/** * Check the email address * * @return @e void [Outputs to screen] */ public function checkEmail() { //----------------------------------------- // INIT //----------------------------------------- $email = ''; $banfilters = array(); if (is_string($_REQUEST['email'])) { $email = strtolower(IPSText::parseCleanValue(rawurldecode($_REQUEST['email']))); } if (!$email) { $this->returnString('found'); } if (!IPSText::checkEmailAddress($email)) { $this->returnString('found'); } //----------------------------------------- // Got the member? //----------------------------------------- if (!IPSMember::checkByEmail($email)) { //----------------------------------------- // Load ban filters //----------------------------------------- $this->DB->build(array('select' => '*', 'from' => 'banfilters')); $this->DB->execute(); while ($r = $this->DB->fetch()) { $banfilters[$r['ban_type']][] = $r['ban_content']; } //----------------------------------------- // Are they banned [EMAIL]? //----------------------------------------- if (is_array($banfilters['email']) and count($banfilters['email'])) { foreach ($banfilters['email'] as $memail) { $memail = str_replace("*", '.*', preg_quote($memail, "/")); if (preg_match("/^{$memail}\$/", $email)) { $this->returnString('banned'); break; } } } //----------------------------------------- // Load handler... //----------------------------------------- $classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login'); $han_login = new $classToLoad($this->registry); $han_login->init(); $han_login->emailExistsCheck($email); if ($han_login->return_code and $han_login->return_code != 'METHOD_NOT_DEFINED' and $han_login->return_code != 'EMAIL_NOT_IN_USE') { $this->returnString('found'); } $this->returnString('notfound'); } else { $this->returnString('found'); } }
/** * Change account data * * @param int ID number * @param string md5( IPS Connect Key (see login method) . ID number ) * @param string New username (blank means do not change) * @param string New displayname (blank means do not change) * @param string New email address (blank means do not change) * @param string New password, md5 encoded (blank means do not change) * @param string Redirect URL, Base64 encoded * @param string md5( IPS Connect Key . $redirect ) * @return mixed If the redirect URL is provided, this function should redirect the user to that URL with a single paramater - 'status' * If blank, will output to screen a JSON object with the same parameter * Values: * BAD_KEY Invalid Key * NO_USER ID number not match any member account * SUCCESS Information changed successfully * USERNAME_IN_USE The chosen username was in use and as a result NO information was changed * DISPLAYNAME_IN_USE The chosen username was in use and as a result NO information was changed * EMAIL_IN_USE The chosen username was in use and as a result NO information was changed * MISSING_DATA No details to be changed were provided */ public function change($id, $key, $username, $displayname, $email, $md5Password, $redirect, $redirectHash) { if ($key != md5($this->masterKey . $id)) { $this->_return(base64_encode($this->settings['board_url']), array('status' => 'BAD_KEY')); } $member = IPSMember::load(intval($id), 'none', 'id'); if (!$member['member_id']) { $this->_return($redirect, array('status' => 'NO_USER')); } $update = array(); if ($username) { if (IPSMember::getFunction()->checkNameExists($username, $member, 'name', TRUE)) { $this->_return($redirect, array('status' => 'USERNAME_IN_USE')); } $update['name'] = $username; } if ($displayname) { if (IPSMember::getFunction()->checkNameExists($displayname, $member, 'members_display_name', TRUE)) { $this->_return($redirect, array('status' => 'DISPLAYNAME_IN_USE')); } $update['members_display_name'] = $displayname; } if ($email) { if (IPSMember::checkByEmail($email)) { $this->_return($redirect, array('status' => 'EMAIL_IN_USE')); } $update['email'] = $email; } if (empty($update)) { if (!$md5Password) { $this->_return($redirect, array('status' => 'MISSING_DATA')); } } else { IPSMember::save($member['member_id'], array('members' => $update)); } if ($md5Password) { IPSMember::updatePassword($member['member_id'], $md5Password); } if ($redirect) { $redirect = $redirectHash == md5($this->masterKey . $redirect) ? $redirect : base64_encode($this->settings['board_url']); } $this->_return($redirect, array('status' => 'SUCCESS')); }
/** * Processes the registration form * * @access public * @return void */ public function registerProcessForm() { $form_errors = array(); $coppa = $this->request['coppa_user'] == 1 ? 1 : 0; $in_password = trim($this->request['PassWord']); $in_email = strtolower(trim($this->request['EmailAddress'])); $_SFS_FOUND = FALSE; /* Check */ if ($this->settings['no_reg'] == 1) { $this->registry->output->showError('registration_disabled', 2016, true); } /* Custom profile field stuff */ require_once IPS_ROOT_PATH . 'sources/classes/customfields/profileFields.php'; $custom_fields = new customProfileFields(); $custom_fields->initData('edit'); $custom_fields->parseToSave($this->request, 'register'); /* Check */ if ($custom_fields->error_messages) { $form_errors['general'] = $custom_fields->error_messages; } /* Check the email address */ if (!