '" . ee()->db->escape_str( ee()->localize->now - ( 60 * ( (int) $this->prefs['spam_interval'] ) ) ) . "'" ); if ( $query->row('count') > $this->prefs['spam_count'] ) { return ee()->email->output->show_user_error( 'general', array(ee()->lang->line('em_limit_exceeded'))); } // ---------------------------------------- // Log the number of emails sent // ---------------------------------------- ee()->db->query( ee()->db->insert_string( "exp_freeform_user_email", array( 'email_count' => count( $approved_tos ) , 'entry_id' => $this->entry_id ) ) ); // ---------------------------------------- // Generate message // ---------------------------------------- $msg = array(); $query = ee()->db->query( "SELECT * FROM exp_freeform_templates WHERE template_name = '" . ee()->db->escape_str($template) . "' AND enable_template = 'y' LIMIT 1" ); if ( $query->num_rows() == 0 ) { return ee()->output->show_user_error('general', array(ee()->lang->line('template_not_available'))); } $msg['from_name'] = ( $query->row('data_from_name') != '' ) ? $query->row('data_from_name'): ee()->config->item('webmaster_name'); $msg['from_email'] = ( $query->row('data_from_email') != '' ) ? $query->row('data_from_email'): ee()->config->item('webmaster_email'); $msg['subject'] = $query->row('data_title'); $msg['msg'] = $query->row('template_data'); $wordwrap = $this->check_yes($query->row('wordwrap')); $msg['subject'] = str_replace( LD.'entry_date'.RD, ee()->localize->set_human_time(ee()->localize->now), $msg['subject'] ); $msg['msg'] = str_replace( LD.'entry_date'.RD, ee()->localize->set_human_time(ee()->localize->now), $msg['msg'] ); $msg['subject'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['subject'] ); $msg['msg'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['msg'] ); if (preg_match_all("/".LD."(entry_date)\s+format=([\"'])(.*?)\\2".RD."/is", $msg['subject'].$msg['msg'], $matches) ) { for ($j = 0; $j < count($matches[0]); $j++) { $val = $matches[3][$j]; foreach (ee()->localize->fetch_date_params($matches[3][$j]) AS $dvar) { $val = str_replace($dvar, ee()->localize->convert_timestamp($dvar, ee()->localize->now, TRUE), $val); } $msg['subject'] = str_replace( $matches[0][$j], $val, $msg['subject'] ); $msg['msg'] = str_replace( $matches[0][$j], $val, $msg['msg'] ); } } // ---------------------------------------- // Parse conditionals // ---------------------------------------- //template isn't defined yet, so we have to fetch it //1.x if(APP_VER < 2.0) { if ( ! class_exists('Template')) { require PATH_CORE.'core.template'.EXT; } $local_TMPL = new Template(); } //2.x else { ee()->load->library('template'); $local_TMPL =& ee()->template; } $data['attachment_count'] = count( $this->attachments ); $cond = $data; foreach( $msg as $key => $val ) { $msg[$key] = $local_TMPL->advanced_conditionals( ee()->functions->prep_conditionals( $msg[$key], $cond ) ); } unset( $cond ); // ---------------------------------------- // Parse individual fields // ---------------------------------------- $exclude = array('submit'); foreach ( $msg as $key => $val ) { // ---------------------------------------- // Handle attachments // ---------------------------------------- $msg[$key] = str_replace( LD."attachment_count".RD, $data['attachment_count'], $msg[$key] ); if ( $key == 'msg' ) { $all_fields .= "Attachments: ".$data['attachment_count']."\n"; $n = 0; foreach ( $this->attachments as $file ) { $n++; $all_fields .= "Attachment $n: ".$file['filename']." ".$this->upload['url'].$file['filename']."\n"; } } if ( preg_match( "/".LD."attachments".RD."(.*?)".LD."\/attachments".RD."/s", $msg[$key], $match ) ) { if ( count( $this->attachments ) > 0 ) { $str = ''; foreach ( $this->attachments as $file ) { $tagdata = $match['1']; $tagdata = str_replace( LD."fileurl".RD, $this->upload['url'].$file['filename'], $tagdata ); $tagdata = str_replace( LD."filename".RD, $file['filename'], $tagdata ); $str .= $tagdata; } $msg[$key] = str_replace( $match['0'], $str, $msg[$key] ); } else { $msg[$key] = str_replace( $match['0'], "", $msg[$key] ); } } // ---------------------------------------- // Loop // ---------------------------------------- foreach ( $fields as $name => $label ) { if ( isset( $data[$name] ) AND ! in_array( $name, $exclude ) ) { $msg[$key] = str_replace( LD.$name.RD, $data[$name], $msg[$key] ); // ---------------------------------------- // We don't want to concatenate for every // time through the main loop. // ---------------------------------------- if ( $key == 'msg' ) { $all_fields .= $label.": ".$data[$name]."\n"; } } else { $msg[$key] = str_replace( LD.$name.RD, '', $msg[$key] ); } } } // ---------------------------------------- // Parse all fields variable // ---------------------------------------- if ( stristr( $msg['msg'], LD.'all_custom_fields'.RD ) ) { $msg['msg'] = str_replace( LD.'all_custom_fields'.RD, $all_fields, $msg['msg'] ); } // ---------------------------------------- // 'freeform_recipient_email' hook. // - This allows developers to alter the // $msg array before admin notification is sent. // ---------------------------------------- if (ee()->extensions->active_hook('freeform_recipient_email') === TRUE) { $msg = ee()->extensions->universal_call('freeform_recipient_email', $fields, $this->entry_id, $msg); if (ee()->extensions->end_script === TRUE) return; } // ---------------------------------------- // ---------------------------------------- // Send email // ---------------------------------------- ee()->email->wordwrap = $wordwrap; ee()->email->mailtype = ( $this->check_yes($query->row('html')) ) ? 'html': 'text'; if ( count( $this->attachments ) > 0 AND $this->check_yes($this->_param('send_attachment')) ) { foreach ( $this->attachments as $file_name ) { ee()->email->attach( $file_name['filepath'] ); } ee()->db->query( ee()->db->update_string( 'exp_freeform_attachments', array( 'emailed' => 'y' ), array( 'entry_id' => $this->entry_id ) ) ); } foreach ($approved_tos as $val) { ee()->email->initialize(); ee()->email->from($msg['from_email'], $msg['from_name']); ee()->email->to($val); ee()->email->subject($msg['subject']); ee()->email->message(entities_to_ascii($msg['msg'])); ee()->email->send(); } ee()->email->clear(TRUE); $msg = array(); // ---------------------------------------- // Register the template used // ---------------------------------------- ee()->db->query( ee()->db->update_string( 'exp_freeform_entries', array( 'template' => $template), array( 'entry_id' => $this->entry_id ) ) ); } // End send user recipients // ---------------------------------------- // Send user email // ---------------------------------------- //$msg = array(); email_change if ( $this->check_yes($this->_param('send_user_email')) AND ee()->input->get_post('email') ) { $all_fields = ''; $recipients = array(); $recipients[] = ee()->input->get_post('email'); $template = ( $this->_param('user_email_template') AND $this->_param('user_email_template') != '' ) ? $this->_param('user_email_template'): 'default_template'; // ---------------------------------------- // Generate message // ---------------------------------------- $msg = array(); $query = ee()->db->query( "SELECT * FROM exp_freeform_templates WHERE template_name = '" . ee()->db->escape_str($template) . "' AND enable_template = 'y' LIMIT 1" ); if ( $query->num_rows() == 0 ) { return ee()->output->show_user_error('general', array(ee()->lang->line('template_not_available'))); } $msg['from_name'] = ( $query->row('data_from_name') != '' ) ? $query->row('data_from_name') : ee()->config->item('webmaster_name'); $msg['from_email'] = ( $query->row('data_from_email') != '' ) ? $query->row('data_from_email') : ee()->config->item('webmaster_email'); $msg['subject'] = $query->row('data_title'); $msg['msg'] = $query->row('template_data'); $wordwrap = ( $this->check_yes($query->row('wordwrap')) ) ? TRUE: FALSE; $msg['subject'] = str_replace( LD.'entry_date'.RD, ee()->localize->set_human_time(ee()->localize->now), $msg['subject'] ); $msg['msg'] = str_replace( LD.'entry_date'.RD, ee()->localize->set_human_time(ee()->localize->now), $msg['msg'] ); $msg['subject'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['subject'] ); $msg['msg'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['msg'] ); /* email_change*/ if (preg_match_all("/".LD."