/**
* Processes the registration form
*
* @return @e void
*/
public function registerProcessForm()
{
$this->_resetMember();
$form_errors = array();
$coppa = $this->request['coppa_user'] == 1 ? 1 : 0;
$in_password = trim($this->request['PassWord']);
$in_email = strtolower(trim($this->request['EmailAddress']));
/* Did we agree to the t&c? */
if (!$this->request['agree_tos']) {
$form_errors['tos'] = array($this->lang->words['must_agree_to_terms']);
}
/* Custom profile field stuff */
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/classes/customfields/profileFields.php', 'customProfileFields');
$custom_fields = new $classToLoad();
$custom_fields->initData('edit');
$custom_fields->parseToSave($_POST, 'register');
/* Check */
if ($custom_fields->error_messages) {
$form_errors['general'] = $custom_fields->error_messages;
}
/* Check the email address */
if (!$in_email or strlen($in_email) < 6 or !IPSText::checkEmailAddress($in_email)) {
$form_errors['email'][$this->lang->words['err_invalid_email']] = $this->lang->words['err_invalid_email'];
}
if (trim($this->request['PassWord_Check']) != $in_password or !$in_password) {
$form_errors['password'][$this->lang->words['passwords_not_match']] = $this->lang->words['passwords_not_match'];
}
/*
There's no reason for this - http://community.invisionpower.com/resources/bugs.html/_/ip-board/registrations-limit-passwords-to-32-characters-for-no-apparent-reason-r37770
elseif ( strlen( $in_password ) < 3 )
{
$form_errors['password'][$this->lang->words['pass_too_short']] = $this->lang->words['pass_too_short'];
}
elseif ( strlen( $in_password ) > 32 )
{
$form_errors['password'][$this->lang->words['pass_too_long']] = $this->lang->words['pass_too_long'];
}
*/
/* Check the username */
$user_check = IPSMember::getFunction()->cleanAndCheckName($this->request['members_display_name'], array(), 'name');
$disp_check = IPSMember::getFunction()->cleanAndCheckName($this->request['members_display_name'], array(), 'members_display_name');
if (is_array($user_check['errors']) && count($user_check['errors'])) {
foreach ($user_check['errors'] as $key => $error) {
$form_errors['dname'][$error] = isset($this->lang->words[$error]) ? $this->lang->words[$error] : $error;
}
}
/* this duplicates username error above */
/*if( is_array( $disp_check['errors'] ) && count( $disp_check['errors'] ) )
{
foreach( $disp_check['errors'] as $key => $error )
{
$form_errors['dname'][ $error ] = isset($this->lang->words[ $error ]) ? $this->lang->words[ $error ] : $error;
}
}*/
/* Is this email addy taken? */
if (IPSMember::checkByEmail($in_email) == TRUE) {
$form_errors['email'][$this->lang->words['reg_error_email_taken']] = $this->lang->words['reg_error_email_taken'];
}
/* Load handler... */
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$this->han_login = new $classToLoad($this->registry);
$this->han_login->init();
$this->han_login->emailExistsCheck($in_email);
if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'EMAIL_NOT_IN_USE') {
$form_errors['email'][$this->lang->words['reg_error_email_taken']] = $this->lang->words['reg_error_email_taken'];
}
/* Are they banned [EMAIL]? */
if (IPSMember::isBanned('email', $in_email) === TRUE) {
$form_errors['email'][$this->lang->words['reg_error_email_ban']] = $this->lang->words['reg_error_email_ban'];
}
/* Check the CAPTCHA */
if ($this->settings['bot_antispam_type'] != 'none') {
if ($this->registry->getClass('class_captcha')->validate() !== TRUE) {
$form_errors['general'][$this->lang->words['err_reg_code']] = $this->lang->words['err_reg_code'];
}
}
/* Check the Q and A */
$qanda = intval($this->request['qanda_id']);
$pass = true;
if ($qanda) {
$pass = false;
$data = $this->DB->buildAndFetch(array('select' => '*', 'from' => 'question_and_answer', 'where' => 'qa_id=' . $qanda));
if ($data['qa_id']) {
$answers = explode("\n", str_replace("\r", "", $data['qa_answers']));
if (count($answers)) {
foreach ($answers as $answer) {
$answer = trim($answer);
if (IPSText::mbstrlen($answer) and mb_strtolower($answer) == mb_strtolower($this->request['qa_answer'])) {
$pass = true;
break;
}
}
}
}
} else {
//-----------------------------------------
// Do we have any questions?
