function validate_member($use_screen_name = 'yes') { /** ------------------------------------- /** Instantiate validation class /** -------------------------------------*/ if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate' . EXT; } $VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $_POST['username'], 'cur_username' => '', 'screen_name' => $_POST['screen_name'], 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => $_POST['email'], 'cur_email' => '')); $VAL->validate_username(); $VAL->validate_email(); $VAL->validate_password(); if ($use_screen_name == 'yes') { $VAL->validate_screen_name(); } // Display errors if there are any if (count($VAL->errors) > 0) { return array('result' => 'failed', 'errors' => $VAL->errors); } else { return TRUE; } }
/** * Username/Password Update */ function update_userpass() { ee()->load->library('auth'); // Safety. Prevents accessing this function unless // the request came from the form submission if (!ee()->input->post('current_password')) { return ee()->output->show_user_error('general', array(ee()->lang->line('current_password_required'))); } $query = ee()->db->select('username, screen_name, password')->get_where('members', array('member_id' => (int) ee()->session->userdata('member_id'))); if (!$query->num_rows()) { return FALSE; } if (ee()->config->item('allow_username_change') != 'y') { $_POST['username'] = $query->row('username'); } // If the screen name field is empty, we'll assign it // from the username field. if ($_POST['screen_name'] == '') { $_POST['screen_name'] = $_POST['username']; } if (!isset($_POST['username'])) { $_POST['username'] = ''; } // Validate submitted data if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate.php'; } $VAL = new EE_Validate(array('member_id' => ee()->session->userdata('member_id'), 'val_type' => 'update', 'fetch_lang' => TRUE, 'require_cpw' => TRUE, 'enable_log' => FALSE, 'username' => $_POST['username'], 'cur_username' => $query->row('username'), 'screen_name' => $_POST['screen_name'], 'cur_screen_name' => $query->row('screen_name'), 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => $_POST['current_password'])); $VAL->validate_screen_name(); if (ee()->config->item('allow_username_change') == 'y') { $VAL->validate_username(); } if ($_POST['password'] != '') { $VAL->validate_password(); } // Display validation errors if there are any if (count($VAL->errors) > 0) { return ee()->output->show_user_error('submission', $VAL->errors); } // Finally, and most important of all, was their // current password submitted correctly? if (!ee()->auth->authenticate_id((int) ee()->session->userdata('member_id'), ee()->input->post('current_password'))) { return ee()->output->show_user_error('general', array(ee()->lang->line('current_password_incorrect'))); } /** ------------------------------------- /** Update "last post" forum info if needed /** -------------------------------------*/ if ($query->row('screen_name') != $_POST['screen_name'] and ee()->config->item('forum_is_installed') == "y") { ee()->db->query("UPDATE exp_forums SET forum_last_post_author = '" . ee()->db->escape_str($_POST['screen_name']) . "' WHERE forum_last_post_author_id = '" . ee()->session->userdata('member_id') . "'"); ee()->db->query("UPDATE exp_forum_moderators SET mod_member_name = '" . ee()->db->escape_str($_POST['screen_name']) . "' WHERE mod_member_id = '" . ee()->session->userdata('member_id') . "'"); } /** ------------------------------------- /** Assign the query data /** -------------------------------------*/ $data['screen_name'] = $_POST['screen_name']; if (ee()->config->item('allow_username_change') == 'y') { $data['username'] = $_POST['username']; } // Was a password submitted? $pw_change = ''; if ($_POST['password'] != '') { ee()->auth->update_password(ee()->session->userdata('member_id'), ee()->input->post('password')); $pw_change = $this->_var_swap($this->_load_element('password_change_warning'), array('lang:password_change_warning' => ee()->lang->line('password_change_warning'))); } ee()->db->query(ee()->db->update_string('exp_members', $data, "member_id = '" . ee()->session->userdata('member_id') . "'")); /** ------------------------------------- /** Update comments if screen name has changed /** -------------------------------------*/ if ($query->row('screen_name') != $_POST['screen_name']) { ee()->db->query(ee()->db->update_string('exp_comments', array('name' => $_POST['screen_name']), "author_id = '" . ee()->session->userdata('member_id') . "'")); ee()->session->userdata['screen_name'] = stripslashes($_POST['screen_name']); } /** ------------------------------------- /** Success message /** -------------------------------------*/ return $this->_var_swap($this->_load_element('success'), array('lang:heading' => ee()->lang->line('username_and_password'), 'lang:message' => ee()->lang->line('mbr_settings_updated') . $pw_change)); }
/** * Register Member */ public function register_member() { // Do we allow new member registrations? if (ee()->config->item('allow_member_registration') == 'n') { return FALSE; } // Is user banned? if (ee()->session->userdata('is_banned') === TRUE) { return ee()->output->show_user_error('general', array(lang('not_authorized'))); } // Blacklist/Whitelist Check if (ee()->blacklist->blacklisted == 'y' && ee()->blacklist->whitelisted == 'n') { return ee()->output->show_user_error('general', array(lang('not_authorized'))); } ee()->load->helper('url'); // ------------------------------------------- // 'member_member_register_start' hook. // - Take control of member registration routine // - Added EE 1.4.2 // ee()->extensions->call('member_member_register_start'); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- // Set the default globals $default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location'); foreach ($default as $val) { if (!isset($_POST[$val])) { $_POST[$val] = ''; } } if ($_POST['screen_name'] == '') { $_POST['screen_name'] = $_POST['username']; } // Instantiate validation class if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate.php'; } $VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => trim_nbs($_POST['username']), 'cur_username' => '', 'screen_name' => trim_nbs($_POST['screen_name']), 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => trim($_POST['email']), 'cur_email' => '')); $VAL->validate_username(); $VAL->validate_screen_name(); $VAL->validate_password(); $VAL->validate_email(); // Do we have any custom fields? $query = ee()->db->select('m_field_id, m_field_name, m_field_label, m_field_type, m_field_list_items, m_field_required')->where('m_field_reg', 'y')->get('member_fields'); $cust_errors = array(); $cust_fields = array(); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $field_name = 'm_field_id_' . $row['m_field_id']; // Assume we're going to save this data, unless it's empty to begin with $valid = isset($_POST[$field_name]) && $_POST[$field_name] != ''; // Basic validations if ($row['m_field_required'] == 'y' && !