(entry_date)\s+format=([\"'])(.*?)\\2".RD."/is", $msg['subject'].$msg['msg'], $matches)) { for ($j = 0; $j < count($matches[0]); $j++) { $val = $matches[3][$j]; foreach (ee()->localize->fetch_date_params($matches[3][$j]) AS $dvar) { $val = str_replace( $dvar, ee()->localize->convert_timestamp($dvar, ee()->localize->now, TRUE), $val); } $msg['subject'] = str_replace( $matches[0][$j], $val, $msg['subject'] ); $msg['msg'] = str_replace( $matches[0][$j], $val, $msg['msg'] ); } } // ---------------------------------------- // Parse conditionals // ---------------------------------------- //template isn't defined yet, so we have to fetch it //1.x if(APP_VER < 2.0) { if ( ! class_exists('Template')) { require PATH_CORE.'core.template'.EXT; } $local_TMPL = new Template(); } //2.x else { ee()->load->library('template'); $local_TMPL =& ee()->template; } $data['attachment_count'] = count( $this->attachments ); $cond = $data; foreach( $msg as $key => $val ) { $msg[$key] = $local_TMPL->advanced_conditionals( ee()->functions->prep_conditionals( $msg[$key], $cond ) ); } unset( $cond ); // ---------------------------------------- // Parse individual fields // ---------------------------------------- $exclude = array('submit'); foreach ( $msg as $key => $val ) { // ---------------------------------------- // Handle attachments // ---------------------------------------- $msg[$key] = str_replace( LD."attachment_count".RD, $data['attachment_count'], $msg[$key] ); if ( $key == 'msg' ) { $all_fields .= "Attachments: ".$data['attachment_count']."\n"; $n = 0; foreach ( $this->attachments as $file ) { $n++; $all_fields .= "Attachment $n: ".$file['filename']." ".$this->upload['url'].$file['filename']."\n"; } } if ( preg_match( "/".LD."attachments".RD."(.*?)".LD."\/attachments".RD."/s", $msg[$key], $match ) ) { if ( count( $this->attachments ) > 0 ) { $str = ''; foreach ( $this->attachments as $file ) { $tagdata = $match['1']; $tagdata = str_replace( LD."fileurl".RD, $this->upload['url'].$file['filename'], $tagdata ); $tagdata = str_replace( LD."filename".RD, $file['filename'], $tagdata ); $str .= $tagdata; } $msg[$key] = str_replace( $match['0'], $str, $msg[$key] ); } else { $msg[$key] = str_replace( $match['0'], "", $msg[$key] ); } } // ---------------------------------------- // Loop // ---------------------------------------- foreach ( $fields as $name => $label ) { if ( isset( $data[$name] ) AND ! in_array( $name, $exclude ) ) { $msg[$key] = str_replace( LD.$name.RD, $data[$name], $msg[$key] ); // ---------------------------------------- // We don't want to concatenate for every // time through the main loop. // ---------------------------------------- if ( $key == 'msg' ) { $all_fields .= $label.": ".$data[$name]."\n"; } } else { $msg[$key] = str_replace( LD.$name.RD, '', $msg[$key] ); } } } // ---------------------------------------- // Parse all fields variable // ---------------------------------------- if ( stristr( $msg['msg'], LD.'all_custom_fields'.RD ) ) { $msg['msg'] = str_replace( LD.'all_custom_fields'.RD, $all_fields, $msg['msg'] ); } // ---------------------------------------- // 'freeform_module_user_notification' hook. // - This allows developers to alter the $msg array before user notification is sent. // ---------------------------------------- if (ee()->extensions->active_hook('freeform_module_user_notification') === TRUE) { $msg = ee()->extensions->universal_call('freeform_module_user_notification', $fields, $this->entry_id, $msg); if (ee()->extensions->end_script === TRUE) return; } // ---------------------------------------- // ---------------------------------------- // Send email // ---------------------------------------- //ee()->load->library('email'); ee()->email->wordwrap = $wordwrap; ee()->email->mailtype = ( $this->check_yes($query->row('html')) ) ? 'html': 'text'; if ( count( $this->attachments ) > 0 AND $this->check_yes($this->_param('send_user_attachment')) ) { foreach ( $this->attachments as $file_name ) { ee()->email->attach( $file_name['filepath'] ); } ee()->db->query( ee()->db->update_string( 'exp_freeform_attachments', array( 'emailed' => 'y' ), array( 'entry_id' => $this->entry_id ) ) ); } foreach ($recipients as $val) { ee()->email->initialize(); ee()->email->from($msg['from_email'], $msg['from_name']); ee()->email->to($val); ee()->email->subject($msg['subject']); ee()->email->message(entities_to_ascii($msg['msg'])); ee()->email->send(); } $msg = array(); ee()->email->clear(TRUE); } // End send user email // ---------------------------------------- // Subscribe to mailing lists // ---------------------------------------- if ( ee()->input->get_post('mailinglist') ) { if ( ee()->db->table_exists('exp_mailing_lists') ) { // ---------------------------------------- // Do we have an email? // ---------------------------------------- if ( $email = ee()->input->get_post('email') ) { // ---------------------------------------- // Explode mailinglist parameter // ---------------------------------------- if ( is_array( ee()->input->post('mailinglist') ) ) { $lists = implode( "','", ee()->db->escape_str(ee()->input->post('mailinglist'))); } else { $lists = ee()->db->escape_str(ee()->input->post('mailinglist')); } // ---------------------------------------- // Get lists // ---------------------------------------- $subscribed = ''; $sub = ee()->db->query( "SELECT list_id FROM exp_mailing_list WHERE email = '" . ee()->db->escape_str($email) . "' GROUP BY list_id" ); if ( $sub->num_rows() > 0 ) { foreach( $sub->result_array() as $row ) { $subscribed[] = $row['list_id']; } $subscribed = " AND list_id NOT IN (".implode(',', $subscribed).") "; } $query = ee()->db->query( "SELECT DISTINCT list_id, list_title FROM exp_mailing_lists WHERE ( list_id IN ('" . $lists . "') OR list_name IN ('" . $lists . "') ) " . $subscribed ); if ( $query->num_rows() > 0 AND $query->num_rows() < 50 ) { // Kill duplicate emails from authorization queue. This prevents an error if a user // signs up but never activates their email, then signs up again. ee()->db->query( "DELETE FROM exp_mailing_list_queue WHERE email = '" . ee()->db->escape_str($email) . "'" ); foreach ( $query->result_array() as $row ) { // ---------------------------------------- // Insert email // ---------------------------------------- $code = ee()->functions->random('alpha', 10); if ( $this->check_no(ee()->input->get_post('mailinglist_opt_in')) ) { ee()->db->query( ee()->db->insert_string( 'exp_mailing_list', array( 'user_id' => '', 'list_id' => $row['list_id'], 'authcode' => $code, 'email' => $email, 'ip_address' => ee()->input->ip_address() ) ) ); // ---------------------------------------- // Is there an admin notification to send? // ---------------------------------------- if ($this->check_yes(ee()->config->item('mailinglist_notify')) AND ee()->config->item('mailinglist_notify_emails') != '') { $query = ee()->db->query( "SELECT list_title FROM exp_mailing_lists WHERE list_id = '" . ee()->db->escape_str($row['list_id']) . "'" ); $swap = array( 'email' => $email, 'mailing_list' => $query->row('list_title') ); $template = ee()->functions->fetch_email_template('admin_notify_mailinglist'); $email_tit = ee()->functions->var_swap($template['title'], $swap); $email_msg = ee()->functions->var_swap($template['data'], $swap); // ---------------------------- // Send email // ---------------------------- $notify_address = $this->remove_extra_commas( ee()->config->item('mailinglist_notify_emails') ); if ($notify_address != '') { // ---------------------------- // Send email // ---------------------------- //ee()->load->library('email'); foreach (explode(',', $notify_address) as $addy) { ee()->email->initialize(); ee()->email->wordwrap = true; ee()->email->from( ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name') ); ee()->email->to($addy); ee()->email->reply_to(ee()->config->item('webmaster_email')); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); } ee()->email->clear(TRUE); } } } else { ee()->db->query( "INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date) VALUES ('" . ee()->db->escape_str($email) . "', '" . ee()->db->escape_str($row['list_id']) ."', '" . ee()->db->escape_str($code) . "', '" . time() . "')" ); $this->send_email_confirmation($email, $row, $code); } } } } } } // End subscribe to mailinglists // ---------------------------------------- // 'freeform_module_insert_end' hook. // - This allows developers to do one last thing before Freeform submit is ended. // ---------------------------------------- if (ee()->extensions->active_hook('freeform_module_insert_end') === TRUE) { $edata = ee()->extensions->universal_call('freeform_module_insert_end', $fields, $this->entry_id, $msg); if (ee()->extensions->end_script === TRUE) return; } // ---------------------------------------- // ---------------------------------------- // Set return // ---------------------------------------- if ( ! $return = ee()->input->get_post('return') ) { $return = ee()->input->get_post('RET'); } if ( preg_match( "/".LD."