function cimy_registration_check($user_login, $user_email, $errors)
{
global $wpdb, $rule_canbeempty, $rule_email, $rule_maxlen, $fields_name_prefix, $wp_fields_name_prefix, $rule_equalto_case_sensitive, $apply_equalto_rule, $cimy_uef_domain, $cimy_uef_file_types, $rule_equalto_regex, $user_level, $cimy_uef_file_images_types, $wp_hidden_fields, $rule_maxlen_is_str;
if (cimy_is_at_least_wordpress35()) {
cimy_switch_to_blog();
}
$options = cimy_get_options();
if (!in_array("username", $options["wp_hidden_fields"])) {
// ok username is empty, we are replacing it with the email, don't bother
if (isset($errors->errors['empty_username'])) {
unset($errors->errors['empty_username']);
}
// remove username exists error only if email exists error is there covering for us
if (isset($errors->errors['username_exists']) && isset($errors->errors['email_exists'])) {
unset($errors->errors['username_exists']);
}
}
// code for confirmation email check
if (!is_multisite() && $options["confirm_email"]) {
$errors = cimy_check_user_on_signups($errors, $user_login, $user_email);
}
// avoid to save stuff if user is being added from: /wp-admin/user-new.php and shit WP 3.1 changed the value just to create new bugs :@
if (!empty($_POST["action"]) && ($_POST["action"] == "adduser" || $_POST["action"] == "createuser")) {
return $errors;
}
$my_user_level = $user_level;
// -1 == anonymous
if (!is_user_logged_in()) {
$my_user_level = -1;
}
$extra_fields = get_cimyFields(false, true);
$wp_fields = get_cimyFields(true);
$from_profile = false;
if (!empty($_POST["from"]) && $_POST["from"] == "profile") {
$from_profile = true;
}
$i = 1;
// do first for the WP fields then for EXTRA fields
while ($i <= 2) {
if ($i == 1) {
$fields = $wp_fields;
$prefix = $wp_fields_name_prefix;
} else {
$fields = $extra_fields;
$prefix = $fields_name_prefix;
}
foreach ($fields as $thisField) {
$field_id = $thisField['ID'];
$name = $thisField['NAME'];
$rules = $thisField['RULES'];
$type = $thisField['TYPE'];
$label = esc_html($thisField['LABEL']);
$description = $thisField['DESCRIPTION'];
$unique_id = $prefix . $field_id;
// Usernames cannot be changed after the registration
if ($i == 1 && $name == "USERNAME" && $from_profile) {
continue;
}
// use WP input name for the username (always) or when updating the profile
if ($i == 1 && ($name == "USERNAME" || $from_profile)) {
$input_name = $wp_hidden_fields[strtolower($name)]['post_name'];
} else {
$input_name = $prefix . esc_attr($name);
}
$field_id_data = $input_name . "_" . $field_id . "_data";
// if the current user LOGGED IN has not enough permissions to see the field, skip it
if ($rules['show_level'] == 'view_cimy_extra_fields') {
if (!current_user_can($rules['show_level'])) {
continue;
}
} else {
if ($my_user_level < $rules['show_level']) {
continue;
}
}
// if show_level == anonymous then do NOT ovverride other show_xyz rules
if ($rules['show_level'] == -1) {
// if we are updating the profile check correct rule
if ($from_profile) {
// if flag to show the field in the profile is NOT activated, skip it
if (!$rules['show_in_profile']) {
continue;
}
} else {
// we are registering new user
// if flag to show the field in the registration is NOT activated, skip it
if (!$rules['show_in_reg']) {
continue;
}
}
}
// uploading a file is not supported when confirmation email is enabled (on MS is turned on by default yes)
if ((is_multisite() || $options["confirm_email"]) && in_array($type, $cimy_uef_file_types)) {
continue;
}
if ($from_profile) {
if ($i == 1) {
// Do not bother with the rules if encountered an empty password field on profile update
if ($type == "password") {
continue;
}
} else {
$old_value = $_POST[$input_name . "_" . $field_id . "_prev_value"];
// Hey, no need to check for rules if anyway I can't edit due to low permissions, neeeext!
