if ($is_editor or $is_tutor) { if (isset($_POST['submit'])) { $sender = Database::get()->querySingle("SELECT email, surname, givenname FROM user WHERE id = ?d", $uid); $sender_name = $sender->givenname . ' ' . $sender->surname; $sender_email = $sender->email; $emailsubject = $title . " - " . $_POST['subject']; $emailbody = "$_POST[body_mail]\n\n$langSender: $sender->surname $sender->givenname <$sender->email>\n$langProfLesson\n"; $req = Database::get()->queryArray("SELECT user_id FROM group_members WHERE group_id = ?d", $group_id); foreach ($req as $userid) { $email = Database::get()->querySingle("SELECT email FROM user WHERE id = $userid->user_id")->email; if (get_user_email_notification($userid->user_id, $course_id)) { $linkhere = " <a href='${urlServer}main/profile/emailunsubscribe.php?cid=$course_id'>$langHere</a>."; $unsubscribe = "<br /><br />$langNote: " . sprintf($langLinkUnsubscribe, $title); $emailbody .= $unsubscribe . $linkhere; if (email_seems_valid($email) and ! send_mail($sender_name, $sender_email, '', $email, $emailsubject, $emailbody, $charset)) { $tool_content .= "<h4>$langMailError</h4>"; } } } // aldo send email to professor send_mail($sender_name, $sender_email, '', $sender_email, $emailsubject, $emailbody, $charset); $tool_content .= "<div class='alert alert-success'>$langEmailSuccess<br>"; $tool_content .= "<a href='index.php?course=$course_code'>$langBack</a></div>"; } else { $tool_content .= "<div class='form-wrapper'> <form class='form-horizontal' role='form' action='$_SERVER[SCRIPT_NAME]?course=$course_code' method='post'> <fieldset> <input type='hidden' name='group_id' value='$group_id'> <div class='form-group'> <label>$langMailSubject</label>
$tool_content .= "<div class='alert alert-danger'>{$langForbidden}</div>"; draw($tool_content, 0); exit; } if (!$prof and $eclass_stud_reg != 1) { $tool_content .= "<div class='alert alert-danger'>{$langForbidden}</div>"; draw($tool_content, 0); exit; } $am_required = !$prof && get_config('am_required'); $errors = array(); $all_set = register_posted_variables(array('usercomment' => true, 'givenname' => true, 'surname' => true, 'username' => true, 'userphone' => $prof, 'usermail' => true, 'am' => $am_required, 'department' => true, 'captcha_code' => false)); if (!$all_set) { $errors[] = $langFieldsMissing; } if (!email_seems_valid($usermail)) { $errors[] = $langEmailWrong; $all_set = false; } else { $usermail = mb_strtolower(trim($usermail)); } // check if the username is already in use $username = canonicalize_whitespace($username); if (user_exists($username)) { $errors[] = $langUserFree; $all_set = false; } // check if exists user request with the same username if (user_app_exists($username)) { $errors[] = $langUserFree3; $all_set = false;
$uname = canonicalize_whitespace($uname); // check if the username is already in use $username_check = Database::get()->querySingle("SELECT username FROM user WHERE username = ?s", $uname); if ($username_check) { $registration_errors[] = $langUserFree; } if ($display_captcha) { // captcha check require_once 'include/securimage/securimage.php'; $securimage = new Securimage(); if ($securimage->check($_POST['captcha_code']) == false) { $registration_errors[] = $langCaptchaWrong; } } } if (!empty($email) and !email_seems_valid($email)) { $registration_errors[] = $langEmailWrong; } else { $email = mb_strtolower(trim($email)); } if ($password != $_POST['password1']) { // check if the two passwords match $registration_errors[] = $langPassTwice; } //check for validation errors in custom profile fields $cpf_check = cpf_validate_format(); if ($cpf_check[0] === false) { unset($cpf_check[0]); foreach ($cpf_check as $cpf_error) { $registration_errors[] = $cpf_error; } }
