/** * This function allows the admin to register a new member by hand. * It also allows assigning a primary group to the member being registered. * Accessed by ?action=admin;area=regcenter;sa=register * Requires the moderate_forum permission. * * @uses Register template, admin_register sub-template. */ function AdminRegister() { global $txt, $context, $sourcedir, $scripturl, $smcFunc; if (!empty($_POST['regSubmit'])) { checkSession(); validateToken('admin-regc'); foreach ($_POST as $key => $value) { if (!is_array($_POST[$key])) { $_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key])); } } $regOptions = array('interface' => 'admin', 'username' => $_POST['user'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'password_check' => $_POST['password'], 'check_reserved_name' => true, 'check_password_strength' => false, 'check_email_ban' => false, 'send_welcome_email' => isset($_POST['emailPassword']) || empty($_POST['password']), 'require' => isset($_POST['emailActivate']) ? 'activation' : 'nothing', 'memberGroup' => empty($_POST['group']) || !allowedTo('manage_membergroups') ? 0 : (int) $_POST['group']); require_once $sourcedir . '/Subs-Members.php'; $memberID = registerMember($regOptions); if (!empty($memberID)) { $context['new_member'] = array('id' => $memberID, 'name' => $_POST['user'], 'href' => $scripturl . '?action=profile;u=' . $memberID, 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $memberID . '">' . $_POST['user'] . '</a>'); $context['registration_done'] = sprintf($txt['admin_register_done'], $context['new_member']['link']); } } // Load the assignable member groups. if (allowedTo('manage_membergroups')) { $request = $smcFunc['db_query']('', ' SELECT group_name, id_group FROM {db_prefix}membergroups WHERE id_group != {int:moderator_group} AND min_posts = {int:min_posts}' . (allowedTo('admin_forum') ? '' : ' AND id_group != {int:admin_group} AND group_type != {int:is_protected}') . ' AND hidden != {int:hidden_group} ORDER BY min_posts, CASE WHEN id_group < {int:newbie_group} THEN id_group ELSE 4 END, group_name', array('moderator_group' => 3, 'min_posts' => -1, 'admin_group' => 1, 'is_protected' => 1, 'hidden_group' => 2, 'newbie_group' => 4)); $context['member_groups'] = array(0 => $txt['admin_register_group_none']); while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['member_groups'][$row['id_group']] = $row['group_name']; } $smcFunc['db_free_result']($request); } else { $context['member_groups'] = array(); } // Basic stuff. $context['sub_template'] = 'admin_register'; $context['page_title'] = $txt['registration_center']; createToken('admin-regc'); }
public function createUserHandle($email, $username, $password, $verified, $custom_register_fields, $profile, &$errors) { global $sourcedir, $context, $modSettings, $maintenance, $mmessage, $scripturl; checkSession(); $_POST['emailActivate'] = true; if (empty($password)) { get_error('password cannot be empty'); } if (!($maintenance == 0)) { get_error('Forum is in maintenance model or Tapatalk is disabled by forum administrator.'); } if ($modSettings['registration_method'] == 0) { $register_mode = 'nothing'; } else { if ($modSettings['registration_method'] == 1) { $register_mode = $verified ? 'nothing' : 'activation'; } else { $register_mode = isset($modSettings['auto_approval_tp_user']) && $modSettings['auto_approval_tp_user'] && $verified ? 'nothing' : 'approval'; } } $email = htmltrim__recursive(str_replace(array("\n", "\r"), '', $email)); $username = htmltrim__recursive(str_replace(array("\n", "\r"), '', $username)); $password = htmltrim__recursive(str_replace(array("\n", "\r"), '', $password)); $group = 0; if ($register_mode == 'nothing' && isset($modSettings['tp_iar_usergroup_assignment'])) { $group = $modSettings['tp_iar_usergroup_assignment']; } $regOptions = array('interface' => $register_mode == 'approval' ? 'guest' : 'admin', 'username' => $username, 'email' => $email, 'password' => $password, 'password_check' => $password, 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => false, 'send_welcome_email' => isset($_POST['emailPassword']) || empty($password), 'require' => $register_mode, 'memberGroup' => (int) $group); define('mobi_register', 1); require_once $sourcedir . '/Subs-Members.php'; $memberID = registerMember($regOptions); if (!empty($memberID)) { $context['new_member'] = array('id' => $memberID, 'name' => $username, 'href' => $scripturl . '?action=profile;u=' . $memberID, 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $memberID . '">' . $username . '</a>'); $context['registration_done'] = sprintf($txt['admin_register_done'], $context['new_member']['link']); //update profile if (isset($profile) && !empty($profile) && is_array($profile)) { $profile_vars = array('avatar' => $profile['avatar_url']); updateMemberData($memberID, $profile_vars); } return get_user_by_name_or_email($username, false); } return null; }
/** * Actually register the member. * @todo split this function in two functions: * - a function that handles action=register2, which needs no parameter; * - a function that processes the case of OpenID verification. * * @param bool $verifiedOpenID = false */ public function action_register2($verifiedOpenID = false) { global $txt, $modSettings, $context, $user_info; // Start collecting together any errors. $reg_errors = Error_Context::context('register', 0); // We can't validate the token and the session with OpenID enabled. if (!$verifiedOpenID) { checkSession(); if (!validateToken('register', 'post', true, false)) { $reg_errors->addError('token_verification'); } } // Did we save some open ID fields? if ($verifiedOpenID && !empty($context['openid_save_fields'])) { foreach ($context['openid_save_fields'] as $id => $value) { $_POST[$id] = $value; } } // You can't register if it's disabled. if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3) { fatal_lang_error('registration_disabled', false); } // If we're using an agreement checkbox, did they check it? if (!empty($modSettings['checkboxAgreement']) && !empty($_POST['checkbox_agreement'])) { $_SESSION['registration_agreed'] = true; } // Things we don't do for people who have already confirmed their OpenID allegances via register. if (!$verifiedOpenID) { // Well, if you don't agree, you can't register. if (!empty($modSettings['requireAgreement']) && empty($_SESSION['registration_agreed'])) { redirectexit(); } // Make sure they came from *somewhere*, have a session. if (!isset($_SESSION['old_url'])) { redirectexit('action=register'); } // If we don't require an agreement, we need a extra check for coppa. if (empty($modSettings['requireAgreement']) && !empty($modSettings['coppaAge'])) { $_SESSION['skip_coppa'] = !empty($_POST['accept_agreement']); } // Are they under age, and under age users are banned? if (!empty($modSettings['coppaAge']) && empty($modSettings['coppaType']) && empty($_SESSION['skip_coppa'])) { loadLanguage('Login'); fatal_lang_error('under_age_registration_prohibited', false, array($modSettings['coppaAge'])); } // Check the time gate for miscreants. First make sure they came from somewhere that actually set it up. if (empty($_SESSION['register']['timenow']) || empty($_SESSION['register']['limit'])) { redirectexit('action=register'); } // Failing that, check the time limit for exessive speed. if (time() - $_SESSION['register']['timenow'] < $_SESSION['register']['limit']) { loadLanguage('Login'); $reg_errors->addError('too_quickly'); } // Check whether the visual verification code was entered correctly. if (!empty($modSettings['reg_verification'])) { require_once SUBSDIR . '/VerificationControls.class.php'; $verificationOptions = array('id' => 'register'); $context['visual_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['visual_verification'])) { foreach ($context['visual_verification'] as $error) { $reg_errors->addError($error); } } } } foreach ($_POST as $key => $value) { if (!is_array($_POST[$key])) { $_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key])); } } // Collect all extra registration fields someone might have filled in. $possible_strings = array('birthdate', 'time_format', 'buddy_list', 'pm_ignore_list', 'smiley_set', 'personal_text', 'avatar', 'lngfile', 'location', 'secret_question', 'secret_answer', 'website_url', 'website_title'); $possible_ints = array('pm_email_notify', 'notify_types', 'id_theme', 'gender'); $possible_floats = array('time_offset'); $possible_bools = array('notify_announcements', 'notify_regularity', 'notify_send_body', 'hide_email', 'show_online'); if (isset($_POST['secret_answer']) && $_POST['secret_answer'] != '') { $_POST['secret_answer'] = md5($_POST['secret_answer']); } // Needed for isReservedName() and registerMember(). require_once SUBSDIR . '/Members.subs.php'; // Validation... even if we're not a mall. if (isset($_POST['real_name']) && (!empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum'))) { $_POST['real_name'] = trim(preg_replace('~[\\t\\n\\r \\x0B\\0\\x{A0}\\x{AD}\\x{2000}-\\x{200F}\\x{201F}\\x{202F}\\x{3000}\\x{FEFF}]+~u', ' ', $_POST['real_name'])); if (trim($_POST['real_name']) != '' && !isReservedName($_POST['real_name']) && Util::strlen($_POST['real_name']) < 60) { $possible_strings[] = 'real_name'; } } // Handle a string as a birthdate... if (isset($_POST['birthdate']) && $_POST['birthdate'] != '') { $_POST['birthdate'] = strftime('%Y-%m-%d', strtotime($_POST['birthdate'])); } elseif (!empty($_POST['bday1']) && !empty($_POST['bday2'])) { $_POST['birthdate'] = sprintf('%04d-%02d-%02d', empty($_POST['bday3']) ? 0 : (int) $_POST['bday3'], (int) $_POST['bday1'], (int) $_POST['bday2']); } // By default assume email is hidden, only show it if we tell it to. $_POST['hide_email'] = !empty($_POST['allow_email']) ? 