$in_email or strlen($in_email) < 6 or !IPSText::checkEmailAddress($in_email)) { $form_errors['email'][$this->lang->words['err_invalid_email']] = $this->lang->words['err_invalid_email']; } if (trim($this->request['PassWord_Check']) != $in_password) { $form_errors['password'][$this->lang->words['passwords_not_match']] = $this->lang->words['passwords_not_match']; } /* Test email address */ $this->request['EmailAddress_two'] = strtolower(trim($this->request['EmailAddress_two'])); $this->request['EmailAddress'] = strtolower(trim($this->request['EmailAddress'])); if (!IPSText::checkEmailAddress($this->request['EmailAddress_two'])) { $form_errors['email'][$this->lang->words['reg_error_email_invalid']] = $this->lang->words['reg_error_email_invalid']; } else { if ($in_email and $this->request['EmailAddress_two'] != $in_email) { $form_errors['email'][$this->lang->words['reg_error_email_nm']] = $this->lang->words['reg_error_email_nm']; } } /* Need username? */ $uses_name = false; foreach ($this->cache->getCache('login_methods') as $method) { if ($method['login_user_id'] == 'username') { $uses_name = true; } } if (!$uses_name) { $_REQUEST['UserName'] = $_REQUEST['members_display_name']; $this->request['UserName'] = $this->request['members_display_name']; } /* Check the username */ $user_check = IPSMember::getFunction()->cleanAndCheckName($this->request['UserName'], array(), 'name'); if ($this->settings['auth_allow_dnames']) { $disp_check = IPSMember::getFunction()->cleanAndCheckName($this->request['members_display_name'], array(), 'members_display_name'); } if (is_array($user_check['errors']) && count($user_check['errors'])) { foreach ($user_check['errors'] as $key => $error) { $form_errors[$key][] = $error; } } if ($this->settings['auth_allow_dnames'] and is_array($disp_check['errors']) && count($disp_check['errors'])) { foreach ($disp_check['errors'] as $key => $error) { $form_errors[$key][] = $error; } } /* CHECK 1: Any errors (missing fields, etc)? */ if (count($form_errors)) { $this->registerForm($form_errors); return; } /* Is this email addy taken? */ if (IPSMember::checkByEmail($in_email) == TRUE) { $form_errors['email'][$this->lang->words['reg_error_email_taken']] = $this->lang->words['reg_error_email_taken']; } /* Load handler... */ require_once IPS_ROOT_PATH . 'sources/handlers/han_login.php'; $this->han_login = new han_login($this->registry); $this->han_login->init(); $this->han_login->emailExistsCheck($in_email); if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'EMAIL_NOT_IN_USE') { $form_errors['email'][$this->lang->words['reg_error_email_taken']] = $this->lang->words['reg_error_email_taken']; } /* Are they banned [EMAIL]? */ if (IPSMember::isBanned('email', $in_email) === TRUE) { $form_errors['email'][$this->lang->words['reg_error_email_ban']] = $this->lang->words['reg_error_email_ban']; } /* Check the CAPTCHA */ if ($this->settings['bot_antispam']) { if ($this->registry->getClass('class_captcha')->validate() !== TRUE) { $form_errors['general'][$this->lang->words['err_reg_code']] = $this->lang->words['err_reg_code']; } } /* Check the Q and A */ if ($this->settings['registration_qanda']) { $qanda = intval($this->request['qanda_id']); $pass = false; if ($qanda) { $data = $this->DB->buildAndFetch(array('select' => '*', 'from' => 'question_and_answer', 'where' => 'qa_id=' . $qanda)); if ($data['qa_id']) { $answers = explode("\n", str_replace("\r", "", $data['qa_answers'])); if (count($answers)) { foreach ($answers as $answer) { if (strtolower($answer) == strtolower($this->request['qa_answer'])) { $pass = true; break; } } } } } else { //----------------------------------------- // Do we have any questions? //----------------------------------------- $data = $this->DB->buildAndFetch(array('select' => 'COUNT(*) as questions', 'from' => 'question_and_answer')); if (!$data['questions']) { $pass = true; } } if (!$pass) { $form_errors['general'][$this->lang->words['err_q_and_a']] = $this->lang->words['err_q_and_a']; } } /* CHECK 2: Any errors ? */ if (count($form_errors)) { $this->registerForm($form_errors); return; } /* Build up the hashes */ $mem_group = $this->settings['member_group']; /* Are we asking the member or admin to preview? */ if ($this->settings['reg_auth_type']) { $mem_group = $this->settings['auth_group']; } else { if ($coppa == 1) { $mem_group = $this->settings['auth_group']; } } /* Create member */ $member = array('name' => $this->request['UserName'], 'password' => $in_password, 'members_display_name' => $this->settings['auth_allow_dnames'] ? $this->request['members_display_name'] : $this->request['UserName'], 'email' => $in_email, 'member_group_id' => $mem_group, 'joined' => time(), 'ip_address' => $this->member->ip_address, 'time_offset' => $this->request['time_offset'], 'coppa_user' => $coppa, 'members_auto_dst' => intval($this->request['dst']), 'allow_admin_mails' => intval($this->request['allow_admin_mail']), 'hide_email' => $this->request['allow_member_mail'] ? 0 : 1); /* Spam Service */ $spamCode = 0; if ($this->settings['spam_service_enabled'] && $this->settings['spam_service_api_key']) { /* Query the service */ $spamCode = IPSMember::querySpamService($in_email); /* Action to perform */ $action = $this->settings['spam_service_action_' . $spamCode]; /* Perform Action */ switch ($action) { /* Proceed with registraction */ case 1: break; /* Flag for admin approval */ /* Flag for admin approval */ case 2: $member['member_group_id'] = $this->settings['auth_group']; $this->settings['reg_auth_type'] = 'admin'; break; /* Approve the account, but ban it */ /* Approve the account, but ban it */ case 3: $member['member_banned'] = 1; $member['member_group_id'] = $this->settings['banned_group']; $this->settings['reg_auth_type'] = ''; break; } } //----------------------------------------- // Create the account //----------------------------------------- $member = IPSMember::create(array('members' => $member, 'pfields_content' => $this->request)); //----------------------------------------- // Login handler create account callback //----------------------------------------- $this->han_login->createAccount(array('email' => $member['email'], 