Exemple #1
0
 /**
  * Check form values of registration form,
  * do some cautious corrections
  *
  * @param unknown_type $vars
  * @return unknown
  */
 public function checkRegistrationForm(&$vars)
 {
     $errors = array();
     // geonameid
     if (empty($vars['geonameid']) || empty($vars['countryname'])) {
         $errors[] = 'SignupErrorProvideLocation';
         unset($vars['geonameid']);
     }
     // username
     if (!isset($vars['username']) || !preg_match(self::HANDLE_PREGEXP, $vars['username']) || strpos($vars['username'], 'xn--') !== false) {
         $errors[] = 'SignupErrorWrongUsername';
     } elseif ($this->UsernameInUse($vars['username'])) {
         $errors[] = 'SignupErrorUsernameAlreadyTaken';
     }
     // email (e-mail duplicates in BW database *not* allowed (as of 1st May 2013, ticket ))
     if (!isset($vars['email']) || !PFunctions::isEmailAddress($vars['email'])) {
         $errors[] = 'SignupErrorInvalidEmail';
     }
     if (!isset($vars['emailcheck']) || strcmp($vars['email'], $vars['emailcheck']) != 0) {
         $errors[] = 'SignupErrorEmailCheck';
     }
     $users = $this->takeCareForNonUniqueEmailAddress($vars['email']);
     if ($users != '') {
         $errors[] = 'SignupErrorEmailAddressAlreadyInUse';
     }
     // password
     if (!isset($vars['password']) || !isset($vars['passwordcheck']) || strlen($vars['password']) < 6 || strcmp($vars['password'], $vars['passwordcheck']) != 0) {
         $errors[] = 'SignupErrorPasswordCheck';
     }
     // accommodation
     if (empty($vars['accommodation']) || $vars['accommodation'] != 'anytime' && $vars['accommodation'] != 'dependonrequest' && $vars['accommodation'] != 'neverask') {
         $errors[] = 'SignupErrorProvideAccommodation';
     }
     if (!empty($vars['sweet'])) {
         $errors[] = 'SignupErrorSomethingWentWrong';
     }
     // firstname, lastname
     if (empty($vars['firstname']) || empty($vars['lastname'])) {
         $errors[] = 'SignupErrorFullNameRequired';
     }
     // (skipped:) secondname
     if (!isset($vars['mothertongue']) || $vars['mothertongue'] == -1) {
         $errors[] = 'SignupErrorNoMotherTongue';
     }
     // gender
     if (empty($vars['gender']) || $vars['gender'] != 'female' && $vars['gender'] != 'male' && $vars['gender'] != 'other') {
         $errors[] = 'SignupErrorProvideGender';
     }
     // birthyear
     $birthmonth = 12;
     if (!empty($vars['birthmonth'])) {
         $birthmonth = $vars['birthmonth'];
     }
     $birthday = 28;
     // TODO: could sometimes be 29, 30, 31
     if (!empty($vars['birthday'])) {
         $birthday = $vars['birthday'];
     }
     if (empty($vars['birthyear']) || !checkdate($birthmonth, $birthday, $vars['birthyear'])) {
         $errors[] = 'SignupErrorBirthDate';
     } else {
         $vars['iso_date'] = $vars['birthyear'] . "-" . $birthmonth . "-" . $birthday;
         if ($this->ageValue($vars['iso_date']) < self::YOUNGEST_MEMBER) {
             $errors[] = 'SignupErrorBirthDateToLow';
         }
     }
     // (skipped:) birthmonth
     // (skipped:) birthday
     // (skipped:) age hidden
     // terms
     if (empty($vars['terms']) || !$vars['terms']) {
         $errors[] = 'SignupMustacceptTerms';
         // TODO: looks like a wrong case in "Accept"
     }
     return $errors;
 }
Exemple #2
0
    /**
     * Processing registration
     *
     * This is a POST callback function
     *
     * Sets following errors in POST-vars:
     * username   - general username fault
     * uinuse     - username already in use
     * email      - general email fault, email format error
     * einuse     - email in use
     * pw         - general password fault
     * pwmismatch - password mismatch
     * inserror   - error performing db insertion
     *
     * @param void
     */
    public function registerProcess()
    {
        $c = PFunctions::hex2base64(sha1(__METHOD__));
        if (PPostHandler::isHandling()) {
            $vars =& PPostHandler::getVars();
            $errors = array();
            // check username
