public function process_login() { if (!$this->user->is_signedin()) { //Check Password Length if (strlen($this->in->get('password')) > 64) { $this->core->message($this->user->lang('password_too_long'), $this->user->lang('error'), 'red'); $this->display(); return; } //Check Honeypot if (strlen($this->in->get($this->user->csrfGetToken("honeypot")))) { $this->core->message($this->user->lang('invalid_login'), $this->user->lang('error'), 'red'); $this->display(); return; } //Check Captcha $blnShowCaptcha = false; if ((int) $this->config->get('failed_logins_inactivity') - 2 > 0) { if ($this->user->data['session_failed_logins'] >= (int) $this->config->get('failed_logins_inactivity') - 2) { $blnShowCaptcha = true; } if (!$blnShowCaptcha) { $objQuery = $this->db->prepare("SELECT SUM(session_failed_logins) as failed_logins FROM __sessions WHERE session_ip =?")->execute($this->env->ip); if ($objQuery && $objQuery->numRows) { $arrResult = $objQuery->fetchAssoc(); if ($arrResult['failed_logins'] >= (int) $this->config->get('failed_logins_inactivity') - 2) { $blnShowCaptcha = true; } } } } if ($blnShowCaptcha && $this->config->get('lib_recaptcha_pkey') && strlen($this->config->get('lib_recaptcha_pkey'))) { require $this->root_path . 'libraries/recaptcha/recaptcha.class.php'; $captcha = new recaptcha(); $response = $captcha->check_answer($this->config->get('lib_recaptcha_pkey'), $this->env->ip, $this->in->get('g-recaptcha-response')); if (!$response->is_valid) { $this->core->message($this->user->lang('lib_captcha_wrong'), $this->user->lang('error'), 'red'); $this->display(); return; } } $blnAutoLogin = $this->in->exists('auto_login') ? true : false; //Login if (!$this->user->login($this->in->get('username'), $this->in->get('password'), $blnAutoLogin)) { //error $strErrorCode = $this->user->error; switch ($strErrorCode) { case 'user_inactive': $strErrorMessage = $this->user->lang('error_account_inactive'); break; case 'user_inactive_failed_logins': $strErrorMessage = $this->user->lang('error_account_inactive_failed_logins'); break; case 'wrong_password': case 'wrong_username': $strErrorMessage = $this->user->lang('invalid_login'); break; default: $strErrorMessage = $strErrorCode; } $this->core->global_warning($strErrorMessage . $this->user->lang('invalid_login_goto_admin'), 'fa-exclamation-circle'); $this->display(); } else { //success if ($this->in->exists('redirect')) { $redirect_url = preg_replace('#^.*?redirect=(.+?)&(.+?)$#', '\\1' . $this->SID . '&\\2', base64_decode($this->in->get('redirect'))); if (strpos($redirect_url, '?') === false) { $redirect_url = $redirect_url . $this->SID; } else { $redirect_url = str_replace("?&", $this->SID . '&', $redirect_url); } } else { $redirect_url = $this->controller_path_plain . $this->SID; } redirect($redirect_url); } } else { redirect($this->controller_path_plain . $this->SID); } }
public function submit() { if ((int) $this->config->get('cmsbridge_active') == 1 && strlen($this->config->get('cmsbridge_reg_url'))) { redirect($this->config->get('cmsbridge_reg_url'), false, true); } //Check Honeypot if (strlen($this->in->get($this->user->csrfGetToken("honeypot")))) { $this->core->message($this->user->lang('lib_captcha_wrong'), $this->user->lang('error'), 'red'); $this->display(); return; } //Check User Profilefields $arrUserProfileFields = $this->pdh->get('user_profilefields', 'registration_fields'); if (count($arrUserProfileFields)) { $form = register('form', array('register')); $form->validate = true; $form->add_fields($arrUserProfileFields); $arrFieldValues = $form->return_values(); $this->userProfileData = $arrFieldValues; } //Check CAPTCHA if ($this->config->get('enable_captcha') == 1 && $this->config->get('lib_recaptcha_pkey') && strlen($this->config->get('lib_recaptcha_pkey'))) { require $this->root_path . 