/** * Check form values of registration form, * do some cautious corrections * * @param unknown_type $vars * @return unknown */ public function checkRegistrationForm(&$vars) { $errors = array(); // geonameid if (empty($vars['geonameid']) || empty($vars['countryname'])) { $errors[] = 'SignupErrorProvideLocation'; unset($vars['geonameid']); } // username if (!isset($vars['username']) || !preg_match(self::HANDLE_PREGEXP, $vars['username']) || strpos($vars['username'], 'xn--') !== false) { $errors[] = 'SignupErrorWrongUsername'; } elseif ($this->UsernameInUse($vars['username'])) { $errors[] = 'SignupErrorUsernameAlreadyTaken'; } // email (e-mail duplicates in BW database *not* allowed (as of 1st May 2013, ticket )) if (!isset($vars['email']) || !PFunctions::isEmailAddress($vars['email'])) { $errors[] = 'SignupErrorInvalidEmail'; } if (!isset($vars['emailcheck']) || strcmp($vars['email'], $vars['emailcheck']) != 0) { $errors[] = 'SignupErrorEmailCheck'; } $users = $this->takeCareForNonUniqueEmailAddress($vars['email']); if ($users != '') { $errors[] = 'SignupErrorEmailAddressAlreadyInUse'; } // password if (!isset($vars['password']) || !isset($vars['passwordcheck']) || strlen($vars['password']) < 6 || strcmp($vars['password'], $vars['passwordcheck']) != 0) { $errors[] = 'SignupErrorPasswordCheck'; } // accommodation if (empty($vars['accommodation']) || $vars['accommodation'] != 'anytime' && $vars['accommodation'] != 'dependonrequest' && $vars['accommodation'] != 'neverask') { $errors[] = 'SignupErrorProvideAccommodation'; } if (!empty($vars['sweet'])) { $errors[] = 'SignupErrorSomethingWentWrong'; } // firstname, lastname if (empty($vars['firstname']) || empty($vars['lastname'])) { $errors[] = 'SignupErrorFullNameRequired'; } // (skipped:) secondname if (!isset($vars['mothertongue']) || $vars['mothertongue'] == -1) { $errors[] = 'SignupErrorNoMotherTongue'; } // gender if (empty($vars['gender']) || $vars['gender'] != 'female' && $vars['gender'] != 'male' && $vars['gender'] != 'other') { $errors[] = 'SignupErrorProvideGender'; } // birthyear $birthmonth = 12; if (!empty($vars['birthmonth'])) { $birthmonth = $vars['birthmonth']; } $birthday = 28; // TODO: could sometimes be 29, 30, 31 if (!empty($vars['birthday'])) { $birthday = $vars['birthday']; } if (empty($vars['birthyear']) || !checkdate($birthmonth, $birthday, $vars['birthyear'])) { $errors[] = 'SignupErrorBirthDate'; } else { $vars['iso_date'] = $vars['birthyear'] . "-" . $birthmonth . "-" . $birthday; if ($this->ageValue($vars['iso_date']) < self::YOUNGEST_MEMBER) { $errors[] = 'SignupErrorBirthDateToLow'; } } // (skipped:) birthmonth // (skipped:) birthday // (skipped:) age hidden // terms if (empty($vars['terms']) || !$vars['terms']) { $errors[] = 'SignupMustacceptTerms'; // TODO: looks like a wrong case in "Accept" } return $errors; }
/** * Processing registration * * This is a POST callback function * * Sets following errors in POST-vars: * username - general username fault * uinuse - username already in use * email - general email fault, email format error * einuse - email in use * pw - general password fault * pwmismatch - password mismatch * inserror - error performing db insertion * * @param void */ public function registerProcess() { $c = PFunctions::hex2base64(sha1(__METHOD__)); if (PPostHandler::isHandling()) { $vars =& PPostHandler::getVars(); $errors = array(); // check username if (!isset($vars['u']) || !preg_match(User::HANDLE_PREGEXP, $vars['u']) || strpos($vars['u'], 'xn--') !== false) { $errors[] = 'username'; } elseif ($this->handleInUse($vars['u'])) { $errors[] = 'uinuse'; } // email if (!isset($vars['e']) || !PFunctions::isEmailAddress($vars['e'])) { $errors[] = 'email'; } elseif ($this->emailInUse($vars['e'])) { $errors[] = 'einuse'; } // password if (!isset($vars['p']) || !isset($vars['pc']) || !