/** * Function to reverse given text with utf-8 character sets * * credit for this function should goto lwc courtesy of php.net. * * @param string $str The text to be reversed. * @param string $reverse true will reverse everything including numbers, false will reverse text only but numbers will be left intact. * example: when true: impresscms 2008 > 8002 smcsserpmi, false: impresscms 2008 > 2008 smcsserpmi * @return string */ function icms_utf8_strrev($str, $reverse = false) { icms_core_Debug::setDeprecated('icms_core_DataFilter::utf8_strrev', sprintf(_CORE_REMOVE_IN_VERSION, '1.4')); return icms_core_DataFilter::utf8_strrev($str, $reverse); }
/** * Validates username, email address and password entries during registration * Username is validated for uniqueness and length * password is validated for length and strictness * email is validated as a proper email address pattern * * @param string $uname User display name entered by the user * @param string $login_name Username entered by the user * @param string $email Email address entered by the user * @param string $pass Password entered by the user * @param string $vpass Password verification entered by the user * @param int $uid user id (only applicable if the user already exists) * @global array $icmsConfigUser user configuration * @return string of errors encountered while validating the user information, will be blank if successful */ public function userCheck($login_name, $uname, $email, $pass, $vpass, $uid = 0) { global $icmsConfigUser; // initializations $member_handler = icms::handler('icms_member'); $thisUser = $uid > 0 ? $thisUser = $member_handler->getUser($uid) : FALSE; $icmsStopSpammers = new icms_core_StopSpammer(); $stop = ''; switch ($icmsConfigUser['uname_test_level']) { case 0: // strict $restriction = '/[^a-zA-Z0-9\\_\\-]/'; break; case 1: // medium $restriction = '/[^a-zA-Z0-9\\_\\-\\<\\>\\,\\.\\$\\%\\#\\@\\!\\\'\\"]/'; break; case 2: // loose $restriction = '/[\\000-\\040]/'; break; } // check email if (is_object($thisUser) && $thisUser->getVar('email', 'e') != $email && $email !== FALSE || !is_object($thisUser)) { if (!icms_core_DataFilter::checkVar($email, 'email', 0, 1)) { $stop .= _US_INVALIDMAIL . '<br />'; } $count = $this->getCount(icms_buildCriteria(array('email' => addslashes($email)))); if ($count > 0) { $stop .= _US_EMAILTAKEN . '<br />'; } } // check login_name $login_name = icms_core_DataFilter::icms_trim($login_name); if (is_object($thisUser) && $thisUser->getVar('login_name', 'e') != $login_name && $login_name !== FALSE || !is_object($thisUser)) { if (empty($login_name) || preg_match($restriction, $login_name)) { $stop .= _US_INVALIDNICKNAME . '<br />'; } if (strlen($login_name) > $icmsConfigUser['maxuname']) { $stop .= sprintf(_US_NICKNAMETOOLONG, $icmsConfigUser['maxuname']) . '<br />'; } if (strlen($login_name) < $icmsConfigUser['minuname']) { $stop .= sprintf(_US_NICKNAMETOOSHORT, $icmsConfigUser['minuname']) . '<br />'; } foreach ($icmsConfigUser['bad_unames'] as $bu) { if (!empty($bu) && preg_match('/' . $bu . '/i', $login_name)) { $stop .= _US_NAMERESERVED . '<br />'; break; } } if (strrpos($login_name, ' ') > 0) { $stop .= _US_NICKNAMENOSPACES . '<br />'; } $count = $this->getCount(icms_buildCriteria(array('login_name' => addslashes($login_name)))); if ($count > 0) { $stop .= _US_LOGINNAMETAKEN . '<br />'; } } // check uname if (is_object($thisUser) && $thisUser->getVar('uname', 'e') != $uname && $uname !