'libraries/recaptcha/recaptcha.class.php'; $captcha = new recaptcha(); $response = $captcha->check_answer($this->config->get('lib_recaptcha_pkey'), $this->env->ip, $this->in->get('g-recaptcha-response')); if (!$response->is_valid) { $this->core->message($this->user->lang('lib_captcha_wrong'), $this->user->lang('error'), 'red'); $this->display_form(); return; } } //Check Password if ($this->in->get('new_user_password1') !== $this->in->get('new_user_password2')) { $this->core->message($this->user->lang('password_not_match'), $this->user->lang('error'), 'red'); $this->display_form(); return; } if (strlen($this->in->get('new_user_password1')) > 64) { $this->core->message($this->user->lang('password_too_long'), $this->user->lang('error'), 'red'); $this->display_form(); return; } //Check Email if ($this->pdh->get('user', 'check_email', array($this->in->get('user_email'))) == 'false') { $this->core->message(str_replace("{0}", $this->in->get('user_email'), $this->user->lang('fv_email_alreadyuse')), $this->user->lang('error'), 'red'); $this->display_form(); return; } elseif (!preg_match("/^([a-zA-Z0-9])+([\\.a-zA-Z0-9_\\-\\+])*@([a-zA-Z0-9_-])+(\\.[a-zA-Z0-9_-]+)+/", $this->in->get('user_email'))) { $this->core->message($this->user->lang('fv_invalid_email'), $this->user->lang('error'), 'red'); $this->display_form(); return; } //Check Username if ($this->pdh->get('user', 'check_username', array($this->in->get('username'))) == 'false') { $this->core->message(str_replace("{0}", $this->in->get('username'), $this->user->lang('fv_username_alreadyuse')), $this->user->lang('error'), 'red'); $this->display_form(); return; } //Check User Profilefields - Part 2 if (is_object($form) && $form->error) { $this->display_form(); return; } // If the config requires account activation, generate a random key for validation if ((int) $this->config->get('account_activation') == 1 || (int) $this->config->get('account_activation') == 2) { $user_key = random_string(true); $key_len = 54 - strlen($this->server_url); $key_len = $key_len > 6 ? $key_len : 6; $user_key = substr($user_key, 0, $key_len); $user_active = '0'; if ($this->user->is_signedin()) { $this->user->destroy(); } } else { $user_key = ''; $user_active = '1'; } //Insert the user into the DB $user_id = $this->pdh->put('user', 'register_user', array($this->data, $user_active, $user_key, true, $this->in->get('lmethod'), $this->userProfileData)); //Add auth-account if ($this->in->exists('auth_account')) { $auth_account = $this->crypt->decrypt($this->in->get('auth_account')); if ($this->pdh->get('user', 'check_auth_account', array($auth_account, $this->in->get('lmethod')))) { $this->pdh->put('user', 'add_authaccount', array($user_id, $auth_account, $this->in->get('lmethod'))); } } //Give permissions if there is no default group $default_group = $this->pdh->get('user_groups', 'standard_group', array()); if (!$default_group) { $sql = 'SELECT auth_id, auth_default FROM __auth_options ORDER BY auth_id'; $result = $this->db->query($sql); if ($result) { while ($row = $result->fetchAssoc()) { $arrSet = array('user_id' => $user_id, 'auth_id' => $row['auth_id'], 'auth_setting' => $row['auth_default']); $this->db->prepare("INSERT INTO __auth_users :p")->set($arrSet)->execute(); } } } $title = ''; if ($this->config->get('account_activation') == 1) { $success_message = sprintf($this->user->lang('register_activation_self'), $this->in->get('user_email')); $email_template = 'register_activation_self'; $email_subject = $this->user->lang('email_subject_activation_self'); $title = $this->user->lang('email_subject_activation_self'); } elseif ($this->config->get('account_activation') == 2) { $success_message = sprintf($this->user->lang('register_activation_admin'), $this->in->get('user_email')); $email_template = 'register_activation_admin'; $email_subject = $this->user->lang('email_subject_activation_admin'); $title = $this->user->lang('email_subject_activation_admin'); } else { $success_message = sprintf($this->user->lang('register_activation_none'), '<a href="' . $this->controller_path . 