\s*path=(.*?)".RD."/", $return, $match ) > 0 ) { $return = ee()->functions->create_url( $match['1'] ); } elseif ( stristr( $return, "http://" ) === FALSE && stristr( $return, "https://" ) === FALSE ) { $return = ee()->functions->create_url( $return ); } $return = str_replace( "%%entry_id%%", $this->entry_id, $return ); $return = $this->_chars_decode( $return ); // ---------------------------------------- // Return the user // ---------------------------------------- if ( $return != '' ) { ee()->functions->redirect( $return ); } else { ee()->functions->redirect( ee()->functions->fetch_site_index() ); } exit; }
/** * Register Member */ public function register_member() { // Do we allow new member registrations? if (ee()->config->item('allow_member_registration') == 'n') { return FALSE; } // Is user banned? if (ee()->session->userdata('is_banned') === TRUE) { return ee()->output->show_user_error('general', array(lang('not_authorized'))); } // Blacklist/Whitelist Check if (ee()->blacklist->blacklisted == 'y' && ee()->blacklist->whitelisted == 'n') { return ee()->output->show_user_error('general', array(lang('not_authorized'))); } ee()->load->helper('url'); // ------------------------------------------- // 'member_member_register_start' hook. // - Take control of member registration routine // - Added EE 1.4.2 // ee()->extensions->call('member_member_register_start'); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- // Set the default globals $default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location'); foreach ($default as $val) { if (!isset($_POST[$val])) { $_POST[$val] = ''; } } if ($_POST['screen_name'] == '') { $_POST['screen_name'] = $_POST['username']; } // Instantiate validation class if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate.php'; } $VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => trim_nbs($_POST['username']), 'cur_username' => '', 'screen_name' => trim_nbs($_POST['screen_name']), 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => trim($_POST['email']), 'cur_email' => '')); $VAL->validate_username(); $VAL->validate_screen_name(); $VAL->validate_password(); $VAL->validate_email(); // Do we have any custom fields? $query = ee()->db->select('m_field_id, m_field_name, m_field_label, m_field_type, m_field_list_items, m_field_required')->where('m_field_reg', 'y')->get('member_fields'); $cust_errors = array(); $cust_fields = array(); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $field_name = 'm_field_id_' . $row['m_field_id']; // Assume we're going to save this data, unless it's empty to begin with $valid = isset($_POST[$field_name]) && $_POST[$field_name] != ''; // Basic validations if ($row['m_field_required'] == 'y' && !$valid) { $cust_errors[] = lang('mbr_field_required') . ' ' . $row['m_field_label']; } elseif ($row['m_field_type'] == 'select' && $valid) { // Ensure their selection is actually a valid choice $options = explode("\n", $row['m_field_list_items']); if (!in_array(htmlentities($_POST[$field_name]), $options)) { $valid = FALSE; $cust_errors[] = lang('mbr_field_invalid') . ' ' . $row['m_field_label']; } } if ($valid) { $cust_fields[$field_name] = ee()->security->xss_clean($_POST[$field_name]); } } } if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) { $cust_errors[] = lang('mbr_emails_not_match'); } if (ee()->config->item('use_membership_captcha') == 'y') { if (!isset($_POST['captcha']) or $_POST['captcha'] == '') { $cust_errors[] = lang('captcha_required'); } } if (ee()->config->item('require_terms_of_service') == 'y') { if (!isset($_POST['accept_terms'])) { $cust_errors[] = lang('mbr_terms_of_service_required'); } } // ------------------------------------------- // 'member_member_register_errors' hook. // - Additional error checking prior to submission // - Added EE 2.5.0 // ee()->extensions->call('member_member_register_errors', $this); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- $errors = array_merge($VAL->errors, $cust_errors, $this->errors); // Display error is there are any if (count($errors) > 0) { return ee()->output->show_user_error('submission', $errors); } // Do we require captcha? if (ee()->config->item('use_membership_captcha') == 'y') { $query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return ee()->output->show_user_error('submission', array(lang('captcha_incorrect'))); } ee()->db->query("DELETE FROM exp_captcha WHERE (word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } ee()->load->helper('security'); // Assign the base query data $data = array('username' => trim_nbs(ee()->input->post('username')), 'password' => sha1($_POST['password']), 'ip_address' => ee()->input->ip_address(), 'unique_id' => ee()->functions->random('encrypt'), 'join_date' => ee()->localize->now, 'email' => trim_nbs(ee()->input->post('email')), 'screen_name' => trim_nbs(ee()->input->post('screen_name')), 'url' => prep_url(ee()->input->post('url')), 'location' => ee()->input->post('location'), 'language' => ee()->config->item('deft_lang') ? ee()->config->item('deft_lang') : 'english', 'date_format' => ee()->config->item('date_format') ? ee()->config->item('date_format') : '%n/%j/%y', 'time_format' => ee()->config->item('time_format') ? ee()->config->item('time_format') : '12', 'include_seconds' => ee()->config->item('include_seconds') ? ee()->config->item('include_seconds') : 'n', 'timezone' => ee()->config->item('default_site_timezone')); // Set member group if (ee()->config->item('req_mbr_activation') == 'manual' or ee()->config->item('req_mbr_activation') == 'email') { $data['group_id'] = 4; // Pending } else { if (ee()->config->item('default_member_group') == '') { $data['group_id'] = 4; // Pending } else { $data['group_id'] = ee()->config->item('default_member_group'); } } // Optional Fields $optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'date_format' => 'date_format', 'time_format' => 'time_format', 'include_seconds' => 'include_seconds'); foreach ($optional as $key => $value) { if (isset($_POST[$value])) { $data[$key] = $_POST[$value]; } } // We generate an authorization code if the member needs to self-activate if (ee()->config->item('req_mbr_activation') == 'email') { $data['authcode'] = ee()->functions->random('alnum', 10); } // Insert basic member data ee()->db->query(ee()->db->insert_string('exp_members', $data)); $member_id = ee()->db->insert_id(); // Insert custom fields $cust_fields['member_id'] = $member_id; ee()->db->query(ee()->db->insert_string('exp_member_data', $cust_fields)); // Create a record in the member homepage table // This is only necessary if the user gains CP access, // but we'll add the record anyway. ee()->db->query(ee()->db->insert_string('exp_member_homepage', array('member_id' => $member_id))); // Mailinglist Subscribe $mailinglist_subscribe = FALSE; if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) { // Kill duplicate emails from authorizatin queue. ee()->db->where('email', $_POST['email'])->delete('mailing_list_queue'); // Validate Mailing List ID $query = ee()->db->select('COUNT(*) as count')->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_lists'); // Email Not Already in Mailing List $results = ee()->db->select('COUNT(*) as count')->where('email', $_POST['email'])->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_list'); // INSERT