            if (!isset($vars['u']) || !preg_match(User::HANDLE_PREGEXP, $vars['u']) || strpos($vars['u'], 'xn--') !== false) {
                $errors[] = 'username';
            } elseif ($this->handleInUse($vars['u'])) {
                $errors[] = 'uinuse';
            }
            // email
            if (!isset($vars['e']) || !PFunctions::isEmailAddress($vars['e'])) {
                $errors[] = 'email';
            } elseif ($this->emailInUse($vars['e'])) {
                $errors[] = 'einuse';
            }
            // password
            if (!isset($vars['p']) || !isset($vars['pc']) || !$vars['p'] || !$vars['pc'] || strlen($vars['p']) < 8) {
                $errors[] = 'pw';
            } elseif ($vars['p'] != $vars['pc']) {
                $errors[] = 'pwmismatch';
            } else {
                if (substr_count($vars['p'], '*') != strlen($vars['p'])) {
                    // set encoded pw
                    $vars['pwenc'] = MOD_user::passwordEncrypt($vars['p']);
                    $shadow = str_repeat('*', strlen($vars['p']));
                    $vars['p'] = $shadow;
                    $vars['pc'] = $shadow;
                }
            }
            if (count($errors) > 0) {
                $vars['errors'] = $errors;
                return false;
            }
            $Auth = new MOD_user_Auth();
            $authId = $Auth->checkAuth('defaultUser');
            $query = '
INSERT INTO `user`
(`id`, `auth_id`, `handle`, `email`, `pw`, `active`)
VALUES
(
    ' . $this->dao->nextId('user') . ',
    ' . (int) $authId . ',
    \'' . $this->dao->escape($vars['u']) . '\',
    \'' . $this->dao->escape($vars['e']) . '\',
    \'' . $this->dao->escape($vars['pwenc']) . '\',
    0
)';
            $s = $this->dao->query($query);
            if (!$s->insertId()) {
                $vars['errors'] = array('inserror');
                return false;
            }
            $userId = $s->insertId();
            $key = PFunctions::randomString(16);
            // save register key
            if (!APP_User::addSetting($userId, 'regkey', $key)) {
                $vars['errors'] = array('inserror');
                return false;
            }
            // save lang
            if (!APP_User::addSetting($userId, 'lang', PVars::get()->lang)) {
                $vars['errors'] = array('inserror');
                return false;
            }
            $View = new UserView($this);
            $View->registerMail($userId);
            PPostHandler::clearVars();
            return PVars::getObj('env')->baseuri . 'user/register/finish';
        } else {
            PPostHandler::setCallback($c, __CLASS__, __FUNCTION__);
            return $c;
        }
    }
Exemple #3
0
 /**
  * Index function
  *
  * Currently the index consists of following possible requests:
  * register    - registration form to page content
  * confirm   - confirmation redirect to signup
  *
  * @param void
  */
 public function index($args = false)
 {
     // In case Signup is closed
     if (isset($_SESSION['Param']->FeatureSignupClose) && $_SESSION['Param']->FeatureSignupClose == "Yes") {
         return new SignupClosedPage();
     }
     /*
              * Enable to check against DNS Blocklists
     if (MOD_dnsblock::get()->checkRemoteIp()) {
                 return new SignupDNSBlockPage();
             }
     */
     $request = $args->request;
     $model = new SignupModel();
     if (isset($_SESSION['IdMember']) && !MOD_right::get()->hasRight('words')) {
         if (!isset($_SESSION['Username'])) {
             unset($_SESSION['IdMember']);
             $page = new SignupProblemPage();
         } else {
             $this->redirect('members/' . $_SESSION['Username']);
         }
     } else {
         switch (isset($request[1]) ? $request[1] : '') {
             // copied from TB:
             // checks e-mail address for validity and availability
             case 'checkemail':
                 // ignore current request, so we can use the last request
                 PRequest::ignoreCurrentRequest();