'Login/' . $this->SID . '">', '</a>', $this->in->get('user_email')); $email_template = 'register_activation_none'; $email_subject = $this->user->lang('email_subject_activation_none'); $title = $this->user->lang('success'); } // Email a notice $this->email->Set_Language($this->in->get('user_lang')); $bodyvars = array('USERNAME' => stripslashes($this->in->get('username')), 'PASSWORD' => stripslashes($this->in->get('user_password1')), 'U_ACTIVATE' => $this->server_url . 'Activate/?key=' . $user_key, 'GUILDTAG' => $this->config->get('guildtag')); if (!$this->email->SendMailFromAdmin($this->in->get('user_email'), $email_subject, $email_template . '.html', $bodyvars)) { $success_message = $this->user->lang('email_subject_send_error'); } // Now email the admin if we need to if ($this->config->get('account_activation') == 2) { $this->email->Set_Language($this->config->get('default_lang')); $bodyvars = array('USERNAME' => $this->in->get('username'), 'U_ACTIVATE' => $this->server_url . 'Activate/?key=' . $user_key); if (!$this->email->SendMailFromAdmin(register('encrypt')->decrypt($this->config->get('admin_email')), $this->user->lang('email_subject_activation_admin_act'), 'register_activation_admin_activate.html', $bodyvars)) { $success_message = $this->user->lang('email_subject_send_error'); $title = ''; } } message_die($success_message, $title); }
public function save() { //Build Field-Array $arrFields = $this->pdh->get('guildrequest_fields', 'id_list', array()); $arrInput = $arrValues = array(); foreach ($arrFields as $id) { $row = $this->pdh->get('guildrequest_fields', 'id', array($id)); if ($row['type'] == 3 || $row['type'] == 4) { continue; } $arrInput[$row['id']] = array('id' => $row['id'], 'name' => $row['name'], 'input' => $this->in->get('gr_field_' . $row['id']), 'required' => $row['required'], 'dep_field' => $row['dep_field'], 'dep_value' => $row['dep_value']); $arrValues[$row['id']] = $this->in->get('gr_field_' . $row['id']); //Checkboxes if ($row['type'] == 5) { $arrInput[$row['id']] = array('id' => $row['id'], 'name' => $row['name'], 'input' => serialize($this->in->getArray('gr_field_' . $row['id'], 'int')), 'required' => $row['required'], 'dep_field' => $row['dep_field'], 'dep_value' => $row['dep_value']); $arrValues[$row['id']] = $this->in->getArray('gr_field_' . $row['id'], 'int'); } } if (!$this->user->is_signedin()) { $arrInput['email'] = array('input' => $this->in->get('gr_email'), 'name' => $this->user->lang('email'), 'required' => true, 'id' => 'email'); $arrInput['name'] = array('input' => $this->in->get('gr_name'), 'name' => $this->user->lang('name'), 'required' => true, 'id' => 'name'); } $this->data = $arrInput; //Check Captcha if (!$this->user->is_signedin() && $this->config->get('enable_captcha')) { require $this->root_path . 'libraries/recaptcha/recaptcha.class.php'; $captcha = new recaptcha(); $response = $captcha->check_answer($this->config->get('lib_recaptcha_pkey'), $this->env->ip, $this->in->get('g-recaptcha-response')); if (!$response->is_valid) { $this->core->message($this->user->lang('lib_captcha_wrong'), $this->user->lang('error'), 'red'); $this->display; return; } //Check Username/Email for account creation if ($this->config->get('create_account', 'guildrequest') && !