// if (strlen($invite_code)==0) {
// show_error(tra("You must supply an invitation code to create an account."));
// }
// if (!preg_match(INVITE_CODES, $invite_code)) {
// show_error(tra("The invitation code you gave is not valid."));
// }
//}
print_r($data);
exit;
$new_name = $data['namePerson/friendly'];
if (!is_valid_user_name($new_name, $reason)) {
show_error($reason);
}
$new_email_addr = $data['contact/email'];
$new_email_addr = strtolower($new_email_addr);
if (!is_valid_email_addr($new_email_addr)) {
show_error("Invalid email address:\n you must enter a valid address of the form\n name@domain");
}
$user = lookup_user_email_addr($new_email_addr);
if (!$user) {
$passwd_hash = random_string();
$country = $data['contact/country/home'];
if ($country == "") {
$country = "International";
}
if (!is_valid_country($country)) {
echo "bad country";
exit;
}
$postal_code = '';
$user = make_user($new_email_addr, $new_name, $passwd_hash, $country, $postal_code, $project_prefs = "", $teamid = 0);
/**
Send notification to user that account is active
@param - $user_r - a single record from user table
*/
function send_newuser_email($user_r, $passwd, &$errors)
{
$from_user_r = fetch_user_r(get_opendb_session_var('user_id'));
$subject = get_opendb_lang_var('new_site_account', 'site', get_opendb_config_var('site', 'title'));
$message = get_opendb_lang_var('to_user_email_intro', 'fullname', $user_r['fullname']) . "\n\n" . get_opendb_lang_var('welcome_email', 'site', get_opendb_config_var('site', 'title')) . "\n\n" . get_opendb_lang_var('userid') . ": " . $user_r['user_id'] . "\n" . get_opendb_lang_var('new_passwd') . ": " . $passwd;
if (is_user_granted_permission(PERM_EDIT_USER_PROFILE)) {
// Provide a link to open User Info form in edit mode.
$message .= "\n\n" . get_opendb_lang_var('edit_my_info') . ":\n" . get_site_url() . "user_admin.php?op=edit&user_id=" . urlencode($user_r['user_id']);
}
if (is_valid_email_addr($user_r['email_addr'])) {
return opendb_user_email($user_r['user_id'], $from_user_r['user_id'], $subject, $message, $errors, FALSE);
}
}
$next_url = urldecode($next_url);
$next_url = sanitize_local_url($next_url);
if (strlen($next_url) == 0) {
$next_url = "home.php";
}
$perm = false;
if (isset($_POST['stay_logged_in'])) {
$perm = $_POST['stay_logged_in'];
}
// check for account key case.
// see if key is in URL; if not then check for POST data
//
$authenticator = get_str("key", true);
if (!$authenticator) {
$authenticator = post_str("authenticator", true);
}
if ($authenticator) {
login_with_auth($authenticator, $next_url, $perm);
exit;
}
$email_addr = strtolower(sanitize_tags(post_str("email_addr", true)));
$passwd = post_str("passwd", true);
if ($email_addr && $passwd) {
if (LDAP_HOST && !is_valid_email_addr($email_addr)) {
login_with_ldap($email_addr, $passwd, $next_url, $perm);
} else {
login_with_email($email_addr, $passwd, $next_url, $perm);
}
exit;
}
error_page("You must supply an email address and password");
function validate_s_config_group_item($group_id, $id, $keyid, $value)
{
if (strlen($group_id) > 0 && strlen($id) > 0 && strlen($keyid) > 0) {
$query = "SELECT type, subtype FROM s_config_group_item WHERE group_id = '{$group_id}' AND id = '{$id}' ";
if (is_numeric($keyid)) {
$query .= " AND (type = 'array' OR keyid = '{$keyid}') ";
} else {
$query .= " AND keyid = '{$keyid}' ";
}
$query .= "LIMIT 0,1";
$result = db_query($query);
if ($result && db_num_rows($result) > 0) {
$found = db_fetch_assoc($result);
$value = trim($value);
// will not directly validate an array, but instead the subtype of the array.