== FALSE || !is_object($thisUser)) { $count = $this->getCount(icms_buildCriteria(array('uname' => addslashes($uname)))); if ($count > 0) { $stop .= _US_NICKNAMETAKEN . '<br />'; } } // check password if ($pass !== FALSE) { if (!isset($pass) || $pass == '' || !isset($vpass) || $vpass == '') { $stop .= _US_ENTERPWD . '<br />'; } if (isset($pass) && $pass != $vpass) { $stop .= _US_PASSNOTSAME . '<br />'; } elseif ($pass != '' && strlen($pass) < $icmsConfigUser['minpass']) { $stop .= sprintf(_US_PWDTOOSHORT, $icmsConfigUser['minpass']) . '<br />'; } if (isset($pass) && isset($login_name) && ($pass == $login_name || $pass == icms_core_DataFilter::utf8_strrev($login_name, TRUE) || strripos($pass, $login_name) === TRUE)) { $stop .= _US_BADPWD . '<br />'; } } // check other things if ($icmsStopSpammers->badIP($_SERVER['REMOTE_ADDR'])) { $stop .= _US_INVALIDIP . '<br />'; } return $stop; }
$oldpass = !empty($_POST['oldpass']) ? icms_core_DataFilter::stripSlashesGPC(trim($_POST['oldpass'])) : ''; $vpass = !empty($_POST['vpass']) ? icms_core_DataFilter::stripSlashesGPC(trim($_POST['vpass'])) : ''; if (empty($password) || empty($oldpass) || empty($vpass)) { $stop .= _MD_PROFILE_PROVIDEPWDS; } else { icms_loadLanguageFile('core', 'user'); if (!$member_handler->loginUser(addslashes(icms::$user->getVar('login_name')), addslashes($oldpass))) { $stop .= _US_BADPWD . "<br />"; } if (strlen($password) < $icmsConfigUser['minpass']) { $stop .= sprintf(_US_PWDTOOSHORT, $icmsConfigUser['minpass']) . "<br />"; } if ($password != $vpass) { $stop .= _US_PASSNOTSAME . "<br />"; } if ($password == $username || $password == icms_core_DataFilter::utf8_strrev($username, true) || strripos($password, $username) === true) { $stop .= _US_BADPWD; } } if ($stop != '') { redirect_header(PROFILE_URL . 'changepass.php', 2, $stop); } else { $icmspass = new icms_core_Password(); $salt = icms_core_Password::createSalt(); $pass = $icmspass->encryptPass($_POST['password'], $salt, $icmsConfigUser['enc_type']); icms::$user->setVar('salt', $salt, true); icms::$user->setVar('pass', $pass, true); icms::$user->setVar('enc_type', $icmsConfigUser['enc_type'], true); if ($member_handler->insertUser(icms::$user)) { redirect_header(PROFILE_URL . '/userinfo.php?uid=' . icms::$user->getVar('uid'), 2, _MD_PROFILE_PASSWORDCHANGED); } else {
$newuser->setVar('url', formatURL($url)); $newuser->setVar('user_avatar', 'blank.gif'); $newuser->setVar('user_icq', $user_icq); $newuser->setVar('user_from', $user_from); $newuser->setVar('user_sig', $user_sig); $newuser->setVar('user_aim', $user_aim); $newuser->setVar('user_yim', $user_yim); $newuser->setVar('user_msnm', $user_msnm); if ($pass2 != '') { if ($password != $pass2) { icms_cp_header(); echo '<strong>' . _AM_STNPDNM . '</strong>'; icms_cp_footer(); exit(); } if ($password == $username || $password == icms_core_DataFilter::utf8_strrev($username, TRUE) || strripos($password, $username) === TRUE || $password == $login_name || $password == icms_core_Datafilter::utf8_strrev($login_name, TRUE) || strripos($password, $login_name) === TRUE ) { icms_cp_header(); echo '<strong>' . _AM_BADPWD . '</strong>'; icms_cp_footer(); exit(); } $icmspass = new icms_core_Password(); $password = $icmspass->encryptPass($password); $newuser->setVar('pass', $password); } $newuser->setVar('timezone_offset', $timezone_offset);