0 : 1; // Validate the passed language file. if (isset($_POST['lngfile']) && !empty($modSettings['userLanguage'])) { // Do we have any languages? $context['languages'] = getLanguages(); // Did we find it? if (isset($context['languages'][$_POST['lngfile']])) { $_SESSION['language'] = $_POST['lngfile']; } else { unset($_POST['lngfile']); } } else { unset($_POST['lngfile']); } // Some of these fields we may not want. if (!empty($modSettings['registration_fields'])) { // But we might want some of them if the admin asks for them. $standard_fields = array('location', 'gender'); $reg_fields = explode(',', $modSettings['registration_fields']); $exclude_fields = array_diff($standard_fields, $reg_fields); // Website is a little different if (!in_array('website', $reg_fields)) { $exclude_fields = array_merge($exclude_fields, array('website_url', 'website_title')); } // We used to accept signature on registration but it's being abused by spammers these days, so no more. $exclude_fields[] = 'signature'; } else { $exclude_fields = array('signature', 'location', 'gender', 'website_url', 'website_title'); } $possible_strings = array_diff($possible_strings, $exclude_fields); $possible_ints = array_diff($possible_ints, $exclude_fields); $possible_floats = array_diff($possible_floats, $exclude_fields); $possible_bools = array_diff($possible_bools, $exclude_fields); // Set the options needed for registration. $regOptions = array('interface' => 'guest', 'username' => !empty($_POST['user']) ? $_POST['user'] : '', 'email' => !empty($_POST['email']) ? $_POST['email'] : '', 'password' => !empty($_POST['passwrd1']) ? $_POST['passwrd1'] : '', 'password_check' => !empty($_POST['passwrd2']) ? $_POST['passwrd2'] : '', 'openid' => !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : '', 'auth_method' => !empty($_POST['authenticate']) ? $_POST['authenticate'] : '', 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => !empty($modSettings['coppaAge']) && !$verifiedOpenID && empty($_SESSION['skip_coppa']) ? 'coppa' : (empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval')), 'extra_register_vars' => array(), 'theme_vars' => array()); // Include the additional options that might have been filled in. foreach ($possible_strings as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = Util::htmlspecialchars($_POST[$var], ENT_QUOTES); } } foreach ($possible_ints as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = (int) $_POST[$var]; } } foreach ($possible_floats as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = (double) $_POST[$var]; } } foreach ($possible_bools as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1; } } // Registration options are always default options... if (isset($_POST['default_options'])) { $_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options']; } $regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? $_POST['options'] : array(); // Make sure they are clean, dammit! $regOptions['theme_vars'] = htmlspecialchars__recursive($regOptions['theme_vars']); // Check whether we have fields that simply MUST be displayed? require_once SUBSDIR . '/Profile.subs.php'; loadCustomFields(0, 'register'); foreach ($context['custom_fields'] as $row) { // Don't allow overriding of the theme variables. if (isset($regOptions['theme_vars'][$row['colname']])) { unset($regOptions['theme_vars'][$row['colname']]); } // Prepare the value! $value = isset($_POST['customfield'][$row['colname']]) ? trim($_POST['customfield'][$row['colname']]) : ''; // We only care for text fields as the others are valid to be empty. if (!in_array($row['type'], array('check', 'select', 'radio'))) { // Is it too long? if ($row['field_length'] && $row['field_length'] < Util::strlen($value)) { $reg_errors->addError(array('custom_field_too_long', array($row['name'], $row['field_length']))); } // Any masks to apply? if ($row['type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none') { // @todo We never error on this - just ignore it at the moment... if ($row['mask'] == 'email' && !isValidEmail($value)) { $reg_errors->addError(array('custom_field_invalid_email', array($row['name']))); } elseif ($row['mask'] == 'number' && preg_match('~[^\\d]~', $value)) { $reg_errors->addError(array('custom_field_not_number', array($row['name']))); } elseif (substr($row['mask'], 0, 5) == 'regex' && trim($value) !== '' && preg_match(substr($row['mask'], 5), $value) === 0) { $reg_errors->addError(array('custom_field_inproper_format', array($row['name']))); } } } // Is this required but not there? if (trim($value) == '' && $row['show_reg'] > 1) { $reg_errors->addError(array('custom_field_empty', array($row['name']))); } } // Lets check for other errors before trying to register the member. if ($reg_errors->hasErrors()) { $_REQUEST['step'] = 2; // If they've filled in some details but made an error then they need less time to finish $_SESSION['register']['limit'] = 4; return $this->action_register(); } // If they're wanting to use OpenID we need to validate them first. if (empty($_SESSION['openid']['verified']) && !empty($_POST['authenticate']) && $_POST['authenticate'] == 'openid') { // What do we need to save? $save_variables = array(); foreach ($_POST as $k => $v) { if (!in_array($k, array('sc', 'sesc', $context['session_var'], 'passwrd1', 'passwrd2', 'regSubmit'))) { $save_variables[$k] = $v; } } require_once SUBSDIR . '/OpenID.subs.php'; $openID = new OpenID(); $openID->validate($_POST['openid_identifier'], false, $save_variables); } elseif ($verifiedOpenID || (!empty($_POST['openid_identifier']) || !empty($_SESSION['openid']['openid_uri'])) && $_POST['authenticate'] == 'openid') { $regOptions['username'] = !empty($_POST['user']) && trim($_POST['user']) != '' ? $_POST['user'] : $_SESSION['openid']['nickname']; $regOptions['email'] = !empty($_POST['email']) && trim($_POST['email']) != '' ? $_POST['email'] : $_SESSION['openid']['email']; $regOptions['auth_method'] = 'openid'; $regOptions['openid'] = !empty($_SESSION['openid']['openid_uri']) ? $_SESSION['openid']['openid_uri'] : (!empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : ''); } // Registration needs to know your IP $req = request(); $regOptions['ip'] = $user_info['ip']; $regOptions['ip2'] = $req->ban_ip(); $memberID = registerMember($regOptions, 'register'); // If there are "important" errors and you are not an admin: log the first error // Otherwise grab all of them and don't log anything if ($reg_errors->hasErrors(1) && !$user_info['is_admin']) { foreach ($reg_errors->prepareErrors(1) as $error) { fatal_error($error, 'general'); } } // Was there actually an error of some kind dear boy? if ($reg_errors->hasErrors()) { $_REQUEST['step'] = 2; return $this->action_register(); } // Do our spam protection now. spamProtection('register'); // We'll do custom fields after as then we get to use the helper function! if (!empty($_POST['customfield'])) { require_once SUBSDIR . '/Profile.subs.php'; makeCustomFieldChanges($memberID, 'register'); } // If COPPA has been selected then things get complicated, setup the template. if (!empty($modSettings['coppaAge']) && empty($_SESSION['skip_coppa'])) { redirectexit('action=coppa;member=' . $memberID); } elseif (!empty($modSettings['registration_method'])) { loadTemplate('Register'); $context += array('page_title' => $txt['register'], 'title' => $txt['registration_successful'], 'sub_template' => 'after', 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']); } else { call_integration_hook('integrate_activate', array($regOptions['username'])); setLoginCookie(60 * $modSettings['cookieTime'], $memberID, hash('sha256', Util::strtolower($regOptions['username']) . $regOptions['password'] . $regOptions['register_vars']['password_salt'])); redirectexit('action=auth;sa=check;member=' . $memberID, $context['server']['needs_login_fix']); } }
function Login2() { global $txt, $scripturl, $user_info, $user_settings, $smcFunc; global $cookiename, $maintenance, $modSettings, $context, $sc, $sourcedir; // Load cookie authentication stuff. require_once $sourcedir . '/Subs-Auth.php'; if (isset($_GET['sa']) && $_GET['sa'] == 'salt' && !$user_info['is_guest']) { if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\\{i:0;(i:\\d{1,6}|s:[1-8]:"\\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\\d{1,14};(i:3;i:\\d;)?\\}$~', $_COOKIE[$cookiename]) === 1) { list(, , $timeout) = safe_unserialize($_COOKIE[$cookiename]); } elseif (isset($_SESSION['login_' . $cookiename])) { list(, , $timeout) = safe_unserialize($_SESSION['login_' . $cookiename]); } else { trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR); } $user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4); updateMemberData($user_info['id'], array('password_salt' => $user_settings['password_salt'])); setLoginCookie($timeout - time(), $user_info['id'], sha1($user_settings['passwd'] . $user_settings['password_salt'])); redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']); } elseif (isset($_GET['sa']) && $_GET['sa'] == 'check') { // Strike! You're outta there! if ($_GET['member'] != $user_info['id']) { fatal_lang_error('login_cookie_error', false); } // Some whitelisting for login_url... if (empty($_SESSION['login_url'])) { redirectexit(); } else { // Best not to clutter the session data too much... $temp = $_SESSION['login_url']; unset($_SESSION['login_url']); redirectexit($temp); } } // Beyond this point you are assumed to be a guest trying to login. if (!$user_info['is_guest']) { redirectexit(); } // Are you guessing with a script? spamProtection('login'); // Set the login_url if it's not already set (but careful not to send us to an attachment). if (empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) { $_SESSION['login_url'] = $_SESSION['old_url']; } // Been guessing a lot, haven't we? if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) { fatal_lang_error('login_threshold_fail', 'critical'); } // Set up the cookie length. (if it's invalid, just fall through and use the default.) if (isset($_POST['cookieneverexp']) || !empty($_POST['cookielength']) && $_POST['cookielength'] == -1) { $modSettings['cookieTime'] = 3153600; } elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 || $_POST['cookielength'] <= 525600)) { $modSettings['cookieTime'] = (int) $_POST['cookielength']; } loadLanguage('Login'); // Load the template stuff - wireless or normal. if (WIRELESS) { $context['sub_template'] = WIRELESS_PROTOCOL . '_login'; } else { loadTemplate('Login'); $context['sub_template'] = 'login'; } // Set up the default/fallback stuff. $context['default_username'] = isset($_POST['user']) ? preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', htmlspecialchars($_POST['user'])) : ''; $context['default_password'] = ''; $context['never_expire'] = $modSettings['cookieTime'] == 525600 || $modSettings['cookieTime'] == 3153600; $context['login_errors'] = array($txt['error_occured']); $context['page_title'] = $txt['login']; // Add the login chain to the link tree. $context['linktree'][] = array('url' => $scripturl . '?action=login', 'name' => $txt['login']); if (!empty($_POST['openid_identifier']) && !empty($modSettings['enableOpenID'])) { require_once $sourcedir . '/Subs-OpenID.php'; if (($open_id = smf_openID_validate($_POST['openid_identifier'])) !