if ($found['type'] == 'array') {
// by default its text
if (strlen($found['subtype']) == 0) {
$found['subtype'] = 'text';
}
if ($found['subtype'] == 'usertype') {
$found['type'] = 'usertype';
} else {
if ($found['subtype'] == 'number') {
$found['type'] = 'number';
} else {
$found['type'] = 'text';
}
}
}
switch ($found['type']) {
case 'boolean':
$value = strtoupper($value);
if ($value == 'TRUE' || $value == 'FALSE') {
return $value;
} else {
return 'FALSE';
}
case 'email':
if (is_valid_email_addr($value)) {
return $value;
} else {
return FALSE;
}
case 'number':
// filter out any non-numeric characters, but pass the rest in.
$value = remove_illegal_chars($value, expand_chars_exp('0-9'));
if (strlen($value) > 0) {
return $value;
} else {
return FALSE;
}
case 'datemask':
// TODO: Provide a date-mask filter
return $value;
case 'language':
if (is_exists_language($value)) {
return $value;
} else {
return FALSE;
}
case 'theme':
if (is_exists_theme($value)) {
return $value;
} else {
return FALSE;
}
case 'export':
if (strlen($value) == 0 || is_export_plugin($value)) {
return $value;
} else {
return FALSE;
}
case 'value_select':
if (strlen($found['subtype']) > 0) {
$options_r = explode(',', $found['subtype']);
}
if (!is_array($options_r) || in_array($value, $options_r) !== FALSE) {
return $value;
} else {
return FALSE;
}
//case 'readonly':
// return $value;
//case 'text':
//case 'password':
//case 'textarea':
// return addslashes(replace_newlines(trim($value)));
//case 'readonly':
// return $value;
//case 'text':
//case 'password':
//case 'textarea':
// return addslashes(replace_newlines(trim($value)));
default:
return addslashes(replace_newlines(trim($value)));
}
//switch
db_free_result($result);
} else {
return FALSE;
}
}
//else
return FALSE;
}
/**
* The table structure could be more sophisticated where a message is sent to multiple
* addresses, but since the email function does not provide this, I see no reason to
* do anything more complicated.
*
* @param unknown_type $item_id
* @param unknown_type $author_id
* @param unknown_type $comment
* @param unknown_type $rating
* @return unknown
*/
function insert_email($to_user_id, $from_user_id, $from_email_addr, $subject, $message)
{
$to_user_id = trim($to_user_id);
$from_user_id = trim($from_user_id);
$from_email_addr = trim($from_email_addr);
if (!is_user_valid($to_user_id)) {
opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid To User', array($to_user_id, $from_user_id, $from_email_addr, $subject));
return FALSE;
} else {
if (strlen($from_user_id) > 0 && !is_user_valid($from_user_id)) {
opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid From User', array($to_user_id, $from_user_id, $from_email_addr, $subject));
return FALSE;
} else {
if (strlen($from_user_id) == 0 && (strlen($from_email_addr) == 0 || !is_valid_email_addr($from_email_addr))) {
opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid From Email', array($to_user_id, $from_user_id, $from_email_addr, $subject));
return FALSE;
}
}
}
if (strlen($from_user_id) > 0) {
$from_email_addr = NULL;
} else {
$from_email_addr = addslashes($from_email_addr);
}
$subject = addslashes(trim($subject));
$message = addslashes(replace_newlines(trim($message)));
$query = "INSERT INTO mailbox (to_user_id,from_user_id,from_email_addr,subject,message)" . "VALUES ('{$to_user_id}'," . (strlen($from_user_id) > 0 ? "'{$from_user_id}'" : "NULL") . "," . (strlen($from_email_addr) > 0 ? "'{$from_email_addr}'" : "NULL") . ", '{$subject}','{$message}')";