$vars['p'] || !$vars['pc'] || strlen($vars['p']) < 8) { $errors[] = 'pw'; } elseif ($vars['p'] != $vars['pc']) { $errors[] = 'pwmismatch'; } else { if (substr_count($vars['p'], '*') != strlen($vars['p'])) { // set encoded pw $vars['pwenc'] = MOD_user::passwordEncrypt($vars['p']); $shadow = str_repeat('*', strlen($vars['p'])); $vars['p'] = $shadow; $vars['pc'] = $shadow; } } if (count($errors) > 0) { $vars['errors'] = $errors; return false; } $Auth = new MOD_user_Auth(); $authId = $Auth->checkAuth('defaultUser'); $query = ' INSERT INTO `user` (`id`, `auth_id`, `handle`, `email`, `pw`, `active`) VALUES ( ' . $this->dao->nextId('user') . ', ' . (int) $authId . ', \'' . $this->dao->escape($vars['u']) . '\', \'' . $this->dao->escape($vars['e']) . '\', \'' . $this->dao->escape($vars['pwenc']) . '\', 0 )'; $s = $this->dao->query($query); if (!$s->insertId()) { $vars['errors'] = array('inserror'); return false; } $userId = $s->insertId(); $key = PFunctions::randomString(16); // save register key if (!APP_User::addSetting($userId, 'regkey', $key)) { $vars['errors'] = array('inserror'); return false; } // save lang if (!APP_User::addSetting($userId, 'lang', PVars::get()->lang)) { $vars['errors'] = array('inserror'); return false; } $View = new UserView($this); $View->registerMail($userId); PPostHandler::clearVars(); return PVars::getObj('env')->baseuri . 'user/register/finish'; } else { PPostHandler::setCallback($c, __CLASS__, __FUNCTION__); return $c; } }
/** * Index function * * Currently the index consists of following possible requests: * register - registration form to page content * confirm - confirmation redirect to signup * * @param void */ public function index($args = false) { // In case Signup is closed if (isset($_SESSION['Param']->FeatureSignupClose) && $_SESSION['Param']->FeatureSignupClose == "Yes") { return new SignupClosedPage(); } /* * Enable to check against DNS Blocklists if (MOD_dnsblock::get()->checkRemoteIp()) { return new SignupDNSBlockPage(); } */ $request = $args->request; $model = new SignupModel(); if (isset($_SESSION['IdMember']) && !MOD_right::get()->hasRight('words')) { if (!isset($_SESSION['Username'])) { unset($_SESSION['IdMember']); $page = new SignupProblemPage(); } else { $this->redirect('members/' . $_SESSION['Username']); } } else { switch (isset($request[1]) ? $request[1] : '') { // copied from TB: // checks e-mail address for validity and availability case 'checkemail': // ignore current request, so we can use the last request PRequest::ignoreCurrentRequest(); if (!isset($_GET['email'])) { echo '0'; PPHP::PExit(); } if (!PFunctions::isEmailAddress($_GET['email'])) { echo '0'; PPHP::PExit(); } $users = $model->takeCareForNonUniqueEmailAddress($_GET['email']); if ($users == '') { echo "1"; } else { echo "0"; } PPHP::PExit(); break; // copied from TB: rewiewed by JeanYves // checks Username for validity and availability // copied from TB: rewiewed by JeanYves // checks Username for validity and availability case 'checkhandle': // ignore current request, so we can use the last request PRequest::ignoreCurrentRequest(); if (!isset($request[2])) { echo '0'; PPHP::PExit(); } if (!preg_match(User::HANDLE_PREGEXP, $request[2])) { echo '0'; PPHP::PExit(); } if (strpos($request[2], 'xn--') !== false) { // Don't allow IDN-Prefixes echo '0'; PPHP::PExit(); } echo (bool) (!