//-----------------------------------------
$data = $this->DB->buildAndFetch(array('select' => 'COUNT(*) as questions', 'from' => 'question_and_answer'));
if ($data['questions']) {
$pass = false;
}
}
if (!$pass) {
$form_errors['general'][$this->lang->words['err_q_and_a']] = $this->lang->words['err_q_and_a'];
}
/* CHECK 2: Any errors ? */
if (count($form_errors)) {
$this->registerForm($form_errors);
return;
}
/* Build up the hashes */
$mem_group = $this->settings['member_group'];
/* Are we asking the member or admin to preview? */
if ($this->settings['reg_auth_type']) {
$mem_group = $this->settings['auth_group'];
} else {
if ($coppa == 1) {
$mem_group = $this->settings['auth_group'];
}
}
/* Create member */
$member = array('name' => $this->request['members_display_name'], 'password' => $in_password, 'members_display_name' => $this->request['members_display_name'], 'email' => $in_email, 'member_group_id' => $mem_group, 'joined' => time(), 'ip_address' => $this->member->ip_address, 'time_offset' => $this->request['time_offset'], 'coppa_user' => $coppa, 'members_auto_dst' => intval($this->settings['time_dst_auto_correction']), 'allow_admin_mails' => intval($this->request['allow_admin_mail']), 'language' => $this->member->language_id);
/* Spam Service */
$spamCode = 0;
$_spamFlag = 0;
if ($this->settings['spam_service_enabled']) {
/* Query the service */
$spamCode = IPSMember::querySpamService($in_email);
/* Action to perform */
$action = $this->settings['spam_service_action_' . $spamCode];
/* Perform Action */
switch ($action) {
/* Proceed with registration */
case 1:
break;
/* Flag for admin approval */
/* Flag for admin approval */
case 2:
$member['member_group_id'] = $this->settings['auth_group'];
$this->settings['reg_auth_type'] = 'admin';
$_spamFlag = 1;
break;
/* Approve the account, but ban it */
/* Approve the account, but ban it */
case 3:
$member['member_banned'] = 1;
$member['bw_is_spammer'] = 1;
$this->settings['reg_auth_type'] = '';
break;
/* Deny registration */
/* Deny registration */
case 4:
$this->registry->output->showError('spam_denied_account', '100x001', FALSE, '', 200);
break;
}
}
//-----------------------------------------
// Create the account
//-----------------------------------------
$member = IPSMember::create(array('members' => $member, 'pfields_content' => $custom_fields->out_fields), FALSE, FALSE, FALSE);
//-----------------------------------------
// Login handler create account callback
//-----------------------------------------
$this->han_login->createAccount(array('member_id' => $member['member_id'], 'email' => $member['email'], 'joined' => $member['joined'], 'password' => $in_password, 'ip_address' => $this->member->ip_address, 'username' => $member['members_display_name'], 'name' => $member['name'], 'members_display_name' => $member['members_display_name']));
//-----------------------------------------
// We'll just ignore if this fails - it shouldn't hold up IPB anyways
//-----------------------------------------
/*if ( $han_login->return_code AND ( $han_login->return_code != 'METHOD_NOT_DEFINED' AND $han_login->return_code != 'SUCCESS' ) )
{
$this->registry->output->showError( 'han_login_create_failed', 2017, true );
}*/
//-----------------------------------------
// Validation
//-----------------------------------------
$validate_key = md5(IPSMember::makePassword() . time());
$time = time();
if ($coppa != 1) {
if ($this->settings['reg_auth_type'] == 'user' or $this->settings['reg_auth_type'] == 'admin' or $this->settings['reg_auth_type'] == 'admin_user') {
//-----------------------------------------
// We want to validate all reg's via email,
// after email verificiation has taken place,
// we restore their previous group and remove the validate_key
//-----------------------------------------
$this->DB->insert('validating', array('vid' => $validate_key, 'member_id' => $member['member_id'], 'real_group' => $this->settings['member_group'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => $time, 'coppa_user' => $coppa, 'new_reg' => 1, 'ip_address' => $member['ip_address'], 'spam_flag' => $_spamFlag));
if ($this->settings['reg_auth_type'] == 'user' or $this->settings['reg_auth_type'] == 'admin_user') {
/* Send out the email. */
$message = array('THE_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=auto_validate&uid=" . urlencode($member['member_id']) . "&aid=" . urlencode($validate_key), 'publicNoSession', 'false'), 'NAME' => $member['members_display_name'], 'MAN_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=05", 'publicNoSession', 'false'), 'EMAIL' => $member['email'], 'ID' => $member['member_id'], 'CODE' => $validate_key);
IPSText::getTextClass('email')->setPlainTextTemplate(IPSText::getTextClass('email')->getTemplate("reg_validate", $this->member->language_id));
IPSText::getTextClass('email')->buildPlainTextContent($message);
IPSText::getTextClass('email')->buildHtmlContent($message);
IPSText::getTextClass('email')->subject = sprintf($this->lang->words['new_registration_email'], $this->settings['board_name']);
IPSText::getTextClass('email')->to = $member['email'];
IPSText::getTextClass('email')->sendMail();
$this->output = $this->registry->output->getTemplate('register')->showAuthorize($member);
} else {
if ($this->settings['reg_auth_type'] == 'admin') {
$this->output = $this->registry->output->getTemplate('register')->showPreview($member);
}
}
/* Only send new registration email if the member wasn't banned */
if ($this->settings['new_reg_notify'] and !$member['member_banned']) {
$date = $this->registry->class_localization->getDate(time(), 'LONG', 1);
IPSText::getTextClass('email')->getTemplate('admin_newuser');
IPSText::getTextClass('email')->buildMessage(array('DATE' => $date, 'LOG_IN_NAME' => $member['name'], 'EMAIL' => $member['email'], 'IP' => $member['ip_address'], 'DISPLAY_NAME' => $member['members_display_name']));
IPSText::getTextClass('email')->subject = sprintf($this->lang->words['new_registration_email1'], $this->settings['board_name']);
IPSText::getTextClass('email')->to = $this->settings['email_in'];
IPSText::getTextClass('email')->sendMail();
}
$this->registry->output->setTitle($this->lang->words['reg_success'] . ' - ' . ipsRegistry::$settings['board_name']);
$this->registry->output->addNavigation($this->lang->words['nav_reg'], '');
} else {
/* We don't want to preview, or get them to validate via email. */
$stat_cache = $this->cache->getCache('stats');
