/** * Register Member */ public function register_member() { // Do we allow new member registrations? if (ee()->config->item('allow_member_registration') == 'n') { return FALSE; } // Is user banned? if (ee()->session->userdata('is_banned') === TRUE) { return ee()->output->show_user_error('general', array(lang('not_authorized'))); } // Blacklist/Whitelist Check if (ee()->blacklist->blacklisted == 'y' && ee()->blacklist->whitelisted == 'n') { return ee()->output->show_user_error('general', array(lang('not_authorized'))); } ee()->load->helper('url'); // ------------------------------------------- // 'member_member_register_start' hook. // - Take control of member registration routine // - Added EE 1.4.2 // ee()->extensions->call('member_member_register_start'); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- // Set the default globals $default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location'); foreach ($default as $val) { if (!isset($_POST[$val])) { $_POST[$val] = ''; } } if ($_POST['screen_name'] == '') { $_POST['screen_name'] = $_POST['username']; } // Instantiate validation class if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate.php'; } $VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => trim_nbs($_POST['username']), 'cur_username' => '', 'screen_name' => trim_nbs($_POST['screen_name']), 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => trim($_POST['email']), 'cur_email' => '')); $VAL->validate_username(); $VAL->validate_screen_name(); $VAL->validate_password(); $VAL->validate_email(); // Do we have any custom fields? $query = ee()->db->select('m_field_id, m_field_name, m_field_label, m_field_type, m_field_list_items, m_field_required')->where('m_field_reg', 'y')->get('member_fields'); $cust_errors = array(); $cust_fields = array(); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $field_name = 'm_field_id_' . $row['m_field_id']; // Assume we're going to save this data, unless it's empty to begin with $valid = isset($_POST[$field_name]) && $_POST[$field_name] != ''; // Basic validations if ($row['m_field_required'] == 'y' && !$valid) { $cust_errors[] = lang('mbr_field_required') . ' ' . $row['m_field_label']; } elseif ($row['m_field_type'] == 'select' && $valid) { // Ensure their selection is actually a valid choice $options = explode("\n", $row['m_field_list_items']); if (!in_array(htmlentities($_POST[$field_name]), $options)) { $valid = FALSE; $cust_errors[] = lang('mbr_field_invalid') . ' ' . $row['m_field_label']; } } if ($valid) { $cust_fields[$field_name] = ee()->security->xss_clean($_POST[$field_name]); } } } if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) { $cust_errors[] = lang('mbr_emails_not_match'); } if (ee()->config->item('use_membership_captcha') == 'y') { if (!isset($_POST['captcha']) or $_POST['captcha'] == '') { $cust_errors[] = lang('captcha_required'); } } if (ee()->config->item('require_terms_of_service') == 'y') { if (!isset($_POST['accept_terms'])) { $cust_errors[] = lang('mbr_terms_of_service_required'); } } // ------------------------------------------- // 'member_member_register_errors' hook. // - Additional error checking prior to submission // - Added EE 2.5.0 // ee()->extensions->call('member_member_register_errors', $this); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- $errors = array_merge($VAL->errors, $cust_errors, $this->errors); // Display error is there are any if (count($errors) > 0) { return ee()->output->show_user_error('submission', $errors); } // Do we require captcha? if (ee()->config->item('use_membership_captcha') == 'y') { $query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return ee()->output->show_user_error('submission', array(lang('captcha_incorrect'))); } ee()->db->query("DELETE FROM exp_captcha WHERE (word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } ee()->load->helper('security'); // Assign the base query data $data = array('username' => trim_nbs(ee()->input->post('username')), 'password' => sha1($_POST['password']), 'ip_address' => ee()->input->ip_address(), 'unique_id' => ee()->functions->random('encrypt'), 'join_date' => ee()->localize->now, 'email' => trim_nbs(ee()->input->post('email')), 'screen_name' => trim_nbs(ee()->input->post('screen_name')), 'url' => prep_url(ee()->input->post('url')), 'location' => ee()->input->post('location'), 'language' => ee()->config->item('deft_lang') ? ee()->config->item('deft_lang') : 'english', 'date_format' => ee()->config->item('date_format') ? ee()->config->item('date_format') : '%n/%j/%y', 'time_format' => ee()->config->item('time_format') ? ee()->config->item('time_format') : '12', 'include_seconds' => ee()->config->item('include_seconds') ? ee()->config->item('include_seconds') : 'n', 'timezone' => ee()->config->item('default_site_timezone')); // Set member group if (ee()->config->item('req_mbr_activation') == 'manual' or ee()->config->item('req_mbr_activation') == 'email') { $data['group_id'] = 4; // Pending } else { if (ee()->config->item('default_member_group') == '') { $data['group_id'] = 4; // Pending } else { $data['group_id'] = ee()->config->item('default_member_group'); } } // Optional Fields $optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'date_format' => 'date_format', 'time_format' => 'time_format', 'include_seconds' => 'include_seconds'); foreach ($optional as $key => $value) { if (isset($_POST[$value])) { $data[$key] = $_POST[$value]; } } // We generate an authorization code if the member needs to self-activate if (ee()->config->item('req_mbr_activation') == 'email') { $data['authcode'] = ee()->functions->random('alnum', 10); } // Insert basic member data ee()->db->query(ee()->db->insert_string('exp_members', $data)); $member_id = ee()->db->insert_id(); // Insert custom fields $cust_fields['member_id'] = $member_id; ee()->db->query(ee()->db->insert_string('exp_member_data', $cust_fields)); // Create a record in the member homepage table // This is only necessary if the user gains CP access, // but we'll add the record anyway. ee()->db->query(ee()->db->insert_string('exp_member_homepage', array('member_id' => $member_id))); // Mailinglist Subscribe $mailinglist_subscribe = FALSE; if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) { // Kill duplicate emails from authorizatin queue. ee()->db->where('email', $_POST['email'])->delete('mailing_list_queue'); // Validate Mailing List ID $query = ee()->db->select('COUNT(*) as count')->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_lists'); // Email Not Already in Mailing List $results = ee()->db->select('COUNT(*) as count')->where('email', $_POST['email'])->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_list'); // INSERT Email if ($query->row('count') > 0 && $results->row('count') == 0) { $mailinglist_subscribe = TRUE; $code = ee()->functions->random('alnum', 10); if (ee()->config->item('req_mbr_activation') == 'email') { // Activated When Membership Activated ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); } elseif (ee()->config->item('req_mbr_activation') == 'manual') { // Mailing List Subscribe Email ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); ee()->lang->loadfile('mailinglist'); $action_id = ee()->functions->fetch_action_id('Mailinglist', 'authorize_email'); $swap = array('activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $code, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url')); $template = ee()->functions->fetch_email_template('mailinglist_activation_instructions'); $email_tit = ee()->functions->var_swap($template['title'], $swap); $email_msg = ee()->functions->var_swap($template['data'], $swap); // Send email ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->mailtype = 'plain'; ee()->email->priority = '3'; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($_POST['email']); ee()->email->subject($email_tit); ee()->email->message($email_msg); ee()->email->send(); } else { // Automatically Accepted ee()->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)\r\n\t\t\t\t\t\t\t\t\t\t VALUES ('" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str(ee()->input->ip_address()) . "')"); } } } // Update if (ee()->config->item('req_mbr_activation') == 'none') { ee()->stats->update_member_stats(); } // Send admin notifications if (ee()->config->item('new_member_notification') == 'y' && ee()->config->item('mbr_notification_emails') != '') { $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $swap = array('name' => $name, 'site_name' => stripslashes(ee()->config->item('site_name')), 'control_panel_url' => ee()->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email']); $template = ee()->functions->fetch_email_template('admin_notify_reg'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); // Remove multiple commas $notify_address = reduce_multiples(ee()->config->item('mbr_notification_emails'), ',', TRUE); // Send email ee()->load->helper('text'); ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($notify_address); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); } // ------------------------------------------- // 'member_member_register' hook. // - Additional processing when a member is created through the User Side // - $member_id added in 2.0.1 // ee()->extensions->call('member_member_register', $data, $member_id); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- // Send user notifications if (ee()->config->item('req_mbr_activation') == 'email') { $action_id = ee()->functions->fetch_action_id('Member', 'activate_member'); $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $board_id = ee()->input->get_post('board_id') !== FALSE && is_numeric(ee()->input->get_post('board_id')) ? ee()->input->get_post('board_id') : 1; $forum_id = ee()->input->get_post('FROM') == 'forum' ? '&r=f&board_id=' . $board_id : ''; $add = $mailinglist_subscribe !== TRUE ? '' : '&mailinglist=' . $_POST['mailinglist_subscribe']; $swap = array('name' => $name, 'activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $data['authcode'] . $forum_id . $add, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email']); $template = ee()->functions->fetch_email_template('mbr_activation_instructions'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); // Send email ee()->load->helper('text'); ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($data['email']); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); $message = lang('mbr_membership_instructions_email'); } elseif (ee()->config->item('req_mbr_activation') == 'manual') { $message = lang('mbr_admin_will_activate'); } else { // Log user in (the extra query is a little annoying) ee()->load->library('auth'); $member_data_q = ee()->db->get_where('members', array('member_id' => $member_id)); $incoming = new Auth_result($member_data_q->row()); $incoming->remember_me(); $incoming->start_session(); $message = lang('mbr_your_are_logged_in'); } // Build the message if (ee()->input->get_post('FROM') == 'forum') { $query = $this->_do_form_query(); $site_name = $query->row('board_label'); $return = $query->row('board_forum_url'); } else { $site_name = ee()->config->item('site_name') == '' ? lang('back') : stripslashes(ee()->config->item('site_name')); $return = ee()->config->item('site_url'); } $data = array('title' => lang('mbr_registration_complete'), 'heading' => lang('thank_you'), 'content' => lang('mbr_registration_completed') . "\n\n" . $message, 'redirect' => '', 'link' => array($return, $site_name)); ee()->output->show_message($data); }