                 if (!isset($_GET['email'])) {
                     echo '0';
                     PPHP::PExit();
                 }
                 if (!PFunctions::isEmailAddress($_GET['email'])) {
                     echo '0';
                     PPHP::PExit();
                 }
                 $users = $model->takeCareForNonUniqueEmailAddress($_GET['email']);
                 if ($users == '') {
                     echo "1";
                 } else {
                     echo "0";
                 }
                 PPHP::PExit();
                 break;
                 // copied from TB: rewiewed by JeanYves
                 // checks Username for validity and availability
             // copied from TB: rewiewed by JeanYves
             // checks Username for validity and availability
             case 'checkhandle':
                 // ignore current request, so we can use the last request
                 PRequest::ignoreCurrentRequest();
                 if (!isset($request[2])) {
                     echo '0';
                     PPHP::PExit();
                 }
                 if (!preg_match(User::HANDLE_PREGEXP, $request[2])) {
                     echo '0';
                     PPHP::PExit();
                 }
                 if (strpos($request[2], 'xn--') !== false) {
                     // Don't allow IDN-Prefixes
                     echo '0';
                     PPHP::PExit();
                 }
                 echo (bool) (!$model->UsernameInUse($request[2]));
                 PPHP::PExit();
                 break;
             case 'getRegions':
                 // ignore current request, so we can use the last request
                 PRequest::ignoreCurrentRequest();
                 if (!isset($request[2])) {
                     PPHP::PExit();
                 }
             case 'terms':
                 MOD_log::get()->write("Viewing terms", "Signup");
                 // the termsandconditions popup
                 $page = new SignupTermsPopup();
                 break;
             case 'privacy':
                 MOD_log::get()->write("Viewing privacy", "Signup");
                 $page = new SignupPrivacyPopup();
                 break;
             case 'confirm':
                 // or give it a different name?
                 // this happens when you click the link in the confirmation email
                 if (!isset($request[2]) || !isset($request[3]) || !preg_match(User::HANDLE_PREGEXP, $request[2]) || !$model->UsernameInUse($request[2]) || !preg_match('/^[a-f0-9]{16}$/', $request[3])) {
                     $error = 'InvalidLink';
                 } else {
                     $error = $model->confirmSignup($request[2], $request[3]);
                 }
                 $page = new SignupMailConfirmPage();
                 $page->error = $error;
                 break;
             case 'resendmail':
                 // shown when clicking on the link in the MailToConfirm error message
                 $error = '';
                 if (!isset($request[2])) {
                     $error = 'InvalidLink';
                 } else {
                     $resent = $model->resendConfirmationMail($request[2]);
                     if ($resent !== true) {
                         $error = $resent;
                     }
                 }
                 $page = new SignupResentMailPage();
                 $page->error = $error;
                 break;
             case 'finish':
                 $page = new SignupFinishPage();
                 break;
             default:
                 $page = new SignupPage();
                 $page->step = isset($request[1]) && $request[1] ? $request[1] : '1';
                 $StrLog = "Entering Signup step: #" . $page->step;
                 MOD_log::get()->write($StrLog, "Signup");
                 $page->model = $model;
         }
     }
     return $page;
 }
Exemple #4
0
 /**
  * Check form values of Mandatory form,
  * should always be analog to /build/signup/signup.model.php !!