if ($member['members_display_name'] and $member['member_id'] and !$this->caches['group_cache'][$member['member_group_id']]['g_hide_online_list']) {
$stat_cache['last_mem_name'] = $member['members_display_name'];
$stat_cache['last_mem_name_seo'] = IPSText::makeSeoTitle($member['members_display_name']);
$stat_cache['last_mem_id'] = $member['member_id'];
}
$stat_cache['mem_count'] += 1;
$this->cache->setCache('stats', $stat_cache, array('array' => 1));
/* Only send new registration email if the member wasn't banned */
if ($this->settings['new_reg_notify'] and !$member['member_banned']) {
$date = $this->registry->class_localization->getDate(time(), 'LONG', 1);
IPSText::getTextClass('email')->getTemplate('admin_newuser');
IPSText::getTextClass('email')->buildMessage(array('DATE' => $date, 'LOG_IN_NAME' => $member['name'], 'EMAIL' => $member['email'], 'IP' => $member['ip_address'], 'DISPLAY_NAME' => $member['members_display_name']));
IPSText::getTextClass('email')->subject = sprintf($this->lang->words['new_registration_email1'], $this->settings['board_name']);
IPSText::getTextClass('email')->to = $this->settings['email_in'];
IPSText::getTextClass('email')->sendMail();
}
IPSCookie::set('pass_hash', $member['member_login_key'], 1);
IPSCookie::set('member_id', $member['member_id'], 1);
//-----------------------------------------
// Fix up session
//-----------------------------------------
$privacy = $member['g_hide_online_list'] || empty($this->settings['disable_anonymous']) && !empty($this->request['Privacy']) ? 1 : 0;
# Update value for onCompleteAccount call
$member['login_anonymous'] = $privacy . '&1';
$this->member->sessionClass()->convertGuestToMember(array('member_name' => $member['members_display_name'], 'member_id' => $member['member_id'], 'member_group' => $member['member_group_id'], 'login_type' => $privacy));
IPSLib::runMemberSync('onCompleteAccount', $member);
$this->registry->output->silentRedirect($this->settings['base_url'] . '&app=core&module=global§ion=login&do=autologin&fromreg=1');
}
} else {
/* This is a COPPA user, so lets tell them they registered OK and redirect to the form. */
$this->DB->insert('validating', array('vid' => $validate_key, 'member_id' => $member['member_id'], 'real_group' => $this->settings['member_group'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => $time, 'coppa_user' => $coppa, 'new_reg' => 1, 'ip_address' => $member['ip_address']));
$this->registry->output->redirectScreen($this->lang->words['cp_success'], $this->settings['base_url'] . 'app=core&module=global&section=register&do=12');
}
}
/**
* Convert a member
*
* @access public
* @param array Basic data (id number, username, email, group, joined date, password)
* @param array Data to insert to members table
* @param array Data to insert to profile table
* @param array Data to insert to custom profile fields table
* @param string Path to avatars folder
* @param string Path to profile pictures folder
* @return boolean Success or fail
**/
public function convertMember($info, $members, $profile, $custom, $pic_path = '', $groupLink = TRUE)
{
//-----------------------------------------
// Make sure we have everything we need
//-----------------------------------------
if (!$info['id']) {
$this->logError($info['id'], 'No ID number provided');
return false;
}
if (!$info['username']) {
$this->logError($info['id'], 'No username provided');
return false;
}
if (!$info['email']) {
// See Tracker Report #28874 for reasons why this got changed.
$info['email'] = $info['id'] . '@' . time() . '.com';
//$info['email'] = rand(1, 100).'@'.time().'.com';
$this->logError($info['id'], 'No email address provided - member converted with ' . $info['email']);
}
// Check profile photo
if (!is_writeable($this->settings['upload_dir'] . '/profile')) {
$this->error($this->settings['upload_dir'] . '/profile is not writeable, cannot continue');
return false;
}
//-----------------------------------------
// Set some needed variables
//-----------------------------------------
$now = time();
$joined = $info['joined'] ? $info['joined'] : $now;
if ($info['md5pass']) {
$salt = IPSMember::generatePasswordSalt(5);
$hash = IPSMember::generateCompiledPasshash($salt, $info['md5pass']);
} elseif ($info['plainpass']) {
$salt = IPSMember::generatePasswordSalt(5);
$hash = IPSMember::generateCompiledPasshash($salt, md5($info['plainpass']));
} elseif ($info['pass_hash']) {
$salt = $info['pass_salt'];
$hash = $info['pass_hash'];
} elseif ($info['password'] !== NULL) {
$members['conv_password'] = $info['password'];
} else {
// give em a random pass, let's stop those posts by these users being lost and assigned to guests.
$randPass = IPSMember::makePassword();
$salt = IPSMember::generatePasswordSalt(5);
$hash = IPSMember::generateCompiledPasshash($salt, $randPass);
$this->logError($info['id'], 'No password provided. Member has still been converted with password: '******'email'], 'all');
if ($duplicateMember['member_id']) {
$this->logError($info['id'], "Duplicate member found. {$info['username']} has been merged with the account email {$duplicateMember['username']}");
$this->addLink($duplicateMember['member_id'], $info['id'], 'members');
$this->DB->update('conv_link', array('duplicate' => '1'), "type = 'members' AND app={$this->app['app_id']} AND foreign_id='{$info['id']}'");
if ($info['posts'] > 0) {
$this->DB->update('members', array('posts' => "posts+'{$info['posts']}'"), "member_id='{$duplicateMember['member_id']}'");
}
// we have a customavatar and the one we have on file does not match what we've been given, time to update it.
if ($profile['photo_type'] == 'custom' and $duplicateMember['pp_main_photo'] != $profile['pp_main_photo']) {
if ($profile['photo_data']) {
// open file for writing
if (!($handle = fopen($this->settings['upload_dir'] . '/profile/photo-' . $profile['pp_member_id'] . '.png', 'w'))) {
$this->logError($info['id'], 'Could not write to file.');
}
// Write image to our opened file.
if (fwrite($handle, $profile['photo_data']) === FALSE) {
$this->logError($info['id'], 'Could not write to file.');
}
// log it all into DB
$profile['pp_main_photo'] = 'profile/photo-' . $profile['pp_member_id'] . '.png';
}
}
return TRUE;
}
//-----------------------------------------
// Handle Names
//-----------------------------------------
// Apostrophe is an allowed character but needs converting
$info['username'] = str_replace("'", ''', $info['username']);
$info['username'] = str_replace("!", '!', $info['username']);
// as is an excalamation point.