$valid) { $cust_errors[] = lang('mbr_field_required') . ' ' . $row['m_field_label']; } elseif ($row['m_field_type'] == 'select' && $valid) { // Ensure their selection is actually a valid choice $options = explode("\n", $row['m_field_list_items']); if (!in_array(htmlentities($_POST[$field_name]), $options)) { $valid = FALSE; $cust_errors[] = lang('mbr_field_invalid') . ' ' . $row['m_field_label']; } } if ($valid) { $cust_fields[$field_name] = ee()->security->xss_clean($_POST[$field_name]); } } } if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) { $cust_errors[] = lang('mbr_emails_not_match'); } if (ee()->config->item('use_membership_captcha') == 'y') { if (!isset($_POST['captcha']) or $_POST['captcha'] == '') { $cust_errors[] = lang('captcha_required'); } } if (ee()->config->item('require_terms_of_service') == 'y') { if (!isset($_POST['accept_terms'])) { $cust_errors[] = lang('mbr_terms_of_service_required'); } } // ------------------------------------------- // 'member_member_register_errors' hook. // - Additional error checking prior to submission // - Added EE 2.5.0 // ee()->extensions->call('member_member_register_errors', $this); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- $errors = array_merge($VAL->errors, $cust_errors, $this->errors); // Display error is there are any if (count($errors) > 0) { return ee()->output->show_user_error('submission', $errors); } // Do we require captcha? if (ee()->config->item('use_membership_captcha') == 'y') { $query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return ee()->output->show_user_error('submission', array(lang('captcha_incorrect'))); } ee()->db->query("DELETE FROM exp_captcha WHERE (word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } ee()->load->helper('security'); // Assign the base query data $data = array('username' => trim_nbs(ee()->input->post('username')), 'password' => sha1($_POST['password']), 'ip_address' => ee()->input->ip_address(), 'unique_id' => ee()->functions->random('encrypt'), 'join_date' => ee()->localize->now, 'email' => trim_nbs(ee()->input->post('email')), 'screen_name' => trim_nbs(ee()->input->post('screen_name')), 'url' => prep_url(ee()->input->post('url')), 'location' => ee()->input->post('location'), 'language' => ee()->config->item('deft_lang') ? ee()->config->item('deft_lang') : 'english', 'date_format' => ee()->config->item('date_format') ? ee()->config->item('date_format') : '%n/%j/%y', 'time_format' => ee()->config->item('time_format') ? ee()->config->item('time_format') : '12', 'include_seconds' => ee()->config->item('include_seconds') ? ee()->config->item('include_seconds') : 'n', 'timezone' => ee()->config->item('default_site_timezone')); // Set member group if (ee()->config->item('req_mbr_activation') == 'manual' or ee()->config->item('req_mbr_activation') == 'email') { $data['group_id'] = 4; // Pending } else { if (ee()->config->item('default_member_group') == '') { $data['group_id'] = 4; // Pending } else { $data['group_id'] = ee()->config->item('default_member_group'); } } // Optional Fields $optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'date_format' => 'date_format', 'time_format' => 'time_format', 'include_seconds' => 'include_seconds'); foreach ($optional as $key => $value) { if (isset($_POST[$value])) { $data[$key] = $_POST[$value]; } } // We generate an authorization code if the member needs to self-activate if (ee()->config->item('req_mbr_activation') == 'email') { $data['authcode'] = ee()->functions->random('alnum', 10); } // Insert basic member data ee()->db->query(ee()->db->insert_string('exp_members', $data)); $member_id = ee()->db->insert_id(); // Insert custom fields $cust_fields['member_id'] = $member_id; ee()->db->query(ee()->db->insert_string('exp_member_data', $cust_fields)); // Create a record in the member homepage table // This is only necessary if the user gains CP access, // but we'll add the record anyway. ee()->db->query(ee()->db->insert_string('exp_member_homepage', array('member_id' => $member_id))); // Mailinglist Subscribe $mailinglist_subscribe = FALSE; if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) { // Kill duplicate emails from authorizatin queue. ee()->db->where('email', $_POST['email'])->delete('mailing_list_queue'); // Validate Mailing List ID $query = ee()->db->select('COUNT(*) as count')->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_lists'); // Email Not Already in Mailing List $results = ee()->db->select('COUNT(*) as count')->where('email', $_POST['email'])->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_list'); // INSERT Email if ($query->row('count') > 0 && $results->row('count') == 0) { $mailinglist_subscribe = TRUE; $code = ee()->functions->random('alnum', 10); if (ee()->config->item('req_mbr_activation') == 'email') { // Activated When Membership Activated ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); } elseif (ee()->config->item('req_mbr_activation') == 'manual') { // Mailing List Subscribe Email ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); ee()->lang->loadfile('mailinglist'); $action_id = ee()->functions->fetch_action_id('Mailinglist', 'authorize_email'); $swap = array('activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $code, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url')); $template = ee()->functions->fetch_email_template('mailinglist_activation_instructions'); $email_tit = ee()->functions->var_swap($template['title'], $swap); $email_msg = ee()->functions->var_swap($template['data'], $swap); // Send email ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->mailtype = 'plain'; ee()->email->priority = '3'; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($_POST['email']); ee()->email->subject($email_tit); ee()->email->message($email_msg); ee()->email->send(); } else { // Automatically Accepted ee()->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)\r\n\t\t\t\t\t\t\t\t\t\t VALUES ('" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str(ee()->input->ip_address()) . "')"); } } } // Update if (ee()->config->item('req_mbr_activation') == 'none') { ee()->stats->update_member_stats(); } // Send admin notifications if (ee()->config->item('new_member_notification') == 'y' && ee()->config->item('mbr_notification_emails') != '') { $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $swap = array('name' => $name, 'site_name' => stripslashes(ee()->config->item('site_name')), 'control_panel_url' => ee()->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email']); $template = ee()->functions->fetch_email_template('admin_notify_reg'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); // Remove multiple commas $notify_address = reduce_multiples(ee()->config->item('mbr_notification_emails'), ',', TRUE); // Send email ee()->load->helper('text'); ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($notify_address); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); } // ------------------------------------------- // 'member_member_register' hook. // - Additional processing when a member is created through the User Side // - $member_id added in 2.0.1 // ee()->extensions->call('member_member_register', $data, $member_id); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- // Send user notifications if (ee()->config->item('req_mbr_activation') == 'email') { $action_id = ee()->functions->fetch_action_id('Member', 'activate_member'); $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $board_id = ee()->input->get_post('board_id') !