/**
* Function to reverse given text with utf-8 character sets
*
* credit for this function should goto lwc courtesy of php.net.
*
* @param string $str The text to be reversed.
* @param string $reverse true will reverse everything including numbers, false will reverse text only but numbers will be left intact.
* example: when true: impresscms 2008 > 8002 smcsserpmi, false: impresscms 2008 > 2008 smcsserpmi
* @return string
*/
function icms_utf8_strrev($str, $reverse = false)
{
icms_core_Debug::setDeprecated('icms_core_DataFilter::utf8_strrev', sprintf(_CORE_REMOVE_IN_VERSION, '1.4'));
return icms_core_DataFilter::utf8_strrev($str, $reverse);
}
/**
* Validates username, email address and password entries during registration
* Username is validated for uniqueness and length
* password is validated for length and strictness
* email is validated as a proper email address pattern
*
* @param string $uname User display name entered by the user
* @param string $login_name Username entered by the user
* @param string $email Email address entered by the user
* @param string $pass Password entered by the user
* @param string $vpass Password verification entered by the user
* @param int $uid user id (only applicable if the user already exists)
* @global array $icmsConfigUser user configuration
* @return string of errors encountered while validating the user information, will be blank if successful
*/
public function userCheck($login_name, $uname, $email, $pass, $vpass, $uid = 0)
{
global $icmsConfigUser;
// initializations
$member_handler = icms::handler('icms_member');
$thisUser = $uid > 0 ? $thisUser = $member_handler->getUser($uid) : FALSE;
$icmsStopSpammers = new icms_core_StopSpammer();
$stop = '';
switch ($icmsConfigUser['uname_test_level']) {
case 0:
// strict
$restriction = '/[^a-zA-Z0-9\\_\\-]/';
break;
case 1:
// medium
$restriction = '/[^a-zA-Z0-9\\_\\-\\<\\>\\,\\.\\$\\%\\#\\@\\!\\\'\\"]/';
break;
case 2:
// loose
$restriction = '/[\\000-\\040]/';
break;
}
// check email
if (is_object($thisUser) && $thisUser->getVar('email', 'e') != $email && $email !== FALSE || !is_object($thisUser)) {
if (!icms_core_DataFilter::checkVar($email, 'email', 0, 1)) {
$stop .= _US_INVALIDMAIL . '<br />';
}
$count = $this->getCount(icms_buildCriteria(array('email' => addslashes($email))));
if ($count > 0) {
$stop .= _US_EMAILTAKEN . '<br />';
}
}
// check login_name
$login_name = icms_core_DataFilter::icms_trim($login_name);
if (is_object($thisUser) && $thisUser->getVar('login_name', 'e') != $login_name && $login_name !== FALSE || !is_object($thisUser)) {
if (empty($login_name) || preg_match($restriction, $login_name)) {
$stop .= _US_INVALIDNICKNAME . '<br />';
}
if (strlen($login_name) > $icmsConfigUser['maxuname']) {
$stop .= sprintf(_US_NICKNAMETOOLONG, $icmsConfigUser['maxuname']) . '<br />';
}
if (strlen($login_name) < $icmsConfigUser['minuname']) {
$stop .= sprintf(_US_NICKNAMETOOSHORT, $icmsConfigUser['minuname']) . '<br />';
}
foreach ($icmsConfigUser['bad_unames'] as $bu) {
if (!empty($bu) && preg_match('/' . $bu . '/i', $login_name)) {
$stop .= _US_NAMERESERVED . '<br />';
break;
}
}
if (strrpos($login_name, ' ') > 0) {
$stop .= _US_NICKNAMENOSPACES . '<br />';
}
$count = $this->getCount(icms_buildCriteria(array('login_name' => addslashes($login_name))));
if ($count > 0) {
$stop .= _US_LOGINNAMETAKEN . '<br />';
}
}
// check uname
