$email = Filter::postEmail('email'); $pass1 = Filter::post('pass1', WT_REGEX_PASSWORD); $pass2 = Filter::post('pass2', WT_REGEX_PASSWORD); $theme = Filter::post('theme', implode('|', array_keys(Theme::themeNames())), ''); $language = Filter::post('language'); $timezone = Filter::post('timezone'); $contact_method = Filter::post('contact_method'); $comment = Filter::post('comment'); $auto_accept = Filter::postBool('auto_accept'); $canadmin = Filter::postBool('canadmin'); $visible_online = Filter::postBool('visible_online'); $verified = Filter::postBool('verified'); $approved = Filter::postBool('approved'); if ($user_id === 0) { // Create a new user if (User::findByUserName($username)) { FlashMessages::addMessage(I18N::translate('Duplicate username. A user with that username already exists. Please choose another username.')); } elseif (User::findByEmail($email)) { FlashMessages::addMessage(I18N::translate('Duplicate email address. A user with that email already exists.')); } elseif ($pass1 !== $pass2) { FlashMessages::addMessage(I18N::translate('The passwords do not match.')); } else { $user = User::create($username, $real_name, $email, $pass1); $user->setPreference('reg_timestamp', date('U'))->setPreference('sessiontime', '0'); Log::addAuthenticationLog('User ->' . $username . '<- created'); } } else { $user = User::find($user_id); if ($user && $username && $real_name) { $user->setEmail($email); $user->setUserName($username);
</div> <div> <input type="submit" value="', I18N::translate('Send'), '"> </div> </form> </div>'; break; case 'verify_hash': if (!Site::getPreference('USE_REGISTRATION_MODULE')) { header('Location: ' . WT_BASE_URL); return; } // switch language to webmaster settings $webmaster = User::find($WT_TREE->getPreference('WEBMASTER_USER_ID')); I18N::init($webmaster->getPreference('language')); $user = User::findByUserName($user_name); $edit_user_url = WT_BASE_URL . "admin_users.php?action=edit&user_id=" . $user->getUserId(); $mail1_body = I18N::translate('Hello administrator…') . Mail::EOL . Mail::EOL . I18N::translate('A new user (%1$s) has requested an account (%2$s) and verified an email address (%3$s).', $user->getRealNameHtml(), Filter::escapeHtml($user->getUserName()), Filter::escapeHtml($user->getEmail())) . Mail::EOL . Mail::EOL . I18N::translate('You need to review the account details.') . Mail::EOL . Mail::EOL . '<a href="' . $edit_user_url . '">' . $edit_user_url . '</a>' . Mail::EOL . Mail::EOL . I18N::translate('Set the status to “approved”.') . Mail::EOL . I18N::translate('Set the access level for each tree.') . Mail::EOL . I18N::translate('Link the user account to an individual.'); $mail1_subject = I18N::translate('New user at %s', WT_BASE_URL . ' ' . $WT_TREE->getTitle()); // Change to the new user’s language I18N::init($user->getPreference('language')); $controller->setPageTitle(I18N::translate('User verification')); $controller->pageHeader(); echo '<div id="login-register-page">'; echo '<h2>' . I18N::translate('User verification') . '</h2>'; echo '<div id="user-verify">'; if ($user && $user->checkPassword($user_password) && $user->getPreference('reg_hashcode') === $user_hashcode) { Mail::send($WT_TREE, $webmaster->getEmail(), $webmaster->getRealName(), $WT_TREE->getPreference('WEBTREES_EMAIL'), $WT_TREE->getPreference('WEBTREES_EMAIL'), $mail1_subject, $mail1_body); $mail1_method = $webmaster->getPreference('CONTACT_METHOD'); if ($mail1_method != 'messaging3' && $mail1_method != 'mailto' && $mail1_method != 'none') { Database::prepare("INSERT INTO `##message` (sender, ip_address, user_id, subject, body) VALUES (? ,? ,? ,? ,?)")->execute(array($user_name, WT_CLIENT_IP, $webmaster->getUserId(), $mail1_subject, Filter::unescapeHtml($mail1_body)));
