function process_form() { // INITIAL DATA FETCHING global $school_name, $email; // so that the show_form function can use these values later $school_name = htmlentities(trim($_POST['school_name'])); $email = htmlentities($_POST['email']); $name_msg = validate_school_name($school_name); $recaptcha_msg = validate_recaptcha(); $email_msg = validate_coach_email($email); if ($name_msg !== true) { alert($name_msg, -1); } else { if ($recaptcha_msg !== true) { alert($recaptcha_msg, -1); } else { if ($email_msg !== true) { alert($email_msg, -1); } else { // ** All information has been validated at this point ** $access_code = generate_code(5); // Create database entry DB::insert('schools', array('name' => $school_name, 'coach_email' => $email, 'access_code' => $access_code)); // Get user id (MySQL AUTO_INCREMENT id) $id = DB::insertId(); global $LMT_EMAIL; $lmt_year = htmlentities(map_value('year')); $lmt_date = htmlentities(map_value('date')); // Send the email $url = get_site_url() . '/LMT/Registration/Signin?ID=' . $id . '&Code=' . $access_code; $subject = "LMT {$lmt_year} Account"; $body = <<<HEREDOC To: {$school_name} Thank you for registering your school for the LMT! The contest will be held on [b]{$lmt_date} [/b] at Lexington High School. You may register teams for LMT {$lmt_year} via the link below. This link will also enable you to modify teams as long as registration is open. [b][url]{$url} [/url][/b] If you have any questions, please contact us at [email]{$LMT_EMAIL} [/email]. HEREDOC; lmt_send_email(array($email => $school_name), $subject, $body); // Show the post-registration message echo <<<HEREDOC <h1>Coach Registration</h1> <div class="text-centered"> Your account was created. Please check your email inbox for a confirmation email. </div> HEREDOC; die; } } } }
function action_hook($h, $t, $r, $p) { $actions = get_recaptcha_actions(); if (is_array($actions) && in_array($t, $actions)) { if (!validate_recaptcha()) { elgg_make_sticky_form($t); register_error(elgg_echo('elgg_recaptcha:message:fail')); // workaround for https://github.com/Elgg/Elgg/issues/8960 elgg_unregister_plugin_hook_handler('forward', 'system', 'uservalidationbyemail_after_registration_url'); forward(REFERER); } } }
function process_request_page() { restrict_access('X'); // Check the reCaptcha $recaptcha_msg = validate_recaptcha(); if ($recaptcha_msg !== true) { show_request_page($recaptcha_msg, 'recaptcha_response_field'); return; } // Check that an account with that email address exists. $email = mysqli_real_escape_string(DB::get(), strtolower($_POST['email'])); $query = 'SELECT id, name, email, password_reset_code FROM users WHERE LOWER(email)="' . $email . '" LIMIT 1'; $result = DB::queryRaw($query); if (mysqli_num_rows($result) != 1) { show_request_page('An account with that email address does not exist.', 'email'); return; } // ** INFORMATION VERIFIED AT THIS POINT ** $row = mysqli_fetch_assoc($result); $id = $row['id']; // See if a password reset code has already been generated; if not, do so $reset_code = $row['password_reset_code']; if ($reset_code == '0') { $reset_code = generate_code(5); $query = 'UPDATE users SET password_reset_code="' . $reset_code . '" WHERE id="' . $id . '" LIMIT 1'; DB::queryRaw($query); } // Generate the reset link $protocol = $_SERVER['HTTPS'] == 'on' ? 'https' : 'http'; $url_pieces = parse_url($_SERVER['REQUEST_URI']); $link = $protocol . '://' . $_SERVER['HTTP_HOST'] . dirname($url_pieces['path']) . '/Password_Reset?id=' . $id . '&code=' . $reset_code; // Assemble the email global $WEBMASTER_EMAIL; $to = array($row['email'] => $row['name']); $subject = 'Password Reset'; $body = <<<HEREDOC To reset your password, click this link: {$link} If you did not request a password reset, please contact <{$WEBMASTER_EMAIL}>. HEREDOC; send_email($to, $subject, $body, $WEBMASTER_EMAIL); // Redirect back to prevent refreshing-resends $_SESSION['ACCOUNT_password_reset_email'] = $row['email']; $_SESSION['ACCOUNT_password_reset_time'] = time(); $_SESSION['ACCOUNT_sent_password_reset'] = true; header('Location: Password_Reset'); }
function process_form() { // INITIAL DATA FETCHING global $name, $email, $grade; // so that the show_form function can use these values later $name = htmlentities(ucwords(trim($_POST['name']))); $name = preg_replace('/\\s\\s+/', ' ', $name); $name = preg_replace('/\\-+/', '-', $name); $email = htmlentities($_POST['email']); $grade = $_POST['grade']; $name_msg = validate_name($name); if ($name_msg !== true) { show_form($name_msg, 'name'); } $grade_msg = validate_grade($grade); if ($grade_msg !== true) { show_form($grade_msg, 'grade'); } $recaptcha_msg = validate_recaptcha(); if ($recaptcha_msg !== true) { show_form($recaptcha_msg, 'recaptcha_response_field'); } $email_msg = validate_email($email); if ($email_msg !== true) { show_form($email_msg, 'email'); } // ** All information has been validated at this point ** // Create database entry DB::insert('individuals', array('name' => $name, 'grade' => $grade, 'email' => $email)); $id = DB::insertId(); //Get AUTO_INCREMENT id // Start outputting the top part of the page, to make it seem responsive while we send the email lmt_page_header('Individual Registration'); // Send the email $lmt_year = htmlentities(map_value('year')); $lmt_date = htmlentities(map_value('date')); $cost = htmlentities(map_value('indiv_cost')); $url = get_site_url() . '/LMT'; global $LMT_EMAIL; $subject = "LMT {$lmt_year} Registration Receipt"; $body = <<<HEREDOC Hi {$name}, You have successfully registered as an individual for LMT {$lmt_year}! [b]Please print out this email and bring it to the competition along with the registration fee of {$cost}[/b]. Date: [b]{$lmt_date}[/b] Location: Lexington High School [url]http://www.lhsmath.org/LMT/Location[/url] If you have any questions, please contact us at [email]{$LMT_EMAIL}[/email]. ______________________________________________________________ Registration: [b]Individual[/b] ID: [b]{$id}[/b] Name: [b]{$name}[/b] Email: [b]{$email}[/b] Grade: [b]{$grade}[/b] ______________________________________________________________ HEREDOC; lmt_send_email(array($email => $name), $subject, $body); // Show the post-registration message echo <<<HEREDOC <h1>Individual Registration</h1> <div class="text-centered"> You have successfully registered for LMT {$lmt_year}! An email has been sent with more information. </div> HEREDOC; }