== 'no_data') { return $open_id; } } // You forgot to type your username, dummy! if (!isset($_POST['user']) || $_POST['user'] == '') { $context['login_errors'] = array($txt['need_username']); return; } // Hmm... maybe 'admin' will login with no password. Uhh... NO! if ((!isset($_POST['passwrd']) || $_POST['passwrd'] == '') && (!isset($_POST['hash_passwrd']) || strlen($_POST['hash_passwrd']) != 40)) { $context['login_errors'] = array($txt['no_password']); return; } // No funky symbols either. if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~(&#(\\d{1,7}|x[0-9a-fA-F]{1,6});)~', '', $_POST['user'])) != 0) { $context['login_errors'] = array($txt['error_invalid_characters_username']); return; } // And if it's too long, trim it back. if ($smcFunc['strlen']($_POST['user']) > 80) { $_POST['user'] = $smcFunc['substr']($_POST['user'], 0, 79); $context['default_username'] = preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', $smcFunc['htmlspecialchars']($_POST['user'])); } // Are we using any sort of integration to validate the login? if (in_array('retry', call_integration_hook('integrate_validate_login', array($_POST['user'], isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) == 40 ? $_POST['hash_passwrd'] : null, $modSettings['cookieTime'])), true)) { $context['login_errors'] = array($txt['login_hash_error']); $context['disable_login_hashing'] = true; return; } // Load the data up! $request = $smcFunc['db_query']('', ' SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt, openid_uri, passwd_flood, ldap_user FROM {db_prefix}members WHERE ' . ($smcFunc['db_case_sensitive'] ? 'LOWER(member_name) = LOWER({string:user_name})' : 'member_name = {string:user_name}') . ' LIMIT 1', array('user_name' => $smcFunc['db_case_sensitive'] ? strtolower($_POST['user']) : $_POST['user'])); $ldap_esc_username = ldap_escape($_POST['user']); // Probably mistyped or their email, try it as an email address. (member_name first, though!) if ($smcFunc['db_num_rows']($request) == 0) { $smcFunc['db_free_result']($request); $request = $smcFunc['db_query']('', ' SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt, openid_uri, passwd_flood, ldap_user FROM {db_prefix}members WHERE email_address = {string:user_name} LIMIT 1', array('user_name' => $_POST['user'])); } // It didn't match anything in the local db... if ($smcFunc['db_num_rows']($request) == 0) { $smcFunc['db_free_result']($request); // Try ldap if (!function_exists('ldap_connect')) { die('The PHP LDAP extension is required'); return; } $ldap = ldap_connect(LDAP_SERVER, LDAP_PORT); if (!is_resource($ldap)) { die('Unable to connect to the LDAP server: ' . LDAP_SERVER); return; } ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); if (ldap_bind($ldap, 'uid=' . $ldap_esc_username . ',' . LDAP_BASE_DN, $_POST['passwrd'])) { // User exists in ldap, copy to local db $ldap_search = ldap_search($ldap, LDAP_BASE_DN, 'uid=' . $ldap_esc_username, array('uid', 'cn', 'mail'), 0, 1); $ldap_result = @ldap_first_entry($ldap, $ldap_search); $ldap_fields = @ldap_get_attributes($ldap, $ldap_result); if (!$ldap_fields) { die('Failed to query LDAP user'); return; } $regOptions = array('interface' => 'guest', 'check_reserved_name' => true, 'check_password_strength' => false, 'check_email_ban' => false, 'send_welcome_email' => false, 'require' => 'nothing', 'extra_register_vars' => array('real_name' => $ldap_fields['cn'][0]), 'theme_vars' => array(), 'auth_method' => 'ldap', 'username' => $ldap_fields['uid'][0], 'email' => $ldap_fields['mail'][0]); require_once $sourcedir . '/Subs-Members.php'; //require the file, so that we can call the function require_once $sourcedir . '/Subs.php'; //require the file, so that we can call the function $memberID = registerMember($regOptions); //call the function. $memberID should return a value. //Retry the query $request = $smcFunc['db_query']('', ' SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt, openid_uri, passwd_flood, ldap_user FROM {db_prefix}members WHERE id_member = {int:id_member} LIMIT 1', array('id_member' => $memberID)); if ($smcFunc['db_num_rows']($request) == 0) { die('Failed to add LDAP user to the database'); return; } ldap_close($ldap); } else { $context['login_errors'] = array($txt['incorrect_password']); return; } } $user_settings = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); if ((bool) ord($user_settings['ldap_user'])) { // Try ldap if (!function_exists('ldap_connect')) { $context['login_errors'] = 'The PHP LDAP extension is required'; return; } $ldap = ldap_connect(LDAP_SERVER, LDAP_PORT); if (!is_resource($ldap)) { $context['login_errors'] = 'Unable to connect to the LDAP server: "' . LDAP_SERVER . '"'; return; } ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); if (!ldap_bind($ldap, 'uid=' . $ldap_esc_username . ',' . LDAP_BASE_DN, $_POST['passwrd'])) { // They've messed up again - keep a count to see if they need a hand. $_SESSION['failed_login'] = @$_SESSION['failed_login'] + 1; // Hmm... don't remember it, do you? Here, try the password reminder ;). if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) { redirectexit('action=reminder'); } else { // Log an error so we know that it didn't go well in the error log. log_error($txt['incorrect_password'] . ' - ldap: <span class="remove">' . $user_settings['member_name'] . '</span>', 'user'); $context['login_errors'] = array($txt['incorrect_password']); return; } } } else { // Figure out the password using SMF's encryption - if what they typed is right. if (isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) == 40) { // Needs upgrading? if (strlen($user_settings['passwd']) != 40) { $context['login_errors'] = array($txt['login_hash_error']); $context['disable_login_hashing'] = true; unset($user_settings); return; } elseif ($_POST['hash_passwrd'] == sha1($user_settings['passwd'] . $sc)) { $sha_passwd = $user_settings['passwd']; } else { // Don't allow this! validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']); $_SESSION['failed_login'] = @$_SESSION['failed_login'] + 1; if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) { redirectexit('action=reminder'); } else { log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user'); $context['disable_login_hashing'] = true; $context['login_errors'] = array($txt['incorrect_password']); unset($user_settings); return; } } } else { $sha_passwd = sha1(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd'])); } // Bad password! Thought you could fool the database?! if ($user_settings['passwd'] != $sha_passwd) { // Let's be cautious, no hacking please. thanx. validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']); // Maybe we were too hasty... let's try some other authentication methods. $other_passwords = array(); // None of the below cases will be used most of the time (because the salt is normally set.) if ($user_settings['password_salt'] == '') { // YaBB SE, Discus, MD5 (used a lot), SHA-1 (used some), SMF 1.0.x, IkonBoard, and none at all. $other_passwords[] = crypt($_POST['passwrd'], substr($_POST['passwrd'], 0, 2)); $other_passwords[] = crypt($_POST['passwrd'], substr($user_settings['passwd'], 0, 2)); $other_passwords[] = md5($_POST['passwrd']); $other_passwords[] = sha1($_POST['passwrd']); $other_passwords[] = md5_hmac($_POST['passwrd'], strtolower($user_settings['member_name'])); $other_passwords[] = md5($_POST['passwrd'] . strtolower($user_settings['member_name'])); $other_passwords[] = md5(md5($_POST['passwrd'])); $other_passwords[] = $_POST['passwrd']; // This one is a strange one... MyPHP, crypt() on the MD5 hash. $other_passwords[] = crypt(md5($_POST['passwrd']), md5($_POST['passwrd'])); // Snitz style - SHA-256. Technically, this is a downgrade, but most PHP configurations don't support sha256 anyway. if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256')) { $other_passwords[] = bin2hex(mhash(MHASH_SHA256, $_POST['passwrd'])); } // phpBB3 users new hashing. We now support it as well ;). $other_passwords[] = phpBB3_password_check($_POST['passwrd'], $user_settings['passwd']); // APBoard 2 Login Method. $other_passwords[] = md5(crypt($_POST['passwrd'], 'CRYPT_MD5')); } elseif (strlen($user_settings['passwd']) == 32) { // vBulletin 3 style hashing? Let's welcome them with open arms \o/. $other_passwords[] = md5(md5($_POST['passwrd']) . $user_settings['password_salt']); // Hmm.. p'raps it's Invision 2 style? $other_passwords[] = md5(md5($user_settings['password_salt']) . md5($_POST['passwrd'])); // Some common md5 ones. $other_passwords[] = md5($user_settings['password_salt'] . $_POST['passwrd']); $other_passwords[] = md5($_POST['passwrd'] . $user_settings['password_salt']); } elseif (strlen($user_settings['passwd']) == 40) { // Maybe they are using a hash from before the password fix. $other_passwords[] = sha1(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd'])); // BurningBoard3 style of hashing. $other_passwords[] = sha1($user_settings['password_salt'] . sha1($user_settings['password_salt'] . sha1($_POST['passwrd']))); // Perhaps we converted to UTF-8 and have a valid password being hashed differently. if ($context['character_set'] == 'utf8' && !empty($modSettings['previousCharacterSet']) && $modSettings['previousCharacterSet'] != 'utf8') { // Try iconv first, for no particular reason. if (function_exists('iconv')) { $other_passwords['iconv'] = sha1(strtolower(iconv('UTF-8', $modSettings['previousCharacterSet'], $user_settings['member_name'])) . un_htmlspecialchars(iconv('UTF-8', $modSettings['previousCharacterSet'], $_POST['passwrd']))); } // Say it aint so, iconv failed! if (empty($other_passwords['iconv']) && function_exists('mb_convert_encoding')) { $other_passwords[] = sha1(strtolower(mb_convert_encoding($user_settings['member_name'], 'UTF-8', $modSettings['previousCharacterSet'])) . un_htmlspecialchars(mb_convert_encoding($_POST['passwrd'], 'UTF-8', $modSettings['previousCharacterSet']))); } } } // SMF's sha1 function can give a funny result on Linux (Not our fault!). If we've now got the real one let the old one be valid! if (strpos(strtolower(PHP_OS), 'win') !== 0) { require_once $sourcedir . '/Subs-Compat.php'; $other_passwords[] = sha1_smf(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd'])); } // Whichever encryption it was using, let's make it use SMF's now ;). if (in_array($user_settings['passwd'], $other_passwords)) { $user_settings['passwd'] = $sha_passwd; $user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4); // Update the password and set up the hash. updateMemberData($user_settings['id_member'], array('passwd' => $user_settings['passwd'], 'password_salt' => $user_settings['password_salt'], 'passwd_flood' => '')); } else { // They've messed up again - keep a count to see if they need a hand. $_SESSION['failed_login'] = @$_SESSION['failed_login'] + 1; // Hmm... don't remember it, do you? Here, try the password reminder ;). if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) { redirectexit('action=reminder'); } else { // Log an error so we know that it didn't go well in the error log. log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user'); $context['login_errors'] = array($txt['incorrect_password']); return; } } } elseif (!empty($user_settings['passwd_flood'])) { // Let's be sure they weren't a little hacker. validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood'], true); // If we got here then we can reset the flood counter. updateMemberData($user_settings['id_member'], array('passwd_flood' => '')); } // Correct password, but they've got no salt; fix it! if ($user_settings['password_salt'] == '') { $user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4); updateMemberData($user_settings['id_member'], array('password_salt' => $user_settings['password_salt'])); } } // Check their activation status. if (!checkActivation()) { return; } DoLogin(); }