$form_username = Filter::post('form_username'); $form_realname = Filter::post('form_realname'); $form_pass1 = Filter::post('form_pass1', WT_REGEX_PASSWORD); $form_pass2 = Filter::post('form_pass2', WT_REGEX_PASSWORD); $form_email = Filter::postEmail('form_email'); $form_rootid = Filter::post('form_rootid', WT_REGEX_XREF); $form_theme = Filter::post('form_theme'); $form_language = Filter::post('form_language'); $form_timezone = Filter::post('form_timezone'); $form_contact_method = Filter::post('form_contact_method'); $form_visible_online = Filter::postBool('form_visible_online'); // Respond to form action if ($form_action && Filter::checkCsrf()) { switch ($form_action) { case 'update': if ($form_username !== Auth::user()->getUserName() && User::findByUserName($form_username)) { FlashMessages::addMessage(I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.')); } elseif ($form_email !== Auth::user()->getEmail() && User::findByEmail($form_email)) { FlashMessages::addMessage(I18N::translate('Duplicate email address. A user with that email already exists.')); } else { // Change username if ($form_username !== Auth::user()->getUserName()) { Log::addAuthenticationLog('User ' . Auth::user()->getUserName() . ' renamed to ' . $form_username); Auth::user()->setUserName($form_username); } // Change password if ($form_pass1 && $form_pass1 === $form_pass2) { Auth::user()->setPassword($form_pass1); } // Change other settings Auth::user()->setRealName($form_realname)->setEmail($form_email)->setPreference('language', $form_language)->setPreference('TIMEZONE', $form_timezone)->setPreference('contactmethod', $form_contact_method)->setPreference('visibleonline', $form_visible_online ? '1' : '0');
namespace Fisharebest\Webtrees; use Fisharebest\Webtrees\Controller\SimpleController; define('WT_SCRIPT_NAME', 'message.php'); require './includes/session.php'; // Some variables are initialised from GET (so we can set initial values in URLs), // but are submitted in POST so we can have long body text. $subject = Filter::post('subject', null, Filter::get('subject')); $body = Filter::post('body'); $from_name = Filter::post('from_name'); $from_email = Filter::post('from_email'); $action = Filter::post('action', 'compose|send', 'compose'); $to = Filter::post('to', null, Filter::get('to')); $method = Filter::post('method', 'messaging|messaging2|messaging3|mailto|none', Filter::get('method', 'messaging|messaging2|messaging3|mailto|none', 'messaging2')); $url = Filter::postUrl('url', Filter::getUrl('url')); $to_user = User::findByUserName($to); $controller = new SimpleController(); $controller->restrictAccess($to_user || Auth::isAdmin() && ($to === 'all' || $to === 'last_6mo' || $to === 'never_logged'))->setPageTitle(I18N::translate('webtrees message')); $errors = ''; // Is this message from a member or a visitor? if (Auth::check()) { $from = Auth::user()->getUserName(); } else { // Visitors must provide a valid email address if ($from_email && (!preg_match("/(.+)@(.+)/", $from_email, $match) || function_exists('checkdnsrr') && checkdnsrr($match[2]) === false)) { $errors .= '<p class="ui-state-error">' . I18N::translate('Please enter a valid email address.') . '</p>'; $action = 'compose'; } // Do not allow anonymous visitors to include links to external sites if (preg_match('/(?!' . preg_quote(WT_BASE_URL, '/') . ')(((?:ftp|http|https):\\/\\/)[a-zA-Z0-9.-]+)/', $subject . $body, $match)) { $errors .= '<p class="ui-state-error">' . I18N::translate('You are not allowed to send messages that contain external links.') . '</p>' . '<p class="ui-state-highlight">' . I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]) . '</p>' . Log::addAuthenticationLog('Possible spam message from "' . $from_name . '"/"' . $from_email . '", subject="' . $subject . '", body="' . $body . '"');