== FALSE && is_numeric(ee()->input->get_post('board_id')) ? ee()->input->get_post('board_id') : 1; $forum_id = ee()->input->get_post('FROM') == 'forum' ? '&r=f&board_id=' . $board_id : ''; $add = $mailinglist_subscribe !== TRUE ? '' : '&mailinglist=' . $_POST['mailinglist_subscribe']; $swap = array('name' => $name, 'activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $data['authcode'] . $forum_id . $add, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email']); $template = ee()->functions->fetch_email_template('mbr_activation_instructions'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); // Send email ee()->load->helper('text'); ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($data['email']); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); $message = lang('mbr_membership_instructions_email'); } elseif (ee()->config->item('req_mbr_activation') == 'manual') { $message = lang('mbr_admin_will_activate'); } else { // Log user in (the extra query is a little annoying) ee()->load->library('auth'); $member_data_q = ee()->db->get_where('members', array('member_id' => $member_id)); $incoming = new Auth_result($member_data_q->row()); $incoming->remember_me(); $incoming->start_session(); $message = lang('mbr_your_are_logged_in'); } // Build the message if (ee()->input->get_post('FROM') == 'forum') { $query = $this->_do_form_query(); $site_name = $query->row('board_label'); $return = $query->row('board_forum_url'); } else { $site_name = ee()->config->item('site_name') == '' ? lang('back') : stripslashes(ee()->config->item('site_name')); $return = ee()->config->item('site_url'); } $data = array('title' => lang('mbr_registration_complete'), 'heading' => lang('thank_you'), 'content' => lang('mbr_registration_completed') . "\n\n" . $message, 'redirect' => '', 'link' => array($return, $site_name)); ee()->output->show_message($data); }
function register_member($ext, $doRegister = TRUE, $error_handling = '') { $this->EE->load->helper('security'); $inline_errors = array(); //$this->EE->load->language("member"); /** ------------------------------------- /** Do we allow new member registrations? /** ------------------------------------*/ if ($this->EE->config->item('allow_member_registration') == 'n') { return array('general', array($this->EE->lang->line('member_registrations_not_allowed'))); } /** ---------------------------------------- /** Is user banned? /** ----------------------------------------*/ if ($this->EE->session->userdata['is_banned'] == TRUE) { return array('general', array($this->EE->lang->line('not_authorized'))); } /** ---------------------------------------- /** Blacklist/Whitelist Check /** ----------------------------------------*/ if ($this->EE->blacklist->blacklisted == 'y' && $this->EE->blacklist->whitelisted == 'n') { return array('general', array($this->EE->lang->line('not_authorized'))); } $this->EE->load->helper('url'); /* ------------------------------------------- /* 'member_member_register_start' hook. /* - Take control of member registration routine /* - Added EE 1.4.2 */ $edata = $this->EE->extensions->call('member_member_register_start'); if ($this->EE->extensions->end_script === TRUE) { return; } /* /* -------------------------------------------*/ /** ---------------------------------------- /** Set the default globals /** ----------------------------------------*/ $default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location'); foreach ($default as $val) { if (!isset($_POST[$val])) { $_POST[$val] = ''; } } if ($_POST['screen_name'] == '') { $_POST['screen_name'] = $_POST['username']; } /** ------------------------------------- /** Instantiate validation class /** -------------------------------------*/ if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate' . EXT; } $VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $_POST['username'], 'cur_username' => '', 'screen_name' => $_POST['screen_name'], 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => $_POST['email'], 'cur_email' => '')); // load the language file $this->EE->lang->loadfile('zoo_visitor'); $VAL->validate_email(); $inline_errors["email"] = $VAL->errors; $offset = count($VAL->errors); /** ------------------------------------- /** Zoo Visitor conditional checking /** -------------------------------------*/ if ($this->zoo_settings['email_is_username'] != 'yes') { $VAL->validate_username(); $inline_errors["username"] = array_slice($VAL->errors, $offset); $offset = count($VAL->errors); } if ($this->zoo_settings['use_screen_name'] != "no") { $VAL->validate_screen_name(); $inline_errors["screen_name"] = array_slice($VAL->errors, $offset); $offset = count($VAL->errors); } $VAL->validate_password(); $inline_errors["password"] = array_slice($VAL->errors, $offset); $offset = count($VAL->errors); /** ------------------------------------- /** Do we have any custom fields? /** -------------------------------------*/ $query = $this->EE->db->query("SELECT m_field_id, m_field_name, m_field_label, m_field_required FROM exp_member_fields"); $cust_errors = array(); $cust_fields = array(); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { if ($row['m_field_required'] == 'y' && (!isset($_POST['m_field_id_' . $row['m_field_id']]) or $_POST['m_field_id_' . $row['m_field_id']] == '')) { $cust_errors[] = $this->EE->lang->line('mbr_field_required') . ' ' . $row['m_field_label']; $inline_errors[$row['m_field_name']] = array($this->EE->lang->line('mbr_field_required') . ' ' . $row['m_field_label']); } elseif (isset($_POST['m_field_id_' . $row['m_field_id']])) { $cust_fields['m_field_id_' . $row['m_field_id']] = $this->EE->security->xss_clean($_POST['m_field_id_' . $row['m_field_id']]); } } } if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) { $cust_errors[] = $this->EE->lang->line('mbr_emails_not_match'); $inline_errors["email_confirm"] = array($this->EE->lang->line('mbr_emails_not_match')); } if ($this->EE->config->item('use_membership_captcha') == 'y') { if (!isset($_POST['captcha']) or $_POST['captcha'] == '') { $cust_errors[] = $this->EE->lang->line('captcha_required'); $inline_errors["captcha"] = array($this->EE->lang->line('captcha_required')); } } /** ---------------------------------------- /** Do we require captcha? /** ----------------------------------------*/ if ($this->EE->config->item('use_membership_captcha') == 'y') { $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . $this->EE->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { $cust_errors[] = $this->EE->lang->line('captcha_incorrect'); $inline_errors["captcha"] = array($this->EE->lang->line('captcha_incorrect')); } //$this->EE->db->query("DELETE FROM exp_captcha WHERE (word='" . $this->EE->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } if ($this->EE->config->item('require_terms_of_service') == 