/** * Validate Email * * Checks if the submitted email is valid * * @access public * @param string * @param string update / new * @return bool */ function valid_user_email($str, $type) { if (!$type) { $type = 'update'; } $str = trim_nbs($str); // Is email valid? if (!$this->valid_email($str)) { $this->set_message('valid_user_email', $this->CI->lang->line('invalid_email_address')); return FALSE; } if ($current = $this->old_value('email')) { if ($current != $str) { $type = 'new'; } } if ($type == 'new') { // Is email banned? if ($this->CI->session->ban_check('email', $str)) { $this->set_message('valid_user_email', $this->CI->lang->line('email_taken')); return FALSE; } // Duplicate emails? $this->CI->db->where('email', $str); $count = $this->CI->db->count_all_results('members'); if ($count > 0) { $this->set_message('valid_user_email', $this->CI->lang->line('email_taken')); return FALSE; } } return $str; }
/** * Registration Form Processing * * @access public * @param bool * @return string */ public function reg($remote = FALSE) { ee()->load->helper('url'); // For prep_url(); $key_id = ''; //---------------------------------------- // Do we allow new member registrations? //---------------------------------------- if (ee()->config->item('allow_member_registration') == 'n') { return $this->_output_error('general', array(ee()->lang->line('registration_not_enabled'))); } //-------------------------------------------- // Allowed to Register //-------------------------------------------- if (ee()->session->userdata('member_id') != 0) { if ($this->_param('admin_register') !== 'yes' or ee()->session->userdata['group_id'] != 1 and ee()->session->userdata['can_admin_members'] !== 'y') { return $this->_output_error('general', array(ee()->lang->line('mbr_you_are_registered'))); } } //-------------------------------------------- // 2.2.0 Auth lib //-------------------------------------------- if (APP_VER >= '2.2.0') { ee()->load->library('auth'); // This should go in the auth lib. if (!ee()->auth->check_require_ip()) { return $this->_output_error('general', array(ee()->lang->line('not_authorized'))); } } //-------------------------------------------- // Is user banned? //-------------------------------------------- if (ee()->session->userdata('is_banned') == TRUE) { return $this->_output_error('general', array(ee()->lang->line('not_authorized'))); } //-------------------------------------------- // Blacklist/Whitelist Check //-------------------------------------------- if (isset(ee()->blacklist)) { if (ee()->blacklist->blacklisted == 'y' && ee()->blacklist->whitelisted == 'n') { return $this->_output_error('general', array(ee()->lang->line('not_authorized'))); } } //-------------------------------------------- // Clean the post //-------------------------------------------- //need to protect passwords from this because they get hashed anyway $temp_pass = isset($_POST['password']) ? $_POST['password'] : FALSE; $temp_pass2 = isset($_POST['password_confirm']) ? $_POST['password_confirm'] : $temp_pass; $_POST = ee()->security->xss_clean($_POST); //make sure the password is actually set if (!in_array($temp_pass, array(FALSE, ''), TRUE)) { $_POST['password'] = $temp_pass; } //make sure the password is actually set if (!in_array($temp_pass2, array(FALSE, ''), TRUE)) { $_POST['password_confirm'] = $temp_pass2; } //-------------------------------------------- // Email as Username Preference //-------------------------------------------- $wquery = ee()->db->query("SELECT preference_value \n\t\t\t FROM \texp_user_preferences \n\t\t\t WHERE \tpreference_name = 'email_is_username'"); $this->preferences['email_is_username'] = $wquery->num_rows() == 0 ? 'n' : $wquery->row('preference_value'); //-------------------------------------------- // Check email is username //-------------------------------------------- $this->_email_is_username('0', 'new'); //-------------------------------------------- // Empty email? //-------------------------------------------- if (!ee()->input->get_post('email')) { return $this->_output_error('general', array(ee()->lang->line('email_required'))); } //-------------------------------------------- // 'user_register_start' hook. // - Take control of member registration routine //-------------------------------------------- if (ee()->extensions->active_hook('user_register_start') === TRUE) { $edata = ee()->extensions->universal_call('user_register_start', $this); if (ee()->extensions->end_script === TRUE) { return; } } //-------------------------------------------- // Set the default globals //-------------------------------------------- $default = array_merge(array('username', 'password', 'password_confirm', 'email', 'screen_name'), $this->standard); foreach ($default as $val) { if (!isset($_POST[$val])) { $_POST[$val] = ''; } } /** ---------------------------------------- /** Check screen name override /** ----------------------------------------*/ $this->_screen_name_override(); /** ---------------------------------------- /** Handle alternate username / screen name /** ----------------------------------------*/ if (ee()->input->post('username') == '' and $this->preferences['email_is_username'] == 'y') { $_POST['username'] = ee()->input->get_post('email'); } if (!ee()->input->get_post('screen_name') or ee()->input->get_post('screen_name') == '') { $_POST['screen_name'] = $_POST['username']; } // ------------------------------------- // EE 2.3+ trims username and screenname // ------------------------------------- if (APP_VER >= '2.3.0') { ee()->load->helper('string'); if (isset($_POST['username'])) { $_POST['username'] = trim_nbs($_POST['username']); } if (isset($_POST['screen_name'])) { $_POST['screen_name'] = trim_nbs($_POST['screen_name']); } } /** ---------------------------------------- /** Check prohibited usernames /** ----------------------------------------*/ if (ee()->session->ban_check('username', $_POST['username'])) { return $this->_output_error('general', array(ee()->lang->line('prohibited_username'))); } if ($this->_param('exclude_username') != '' and in_array($_POST['username'], explode('|', $this->_param('exclude_username')))) { return $this->_output_error('general', array(ee()->lang->line('prohibited_username'))); } /** ---------------------------------------- /** Required Fields /** ----------------------------------------*/ if ($this->_param('required') !