Email if ($query->row('count') > 0 && $results->row('count') == 0) { $mailinglist_subscribe = TRUE; $code = ee()->functions->random('alnum', 10); if (ee()->config->item('req_mbr_activation') == 'email') { // Activated When Membership Activated ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); } elseif (ee()->config->item('req_mbr_activation') == 'manual') { // Mailing List Subscribe Email ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); ee()->lang->loadfile('mailinglist'); $action_id = ee()->functions->fetch_action_id('Mailinglist', 'authorize_email'); $swap = array('activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $code, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url')); $template = ee()->functions->fetch_email_template('mailinglist_activation_instructions'); $email_tit = ee()->functions->var_swap($template['title'], $swap); $email_msg = ee()->functions->var_swap($template['data'], $swap); // Send email ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->mailtype = 'plain'; ee()->email->priority = '3'; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($_POST['email']); ee()->email->subject($email_tit); ee()->email->message($email_msg); ee()->email->send(); } else { // Automatically Accepted ee()->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)\r\n\t\t\t\t\t\t\t\t\t\t VALUES ('" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str(ee()->input->ip_address()) . "')"); } } } // Update if (ee()->config->item('req_mbr_activation') == 'none') { ee()->stats->update_member_stats(); } // Send admin notifications if (ee()->config->item('new_member_notification') == 'y' && ee()->config->item('mbr_notification_emails') != '') { $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $swap = array('name' => $name, 'site_name' => stripslashes(ee()->config->item('site_name')), 'control_panel_url' => ee()->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email']); $template = ee()->functions->fetch_email_template('admin_notify_reg'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); // Remove multiple commas $notify_address = reduce_multiples(ee()->config->item('mbr_notification_emails'), ',', TRUE); // Send email ee()->load->helper('text'); ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($notify_address); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); } // ------------------------------------------- // 'member_member_register' hook. // - Additional processing when a member is created through the User Side // - $member_id added in 2.0.1 // ee()->extensions->call('member_member_register', $data, $member_id); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- // Send user notifications if (ee()->config->item('req_mbr_activation') == 'email') { $action_id = ee()->functions->fetch_action_id('Member', 'activate_member'); $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $board_id = ee()->input->get_post('board_id') !== FALSE && is_numeric(ee()->input->get_post('board_id')) ? ee()->input->get_post('board_id') : 1; $forum_id = ee()->input->get_post('FROM') == 'forum' ? '&r=f&board_id=' . $board_id : ''; $add = $mailinglist_subscribe !== TRUE ? '' : '&mailinglist=' . $_POST['mailinglist_subscribe']; $swap = array('name' => $name, 'activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $data['authcode'] . $forum_id . $add, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email']); $template = ee()->functions->fetch_email_template('mbr_activation_instructions'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); // Send email ee()->load->helper('text'); ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($data['email']); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); $message = lang('mbr_membership_instructions_email'); } elseif (ee()->config->item('req_mbr_activation') == 'manual') { $message = lang('mbr_admin_will_activate'); } else { // Log user in (the extra query is a little annoying) ee()->load->library('auth'); $member_data_q = ee()->db->get_where('members', array('member_id' => $member_id)); $incoming = new Auth_result($member_data_q->row()); $incoming->remember_me(); $incoming->start_session(); $message = lang('mbr_your_are_logged_in'); } // Build the message if (ee()->input->get_post('FROM') == 'forum') { $query = $this->_do_form_query(); $site_name = $query->row('board_label'); $return = $query->row('board_forum_url'); } else { $site_name = ee()->config->item('site_name') == '' ? lang('back') : stripslashes(ee()->config->item('site_name')); $return = ee()->config->item('site_url'); } $data = array('title' => lang('mbr_registration_complete'), 'heading' => lang('thank_you'), 'content' => lang('mbr_registration_completed') . "\n\n" . $message, 'redirect' => '', 'link' => array($return, $site_name)); ee()->output->show_message($data); }
function register_member($ext, $doRegister = TRUE, $error_handling = '') { $this->EE->load->helper('security'); $inline_errors = array(); //$this->EE->load->language("member"); /** ------------------------------------- /** Do we allow new member registrations? /** ------------------------------------*/ if ($this->EE->config->item('allow_member_registration') == 'n') { return array('general', array($this->EE->lang->line('member_registrations_not_allowed'))); } /** ---------------------------------------- /** Is user banned? /** ----------------------------------------*/ if ($this->EE->session->userdata['is_banned'] == TRUE) { return array('general', array($this->EE->lang->line('not_authorized'))); } /** ---------------------------------------- /** Blacklist/Whitelist Check /** ----------------------------------------*/ if ($this->EE->blacklist->blacklisted == 'y' && $this->EE->blacklist->whitelisted == 'n') { return array('general', array($this->EE->lang->line('not_authorized'))); } $this->EE->load->helper('url'); /* ------------------------------------------- /* 'member_member_register_start' hook. /* - Take control of member registration routine /* - Added EE 1.4.2 */ $edata = $this->EE->extensions->call('member_member_register_start'); if ($this->EE->extensions->end_script === TRUE) { return; } /* /* -------------------------------------------*/ /** ---------------------------------------- /** Set the default globals /** ----------------------------------------*/ $default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location'); foreach ($default as $val) { if (!isset($_POST[$val])) { $_POST[$val] = ''; } } if ($_POST['screen_name'] == '') { $_POST['screen_name'] = $_POST['username']; } /** ------------------------------------- /** Instantiate validation class /** -------------------------------------*/ if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate' . EXT; } $VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $_POST['username'], 'cur_username' => '', 'screen_name' => $_POST['screen_name'], 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => $_POST['email'], 'cur_email' => '')); // load the language file $this->EE->lang->loadfile('zoo_visitor'); $VAL->validate_email(); $inline_errors["email"] = $VAL->errors; $offset = count($VAL->errors); /** ------------------------------------- /** Zoo Visitor conditional checking /** -------------------------------------*/ if ($this->zoo_settings['email_is_username'] != 'yes') { $VAL->validate_username(); $inline_errors["username"] = array_slice($VAL->errors, $offset); $offset = count($VAL->errors); } if ($this->zoo_settings['use_screen_name'] != "no") { $VAL->validate_screen_name(); $inline_errors["screen_name"] = array_slice($VAL->errors, $offset); $offset = count($VAL->errors); } $VAL->validate_password(); $inline_errors["password"] = array_slice($VAL->errors, $offset); $offset = count($VAL->errors); /** ------------------------------------- /** Do we have any custom fields? /** -------------------------------------*/ $query = $this->EE->db->query("SELECT m_field_id, m_field_name, m_field_label, m_field_required FROM exp_member_fields"); $cust_errors = array(); $cust_fields = array(); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { if ($row['m_field_required'] == 'y' && (!isset($_POST['m_field_id_' . $row['m_field_id']]) or $_POST['m_field_id_' . $row['m_field_id']] == '')) { $cust_errors[] = $this->EE->lang->line('mbr_field_required') . ' ' . $row['m_field_label']; $inline_errors[$row['m_field_name']] = array($this->EE->lang->line('mbr_field_required') . ' ' . $row['m_field_label']); } elseif (isset($_POST['m_field_id_' . $row['m_field_id']])) { $cust_fields['m_field_id_' . $row['m_field_id']] = $this->EE->security->xss_clean($_POST['m_field_id_' . $row['m_field_id']]); } } } if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) { $cust_errors[] = $this->EE->lang->line('mbr_emails_not_match'); $inline_errors["email_confirm"] = array($this->EE->lang->line('mbr_emails_not_match')); } if ($this->EE->config->item('use_membership_captcha') == 'y') { if (!isset($_POST['captcha']) or $_POST['captcha'] == '') { $cust_errors[] = $this->EE->lang->line('captcha_required'); $inline_errors["captcha"] = array($this->EE->lang->line('captcha_required')); } } /** ---------------------------------------- /** Do we require captcha? /** ----------------------------------------*/ if ($this->EE->config->item('use_membership_captcha') == 'y') { $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . $this->EE->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { $cust_errors[] = $this->EE->lang->line('captcha_incorrect'); $inline_errors["captcha"] = array($this->EE->lang->line('captcha_incorrect')); } //$this->EE->db->query("DELETE FROM exp_captcha WHERE (word='" . $this->EE->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } if ($this->EE->config->item('require_terms_of_service') == 'y') { if (!isset($_POST['accept_terms'])) { $cust_errors[] = $this->EE->lang->line('mbr_terms_of_service_required'); $inline_errors["accept_terms"] = array($this->EE->lang->line('mbr_terms_of_service_required')); } } $errors = array_merge($VAL->errors, $cust_errors); // =========================== // = Set default membergroup = // =========================== if ($this->EE->config->item('req_mbr_activation') == 'manual' or $this->EE->config->item('req_mbr_activation') == 'email') { $data['group_id'] = 4; // Pending } else { if ($this->EE->config->item('default_member_group') == '') { $data['group_id'] = 4; // Pending } else { $data['group_id'] = $this->EE->config->item('default_member_group'); } } // ============================================ // = Check if there is a membergroup selected = // ============================================ $selected_group_id = $this->check_membergroup_change($data); /** ------------------------------------- /** Display error is there are any /** -------------------------------------*/ if (count($errors) > 0) { return array('submission', $inline_errors); //return array('submission', $errors); } if (!$doRegister) { return TRUE; } /** ---------------------------------------- /** Secure Mode Forms? /** ----------------------------------------*/ if ($this->EE->config->item('secure_forms') == 'y') { if (version_compare(APP_VER, '2.5.4', '>=')) { // Secure Mode Forms? if ($this->EE->config->item('secure_forms') == 'y' and !$this->EE->security->secure_forms_check($this->EE->input->post('XID'))) { return $this->EE->output->show_user_error('general', array(lang('not_authorized'))); } } else { $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='" . $this->EE->db->escape_str($_POST['XID']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return array('general', array($this->EE->lang->line('not_authorized'))); } $this->EE->db->query("DELETE FROM exp_security_hashes WHERE (hash='" . $this->EE->db->escape_str($_POST['XID']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } } /** ------------------------------------- /** Assign the base query data /** -------------------------------------*/ $data['username'] = $_POST['username']; $data['password'] = version_compare(APP_VER, '2.6.0', '<') ? $this->EE->functions->hash(stripslashes($_POST['password'])) : do_hash(stripslashes($_POST['password'])); $data['ip_address'] = $this->EE->input->ip_address(); $data['unique_id'] = $this->EE->functions->random('encrypt'); $data['join_date'] = $this->EE->localize->now; $data['email'] = $_POST['email']; $data['screen_name'] = $_POST['screen_name']; $data['url'] = prep_url($_POST['url']); $data['location'] = $_POST['location']; // overridden below if used as optional fields $data['language'] = $this->EE->config->item('deft_lang') ? $this->EE->config->item('deft_lang') : 'english'; $data['time_format'] = $this->EE->config->item('time_format') ? $this->EE->config->item('time_format') : 'us'; $data['timezone'] = $this->EE->config->item('default_site_timezone') && $this->EE->config->item('default_site_timezone') != '' ? $this->EE->config->item('default_site_timezone') : $this->EE->config->item('server_timezone'); if (APP_VER < '2.6.0') { $data['daylight_savings'] = $this->EE->config->item('default_site_dst') && $this->EE->config->item('default_site_dst') != '' ? $this->EE->config->item('default_site_dst') : $this->EE->config->item('daylight_savings'); } // ========================== // = Standard member fields = // ========================== $fields = array('bday_y', 'bday_m', 'bday_d', 'url', 'location', 'occupation', 'interests', 'aol_im', 'icq', 'yahoo_im', 'msn_im', 'bio'); foreach ($fields as $val) { if ($this->EE->input->post($val)) { $data[$val] = isset($_POST[$val]) ? $this->EE->security->xss_clean($_POST[$val]) : ''; unset($_POST[$val]); } } if (isset($data['bday_d']) && is_numeric($data['bday_d']) && is_numeric($data['bday_m'])) { $year = $data['bday_y'] != '' ? $data['bday_y'] : date('Y'); $mdays = $this->EE->localize->fetch_days_in_month($data['bday_m'], $year); if ($data['bday_d'] > $mdays) { $data['bday_d'] = $mdays; } } // Optional Fields $optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'time_format' => 'time_format'); foreach ($optional as $key => $value) { if (isset($_POST[$value])) { $data[$key] = $_POST[$value]; } } /* if ($this->EE->input->post('daylight_savings') == 'y') { $data['daylight_savings'] = 'y'; } elseif ($this->EE->input->post('daylight_savings') == 'n') { $data['daylight_savings'] = 'n'; } */ // We generate an authorization code if the member needs to self-activate if ($this->EE->config->item('req_mbr_activation') == 'email') { $data['authcode'] = $this->EE->functions->random('alnum', 10); } /** ------------------------------------- /** Insert basic member data /** -------------------------------------*/ $this->EE->db->query($this->EE->db->insert_string('exp_members', $data)); $member_id = $this->EE->db->insert_id(); // ============================================= // = Override the screenname for use in emails = // ============================================= $screen_name_overriden = $this->get_override_screen_name(); $data['screen_name'] = $screen_name_overriden !== FALSE ? $screen_name_overriden : $data['screen_name']; // ========================================================================================= // = Store the selected membergroup if it is defined in the form AND activation is required = // ========================================================================================== if (isset($selected_group_id) and is_numeric($selected_group_id) and $selected_group_id != '1') { if ($this->EE->config->item('req_mbr_activation') == 'email' || $this->EE->config->item('req_mbr_activation') == 'manual') { $activation_data = array(); $activation_data['member_id'] = $member_id; $activation_data['group_id'] = $selected_group_id; $this->EE->db->insert('zoo_visitor_activation_membergroup', $activation_data); } } // ===================== // = HASH THE PASSWORD = // ===================== $this->EE->load->library('auth'); $hashed_pair = $this->EE->auth->hash_password($_POST['password']); if ($hashed_pair === FALSE) { } else { $this->EE->db->where('member_id', (int) $member_id); $this->EE->db->update('members', $hashed_pair); } /** ------------------------------------- /** Insert custom fields /** -------------------------------------*/ $cust_fields['member_id'] = $member_id; $this->EE->db->query($this->EE->db->insert_string('exp_member_data', $cust_fields)); /** ------------------------------------- /** Create a record in the member homepage table /** -------------------------------------*/ // This is only necessary if