$this->config->get('cmsbrige_active')) { if ($this->pdh->get('user', 'check_email', array($this->in->get('gr_email'))) == 'false') { $this->core->message(str_replace("{0}", sanitize($this->in->get('gr_email')), $this->user->lang('fv_email_alreadyuse')), $this->user->lang('error'), 'red'); $this->display(); return; } if ($this->pdh->get('user', 'check_username', array($this->in->get('gr_name'))) == 'false') { $this->core->message(str_replace("{0}", sanitize($this->in->get('gr_name')), $this->user->lang('fv_username_alreadyuse')), $this->user->lang('error'), 'red'); $this->display(); return; } } //Check email if (!preg_match("/^([a-zA-Z0-9])+([\\.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(\\.[a-zA-Z0-9_-]+)+/", $this->in->get('gr_email'))) { $this->core->message($this->user->lang('fv_invalid_email'), $this->user->lang('error'), 'red'); $this->display(); return; } } //Check Required $arrRequired = array(); foreach ($arrInput as $val) { if (!$val['required']) { continue; } if (isset($val['dep_field']) && $val['dep_field'] && $val['dep_field'] != 999999999) { $intDepField = $val['dep_field']; if (!isset($arrValues[$intDepField])) { continue; } if (is_array($arrValues[$intDepField])) { if (!isset($arrValues[$intDepField][$val['dep_value']])) { continue; } } else { if ($arrValues[$intDepField] != $val["dep_value"]) { continue; } } } if ($val['input'] == '' || $val['input'] == 'a:0:{}') { $arrRequired[] = $val['name']; } } if (count($arrRequired) > 0) { $this->core->message(implode(', ', $arrRequired), $this->user->lang('missing_values'), 'red'); $this->display(); return; } //Hook for checking values $arrHookResult = $this->hooks->process('gr_addrequest_formcheck', array('name' => $strName, 'email' => $strEmail, 'auth_key' => $strAuthKey, 'data' => $arrToSave), true); if (isset($arrHookResult['error']) && $arrHookResult['error'] !== false) { $this->core->message($arrHookResult['error'], $this->user->lang('error'), 'red'); $this->display(); return; } //Insert into DB if ($this->user->is_signedin()) { $arrInput['name']['input'] = $this->user->data['username']; $arrInput['email']['input'] = $this->user->data['user_email']; } $strName = $arrInput['name']['input']; $strEmail = $arrInput['email']['input']; $strAuthKey = random_string(false, 40); $strActivationKey = random_string(false, 32); $arrInput['email']['input'] = register('encrypt')->encrypt($arrInput['email']['input']); $arrToSave = array(); foreach ($arrInput as $val) { $arrToSave[$val['id']] = $val['input']; } $strContent = serialize($arrToSave); $blnResult = $this->pdh->put('guildrequest_requests', 'add', array($strName, $strEmail, $strAuthKey, $strActivationKey, $strContent)); //Hook for e.g. creating users $this->hooks->process('gr_addrequest', array('name' => $strName, 'email' => $strEmail, 'auth_key' => $strAuthKey, 'data' => $arrToSave)); $this->pdh->process_hook_queue(); if (!$blnResult) { $this->core->message($this->user->lang('error'), $this->user->lang('error'), 'red'); $this->display(); return; } //Send Email to User with auth key $server_url = $this->env->link . $this->routing->build('ViewApplication', $strName, $blnResult, false, true); $bodyvars = array('USERNAME' => sanitize($strName), 'U_ACTIVATE' => $server_url . '?key=' . $strAuthKey, 'GUILDTAG' => $this->config->get('guildtag')); if (!$this->email->SendMailFromAdmin($strEmail, $this->user->lang('gr_viewlink_subject'), $this->root_path . 'plugins/guildrequest/language/' . $this->user->data['user_lang'] . '/email/request_viewlink.html', $bodyvars)) { $this->core->message($this->user->lang('email_subject_send_error'), $this->user->lang('error'), 'red'); $this->display(); return; } else { if ($blnResult) { $arrUsers = $this->pdh->get('user', 'users_with_permission', array('u_guildrequest_view')); $this->ntfy->add('guildrequest_new_application', $blnResult, sanitize($strName), $this->routing->build('ListApplications'), $arrUsers, sanitize($strName)); } //Redirect to viewrequest page redirect($this->routing->build('ViewApplication', $strName, $blnResult, false, true) . '?key=' . $strAuthKey . '&msg=success'); } }