== FALSE) { $this->_mfields(); $missing = array(); $required = preg_split("/,|\\|/", $this->_param('required')); foreach ($required as $req) { if ($req == 'all_required') { foreach ($this->mfields as $key => $val) { if (!ee()->input->get_post($key) and $val['required'] == 'y') { $missing[] = $this->mfields[$key]['label']; } } } elseif (!ee()->input->get_post($req)) { if (isset($this->mfields[$req])) { $missing[] = $this->mfields[$req]['label']; } elseif (in_array($req, $this->standard)) { if (in_array($req, array('bday_d', 'bday_m', 'bday_y'))) { $missing[] = ee()->lang->line('mbr_birthday'); } elseif ($req == 'daylight_savings') { $missing[] = ee()->lang->line('daylight_savings_time'); } elseif (in_array($req, array('aol_im', 'yahoo_im', 'msn_im', 'icq', 'signature'))) { $missing[] = ee()->lang->line($req); } else { $missing[] = ee()->lang->line('mbr_' . $req); } } } } /** ---------------------------------------- /** Anything missing? /** ----------------------------------------*/ if (count($missing) > 0) { $missing = implode("</li><li>", $missing); $str = str_replace("%fields%", $missing, ee()->lang->line('missing_fields')); return $this->_output_error('general', $str); } } /** ---------------------------------------- /** Instantiate validation class /** ----------------------------------------*/ $validate_config = array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $_POST['username'], 'cur_username' => '', 'screen_name' => stripslashes($_POST['screen_name']), 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => $_POST['email'], 'cur_email' => ''); ee()->load->library('validate', $validate_config, 'validate'); ee()->validate->validate_username(); ee()->validate->validate_screen_name(); ee()->validate->validate_password(); ee()->validate->validate_email(); if ($this->preferences['email_is_username'] != 'n' and ($key = array_search(ee()->lang->line('username_password_too_long'), ee()->validate->errors)) !== FALSE) { if (strlen(ee()->validate->username) <= 50) { unset(ee()->validate->errors[$key]); } else { ee()->validate->errors[$key] = str_replace('32', '50', ee()->validate->errors[$key]); } } /** ---------------------------------------- /** Do we have any custom fields? /** ----------------------------------------*/ $cust_errors = array(); $cust_fields = array(); $fields = ''; if (count($this->_mfields()) > 0) { foreach ($this->mfields as $key => $val) { if ($val['required'] == 'y' and !ee()->input->get_post($key)) { $fields .= "<li>" . $val['label'] . "</li>"; } if (isset($_POST[$key])) { /** ---------------------------------------- /** Handle arrays /** ----------------------------------------*/ if (is_array($_POST[$key])) { $cust_fields['m_field_id_' . $val['id']] = implode("\n", $_POST[$key]); } else { $cust_fields['m_field_id_' . $val['id']] = $_POST[$key]; } } } if ($fields != '') { $cust_errors[] = str_replace("%s", $fields, ee()->lang->line('user_field_required')); } } /** ---------------------------------------- /** Assemble custom fields /** ----------------------------------------*/ $cfields = array(); foreach ($this->_mfields() as $key => $val) { if (isset($_POST[$key])) { /** ---------------------------------------- /** Handle arrays /** ----------------------------------------*/ if (is_array($_POST[$key])) { $cfields['m_field_id_' . $val['id']] = implode("\n", $_POST[$key]); } else { $cfields['m_field_id_' . $val['id']] = $_POST[$key]; } } } if (ee()->config->item('use_membership_captcha') == 'y') { if (ee()->config->item('captcha_require_members') == 'y' or ee()->config->item('captcha_require_members') == 'n' and ee()->session->userdata('member_id') == 0) { // Hidden configuration! Disables CAPTCHA on Remote Registrations. if ($remote === TRUE && ee()->config->item('user_disable_remote_captcha') == 'y') { // Nothing... } elseif (!isset($_POST['captcha']) or $_POST['captcha'] == '') { $cust_errors[] = ee()->lang->line('captcha_required'); } } } if (ee()->config->item('require_terms_of_service') == 'y') { if (!isset($_POST['accept_terms'])) { $cust_errors[] = ee()->lang->line('mbr_terms_of_service_required'); } } $errors = array_merge(ee()->validate->errors, $cust_errors); /** -------------------------------------------- /** 'user_register_error_checking' Extension Hook /** - Error checking /** - Added User 2.0.9 /** --------------------------------------------*/ if (ee()->extensions->active_hook('user_register_error_checking') === TRUE) { $errors = ee()->extensions->universal_call('user_register_error_checking', $this, $errors); if (ee()->extensions->end_script === TRUE) { return; } } /** ---------------------------------------- /** Output Errors /** ----------------------------------------*/ if (count($errors) > 0) { return $this->_output_error('submission', $errors); } /** ---------------------------------------- /** Do we require a key? /** ----------------------------------------*/ if ($this->_param('require_key') == 'yes' or $this->_param('key_email_match') == 'yes') { /** ---------------------------------------- /** No key? /** ----------------------------------------*/ if (!ee()->input->post('key')) { return $this->_output_error('submission', array(ee()->lang->line('key_required'))); } /** ---------------------------------------- /** Key and email match required? /** ----------------------------------------*/ if ($this->_param('key_email_match') == 'yes' and !ee()->input->get_post('email')) { return $this->_output_error('submission', array(ee()->lang->line('key_email_match_required'))); } /** ---------------------------------------- /** Query /** ----------------------------------------*/ $sql = "SELECT \tkey_id \n\t\t\t\t\tFROM \texp_user_keys \n\t\t\t\t\tWHERE \tmember_id = '0' \n\t\t\t\t\tAND \thash = '" . ee()->db->escape_str(ee()->input->get_post('key')) . "'"; if ($this->_param('key_email_match') == 'yes') { $sql .