the user gains CP access, but we'll add the record anyway. $this->EE->db->query($this->EE->db->insert_string('exp_member_homepage', array('member_id' => $member_id))); /** ------------------------------------- /** Mailinglist Subscribe /** -------------------------------------*/ $mailinglist_subscribe = FALSE; if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) { // Kill duplicate emails from authorizatin queue. $this->EE->db->query("DELETE FROM exp_mailing_list_queue WHERE email = '" . $this->EE->db->escape_str($_POST['email']) . "'"); // Validate Mailing List ID $query = $this->EE->db->query("SELECT COUNT(*) AS count\n\t\t\t\t\t\t\t\t FROM exp_mailing_lists\n\t\t\t\t\t\t\t\t WHERE list_id = '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "'"); // Email Not Already in Mailing List $results = $this->EE->db->query("SELECT count(*) AS count\n\t\t\t\t\t\t\t\t\tFROM exp_mailing_list\n\t\t\t\t\t\t\t\t\tWHERE email = '" . $this->EE->db->escape_str($_POST['email']) . "'\n\t\t\t\t\t\t\t\t\tAND list_id = '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "'"); /** ------------------------------------- /** INSERT Email /** -------------------------------------*/ if ($query->row('count') > 0 && $results->row('count') == 0) { $mailinglist_subscribe = TRUE; $code = $this->EE->functions->random('alnum', 10); if ($this->EE->config->item('req_mbr_activation') == 'email') { // Activated When Membership Activated $this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\n\t\t\t\t\t\t\t\tVALUES ('" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); } elseif ($this->EE->config->item('req_mbr_activation') == 'manual') { // Mailing List Subscribe Email $this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\n\t\t\t\t\t\t\t\tVALUES ('" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); $this->EE->lang->loadfile('mailinglist'); $action_id = $this->EE->functions->fetch_action_id('Mailinglist', 'authorize_email'); $swap = array('activation_url' => $this->EE->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $code, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url')); $template = $this->EE->functions->fetch_email_template('mailinglist_activation_instructions'); $email_tit = $this->EE->functions->var_swap($template['title'], $swap); $email_msg = $this->EE->functions->var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->mailtype = 'plain'; $this->EE->email->priority = '3'; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($_POST['email']); $this->EE->email->subject($email_tit); $this->EE->email->message($email_msg); $this->EE->email->send(); } else { // Automatically Accepted $this->EE->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)\n\t\t\t\t\t\t\t\t\t\t VALUES ('" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($this->EE->input->ip_address()) . "')"); } } } /** ------------------------------------- /** Update /** -------------------------------------*/ if ($this->EE->config->item('req_mbr_activation') == 'none') { $this->EE->stats->update_member_stats(); } /** ------------------------------------- /** Send admin notifications /** -------------------------------------*/ if ($this->EE->config->item('new_member_notification') == 'y' and $this->EE->config->item('mbr_notification_emails') != '') { $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $swap = array('name' => $name, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'control_panel_url' => $this->EE->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email']); $template = $this->EE->functions->fetch_email_template('admin_notify_reg'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); $this->EE->load->helper('string'); // Remove multiple commas $notify_address = reduce_multiples($this->EE->config->item('mbr_notification_emails'), ',', TRUE); /** ---------------------------- /** Send email /** ----------------------------*/ // Load the text helper $this->EE->load->helper('text'); $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($notify_address); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->Send(); } // ------------------------------------------- // 'member_member_register' hook. // - Additional processing when a member is created through the User Side // - $member_id added in 2.0.1 // $edata = $this->EE->extensions->call('member_member_register', $data, $member_id); if ($this->EE->extensions->end_script === TRUE) { return; } // // ------------------------------------------- /** ------------------------------------- /** Zoo Visitor assignment /** -------------------------------------*/ $member_data = $data; $member_data["member_id"] = $member_id; /** ------------------------------------- /** Send user notifications /** -------------------------------------*/ if ($this->EE->config->item('req_mbr_activation') == 'email') { $action_id = $this->EE->functions->fetch_action_id('Member', 'activate_member'); $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $board_id = $this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id')) ? $this->EE->input->get_post('board_id') : 1; $forum_id = $this->EE->input->get_post('FROM') == 'forum' ? '&r=f&board_id=' . $board_id : ''; $add = $mailinglist_subscribe !== TRUE ? '' : '&mailinglist=' . $_POST['mailinglist_subscribe']; $swap = array('name' => $name, 'activation_url' => $this->EE->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $data['authcode'] . $forum_id . $add, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email']); $template = $this->EE->functions->fetch_email_template('mbr_activation_instructions'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ // Load the text helper $this->EE->load->helper('text'); $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($data['email']); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->Send(); $message = $this->EE->lang->line('mbr_membership_instructions_email'); } elseif ($this->EE->config->item('req_mbr_activation') == 'manual') { $message = $this->EE->lang->line('mbr_admin_will_activate'); } else { /** ---------------------------------------- /** Log user is handled at the end of the extension /** ----------------------------------------*/ } /** ---------------------------------------- /** Build the message /** ----------------------------------------*/ if ($this->EE->input->get_post('FROM') == 'forum') { if ($this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id'))) { $query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '" . $this->EE->db->escape_str($this->EE->input->get_post('board_id')) . "'"); } else { $query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '1'"); } $site_name = $query->row('board_label'); $return = $query->row('board_forum_url'); } else { $site_name = $this->EE->config->item('site_name') == '' ? $this->EE->lang->line('back') : stripslashes($this->EE->config->item('site_name')); $return = $this->EE->config->item('site_url'); } $data = array('title' => $this->EE->lang->line('mbr_registration_complete'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('mbr_registration_completed'), 'redirect' => '', 'link' => array($return, $site_name), 'result' => 'registration_complete', 'member_data' => $member_data); //$this->EE->output->show_message($data); return $data; }