if (cimy_uef_is_field_disabled($type, $rules['edit'], $old_value)) {
continue;
}
}
}
if (isset($_POST[$input_name])) {
if ($type == "dropdown-multi" && is_array($_POST[$input_name])) {
$value = stripslashes(implode(",", $_POST[$input_name]));
} else {
$value = stripslashes($_POST[$input_name]);
}
} else {
$value = "";
}
if ($type == "dropdown") {
$ret = cimy_dropDownOptions($label, $value);
$label = esc_html($ret['label']);
$html = $ret['html'];
}
// upload of a file, avatar or picture
if (in_array($type, $cimy_uef_file_types)) {
// confirmation page
if (!empty($_POST["register_confirmation"]) && $_POST["register_confirmation"] == 2) {
$file_size = $_POST[$field_id_data . "_size"];
$file_type1 = $_POST[$field_id_data . "_type"];
// this can be faked!
$old_file = "";
$del_old_file = "";
} else {
if (!empty($_FILES[$input_name])) {
// filesize in Byte transformed in KiloByte
$file_size = $_FILES[$input_name]['size'] / 1024;
$file_type1 = $_FILES[$input_name]['type'];
// this can be faked!
$value = $_FILES[$input_name]['name'];
$old_file = $from_profile && !empty($_POST[$input_name . "_" . $field_id . "_prev_value"]) ? $_POST[$input_name . "_" . $field_id . "_prev_value"] : '';
$del_old_file = $from_profile && !empty($_POST[$input_name . "_del"]) ? $_POST[$input_name . "_del"] : '';
} else {
$file_size = 0;
$file_type1 = "";
$value = "";
$old_file = $from_profile && !empty($_POST[$input_name . "_" . $field_id . "_prev_value"]) ? $_POST[$input_name . "_" . $field_id . "_prev_value"] : '';
$del_old_file = $from_profile && !empty($_POST[$input_name . "_del"]) ? $_POST[$input_name . "_del"] : '';
}
}
}
switch ($type) {
case 'checkbox':
$value == 1 ? $value = "YES" : ($value = "NO");
break;
case 'radio':
intval($value) == intval($field_id) ? $value = "YES" : ($value = "NO");
break;
}
// if the flag can be empty is NOT set OR the field is not empty then other check can be useful, otherwise skip all
if (!$rules['can_be_empty'] || !empty($value)) {
if ($i == 1 && $input_name == $prefix . "PASSWORD2") {
if ($value != $_POST[$prefix . "PASSWORD"]) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('does not match.', $cimy_uef_domain));
}
}
if ($rules['email'] && in_array($type, $rule_email)) {
if (!is_email($value)) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('hasn’t a correct email syntax.', $cimy_uef_domain));
}
}
if (!$rules['can_be_empty'] && in_array($type, $rule_canbeempty) && empty($value)) {
$empty_error = true;
// IF 1. it's a file type
// AND 2. there is an old one uploaded
// AND 3. this old one is not gonna be deleted
// THEN do not throw the empty error.
if (in_array($type, $cimy_uef_file_types) && !empty($old_file) && empty($del_old_file)) {
$empty_error = false;
}
if ($empty_error) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t be empty.', $cimy_uef_domain));
}
}
if (isset($rules['equal_to']) && in_array($type, $apply_equalto_rule)) {
$equalTo = $rules['equal_to'];
// if the type is not allowed to be case sensitive
// OR if case sensitive is not checked
// AND
// if the type is not allowed to be a regex
// OR if regex rule is not set
// THEN switch to uppercase
if ((!in_array($type, $rule_equalto_case_sensitive) || !$rules['equal_to_case_sensitive']) && (!in_array($type, $rule_equalto_regex) || !$rules['equal_to_regex'])) {
$value = strtoupper($value);
$equalTo = strtoupper($equalTo);
}
if ($rules['equal_to_regex']) {
$equalTo = $rules['equal_to_case_sensitive'] ? $equalTo . 'u' : $equalTo . 'iu';
if (!preg_match($equalTo, $value)) {
$equalmsg = " " . __("isn’t correct", $cimy_uef_domain);
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . $equalmsg . '.');
}
} else {
if ($value != $equalTo) {
if ($type == "radio" || $type == "checkbox") {
$equalTo == "YES" ? $equalTo = __("YES", $cimy_uef_domain) : __("NO", $cimy_uef_domain);
}
if ($type == "password") {
$equalmsg = " " . __("isn’t correct", $cimy_uef_domain);
} else {