= " AND email = '" . ee()->db->escape_str(ee()->input->get_post('email')) . "'"; } $query = ee()->db->query($sql); if ($query->num_rows() == 0) { $query = ee()->db->query("SELECT preference_value \n\t\t\t\t\t FROM \texp_user_preferences \n\t\t\t\t\t WHERE \tpreference_name = 'key_expiration' \n\t\t\t\t\t LIMIT 1"); $exp = $query->num_rows() > 0 ? $query->row('preference_value') : $exp; return $this->_output_error('submission', array(str_replace("%s", $exp, ee()->lang->line('key_incorrect')))); } $key_id = $query->row('key_id'); } /** ---------------------------------------- /** Set member group /** ----------------------------------------*/ if (ee()->config->item('req_mbr_activation') == 'manual' or ee()->config->item('req_mbr_activation') == 'email') { $this->insert_data['group_id'] = 4; // Pending } else { if (ee()->config->item('default_member_group') == '') { $this->insert_data['group_id'] = 4; // Pending } else { $this->insert_data['group_id'] = ee()->config->item('default_member_group'); } } /** ---------------------------------------- /** Override member group if hard coded /** ----------------------------------------*/ if ($this->_param('group_id') and is_numeric($this->_param('group_id')) and $this->_param('group_id') != '1') { // Email and Manual Activation will use the exp_user_activation_group table to change group. if (ee()->config->item('req_mbr_activation') != 'email' and ee()->config->item('req_mbr_activation') != 'manual') { $this->insert_data['group_id'] = $this->_param('group_id'); } } /** ---------------------------------------- /** Override member group if invitation /** code provided and valid. /** ----------------------------------------*/ if ($key_id != '' and $key_id != '1') { $key = ee()->db->query("SELECT k.group_id \n\t\t\t\t FROM \texp_user_keys AS k \n\t\t\t\t JOIN \texp_member_groups AS g \n\t\t\t\t ON \tg.group_id = k.group_id \n\t\t\t\t WHERE \tk.key_id = '" . ee()->db->escape_str($key_id) . "' \n\t\t\t\t AND \tk.group_id NOT IN (0, 1)"); if ($key->num_rows() > 0) { if (ee()->config->item('req_mbr_activation') == 'email' or ee()->config->item('req_mbr_activation') == 'manual') { $this->params['group_id'] = $key->row('group_id'); } else { $this->insert_data['group_id'] = $key->row('group_id'); } } } /** -------------------------------------------- /** Submitted Group ID, Restricted by allowed_groups="" /** --------------------------------------------*/ if (ee()->input->post('group_id') !== FALSE and ctype_digit(ee()->input->post('group_id')) and $this->_param('allowed_groups')) { $sql = "SELECT DISTINCT group_id \n\t\t\t\t\tFROM \texp_member_groups\n\t\t\t\t\tWHERE \tgroup_id \n\t\t\t\t\tNOT IN \t(1,2,3,4) \n\t\t\t\t\tAND \tgroup_id = '" . ee()->db->escape_str(ee()->input->post('group_id')) . "' " . ee()->functions->sql_andor_string($this->_param('allowed_groups'), 'group_id'); $mquery = ee()->db->query($sql); if ($mquery->num_rows() > 0) { if (ee()->config->item('req_mbr_activation') == 'email' or ee()->config->item('req_mbr_activation') == 'manual') { $this->params['group_id'] = $mquery->row('group_id'); } else { $this->insert_data['group_id'] = $mquery->row('group_id'); } } } /** ---------------------------------------- /** Double check that member group is real /** ----------------------------------------*/ $query = ee()->db->query("SELECT COUNT(*) AS count \n\t\t\t FROM \texp_member_groups\n\t\t\t WHERE group_id != '1' \n\t\t\t AND \tgroup_id = '" . ee()->db->escape_str($this->insert_data['group_id']) . "'"); if ($query->row('count') == 0) { return $this->_output_error('submission', array(ee()->lang->line('invalid_member_group'))); } /** -------------------------------------------- /** Test Image Uploads /** --------------------------------------------*/ $this->_upload_images(0, TRUE); /** ---------------------------------------- /** Do we require captcha? /** ----------------------------------------*/ if (ee()->config->item('use_membership_captcha') == 'y') { if (ee()->config->item('captcha_require_members') == 'y' or ee()->config->item('captcha_require_members') == 'n' and ee()->session->userdata('member_id') == 0) { // Hidden configuration! Disables CAPTCHA on Remote Registrations. if ($remote === TRUE && ee()->config->item('user_disable_remote_captcha') == 'y') { // Nothing... } else { $query = ee()->db->query("SELECT COUNT(*) AS count \n\t\t\t\t\t\t FROM \texp_captcha \n\t\t\t\t\t\t WHERE word='" . ee()->db->escape_str($_POST['captcha']) . "' \n\t\t\t\t\t\t AND \tip_address = '" . ee()->input->ip_address() . "' \n\t\t\t\t\t\t AND \tdate > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return $this->_output_error('submission', array(ee()->lang->line('captcha_incorrect'))); } ee()->db->query("DELETE FROM exp_captcha \n\t\t\t\t\t\t WHERE \t(word='" . ee()->db->escape_str($_POST['captcha']) . "' \n\t\t\t\t\t\t\t\tAND \tip_address = '" . ee()->input->ip_address() . "') \n\t\t\t\t\t\t OR date < UNIX_TIMESTAMP()-7200"); } } } /** ---------------------------------------- /** Secure Mode Forms? /** ----------------------------------------*/ if (ee()->config->item('secure_forms') == 'y') { $query = ee()->db->query("SELECT COUNT(*) AS count \n\t\t\t\t FROM \texp_security_hashes \n\t\t\t\t WHERE \thash='" . ee()->db->escape_str($_POST['XID']) . "' \n\t\t\t\t