/** ---------------------------------------- /** Register Member /** ----------------------------------------*/ function register_member() { /** ------------------------------------- /** Do we allow new member registrations? /** ------------------------------------*/ if ($this->EE->config->item('allow_member_registration') == 'n') { return FALSE; } /** ---------------------------------------- /** Is user banned? /** ----------------------------------------*/ if ($this->EE->session->userdata['is_banned'] == TRUE) { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized'))); } /** ---------------------------------------- /** Blacklist/Whitelist Check /** ----------------------------------------*/ if ($this->EE->blacklist->blacklisted == 'y' && $this->EE->blacklist->whitelisted == 'n') { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized'))); } $this->EE->load->helper('url'); /* ------------------------------------------- /* 'member_member_register_start' hook. /* - Take control of member registration routine /* - Added EE 1.4.2 */ $edata = $this->EE->extensions->call('member_member_register_start'); if ($this->EE->extensions->end_script === TRUE) return; /* /* -------------------------------------------*/ /** ---------------------------------------- /** Set the default globals /** ----------------------------------------*/ $default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location'); foreach ($default as $val) { if ( ! isset($_POST[$val])) $_POST[$val] = ''; } if ($_POST['screen_name'] == '') $_POST['screen_name'] = $_POST['username']; /** ------------------------------------- /** Instantiate validation class /** -------------------------------------*/ if ( ! class_exists('EE_Validate')) { require APPPATH.'libraries/Validate'.EXT; } $VAL = new EE_Validate( array( 'member_id' => '', 'val_type' => 'new', // new or update 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $_POST['username'], 'cur_username' => '', 'screen_name' => $_POST['screen_name'], 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => $_POST['email'], 'cur_email' => '' ) ); $VAL->validate_username(); $VAL->validate_screen_name(); $VAL->validate_password(); $VAL->validate_email(); /** ------------------------------------- /** Do we have any custom fields? /** -------------------------------------*/ $query = $this->EE->db->query("SELECT m_field_id, m_field_name, m_field_label, m_field_required FROM exp_member_fields WHERE m_field_reg = 'y'"); $cust_errors = array(); $cust_fields = array(); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { if ($row['m_field_required'] == 'y' && ( ! isset($_POST['m_field_id_'.$row['m_field_id']]) OR $_POST['m_field_id_'.$row['m_field_id']] == '')) { $cust_errors[] = $this->EE->lang->line('mbr_field_required').' '.$row['m_field_label']; } elseif (isset($_POST['m_field_id_'.$row['m_field_id']])) { $cust_fields['m_field_id_'.$row['m_field_id']] = $this->EE->security->xss_clean($_POST['m_field_id_'.$row['m_field_id']]); } } } if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) { $cust_errors[] = $this->EE->lang->line('mbr_emails_not_match'); } if ($this->EE->config->item('use_membership_captcha') == 'y') { if ( ! isset($_POST['captcha']) OR $_POST['captcha'] == '') { $cust_errors[] = $this->EE->lang->line('captcha_required'); } } if ($this->EE->config->item('require_terms_of_service') == 'y') { if ( ! isset($_POST['accept_terms'])) { $cust_errors[] = $this->EE->lang->line('mbr_terms_of_service_required'); } } $errors = array_merge($VAL->errors, $cust_errors); /** ------------------------------------- /** Display error is there are any /** -------------------------------------*/ if (count($errors) > 0) { return $this->EE->output->show_user_error('submission', $errors); } /** ---------------------------------------- /** Do we require captcha? /** ----------------------------------------*/ if ($this->EE->config->item('use_membership_captcha') == 'y') { $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='".$this->EE->db->escape_str($_POST['captcha'])."' AND ip_address = '".$this->EE->input->ip_address()."' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return $this->EE->output->show_user_error('submission', array($this->EE->lang->line('captcha_incorrect'))); } $this->EE->db->query("DELETE FROM exp_captcha WHERE (word='".$this->EE->db->escape_str($_POST['captcha'])."' AND ip_address = '".$this->EE->input->ip_address()."') OR date < UNIX_TIMESTAMP()-7200"); } /** ---------------------------------------- /** Secure Mode Forms? /** ----------------------------------------*/ if ($this->EE->config->item('secure_forms') == 'y') { $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='".$this->EE->db->escape_str($_POST['XID'])."' AND ip_address = '".$this->EE->input->ip_address()."' AND ip_address = '".$this->EE->input->ip_address()."' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized'))); } $this->EE->db->query("DELETE FROM exp_security_hashes WHERE (hash='".$this->EE->db->escape_str($_POST['XID'])."' AND ip_address = '".$this->EE->input->ip_address()."') OR date < UNIX_TIMESTAMP()-7200"); } /** ------------------------------------- /** Assign the base query data /** -------------------------------------*/ // Set member group if ($this->EE->config->item('req_mbr_activation') == 'manual' OR $this->EE->config->item('req_mbr_activation') == 'email') { $data['group_id'] = 4; // Pending } else { if ($this->EE->config->item('default_member_group') == '') { $data['group_id'] = 4; // Pending } else { $data['group_id'] = $this->EE->config->item('default_member_group'); } } $data['username'] = $_POST['username']; $data['password'] = $this->EE->functions->hash(stripslashes($_POST['password'])); $data['ip_address'] = $this->EE->input->ip_address(); $data['unique_id'] = $this->EE->functions->random('encrypt'); $data['join_date'] = $this->EE->localize->now; $data['email'] = $_POST['email']; $data['screen_name'] = $_POST['screen_name']; $data['url'] = prep_url($_POST['url']); $data['location'] = $_POST['location']; // overridden below if used as optional fields $data['language'] = ($this->EE->config->item('deft_lang')) ? $this->EE->config->item('deft_lang') : 'english'; $data['time_format'] = ($this->EE->config->item('time_format')) ? $this->EE->config->item('time_format') : 'us'; $data['timezone'] = ($this->EE->config->item('default_site_timezone') && $this->EE->config->item('default_site_timezone') != '') ? $this->EE->config->item('default_site_timezone') : $this->EE->config->item('server_timezone'); $data['daylight_savings'] = ($this->EE->config->item('default_site_dst') && $this->EE->config->item('default_site_dst') != '') ? $this->EE->config->item('default_site_dst') : $this->EE->config->item('daylight_savings'); // Optional Fields $optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'time_format' => 'time_format'); foreach($optional as $key => $value) { if (isset($_POST[$value])) { $data[$key] = $_POST[$value]; } } if ($this->EE->input->post('daylight_savings') == 'y') { $data['daylight_savings'] = 'y'; } elseif ($this->EE->input->post('daylight_savings') == 'n') { $data['daylight_savings'] = 'n'; } // We generate an authorization code if the member needs to self-activate if ($this->EE->config->item('req_mbr_activation') == 'email') { $data['authcode'] = $this->EE->functions->random('alnum', 10); } /** ------------------------------------- /** Insert basic member data /** -------------------------------------*/ $this->EE->db->query($this->EE->db->insert_string('exp_members', $data)); $member_id = $this->EE->db->insert_id(); /** ------------------------------------- /** Insert custom fields /** -------------------------------------*/ $cust_fields['member_id'] = $member_id; $this->EE->db->query($this->EE->db->insert_string('exp_member_data', $cust_fields)); /** ------------------------------------- /** Create a record in the member homepage table /** -------------------------------------*/ // This is only necessary if the user gains CP access, but we'll add the record anyway. $this->EE->db->query($this->EE->db->insert_string('exp_member_homepage', array('member_id' => $member_id))); /** ------------------------------------- /** Mailinglist Subscribe /** -------------------------------------*/ $mailinglist_subscribe = FALSE; if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) { // Kill duplicate emails from authorizatin queue. $this->EE->db->query("DELETE FROM exp_mailing_list_queue WHERE email = '".$this->EE->db->escape_str($_POST['email'])."'"); // Validate Mailing List ID $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_mailing_lists WHERE list_id = '".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."'"); // Email Not Already in Mailing List $results = $this->EE->db->query("SELECT count(*) AS count FROM exp_mailing_list WHERE email = '".$this->EE->db->escape_str($_POST['email'])."' AND list_id = '".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."'"); /** ------------------------------------- /** INSERT Email /** -------------------------------------*/ if ($query->row('count') > 0 && $results->row('count') == 0) { $mailinglist_subscribe = TRUE; $code = $this->EE->functions->random('alnum', 10); if ($this->EE->config->item('req_mbr_activation') == 'email') { // Activated When Membership Activated $this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date) VALUES ('".