'joined' => $member['joined'], 'password' => $in_password, 'ip_address' => $this->member->ip_address, 'username' => $member['members_display_name'])); //----------------------------------------- // We'll just ignore if this fails - it shouldn't hold up IPB anyways //----------------------------------------- /*if ( $han_login->return_code AND ( $han_login->return_code != 'METHOD_NOT_DEFINED' AND $han_login->return_code != 'SUCCESS' ) ) { $this->registry->output->showError( 'han_login_create_failed', 2017, true ); }*/ //----------------------------------------- // Validation //----------------------------------------- $validate_key = md5(IPSLib::makePassword() . time()); $time = time(); if ($coppa != 1) { if ($this->settings['reg_auth_type'] == 'user' or $this->settings['reg_auth_type'] == 'admin' or $this->settings['reg_auth_type'] == 'admin_user') { //----------------------------------------- // We want to validate all reg's via email, // after email verificiation has taken place, // we restore their previous group and remove the validate_key //----------------------------------------- $this->DB->insert('validating', array('vid' => $validate_key, 'member_id' => $member['member_id'], 'real_group' => $this->settings['member_group'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => $time, 'coppa_user' => $coppa, 'new_reg' => 1, 'ip_address' => $member['ip_address'])); if ($this->settings['reg_auth_type'] == 'user' or $this->settings['reg_auth_type'] == 'admin_user') { IPSText::getTextClass('email')->getTemplate("reg_validate"); IPSText::getTextClass('email')->buildMessage(array('THE_LINK' => $this->settings['base_url'] . "app=core&module=global§ion=register&do=auto_validate&uid=" . urlencode($member['member_id']) . "&aid=" . urlencode($validate_key), 'NAME' => $member['members_display_name'], 'MAN_LINK' => $this->settings['base_url'] . "app=core&module=global§ion=register&do=05", 'EMAIL' => $member['email'], 'ID' => $member['member_id'], 'CODE' => $validate_key)); IPSText::getTextClass('email')->subject = $this->lang->words['new_registration_email'] . $this->settings['board_name']; IPSText::getTextClass('email')->to = $member['email']; IPSText::getTextClass('email')->sendMail(); $this->output = $this->registry->output->getTemplate('register')->showAuthorize($member); } else { if ($this->settings['reg_auth_type'] == 'admin') { $this->output = $this->registry->output->getTemplate('register')->showPreview($member); } } if ($this->settings['new_reg_notify']) { $date = $this->registry->class_localization->getDate(time(), 'LONG', 1); IPSText::getTextClass('email')->getTemplate('admin_newuser'); IPSText::getTextClass('email')->buildMessage(array('DATE' => $date, 'MEMBER_NAME' => $member['members_display_name'])); IPSText::getTextClass('email')->subject = $this->lang->words['new_registration_email1'] . $this->settings['board_name']; IPSText::getTextClass('email')->to = $this->settings['email_in']; IPSText::getTextClass('email')->sendMail(); } $this->registry->output->setTitle($this->lang->words['reg_success']); $this->registry->output->addNavigation($this->lang->words['nav_reg'], ''); } else { /* We don't want to preview, or get them to validate via email. */ $stat_cache = $this->caches['stats']; if ($member['members_display_name'] and $member['member_id']) { $stat_cache['last_mem_name'] = $member['members_display_name']; $stat_cache['last_mem_id'] = $member['member_id']; } $stat_cache['mem_count'] += 1; $this->cache->setCache('stats', $stat_cache, array('array' => 1, 'deletefirst' => 0)); if ($this->settings['new_reg_notify']) { $date = $this->registry->class_localization->getDate(time(), 'LONG', 1); IPSText::getTextClass('email')->getTemplate('admin_newuser'); IPSText::getTextClass('email')->buildMessage(array('DATE' => $date, 'MEMBER_NAME' => $member['members_display_name'])); IPSText::getTextClass('email')->subject = $this->lang->words['new_registration_email1'] . $this->settings['board_name']; IPSText::getTextClass('email')->to = $this->settings['email_in']; IPSText::getTextClass('email')->sendMail(); } IPSCookie::set('pass_hash', $member['member_login_key'], 1); IPSCookie::set('member_id', $member['member_id'], 1); //----------------------------------------- // Fix up session //----------------------------------------- $privacy = $this->request['Privacy'] ? 1 : 0; if ($member['g_hide_online_list']) { $privacy = 1; } $this->member->sessionClass()->convertGuestToMember(array('member_name' => $member['members_display_name'], 'member_id' => $member['member_id'], 'member_group' => $member['member_group_id'], 'login_type' => $privacy)); $this->registry->output->silentRedirect($this->settings['base_url'] . '&app=core&module=global§ion=login&do=autologin&fromreg=1'); } } else { /* This is a COPPA user, so lets tell them they registered OK and redirect to the form. */ $this->DB->insert('validating', array('vid' => $validate_key, 'member_id' => $member['member_id'], 'real_group' => $this->settings['member_group'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => $time, 'coppa_user' => $coppa, 'new_reg' => 1, 'ip_address' => $member['ip_address'])); $this->registry->output->redirectScreen($this->lang->words['cp_success'], $this->settings['base_url'] . 'app=core&module=global&section=register&do=12'); } }