'y') { if (!isset($_POST['accept_terms'])) { $cust_errors[] = $this->EE->lang->line('mbr_terms_of_service_required'); $inline_errors["accept_terms"] = array($this->EE->lang->line('mbr_terms_of_service_required')); } } $errors = array_merge($VAL->errors, $cust_errors); // =========================== // = Set default membergroup = // =========================== if ($this->EE->config->item('req_mbr_activation') == 'manual' or $this->EE->config->item('req_mbr_activation') == 'email') { $data['group_id'] = 4; // Pending } else { if ($this->EE->config->item('default_member_group') == '') { $data['group_id'] = 4; // Pending } else { $data['group_id'] = $this->EE->config->item('default_member_group'); } } // ============================================ // = Check if there is a membergroup selected = // ============================================ $selected_group_id = $this->check_membergroup_change($data); /** ------------------------------------- /** Display error is there are any /** -------------------------------------*/ if (count($errors) > 0) { return array('submission', $inline_errors); //return array('submission', $errors); } if (!$doRegister) { return TRUE; } /** ---------------------------------------- /** Secure Mode Forms? /** ----------------------------------------*/ if ($this->EE->config->item('secure_forms') == 'y') { if (version_compare(APP_VER, '2.5.4', '>=')) { // Secure Mode Forms? if ($this->EE->config->item('secure_forms') == 'y' and !$this->EE->security->secure_forms_check($this->EE->input->post('XID'))) { return $this->EE->output->show_user_error('general', array(lang('not_authorized'))); } } else { $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='" . $this->EE->db->escape_str($_POST['XID']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return array('general', array($this->EE->lang->line('not_authorized'))); } $this->EE->db->query("DELETE FROM exp_security_hashes WHERE (hash='" . $this->EE->db->escape_str($_POST['XID']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } } /** ------------------------------------- /** Assign the base query data /** -------------------------------------*/ $data['username'] = $_POST['username']; $data['password'] = version_compare(APP_VER, '2.6.0', '<') ? $this->EE->functions->hash(stripslashes($_POST['password'])) : do_hash(stripslashes($_POST['password'])); $data['ip_address'] = $this->EE->input->ip_address(); $data['unique_id'] = $this->EE->functions->random('encrypt'); $data['join_date'] = $this->EE->localize->now; $data['email'] = $_POST['email']; $data['screen_name'] = $_POST['screen_name']; $data['url'] = prep_url($_POST['url']); $data['location'] = $_POST['location']; // overridden below if used as optional fields $data['language'] = $this->EE->config->item('deft_lang') ? $this->EE->config->item('deft_lang') : 'english'; $data['time_format'] = $this->EE->config->item('time_format') ? $this->EE->config->item('time_format') : 'us'; $data['timezone'] = $this->EE->config->item('default_site_timezone') && $this->EE->config->item('default_site_timezone') != '' ? $this->EE->config->item('default_site_timezone') : $this->EE->config->item('server_timezone'); if (APP_VER < '2.6.0') { $data['daylight_savings'] = $this->EE->config->item('default_site_dst') && $this->EE->config->item('default_site_dst') != '' ? $this->EE->config->item('default_site_dst') : $this->EE->config->item('daylight_savings'); } // ========================== // = Standard member fields = // ========================== $fields = array('bday_y', 'bday_m', 'bday_d', 'url', 'location', 'occupation', 'interests', 'aol_im', 'icq', 'yahoo_im', 'msn_im', 'bio'); foreach ($fields as $val) { if ($this->EE->input->post($val)) { $data[$val] = isset($_POST[$val]) ? $this->EE->security->xss_clean($_POST[$val]) : ''; unset($_POST[$val]); } } if (isset($data['bday_d']) && is_numeric($data['bday_d']) && is_numeric($data['bday_m'])) { $year = $data['bday_y'] != '' ? $data['bday_y'] : date('Y'); $mdays = $this->EE->localize->fetch_days_in_month($data['bday_m'], $year); if ($data['bday_d'] > $mdays) { $data['bday_d'] = $mdays; } } // Optional Fields $optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'time_format' => 'time_format'); foreach ($optional as $key => $value) { if (isset($_POST[$value])) { $data[$key] = $_POST[$value]; } } /* if ($this->EE->input->post('daylight_savings') == 'y') { $data['daylight_savings'] = 'y'; } elseif ($this->EE->input->post('daylight_savings') == 'n') { $data['daylight_savings'] = 'n'; } */ // We generate an authorization code if the member needs to self-activate if ($this->EE->config->item('req_mbr_activation') == 'email') { $data['authcode'] = $this->EE->functions->random('alnum', 10); } /** ------------------------------------- /** Insert basic member data /** -------------------------------------*/ $this->EE->db->query($this->EE->db->insert_string('exp_members', $data)); $member_id = $this->EE->db->insert_id(); // ============================================= // = Override the screenname for use in emails = // ============================================= $screen_name_overriden = $this->get_override_screen_name(); $data['screen_name'] = $screen_name_overriden !== FALSE ? $screen_name_overriden : $data['screen_name']; // ========================================================================================= // = Store the selected membergroup if it is defined in the form AND activation is required = // ========================================================================================== if (isset($selected_group_id) and is_numeric($selected_group_id) and $selected_group_id != '1') { if ($this->EE->config->item('req_mbr_activation') == 'email' || $this->EE->config->item('req_mbr_activation') == 'manual') { $activation_data = array(); $activation_data['member_id'] = $member_id; $activation_data['group_id'] = $selected_group_id; $this->EE->db->insert('zoo_visitor_activation_membergroup', $activation_data); } } // ===================== // = HASH THE PASSWORD = // ===================== $this->EE->load->library('auth'); $hashed_pair = $this->EE->auth->hash_password($_POST['password']); if ($hashed_pair === FALSE) { } else { $this->EE->db->where('member_id', (int) $member_id); $this->EE->db->update('members', $hashed_pair); } /** ------------------------------------- /** Insert custom fields /** -------------------------------------*/ $cust_fields['member_id'] = $member_id; $this->EE->db->query($this->EE->db->insert_string('exp_member_data', $cust_fields)); /** ------------------------------------- /** Create a record in the member homepage table /** -------------------------------------*/ // This is only necessary if the user gains CP access, but we'll add the record anyway. $this->EE->db->query($this->EE->db->insert_string('exp_member_homepage', array('member_id' => $member_id))); /** ------------------------------------- /** Mailinglist Subscribe /** -------------------------------------*/ $mailinglist_subscribe = FALSE; if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) { // Kill