if ($email != $_SESSION['email']) { $_SESSION['email'] = $email; Database::get()->query("UPDATE user SET email = ?s WHERE id = ?d", $email, $uid); } //send new code $hmac = token_generate($_SESSION['uname'] . $email . $uid); $subject = $langMailChangeVerificationSubject; $MailMessage = sprintf($mailbody1 . $langMailVerificationChangeBody, $urlServer . 'modules/auth/mail_verify.php?h=' . $hmac . '&id=' . $uid); $emailhelpdesk = get_config('email_helpdesk'); $emailAdministrator = get_config('email_sender'); if (!send_mail($siteName, $emailAdministrator, '', $email, $subject, $MailMessage, $charset, "Reply-To: {$emailhelpdesk}")) { $mail_ver_error = sprintf("<div class='alert alert-warning'>" . $langMailVerificationError, $email, $urlServer . "auth/registration.php", "<a href='mailto:" . q($emailhelpdesk) . "' class='mainpage'>" . q($emailhelpdesk) . "</a>.</div>"); $tool_content .= $mail_ver_error; } else { $tool_content .= "<div class='alert alert-success'>{$langMailVerificationSuccess4}</div> "; } } else { $tool_content .= "<div class='alert alert-danger'>{$langMailVerificationWrong}</div> "; } } elseif (!empty($_SESSION['mail_verification_required']) && $_SESSION['mail_verification_required'] === 1) { $tool_content .= "<div class='alert alert-info'>{$langMailVerificationReq}</div> "; } if (empty($_POST['email']) or !email_seems_valid($_POST['email'])) { $tool_content .= "<br /><br /><form method='post' action='{$_SERVER['SCRIPT_NAME']}'>\n <fieldset>\n <legend>{$langUserData}</legend>\n <table class='tbl' with='100%'> \n <tr>\n <th class='left'>{$lang_email}:</th>\n <td><input type='text' name='email' size='30' maxlength='40' value='" . q($_SESSION['email']) . "' /></td>\n <td><small>({$langMailVerificationAddrChange})</small></td>\n </tr>\n <tr>\n <th class='left'> </th>\n <td colspan='2'><input class='btn btn-primary' type='submit' name='submit' value='{$langMailVerificationNewCode}' /></td>\n </tr>\n </table> \n </fieldset>\n </form>"; } if (isset($_GET['from_profile'])) { draw($tool_content, 1); } else { draw($tool_content, 0); } exit;
$emailSubject = "{$professorMessage} ({$public_code} - " . q($title) . " - {$langAnnouncement})"; // select students email list $countEmail = 0; $invalid = 0; $recipients = array(); $emailBody = html2text($emailContent); $linkhere = " <a href='{$urlServer}main/profile/emailunsubscribe.php?cid={$course_id}'>{$langHere}</a>."; $unsubscribe = "<br /><br />{$langNote}: " . sprintf($langLinkUnsubscribe, $title); $emailContent .= $unsubscribe . $linkhere; $general_to = 'Members of course ' . $course_code; Database::get()->queryFunc("SELECT course_user.user_id as id, user.email as email\n FROM course_user, user\n WHERE course_id = ?d AND user.id IN ({$recipients_emaillist}) AND \n course_user.user_id = user.id", function ($person) use(&$countEmail, &$recipients, &$invalid, $course_id, $general_to, $emailSubject, $emailBody, $emailContent, $charset) { $countEmail++; $emailTo = $person->email; $user_id = $person->id; // check email syntax validity if (!email_seems_valid($emailTo)) { $invalid++; } elseif (get_user_email_notification($user_id, $course_id)) { // checks if user is notified by email array_push($recipients, $emailTo); } // send mail message per 50 recipients if (count($recipients) >= 50) { send_mail_multipart("{$_SESSION['givenname']} {$_SESSION['surname']}", $_SESSION['email'], $general_to, $recipients, $emailSubject, $emailBody, $emailContent, $charset); $recipients = array(); } }, $course_id); if (count($recipients) > 0) { send_mail_multipart("{$_SESSION['givenname']} {$_SESSION['surname']}", $_SESSION['email'], $general_to, $recipients, $emailSubject, $emailBody, $emailContent, $charset); } $messageInvalid = " {$langOn} {$countEmail} {$langRegUser}, {$invalid} {$langInvalidMail}";
