function xoops_user_validate($username, $password, $validate)
{
global $xoopsModuleConfig, $xoopsConfig;
if ($xoopsModuleConfig['site_user_auth'] == 1) {
if ($ret = check_for_lock(basename(__FILE__), $username, $password)) {
return $ret;
}
if (!checkright(basename(__FILE__), $username, $password)) {
mark_for_lock(basename(__FILE__), $username, $password);
return array('ErrNum' => 9, "ErrDesc" => 'No Permission for plug-in');
}
}
if ($validate['passhash'] != '') {
if ($validate['passhash'] != sha1($validate['time'] - $validate['rand'] . $validate['uname'] . $validate['pass'])) {
return array("ERRNUM" => 4, "ERRTXT" => 'No Passhash');
}
} else {
return array("ERRNUM" => 4, "ERRTXT" => 'No Passhash');
}
include_once XOOPS_ROOT_PATH . '/class/auth/authfactory.php';
include_once XOOPS_ROOT_PATH . '/language/' . $xoopsConfig['language'] . '/auth.php';
$xoopsAuth =& XoopsAuthFactory::getAuthConnection($myts->addSlashes($validate['uname']));
if (check_auth_class($xoopsAuth) == true) {
$result = $xoopsAuth->validate($validate['uname'], $validate['email'], $validate['pass'], $validate['vpass']);
return $result;
} else {
return array('ERRNUM' => 1, 'RESULT' => XoopsUserUtility::validate($validate['uname'], $validate['email'], $validate['pass'], $validate['vpass']));
}
}
$myts =& MyTextSanitizer::getInstance();
$user->setVar('uname', $_POST['uname']);
$user->setVar('email', trim($_POST['email']));
if (isset($_POST['level']) && $user->getVar('level') != intval($_POST['level'])) {
$user->setVar('level', intval($_POST['level']));
}
$password = $vpass = null;
if (!empty($_POST['password'])) {
$password = $myts->stripSlashesGPC(trim($_POST['password']));
$vpass = @$myts->stripSlashesGPC(trim($_POST['vpass']));
$user->setVar('pass', md5($password));
} elseif ($user->isNew()) {
$password = $vpass = '';
}
xoops_load("userUtility");
$stop = XoopsUserUtility::validate($user, $password, $vpass);
$errors = array();
if ($stop != "") {
$errors[] = $stop;
}
foreach (array_keys($fields) as $i) {
$fieldname = $fields[$i]->getVar('field_name');
if (in_array($fields[$i]->getVar('field_id'), $editable_fields) && isset($_REQUEST[$fieldname])) {
if (in_array($fieldname, $userfields)) {
$value = $fields[$i]->getValueForSave($_REQUEST[$fieldname], $user->getVar($fieldname, 'n'));
$user->setVar($fieldname, $value);
} else {
$value = $fields[$i]->getValueForSave(isset($_REQUEST[$fieldname]) ? $_REQUEST[$fieldname] : "", $profile->getVar($fieldname, 'n'));
$profile->setVar($fieldname, $value);
}
}
function userCheck($uname, $email, $pass, $vpass)
{
trigger_error("Function " . __FUNCTION__ . " is deprecated, use XoopsUserUtility::validate() instead", E_USER_WARNING);
return XoopsUserUtility::validate($uname, $email, $pass, $vpass);
}
$myts = \Xoops\Core\Text\Sanitizer::getInstance();
$op = isset($_REQUEST['op']) ? $_REQUEST['op'] : 'editprofile';
$xoops->getConfigs();
if ($op === 'save') {
if (!$xoops->security()->check()) {
$xoops->redirect(\XoopsBaseConfig::get('url') . "/modules/" . $xoops->module->getVar('dirname', 'n') . "/", 3, XoopsLocale::E_NO_ACTION_PERMISSION . "<br />" . implode('<br />', $xoops->security()->getErrors()));
exit;
}
$uid = $xoops->user->getVar('uid');
$errors = array();
$edituser = $xoops->user;
if ($xoops->user->isAdmin()) {
$edituser->setVar('uname', trim($_POST['uname']));
$edituser->setVar('email', trim($_POST['email']));
}
$stop = XoopsUserUtility::validate($edituser);
if (!empty($stop)) {
$op = 'editprofile';
} else {
// Dynamic fields
/* @var $profile_handler ProfileProfileHandler */
$profile_handler = \Xoops::getModuleHelper('profile')->getHandler('profile');
// Get fields
$fields = $profile_handler->loadFields();
// Get ids of fields that can be edited
$gperm_handler = $xoops->getHandlerGroupPermission();
$editable_fields = $gperm_handler->getItemIds('profile_edit', $xoops->user->getGroups(), $xoops->module->getVar('mid'));
if (!($profile = $profile_handler->getProfile($edituser->getVar('uid')))) {
$profile = $profile_handler->create();
$profile->setVar('profile_id', $edituser->getVar('uid'));