duplicate emails from authorizatin queue. $this->EE->db->query("DELETE FROM exp_mailing_list_queue WHERE email = '" . $this->EE->db->escape_str($_POST['email']) . "'"); // Validate Mailing List ID $query = $this->EE->db->query("SELECT COUNT(*) AS count\n\t\t\t\t\t\t\t\t FROM exp_mailing_lists\n\t\t\t\t\t\t\t\t WHERE list_id = '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "'"); // Email Not Already in Mailing List $results = $this->EE->db->query("SELECT count(*) AS count\n\t\t\t\t\t\t\t\t\tFROM exp_mailing_list\n\t\t\t\t\t\t\t\t\tWHERE email = '" . $this->EE->db->escape_str($_POST['email']) . "'\n\t\t\t\t\t\t\t\t\tAND list_id = '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "'"); /** ------------------------------------- /** INSERT Email /** -------------------------------------*/ if ($query->row('count') > 0 && $results->row('count') == 0) { $mailinglist_subscribe = TRUE; $code = $this->EE->functions->random('alnum', 10); if ($this->EE->config->item('req_mbr_activation') == 'email') { // Activated When Membership Activated $this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\n\t\t\t\t\t\t\t\tVALUES ('" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); } elseif ($this->EE->config->item('req_mbr_activation') == 'manual') { // Mailing List Subscribe Email $this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\n\t\t\t\t\t\t\t\tVALUES ('" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); $this->EE->lang->loadfile('mailinglist'); $action_id = $this->EE->functions->fetch_action_id('Mailinglist', 'authorize_email'); $swap = array('activation_url' => $this->EE->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $code, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url')); $template = $this->EE->functions->fetch_email_template('mailinglist_activation_instructions'); $email_tit = $this->EE->functions->var_swap($template['title'], $swap); $email_msg = $this->EE->functions->var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->mailtype = 'plain'; $this->EE->email->priority = '3'; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($_POST['email']); $this->EE->email->subject($email_tit); $this->EE->email->message($email_msg); $this->EE->email->send(); } else { // Automatically Accepted $this->EE->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)\n\t\t\t\t\t\t\t\t\t\t VALUES ('" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($this->EE->input->ip_address()) . "')"); } } } /** ------------------------------------- /** Update /** -------------------------------------*/ if ($this->EE->config->item('req_mbr_activation') == 'none') { $this->EE->stats->update_member_stats(); } /** ------------------------------------- /** Send admin notifications /** -------------------------------------*/ if ($this->EE->config->item('new_member_notification') == 'y' and $this->EE->config->item('mbr_notification_emails') != '') { $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $swap = array('name' => $name, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'control_panel_url' => $this->EE->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email']); $template = $this->EE->functions->fetch_email_template('admin_notify_reg'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); $this->EE->load->helper('string'); // Remove multiple commas $notify_address = reduce_multiples($this->EE->config->item('mbr_notification_emails'), ',', TRUE); /** ---------------------------- /** Send email /** ----------------------------*/ // Load the text helper $this->EE->load->helper('text'); $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($notify_address); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->Send(); } // ------------------------------------------- // 'member_member_register' hook. // - Additional processing when a member is created through the User Side // - $member_id added in 2.0.1 // $edata = $this->EE->extensions->call('member_member_register', $data, $member_id); if ($this->EE->extensions->end_script === TRUE) { return; } // // ------------------------------------------- /** ------------------------------------- /** Zoo Visitor assignment /** -------------------------------------*/ $member_data = $data; $member_data["member_id"] = $member_id; /** ------------------------------------- /** Send user notifications /** -------------------------------------*/ if ($this->EE->config->item('req_mbr_activation') == 'email') { $action_id = $this->EE->functions->fetch_action_id('Member', 'activate_member'); $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $board_id = $this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id')) ? $this->EE->input->get_post('board_id') : 1; $forum_id = $this->EE->input->get_post('FROM') == 'forum' ? '&r=f&board_id=' . $board_id : ''; $add = $mailinglist_subscribe !== TRUE ? '' : '&mailinglist=' . $_POST['mailinglist_subscribe']; $swap = array('name' => $name, 'activation_url' => $this->EE->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $data['authcode'] . $forum_id . $add, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email']); $template = $this->EE->functions->fetch_email_template('mbr_activation_instructions'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ // Load the text helper $this->EE->load->helper('text'); $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($data['email']); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->Send(); $message = $this->EE->lang->line('mbr_membership_instructions_email'); } elseif ($this->EE->config->item('req_mbr_activation') == 'manual') { $message = $this->EE->lang->line('mbr_admin_will_activate'); } else { /** ---------------------------------------- /** Log user is handled at the end of the extension /** ----------------------------------------*/ } /** ---------------------------------------- /** Build the message /** ----------------------------------------*/ if ($this->EE->input->get_post('FROM') == 'forum') { if ($this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id'))) { $query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '" . $this->EE->db->escape_str($this->EE->input->get_post('board_id')) . "'"); } else { $query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '1'"); } $site_name = $query->row('board_label'); $return = $query->row('board_forum_url'); } else { $site_name = $this->EE->config->item('site_name') == '' ? $this->EE->lang->line('back') : stripslashes($this->EE->config->item('site_name')); $return = $this->EE->config->item('site_url'); } $data = array('title' => $this->EE->lang->line('mbr_registration_complete'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('mbr_registration_completed'), 'redirect' => '', 'link' => array($return, $site_name), 'result' => 'registration_complete', 'member_data' => $member_data); //$this->EE->output->show_message($data); return $data; }