function Register2($verifiedOpenID = false) { global $txt, $modSettings, $context, $sourcedir; // Start collecting together any errors. $reg_errors = array(); // Did we save some open ID fields? if ($verifiedOpenID && !empty($context['openid_save_fields'])) { foreach ($context['openid_save_fields'] as $id => $value) { $_POST[$id] = $value; } } // You can't register if it's disabled. if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3) { fatal_lang_error('registration_disabled', false); } // Things we don't do for people who have already confirmed their OpenID allegances via register. if (!$verifiedOpenID) { // Well, if you don't agree, you can't register. if (!empty($modSettings['requireAgreement']) && empty($_SESSION['registration_agreed'])) { redirectexit(); } // Make sure they came from *somewhere*, have a session. if (!isset($_SESSION['old_url'])) { redirectexit('action=register'); } // Are they under age, and under age users are banned? if (!empty($modSettings['coppaAge']) && empty($modSettings['coppaType']) && empty($_SESSION['skip_coppa'])) { // !!! This should be put in Errors, imho. loadLanguage('Login'); fatal_lang_error('under_age_registration_prohibited', false, array($modSettings['coppaAge'])); } // Check whether the visual verification code was entered correctly. if (!empty($modSettings['reg_verification'])) { require_once $sourcedir . '/lib/Subs-Editor.php'; $verificationOptions = array('id' => 'register'); $context['visual_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['visual_verification'])) { loadLanguage('Errors'); foreach ($context['visual_verification'] as $error) { $reg_errors[] = $txt['error_' . $error]; } } } } foreach ($_POST as $key => $value) { if (!is_array($_POST[$key])) { $_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key])); } } // Collect all extra registration fields someone might have filled in. $possible_strings = array('location', 'birthdate', 'time_format', 'buddy_list', 'pm_ignore_list', 'smiley_set', 'signature', 'personal_text', 'avatar', 'lngfile', 'secret_question', 'secret_answer'); $possible_ints = array('pm_email_notify', 'notify_types', 'gender', 'id_theme'); $possible_floats = array('time_offset'); $possible_bools = array('notify_announcements', 'notify_regularity', 'notify_send_body', 'hide_email', 'show_online'); if (isset($_POST['secret_answer']) && $_POST['secret_answer'] != '') { $_POST['secret_answer'] = md5($_POST['secret_answer']); } // Needed for isReservedName() and registerMember(). require_once $sourcedir . '/lib/Subs-Members.php'; // Validation... even if we're not a mall. if (isset($_POST['real_name']) && (!empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum'))) { $_POST['real_name'] = trim(preg_replace('~[\\s]~u', ' ', $_POST['real_name'])); if (trim($_POST['real_name']) != '' && !isReservedName($_POST['real_name']) && commonAPI::strlen($_POST['real_name']) < 60) { $possible_strings[] = 'real_name'; } } // Handle a string as a birthdate... if (isset($_POST['birthdate']) && $_POST['birthdate'] != '') { $_POST['birthdate'] = strftime('%Y-%m-%d', strtotime($_POST['birthdate'])); } elseif (!empty($_POST['bday1']) && !empty($_POST['bday2'])) { $_POST['birthdate'] = sprintf('%04d-%02d-%02d', empty($_POST['bday3']) ? 0 : (int) $_POST['bday3'], (int) $_POST['bday1'], (int) $_POST['bday2']); } // By default assume email is hidden, only show it if we tell it to. $_POST['hide_email'] = !empty($_POST['allow_email']) ? 0 : 1; // Validate the passed language file. if (isset($_POST['lngfile']) && !empty($modSettings['userLanguage'])) { // Do we have any languages? if (empty($context['languages'])) { getLanguages(); } // Did we find it? if (isset($context['languages'][$_POST['lngfile']])) { $_SESSION['language'] = $_POST['lngfile']; } else { unset($_POST['lngfile']); } } else { unset($_POST['lngfile']); } // Set the options needed for registration. $regOptions = array('interface' => 'guest', 'username' => !empty($_POST['user']) ? $_POST['user'] : '', 'email' => !empty($_POST['email']) ? $_POST['email'] : '', 'password' => !empty($_POST['passwrd1']) ? $_POST['passwrd1'] : '', 'password_check' => !empty($_POST['passwrd2']) ? $_POST['passwrd2'] : '', 'openid' => !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : '', 'auth_method' => !empty($_POST['authenticate']) ? $_POST['authenticate'] : '', 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => !empty($modSettings['coppaAge']) && !$verifiedOpenID && empty($_SESSION['skip_coppa']) ? 'coppa' : (empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval')), 'extra_register_vars' => array(), 'theme_vars' => array()); // Include the additional options that might have been filled in. foreach ($possible_strings as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = commonAPI::htmlspecialchars($_POST[$var], ENT_QUOTES); } } foreach ($possible_ints as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = (int) $_POST[$var]; } } foreach ($possible_floats as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = (double) $_POST[$var]; } } foreach ($possible_bools as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1; } } // Registration options are always default options... if (isset($_POST['default_options'])) { $_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options']; } $regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? $_POST['options'] : array(); // Make sure they are clean, dammit! $regOptions['theme_vars'] = htmlspecialchars__recursive($regOptions['theme_vars']); // If Quick Reply hasn't been set then set it to be shown but collapsed. if (!isset($regOptions['theme_vars']['display_quick_reply'])) { $regOptions['theme_vars']['display_quick_reply'] = 1; } // Check whether we have fields that simply MUST be displayed? $request = smf_db_query(' SELECT col_name, field_name, field_type, field_length, mask, show_reg FROM {db_prefix}custom_fields WHERE active = {int:is_active}', array('is_active' => 1)); $custom_field_errors = array(); while ($row = mysql_fetch_assoc($request)) { // Don't allow overriding of the theme variables. if (isset($regOptions['theme_vars'][$row['col_name']])) { unset($regOptions['theme_vars'][$row['col_name']]); } // Not actually showing it then? if (!$row['show_reg']) { continue; } // Prepare the value! $value = isset($_POST['customfield'][$row['col_name']]) ? trim($_POST['customfield'][$row['col_name']]) : ''; // We only care for text fields as the others are valid to be empty. if (!in_array($row['field_type'], array('check', 'select', 'radio'))) { // Is it too long? if ($row['field_length'] && $row['field_length'] < commonAPI::strlen($value)) { $custom_field_errors[] = array('custom_field_too_long', array($row['field_name'], $row['field_length'])); } // Any masks to apply? if ($row['field_type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none') { //!!! We never error on this - just ignore it at the moment... if ($row['mask'] == 'email' && (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $value) === 0 || strlen($value) > 255)) { $custom_field_errors[] = array('custom_field_invalid_email', array($row['field_name'])); } elseif ($row['mask'] == 'number' && preg_match('~[^\\d]~', $value)) { $custom_field_errors[] = array('custom_field_not_number', array($row['field_name'])); } elseif (substr($row['mask'], 0, 5) == 'regex' && preg_match(substr($row['mask'], 5), $value) === 0) { $custom_field_errors[] = array('custom_field_inproper_format', array($row['field_name'])); } } } // Is this required but not there? if (trim($value) == '' && $row['show_reg'] > 1) { $custom_field_errors[] = array('custom_field_empty', array($row['field_name'])); } } mysql_free_result($request); // Process any errors. if (!empty($custom_field_errors)) { loadLanguage('Errors'); foreach ($custom_field_errors as $error) { $reg_errors[] = vsprintf($txt['error_' . $error[0]], $error[1]); } } // Lets check for other errors before trying to register the member. if (!empty($reg_errors)) { $_REQUEST['step'] = 2; return Register($reg_errors); } // If they're wanting to use OpenID we need to validate them first. if (empty($_SESSION['openid']['verified']) && !empty($_POST['authenticate']) && $_POST['authenticate'] == 'openid') { // What do we need to save? $save_variables = array(); foreach ($_POST as $k => $v) { if (!in_array($k, array('sc', 'sesc', $context['session_var'], 'passwrd1', 'passwrd2', 'regSubmit'))) { $save_variables[$k] = $v; } } require_once $sourcedir . '/lib/Subs-OpenID.php'; smf_openID_validate($_POST['openid_identifier'], false, $save_variables); } elseif ($verifiedOpenID || !empty($_POST['openid_identifier']) && $_POST['authenticate'] == 'openid') { $regOptions['username'] = !empty($_POST['user']) && trim($_POST['user']) != '' ? $_POST['user'] : $_SESSION['openid']['nickname']; $regOptions['email'] = !empty($_POST['email']) && trim($_POST['email']) != '' ? $_POST['email'] : $_SESSION['openid']['email']; $regOptions['auth_method'] = 'openid'; $regOptions['openid'] = !