$nameCheck = IPSMember::getFunction()->cleanAndCheckName($info['username'], array(), 'name');
// Check for illegal characters
if ($nameCheck['errors']['username'] == ipsRegistry::getClass('class_localization')->words['reg_error_chars']) {
// Illegal characters exist, clean them out with dashes
$nameCheckMap['disallowed'] = array("'", "\"", """, "<", ">", "\\", "\", "\$", "$", "]", "[", ",", "|");
$nameCheckMap['replace'] = array(''', '&#quot;', '&#quot;', '&#lt;', '&#gt;', '-', '-', '-', '-', '-', '-', '-', '-');
$nameCheck['members_display_name'] = str_replace($nameCheckMap['disallowed'], $nameCheckMap['replace'], $nameCheck['username']);
$this->logError($info['id'], "{$nameCheck['errors']['username']} with name {$info['username']}. Member has still been created but with username as {$nameCheck['username']}");
// Now check for duplicate username.
try {
if (IPSMember::getFunction()->checkNameExists($nameCheck['username'], array(), 'name', true, true)) {
$t = time();
$this->logError($info['id'], ipsRegistry::getClass('class_localization')->words['reg_error_username_taken'] . " with name {$nameCheck['username']}. Member has still been created but with username as {$nameCheck['username']}{$t}");
$nameCheck['username'] = $nameCheck['username'] . $t;
}
} catch (Exception $e) {
//-----------------------------------------
// Name exists, let's return appropriately
//-----------------------------------------
switch ($e->getMessage()) {
default:
$this->logError($info['id'], "Unexpected error with name: {$info['username']}. Member was skipped.");
return false;
}
}
} elseif ($nameCheck['errors']['username'] == 'reg_error_username_taken') {
$nameCheck['username'] = $nameCheck['username'] . time();
$this->logError($info['id'], "{$nameCheck['errors']['username']} with name: {$info['username']}. Member has still been created but with username as {$nameCheck['username']}");
}
$username = $displayname = $nameCheck['username'];
// Begin check and clean for display name if provided.
if (isset($info['displayname'])) {
// Apostrophe is an allowed character but needs converting
$info['displayname'] = str_replace("'", ''', $info['displayname']);
$displayname = NULL;
$nameCheck = IPSMember::getFunction()->cleanAndCheckName($info['displayname'], array(), 'members_display_name');
if ($nameCheck['errors']['dname'] == str_replace('{chars}', ipsRegistry::$settings['username_characters'], ipsRegistry::$settings['username_errormsg'])) {
$nameCheckMap['disallowed'] = array("'", "\"", """, "<", ">", "\\", "\", "\$", "$", "]", "[", ",", "|");
$nameCheckMap['replace'] = array(''', '&#quot;', '&#quot;', '&#lt;', '&#gt;', '-', '-', '-', '-', '-', '-', '-', '-');
$nameCheck['members_display_name'] = str_replace($nameCheckMap['disallowed'], $nameCheckMap['replace'], $nameCheck['members_display_name']);
$this->logError($info['id'], "{$nameCheck['errors']['dname']} with name: {$info['displayname']}. Member has still been created but with display name as {$nameCheck['members_display_name']}");
// Now check for duplicate display name.
try {
if (IPSMember::getFunction()->checkNameExists($nameCheck['members_display_name'], array(), 'members_display_name', true, true)) {
$t = time();
$this->logError($info['id'], ipsRegistry::getClass('class_localization')->words['reg_error_username_taken'] . " with name {$nameCheck['members_display_name']}. Member has still been created but with display name as {$nameCheck['members_display_name']}{$t}");
$nameCheck['members_display_name'] = $nameCheck['members_display_name'] . $t;
}
} catch (Exception $e) {
//-----------------------------------------
// Name exists, let's return appropriately
//-----------------------------------------
switch ($e->getMessage()) {
default:
$this->logError($info['id'], "Unexpected error with display name: {$info['displayname']}. Member was skipped.");
return false;
}
}
} elseif ($nameCheck['errors']['dname'] == 'reg_error_username_taken') {
$nameCheck['members_display_name'] = $nameCheck['members_display_name'] . time();
$this->logError($info['id'], "{$nameCheck['errors']['dname']} with name: {$info['displayname']}. Member has still been created but with display name as {$nameCheck['members_display_name']}");
}
$displayname = $nameCheck['members_display_name'];
}
// Check we have a path
if (!$this->settings['upload_dir']) {
$this->logError($info['id'], 'Your IP.Board uploads path has not been configured');
return false;
}
//-----------------------------------------
// Insert
//-----------------------------------------
$members['title'] = str_replace("'", ''', $members['title']);
//$members['member_id'] = $info['id'];
$members['name'] = $username;
$members['last_post'] = intval($members['last_post']);
if (empty($info['member_group_id'])) {
$members['member_group_id'] = $info['group'] ? $groupLink === TRUE ? $this->getLink($info['group'], 'groups') : $info['group'] : $this->settings['member_group'];
} else {
$members['member_group_id'] = $info['member_group_id'];
}
$members['email'] = $info['email'];
$members['joined'] = $joined;
$members['member_login_key'] = IPSMember::generateAutoLoginKey();
$members['member_login_key_expire'] = ipsRegistry::$settings['login_key_expire'] ? time() + intval(ipsRegistry::$settings['login_key_expire']) * 86400 : 0;
$members['members_display_name'] = $displayname;
$members['members_seo_name'] = IPSText::makeSeoTitle($displayname);
$members['members_l_display_name'] = IPSText::mbstrtolower($displayname);
$members['members_l_username'] = IPSText::mbstrtolower($username);
$members['members_pass_hash'] = $hash;
$members['members_pass_salt'] = $salt;
$members['posts'] = $members['posts'] ? $members['posts'] : 0;
$members['warn_level'] = (int) $members['warn_level'];
// Sort out secondary groups
if (!empty($info['secondary_groups'])) {
// explode so we can loop through for the getLink
$secondary_groups = explode(",", $info['secondary_groups']);
$_secondary = array();
if (!empty($secondary_groups)) {
foreach ($secondary_groups as $group) {
if (!empty($group)) {
$newGroup = $this->getLink($group, 'groups', true);
if ($newGroup) {
$_secondary[] = $newGroup;
}
}
/**else
{
$this->logError($info['id'] .' - '. $group, 'empty secondary group id');
}**/
}
}
$members['mgroup_others'] = implode(",", $_secondary);
}
// Sneaky hack with the comments and friends
if (!in_array('pp_setting_count_comments', $profile)) {
$profile['pp_setting_count_comments'] = 1;
}
if (!in_array('pp_setting_count_friends', $profile)) {
$profile['pp_setting_count_friends'] = 1;
}
// We better turn on allow_admin_mails if it isn't set
$members['allow_admin_mails'] = isset($members['allow_admin_mails']) ? $members['allow_admin_mails'] : 1;
// Fix up the birthday since STRICT complains..