/** * Processes the registration form * * @return @e void */ public function registerProcessForm() { $this->_resetMember(); $form_errors = array(); $coppa = $this->request['coppa_user'] == 1 ? 1 : 0; $in_password = trim($this->request['PassWord']); $in_email = strtolower(trim($this->request['EmailAddress'])); /* Did we agree to the t&c? */ if (!$this->request['agree_tos']) { $form_errors['tos'] = array($this->lang->words['must_agree_to_terms']); } /* Custom profile field stuff */ $classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/classes/customfields/profileFields.php', 'customProfileFields'); $custom_fields = new $classToLoad(); $custom_fields->initData('edit'); $custom_fields->parseToSave($_POST, 'register'); /* Check */ if ($custom_fields->error_messages) { $form_errors['general'] = $custom_fields->error_messages; } /* Check the email address */ if (!$in_email or strlen($in_email) < 6 or !IPSText::checkEmailAddress($in_email)) { $form_errors['email'][$this->lang->words['err_invalid_email']] = $this->lang->words['err_invalid_email']; } if (trim($this->request['PassWord_Check']) != $in_password or !$in_password) { $form_errors['password'][$this->lang->words['passwords_not_match']] = $this->lang->words['passwords_not_match']; } /* There's no reason for this - http://community.invisionpower.com/resources/bugs.html/_/ip-board/registrations-limit-passwords-to-32-characters-for-no-apparent-reason-r37770 elseif ( strlen( $in_password ) < 3 ) { $form_errors['password'][$this->lang->words['pass_too_short']] = $this->lang->words['pass_too_short']; } elseif ( strlen( $in_password ) > 32 ) { $form_errors['password'][$this->lang->words['pass_too_long']] = $this->lang->words['pass_too_long']; } */ /* Check the username */ $user_check = IPSMember::getFunction()->cleanAndCheckName($this->request['members_display_name'], array(), 'name'); $disp_check = IPSMember::getFunction()->cleanAndCheckName($this->request['members_display_name'], array(), 'members_display_name'); if (is_array($user_check['errors']) && count($user_check['errors'])) { foreach ($user_check['errors'] as $key => $error) { $form_errors['dname'][$error] = isset($this->lang->words[$error]) ? $this->lang->words[$error] : $error; } } /* this duplicates username error above */ /*if( is_array( $disp_check['errors'] ) && count( $disp_check['errors'] ) ) { foreach( $disp_check['errors'] as $key => $error ) { $form_errors['dname'][ $error ] = isset($this->lang->words[ $error ]) ? $this->lang->words[ $error ] : $error; } }*/ /* Is this email addy taken? */ if (IPSMember::checkByEmail($in_email) == TRUE) { $form_errors['email'][$this->lang->words['reg_error_email_taken']] = $this->lang->words['reg_error_email_taken']; } /* Load handler... */ $classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login'); $this->han_login = new $classToLoad($this->registry); $this->han_login->init(); $this->han_login->emailExistsCheck($in_email); if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'EMAIL_NOT_IN_USE') { $form_errors['email'][$this->lang->words['reg_error_email_taken']] = $this->lang->words['reg_error_email_taken']; } /* Are they banned [EMAIL]? */ if (IPSMember::isBanned('email', $in_email) === TRUE) { $form_errors['email'][$this->lang->words['reg_error_email_ban']] = $this->lang->words['reg_error_email_ban']; } /* Check the CAPTCHA */ if ($this->settings['bot_antispam_type'] != 'none') { if ($this->registry->getClass('class_captcha')->validate() !== TRUE) { $form_errors['general'][$this->lang->words['err_reg_code']] = $this->lang->words['err_reg_code']; } } /* Check the Q and A */ $qanda = intval($this->request['qanda_id']); $pass = true; if ($qanda) { $pass = false; $data = $this->DB->buildAndFetch(array('select' => '*', 'from' => 'question_and_answer', 'where' => 'qa_id=' . $qanda)); if ($data['qa_id']) { $answers = explode("\n", str_replace("\r", "", $data['qa_answers'])); if (count($answers)) { foreach ($answers as $answer) { $answer = trim($answer); if (IPSText::mbstrlen($answer) and mb_strtolower($answer) == mb_strtolower($this->request['qa_answer'])) { $pass = true; break; } } } } } else { //----------------------------------------- // Do we have any questions? //----------------------------------------- $data = $this->DB->buildAndFetch(array('select' => 'COUNT(*) as questions', 'from' => 'question_and_answer')); if ($data['questions']) { $pass = false; } } if (!$pass) { $form_errors['general'][$this->lang->words['err_q_and_a']] = $this->lang->words['err_q_and_a']; } /* CHECK 2: Any errors ? */ if (count($form_errors)) { $this->registerForm($form_errors); return; } /* Build up the hashes */ $mem_group = $this->settings['member_group']; /* Are we asking the member or admin to preview? */ if ($this->settings['reg_auth_type']) { $mem_group = $this->settings['auth_group']; } else { if ($coppa == 1) { $mem_group = $this->settings['auth_group']; } } /* Create member */ $member = array('name' => $this->request['members_display_name'], 'password' => $in_password, 'members_display_name' => $this->request['members_display_name'], 'email' => $in_email, 'member_group_id' => $mem_group, 'joined' => time(), 'ip_address' => $this->member->ip_address, 'time_offset' => $this->request['time_offset'], 'coppa_user' => $coppa, 'members_auto_dst' => intval($this->settings['time_dst_auto_correction']), 'allow_admin_mails' => intval($this->request['allow_admin_mail']), 'language' => $this->member->language_id); /* Spam Service */ $spamCode = 0; $_spamFlag = 0; if ($this->settings['spam_service_enabled']) { /* Query the service */ $spamCode = IPSMember::querySpamService($in_email); /* Action to perform */ $action = $this->settings['spam_service_action_' . $spamCode]; /* Perform Action */ switch ($action) { /* Proceed with registration */ case 1: break; /* Flag for admin approval */ /* Flag for admin approval */ case 2: $member['member_group_id'] = $this->settings['auth_group']; $this->settings['reg_auth_type'] = 'admin'; $_spamFlag = 1; break; /* Approve the account, but ban it */ /* Approve the account, but ban it */ case 3: $member['member_banned'] = 1; $member['bw_is_spammer'] = 