  *
  * @param unknown_type $vars
  * @return unknown
  */
 public function checkProfileForm(&$vars)
 {
     $errors = array();
     if ($vars['BirthYear'] == 0 || $vars['BirthMonth'] == 0 || $vars['BirthDay'] == 0) {
         $errors[] = 'SignupErrorInvalidBirthDate';
     } else {
         $res = $this->validateBirthdate($vars['BirthYear'] . '-' . $vars['BirthMonth'] . '-' . $vars['BirthDay']);
         if ($res === self::DATE_INVALID) {
             $errors[] = 'SignupErrorInvalidBirthDate';
         }
         if ($res === self::TOO_YOUNG) {
             $errors[] = 'MembersErrorTooYoung';
         }
     }
     if (empty($vars['gender']) || !in_array($vars['gender'], array('male', 'female', 'other'))) {
         $errors[] = 'SignupErrorInvalidGender';
     }
     if (empty($vars['FirstName'])) {
         $errors[] = 'SignupErrorInvalidFirstName';
     }
     if (empty($vars['LastName'])) {
         $errors[] = 'SignupErrorInvalidLastName';
     }
     if ((empty($vars['Email']) || !PFunctions::isEmailAddress($vars['Email'])) && $vars['Email'] != 'cryptedhidden') {
         $errors[] = 'SignupErrorInvalidEmail';
     }
     if (!empty($_FILES['profile_picture']['name']) && $_FILES['profile_picture']['error'] != UPLOAD_ERR_OK) {
         switch ($_FILES['profile_picture']['error']) {
             case UPLOAD_ERR_INI_SIZE:
             case UPLOAD_ERR_FORM_SIZE:
                 $errors[] = 'UploadedProfileImageTooBig';
                 break;
             default:
                 $errors[] = 'ProfileImageUploadFailed';
                 break;
         }
     }
     return $errors;
 }
Exemple #5
0
 /**
  * Index function
  * 
  * Currently the index consists of following possible requests:
  * checkemail  - prints either "0" or "1" depending on e-mail validity
  * checkhandle - like "checkemail" with user handle
  * register    - registration form to page content 
  * 
  * @param void
  */
 public function index()
 {
     // index is called when http request = ./user
     $request = PRequest::get()->request;
     if (!isset($request[1])) {
         $request[1] = '';
     }
     switch ($request[1]) {
         case 'avatar':
             PRequest::ignoreCurrentRequest();
             if (!isset($request[2]) || !preg_match(User::HANDLE_PREGEXP, $request[2]) || !($userId = $this->_model->handleInUse($request[2]))) {
                 PPHP::PExit();
             }
             $this->_view->avatar($userId);
             break;
             // checks e-mail address for validity and availability
         // checks e-mail address for validity and availability
         case 'checkemail':
             // ignore current request, so we can use the last request
             PRequest::ignoreCurrentRequest();
             if (!isset($_GET['e'])) {
                 echo '0';
                 PPHP::PExit();
             }
             if (!PFunctions::isEmailAddress($_GET['e'])) {
                 echo '0';
                 PPHP::PExit();
             }
             echo (bool) (!$this->_model->emailInUse($_GET['e']));
             PPHP::PExit();
             break;
             // checks handle for validity and availability
         // checks handle for validity and availability
         case 'checkhandle':
             // ignore current request, so we can use the last request
             PRequest::ignoreCurrentRequest();
             if (!isset($request[2])) {
                 echo '0';
                 PPHP::PExit();
             }
             if (!preg_match(User::HANDLE_PREGEXP, $request[2])) {
                 echo '0';
                 PPHP::PExit();
             }
             if (strpos($request[2], 'xn--') !== false) {
                 // Don't allow IDN-Prefixes
                 echo '0';
                 PPHP::PExit();
             }
             echo (bool) (!$this->_model->handleInUse($request[2]));
             PPHP::PExit();
             break;
             // confirms a registration
         // confirms a registration
         case 'confirm':
             if (!isset($request[2]) || !isset($request[3]) || !preg_match(User::HANDLE_PREGEXP, $request[2]) || !$this->_model->handleInUse($request[2]) || !preg_match('/^[a-f0-9]{16}$/', $request[3])) {
                 $error = true;
             } else {
                 if ($this->_model->confirmRegister($request[2], $request[3])) {
                     $error = false;
                 } else {
                     $error = true;
                 }
             }
             ob_start();