/** ---------------------------------------- /** Username/Password Update /** ----------------------------------------*/ function update_userpass() { // Safety. Prevents accessing this function unless // the requrest came from the form submission if ( ! isset($_POST['current_password'])) { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('invalid_action'))); } $query = $this->EE->db->query("SELECT username, screen_name FROM exp_members WHERE member_id = '".$this->EE->db->escape_str($this->EE->session->userdata('member_id'))."'"); if ($query->num_rows() == 0) { return FALSE; } if ($this->EE->config->item('allow_username_change') != 'y') { $_POST['username'] = $query->row('username'); } // If the screen name field is empty, we'll assign is // from the username field. if ($_POST['screen_name'] == '') $_POST['screen_name'] = $_POST['username']; if ( ! isset($_POST['username'])) $_POST['username'] = ''; /** ------------------------------------- /** Validate submitted data /** -------------------------------------*/ if ( ! class_exists('EE_Validate')) { require APPPATH.'libraries/Validate'.EXT; } $VAL = new EE_Validate( array( 'member_id' => $this->EE->session->userdata('member_id'), 'val_type' => 'update', // new or update 'fetch_lang' => TRUE, 'require_cpw' => TRUE, 'enable_log' => FALSE, 'username' => $_POST['username'], 'cur_username' => $query->row('username') , 'screen_name' => $_POST['screen_name'], 'cur_screen_name' => $query->row('screen_name') , 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => $_POST['current_password'] ) ); $VAL->validate_screen_name(); if ($this->EE->config->item('allow_username_change') == 'y') { $VAL->validate_username(); } if ($_POST['password'] != '') { $VAL->validate_password(); } /** ------------------------------------- /** Display error is there are any /** -------------------------------------*/ if (count($VAL->errors) > 0) { return $this->EE->output->show_user_error('submission', $VAL->errors); } /** ------------------------------------- /** Update "last post" forum info if needed /** -------------------------------------*/ if ($query->row('screen_name') != $_POST['screen_name'] AND $this->EE->config->item('forum_is_installed') == "y" ) { $this->EE->db->query("UPDATE exp_forums SET forum_last_post_author = '".$this->EE->db->escape_str($_POST['screen_name'])."' WHERE forum_last_post_author_id = '".$this->EE->session->userdata('member_id')."'"); $this->EE->db->query("UPDATE exp_forum_moderators SET mod_member_name = '".$this->EE->db->escape_str($_POST['screen_name'])."' WHERE mod_member_id = '".$this->EE->session->userdata('member_id')."'"); } /** ------------------------------------- /** Assign the query data /** -------------------------------------*/ $data['screen_name'] = $_POST['screen_name']; if ($this->EE->config->item('allow_username_change') == 'y') { $data['username'] = $_POST['username']; } // Was a password submitted? $pw_change = ''; if ($_POST['password'] != '') { $data['password'] = $this->EE->functions->hash(stripslashes($_POST['password'])); $pw_change = $this->_var_swap($this->_load_element('password_change_warning'), array('lang:password_change_warning' => $this->EE->lang->line('password_change_warning')) ); } $this->EE->db->query($this->EE->db->update_string('exp_members', $data, "member_id = '".$this->EE->session->userdata('member_id')."'")); /** ------------------------------------- /** Update comments if screen name has changed /** -------------------------------------*/ if ($query->row('screen_name') != $_POST['screen_name']) { $this->EE->db->query($this->EE->db->update_string('exp_comments', array('name' => $_POST['screen_name']), "author_id = '".$this->EE->session->userdata('member_id')."'")); $this->EE->session->userdata['screen_name'] = stripslashes($_POST['screen_name']); } /** ------------------------------------- /** Success message /** -------------------------------------*/ return $this->_var_swap($this->_load_element('success'), array( 'lang:heading' => $this->EE->lang->line('username_and_password'), 'lang:message' => $this->EE->lang->line('mbr_settings_updated').$pw_change ) ); }
/** ---------------------------------------- /** Register Member /** ----------------------------------------*/ function register_member() { /** ------------------------------------- /** Do we allow new member registrations? /** ------------------------------------*/ if ($this->EE->config->item('allow_member_registration') == 'n') { return FALSE; } /** ---------------------------------------- /** Is user banned? /** ----------------------------------------*/ if ($this->EE->session->userdata['is_banned'] == TRUE) { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized'))); } /** ---------------------------------------- /** Blacklist/Whitelist Check /** ----------------------------------------*/ if ($this->EE->blacklist->blacklisted == 'y' && $this->EE->blacklist->whitelisted == 'n') { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized'))); } $this->EE->load->helper('url'); /* ------------------------------------------- /* 'member_member_register_start' hook. /* - Take control of member registration routine /* - Added EE 1.4.2 */ $edata = $this->EE->extensions->call('member_member_register_start'); if ($this->EE->extensions->end_script === TRUE) return; /* /* -------------------------------------------*/ /** ---------------------------------------- /** Set the default globals /** ----------------------------------------*/ $default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location'); foreach ($default as $val) { if ( ! isset($_POST[$val])) $_POST[$val] = ''; } if ($_POST['screen_name'] == '') $_POST['screen_name'] = $_POST['username']; /** ------------------------------------- /** Instantiate validation class /** -------------------------------------*/ if ( ! class_exists('EE_Validate')) { require APPPATH.'libraries/Validate'.EXT; } $VAL = new EE_Validate( array( 'member_id' => '', 'val_type' => 'new', // new or update 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $_POST['username'], 'cur_username' => '', 'screen_name' => $_POST['screen_name'], 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => $_POST['email'], 'cur_email' => '' ) ); $VAL->validate_username(); $VAL->validate_screen_name(); $VAL->validate_password(); $VAL->validate_email(); /** ------------------------------------- /** Do we have any custom fields? /** -------------------------------------*/ $query = $this->EE->db->query("SELECT m_field_id, m_field_name, m_field_label, m_field_required FROM exp_member_fields WHERE m_field_reg = 'y'"); $cust_errors = array(); $cust_fields = array(); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { if ($row['m_field_required'] == 'y' && ( ! isset($_POST['m_field_id_'.$row['m_field_id']]) OR $_POST['m_field_id_'.$row['m_field_id']] == '')) { $cust_errors[] = $this->EE->lang->line('mbr_field_required').' '.$row['m_field_label']; } elseif (isset($_POST['m_field_id_'.$row['m_field_id']])) { $cust_fields['m_field_id_'.$row['m_field_id']] = $this->EE->security->xss_clean($_POST['m_field_id_'.