$members['bday_day'] = intval($members['bday_day']);
$members['bday_month'] = intval($members['bday_month']);
$members['bday_year'] = intval($members['bday_year']);
// No idea why birthdays are messing up.., so I'll just hack this bit. - Alex
// #020372 tracker
if ($members['bday_year'] < 1900) {
// Don't think we can really be this old ya know.
$members['bday_day'] = 0;
$members['bday_month'] = 0;
$members['bday_year'] = 0;
}
// 3.1.3 dropped columns
unset($members['email_pm']);
// 3.2.0 Dropped columns
unset($members['hide_email']);
unset($members['view_avs']);
// 3.3.0 Dropped columns
unset($members['members_editor_choice']);
// First member?
if ($info['id'] != $this->memberData['member_id']) {
if ($this->usingExtendedInserts) {
// Add it to the extended insert array which runs on next()
$this->extendedInserts['members'][] = $this->DB->compileInsertString($members);
//$memberId = $members['member_id'];
$memberId = $info['id'];
} else {
//unset( $members['member_id'] );
$this->DB->insert('members', $members);
$memberId = $this->DB->getInsertId();
// Add a link
$this->addLink($memberId, $info['id'], 'members');
}
} else {
if ($this->usingExtendedInserts) {
// Unset important information to stop locking us out
$unset = array('member_id', 'members_pass_salt', 'members_pass_hash', 'name', 'members_l_username', 'members_display_name', 'members_l_display_name', 'members_seo_name', 'member_banned', 'conv_password', 'email', 'member_group_id');
foreach ($unset as $k) {
unset($members[$k]);
}
$this->DB->update('members', $members, "member_id=" . $this->memberData['member_id']);
$memberId = $this->memberData['member_id'];
$this->logError($memberId, "<strong><span style='size: 1.15em;'>{$username} has been merged with {$this->memberData['members_display_name']}. This is because you are logged in as {$this->memberData['members_display_name']} and due to both members sharing the same ID. You are not running the conversion in 'merge' mode and therefore you WILL have to manually update this members name, email address, AND member group.</span></strong><br /><ul><li>Username: {$username}</li><li>Email Address: {$info['email']}</li></ul>");
} else {
//unset( $members['member_id'] );
$this->DB->insert('members', $members);
$memberId = $this->DB->getInsertId();
// Add a link
$this->addLink($memberId, $info['id'], 'members');
}
}
// If user group is the auth group, add them to validating table.
if ($members['member_group_id'] == $this->settings['auth_group'] && ($this->settings['reg_auth_type'] == 'user' || $this->settings['reg_auth_type'] == 'admin' || $this->settings['reg_auth_type'] == 'admin_user')) {
//-----------------------------------------
// We want to validate all reg's via email,
// after email verificiation has taken place,
// we restore their previous group and remove the validate_key
//-----------------------------------------
$validating = array('vid' => md5(uniqid()), 'member_id' => $memberId, 'real_group' => $this->settings['member_group'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => time(), 'coppa_user' => 0, 'new_reg' => 1, 'ip_address' => $members['ip_address'], 'spam_flag' => 0);
if ($this->usingExtendedInserts) {
$this->extendedInserts['validating'][] = $this->DB->compileInsertString($validating);
} else {
$this->DB->insert('validating', $validating);
}
}
$profile['pp_member_id'] = $memberId;
// Defaults if not specified (prevents "Column Count Mismatches" in MySQL)
$profile['pp_thumb_photo'] = $profile['pp_thumb_photo'] ? $profile['pp_thumb_photo'] : '';
$profile['pp_main_photo'] = $profile['pp_main_photo'] ? $profile['pp_main_photo'] : '';
$profile['pp_main_width'] = $profile['pp_main_width'] ? $profile['pp_main_width'] : 0;
$profile['pp_main_height'] = $profile['pp_main_height'] ? $profile['pp_main_height'] : 0;
$profile['pp_thumb_width'] = $profile['pp_thumb_width'] ? $profile['pp_thumb_width'] : 0;
$profile['pp_thumb_height'] = $profile['pp_thumb_height'] ? $profile['pp_thumb_height'] : 0;
//-----------------------------------------
// Sort out uploaded avatars / photos
//-----------------------------------------
// we send profile_type of custom if we have a photo at all
if ($profile['photo_type'] == 'custom') {
if ($profile['photo_data']) {
// open file for writing
if (!($handle = fopen($this->settings['upload_dir'] . '/profile/photo-' . $profile['pp_member_id'] . '.png', 'w'))) {
$this->logError($info['id'], 'Could not write to file.');
}
// Write image to our opened file.
if (fwrite($handle, $profile['photo_data']) === FALSE) {
$this->logError($info['id'], 'Could not write to file.');
}
// log it all into DB
$profile['pp_main_photo'] = 'profile/photo-' . $profile['pp_member_id'] . '.png';
}
}
if ($profile['photo_type'] == 'url') {
// Make an attempt at fetching the remote pic. If not, log an error.
$profile['pp_main_photo'] = '';
if ($remote = @file_get_contents($profile['photo_location'])) {
$image_dims = @getimagesize($profile['photo_location']);
if ($image_dims[0]) {
$profile['photo_data'] = $remote;
$profile['photo_type'] = 'custom';
$profile['pp_main_photo'] = $profile['photo_location'];
if (!isset($profile['photo_filesize'])) {
$profile['photo_filesize'] = strlen($remote);
}
} else {
$this->logError($info['id'], 'Remote picture file does not appear to be an image.');
}
} else {
$this->logError($info['id'], 'Could not fetch remote picture file.');
}
}
// Oops... I screwed up... workaround for now... will fix properly soon.
if ($profile['photo_type'] != 'url' and $profile['photo_location'] and !$profile['pp_main_photo']) {
$profile['pp_main_photo'] = $profile['photo_location'];
}
if (!is_dir($pic_path) and $profile['pp_main_photo'] and !$profile['photo_data']) {
$this->logError($info['id'], 'Incorrect profile pictures path');
//return false;
}
// Move em or create em
if ($profile['pp_main_photo']) {
//-----------------------------------------
// Already a dir?