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : $_SESSION['openid']['openid_uri']; } $memberID = registerMember($regOptions, true); // What there actually an error of some kind dear boy? if (is_array($memberID)) { $reg_errors = array_merge($reg_errors, $memberID); $_REQUEST['step'] = 2; return Register($reg_errors); } // Do our spam protection now. spamProtection('register'); HookAPI::callHook('register_process'); // We'll do custom fields after as then we get to use the helper function! if (!empty($_POST['customfield'])) { require_once $sourcedir . '/Profile.php'; require_once $sourcedir . '/Profile-Modify.php'; makeCustomFieldChanges($memberID, 'register'); } // If COPPA has been selected then things get complicated, setup the template. if (!empty($modSettings['coppaAge']) && empty($_SESSION['skip_coppa'])) { redirectexit('action=coppa;member=' . $memberID); } elseif (!empty($modSettings['registration_method'])) { EoS_Smarty::loadTemplate('register/base'); EoS_Smarty::getConfigInstance()->registerHookTemplate('register_content_area', 'register/done'); $context += array('page_title' => $txt['register'], 'title' => $txt['registration_successful'], 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']); } else { HookAPI::callHook('integrate_activate', array($row['member_name'])); setLoginCookie(60 * $modSettings['cookieTime'], $memberID, sha1(sha1(strtolower($regOptions['username']) . $regOptions['password']) . $regOptions['register_vars']['password_salt'])); redirectexit('action=login2;sa=check;member=' . $memberID, $context['server']['needs_login_fix']); } }
/** * This checks to see if the user exists in WP or not. If they do but don't * exist in SMF, the SMF user is created. If they are in SMF but not WP, * they are created in WP. If they exist in both or don't exist in either, * we fall through and let SMF handle it. * * @param string $user Username * @param string $hashPasswd Hashed password from SMF * @return string 'retry' if we need a non-hashed password or '' if we are okay */ public function integrate_validate_login($user, $hashPasswd) { global $smcFunc, $sourcedir, $modSettings, $txt; if (!$this->enabled) { return ''; } $this->loadWordpressSettings(); // Check if they exist in Wordpress $this->wpUser = new WordpressUser($this->db_prefix, $this->db_connection, $user); // We need to know if they exist in SMF too $request = $smcFunc['db_query']('', ' SELECT * FROM {db_prefix}members WHERE member_name = {string:user} LIMIT 1', array('user' => $user)); $smfUser = $smcFunc['db_num_rows']($request) > 0 ? $smcFunc['db_fetch_assoc']($request) : FALSE; $smcFunc['db_free_result']($request); // Not in either table, or in both, fall through if (!isset($this->wpUser->ID) && !$smfUser || isset($this->wpUser->ID) && $smfUser) { return ''; } // A hashed password but missing user requires a retry to populate the user if ($hashPasswd !== NULL) { return 'retry'; } $roleMaps = !empty($modSettings['wordpress_role_maps']) ? unserialize($modSettings['wordpress_role_maps']) : array('smf' => array(), 'wp' => array()); // Create a SMF user if (isset($this->wpUser->ID)) { // First make sure they used the right password if (!$this->wpUser->isLegit($_POST['passwrd'])) { return 'retry'; } $role = array_shift(array_flip(@unserialize($this->wpUser->role))); $regOptions = array('interface' => 'wordpress_bridge', 'auth_method' => 'password', 'username' => $this->wpUser->user_login, 'email' => $this->wpUser->user_email, 'require' => 'nothing', 'password' => $_POST['passwrd'], 'password_check' => $_POST['passwrd'], 'check_password_strength' => FALSE, 'check_email_ban' => FALSE, 'extra_register_vars' => array('id_group' => !empty($roleMaps['wp'][$role]) ? $roleMaps['wp'][$role] : 0, 'real_name' => !empty($this->wpUser->display_name) ? $this->wpUser->display_name : $this->wpUser->user_login, 'date_registered' => strtotime($this->wpUser->user_registered))); require_once $sourcedir . '/Subs-Members.php'; $this->bypassRegisterHook = TRUE; $errors = registerMember($regOptions, TRUE); // Errors have to be dealt with if (!is_array($errors)) { return ''; } log_error(sprintf($txt['wordpress cannot sync'], $this->wpUser->user_login) . "\n" . print_r($errors, TRUE), 'user'); fatal_lang_error('wordpress cannot sync', FALSE, array($this->wpUser->user_login)); } else { $this->wpUser->user_login = $smfUser['member_name']; $this->wpUser->user_nicename = $smfUser['member_name']; $this->wpUser->user_email = $smfUser['email_address']; $this->wpUser->user_pass = $_POST['passwrd']; $this->wpUser->user_url = $smfUser['website_url']; $this->wpUser->user_registered = gmdate("Y-m-d H:i:s", $smfUser['date_registered']); $this->wpUser->user_status = 0; $this->wpUser->display_name = $smfUser['real_name']; $this->wpUser->role = $smfUser['id_group']; $this->wpUser->save(); return ''; } }
private function _makeMembers() { require_once SUBSDIR . '/Members.subs.php'; while ($this->counters['members']['current'] < $this->counters['members']['max'] && $this->blockSize--) { $regOptions = array('interface' => 'admin', 'username' => 'Member ' . ++$this->counters['members']['current'], 'email' => 'member_' . $this->counters['members']['current'] . '@' . $_SERVER['SERVER_NAME'] . (strpos($_SERVER['SERVER_NAME'], '.') === FALSE ? '.com' : ''), 'password' => '', 'require' => 'nothing'); registerMember($regOptions); } $this->_pause(); }
function action_register() { global $sourcedir, $context, $modSettings, $request_name, $maintenance, $mmessage, $tid_sign_in; checkSession(); if (empty($_POST['password'])) { get_error('password cannot be empty'); } if (!($maintenance == 0)) { get_error('Forum is in maintenance model or Tapatalk is disabled by forum administrator.'); } if ($modSettings['registration_method'] == 0) { $register_mode = 'nothing'; } else { if ($modSettings['registration_method'] == 1) { $register_mode = $_POST['emailActivate'] === false ? 'nothing' : 'activation'; } else { $register_mode = 'approval'; } } foreach ($_POST as $key => $value) { if (!is_array($_POST[$key])) { $_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key])); } } $_POST['group'] = 0; if ($register_mode == 'nothing' && isset($modSettings['tp_iar_usergroup_assignment'])) { $_POST['group'] = $modSettings['tp_iar_usergroup_assignment']; } $regOptions = array('interface' => $register_mode == 'approval' ? 'guest' : 'admin', 'username' => $_POST['user'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'password_check' => $_POST['password'], 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => false, 'send_welcome_email' => isset($_POST['emailPassword']) || empty($_POST['password']), 'require' => $register_mode, 'memberGroup' => (int) $_POST['group']); define('mobi_register', 1); require_once $sourcedir . '/Subs-Members.php'; $memberID = registerMember($regOptions); if (!empty($memberID)) { $context['new_member'] = array('id' => $memberID, 'name' => $_POST['user'], 'href' => $scripturl . '?action=profile;u=' . $memberID, 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $memberID . '">' . $_POST['user'] . '</a>'); $context['registration_done'] = sprintf($txt['admin_register_done'], $context['new_member']['link']); } if (!empty($memberID) && $tid_sign_in) { //update profile if (isset($_POST['tid_profile']) && !empty($_POST['tid_profile']) && is_array($_POST['tid_profile'])) { $profile_vars = array('avatar' => $_POST['tid_profile']['avatar_url']); updateMemberData($memberID, $profile_vars); } //simulate login $request_name = 'login'; $_REQUEST['action'] = $_GET['action'] = $_POST['action'] = 'login2'; before_action_login(); require_once 'include/LogInOut.php'; Login2(); } }
function AdminRegister() { global $txt, $context, $db_prefix, $sourcedir, $scripturl; // Setup the "tab", just incase an error occurs. $context['admin_tabs']['tabs']['register']['is_selected'] = true; if (!empty($_POST['regSubmit'])) { checkSession(); foreach ($_POST as $key => $value) { if (!is_array($_POST[$key])) { $_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key])); } } $regOptions = array('interface' => 'admin', 'username' => $_POST['user'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'password_check' => $_POST['password'], 'check_reserved_name' => true, 'check_password_strength' => false, 'check_email_ban' => false, 'send_welcome_email' => isset($_POST['emailPassword']), 'require' => isset($_POST['emailActivate']) ? 'activation' : 'nothing', 'memberGroup' => empty($_POST['group']) ? 0 : (int) $_POST['group']); require_once $sourcedir . '/Subs-Members.php'; $memberID = registerMember($regOptions); if (!empty($memberID)) { $context['new_member'] = array('id' => $memberID, 'name' => $_POST['user'], 'href' => $scripturl . '?action=profile;u=' . $memberID, 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $memberID . '">' . $_POST['user'] . '</a>'); $context['registration_done'] = sprintf($txt['admin_register_done'], $context['new_member']['link']); } } // Basic stuff. $context['sub_template'] = 'admin_register'; $context['page_title'] = $txt['registration_center']; // Load the assignable member groups. $request = db_query("\n\t\tSELECT groupName, ID_GROUP\n\t\tFROM {$db_prefix}membergroups\n\t\tWHERE ID_GROUP != 3\n\t\t\tAND minPosts = -1" . (allowedTo('admin_forum') ? '' : "\n\t\t\tAND ID_GROUP != 1") . "\n\t\tORDER BY minPosts, IF(ID_GROUP < 4, ID_GROUP, 4), groupName", __FILE__, __LINE__); $context['member_groups'] = array(0 => &$txt['admin_register_group_none']); while ($row = mysql_fetch_assoc($request)) { $context['member_groups'][$row['ID_GROUP']] = $row['groupName']; } mysql_free_result($request); }