$equalmsg = ' ' . __("should be", $cimy_uef_domain) . ' ' . esc_html($equalTo);
}
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . $equalmsg . '.');
}
}
}
// CHECK IF IT IS A REAL PICTURE
if (in_array($type, $cimy_uef_file_images_types)) {
$allowed_mime_types = get_allowed_mime_types();
$validate = wp_check_filetype($value, $allowed_mime_types);
$file_type2 = "";
if (!empty($validate['type'])) {
$file_type2 = $validate['type'];
}
if ((stristr($file_type1, "image/") === false || stristr($file_type2, "image/") === false) && !empty($value)) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('should be an image.', $cimy_uef_domain));
}
} else {
if (in_array($type, $cimy_uef_file_types)) {
$allowed_mime_types = get_allowed_mime_types();
$validate = wp_check_filetype($value, $allowed_mime_types);
$file_type2 = "";
if (!empty($validate['type'])) {
$file_type2 = $validate['type'];
}
if (empty($file_type2) && !empty($value)) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('does not accept this file type.', $cimy_uef_domain));
}
}
}
// MIN LEN
if (isset($rules['min_length'])) {
$minlen = intval($rules['min_length']);
if (in_array($type, $cimy_uef_file_types)) {
if ($file_size < $minlen) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have size less than', $cimy_uef_domain) . ' ' . $minlen . ' KB.');
}
} else {
if (!in_array($type, $rule_maxlen_is_str)) {
if (cimy_strlen($value) < $minlen) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have length less than', $cimy_uef_domain) . ' ' . $minlen . '.');
}
}
}
}
// EXACT LEN
if (isset($rules['exact_length'])) {
$exactlen = intval($rules['exact_length']);
if (in_array($type, $cimy_uef_file_types)) {
if ($file_size != $exactlen) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have size different than', $cimy_uef_domain) . ' ' . $exactlen . ' KB.');
}
} else {
if (!in_array($type, $rule_maxlen_is_str)) {
if (cimy_strlen($value) != $exactlen) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have length different than', $cimy_uef_domain) . ' ' . $exactlen . '.');
}
}
}
}
// MAX LEN
if (isset($rules['max_length'])) {
$maxlen = intval($rules['max_length']);
if (in_array($type, $cimy_uef_file_types)) {
if ($file_size > $maxlen) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have size more than', $cimy_uef_domain) . ' ' . $maxlen . ' KB.');
}
} else {
if (!in_array($type, $rule_maxlen_is_str)) {
if (cimy_strlen($value) > $maxlen) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have length more than', $cimy_uef_domain) . ' ' . $maxlen . '.');
}
}
}
}
}
}
$i++;
}
if ($options['confirm_form']) {
// this is executed to test registration for errors, to avoid a real registration we put a fake error
if (empty($errors->errors) && isset($_POST["register_confirmation"]) && $_POST["register_confirmation"] == 1) {
$errors->add('register_confirmation', 'true');
}
}
cimy_switch_current_blog();
return $errors;
}
function cimy_registration_check($user_login, $user_email, $errors)
{
global $wpdb, $rule_canbeempty, $rule_email, $rule_maxlen, $fields_name_prefix, $wp_fields_name_prefix, $rule_equalto_case_sensitive, $apply_equalto_rule, $cimy_uef_domain, $cimy_uef_file_types, $rule_equalto_regex, $user_level;
// cimy_switch_to_blog();
$options = cimy_get_options();
// code for confirmation email check
if (!is_multisite() && $options["confirm_email"]) {
$errors = cimy_check_user_on_signups($errors, $user_login, $user_email);
}
// avoid to save stuff if user is being added from: /wp-admin/user-new.php
if ($_POST["action"] == "adduser") {
return $errors;
}
// if not set, set to -1 == anonymous
if (!isset($user_level)) {
$user_level = -1;
}
$extra_fields = get_cimyFields(false, true);
$wp_fields = get_cimyFields(true);
// if we are updating profile don't bother with WordPress fields' rules
if ($_POST["from"] == "profile") {
$i = 2;
} else {
$i = 1;
}
// do first for the WP fields then for EXTRA fields