$insert = db_query($query);
if ($insert && db_affected_rows() > 0) {
opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, NULL, array($to_user_id, $from_user_id, $from_email_addr, $subject));
return TRUE;
} else {
opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, db_error(), array($to_user_id, $from_user_id, $from_email_addr, $subject));
return FALSE;
}
}
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
require_once "../inc/boinc_db.inc";
require_once "../inc/util.inc";
require_once "../inc/email.inc";
require_once "../inc/user.inc";
check_get_args(array());
$user = get_logged_in_user();
$email_addr = strtolower(post_str("email_addr"));
$passwd = post_str("passwd", true);
page_head(tra("Change email address of account"));
if (!is_valid_email_addr($email_addr)) {
echo tra("New email address '%1' is invalid.", $email_addr);
} else {
if (is_banned_email_addr($email_addr)) {
echo tra("New email address '%1' is invalid.", $email_addr);
} else {
if ($email_addr == $user->email_addr) {
echo tra("New email address is same as existing address. Nothing is changed.");
} else {
$existing = BoincUser::lookup_email_addr($email_addr);
if ($existing) {
echo tra("There's already an account with that email address");
} else {
$passwd_hash = md5($passwd . $user->email_addr);
// deal with the case where user hasn't set passwd
// (i.e. passwd is account key)
function mail_type($user, $email_file)
{
global $globals;
$html = replace($user, $email_file['html']);
$text = replace($user, $email_file['text']);
if ($globals->show_email) {
echo "\nSending to {$user->email_addr}:\n";
echo "------- SUBJECT ----------\n";
echo $email_file['subject'];
echo "\n------- HTML ----------\n";
echo $html;
echo "\n------- TEXT ----------\n";
echo $text;
}
if ($globals->send) {
if (is_valid_email_addr($user->email_addr)) {
send_email($user, $email_file['subject'], $text, $html);
} else {
if ($globals->explain) {
echo "invalid e-mail address\n";
}
}
}
}
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
require_once "../inc/util.inc";
require_once "../inc/email.inc";
check_get_args(array());
redirect_to_secure_url("edit_email_form.php");
$user = get_logged_in_user();
page_head(tra("Change email address"));
$email_text = "";
if (is_valid_email_addr($user->email_addr)) {
$email_text = $user->email_addr;
}
echo "<form method=post action=" . secure_url_base() . "/edit_email_action.php>\n";
start_table();
row1(tra("Change the email address of your account"));
row2(tra("New email address") . "<br><p class=\"text-muted\">" . tra("Must be a valid address of the form 'name@domain'") . "</p>", "<input name=email_addr size=50 type=text value='{$email_text}'>");
// we need the password here not for verification,
// but because we store it salted with email address,
// which is about to change.
row2(tra("Password") . "<br><a href=" . secure_url_base() . "/edit_passwd_form.php><p class=\"text-muted\">" . tra("No password?") . "</p></a>", "<input type=password name=passwd>");
row2("", "<input class=\"btn btn-default\" type=submit value='" . tra("Change email address") . "'>");
end_table();
echo "</form>\n";
page_tail();
function validate_item_input_field($item_attribute_type_r, $value, &$errors)
{
// cater for multivalue fields here!
if (!is_array($value) && strlen(trim($value)) > 0) {
$tmpval = trim($value);
unset($value);
$value[] = $tmpval;
}
if ($item_attribute_type_r['compulsory_ind'] == 'Y') {
// at this point, $value will always be an array because of the block above.