1; $this->settings['reg_auth_type'] = ''; break; /* Deny registration */ /* Deny registration */ case 4: $this->registry->output->showError('spam_denied_account', '100x001', FALSE, '', 200); break; } } //----------------------------------------- // Create the account //----------------------------------------- $member = IPSMember::create(array('members' => $member, 'pfields_content' => $custom_fields->out_fields), FALSE, FALSE, FALSE); //----------------------------------------- // Login handler create account callback //----------------------------------------- $this->han_login->createAccount(array('member_id' => $member['member_id'], 'email' => $member['email'], 'joined' => $member['joined'], 'password' => $in_password, 'ip_address' => $this->member->ip_address, 'username' => $member['members_display_name'], 'name' => $member['name'], 'members_display_name' => $member['members_display_name'])); //----------------------------------------- // We'll just ignore if this fails - it shouldn't hold up IPB anyways //----------------------------------------- /*if ( $han_login->return_code AND ( $han_login->return_code != 'METHOD_NOT_DEFINED' AND $han_login->return_code != 'SUCCESS' ) ) { $this->registry->output->showError( 'han_login_create_failed', 2017, true ); }*/ //----------------------------------------- // Validation //----------------------------------------- $validate_key = md5(IPSMember::makePassword() . time()); $time = time(); if ($coppa != 1) { if ($this->settings['reg_auth_type'] == 'user' or $this->settings['reg_auth_type'] == 'admin' or $this->settings['reg_auth_type'] == 'admin_user') { //----------------------------------------- // We want to validate all reg's via email, // after email verificiation has taken place, // we restore their previous group and remove the validate_key //----------------------------------------- $this->DB->insert('validating', array('vid' => $validate_key, 'member_id' => $member['member_id'], 'real_group' => $this->settings['member_group'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => $time, 'coppa_user' => $coppa, 'new_reg' => 1, 'ip_address' => $member['ip_address'], 'spam_flag' => $_spamFlag)); if ($this->settings['reg_auth_type'] == 'user' or $this->settings['reg_auth_type'] == 'admin_user') { /* Send out the email. */ $message = array('THE_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=auto_validate&uid=" . urlencode($member['member_id']) . "&aid=" . urlencode($validate_key), 'publicNoSession', 'false'), 'NAME' => $member['members_display_name'], 'MAN_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=05", 'publicNoSession', 'false'), 'EMAIL' => $member['email'], 'ID' => $member['member_id'], 'CODE' => $validate_key); IPSText::getTextClass('email')->setPlainTextTemplate(IPSText::getTextClass('email')->getTemplate("reg_validate", $this->member->language_id)); IPSText::getTextClass('email')->buildPlainTextContent($message); IPSText::getTextClass('email')->buildHtmlContent($message); IPSText::getTextClass('email')->subject = sprintf($this->lang->words['new_registration_email'], $this->settings['board_name']); IPSText::getTextClass('email')->to = $member['email']; IPSText::getTextClass('email')->sendMail(); $this->output = $this->registry->output->getTemplate('register')->showAuthorize($member); } else { if ($this->settings['reg_auth_type'] == 'admin') { $this->output = $this->registry->output->getTemplate('register')->showPreview($member); } } /* Only send new registration email if the member wasn't banned */ if ($this->settings['new_reg_notify'] and !$member['member_banned']) { $date = $this->registry->class_localization->getDate(time(), 'LONG', 1); IPSText::getTextClass('email')->getTemplate('admin_newuser'); IPSText::getTextClass('email')->buildMessage(array('DATE' => $date, 'LOG_IN_NAME' => $member['name'], 'EMAIL' => $member['email'], 'IP' => $member['ip_address'], 'DISPLAY_NAME' => $member['members_display_name'])); IPSText::getTextClass('email')->subject = sprintf($this->lang->words['new_registration_email1'], $this->settings['board_name']); IPSText::getTextClass('email')->to = $this->settings['email_in']; IPSText::getTextClass('email')->sendMail(); } $this->registry->output->setTitle($this->lang->words['reg_success'] . ' - ' . ipsRegistry::$settings['board_name']); $this->registry->output->addNavigation($this->lang->words['nav_reg'], ''); } else { /* We don't want to preview, or get them to validate via email. */ $stat_cache = $this->cache->getCache('stats'); if ($member['members_display_name'] and $member['member_id'] and !$this->caches['group_cache'][$member['member_group_id']]['g_hide_online_list']) { $stat_cache['last_mem_name'] = $member['members_display_name']; $stat_cache['last_mem_name_seo'] = IPSText::makeSeoTitle($member['members_display_name']); $stat_cache['last_mem_id'] = $member['member_id']; } $stat_cache['mem_count'] += 1; $this->cache->setCache('stats', $stat_cache, array('array' => 1)); /* Only send new registration email if the member wasn't banned */ if ($this->settings['new_reg_notify'] and !$member['member_banned']) { $date = $this->registry->class_localization->getDate(time(), 'LONG', 1); IPSText::getTextClass('email')->getTemplate('admin_newuser'); IPSText::getTextClass('email')->buildMessage(array('DATE' => $date, 'LOG_IN_NAME' => $member['name'], 'EMAIL' => $member['email'], 'IP' => $member['ip_address'], 'DISPLAY_NAME' => $member['members_display_name'])); IPSText::getTextClass('email')->subject = sprintf($this->lang->words['new_registration_email1'], $this->settings['board_name']); IPSText::getTextClass('email')->to = $this->settings['email_in']; IPSText::getTextClass('email')->sendMail(); } IPSCookie::set('pass_hash', $member['member_login_key'], 1); IPSCookie::set('member_id', $member['member_id'], 1); //----------------------------------------- // Fix up session //----------------------------------------- $privacy = $member['g_hide_online_list'] || empty($this->settings['disable_anonymous']) && !empty($this->request['Privacy']) ? 