$row['m_field_id']]); } } } if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) { $cust_errors[] = $this->EE->lang->line('mbr_emails_not_match'); } if ($this->EE->config->item('use_membership_captcha') == 'y') { if ( ! isset($_POST['captcha']) OR $_POST['captcha'] == '') { $cust_errors[] = $this->EE->lang->line('captcha_required'); } } if ($this->EE->config->item('require_terms_of_service') == 'y') { if ( ! isset($_POST['accept_terms'])) { $cust_errors[] = $this->EE->lang->line('mbr_terms_of_service_required'); } } $errors = array_merge($VAL->errors, $cust_errors); /** ------------------------------------- /** Display error is there are any /** -------------------------------------*/ if (count($errors) > 0) { return $this->EE->output->show_user_error('submission', $errors); } /** ---------------------------------------- /** Do we require captcha? /** ----------------------------------------*/ if ($this->EE->config->item('use_membership_captcha') == 'y') { $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='".$this->EE->db->escape_str($_POST['captcha'])."' AND ip_address = '".$this->EE->input->ip_address()."' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return $this->EE->output->show_user_error('submission', array($this->EE->lang->line('captcha_incorrect'))); } $this->EE->db->query("DELETE FROM exp_captcha WHERE (word='".$this->EE->db->escape_str($_POST['captcha'])."' AND ip_address = '".$this->EE->input->ip_address()."') OR date < UNIX_TIMESTAMP()-7200"); } /** ---------------------------------------- /** Secure Mode Forms? /** ----------------------------------------*/ if ($this->EE->config->item('secure_forms') == 'y') { $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='".$this->EE->db->escape_str($_POST['XID'])."' AND ip_address = '".$this->EE->input->ip_address()."' AND ip_address = '".$this->EE->input->ip_address()."' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized'))); } $this->EE->db->query("DELETE FROM exp_security_hashes WHERE (hash='".$this->EE->db->escape_str($_POST['XID'])."' AND ip_address = '".$this->EE->input->ip_address()."') OR date < UNIX_TIMESTAMP()-7200"); } /** ------------------------------------- /** Assign the base query data /** -------------------------------------*/ // Set member group if ($this->EE->config->item('req_mbr_activation') == 'manual' OR $this->EE->config->item('req_mbr_activation') == 'email') { $data['group_id'] = 4; // Pending } else { if ($this->EE->config->item('default_member_group') == '') { $data['group_id'] = 4; // Pending } else { $data['group_id'] = $this->EE->config->item('default_member_group'); } } $data['username'] = $_POST['username']; $data['password'] = $this->EE->functions->hash(stripslashes($_POST['password'])); $data['ip_address'] = $this->EE->input->ip_address(); $data['unique_id'] = $this->EE->functions->random('encrypt'); $data['join_date'] = $this->EE->localize->now; $data['email'] = $_POST['email']; $data['screen_name'] = $_POST['screen_name']; $data['url'] = prep_url($_POST['url']); $data['location'] = $_POST['location']; // overridden below if used as optional fields $data['language'] = ($this->EE->config->item('deft_lang')) ? $this->EE->config->item('deft_lang') : 'english'; $data['time_format'] = ($this->EE->config->item('time_format')) ? $this->EE->config->item('time_format') : 'us'; $data['timezone'] = ($this->EE->config->item('default_site_timezone') && $this->EE->config->item('default_site_timezone') != '') ? $this->EE->config->item('default_site_timezone') : $this->EE->config->item('server_timezone'); $data['daylight_savings'] = ($this->EE->config->item('default_site_dst') && $this->EE->config->item('default_site_dst') != '') ? $this->EE->config->item('default_site_dst') : $this->EE->config->item('daylight_savings'); // Optional Fields $optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'time_format' => 'time_format'); foreach($optional as $key => $value) { if (isset($_POST[$value])) { $data[$key] = $_POST[$value]; } } if ($this->EE->input->post('daylight_savings') == 'y') { $data['daylight_savings'] = 'y'; } elseif ($this->EE->input->post('daylight_savings') == 'n') { $data['daylight_savings'] = 'n'; } // We generate an authorization code if the member needs to self-activate if ($this->EE->config->item('req_mbr_activation') == 'email') { $data['authcode'] = $this->EE->functions->random('alnum', 10); } /** ------------------------------------- /** Insert basic member data /** -------------------------------------*/ $this->EE->db->query($this->EE->db->insert_string('exp_members', $data)); $member_id = $this->EE->db->insert_id(); /** ------------------------------------- /** Insert custom fields /** -------------------------------------*/ $cust_fields['member_id'] = $member_id; $this->EE->db->query($this->EE->db->insert_string('exp_member_data', $cust_fields)); /** ------------------------------------- /** Create a record in the member homepage table /** -------------------------------------*/ // This is only necessary if the user gains CP access, but we'll add the record anyway. $this->EE->db->query($this->EE->db->insert_string('exp_member_homepage', array('member_id' => $member_id))); /** ------------------------------------- /** Mailinglist Subscribe /** -------------------------------------*/ $mailinglist_subscribe = FALSE; if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) { // Kill duplicate emails from authorizatin queue. $this->EE->db->query("DELETE FROM exp_mailing_list_queue WHERE email = '".$this->EE->db->escape_str($_POST['email'])."'"); // Validate Mailing List ID $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_mailing_lists WHERE list_id = '".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."'"); // Email Not Already in Mailing List $results = $this->EE->db->query("SELECT count(*) AS count FROM exp_mailing_list WHERE email = '".$this->EE->db->escape_str($_POST['email'])."' AND list_id = '".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."'"); /** ------------------------------------- /** INSERT Email /** -------------------------------------*/ if ($query->row('count') > 0 && $results->row('count') == 0) { $mailinglist_subscribe = TRUE; $code = $this->EE->functions->random('alnum', 10); if ($this->EE->config->item('req_mbr_activation') == 'email') { // Activated When Membership Activated $this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date) VALUES ('".$this->EE->db->escape_str($_POST['email'])."', '".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".time()."')"); } elseif ($this->EE->config->item('req_mbr_activation') == 'manual') { // Mailing List Subscribe Email $this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date) VALUES ('".$this->EE->db->escape_str($_POST['email'])."', '".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".time()."')"); $this->EE->lang->loadfile('mailinglist'); $action_id = $this->EE->functions->fetch_action_id('Mailinglist', 'authorize_email'); $swap = array( 'activation_url' => $this->EE->functions->fetch_site_index(0, 0).QUERY_MARKER.'ACT='.$action_id.'&id='.