AND \tip_address = '" . ee()->input->ip_address() . "'\n\t\t\t\t AND \tdate > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return $this->_output_error('general', array(ee()->lang->line('not_authorized'))); } //---------------------------------------- // Delete secure hash? //---------------------------------------- // The reg() function is also assisting the // remote_registration routine. That // routine receives form submissions from // comment and rating forms. If we delete // the secure hash now, those forms will fail // when they do their security check. // So we don't delete in the case of remote reg. //---------------------------------------- if ($remote === FALSE) { ee()->db->query("DELETE FROM exp_security_hashes \n\t\t\t\t\t WHERE (hash='" . ee()->db->escape_str($_POST['XID']) . "' \n\t\t\t\t\t\t\tAND ip_address = '" . ee()->input->ip_address() . "') \n\t\t\t\t\t OR date < UNIX_TIMESTAMP()-7200"); } } /** ---------------------------------------- /** Assign the base query data /** ----------------------------------------*/ $this->insert_data['username'] = $_POST['username']; if (APP_VER < '2.2.0') { $this->insert_data['password'] = ee()->functions->hash(stripslashes($_POST['password'])); } else { $pass_data = ee()->auth->hash_password(stripslashes($_POST['password'])); $this->insert_data['password'] = $pass_data['password']; $this->insert_data['salt'] = $pass_data['salt']; } $this->insert_data['ip_address'] = ee()->input->ip_address(); $this->insert_data['unique_id'] = ee()->functions->random('encrypt'); $this->insert_data['join_date'] = ee()->localize->now; $this->insert_data['email'] = $_POST['email']; $this->insert_data['screen_name'] = $_POST['screen_name']; /** ---------------------------------------- /** Optional Fields /** ----------------------------------------*/ $optional = array('language' => 'deft_lang', 'timezone' => 'server_timezone', 'time_format' => 'time_format'); foreach ($optional as $key => $value) { if (isset($_POST[$value])) { $this->insert_data[$key] = $_POST[$value]; } } foreach ($this->standard as $key) { if (isset($_POST[$key])) { $this->insert_data[$key] = $_POST[$key]; } } $this->insert_data['url'] = prep_url($_POST['url']); $this->insert_data['daylight_savings'] = ee()->input->post('daylight_savings') == 'y' ? 'y' : 'n'; // We generate an authorization code if the member needs to self-activate if (ee()->config->item('req_mbr_activation') == 'email') { $this->insert_data['authcode'] = ee()->functions->random('alpha', 10); } // Default timezone if (!isset($this->insert_data['timezone'])) { $this->insert_data['timezone'] = 'UTC'; } /** ---------------------------------------- /** Insert basic member data /** ----------------------------------------*/ ee()->db->query(ee()->db->insert_string('exp_members', $this->insert_data)); $member_id = ee()->db->insert_id(); //running a second time to get the member_id correct $this->_screen_name_override($member_id); /** ---------------------------------------- /** Insert custom fields /** ----------------------------------------*/ $cust_fields['member_id'] = $member_id; ee()->db->query(ee()->db->insert_string('exp_member_data', $cust_fields)); /** ---------------------------------------- /** Member Group Override on Activation /** ----------------------------------------*/ if ($this->_param('group_id') and is_numeric($this->_param('group_id')) and $this->_param('group_id') != '1') { if (ee()->config->item('req_mbr_activation') == 'email' or ee()->config->item('req_mbr_activation') == 'manual') { ee()->db->query(ee()->db->insert_string('exp_user_activation_group', array('member_id' => $member_id, 'group_id' => $this->_param('group_id')))); } } /** --------------------------------- /** Fetch categories /** ---------------------------------*/ if (isset($_POST['category'])) { if (is_array($_POST['category'])) { foreach ($_POST['category'] as $cat_id) { $this->cat_parents[] = $cat_id; } } elseif (is_numeric($_POST['category'])) { $this->cat_parents = $_POST['category']; } } if (count($this->cat_parents) > 0) { if (ee()->config->item('auto_assign_cat_parents') == 'y') { $this->_fetch_category_parents($this->cat_parents); } } unset($_POST['category']); ee()->db->query("DELETE FROM exp_user_category_posts \n\t\t\t WHERE \tmember_id = '" . $member_id . "'"); foreach ($this->cat_parents as $cat_id) { ee()->db->query(ee()->db->insert_string('exp_user_category_posts', array('member_id' => $member_id, 'cat_id' => $cat_id))); } /** ---------------------------------------- /** Handle image uploads /** ----------------------------------------*/ $this->_upload_images($member_id); /** ---------------------------------------- /** Update key table /** ----------------------------------------*/ if ($key_id != '') { ee()->db->query(ee()->db->update_string('exp_user_keys', array('member_id' => $member_id), array('key_id' => $key_id))); } //---------------------------------------- // Create a record in the member // homepage table //---------------------------------------- // This is only necessary if the user gains // CP access, but we'll add the record anyway. ee()->db->query(ee()->db->insert_string('exp_member_homepage', array('member_id' => $member_id))); //-------------------------------------------- // Set Language Variable //-------------------------------------------- if (isset($_POST['language']) and preg_match("/^[a-z]+\$/", $_POST['language'])) { ee()->session->userdata['language'] = $_POST['language']; } //---------------------------------------- // Mailinglist Subscribe //---------------------------------------- $mailinglist_subscribe = FALSE; if (isset($_POST['mailinglist_subscribe']) and (is_array($_POST['mailinglist_subscribe']) or is_numeric($_POST['mailinglist_subscribe']))) { // Kill duplicate emails from