$email = Filter::postEmail('email');
$pass1 = Filter::post('pass1', WT_REGEX_PASSWORD);
$pass2 = Filter::post('pass2', WT_REGEX_PASSWORD);
$theme = Filter::post('theme', implode('|', array_keys(Theme::themeNames())), '');
$language = Filter::post('language');
$timezone = Filter::post('timezone');
$contact_method = Filter::post('contact_method');
$comment = Filter::post('comment');
$auto_accept = Filter::postBool('auto_accept');
$canadmin = Filter::postBool('canadmin');
$visible_online = Filter::postBool('visible_online');
$verified = Filter::postBool('verified');
$approved = Filter::postBool('approved');
if ($user_id === 0) {
// Create a new user
if (User::findByUserName($username)) {
FlashMessages::addMessage(I18N::translate('Duplicate username. A user with that username already exists. Please choose another username.'));
} elseif (User::findByEmail($email)) {
FlashMessages::addMessage(I18N::translate('Duplicate email address. A user with that email already exists.'));
} elseif ($pass1 !== $pass2) {
FlashMessages::addMessage(I18N::translate('The passwords do not match.'));
} else {
$user = User::create($username, $real_name, $email, $pass1);
$user->setPreference('reg_timestamp', date('U'))->setPreference('sessiontime', '0');
Log::addAuthenticationLog('User ->' . $username . '<- created');
}
} else {
$user = User::find($user_id);
if ($user && $username && $real_name) {
$user->setEmail($email);
$user->setUserName($username);
</div>
<div>
<input type="submit" value="', I18N::translate('Send'), '">
</div>
</form>
</div>';
break;
case 'verify_hash':
if (!Site::getPreference('USE_REGISTRATION_MODULE')) {
header('Location: ' . WT_BASE_URL);
return;
}
// switch language to webmaster settings
$webmaster = User::find($WT_TREE->getPreference('WEBMASTER_USER_ID'));
I18N::init($webmaster->getPreference('language'));
$user = User::findByUserName($user_name);
$edit_user_url = WT_BASE_URL . "admin_users.php?action=edit&user_id=" . $user->getUserId();
$mail1_body = I18N::translate('Hello administrator…') . Mail::EOL . Mail::EOL . I18N::translate('A new user (%1$s) has requested an account (%2$s) and verified an email address (%3$s).', $user->getRealNameHtml(), Filter::escapeHtml($user->getUserName()), Filter::escapeHtml($user->getEmail())) . Mail::EOL . Mail::EOL . I18N::translate('You need to review the account details.') . Mail::EOL . Mail::EOL . '<a href="' . $edit_user_url . '">' . $edit_user_url . '</a>' . Mail::EOL . Mail::EOL . I18N::translate('Set the status to “approved”.') . Mail::EOL . I18N::translate('Set the access level for each tree.') . Mail::EOL . I18N::translate('Link the user account to an individual.');
$mail1_subject = I18N::translate('New user at %s', WT_BASE_URL . ' ' . $WT_TREE->getTitle());
// Change to the new user’s language
I18N::init($user->getPreference('language'));
$controller->setPageTitle(I18N::translate('User verification'));
$controller->pageHeader();
echo '<div id="login-register-page">';
echo '<h2>' . I18N::translate('User verification') . '</h2>';
echo '<div id="user-verify">';
if ($user && $user->checkPassword($user_password) && $user->getPreference('reg_hashcode') === $user_hashcode) {
Mail::send($WT_TREE, $webmaster->getEmail(), $webmaster->getRealName(), $WT_TREE->getPreference('WEBTREES_EMAIL'), $WT_TREE->getPreference('WEBTREES_EMAIL'), $mail1_subject, $mail1_body);
$mail1_method = $webmaster->getPreference('CONTACT_METHOD');
if ($mail1_method != 'messaging3' && $mail1_method != 'mailto' && $mail1_method != 'none') {
Database::prepare("INSERT INTO `##message` (sender, ip_address, user_id, subject, body) VALUES (? ,? ,? ,? ,?)")->execute(array($user_name, WT_CLIENT_IP, $webmaster->getUserId(), $mail1_subject, Filter::unescapeHtml($mail1_body)));
$form_username = Filter::post('form_username');