while ($i <= 2) {
if ($i == 1) {
$fields = $wp_fields;
$prefix = $wp_fields_name_prefix;
} else {
$fields = $extra_fields;
$prefix = $fields_name_prefix;
}
$i++;
foreach ($fields as $thisField) {
$field_id = $thisField['ID'];
$name = $thisField['NAME'];
$rules = $thisField['RULES'];
$type = $thisField['TYPE'];
$label = $thisField['LABEL'];
$description = $thisField['DESCRIPTION'];
$input_name = $prefix . $wpdb->escape($name);
$unique_id = $prefix . $field_id;
// if the current user LOGGED IN has not enough permissions to see the field, skip it
// apply only for EXTRA FIELDS
if ($user_level < $rules['show_level']) {
continue;
}
// if show_level == anonymous then do NOT ovverride other show_xyz rules
if ($rules['show_level'] == -1) {
// if we are updating the profile check correct rule
if ($_POST["from"] == "profile") {
// if flag to show the field in the profile is NOT activated, skip it
if (!$rules['show_in_profile']) {
continue;
}
} else {
// we are registering new user
// if flag to show the field in the registration is NOT activated, skip it
if (!$rules['show_in_reg']) {
continue;
}
}
}
// uploading a file is not supported when confirmation email is enabled (on MS is turned on by default yes)
if ((is_multisite() || $options["confirm_email"]) && in_array($type, $cimy_uef_file_types)) {
continue;
}
if ($_POST["from"] == "profile") {
// if editing a different user (only admin)
if (isset($_GET['user_id'])) {
$get_user_id = $_GET['user_id'];
} else {
if (isset($_POST['user_id'])) {
$get_user_id = $_POST['user_id'];
} else {
$get_user_id = $user_ID;
}
}
if (!empty($get_user_id)) {
global $wpdb_data_table;
$get_user_id = intval($get_user_id);
// we need the freaking old value
$old_value = $wpdb->get_var($wpdb->prepare("SELECT VALUE FROM " . $wpdb_data_table . " WHERE USER_ID=" . $get_user_id . " AND FIELD_ID=" . $field_id));
// Hey, no need to check for rules if anyway I can't edit due to low permissions, neeeext!
if ($old_value != "" && $rules['edit'] == 'edit_only_if_empty' || $old_value != "" && !current_user_can('edit_users') && $rules['edit'] == 'edit_only_by_admin_or_if_empty' || $rules['edit'] == 'no_edit' || $rules['edit'] == 'edit_only_by_admin' && !current_user_can('edit_users')) {
continue;
}
}
}
if (isset($_POST[$input_name])) {
if ($type == "dropdown-multi") {
$value = stripslashes(implode(",", $_POST[$input_name]));
} else {
$value = stripslashes($_POST[$input_name]);
}
} else {
$value = "";
}
if ($type == "dropdown") {
$ret = cimy_dropDownOptions($label, $value);
$label = $ret['label'];
$html = $ret['html'];
}
if (in_array($type, $cimy_uef_file_types)) {
// filesize in Byte transformed in KiloByte
$file_size = $_FILES[$input_name]['size'] / 1024;
$file_type = $_FILES[$input_name]['type'];
$value = $_FILES[$input_name]['name'];
$old_file = $_POST[$input_name . "_oldfile"];
$del_old_file = $_POST[$input_name . "_del"];
}
switch ($type) {
case 'checkbox':
$value == 1 ? $value = "YES" : ($value = "NO");
break;
case 'radio':
intval($value) == intval($field_id) ? $value = "YES" : ($value = "NO");
break;
}
// if the flag can be empty is NOT set OR the field is not empty then other check can be useful, otherwise skip all
if (!$rules['can_be_empty'] || $value != "") {
// yea $i should be == 1 but ++ already so == 2 :)
if ($i == 2 && $input_name == $prefix . "PASSWORD2") {
if ($value != $_POST[$prefix . "PASSWORD"]) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('does not match.', $cimy_uef_domain));
}
}
if ($rules['email'] && in_array($type, $rule_email)) {
if (!is_email($value)) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('hasn’t a correct email syntax.', $cimy_uef_domain));
}
}
if (!$rules['can_be_empty'] && in_array($type, $rule_canbeempty) && $value == "") {
$empty_error = true;
// IF 1. it's a file type
// AND 2. there is an old one uploaded
// AND 3. this old one is not gonna be deleted
// THEN do not throw the empty error.