authorizatin queue. ee()->db->query("DELETE FROM \texp_mailing_list_queue \n\t\t\t\t WHERE \t\t\temail = '" . ee()->db->escape_str($_POST['email']) . "'"); $lists = is_array($_POST['mailinglist_subscribe']) ? $_POST['mailinglist_subscribe'] : array($_POST['mailinglist_subscribe']); foreach ($lists as $list_id) { // Validate Mailing List ID $query = ee()->db->query("SELECT list_title\n\t\t\t\t\t FROM \texp_mailing_lists \n\t\t\t\t\t WHERE \tlist_id = '" . ee()->db->escape_str($list_id) . "'"); // Email Not Already in Mailing List $results = ee()->db->query("SELECT COUNT(*) AS count \n\t\t\t\t\t FROM \texp_mailing_list \n\t\t\t\t\t WHERE \temail = '" . ee()->db->escape_str($_POST['email']) . "' \n\t\t\t\t\t AND \tlist_id = '" . ee()->db->escape_str($list_id) . "'"); //---------------------------------------- // INSERT Email //---------------------------------------- if ($query->num_rows() > 0 and $results->row('count') == 0) { $code = ee()->functions->random('alpha', 10); //---------------------------------------- // The User module still does member // activation through the Member module, // which does not allow one to activate // MORE THAN ONE Mailing List subscription // per registration. So, what we do is if // member activation is not automatic // AND there is more than one mailing list // being subscribed to, then we require // activation of mailing list subscription // on an individual basis through the // Mailing List module. //---------------------------------------- if (ee()->config->item('req_mbr_activation') == 'email' and count($lists) == 1) { $mailinglist_subscribe = TRUE; // Activated When Membership Activated ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date) \n\t\t\t\t\t\t\t VALUES \t('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($list_id) . "', '" . $code . "', '" . time() . "')"); //we will notify the admin of the mailing list join as soon as the member //hits thier activation key email2 } elseif (ee()->config->item('req_mbr_activation') == 'manual' or ee()->config->item('req_mbr_activation') == 'email') { // Mailing List Subscribe Email ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date) \n\t\t\t\t\t\t\t VALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($list_id) . "', '" . $code . "', '" . time() . "')"); $this->mailing_list_email($query->row('list_title'), ee()->input->post('email', TRUE), $code); } else { // Automatically Accepted ee()->db->query("INSERT INTO exp_mailing_list (user_id, list_id, authcode, email) \n\t\t\t\t\t\t\t VALUES \t('', '" . ee()->db->escape_str($list_id) . "', '" . $code . "', '" . ee()->db->escape_str($_POST['email']) . "')"); $this->notify_mailinglist_admin($query->row('list_title'), ee()->input->post('email', TRUE)); } } } } // End Mailing Lists inserts... //---------------------------------------- // Send admin notifications //---------------------------------------- $notify = $this->_param('notify') ? $this->_param('notify') : ''; if (ee()->config->item('new_member_notification') == 'y' and ee()->config->item('mbr_notification_emails') != '' or $notify != '') { $name = $this->insert_data['screen_name'] != '' ? $this->insert_data['screen_name'] : $this->insert_data['username']; $swap = array('name' => $name, 'site_name' => stripslashes(ee()->config->item('site_name')), 'control_panel_url' => ee()->config->item('cp_url'), 'username' => $this->insert_data['username'], 'email' => $this->insert_data['email']); $template = ee()->functions->fetch_email_template('admin_notify_reg'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); $notify_address = $notify != '' ? $notify : ee()->config->item('mbr_notification_emails'); ee()->load->helper('string'); $notify_address = reduce_multiples($notify_address, ',', TRUE); /** ---------------------------------------- /** Send email /** ----------------------------------------*/ ee()->load->library('email'); ee()->load->helper('text'); ee()->email->initialize(); ee()->email->wordwrap = true; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($notify_address); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); } /** ---------------------------------------- /* 'user_register_end' hook. /* - Additional processing when a member is created through the User Side /** ----------------------------------------*/ if (ee()->extensions->active_hook('user_register_end') === TRUE) { $edata = ee()->extensions->universal_call('user_register_end', $this, $member_id); if (ee()->extensions->end_script === TRUE) { return; } } /** ----------------------------------------*/ /** ---------------------------------------- /** Send user notifications /** ----------------------------------------*/ $message = ''; if (ee()->config->item('req_mbr_activation') == 'email') { $qs = ee()->config->item('force_query_string') == 'y' ? '' : '?'; $action_id = ee()->functions->fetch_action_id('User', 'activate_member'); if (APP_VER < 2.0) { $action_id = ee()->functions->insert_action_ids($action_id); } $name = $this->insert_data['screen_name'] != '' ? $this->insert_data['screen_name'] : $this->insert_data['username']; $forum_id = ee()->input->get_post('FROM') == 'forum' ? '&r=f' : ''; $add = $mailinglist_subscribe !== TRUE ? '' : '&mailinglist=' . $list_id; $swap = array('name' => $name, 'activation_url' => ee()->functions->fetch_site_index(0, 0) . $qs . 