$model->UsernameInUse($request[2])); PPHP::PExit(); break; case 'getRegions': // ignore current request, so we can use the last request PRequest::ignoreCurrentRequest(); if (!isset($request[2])) { PPHP::PExit(); } case 'terms': MOD_log::get()->write("Viewing terms", "Signup"); // the termsandconditions popup $page = new SignupTermsPopup(); break; case 'privacy': MOD_log::get()->write("Viewing privacy", "Signup"); $page = new SignupPrivacyPopup(); break; case 'confirm': // or give it a different name? // this happens when you click the link in the confirmation email if (!isset($request[2]) || !isset($request[3]) || !preg_match(User::HANDLE_PREGEXP, $request[2]) || !$model->UsernameInUse($request[2]) || !preg_match('/^[a-f0-9]{16}$/', $request[3])) { $error = 'InvalidLink'; } else { $error = $model->confirmSignup($request[2], $request[3]); } $page = new SignupMailConfirmPage(); $page->error = $error; break; case 'resendmail': // shown when clicking on the link in the MailToConfirm error message $error = ''; if (!isset($request[2])) { $error = 'InvalidLink'; } else { $resent = $model->resendConfirmationMail($request[2]); if ($resent !== true) { $error = $resent; } } $page = new SignupResentMailPage(); $page->error = $error; break; case 'finish': $page = new SignupFinishPage(); break; default: $page = new SignupPage(); $page->step = isset($request[1]) && $request[1] ? $request[1] : '1'; $StrLog = "Entering Signup step: #" . $page->step; MOD_log::get()->write($StrLog, "Signup"); $page->model = $model; } } return $page; }
/** * Check form values of Mandatory form, * should always be analog to /build/signup/signup.model.php !! * * @param unknown_type $vars * @return unknown */ public function checkProfileForm(&$vars) { $errors = array(); if ($vars['BirthYear'] == 0 || $vars['BirthMonth'] == 0 || $vars['BirthDay'] == 0) { $errors[] = 'SignupErrorInvalidBirthDate'; } else { $res = $this->validateBirthdate($vars['BirthYear'] . '-' . $vars['BirthMonth'] . '-' . $vars['BirthDay']); if ($res === self::DATE_INVALID) { $errors[] = 'SignupErrorInvalidBirthDate'; } if ($res === self::TOO_YOUNG) { $errors[] = 'MembersErrorTooYoung'; } } if (empty($vars['gender']) || !in_array($vars['gender'], array('male', 'female', 'other'))) { $errors[] = 'SignupErrorInvalidGender'; } if (empty($vars['FirstName'])) { $errors[] = 'SignupErrorInvalidFirstName'; } if (empty($vars['LastName'])) { $errors[] = 'SignupErrorInvalidLastName'; } if ((empty($vars['Email']) || !PFunctions::isEmailAddress($vars['Email'])) && $vars['Email'] != 'cryptedhidden') { $errors[] = 'SignupErrorInvalidEmail'; } if (!empty($_FILES['profile_picture']['name']) && $_FILES['profile_picture']['error'] != UPLOAD_ERR_OK) { switch ($_FILES['profile_picture']['error']) { case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $errors[] = 'UploadedProfileImageTooBig'; break; default: $errors[] = 'ProfileImageUploadFailed'; break; } } return $errors; }
/** * Index function * * Currently the index consists of following possible requests: * checkemail - prints either "0" or "1" depending on e-mail validity * checkhandle - like "checkemail" with user handle * register - registration form to page content * * @param void */ public function index() { // index is called when http request = ./user $request = PRequest::get()->request; if (!isset($request[1])) { $request[1] = ''; } switch ($request[1]) { case 'avatar': PRequest::ignoreCurrentRequest(); if (!isset($request[2]) || !preg_match(User::HANDLE_PREGEXP, $request[2]) || !($userId = $this->_model->handleInUse($request[2]))) { PPHP::PExit(); } $this->_view->avatar($userId); break; // checks e-mail address for validity and availability // checks e-mail address for validity and availability case 'checkemail': // ignore current request, so we can use the last request PRequest::ignoreCurrentRequest(); if (!isset($_GET['e'])) { echo '0'; PPHP::PExit(); } if (!PFunctions::isEmailAddress($_GET['e'])) { echo '0'; PPHP::PExit(); } echo (bool) (!