$form_realname = Filter::post('form_realname');
$form_pass1 = Filter::post('form_pass1', WT_REGEX_PASSWORD);
$form_pass2 = Filter::post('form_pass2', WT_REGEX_PASSWORD);
$form_email = Filter::postEmail('form_email');
$form_rootid = Filter::post('form_rootid', WT_REGEX_XREF);
$form_theme = Filter::post('form_theme');
$form_language = Filter::post('form_language');
$form_timezone = Filter::post('form_timezone');
$form_contact_method = Filter::post('form_contact_method');
$form_visible_online = Filter::postBool('form_visible_online');
// Respond to form action
if ($form_action && Filter::checkCsrf()) {
switch ($form_action) {
case 'update':
if ($form_username !== Auth::user()->getUserName() && User::findByUserName($form_username)) {
FlashMessages::addMessage(I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.'));
} elseif ($form_email !== Auth::user()->getEmail() && User::findByEmail($form_email)) {
FlashMessages::addMessage(I18N::translate('Duplicate email address. A user with that email already exists.'));
} else {
// Change username
if ($form_username !== Auth::user()->getUserName()) {
Log::addAuthenticationLog('User ' . Auth::user()->getUserName() . ' renamed to ' . $form_username);
Auth::user()->setUserName($form_username);
}
// Change password
if ($form_pass1 && $form_pass1 === $form_pass2) {
Auth::user()->setPassword($form_pass1);
}
// Change other settings
Auth::user()->setRealName($form_realname)->setEmail($form_email)->setPreference('language', $form_language)->setPreference('TIMEZONE', $form_timezone)->setPreference('contactmethod', $form_contact_method)->setPreference('visibleonline', $form_visible_online ? '1' : '0');
namespace Fisharebest\Webtrees;
use Fisharebest\Webtrees\Controller\SimpleController;
define('WT_SCRIPT_NAME', 'message.php');
require './includes/session.php';
// Some variables are initialised from GET (so we can set initial values in URLs),
// but are submitted in POST so we can have long body text.
$subject = Filter::post('subject', null, Filter::get('subject'));
$body = Filter::post('body');
$from_name = Filter::post('from_name');
$from_email = Filter::post('from_email');
$action = Filter::post('action', 'compose|send', 'compose');
$to = Filter::post('to', null, Filter::get('to'));
$method = Filter::post('method', 'messaging|messaging2|messaging3|mailto|none', Filter::get('method', 'messaging|messaging2|messaging3|mailto|none', 'messaging2'));
$url = Filter::postUrl('url', Filter::getUrl('url'));
$to_user = User::findByUserName($to);
$controller = new SimpleController();
$controller->restrictAccess($to_user || Auth::isAdmin() && ($to === 'all' || $to === 'last_6mo' || $to === 'never_logged'))->setPageTitle(I18N::translate('webtrees message'));
$errors = '';
// Is this message from a member or a visitor?
if (Auth::check()) {
$from = Auth::user()->getUserName();
} else {
// Visitors must provide a valid email address
if ($from_email && (!preg_match("/(.+)@(.+)/", $from_email, $match) || function_exists('checkdnsrr') && checkdnsrr($match[2]) === false)) {
$errors .= '<p class="ui-state-error">' . I18N::translate('Please enter a valid email address.') . '</p>';
$action = 'compose';
}
// Do not allow anonymous visitors to include links to external sites
if (preg_match('/(?!' . preg_quote(WT_BASE_URL, '/') . ')(((?:ftp|http|https):\\/\\/)[a-zA-Z0-9.-]+)/', $subject . $body, $match)) {
$errors .= '<p class="ui-state-error">' . I18N::translate('You are not allowed to send messages that contain external links.') . '</p>' . '<p class="ui-state-highlight">' . I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]) . '</p>' . Log::addAuthenticationLog('Possible spam message from "' . $from_name . '"/"' . $from_email . '", subject="' . $subject . '", body="' . $body . '"');