function Register2($verifiedOpenID = false) { global $scripturl, $txt, $modSettings, $context, $sourcedir; global $user_info, $options, $settings, $smcFunc; // Start collecting together any errors. $reg_errors = array(); // Did we save some open ID fields? if ($verifiedOpenID && !empty($context['openid_save_fields'])) { foreach ($context['openid_save_fields'] as $id => $value) { $_POST[$id] = $value; } } // You can't register if it's disabled. if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3) { fatal_lang_error('registration_disabled', false); } // Things we don't do for people who have already confirmed their OpenID allegances via register. if (!$verifiedOpenID) { // Well, if you don't agree, you can't register. if (!empty($modSettings['requireAgreement']) && empty($_SESSION['registration_agreed'])) { redirectexit(); } // Make sure they came from *somewhere*, have a session. if (!isset($_SESSION['old_url'])) { redirectexit('action=register'); } // Are they under age, and under age users are banned? if (!empty($modSettings['coppaAge']) && empty($modSettings['coppaType']) && empty($_SESSION['skip_coppa'])) { // !!! This should be put in Errors, imho. loadLanguage('Login'); fatal_lang_error('under_age_registration_prohibited', false, array($modSettings['coppaAge'])); } // Check whether the visual verification code was entered correctly. if (!empty($modSettings['reg_verification'])) { require_once $sourcedir . '/Subs-Editor.php'; $verificationOptions = array('id' => 'register'); $context['visual_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['visual_verification'])) { loadLanguage('Errors'); foreach ($context['visual_verification'] as $error) { $reg_errors[] = $txt['error_' . $error]; } } } } foreach ($_POST as $key => $value) { if (!is_array($_POST[$key])) { $_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key])); } } // Collect all extra registration fields someone might have filled in. $possible_strings = array('website_url', 'website_title', 'aim', 'yim', 'skype', 'gtalk', 'location', 'birthdate', 'time_format', 'buddy_list', 'pm_ignore_list', 'smiley_set', 'signature', 'personal_text', 'avatar', 'lngfile', 'secret_question', 'secret_answer'); $possible_ints = array('pm_email_notify', 'notify_types', 'icq', 'gender', 'id_theme'); $possible_floats = array('time_offset'); $possible_bools = array('notify_announcements', 'notify_regularity', 'notify_send_body', 'hide_email', 'show_online'); if (isset($_POST['secret_answer']) && $_POST['secret_answer'] != '') { $_POST['secret_answer'] = md5($_POST['secret_answer']); } // Needed for isReservedName() and registerMember(). require_once $sourcedir . '/Subs-Members.php'; // Validation... even if we're not a mall. if (isset($_POST['real_name']) && (!empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum'))) { $_POST['real_name'] = trim(preg_replace('~[\\t\\n\\r \\x0B\\0' . ($context['utf8'] ? $context['server']['complex_preg_chars'] ? '\\x{A0}\\x{AD}\\x{2000}-\\x{200F}\\x{201F}\\x{202F}\\x{3000}\\x{FEFF}' : " -‟ ‟ " : '\\x00-\\x08\\x0B\\x0C\\x0E-\\x19\\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $_POST['real_name'])); if (trim($_POST['real_name']) != '' && !isReservedName($_POST['real_name']) && $smcFunc['strlen']($_POST['real_name']) < 60) { $possible_strings[] = 'real_name'; } } if (isset($_POST['msn']) && preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['msn']) != 0) { $profile_strings[] = 'msn'; } // Handle a string as a birthdate... if (isset($_POST['birthdate']) && $_POST['birthdate'] != '') { $_POST['birthdate'] = strftime('%Y-%m-%d', strtotime($_POST['birthdate'])); } elseif (!empty($_POST['bday1']) && !empty($_POST['bday2'])) { $_POST['birthdate'] = sprintf('%04d-%02d-%02d', empty($_POST['bday3']) ? 0 : (int) $_POST['bday3'], (int) $_POST['bday1'], (int) $_POST['bday2']); } // By default assume email is hidden, only show it if we tell it to. $_POST['hide_email'] = !empty($_POST['allow_email']) ? 0 : 1; // Validate the passed language file. if (isset($_POST['lngfile']) && !empty($modSettings['userLanguage'])) { // Do we have any languages? if (empty($context['languages'])) { getLanguages(); } // Did we find it? if (isset($context['languages'][$_POST['lngfile']])) { $_SESSION['language'] = $_POST['lngfile']; } else { unset($_POST['lngfile']); } } else { unset($_POST['lngfile']); } // Some of these fields we may not want. if (!empty($modSettings['registration_fields'])) { // But we might want some of them if the admin asks for them. $standard_fields = array('icq', 'msn', 'aim', 'yim', 'location', 'gender'); $reg_fields = explode(',', $modSettings['registration_fields']); $exclude_fields = array_diff($standard_fields, $reg_fields); // Website is a little different if (!in_array('website', $reg_fields)) { $exclude_fields = array_merge($exclude_fields, array('website_url', 'website_title')); } // We used to accept signature on registration but it's being abused by spammers these days, so no more. $exclude_fields[] = 'signature'; } else { $exclude_fields = array('signature', 'icq', 'msn', 'aim', 'yim', 'location', 'gender', 'website_url', 'website_title'); } $possible_strings = array_diff($possible_strings, $exclude_fields); $possible_ints = array_diff($possible_ints, $exclude_fields); $possible_floats = array_diff($possible_floats, $exclude_fields); $possible_bools = array_diff($possible_bools, $exclude_fields); // Set the options needed for registration. $regOptions = array('interface' => 'guest', 'username' => !empty($_POST['user']) ? $_POST['user'] : '', 'email' => !empty($_POST['email']) ? $_POST['email'] : '', 'password' => !empty($_POST['passwrd1']) ? $_POST['passwrd1'] : '', 'password_check' => !empty($_POST['passwrd2']) ? $_POST['passwrd2'] : '', 'openid' => !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : '', 'auth_method' => !empty($_POST['authenticate']) ? $_POST['authenticate'] : '', 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => !empty($modSettings['coppaAge']) && !$verifiedOpenID && empty($_SESSION['skip_coppa']) ? 'coppa' : (empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval')), 'extra_register_vars' => array(), 'theme_vars' => array()); // Include the additional options that might have been filled in. foreach ($possible_strings as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = $smcFunc['htmlspecialchars']($_POST[$var], ENT_QUOTES); } } foreach ($possible_ints as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = (int) $_POST[$var]; } } foreach ($possible_floats as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = (double) $_POST[$var]; } } foreach ($possible_bools as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1; } } // Registration options are always default options... if (isset($_POST['default_options'])) { $_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options']; } $regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? $_POST['options'] : array(); // Make sure they are clean, dammit! $regOptions['theme_vars'] = htmlspecialchars__recursive($regOptions['theme_vars']); // If Quick Reply hasn't been set then set it to be shown but collapsed. if (!isset($regOptions['theme_vars']['display_quick_reply'])) { $regOptions['theme_vars']['display_quick_reply'] = 1; } // Check whether we have fields that simply MUST be displayed? $request = $smcFunc['db_query']('', ' SELECT col_name, field_name, field_type, field_length, mask, show_reg FROM {db_prefix}custom_fields WHERE active = {int:is_active}', array('is_active' => 1)); $custom_field_errors = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { // Don't allow overriding of the theme variables. if (isset($regOptions['theme_vars'][$row['col_name']])) { unset($regOptions['theme_vars'][$row['col_name']]); } // Not actually showing it then? if (!$row['show_reg']) { continue; } // Prepare the value! $value = isset($_POST['customfield'][$row['col_name']]) ? trim($_POST['customfield'][$row['col_name']]) : ''; // We only care for text fields as the others are valid to be empty. if (!in_array($row['field_type'], array('check', 'select', 'radio'))) { // Is it too long? if ($row['field_length'] && $row['field_length'] < $smcFunc['strlen']($value)) { $custom_field_errors[] = array('custom_field_too_long', array($row['field_name'], $row['field_length'])); } // Any masks to apply? if ($row['field_type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none') { //!!! We never error on this - just ignore it at the moment... if ($row['mask'] == 'email' && (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $value) === 0 || strlen($value) > 255)) { $custom_field_errors[] = array('custom_field_invalid_email', array($row['field_name'])); } elseif ($row['mask'] == 'number' && preg_match('~[^\\d]~', $value)) { $custom_field_errors[] = array('custom_field_not_number', array($row['field_name'])); } elseif (substr($row['mask'], 0, 5) == 'regex' && trim($value) != '' && preg_match(substr($row['mask'], 5), $value) === 0) { $custom_field_errors[] = array('custom_field_inproper_format', array($row['field_name'])); } } } // xxx if we are editing our minecraft name, make sure there are no duplicates if (($row['col_name'] == "cust_minecra" || $row['col_name'] == "cust_rscnam") && $value != '') { $already_taken_memID = -1; $already_taken_memName = 'This user'; // first check the custom names $mc_request = $smcFunc['db_query']('', ' SELECT `id_member` FROM `{db_prefix}themes` WHERE `variable` = {string:col_name} AND `value` = {string:value}', array('col_name' => $row['col_name'], 'value' => strtolower($value))); if ($mc_row = $smcFunc['db_fetch_assoc']($mc_request)) { $already_taken_memID = $mc_row['id_member']; } $smcFunc['db_free_result']($mc_request); // if custom name is not taken, compare it to account names, or just grab name $mc_request = $smcFunc['db_query']('', ' SELECT `id_member`, `real_name` FROM `{db_prefix}members` WHERE id_member = {int:already_taken_memID} OR ( ( `real_name` = {string:value} OR `member_name` = {string:value} ) )', array('already_taken_memID' => $already_taken_memID, 'value' => strtolower($value))); if ($mc_row = $smcFunc['db_fetch_assoc']($mc_request)) { $already_taken_memID = $mc_row['id_member']; $already_taken_memName = $mc_row['real_name']; } $smcFunc['db_free_result']($mc_request); if ($already_taken_memID != -1) { // then someone already is using this name global $boardurl; $what_name = $row['col_name'] == "cust_minecra" ? 'Minecraft' : 'RSC'; die('<html>Error: <a href="' . $boardurl . '/index.php?action=profile;u=' . $already_taken_memID . "\">{$already_taken_memName}</a> has already registered this {$what_name} name!</html>"); } } if ($row['col_name'] == "cust_moparcr" && $value != '' && strlen($value) != 40) { if (strlen($value) > 30) { die("<html>Error: Maximum length for MoparCraft server password is 30 characters.</html>"); } if ($value == $regOptions['password']) { die("<html>Error: You can't set your MoparCraft server password to be the same as your forum password, if you want to use your forum password, leave this blank.