$this->_model->emailInUse($_GET['e'])); PPHP::PExit(); break; // checks handle for validity and availability // checks handle for validity and availability case 'checkhandle': // ignore current request, so we can use the last request PRequest::ignoreCurrentRequest(); if (!isset($request[2])) { echo '0'; PPHP::PExit(); } if (!preg_match(User::HANDLE_PREGEXP, $request[2])) { echo '0'; PPHP::PExit(); } if (strpos($request[2], 'xn--') !== false) { // Don't allow IDN-Prefixes echo '0'; PPHP::PExit(); } echo (bool) (!$this->_model->handleInUse($request[2])); PPHP::PExit(); break; // confirms a registration // confirms a registration case 'confirm': if (!isset($request[2]) || !isset($request[3]) || !preg_match(User::HANDLE_PREGEXP, $request[2]) || !$this->_model->handleInUse($request[2]) || !preg_match('/^[a-f0-9]{16}$/', $request[3])) { $error = true; } else { if ($this->_model->confirmRegister($request[2], $request[3])) { $error = false; } else { $error = true; } } ob_start(); $this->_view->registerConfirm($error); $str = ob_get_contents(); ob_end_clean(); $P = PVars::getObj('page'); $P->content .= $str; break; case 'find': $res = $this->_model->find($_GET['q']); ob_start(); $this->_view->searchResult($res); $str = ob_get_contents(); ob_end_clean(); $P = PVars::getObj('page'); $P->content .= $str; break; case 'friends': if (!($User = APP_User::login())) { return false; } $friends = $this->_model->getFriends($User->getId()); ob_start(); $this->_view->friends($friends); $str = ob_get_contents(); ob_end_clean(); $P = PVars::getObj('page'); $P->content .= $str; break; case 'logout': $this->_model->logout(); header("Location: " . PVars::getObj('env')->baseuri); break; // waiting approval message // waiting approval message case 'waitingapproval': // now the teaser content ob_start(); $this->_view->ShowInfoMessage('', ''); $str = ob_get_contents(); $Page = PVars::getObj('page'); $Page->teaserBar .= $str; ob_end_clean(); // now the message content ob_start(); $this->_view->ShowInfoMessage('WaitingForApprovalText', 'WaitingForApprovalTitle'); $str = ob_get_contents(); ob_end_clean(); $P = PVars::getObj('page'); $P->content .= $str; break; case 'settings': ob_start(); $this->_view->settingsForm(); $str = ob_get_contents(); ob_end_clean(); $P = PVars::getObj('page'); $P->content .= $str; break; case 'password': ob_start(); $this->_view->customStyles(); $str = ob_get_contents(); $Page = PVars::getObj('page'); $Page->addStyles .= $str; ob_end_clean(); // now the teaser content ob_start(); $this->_view->teaser(); $str = ob_get_contents(); $Page = PVars::getObj('page'); $Page->teaserBar .= $str; ob_end_clean(); // now the content on the right ob_start(); $this->_view->rightContent(); $str = ob_get_contents(); $Page = PVars::getObj('page'); $Page->rContent .= $str; ob_end_clean(); // main content ob_start(); $this->_view->passwordForm(); $str = ob_get_contents(); $P = PVars::getObj('page'); $P->content .= $str; ob_end_clean(); break; default: if (preg_match(User::HANDLE_PREGEXP, $request[1])) { if (!isset($request[2])) { $request[2] = ''; } switch ($request[2]) { case 'pic': if (!($User = APP_User::login())) { return false; } ob_start(); $picture = $this->_model->getPicture($request[1]); $this->_view->picture($picture); $str = ob_get_contents(); ob_end_clean(); $P = PVars::getObj('page'); $P->content .= $str; break; default: // redirects to the old bw-based profile header("Location: " . PVars::getObj('env')->baseuri . "bw/member.php?cid=" . $request[1]); // disabled TB-based userpage for now /* ob_start(); $this->_view->userPage($request[1]); $str = ob_get_contents(); ob_end_clean(); $P = PVars::getObj('page'); $P->content .= $str; */ break; } } } }