$code, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url') ); $template = $this->EE->functions->fetch_email_template('mailinglist_activation_instructions'); $email_tit = $this->EE->functions->var_swap($template['title'], $swap); $email_msg = $this->EE->functions->var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->mailtype = 'plain'; $this->EE->email->priority = '3'; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($_POST['email']); $this->EE->email->subject($email_tit); $this->EE->email->message($email_msg); $this->EE->email->send(); } else { // Automatically Accepted $this->EE->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address) VALUES ('".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".$this->EE->db->escape_str($_POST['email'])."', '".$this->EE->db->escape_str($this->EE->input->ip_address())."')"); } } } /** ------------------------------------- /** Update /** -------------------------------------*/ if ($this->EE->config->item('req_mbr_activation') == 'none') { $this->EE->stats->update_member_stats(); } /** ------------------------------------- /** Send admin notifications /** -------------------------------------*/ if ($this->EE->config->item('new_member_notification') == 'y' AND $this->EE->config->item('mbr_notification_emails') != '') { $name = ($data['screen_name'] != '') ? $data['screen_name'] : $data['username']; $swap = array( 'name' => $name, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'control_panel_url' => $this->EE->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email'] ); $template = $this->EE->functions->fetch_email_template('admin_notify_reg'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); $this->EE->load->helper('string'); // Remove multiple commas $notify_address = reduce_multiples($this->EE->config->item('mbr_notification_emails'), ',', TRUE); /** ---------------------------- /** Send email /** ----------------------------*/ // Load the text helper $this->EE->load->helper('text'); $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($notify_address); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->Send(); } // ------------------------------------------- // 'member_member_register' hook. // - Additional processing when a member is created through the User Side // - $member_id added in 2.0.1 // $edata = $this->EE->extensions->call('member_member_register', $data, $member_id); if ($this->EE->extensions->end_script === TRUE) return; // // ------------------------------------------- /** ------------------------------------- /** Send user notifications /** -------------------------------------*/ if ($this->EE->config->item('req_mbr_activation') == 'email') { $action_id = $this->EE->functions->fetch_action_id('Member', 'activate_member'); $name = ($data['screen_name'] != '') ? $data['screen_name'] : $data['username']; $board_id = ($this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id'))) ? $this->EE->input->get_post('board_id') : 1; $forum_id = ($this->EE->input->get_post('FROM') == 'forum') ? '&r=f&board_id='.$board_id : ''; $add = ($mailinglist_subscribe !== TRUE) ? '' : '&mailinglist='.$_POST['mailinglist_subscribe']; $swap = array( 'name' => $name, 'activation_url' => $this->EE->functions->fetch_site_index(0, 0).QUERY_MARKER.'ACT='.$action_id.'&id='.$data['authcode'].$forum_id.$add, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email'] ); $template = $this->EE->functions->fetch_email_template('mbr_activation_instructions'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ // Load the text helper $this->EE->load->helper('text'); $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($data['email']); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->Send(); $message = $this->EE->lang->line('mbr_membership_instructions_email'); } elseif ($this->EE->config->item('req_mbr_activation') == 'manual') { $message = $this->EE->lang->line('mbr_admin_will_activate'); } else { /** ---------------------------------------- /** Log user in /** ----------------------------------------*/ $expire = 60*60*24*182; $this->EE->functions->set_cookie($this->EE->session->c_expire , time()+$expire, $expire); $this->EE->functions->set_cookie($this->EE->session->c_uniqueid , $data['unique_id'], $expire); $this->EE->functions->set_cookie($this->EE->session->c_password , $data['password'], $expire); /** ---------------------------------------- /** Create a new session /** ----------------------------------------*/ if ($this->EE->config->item('user_session_type') == 'cs' OR $this->EE->config->item('user_session_type') == 's') { $this->EE->session->sdata['session_id'] = $this->EE->functions->random(); $this->EE->session->sdata['member_id'] = $member_id; $this->EE->session->sdata['last_activity'] = $this->EE->localize->now; $this->EE->session->sdata['site_id'] = $this->EE->config->item('site_id'); $this->EE->functions->set_cookie($this->EE->session->c_session , $this->EE->session->sdata['session_id'], $this->EE->session->session_length); $this->EE->db->query($this->EE->db->insert_string('exp_sessions', $this->EE->session->sdata)); } /** ---------------------------------------- /** Update existing session variables /** ----------------------------------------*/ $this->EE->session->userdata['username'] = $data['username']; $this->EE->session->userdata['member_id'] = $member_id; /** ---------------------------------------- /** Update stats /** ----------------------------------------*/ $cutoff = $this->EE->localize->now - (15 * 60); $this->EE->db->query("DELETE FROM exp_online_users WHERE site_id = '".$this->EE->db->escape_str($this->EE->config->item('site_id'))."' AND ((ip_address = '".$this->EE->input->ip_address()."' AND member_id = '0') OR date < $cutoff)"); $data = array( 'member_id' => $this->EE->session->userdata('member_id'), 'name' => ($this->EE->session->userdata['screen_name'] == '') ? $this->EE->session->userdata['username'] : $this->EE->session->userdata['screen_name'], 'ip_address' => $this->EE->input->ip_address(), 'date' => $this->EE->localize->now, 'anon' => 'y', 'site_id' => $this->EE->config->item('site_id') ); $this->EE->db->query($this->EE->db->update_string('exp_online_users', $data, array("ip_address" => $this->EE->input->ip_address(), "member_id" => $data['member_id']))); $message = $this->EE->lang->line('mbr_your_are_logged_in'); } /** ---------------------------------------- /** Build the message /** ----------------------------------------*/ if ($this->EE->input->get_post('FROM') == 'forum') { if ($this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id'))) { $query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '".$this->EE->db->escape_str($this->EE->input->get_post('board_id'))."'"); } else { $query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '1'"); } $site_name = $query->row('board_label') ; $return = $query->row('board_forum_url') ; } else { $site_name = ($this->EE->config->item('site_name') == '') ? $this->EE->lang->line('back') : stripslashes($this->EE->config->item('site_name')); $return = $this->EE->config->item('site_url'); } $data = array( 'title' => $this->EE->lang->line('mbr_registration_complete'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('mbr_registration_completed')."\n\n".$message, 'redirect' => '', 'link' => array($return, $site_name) ); $this->EE->output->show_message($data); }