if (is_empty_or_not_array($value)) {
$error = array('error' => get_opendb_lang_var('prompt_must_be_specified', 'prompt', $item_attribute_type_r['prompt']), 'detail' => '');
if (is_array($errors)) {
$errors[] = $error;
} else {
$errors = $error;
}
return FALSE;
}
}
if (is_not_empty_array($value) && $item_attribute_type_r['lookup_attribute_ind'] != 'Y') {
switch ($item_attribute_type_r['input_type']) {
case 'hidden':
case 'readonly':
case 'textarea':
case 'htmlarea':
case 'text':
case 'password':
case 'simple_checkbox':
case 'checkbox':
case 'check_boxes':
// deprecated
// deprecated
case 'vertical_check_boxes':
// deprecated
// deprecated
case 'horizontal_check_boxes':
// deprecated
// deprecated
case 'radio_group':
// deprecated
// deprecated
case 'vertical_radio_group':
// deprecated
// deprecated
case 'horizontal_radio_group':
// deprecated
// deprecated
case 'radio_grid':
case 'value_radio_grid':
case 'checkbox_grid':
case 'single_select':
case 'multi_select':
case 'value_select':
return TRUE;
break;
case 'url':
// will be an array of content groups
if (strlen($item_attribute_type_r['input_type_arg3']) > 0) {
$content_group_r = prc_args($item_attribute_type_r['input_type_arg3']);
$extensions_r = fetch_file_type_extensions_r($content_group_r);
// it might just be a list of extensions
if (!is_not_empty_array($extensions_r)) {
$extensions_r = $content_group_r;
}
for ($i = 0; $i < count($value); $i++) {
if (!in_array(strtolower(get_file_ext($value[$i])), $extensions_r)) {
$error = array('error' => get_opendb_lang_var('url_is_not_valid', array('prompt' => $item_attribute_type_r['prompt'], 'extensions' => implode(', ', $extensions_r))), 'detail' => '');
if (is_array($errors)) {
$errors[] = $error;
} else {
$errors = $error;
}
return FALSE;
}
}
}
//else
return TRUE;
case 'email':
for ($i = 0; $i < count($value); $i++) {
if (!is_valid_email_addr($value[$i]) && ($item_attribute_type_r['compulsory_ind'] == 'Y' && strlen(trim($value[$i])) > 0)) {
$error = array('error' => get_opendb_lang_var('email_is_not_valid', 'prompt', $item_attribute_type_r['prompt']), 'detail' => '');
if (is_array($errors)) {
$errors[] = $error;
} else {
$errors = $error;
}
return FALSE;
}
}
//else
return TRUE;
case 'datetime':
for ($i = 0; $i < count($value); $i++) {
if ($item_attribute_type_r['compulsory_ind'] == 'Y' || strlen(trim($value[$i])) > 0) {
$timestamp = get_timestamp_for_datetime($value[$i], $item_attribute_type_r['input_type_arg1']);
if ($timestamp === FALSE) {
//else perhaps it is a timestamp value already.
$timestamp = get_timestamp_for_datetime($value[$i], 'YYYYMMDDHH24MISS');
if ($timestamp === FALSE) {
$error = array('error' => get_opendb_lang_var('datetime_is_not_valid', array('prompt' => $item_attribute_type_r['prompt'], 'format_mask' => $item_attribute_type_r['input_type_arg1'])), 'detail' => '');
if (is_array($errors)) {
$errors[] = $error;
} else {
$errors = $error;
}
return FALSE;
}
}
}
}
//else
return TRUE;
case 'filtered':
$legalChars = expand_chars_exp($item_attribute_type_r['input_type_arg3']);
for ($i = 0; $i < count($value); $i++) {
$value[$i] = trim($value[$i]);
for ($j = 0; $j < strlen($value[$i]); $j++) {
if (strstr($legalChars, substr($value[$i], $j, 1)) === FALSE) {
$error = array('error' => get_opendb_lang_var('prompt_must_be_format', array('prompt' => $item_attribute_type_r['prompt'], 'format' => '[' . $item_attribute_type_r['input_type_arg3'] . ']')), 'detail' => '');
if (is_array($errors)) {
$errors[] = $error;
} else {
$errors = $error;
}
return FALSE;
}
}
}
return TRUE;
case 'number':
for ($i = 0; $i < count($value); $i++) {
if (!is_numeric($value[$i]) && ($item_attribute_type_r['compulsory_ind'] == 'Y' && strlen(trim($value[$i])) > 0)) {
$error = array('error' => get_opendb_lang_var('prompt_must_be_format', array('prompt' => $item_attribute_type_r['prompt'], 'format' => '[0-9]')), 'detail' => '');
if (is_array($errors)) {
$errors[] = $error;
} else {
$errors = $error;
}
return FALSE;
}
}
return TRUE;
default:
return TRUE;
break;
}
} else {
return TRUE;
}
}