}
if ($current_step == 1) {
$uname = isset($_POST['uname']) ? $myts->stripSlashesGPC(trim($_POST['uname'])) : '';
$email = isset($_POST['email']) ? $myts->stripSlashesGPC(trim($_POST['email'])) : '';
$url = isset($_POST['url']) ? $myts->stripSlashesGPC(trim($_POST['url'])) : '';
$pass = isset($_POST['pass']) ? $myts->stripSlashesGPC(trim($_POST['pass'])) : '';
$vpass = isset($_POST['vpass']) ? $myts->stripSlashesGPC(trim($_POST['vpass'])) : '';
$agree_disc = isset($_POST['agree_disc']) && (int) $_POST['agree_disc'] ? 1 : 0;
if ($xoops->getConfig('reg_dispdsclmr') != 0 && $xoops->getConfig('reg_disclaimer') != '') {
if (empty($agree_disc)) {
$stop .= XoopsLocale::E_YOU_HAVE_TO_AGREE_TO_DISCLAIMER . '<br />';
}
}
$newuser->setVar('uname', $uname);
$newuser->setVar('email', $email);
$newuser->setVar('pass', $pass ? password_hash($pass, PASSWORD_DEFAULT) : '');
$stop .= XoopsUserUtility::validate($newuser, $pass, $vpass);
$xoopsCaptcha = XoopsCaptcha::getInstance();
if (!$xoopsCaptcha->verify()) {
$stop .= $xoopsCaptcha->getMessage();
}
}
// If the last step required SAVE or if we're on the last step then we will insert/update user on database
if ($current_step > 0 && empty($stop) && (!empty($steps[$current_step - 1]['step_save']) || !isset($steps[$current_step]))) {
$isNew = $newuser->isNew();
//Did created an user already? If not then let us set some extra info
if ($isNew) {
$uname = isset($_POST['uname']) ? $myts->stripSlashesGPC(trim($_POST['uname'])) : '';
$email = isset($_POST['email']) ? $myts->stripSlashesGPC(trim($_POST['email'])) : '';
$url = isset($_POST['url']) ? $myts->stripSlashesGPC(trim($_POST['url'])) : '';
$pass = isset($_POST['pass']) ? $myts->stripSlashesGPC(trim($_POST['pass'])) : '';
$newuser->setVar('uname', $uname);
function userCheck($uname, $email, $pass, $vpass)
{
return XoopsUserUtility::validate($uname, $email, $pass, $vpass);
}
/**
* @param $uname
* @param $email
* @param $pass
* @param $vpass
*
* @return bool|string
*/
function userCheck($uname, $email, $pass, $vpass)
{
$GLOBALS['xoopsLogger']->addDeprecated('Function ' . __FUNCTION__ . ' is deprecated, use XoopsUserUtility::validate() instead');
return XoopsUserUtility::validate($uname, $email, $pass, $vpass);
}
}
echo XoopsLocale::TIME_ZONE . ": {$timezone}<br />";
echo "<form action='register.php' method='post'>";
$cpatcha = new Xoops\Form\Captcha();
echo "<br />" . $cpatcha->getCaption() . ": " . $cpatcha->render();
echo "<input type='hidden' name='uname' value='" . $myts->htmlSpecialChars($uname) . "' />\n <input type='hidden' name='email' value='" . $myts->htmlSpecialChars($email) . "' />\n <input type='hidden' name='user_viewemail' value='" . $user_viewemail . "' />\n <input type='hidden' name='timezone' value='" . $timezone . "' />\n <input type='hidden' name='url' value='" . $myts->htmlSpecialChars($url) . "' />\n <input type='hidden' name='pass' value='" . $myts->htmlSpecialChars($pass) . "' />\n <input type='hidden' name='vpass' value='" . $myts->htmlSpecialChars($vpass) . "' />\n <input type='hidden' name='user_mailok' value='" . $user_mailok . "' />\n <br /><br /><input type='hidden' name='op' value='finish' />" . $xoops->security()->getTokenHTML() . "<input type='submit' value='" . XoopsLocale::A_FINISH . "' /></form>";
} else {
echo "<span class='red'>{$stop}</span>";
include $xoops->path('include/registerform.php');
$reg_form->display();
}
$xoops->footer();
break;
case 'finish':
$xoops->header();
$stop = XoopsUserUtility::validate($uname, $email, $pass, $vpass);
if (!$xoops->security()->check()) {
$stop .= implode('<br />', $xoops->security()->getErrors()) . "<br />";
}
$xoopsCaptcha = XoopsCaptcha::getInstance();
if (!$xoopsCaptcha->verify()) {
$stop .= $xoopsCaptcha->getMessage() . "<br />";
}
if (empty($stop)) {
$member_handler = $xoops->getHandlerMember();
$newuser = $member_handler->createUser();
$newuser->setVar('user_viewemail', $user_viewemail);
$newuser->setVar('uname', $uname);
$newuser->setVar('email', $email);
if ($url != '') {
$newuser->setVar('url', $xoops->formatURL($url));