$this->EE->db->escape_str($_POST['email'])."', '".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".time()."')"); } elseif ($this->EE->config->item('req_mbr_activation') == 'manual') { // Mailing List Subscribe Email $this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date) VALUES ('".$this->EE->db->escape_str($_POST['email'])."', '".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".time()."')"); $this->EE->lang->loadfile('mailinglist'); $action_id = $this->EE->functions->fetch_action_id('Mailinglist', 'authorize_email'); $swap = array( 'activation_url' => $this->EE->functions->fetch_site_index(0, 0).QUERY_MARKER.'ACT='.$action_id.'&id='.$code, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url') ); $template = $this->EE->functions->fetch_email_template('mailinglist_activation_instructions'); $email_tit = $this->EE->functions->var_swap($template['title'], $swap); $email_msg = $this->EE->functions->var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->mailtype = 'plain'; $this->EE->email->priority = '3'; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($_POST['email']); $this->EE->email->subject($email_tit); $this->EE->email->message($email_msg); $this->EE->email->send(); } else { // Automatically Accepted $this->EE->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address) VALUES ('".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".$this->EE->db->escape_str($_POST['email'])."', '".$this->EE->db->escape_str($this->EE->input->ip_address())."')"); } } } /** ------------------------------------- /** Update /** -------------------------------------*/ if ($this->EE->config->item('req_mbr_activation') == 'none') { $this->EE->stats->update_member_stats(); } /** ------------------------------------- /** Send admin notifications /** -------------------------------------*/ if ($this->EE->config->item('new_member_notification') == 'y' AND $this->EE->config->item('mbr_notification_emails') != '') { $name = ($data['screen_name'] != '') ? $data['screen_name'] : $data['username']; $swap = array( 'name' => $name, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'control_panel_url' => $this->EE->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email'] ); $template = $this->EE->functions->fetch_email_template('admin_notify_reg'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); $this->EE->load->helper('string'); // Remove multiple commas $notify_address = reduce_multiples($this->EE->config->item('mbr_notification_emails'), ',', TRUE); /** ---------------------------- /** Send email /** ----------------------------*/ // Load the text helper $this->EE->load->helper('text'); $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($notify_address); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->Send(); } // ------------------------------------------- // 'member_member_register' hook. // - Additional processing when a member is created through the User Side // - $member_id added in 2.0.1 // $edata = $this->EE->extensions->call('member_member_register', $data, $member_id); if ($this->EE->extensions->end_script === TRUE) return; // // ------------------------------------------- /** ------------------------------------- /** Send user notifications /** -------------------------------------*/ if ($this->EE->config->item('req_mbr_activation') == 'email') { $action_id = $this->EE->functions->fetch_action_id('Member', 'activate_member'); $name = ($data['screen_name'] != '') ? $data['screen_name'] : $data['username']; $board_id = ($this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id'))) ? $this->EE->input->get_post('board_id') : 1; $forum_id = ($this->EE->input->get_post('FROM') == 'forum') ? '&r=f&board_id='.$board_id : ''; $add = ($mailinglist_subscribe !== TRUE) ? '' : '&mailinglist='.$_POST['mailinglist_subscribe']; $swap = array( 'name' => $name, 'activation_url' => $this->EE->functions->fetch_site_index(0, 0).QUERY_MARKER.'ACT='.$action_id.'&id='.$data['authcode'].$forum_id.$add, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email'] ); $template = $this->EE->functions->fetch_email_template('mbr_activation_instructions'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ // Load the text helper $this->EE->load->helper('text'); $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($data['email']); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->Send(); $message = $this->EE->lang->line('mbr_membership_instructions_email'); } elseif ($this->EE->config->item('req_mbr_activation') == 'manual') { $message = $this->EE->lang->line('mbr_admin_will_activate'); } else { /** ---------------------------------------- /** Log user in /** ----------------------------------------*/ $expire = 60*60*24*182; $this->EE->functions->set_cookie($this->EE->session->c_expire , time()+$expire, $expire); $this->EE->functions->set_cookie($this->EE->session->c_uniqueid , $data['unique_id'], $expire); $this->EE->functions->set_cookie($this->EE->session->c_password , $data['password'], $expire); /** ---------------------------------------- /** Create a new session /** ----------------------------------------*/ if ($this->EE->config->item('user_session_type') == 'cs' OR $this->EE->config->item('user_session_type') == 's') { $this->EE->session->sdata['session_id'] = $this->EE->functions->random(); $this->EE->session->sdata['member_id'] = $member_id; $this->EE->session->sdata['last_activity'] = $this->EE->localize->now; $this->EE->session->sdata['site_id'] = $this->EE->config->item('site_id'); $this->EE->functions->set_cookie($this->EE->session->c_session , $this->EE->session->sdata['session_id'], $this->EE->session->session_length); $this->EE->db->query($this->EE->db->insert_string('exp_sessions', $this->EE->session->sdata)); } /** ---------------------------------------- /** Update existing session variables /** ----------------------------------------*/ $this->EE->session->userdata['username'] = $data['username']; $this->EE->session->userdata['member_id'] = $member_id; /** ---------------------------------------- /** Update stats /** ----------------------------------------*/ $cutoff = $this->EE->localize->now - (15 * 60); $this->EE->db->query("DELETE FROM exp_online_users WHERE site_id = '".$this->EE->db->escape_str($this->EE->config->item('site_id'))."' AND ((ip_address = '".$this->EE->input->ip_address()."' AND member_id = '0') OR date < $cutoff)"); $data = array( 'member_id' => $this->EE->session->userdata('member_id'), 'name' => ($this->EE->session->userdata['screen_name'] == '') ? $this->EE->session->userdata['username'] : $this->EE->session->userdata['screen_name'], 'ip_address' => $this->EE->input->ip_address(), 'date' => $this->EE->localize->now, 'anon' => 'y', 'site_id' => $this->EE->config->item('site_id') ); $this->EE->db->query($this->EE->db->update_string('exp_online_users', $data, array("ip_address" => $this->EE->input->ip_address(), "member_id" => $data['member_id']))); $message = $this->EE->lang->line('mbr_your_are_logged_in'); } /** ---------------------------------------- /** Build the message /** ----------------------------------------*/ if ($this->EE->input->get_post('FROM') == 'forum') { if ($this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id'))) { $query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '".$this->EE->db->escape_str($this->EE->input->get_post('board_id'))."'"); } else { $query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '1'"); } $site_name = $query->row('board_label') ; $return = $query->row('board_forum_url') ; } else { $site_name = ($this->EE->config->item('site_name') == '') ? $this->EE->lang->line('back') : stripslashes($this->EE->config->item('site_name')); $return = $this->EE->config->item('site_url'); } $data = array( 'title' => $this->EE->lang->line('mbr_registration_complete'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('mbr_registration_completed')."\n\n".$message, 'redirect' => '', 'link' => array($return, $site_name) ); $this->EE->output->show_message($data); }