1 : 0; # Update value for onCompleteAccount call $member['login_anonymous'] = $privacy . '&1'; $this->member->sessionClass()->convertGuestToMember(array('member_name' => $member['members_display_name'], 'member_id' => $member['member_id'], 'member_group' => $member['member_group_id'], 'login_type' => $privacy)); IPSLib::runMemberSync('onCompleteAccount', $member); $this->registry->output->silentRedirect($this->settings['base_url'] . '&app=core&module=global§ion=login&do=autologin&fromreg=1'); } } else { /* This is a COPPA user, so lets tell them they registered OK and redirect to the form. */ $this->DB->insert('validating', array('vid' => $validate_key, 'member_id' => $member['member_id'], 'real_group' => $this->settings['member_group'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => $time, 'coppa_user' => $coppa, 'new_reg' => 1, 'ip_address' => $member['ip_address'])); $this->registry->output->redirectScreen($this->lang->words['cp_success'], $this->settings['base_url'] . 'app=core&module=global&section=register&do=12'); } }
/** * UserCP Save Form: Email Address * * @return mixed Array of errors / boolean true */ public function saveFormEmailPassword() { //----------------------------------------- // INIT //----------------------------------------- $_emailOne = strtolower(trim($this->request['in_email_1'])); $_emailTwo = strtolower(trim($this->request['in_email_2'])); $cur_pass = trim($this->request['current_pass']); $new_pass = trim($this->request['new_pass_1']); $chk_pass = trim($this->request['new_pass_2']); $isRemote = (!$this->memberData['bw_local_password_set'] and $this->memberData['members_created_remote']) ? true : false; if ($cur_pass or $new_pass) { if ($this->memberData['g_access_cp']) { return array(0 => $this->lang->words['admin_emailpassword']); } if ($isRemote === false and (!$_POST['current_pass'] or empty($new_pass) or empty($chk_pass))) { return array(0 => $this->lang->words['complete_entire_form']); } //----------------------------------------- // Do the passwords actually match? //----------------------------------------- if ($new_pass != $chk_pass) { return array(0 => $this->lang->words['passwords_not_matchy']); } //----------------------------------------- // Check password... //----------------------------------------- if ($isRemote === false) { if ($this->_checkPassword($cur_pass) !== TRUE) { return array(0 => $this->lang->words['current_pw_bad']); } } else { /* This is INIT in _checkPassword */ $classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login'); $this->han_login = new $classToLoad($this->registry); $this->han_login->init(); } //----------------------------------------- // Create new password... //----------------------------------------- $md5_pass = md5($new_pass); //----------------------------------------- // han_login was loaded during check_password //----------------------------------------- $this->han_login->changePass($this->memberData['email'], $md5_pass, $new_pass, $this->memberData); if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'SUCCESS') { return array(0 => $this->lang->words['hanlogin_pw_failed']); } //----------------------------------------- // Update the DB //----------------------------------------- IPSMember::updatePassword($this->memberData['email'], $md5_pass); IPSLib::runMemberSync('onPassChange', $this->memberData['member_id'], $new_pass); //----------------------------------------- // Update members log in key... //----------------------------------------- $key = IPSMember::generateAutoLoginKey(); IPSMember::save($this->memberData['member_id'], array('core' => array('member_login_key' => $key, 'bw_local_password_set' => 1))); $this->ok_message = $this->lang->words['pw_change_successful']; } if ($_emailOne or $_emailTwo) { //----------------------------------------- // Do not allow validating members to change // email when admin validation is on // @see http://community.invisionpower.com/tracker/issue-19964-loophole-in-registration-procedure/ //----------------------------------------- if ($this->memberData['member_group_id'] == $this->settings['auth_group'] and in_array($this->settings['reg_auth_type'], array('admin', 'admin_user'))) { $this->registry->output->showError($this->lang->words['admin_val_no_email_chg'], 10190); } //----------------------------------------- // Check input //----------------------------------------- if ($this->memberData['g_access_cp']) { return array(0 => $this->lang->words['admin_emailpassword']); } if (!$_POST['in_email_1'] or !$_POST['in_email_2']) { return array(0 => $this->lang->words['complete_entire_form']); } //----------------------------------------- // Check password... //----------------------------------------- if (!$this->_isFBUser) { if ($this->_checkPassword($this->request['password']) === FALSE) { return array(0 => $this->lang->words['current_pw_bad']); } } //----------------------------------------- // Test email addresses //----------------------------------------- if ($_emailOne != $_emailTwo) { return array(0 => $this->lang->words['emails_no_matchy']); } if (IPSText::checkEmailAddress($_emailOne) !