'ACT=' . $action_id . '&id=' . $this->insert_data['authcode'] . $forum_id . $add, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url'), 'username' => $this->insert_data['username'], 'email' => $this->insert_data['email']); $template = ee()->functions->fetch_email_template('mbr_activation_instructions'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); /** ---------------------------------------- /** Send email /** ----------------------------------------*/ ee()->load->library('email'); ee()->load->helper('text'); ee()->email->initialize(); ee()->email->wordwrap = true; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($this->insert_data['email']); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); $message = ee()->lang->line('mbr_membership_instructions_email'); } elseif (ee()->config->item('req_mbr_activation') == 'manual') { $message = ee()->lang->line('mbr_admin_will_activate'); } elseif ($this->_param('admin_register') != 'yes') { // Kill old sessions ee()->session->delete_old_sessions(); ee()->session->gc_probability = 100; /** ---------------------------------------- /** Log user in /** ----------------------------------------*/ $expire = 60 * 60 * 24 * 182; //-------------------------------------------- // As of 2.2.0, auth is different //-------------------------------------------- // 1.x/2.1.5b or below gets old auth if (APP_VER < '2.2.0') { ee()->functions->set_cookie(ee()->session->c_anon); ee()->functions->set_cookie(ee()->session->c_expire, time() + $expire, $expire); ee()->functions->set_cookie(ee()->session->c_uniqueid, $this->insert_data['unique_id'], $expire); ee()->functions->set_cookie(ee()->session->c_password, $this->insert_data['password'], $expire); //---------------------------------------- // Create a new session //---------------------------------------- if (ee()->config->item('user_session_type') == 'cs' or ee()->config->item('user_session_type') == 's') { ee()->session->sdata['session_id'] = ee()->functions->random(); ee()->session->sdata['member_id'] = $member_id; ee()->session->sdata['last_activity'] = ee()->localize->now; ee()->session->create_new_session($member_id); // ee()->functions->set_cookie(ee()->session->c_session , //ee()->session->sdata['session_id'], //ee()->session->session_length); // ee()->db->query(ee()->db->insert_string('exp_sessions', ee()->session->sdata)); } //---------------------------------------- // Update existing session variables //---------------------------------------- ee()->session->userdata['username'] = $this->insert_data['username']; ee()->session->userdata['email'] = $this->insert_data['email']; ee()->session->userdata['screen_name'] = $this->insert_data['screen_name']; ee()->session->userdata['url'] = $this->insert_data['url']; ee()->session->userdata['location'] = $this->insert_data['location']; ee()->session->userdata['member_id'] = $member_id; ee()->session->userdata['group_id'] = $this->insert_data['group_id']; //---------------------------------------- // Update stats //---------------------------------------- if ($this->EE->config->item('enable_online_user_tracking') == 'y' && $this->EE->config->item('disable_all_tracking') == 'n') { $cutoff = ee()->localize->now - 15 * 60; ee()->db->query("DELETE FROM exp_online_users \n\t\t\t\t\t\t WHERE (ip_address = '" . ee()->db->escape_str(ee()->input->ip_address()) . "' \n\t\t\t\t\t\t\t\tAND member_id = '0') \n\t\t\t\t\t\t OR \tdate < {$cutoff}"); $data = array('member_id' => $member_id, 'name' => ee()->session->userdata['screen_name'] == '' ? ee()->session->userdata['username'] : ee()->session->userdata['screen_name'], 'ip_address' => ee()->input->ip_address(), 'date' => ee()->localize->now, 'anon' => 'y'); ee()->db->query(ee()->db->update_string('exp_online_users', $data, array("ip_address" => ee()->input->ip_address(), "member_id" => $member_id))); } } else { $member = ee()->db->get_where('members', array('member_id' => $member_id)); $session = new Auth_result($member->row()); if (APP_VER >= '2.4.0') { $session->remember_me(60 * 60 * 24 * 182); } $session->start_session(); // Update system stats ee()->load->library('stats'); if (!$this->check_no(ee()->config->item('enable_online_user_tracking'))) { ee()->stats->update_stats(); } } $message = ee()->lang->line('mbr_your_are_logged_in'); } /** -------------------------------------------- /** Welcome Email! /** --------------------------------------------*/ if (ee()->config->item('req_mbr_activation') == 'manual') { // Put in a Table and Send Later! ee()->db->query(ee()->db->insert_string('exp_user_welcome_email_list', array('member_id' => $member_id, 'group_id' => $this->insert_data['group_id']))); } elseif (ee()->config->item('req_mbr_activation') != 'email') { $this->insert_data['member_id'] = $member_id; $this->welcome_email($this->insert_data); } /** ---------------------------------------- /** Override Return /** ----------------------------------------*/ if ($this->_param('override_return') !== FALSE and $this->_param('override_return') != '' and $this->is_ajax_request() === FALSE) { ee()->functions->redirect($this->_param('override_return')); exit; } /** ---------------------------------------- /** Set return /** ----------------------------------------*/ if (ee()->input->get_post('return') !== FALSE and ee()->input->get_post('return') != '') { $return = ee()->input->get_post('return'); } elseif (ee()->input->get_post('RET') !== FALSE and ee()->input->get_post('RET') != '') { $return = ee()->input->get_post('RET'); } else { $return = ee()->config->item('site_url'); } if (preg_match("/" . LD . "\\s*path=(.*?)" . RD . "/", $return, $match)) { $return = ee()->functions->create_url($match['1']); } // -------------------------------------------- // AJAX Response // -------------------------------------------- if ($this->is_ajax_request()) { $this->send_ajax_response(array('success' => TRUE, 'heading' => lang('user_successful_submission'), 'message' => lang('mbr_registration_completed') . "\n\n" . $message, 'content' => lang('mbr_registration_completed') . "\n\n" . $message)); } /** ---------------------------------------- /** Return /** ----------------------------------------*/ $return = $this->_chars_decode($return); if ($remote === FALSE) { ee()->functions->redirect($return); } }