/* if (!$wb->checkFTAN()) { $wb->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back, false); exit(); } */ // Check values if ($groups_id == "") { $wb->print_error($MESSAGE['USERS_NO_GROUP'], $js_back, false); } if (!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) { $wb->print_error($MESSAGE['USERS_NAME_INVALID_CHARS'] . ' / ' . $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back); } if ($email != "") { if ($wb->validate_email($email) == false) { $wb->print_error($MESSAGE['USERS_INVALID_EMAIL'], $js_back, false); } } else { $wb->print_error($MESSAGE['SIGNUP_NO_EMAIL'], $js_back, false); } $email = $wb->add_slashes($email); $search = array('{SERVER_EMAIL}'); $replace = array(SERVER_EMAIL); // Captcha if (ENABLED_CAPTCHA) { $MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'] = str_replace($search, $replace, $MESSAGE['MOD_FORM_INCORRECT_CAPTCHA']); if (isset($_POST['captcha']) and $_POST['captcha'] != '') { // Check for a mismatch if (!isset($_POST['captcha']) or !isset($_SESSION['captcha']) or $_POST['captcha'] != $_SESSION['captcha']) { $wb->print_error($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'], $js_back, false);
if (true === $submit_ok) { unset($_SESSION['wb_apf_hash']); unset($_POST['hash']); $errors = array(); // timezone must match a value in the table //global $timezone_table; $timezone_string = $wb_inst->get_timezone_string(); if (in_array($_POST['timezone_string'], $timezone_table)) { $timezone_string = $_POST['timezone_string']; } // language must be 2 upercase letters only $language = strtoupper($wb_inst->get_post('language')); $language = preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE; // email should be validatet by core $email = $wb_inst->get_post('email') == null ? '' : $wb_inst->get_post('email'); if (!$wb_inst->validate_email($email)) { $email = ''; $errors[] = $MESSAGE['USERS_INVALID_EMAIL']; } else { // check that email is unique in whoole system $email = addslashes($email); $sql = 'SELECT COUNT(*) FROM `' . TABLE_PREFIX . 'users` '; $sql .= 'WHERE `user_id` <> ' . (int) $wb_inst->get_user_id() . ' AND `email` LIKE "' . $email . '"'; if ($database->get_one($sql) > 0) { $errors[] = $MESSAGE['USERS_EMAIL_TAKEN']; } } $display_name = addslashes($wb_inst->get_post('display_name')); $pattern = array('/[^A-Za-z0-9@\\.\\ _-]/'); $display_name = preg_replace($pattern, "", $display_name); if (strlen($display_name) < AUTH_MIN_LOGIN_LENGTH) {