//-----------------------------------------
$upload_path = $this->settings['upload_dir'];
$upload_dir;
if (!file_exists($upload_path . "/profile")) {
if (@mkdir($upload_path . "/profile", 0777)) {
@file_put_contents($upload_path . '/profile/index.html', '');
@chmod($upload_path . "/profile", 0777);
# Set path and dir correct
$upload_path .= "/profile";
$upload_dir = "profile/";
} else {
# Set path and dir correct
$upload_dir = "";
}
} else {
# Set path and dir correct
$upload_path .= "/profile";
$upload_dir = "profile/";
}
// What's the extension?
$e = explode('.', $profile['pp_main_photo']);
$extension = array_pop($e);
// There's an issue with profile photo thumbnail rebuilds. Waiting on the deal with that issue before adjusting this.
// For now, we'll just set the thumbnail the same as the main photo.
$profile['pp_thumb_photo'] = "{$upload_dir}photo-{$memberId}.{$extension}";
if ($profile['photo_data']) {
//$this->createFile($profile['pp_main_photo'], $profile['photo_data'], $profile['photo_filesize'], $this->settings['upload_dir']);
$this->createFile("photo-{$memberId}.{$extension}", $profile['photo_data'], $profile['photo_filesize'], $upload_path);
$profile['pp_main_photo'] = "{$upload_dir}photo-{$memberId}.{$extension}";
} else {
//$this->moveFiles(array($profile['pp_main_photo']), $profile_path, $this->settings['upload_dir']);
$this->moveFiles(array($profile['pp_main_photo']), $pic_path, $upload_path);
if ($upload_dir != '' && @rename($upload_path . "/{$profile['pp_main_photo']}", $upload_path . "/photo-{$memberId}.{$extension}")) {
$profile['pp_main_photo'] = "{$upload_dir}photo-{$memberId}.{$extension}";
}
}
// Try and get width and height.
$dimensions = @getimagesize($upload_dir . 'photo-' . $memberId . '.' . $extension);
// Add some triple checks.
$profile['pp_main_width'] = $dimensions[0] ? $dimensions[0] : 1;
$profile['pp_main_height'] = $dimensions[1] ? $dimensions[1] : 1;
$profile['pp_thumb_width'] = $dimensions[0] ? $dimensions[0] : 1;
$profile['pp_thumb_height'] = $dimensions[1] ? $dimensions[1] : 1;
}
$profile['pp_photo_type'] = $profile['photo_type'];
unset($profile['avatar_data']);
unset($profile['photo_data']);
unset($profile['photo_filesize']);
unset($profile['avatar_filesize']);
unset($profile['photo_type']);
unset($profile['photo_location']);
unset($profile['notes']);
// need to stop fields which have been added by hooks getting through. See ticket 854980 as to why this is needed.
if (is_array($profile)) {
// set the fields we're allowed (I can't think of a better way of populating this array unfortunately)
$allowedFields = array('pp_member_id', 'pp_last_visitors', 'pp_rating_hits', 'pp_rating_value', 'pp_rating_real', 'pp_main_photo', 'pp_main_width', 'pp_main_height', 'pp_thumb_photo', 'pp_thumb_width', 'pp_thumb_height', 'pp_setting_moderate_comments', 'pp_setting_moderate_friends', 'pp_setting_count_friends', 'pp_setting_count_comments', 'pp_setting_count_visitors', 'pp_about_me', 'pp_reputation_points', 'pp_gravatar', 'pp_photo_type', 'signature', 'avatar_location', 'avatar_size', 'avatar_type', 'pconversation_filters', 'fb_photo', 'fb_photo_thumb', 'fb_bwoptions', 'tc_last_sid_import', 'tc_photo', 'tc_bwoptions', 'pp_customization', 'pp_profile_update');
foreach ($profile as $k => $v) {
// not in allowed array? unset. (this stops fields from hooks making it through)
if (!in_array($k, $allowedFields)) {
unset($profile[$k]);
}
}
}
// check if we passed in custom..
$profileFields = array();
$profileFields['member_id'] = $memberId;
if (!empty($custom)) {
$profileFields = array_merge($profileFields, $custom);
}
// First member?