if (is_object($thisUser) && $thisUser->getVar('uname', 'e') != $uname && $uname !== FALSE || !is_object($thisUser)) {
$count = $this->getCount(icms_buildCriteria(array('uname' => addslashes($uname))));
if ($count > 0) {
$stop .= _US_NICKNAMETAKEN . '<br />';
}
}
// check password
if ($pass !== FALSE) {
if (!isset($pass) || $pass == '' || !isset($vpass) || $vpass == '') {
$stop .= _US_ENTERPWD . '<br />';
}
if (isset($pass) && $pass != $vpass) {
$stop .= _US_PASSNOTSAME . '<br />';
} elseif ($pass != '' && strlen($pass) < $icmsConfigUser['minpass']) {
$stop .= sprintf(_US_PWDTOOSHORT, $icmsConfigUser['minpass']) . '<br />';
}
if (isset($pass) && isset($login_name) && ($pass == $login_name || $pass == icms_core_DataFilter::utf8_strrev($login_name, TRUE) || strripos($pass, $login_name) === TRUE)) {
$stop .= _US_BADPWD . '<br />';
}
}
// check other things
if ($icmsStopSpammers->badIP($_SERVER['REMOTE_ADDR'])) {
$stop .= _US_INVALIDIP . '<br />';
}
return $stop;
}
$oldpass = !empty($_POST['oldpass']) ? icms_core_DataFilter::stripSlashesGPC(trim($_POST['oldpass'])) : '';
$vpass = !empty($_POST['vpass']) ? icms_core_DataFilter::stripSlashesGPC(trim($_POST['vpass'])) : '';
if (empty($password) || empty($oldpass) || empty($vpass)) {
$stop .= _MD_PROFILE_PROVIDEPWDS;
} else {
icms_loadLanguageFile('core', 'user');
if (!$member_handler->loginUser(addslashes(icms::$user->getVar('login_name')), addslashes($oldpass))) {
$stop .= _US_BADPWD . "<br />";
}
if (strlen($password) < $icmsConfigUser['minpass']) {
$stop .= sprintf(_US_PWDTOOSHORT, $icmsConfigUser['minpass']) . "<br />";
}
if ($password != $vpass) {
$stop .= _US_PASSNOTSAME . "<br />";
}
if ($password == $username || $password == icms_core_DataFilter::utf8_strrev($username, true) || strripos($password, $username) === true) {
$stop .= _US_BADPWD;
}
}
if ($stop != '') {
redirect_header(PROFILE_URL . 'changepass.php', 2, $stop);
} else {
$icmspass = new icms_core_Password();
$salt = icms_core_Password::createSalt();
$pass = $icmspass->encryptPass($_POST['password'], $salt, $icmsConfigUser['enc_type']);
icms::$user->setVar('salt', $salt, true);
icms::$user->setVar('pass', $pass, true);
icms::$user->setVar('enc_type', $icmsConfigUser['enc_type'], true);
if ($member_handler->insertUser(icms::$user)) {
redirect_header(PROFILE_URL . '/userinfo.php?uid=' . icms::$user->getVar('uid'), 2, _MD_PROFILE_PASSWORDCHANGED);
} else {
$newuser->setVar('url', formatURL($url));
$newuser->setVar('user_avatar', 'blank.gif');
$newuser->setVar('user_icq', $user_icq);
$newuser->setVar('user_from', $user_from);
$newuser->setVar('user_sig', $user_sig);
$newuser->setVar('user_aim', $user_aim);
$newuser->setVar('user_yim', $user_yim);
$newuser->setVar('user_msnm', $user_msnm);
if ($pass2 != '') {
if ($password != $pass2) {
icms_cp_header();
echo '<strong>' . _AM_STNPDNM . '</strong>';
icms_cp_footer();
exit();
}
if ($password == $username || $password == icms_core_DataFilter::utf8_strrev($username, TRUE)
|| strripos($password, $username) === TRUE || $password == $login_name
|| $password == icms_core_Datafilter::utf8_strrev($login_name, TRUE)
|| strripos($password, $login_name) === TRUE
) {
icms_cp_header();
echo '<strong>' . _AM_BADPWD . '</strong>';
icms_cp_footer();
exit();
}
$icmspass = new icms_core_Password();
$password = $icmspass->encryptPass($password);
$newuser->setVar('pass', $password);
}
$newuser->setVar('timezone_offset', $timezone_offset);