</html>"); } $value = sha1(strtolower($regOptions['username']) . htmlspecialchars_decode($value)); $_POST['customfield'][$row['col_name']] = $value; } // xxx end if we are editing our minecraft name, make sure there are no duplicates // Is this required but not there? if (trim($value) == '' && $row['show_reg'] > 1) { $custom_field_errors[] = array('custom_field_empty', array($row['field_name'])); } } $smcFunc['db_free_result']($request); // Process any errors. if (!empty($custom_field_errors)) { loadLanguage('Errors'); foreach ($custom_field_errors as $error) { $reg_errors[] = vsprintf($txt['error_' . $error[0]], $error[1]); } } // Lets check for other errors before trying to register the member. if (!empty($reg_errors)) { $_REQUEST['step'] = 2; return Register($reg_errors); } // If they're wanting to use OpenID we need to validate them first. if (empty($_SESSION['openid']['verified']) && !empty($_POST['authenticate']) && $_POST['authenticate'] == 'openid') { // What do we need to save? $save_variables = array(); foreach ($_POST as $k => $v) { if (!in_array($k, array('sc', 'sesc', $context['session_var'], 'passwrd1', 'passwrd2', 'regSubmit'))) { $save_variables[$k] = $v; } } require_once $sourcedir . '/Subs-OpenID.php'; smf_openID_validate($_POST['openid_identifier'], false, $save_variables); } elseif ($verifiedOpenID || !empty($_POST['openid_identifier']) && $_POST['authenticate'] == 'openid') { $regOptions['username'] = !empty($_POST['user']) && trim($_POST['user']) != '' ? $_POST['user'] : $_SESSION['openid']['nickname']; $regOptions['email'] = !empty($_POST['email']) && trim($_POST['email']) != '' ? $_POST['email'] : $_SESSION['openid']['email']; $regOptions['auth_method'] = 'openid'; $regOptions['openid'] = !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : $_SESSION['openid']['openid_uri']; } $memberID = registerMember($regOptions, true); // What there actually an error of some kind dear boy? if (is_array($memberID)) { $reg_errors = array_merge($reg_errors, $memberID); $_REQUEST['step'] = 2; return Register($reg_errors); } // Do our spam protection now. spamProtection('register'); // We'll do custom fields after as then we get to use the helper function! if (!empty($_POST['customfield'])) { require_once $sourcedir . '/Profile.php'; require_once $sourcedir . '/Profile-Modify.php'; makeCustomFieldChanges($memberID, 'register'); } // If COPPA has been selected then things get complicated, setup the template. if (!empty($modSettings['coppaAge']) && empty($_SESSION['skip_coppa'])) { redirectexit('action=coppa;member=' . $memberID); } elseif (!empty($modSettings['registration_method'])) { loadTemplate('Register'); $context += array('page_title' => $txt['register'], 'title' => $txt['registration_successful'], 'sub_template' => 'after', 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']); } else { call_integration_hook('integrate_activate', array($row['member_name'])); setLoginCookie(60 * $modSettings['cookieTime'], $memberID, sha1(sha1(strtolower($regOptions['username']) . $regOptions['password']) . $regOptions['register_vars']['password_salt'])); redirectexit('action=login2;sa=check;member=' . $memberID, $context['server']['needs_login_fix']); } }
function Register2() { global $scripturl, $txt, $modSettings, $db_prefix, $context, $sourcedir; global $user_info, $options, $settings, $func; // Well, if you don't agree, you can't register. if (!empty($modSettings['requireAgreement']) && (empty($_POST['regagree']) || $_POST['regagree'] == 'no')) { redirectexit(); } // Make sure they came from *somewhere*, have a session. if (!isset($_SESSION['old_url'])) { redirectexit('action=register'); } // You can't register if it's disabled. if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3) { fatal_lang_error('registration_disabled', false); } foreach ($_POST as $key => $value) { if (!is_array($_POST[$key])) { $_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key])); } } // Did they answer the verification questions correctly? if (!empty($modSettings['anti_spam_ver_enable'])) { if (!empty($modSettings['anti_spam_ver_ques_1']) && strcmp(strtolower($modSettings['anti_spam_ver_ans_1']), isset($_POST['anti_spam_ver_resp_1']) ? strtolower($_POST['anti_spam_ver_resp_1']) : '') || !empty($modSettings['anti_spam_ver_ques_2']) && strcmp(strtolower($modSettings['anti_spam_ver_ans_2']), isset($_POST['anti_spam_ver_resp_2']) ? strtolower($_POST['anti_spam_ver_resp_2']) : '') || !empty($modSettings['anti_spam_ver_ques_3']) && strcmp(strtolower($modSettings['anti_spam_ver_ans_3']), isset($_POST['anti_spam_ver_resp_3']) ? strtolower($_POST['anti_spam_ver_resp_3']) : '') || !empty($modSettings['anti_spam_ver_ques_4']) && strcmp(strtolower($modSettings['anti_spam_ver_ans_4']), isset($_POST['anti_spam_ver_resp_4']) ? strtolower($_POST['anti_spam_ver_resp_4']) : '') || !empty($modSettings['anti_spam_ver_ques_5']) && strcmp(strtolower($modSettings['anti_spam_ver_ans_5']), isset($_POST['anti_spam_ver_resp_5']) ? strtolower($_POST['anti_spam_ver_resp_5']) : '')) { fatal_lang_error('anti_spam_ver_failed', false); } } // Are they under age, and under age users are banned? if (!empty($modSettings['coppaAge']) && empty($modSettings['coppaType']) && !isset($_POST['skip_coppa'])) { // !!! This should be put in Errors, imho. loadLanguage('Login'); fatal_lang_error('under_age_registration_prohibited', false, array($modSettings['coppaAge'])); } // Check whether the visual verification code was entered correctly. if ((empty($modSettings['disable_visual_verification']) || $modSettings['disable_visual_verification'] != 1) && (empty($_REQUEST['visual_verification_code']) || strtoupper($_REQUEST['visual_verification_code']) !== $_SESSION['visual_verification_code'])) { $_SESSION['visual_errors'] = isset($_SESSION['visual_errors']) ? $_SESSION['visual_errors'] + 1 : 1; if ($_SESSION['visual_errors'] > 3 && isset($_SESSION['visual_verification_code'])) { unset($_SESSION['visual_verification_code']); } fatal_lang_error('visual_verification_failed', false); } elseif (isset($_SESSION['visual_errors'])) { unset($_SESSION['visual_errors']); } // Collect all extra registration fields someone might have filled in. $possible_strings = array('websiteUrl', 'websiteTitle', 'AIM', 'YIM', 'location', 'birthdate', 'timeFormat', 'buddy_list', 'pm_ignore_list', 'smileySet', 'signature', 'personalText', 'avatar', 'lngfile', 'secretQuestion', 'secretAnswer'); $possible_ints = array('pm_email_notify', 'notifyTypes', 'ICQ', 'gender', 'ID_THEME'); $possible_floats = array('timeOffset'); $possible_bools = array('notifyAnnouncements', 'notifyOnce', 'notifySendBody', 'hideEmail', 'showOnline'); if (isset($_POST['secretAnswer']) && $_POST['secretAnswer'] != '') { $_POST['secretAnswer'] = md5($_POST['secretAnswer']); } // Needed for isReservedName() and registerMember(). require_once $sourcedir . '/Subs-Members.php'; // Validation... even if we're not a mall. if (isset($_POST['realName']) && (!empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum'))) { $_POST['realName'] = trim(preg_replace('~[\\s]~' . ($context['utf8'] ? 'u' : ''), ' ', $_POST['realName'])); if (trim($_POST['realName']) != '' && !isReservedName($_POST['realName']) && $func['strlen']($_POST['realName']) <= 60) { $possible_strings[] = 'realName'; } } if (isset($_POST['MSN']) && preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['MSN']) != 0) { $profile_strings[] = 'MSN'; } // Handle a string as a birthdate... if (isset($_POST['birthdate']) && $_POST['birthdate'] != '') { $_POST['birthdate'] = strftime('%Y-%m-%d', strtotime($_POST['birthdate'])); } elseif (!empty($_POST['bday1']) && !empty($_POST['bday2'])) { $_POST['birthdate'] = sprintf('%04d-%02d-%02d', empty($_POST['bday3']) ? 0 : (int) $_POST['bday3'], (int) $_POST['bday1'], (int) $_POST['bday2']); } // Validate the passed langauge file. if (isset($_POST['lngfile']) && !empty($modSettings['userLanguage'])) { $language_directories = array($settings['default_theme_dir'] . '/languages', $settings['actual_theme_dir'] . '/languages'); if (!empty($settings['base_theme_dir'])) { $language_directories[] = $settings['base_theme_dir'] . '/languages'; } $language_directories = array_unique($language_directories); foreach ($language_directories as $language_dir) { if (!file_exists($language_dir)) { continue; } $dir = dir($language_dir); while ($entry = $dir->read()) { if (preg_match('~^index\\.(.+)\\.php$~', $entry, $matches) && $matches[1] == $_POST['lngfile']) { // Got it! $found = true; $_SESSION['language'] = $_POST['lngfile']; break 2; } } $dir->close(); } if (empty($found)) { unset($_POST['lngfile']); } } else { unset($_POST['lngfile']); } // Set the options needed for registration. $regOptions = array('interface' => 'guest', 'username' => $_POST['user'], 'email' => $_POST['email'], 'password' => $_POST['passwrd1'], 'password_check' => $_POST['passwrd2'], 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => !empty($modSettings['coppaAge']) && !isset($_POST['skip_coppa']) ? 'coppa' : (empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval')), 'extra_register_vars' => array(), 'theme_vars' => array()); // Include the additional options that might have been filled in. foreach ($possible_strings as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = '\'' . $func['htmlspecialchars']($_POST[$var]) . '\''; } } foreach ($possible_ints as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = (int) $_POST[$var]; } } foreach ($possible_floats as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = (double) $_POST[$var]; } } foreach ($possible_bools as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1; } } // Registration options are always default options... if (isset($_POST['default_options'])) { $_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options']; } $regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? htmlspecialchars__recursive($_POST['options']) : array(); $memberID = registerMember($regOptions); // If COPPA has been selected then things get complicated, setup the template. if (!empty($modSettings['coppaAge']) && !isset($_POST['skip_coppa'])) { redirectexit('action=coppa;member=' . $memberID); } elseif (!empty($modSettings['registration_method'])) { loadTemplate('Register'); $context += array('page_title' => &$txt[97], 'sub_template' => 'after', 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']); } else { setLoginCookie(60 * $modSettings['cookieTime'], $memberID, sha1(sha1(strtolower($regOptions['username']) . $regOptions['password']) . substr($regOptions['register_vars']['passwordSalt'], 1, -1))); redirectexit('action=login2;sa=check;member=' . $memberID, $context['server']['needs_login_fix']); } }