if ($info['id'] != $this->memberData['member_id']) {
if ($this->usingExtendedInserts) {
// Add it to the extended insert array which runs on next()
$this->extendedInserts['profile_portal'][] = $this->DB->compileInsertString($profile);
// Custom profile fields
$this->extendedInserts['pfields_content'][] = $this->DB->compileInsertString($profileFields);
} else {
$this->DB->insert('profile_portal', $profile);
$this->DB->insert('pfields_content', $profileFields);
}
} else {
if ($this->usingExtendedInserts) {
unset($profileFields['member_id']);
unset($profile['pp_member_id']);
$this->DB->update('profile_portal', $profile, "pp_member_id=" . $this->memberData['member_id']);
$this->DB->update('pfields_content', $profileFields, "member_id=" . $this->memberData['member_id']);
} else {
$this->DB->insert('profile_portal', $profile);
$this->DB->insert('pfields_content', $profileFields);
}
}
// Conversion cycle complete
return true;
}
/**
* Completes the lost password request form
*
* @return @e void
*/
public function lostPasswordEnd()
{
if ($this->settings['bot_antispam_type'] != 'none') {
if (!$this->registry->getClass('class_captcha')->validate($this->request['regid'], $this->request['reg_code'])) {
$this->lostPasswordForm('err_reg_code');
return;
}
}
/* Back to the usual programming! :o */
if ($this->request['member_name'] == "" and $this->request['email_addy'] == "") {
$this->registry->output->showError('lostpass_name_email', 10110);
}
/* Check for input and it's in a valid format. */
$member_name = trim(strtolower($this->request['member_name']));
$email_addy = trim(strtolower($this->request['email_addy']));
if ($member_name == "" and $email_addy == "") {
$this->registry->output->showError('lostpass_name_email', 10111);
}
/* Attempt to get the user details from the DB */
if ($member_name) {
$this->DB->build(array('select' => 'members_display_name, name, member_id, email, member_group_id', 'from' => 'members', 'where' => "members_l_username='******'"));
$this->DB->execute();
} else {
if ($email_addy) {
$this->DB->build(array('select' => 'members_display_name, name, member_id, email, member_group_id', 'from' => 'members', 'where' => "email='{$email_addy}'"));
$this->DB->execute();
}
}
if (!$this->DB->getTotalRows()) {
$this->registry->output->showError('lostpass_no_user', 10112);
} else {
$member = $this->DB->fetch();
/* Is there a validation key? If so, we'd better not touch it */
if ($member['member_id'] == "") {
$this->registry->output->showError('lostpass_no_mid', 2014);
}
$validate_key = md5(IPSMember::makePassword() . uniqid(mt_rand(), TRUE));
/* Get rid of old entries for this member */
$this->DB->delete('validating', "member_id={$member['member_id']} AND lost_pass=1");
/* Update the DB for this member. */
$db_str = array('vid' => $validate_key, 'member_id' => $member['member_id'], 'temp_group' => $member['member_group_id'], 'entry_date' => time(), 'coppa_user' => 0, 'lost_pass' => 1, 'ip_address' => $this->member->ip_address);
/* Are they already in the validating group? */
if ($member['member_group_id'] != $this->settings['auth_group']) {
$db_str['real_group'] = $member['member_group_id'];
}
$this->DB->insert('validating', $db_str);
/* Send out the email. */
$message = array('USERNAME' => $member['name'], 'NAME' => $member['members_display_name'], 'THE_LINK' => $this->registry->getClass('output')->buildUrl("app=core&module=global§ion=lostpass&do=sendform&uid={$member['member_id']}&aid={$validate_key}", 'publicNoSession'), 'MAN_LINK' => $this->registry->getClass('output')->buildUrl('app=core&module=global§ion=lostpass&do=sendform', 'publicNoSession'), 'EMAIL' => $member['email'], 'ID' => $member['member_id'], 'CODE' => $validate_key, 'IP_ADDRESS' => $this->member->ip_address);
IPSText::getTextClass('email')->setPlainTextTemplate(IPSText::getTextClass('email')->getTemplate("lost_pass", $member['language']));
IPSText::getTextClass('email')->buildPlainTextContent($message);
IPSText::getTextClass('email')->buildHtmlContent($message);
IPSText::getTextClass('email')->subject = $this->lang->words['lp_subject'] . ' ' . $this->settings['board_name'];
IPSText::getTextClass('email')->to = $member['email'];
IPSText::getTextClass('email')->sendMail();
$this->output = $this->registry->getClass('output')->getTemplate('register')->lostPasswordWait($member);
}
$this->registry->output->setTitle($this->lang->words['lost_pass_form'] . ' - ' . ipsRegistry::$settings['board_name']);
}
/**
* UserCP Save Form: Email Address
*
* @return mixed Array of errors / boolean true
*/
public function saveFormEmailPassword()
{
//-----------------------------------------
// INIT
//-----------------------------------------
$_emailOne = strtolower(trim($this->request['in_email_1']));
$_emailTwo = strtolower(trim($this->request['in_email_2']));
$cur_pass = trim($this->request['current_pass']);
$new_pass = trim($this->request['new_pass_1']);
$chk_pass = trim($this->request['new_pass_2']);
$isRemote = (!$this->memberData['bw_local_password_set'] and $this->memberData['members_created_remote']) ? true : false;
if ($cur_pass or $new_pass) {
if ($this->memberData['g_access_cp']) {
return array(0 => $this->lang->words['admin_emailpassword']);
}
if ($isRemote === false and (!$_POST['current_pass'] or empty($new_pass) or empty($chk_pass))) {
return array(0 => $this->lang->words['complete_entire_form']);
}
//-----------------------------------------
// Do the passwords actually match?
//-----------------------------------------
if ($new_pass != $chk_pass) {
return array(0 => $this->lang->words['passwords_not_matchy']);
}
//-----------------------------------------
// Check password...
//-----------------------------------------
if ($isRemote === false) {
if ($this->_checkPassword($cur_pass) !== TRUE) {
return array(0 => $this->lang->words['current_pw_bad']);
}
} else {
/* This is INIT in _checkPassword */
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$this->han_login = new $classToLoad($this->registry);
$this->han_login->init();
}
//-----------------------------------------
// Create new password...
//-----------------------------------------
$md5_pass = md5($new_pass);
//-----------------------------------------
// han_login was loaded during check_password
//-----------------------------------------
$this->han_login->changePass($this->memberData['email'], $md5_pass, $new_pass, $this->memberData);
if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'SUCCESS') {
return array(0 => $this->lang->words['hanlogin_pw_failed']);
}
//-----------------------------------------
// Update the DB
//-----------------------------------------
IPSMember::updatePassword($this->memberData['email'], $md5_pass);
IPSLib::runMemberSync('onPassChange', $this->memberData['member_id'], $new_pass);
//-----------------------------------------
// Update members log in key...