validateUploadedFile($_FILES['userimage']['name'], 1); $type = $_FILES['userimage']['type']; $image_file = $_FILES['userimage']['tmp_name']; if (!copy_resized_image($image_file, $type, IMAGESIZE_LARGE, IMAGESIZE_LARGE, $image_path . '_' . IMAGESIZE_LARGE . '.jpg')) { Session::Messages($langInvalidPicture); redirect_to_home_page("main/profile/profile.php"); } if (!copy_resized_image($image_file, $type, IMAGESIZE_SMALL, IMAGESIZE_SMALL, $image_path . '_' . IMAGESIZE_SMALL . '.jpg')) { Session::Messages($langInvalidPicture); redirect_to_home_page("main/profile/profile.php"); } Database::get()->query("UPDATE user SET has_icon = 1 WHERE id = ?d", $_SESSION['uid']); Log::record(0, 0, LOG_PROFILE, array('uid' => intval($_SESSION['uid']), 'addimage' => 1, 'imagetype' => $type)); } // check if email is valid if (get_config('email_required') | get_config('email_verification_required') and !email_seems_valid($email_form)) { Session::Messages($langEmailWrong); redirect_to_home_page("main/profile/profile.php"); } // check if there are empty fields if (!$all_ok) { Session::Messages($langFieldsMissing); redirect_to_home_page("main/profile/profile.php"); } if (!$allow_username_change) { $username_form = $_SESSION['uname']; } $username_form = canonicalize_whitespace($username_form); // check if username exists if ($username_form != $_SESSION['uname']) { $username_check = Database::get()->querySingle("SELECT username FROM user WHERE username = ?s", $username_form);
// validation for departments foreach ($departments as $dep) { validateNode($dep, isDepartmentAdmin()); } $numfields = count($fields); $line = strtok($_POST['user_info'], "\n"); while ($line !== false) { $line = preg_replace('/#.*/', '', trim($line)); if (!empty($line)) { $userl = preg_split('/[ \\t]+/', $line); if (count($userl) >= $numfields) { $info = array(); foreach ($fields as $field) { $info[$field] = array_shift($userl); } if (!isset($info['email']) or !email_seems_valid($info['email'])) { $info['email'] = ''; } if (!empty($am)) { if (!isset($info['id']) or empty($info['id'])) { $info['id'] = $am; } else { $info['id'] = $am . ' - ' . $info['id']; } } $surname = isset($info['last']) ? $info['last'] : ''; $givenname = isset($info['first']) ? $info['first'] : ''; if (!isset($info['username'])) { $info['username'] = create_username($newstatus, $departments, $surname, $givenname, $_POST['prefix']); } if (!isset($info['password'])) {
} $tool_content .= action_bar(array(array('title' => $langBack, 'url' => "../admin/index.php", 'icon' => 'fa-reply', 'level' => 'primary-label'), array('title' => $langBackRequests, 'url' => "../admin/listreq.php{$reqtype}", 'icon' => 'fa-reply', 'level' => 'primary', 'show' => isset($submit) and $success))); } if ($submit) { // register user $depid = intval(isset($_POST['department']) ? $_POST['department'] : 0); $proflanguage = $session->validate_language_code(@$_POST['language']); $verified_mail = isset($_REQUEST['verified_mail_form']) ? intval($_REQUEST['verified_mail_form']) : 2; // check if user name exists $user_exist = Database::get()->querySingle("SELECT username FROM user WHERE username=?s", $uname); // check if there are empty fields if (!$all_set) { $tool_content .= "<div class='alert alert-danger'>{$langFieldsMissing} <br /><a href='{$backlink}'>{$langAgain}</a></div>"; } elseif ($user_exist) { $tool_content .= "<div class='alert alert-danger'>{$langUserFree} <br /><a href='{$backlink}'>{$langAgain}</a></div>"; } elseif (!email_seems_valid($email_form)) { $tool_content .= "<div class='alert alert-danger'>{$langEmailWrong} <br /><a href='{$backlink}'>{$langAgain}</a></div>"; } else { validateNode(intval($depid), isDepartmentAdmin()); $hasher = new PasswordHash(8, false); $password_encrypted = $hasher->HashPassword($password); $uid = Database::get()->query("INSERT INTO user\n (surname, givenname, username, password, email, status, phone, am, registered_at, expires_at, lang, description, verified_mail, whitelist)\n VALUES (?s, ?s, ?s, ?s, ?s, ?d, ?s, ?s , " . DBHelper::timeAfter() . "\n , " . DBHelper::timeAfter(get_config('account_duration')) . "\n , ?s, '', ?s, '')", $surname_form, $givenname_form, $uname, $password_encrypted, $email_form, $pstatus, $phone, $am, $proflanguage, $verified_mail)->lastInsertID; $user->refresh($uid, array(intval($depid))); // close request if needed if (!empty($rid)) { $rid = intval($rid); Database::get()->query("UPDATE user_request set state = 2, date_closed = NOW() WHERE id = ?d", $rid); } if ($pstatus == 1) { $message = $profsuccess; $reqtype = '';