== TRUE) { return array(0 => $this->lang->words['email_not_valid']); } //----------------------------------------- // Is this email addy taken? //----------------------------------------- if (IPSMember::checkByEmail($_emailOne) == TRUE) { return array(0 => $this->lang->words['email_is_taken']); } //----------------------------------------- // Load ban filters //----------------------------------------- $banfilters = array(); $this->DB->build(array('select' => '*', 'from' => 'banfilters')); $this->DB->execute(); while ($r = $this->DB->fetch()) { $banfilters[$r['ban_type']][] = $r['ban_content']; } //----------------------------------------- // Check in banned list //----------------------------------------- if (isset($banfilters['email']) and is_array($banfilters['email']) and count($banfilters['email'])) { foreach ($banfilters['email'] as $email) { $email = str_replace('\\*', '.*', preg_quote($email, "/")); if (preg_match("/^{$email}\$/i", $_emailOne)) { return array(0 => $this->lang->words['email_is_taken']); } } } //----------------------------------------- // Load handler... //----------------------------------------- $classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login'); $this->han_login = new $classToLoad($this->registry); $this->han_login->init(); if ($this->han_login->emailExistsCheck($_emailOne) !== FALSE) { return array(0 => $this->lang->words['email_is_taken']); } $this->han_login->changeEmail($this->memberData['email'], $_emailOne, $this->memberData); if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'SUCCESS') { return array(0 => $this->lang->words['email_is_taken']); } //----------------------------------------- // Want a new validation? NON ADMINS ONLY //----------------------------------------- if ($this->settings['reg_auth_type'] and !$this->memberData['g_access_cp']) { //----------------------------------------- // Remove any existing entries //----------------------------------------- $_previous = $this->DB->buildAndFetch(array('select' => 'prev_email, real_group', 'from' => 'validating', 'where' => "member_id={$this->memberData['member_id']} AND email_chg=1")); if ($_previous['prev_email']) { $this->DB->delete('validating', "member_id={$this->memberData['member_id']} AND email_chg=1"); $this->memberData['email'] = $_previous['prev_email']; $this->memberData['member_group_id'] = $_previous['real_group']; } $validate_key = md5(IPSMember::makePassword() . time()); //----------------------------------------- // Update the new email, but enter a validation key // and put the member in "awaiting authorisation" // and send an email.. //----------------------------------------- $db_str = array('vid' => $validate_key, 'member_id' => $this->memberData['member_id'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => time(), 'coppa_user' => 0, 'email_chg' => 1, 'ip_address' => $this->member->ip_address, 'prev_email' => $this->memberData['email']); if ($this->memberData['member_group_id'] != $this->settings['auth_group']) { $db_str['real_group'] = $this->memberData['member_group_id']; } $this->DB->insert('validating', $db_str); IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($_emailOne), $this->memberData['email']); IPSMember::save($this->memberData['member_id'], array('core' => array('member_group_id' => $this->settings['auth_group'], 'email' => $_emailOne))); //----------------------------------------- // Update their session with the new member group //----------------------------------------- if ($this->member->session_id) { $this->member->sessionClass()->convertMemberToGuest(); } //----------------------------------------- // Kill the cookies to stop auto log in //----------------------------------------- IPSCookie::set('pass_hash', '-1', 0); IPSCookie::set('member_id', '-1', 0); IPSCookie::set('session_id', '-1', 0); //----------------------------------------- // Dispatch the mail, and return to the activate form. //----------------------------------------- IPSText::getTextClass('email')->getTemplate("newemail"); IPSText::getTextClass('email')->buildMessage(array('NAME' => $this->memberData['members_display_name'], 'THE_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=auto_validate&type=newemail&uid=" . $this->memberData['member_id'] . "&aid=" . $validate_key, 'publicNoSession', 'false'), 'ID' => $this->memberData['member_id'], 'MAN_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=07", 'publicNoSession', 'false'), 'CODE' => $validate_key)); IPSText::getTextClass('email')->subject = $this->lang->words['lp_subject'] . ' ' . $this->settings['board_name']; IPSText::getTextClass('email')->to = $_emailOne; IPSText::getTextClass('email')->sendMail(); $this->registry->getClass('output')->silentRedirect($this->settings['base_url'] . 'app=core&module=global&section=register&do=07'); } else { //----------------------------------------- // No authorisation needed, change email addy and return //----------------------------------------- IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($_emailOne), $this->memberData['email']); IPSMember::save($this->memberData['member_id'], array('core' => array('email' => $_emailOne))); //----------------------------------------- // Add to OK message //----------------------------------------- $this->ok_message = $this->lang->words['ok_email_changed']; } } return TRUE; }