public static function fb_do_register() { global $context, $fb_object, $fb_hook_object, $sourcedir, $txt, $user_info, $modSettings; if (isset($_GET['register'])) { if (empty($_POST['real_name'])) { fatal_error($fb_hook_object->txt['fb_regname1'], false); } $face_user['real_name'] = $fb_hook_object->face_USettings($_POST['real_name'], 'real_name', 'real_name'); if ($face_user['real_name']) { redirectexit('action=facebookintegrate;area=logsync;nt;u=' . $_POST['real_name'] . ''); } if (!empty($modSettings['fb_app_enablecp'])) { $fb_object->fbc_custom_regfeild_check(); } $real_name = $fb_hook_object->character_clean($_POST['real_name']); $newEmail = $fb_object->user_info_fbemail; $regOptions = array('interface' => 'guest', 'auth_method' => 'password', 'username' => $real_name, 'email' => $newEmail, 'require' => 'nothing', 'password' => $_POST['passwrd1'], 'password_check' => $_POST['passwrd2'], 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'password_salt' => substr(md5(mt_rand()), 0, 4), 'check_password_strength' => false, 'check_email_ban' => false, 'extra_register_vars' => array('id_group' => !empty($fb_hook_object->modSettings['fb_admin_mem_groupe']) ? $fb_hook_object->modSettings['fb_admin_mem_groupe'] : '0')); require_once $sourcedir . '/Subs-Members.php'; $memberID = registerMember($regOptions); if (!empty($fb_hook_object->modSettings['fb_app_enablecp'])) { if (!empty($_POST['customfield'])) { require_once $sourcedir . '/Profile.php'; require_once $sourcedir . '/Profile-Modify.php'; makeCustomFieldChanges($memberID, 'register'); } } updateMemberData($memberID, array('fbname' => $fb_object->user_info_fbname, 'fbid' => $fb_object->user_info_fbid)); $face_profile = 'http://facebook.com/profile.php?id=' . $fb_object->user_info_fbid . ''; $fb_hook_object->update_themes_face($memberID, 'face_pro', $face_profile); redirectexit('action=facebookintegrate'); } }
function gplus_connect() { global $modSettings, $sourcedir, $context; $context['sub_template'] = 'gplus_cconnect'; $gdata = !empty($_SESSION['gplusdata']) ? $_SESSION['gplusdata'] : ''; $_SESSION['gplus']['id'] = $gdata['id']; $_SESSION['gplus']['name'] = $gdata['name']; if (empty($gdata)) { fatal_lang_error('gp__app_error3', false); } gplus_do_agree(); if (isset($_REQUEST['register'])) { $member_load = gplus_loadUser($_POST['real_name'], 'real_name'); if ($member_load['real_name']) { redirectexit('action=gplus;area=logsync;nt;u=' . $member_load['real_name'] . ''); } $regOptions = array('interface' => 'guest', 'auth_method' => 'password', 'username' => $_POST['real_name'], 'email' => $_POST['email'], 'require' => 'nothing', 'password' => !empty($_POST['passwrd1']) ? $_POST['passwrd1'] : '', 'password_check' => !empty($_POST['passwrd2']) ? $_POST['passwrd2'] : '', 'password_salt' => substr(md5(mt_rand()), 0, 4), 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'check_password_strength' => false, 'check_email_ban' => false, 'extra_register_vars' => array('id_group' => !empty($modSettings['gp_app_detait_gid']) ? $modSettings['gp_app_detait_gid'] : '0')); require_once $sourcedir . '/Subs-Members.php'; $memberID = registerMember($regOptions); updateMemberData($memberID, array('gpid' => $_SESSION['gplus']['id'], 'gpname' => $_SESSION['gplus']['name'])); redirectexit('action=gplus;auth=done'); } }
public function action_register2() { global $txt, $modSettings, $context, $user_info; // Start collecting together any errors. $reg_errors = Error_Context::context('register', 0); // Check they are who they should be checkSession(); if (!validateToken('register', 'post', true, false)) { $reg_errors->addError('token_verification'); } // You can't register if it's disabled. if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3) { fatal_lang_error('registration_disabled', false); } // Well, if you don't agree, you can't register. if (!empty($modSettings['requireAgreement']) && !isset($_POST['checkbox_agreement'])) { $reg_errors->addError('agreement_unchecked'); } // Make sure they came from *somewhere*, have a session. if (!isset($_SESSION['old_url'])) { redirectexit('action=register'); } // Check their provider deatils match up correctly in case they're pulling something funny if ($_POST['provider'] != $_SESSION['extauth_info']['provider']) { redirectexit('action=register'); } // Clean up foreach ($_POST as $key => $value) { if (!is_array($_POST[$key])) { $_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key])); } } // Needed for isReservedName() and registerMember() require_once SUBSDIR . '/Members.subs.php'; // Needed for generateValidationCode() require_once SUBSDIR . '/Auth.subs.php'; // Set the options needed for registration. $regOptions = array('interface' => 'guest', 'username' => !empty($_POST['user']) ? $_POST['user'] : '', 'email' => !empty($_POST['email']) ? $_POST['email'] : '', 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval')); // Lets check for other errors before trying to register the member. if ($reg_errors->hasErrors()) { return $this->action_register(); } mt_srand(time() + 1277); $regOptions['password'] = generateValidationCode(); $regOptions['password_check'] = $regOptions['password']; // Registration needs to know your IP $req = request(); $regOptions['ip'] = $user_info['ip']; $regOptions['ip2'] = $req->ban_ip(); $memberID = registerMember($regOptions, 'register'); // If there are "important" errors and you are not an admin: log the first error // Otherwise grab all of them and don't log anything if ($reg_errors->hasErrors(1) && !$user_info['is_admin']) { foreach ($reg_errors->prepareErrors(1) as $error) { fatal_error($error, 'general'); } } // One last error check if ($reg_errors->hasErrors()) { return $this->action_register(); } // Do our spam protection now. spamProtection('register'); // Since all is well, we'll go ahead and associate the member's external account addAuth($memberID, $_SESSION['extauth_info']['provider'], $_SESSION['extauth_info']['uid'], $_SESSION['extauth_info']['name']); // Basic template variable setup. if (!empty($modSettings['registration_method'])) { loadTemplate('Register'); $context += array('page_title' => $txt['register'], 'title' => $txt['registration_successful'], 'sub_template' => 'after', 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']); } else { call_integration_hook('integrate_activate', array($regOptions['username'])); setLoginCookie(60 * $modSettings['cookieTime'], $memberID, hash('sha256', Util::strtolower($regOptions['username']) . $regOptions['password'] . $regOptions['register_vars']['password_salt'])); redirectexit('action=auth;sa=check;member=' . $memberID, $context['server']['needs_login_fix']); } }
/** * This function allows the admin to register a new member by hand. * * - It also allows assigning a primary group to the member being registered. * - Accessed by ?action=admin;area=regcenter;sa=register * - Requires the moderate_forum permission. * * @uses Register template, admin_register sub-template. */ public function action_register() { global $txt, $context, $scripturl, $user_info; if (!empty($_POST['regSubmit'])) { checkSession(); validateToken('admin-regc'); foreach ($_POST as $key => $dummy) { if (!is_array($_POST[$key])) { $_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key])); } } $regOptions = array('interface' => 'admin', 'username' => $_POST['user'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'password_check' => $_POST['password'], 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => false, 'send_welcome_email' => isset($_POST['emailPassword']) || empty($_POST['password']), 'require' => isset($_POST['emailActivate']) ? 'activation' : 'nothing', 'memberGroup' => empty($_POST['group']) || !allowedTo('manage_membergroups') ? 0 : (int) $_POST['group']); require_once SUBSDIR . '/Members.subs.php'; $reg_errors = Error_Context::context('register', 0); $memberID = registerMember($regOptions, 'register'); // If there are "important" errors and you are not an admin: log the first error // Otherwise grab all of them and don't log anything $error_severity = $reg_errors->hasErrors(1) && !$user_info['is_admin'] ? 1 : null; foreach ($reg_errors->prepareErrors($error_severity) as $error) { fatal_error($error, $error_severity === null ? false : 'general'); } if (!empty($memberID)) { $context['new_member'] = array('id' => $memberID, 'name' => $_POST['user'], 'href' => $scripturl . '?action=profile;u=' . $memberID, 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $memberID . '">' . $_POST['user'] . '</a>'); $context['registration_done'] = sprintf($txt['admin_register_done'], $context['new_member']['link']); } } // Load the assignable member groups. if (allowedTo('manage_membergroups')) { require_once SUBSDIR . '/Membergroups.subs.php'; if (allowedTo('admin_forum')) { $includes = array('admin', 'globalmod', 'member'); } else { $includes = array('globalmod', 'member', 'custom'); } $groups = array(); $membergroups = getBasicMembergroupData($includes, array('hidden', 'protected')); foreach ($membergroups as $membergroup) { $groups[$membergroup['id']] = $membergroup['name']; } $context['member_groups'] = $groups; } else { $context['member_groups'] = array(); } // Basic stuff. addInlineJavascript('disableAutoComplete();', true); $context['sub_template'] = 'admin_register'; $context['page_title'] = $txt['registration_center']; createToken('admin-regc'); }
<?php function __autoload($class_name) { $path = str_replace('_', '/', $class_name); require_once $path . '.class.php'; } session_start(); if (isset($_REQUEST['cexp'])) { $id = registerMember($_REQUEST['name'], $_REQUEST['phoneNumber'], $_REQUEST['email'], $_REQUEST['creditNumber']); //first become a Member then a regular. registerRegularMember($id, $_REQUEST['userID'], $_REQUEST['password'], $_REQUEST['address'], $_REQUEST['cexp']); echo '<h1> sign up sucessful. Redirecting..<h1>'; header("refresh:2; url=index.php"); } else { $uid = registerMember($_REQUEST['name'], $_REQUEST['phoneNumber'], $_REQUEST['email'], $_REQUEST['creditNumber']); $_SESSION['uID'] = $uid; $sID = $_SESSION['sID']; echo "<a href=\"order.php?sID={$sID}\">GO BACK TO CONTINUE PURCHASE</a>"; } function registerMember($name, $phone, $email, $Card) { $dao = new DAO(); $newID = $dao->getLastMemberID() + 1; $isRegular = 'N'; $dao->registerMember($newID, $name, $phone, $email, $Card, $isRegular); return $newID; } function registerRegularMember($id, $userID, $userPass, $address, $cexp) { $dao = new DAO();