             $this->_view->registerConfirm($error);
             $str = ob_get_contents();
             ob_end_clean();
             $P = PVars::getObj('page');
             $P->content .= $str;
             break;
         case 'find':
             $res = $this->_model->find($_GET['q']);
             ob_start();
             $this->_view->searchResult($res);
             $str = ob_get_contents();
             ob_end_clean();
             $P = PVars::getObj('page');
             $P->content .= $str;
             break;
         case 'friends':
             if (!($User = APP_User::login())) {
                 return false;
             }
             $friends = $this->_model->getFriends($User->getId());
             ob_start();
             $this->_view->friends($friends);
             $str = ob_get_contents();
             ob_end_clean();
             $P = PVars::getObj('page');
             $P->content .= $str;
             break;
         case 'logout':
             $this->_model->logout();
             header("Location: " . PVars::getObj('env')->baseuri);
             break;
             // waiting approval message
         // waiting approval message
         case 'waitingapproval':
             // now the teaser content
             ob_start();
             $this->_view->ShowInfoMessage('', '');
             $str = ob_get_contents();
             $Page = PVars::getObj('page');
             $Page->teaserBar .= $str;
             ob_end_clean();
             // now the message content
             ob_start();
             $this->_view->ShowInfoMessage('WaitingForApprovalText', 'WaitingForApprovalTitle');
             $str = ob_get_contents();
             ob_end_clean();
             $P = PVars::getObj('page');
             $P->content .= $str;
             break;
         case 'settings':
             ob_start();
             $this->_view->settingsForm();
             $str = ob_get_contents();
             ob_end_clean();
             $P = PVars::getObj('page');
             $P->content .= $str;
             break;
         case 'password':
             ob_start();
             $this->_view->customStyles();
             $str = ob_get_contents();
             $Page = PVars::getObj('page');
             $Page->addStyles .= $str;
             ob_end_clean();
             // now the teaser content
             ob_start();
             $this->_view->teaser();
             $str = ob_get_contents();
             $Page = PVars::getObj('page');
             $Page->teaserBar .= $str;
             ob_end_clean();
             // now the content on the right
             ob_start();
             $this->_view->rightContent();
             $str = ob_get_contents();
             $Page = PVars::getObj('page');
             $Page->rContent .= $str;
             ob_end_clean();
             // main content
             ob_start();
             $this->_view->passwordForm();
             $str = ob_get_contents();
             $P = PVars::getObj('page');
             $P->content .= $str;
             ob_end_clean();
             break;
         default:
             if (preg_match(User::HANDLE_PREGEXP, $request[1])) {
                 if (!isset($request[2])) {
                     $request[2] = '';
                 }
                 switch ($request[2]) {
                     case 'pic':
                         if (!($User = APP_User::login())) {
                             return false;
                         }
                         ob_start();
                         $picture = $this->_model->getPicture($request[1]);
                         $this->_view->picture($picture);
                         $str = ob_get_contents();
                         ob_end_clean();
                         $P = PVars::getObj('page');
                         $P->content .= $str;
                         break;
                     default:
                         // redirects to the old bw-based profile
                         header("Location: " . PVars::getObj('env')->baseuri . "bw/member.php?cid=" . $request[1]);
                         // disabled TB-based userpage for now
                         /*    ob_start();
                               $this->_view->userPage($request[1]);
                               $str = ob_get_contents();
                               ob_end_clean();
                               $P = PVars::getObj('page');
                               $P->content .= $str; */
                         break;
                 }
             }
     }
 }