/** * UserCP Save Form: Email Address * * @access public * @return mixed Array of errors / boolean true */ public function saveFormEmail() { //----------------------------------------- // INIT //----------------------------------------- $_emailOne = strtolower(trim($this->request['in_email_1'])); $_emailTwo = strtolower(trim($this->request['in_email_2'])); $captchaInput = trim(ipsRegistry::$request['captchaInput']); $captchaUniqueID = trim(ipsRegistry::$request['captchaUniqueID']); //----------------------------------------- // Check input //----------------------------------------- if ($this->memberData['g_access_cp']) { return array(0 => $this->lang->words['admin_emailpassword']); } if (!$_POST['in_email_1'] or !$_POST['in_email_2']) { return array(0 => $this->lang->words['complete_entire_form']); } //----------------------------------------- // Check password... //----------------------------------------- if (!$this->_isFBUser) { if ($this->_checkPassword($this->request['password']) === FALSE) { return array(0 => $this->lang->words['current_pw_bad']); } } //----------------------------------------- // Test email addresses //----------------------------------------- if ($_emailOne != $_emailTwo) { return array(0 => $this->lang->words['emails_no_matchy']); } if (IPSText::checkEmailAddress($_emailOne) !== TRUE) { return array(0 => $this->lang->words['email_not_valid']); } //----------------------------------------- // Is this email addy taken? //----------------------------------------- if (IPSMember::checkByEmail($_emailOne) == TRUE) { return array(0 => $this->lang->words['email_is_taken']); } //----------------------------------------- // Load ban filters //----------------------------------------- $this->DB->build(array('select' => '*', 'from' => 'banfilters')); $this->DB->execute(); while ($r = $this->DB->fetch()) { $banfilters[$r['ban_type']][] = $r['ban_content']; } //----------------------------------------- // Check in banned list //----------------------------------------- if (isset($banfilters['email']) and is_array($banfilters['email']) and count($banfilters['email'])) { foreach ($banfilters['email'] as $email) { $email = str_replace('\\*', '.*', preg_quote($email, "/")); if (preg_match("/^{$email}\$/i", $_emailOne)) { return array(0 => $this->lang->words['email_is_taken']); } } } //----------------------------------------- // Anti bot flood... //----------------------------------------- if ($this->settings['bot_antispam']) { if ($this->registry->getClass('class_captcha')->validate() !== TRUE) { return array(0 => $this->lang->words['captcha_email_invalid']); } } //----------------------------------------- // Load handler... //----------------------------------------- require_once IPS_ROOT_PATH . 'sources/handlers/han_login.php'; $this->han_login = new han_login($this->registry); $this->han_login->init(); if ($this->han_login->emailExistsCheck($_emailOne) !== FALSE) { return array(0 => $this->lang->words['email_is_taken']); } $this->han_login->changeEmail($this->memberData['email'], $_emailOne); if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'SUCCESS') { return array(0 => $this->lang->words['email_is_taken']); } //----------------------------------------- // Require new validation? NON ADMINS ONLY //----------------------------------------- if ($this->settings['reg_auth_type'] and !$this->memberData['g_access_cp']) { $validate_key = md5(IPSLib::makePassword() . time()); //----------------------------------------- // Update the new email, but enter a validation key // and put the member in "awaiting authorisation" // and send an email.. //----------------------------------------- $db_str = array('vid' => $validate_key, 'member_id' => $this->memberData['member_id'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => time(), 'coppa_user' => 0, 'email_chg' => 1, 'ip_address' => $this->request['IP_ADDRESS'], 'prev_email' => $this->memberData['email']); if ($this->memberData['member_group_id'] != $this->settings['auth_group']) { $db_str['real_group'] = $this->memberData['member_group_id']; } $this->DB->insert('validating', $db_str); IPSMember::save($this->memberData['member_id'], array('core' => array('member_group_id' => $this->settings['auth_group'], 'email' => $_emailOne))); IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($_emailOne)); //----------------------------------------- // Update their session with the new member group //----------------------------------------- if ($this->member->session_id) { $this->member->sessionClass()->convertMemberToGuest(); } //----------------------------------------- // Kill the cookies to stop auto log in //----------------------------------------- IPSCookie::set('pass_hash', '-1', 0); IPSCookie::set('member_id', '-1', 0); IPSCookie::set('session_id', '-1', 0); //----------------------------------------- // Dispatch the mail, and return to the activate form. //----------------------------------------- IPSText::getTextClass('email')->getTemplate("newemail"); IPSText::getTextClass('email')->buildMessage(array('NAME' => $this->memberData['members_display_name'], 'THE_LINK' => $this->settings['base_url'] . "app=core&module=global§ion=register&do=auto_validate&type=newemail&uid=" . $this->memberData['member_id'] . "&aid=" . $validate_key, 'ID' => $this->memberData['member_id'], 'MAN_LINK' => $this->settings['base_url'] . "app=core&module=global§ion=register&do=07", 'CODE' => $validate_key)); IPSText::getTextClass('email')->subject = $this->lang->words['lp_subject'] . ' ' . $this->settings['board_name']; IPSText::getTextClass('email')->to = $_emailOne; IPSText::getTextClass('email')->sendMail(); $this->registry->getClass('output')->redirectScreen($this->lang->words['ce_redirect'], $this->settings['base_url'] . 'app=core&module=global&section=register&do=07'); } else { //----------------------------------------- // No authorisation needed, change email addy and return //----------------------------------------- IPSMember::save($this->memberData['member_id'], array('core' => array('email' => $_emailOne))); IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($_emailOne)); //----------------------------------------- // Add to OK message //----------------------------------------- $this->ok_message = $this->lang->words['ok_email_changed']; return TRUE; } }