if (in_array($type, $cimy_uef_file_types) && $old_file != "" && $del_old_file == "") {
$empty_error = false;
}
if ($empty_error) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t be empty.', $cimy_uef_domain));
}
}
if (isset($rules['equal_to']) && in_array($type, $apply_equalto_rule)) {
$equalTo = $rules['equal_to'];
// if the type is not allowed to be case sensitive
// OR if case sensitive is not checked
// AND
// if the type is not allowed to be a regex
// OR if regex rule is not set
// THEN switch to uppercase
if ((!in_array($type, $rule_equalto_case_sensitive) || !$rules['equal_to_case_sensitive']) && (!in_array($type, $rule_equalto_regex) || !$rules['equal_to_regex'])) {
$value = strtoupper($value);
$equalTo = strtoupper($equalTo);
}
if ($rules['equal_to_regex']) {
if (!preg_match($equalTo, $value)) {
$equalmsg = " " . __("isn’t correct", $cimy_uef_domain);
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . $equalmsg . '.');
}
} else {
if ($value != $equalTo) {
if ($type == "radio" || $type == "checkbox") {
$equalTo == "YES" ? $equalTo = __("YES", $cimy_uef_domain) : __("NO", $cimy_uef_domain);
}
if ($type == "password") {
$equalmsg = " " . __("isn’t correct", $cimy_uef_domain);
} else {
$equalmsg = ' ' . __("should be", $cimy_uef_domain) . ' ' . $equalTo;
}
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . $equalmsg . '.');
}
}
}
// CHECK IF IT IS A REAL PICTURE
if ($type == "picture" || $type == "avatar") {
if (stristr($file_type, "image/") === false && $value != "") {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('should be an image.', $cimy_uef_domain));
}
}
// MIN LEN
if (isset($rules['min_length'])) {
$minlen = intval($rules['min_length']);
if (in_array($type, $cimy_uef_file_types)) {
if ($file_size < $minlen) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have size less than', $cimy_uef_domain) . ' ' . $minlen . ' KB.');
}
} else {
if (strlen($value) < $minlen) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have length less than', $cimy_uef_domain) . ' ' . $minlen . '.');
}
}
}
// EXACT LEN
if (isset($rules['exact_length'])) {
$exactlen = intval($rules['exact_length']);
if (in_array($type, $cimy_uef_file_types)) {
if ($file_size != $exactlen) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have size different than', $cimy_uef_domain) . ' ' . $exactlen . ' KB.');
}
} else {
if (strlen($value) != $exactlen) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have length different than', $cimy_uef_domain) . ' ' . $exactlen . '.');
}
}
}
// MAX LEN
if (isset($rules['max_length'])) {
$maxlen = intval($rules['max_length']);
if (in_array($type, $cimy_uef_file_types)) {
if ($file_size > $maxlen) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have size more than', $cimy_uef_domain) . ' ' . $maxlen . ' KB.');
}
} else {
if (strlen($value) > $maxlen) {
$errors->add($unique_id, '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . $label . ' ' . __('couldn’t have length more than', $cimy_uef_domain) . ' ' . $maxlen . '.');
}
}
}
}
}
}
if (isset($_POST["securimage_response_field"])) {
global $cuef_plugin_dir;
require_once $cuef_plugin_dir . '/securimage/securimage.php';
$securimage = new Securimage();
if ($securimage->check($_POST['securimage_response_field']) == false) {
$errors->add("securimage_code", '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . __('Typed code is not correct.', $cimy_uef_domain));
}
}
if (isset($_POST["recaptcha_response_field"])) {
$recaptcha_code_ok = false;
if ($_POST["recaptcha_response_field"]) {
global $cuef_plugin_dir;
require_once $cuef_plugin_dir . '/recaptcha/recaptchalib.php';
$recaptcha_resp = recaptcha_check_answer($options["recaptcha_private_key"], $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
$recaptcha_code_ok = $recaptcha_resp->is_valid;
}
if (!$recaptcha_code_ok) {
$errors->add("recaptcha_code", '<strong>' . __("ERROR", $cimy_uef_domain) . '</strong>: ' . __('Typed code is not correct.', $cimy_uef_domain));
}
}
cimy_switch_current_blog();
return $errors;
}