//-----------------------------------------
$key = IPSMember::generateAutoLoginKey();
IPSMember::save($this->memberData['member_id'], array('core' => array('member_login_key' => $key, 'bw_local_password_set' => 1)));
$this->ok_message = $this->lang->words['pw_change_successful'];
}
if ($_emailOne or $_emailTwo) {
//-----------------------------------------
// Do not allow validating members to change
// email when admin validation is on
// @see http://community.invisionpower.com/tracker/issue-19964-loophole-in-registration-procedure/
//-----------------------------------------
if ($this->memberData['member_group_id'] == $this->settings['auth_group'] and in_array($this->settings['reg_auth_type'], array('admin', 'admin_user'))) {
$this->registry->output->showError($this->lang->words['admin_val_no_email_chg'], 10190);
}
//-----------------------------------------
// Check input
//-----------------------------------------
if ($this->memberData['g_access_cp']) {
return array(0 => $this->lang->words['admin_emailpassword']);
}
if (!$_POST['in_email_1'] or !$_POST['in_email_2']) {
return array(0 => $this->lang->words['complete_entire_form']);
}
//-----------------------------------------
// Check password...
//-----------------------------------------
if (!$this->_isFBUser) {
if ($this->_checkPassword($this->request['password']) === FALSE) {
return array(0 => $this->lang->words['current_pw_bad']);
}
}
//-----------------------------------------
// Test email addresses
//-----------------------------------------
if ($_emailOne != $_emailTwo) {
return array(0 => $this->lang->words['emails_no_matchy']);
}
if (IPSText::checkEmailAddress($_emailOne) !== TRUE) {
return array(0 => $this->lang->words['email_not_valid']);
}
//-----------------------------------------
// Is this email addy taken?
//-----------------------------------------
if (IPSMember::checkByEmail($_emailOne) == TRUE) {
return array(0 => $this->lang->words['email_is_taken']);
}
//-----------------------------------------
// Load ban filters
//-----------------------------------------
$banfilters = array();
$this->DB->build(array('select' => '*', 'from' => 'banfilters'));
$this->DB->execute();
while ($r = $this->DB->fetch()) {
$banfilters[$r['ban_type']][] = $r['ban_content'];
}
//-----------------------------------------
// Check in banned list
//-----------------------------------------
if (isset($banfilters['email']) and is_array($banfilters['email']) and count($banfilters['email'])) {
foreach ($banfilters['email'] as $email) {
$email = str_replace('\\*', '.*', preg_quote($email, "/"));
if (preg_match("/^{$email}\$/i", $_emailOne)) {
return array(0 => $this->lang->words['email_is_taken']);
}
}
}
//-----------------------------------------
// Load handler...
//-----------------------------------------
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$this->han_login = new $classToLoad($this->registry);
$this->han_login->init();
if ($this->han_login->emailExistsCheck($_emailOne) !== FALSE) {
return array(0 => $this->lang->words['email_is_taken']);
}
$this->han_login->changeEmail($this->memberData['email'], $_emailOne, $this->memberData);
if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'SUCCESS') {
return array(0 => $this->lang->words['email_is_taken']);
}
//-----------------------------------------
// Want a new validation? NON ADMINS ONLY
//-----------------------------------------
if ($this->settings['reg_auth_type'] and !$this->memberData['g_access_cp']) {
//-----------------------------------------
// Remove any existing entries
//-----------------------------------------
$_previous = $this->DB->buildAndFetch(array('select' => 'prev_email, real_group', 'from' => 'validating', 'where' => "member_id={$this->memberData['member_id']} AND email_chg=1"));
if ($_previous['prev_email']) {
$this->DB->delete('validating', "member_id={$this->memberData['member_id']} AND email_chg=1");
$this->memberData['email'] = $_previous['prev_email'];
$this->memberData['member_group_id'] = $_previous['real_group'];
}
$validate_key = md5(IPSMember::makePassword() . time());
//-----------------------------------------
// Update the new email, but enter a validation key
// and put the member in "awaiting authorisation"
// and send an email..
//-----------------------------------------
$db_str = array('vid' => $validate_key, 'member_id' => $this->memberData['member_id'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => time(), 'coppa_user' => 0, 'email_chg' => 1, 'ip_address' => $this->member->ip_address, 'prev_email' => $this->memberData['email']);
if ($this->memberData['member_group_id'] != $this->settings['auth_group']) {
$db_str['real_group'] = $this->memberData['member_group_id'];
}
$this->DB->insert('validating', $db_str);
IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($_emailOne), $this->memberData['email']);
IPSMember::save($this->memberData['member_id'], array('core' => array('member_group_id' => $this->settings['auth_group'], 'email' => $_emailOne)));
//-----------------------------------------
// Update their session with the new member group
//-----------------------------------------
if ($this->member->session_id) {
$this->member->sessionClass()->convertMemberToGuest();
}
//-----------------------------------------
// Kill the cookies to stop auto log in
//-----------------------------------------
IPSCookie::set('pass_hash', '-1', 0);
IPSCookie::set('member_id', '-1', 0);
IPSCookie::set('session_id', '-1', 0);
//-----------------------------------------
// Dispatch the mail, and return to the activate form.
//-----------------------------------------
IPSText::getTextClass('email')->getTemplate("newemail");
IPSText::getTextClass('email')->buildMessage(array('NAME' => $this->memberData['members_display_name'], 'THE_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=auto_validate&type=newemail&uid=" . $this->memberData['member_id'] . "&aid=" . $validate_key, 'publicNoSession', 'false'), 'ID' => $this->memberData['member_id'], 'MAN_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=07", 'publicNoSession', 'false'), 'CODE' => $validate_key));
IPSText::getTextClass('email')->subject = $this->lang->words['lp_subject'] . ' ' . $this->settings['board_name'];
IPSText::getTextClass('email')->to = $_emailOne;
IPSText::getTextClass('email')->sendMail();
$this->registry->getClass('output')->silentRedirect($this->settings['base_url'] . 'app=core&module=global&section=register&do=07');
} else {
//-----------------------------------------
// No authorisation needed, change email addy and return
//-----------------------------------------
IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($_emailOne), $this->memberData['email']);
IPSMember::save($this->memberData['member_id'], array('core' => array('email' => $_emailOne)));
//-----------------------------------------
// Add to OK message
//-----------------------------------------
$this->ok_message = $this->lang->words['ok_email_changed'];
}
}
return TRUE;
}
