//process new user data
} elseif (isset($_POST["addUser"])) {
$user_data = $_POST;
//check for pre-existing username
if (!empty($_POST["username"])) {
$existing_user = phorum_api_user_search("username", $_POST["username"]);
if (!empty($existing_user)) {
$error = 'The user name "' . htmlspecialchars($_POST['username']) . '" is already in use!';
}
} else {
$error = "You must provide a user name!";
}
//check for a valid email
if (!empty($_POST["email"])) {
include './include/email_functions.php';
$valid_email = phorum_valid_email($_POST["email"]);
if ($valid_email !== true) {
$error = 'The email "' . htmlspecialchars($_POST[email]) . '" is not valid!';
}
}
//check for password and password confirmation
if (isset($_POST['password1']) && !empty($_POST['password1']) && !empty($_POST['password2']) && $_POST['password1'] != $_POST['password2']) {
$error = "Passwords don't match!";
} elseif (!empty($_POST['password1']) && !empty($_POST['password2'])) {
$user_data['password'] = $_POST['password1'];
$user_data['password_temp'] = $_POST['password1'];
} else {
$error = "You must assign a password!";
}
unset($user_data["password1"]);
unset($user_data["password2"]);
// need this for banlist-checks
include_once("./include/profile_functions.php");
// email-verification
if($PHORUM['registration_control']) {
//$PHORUM['DATA']['PROFILE']['email_temp']="email_address@bogus.com|bla";
if (!empty($PHORUM['DATA']['PROFILE']['email_temp'])) {
list($PHORUM['DATA']['PROFILE']['email_temp_part'],$bogus)=explode("|",$PHORUM['DATA']['PROFILE']['email_temp']);
}
}
if ( count( $_POST ) ) {
if ( empty( $_POST["email"] ) ) {
$error = $PHORUM["DATA"]["LANG"]["ErrRequired"];
} elseif (!phorum_valid_email( $_POST["email"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrEmail"];
} elseif ($PHORUM['user']['email'] != $_POST["email"] && phorum_user_check_email($_POST["email"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrEmailExists"];
} elseif (!phorum_check_ban_lists($_POST["email"], PHORUM_BAD_EMAILS)) {
$error = $PHORUM["DATA"]["LANG"]["ErrBannedEmail"];
} elseif (isset($PHORUM['DATA']['PROFILE']['email_temp_part']) && !empty($_POST['email_verify_code']) && $PHORUM['DATA']['PROFILE']['email_temp_part']."|".$_POST['email_verify_code'] != $PHORUM['DATA']['PROFILE']['email_temp']) {
$error = $PHORUM['DATA']['LANG']['ErrWrongMailcode'];
} else {
// flip this due to db vs. UI wording.
$_POST["hide_email"] = ( isset($_POST["hide_email"]) ) ? 0 : 1;
$_POST['moderation_email'] = ( isset($_POST['moderation_email']) && phorum_user_moderate_allowed(PHORUM_MODERATE_ALLOWED_ANYWHERE) ) ? 1 : 0;
// Remember this for the template.
if (isset($PHORUM['DATA']['PROFILE']['email_temp_part'])) {
* <hookcode>
* function phorum_mod_foo_check_post ($args) {
* list ($message, $error) = $args;
* if (!empty($error)) return $args;
*
* if (stristr($message["body"], "bar") !== false) {
* return array($message, "The body may not contain 'bar'");
* }
*
* return $args;
* }
* </hookcode>
*/
if (!$error && isset($PHORUM["hooks"]["check_post"])) {
list($message, $error) = phorum_hook("check_post", array($message, $error));
}
// Data integrity checks for all messages.
if (!$error) {
if (!isset($message["subject"]) || trim($message["subject"]) == '') {
$error = $PHORUM["DATA"]["LANG"]["ErrSubject"];
} elseif (!isset($message["body"]) || trim($message["body"]) == '') {
$error = $PHORUM["DATA"]["LANG"]["ErrBody"];
} elseif (!empty($message["email"]) && !phorum_valid_email($message["email"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrEmail"];
} elseif (strlen($message["body"]) > 64000) {
$error = $PHORUM["DATA"]["LANG"]["ErrBodyTooLarge"];
}
}
if ($error) {
$PHORUM["DATA"]["ERROR"] = $error;
}
}
}
// A hook entry for checking the data from a module.
if (! $error) {
list($message, $error) =
phorum_hook("check_post", array($message, $error));
}
// Data integrity checks for all messages.
if (! $error)
{
if (empty($message["subject"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrSubject"];
} elseif (empty($message["body"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrBody"];
} elseif (!empty($message["email"]) &&
!phorum_valid_email($message["email"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrEmail"];
} elseif (strlen($message["body"]) > 64000) {
$error = $PHORUM["DATA"]["LANG"]["ErrBodyTooLarge"];
}
}
if ($error) {
$PHORUM["DATA"]["ERROR"] = $error;
$error_flag = true;
}
?>
if (count($_POST)) {
// Sanitize input data.
foreach ($_POST as $key => $val) {
if ($key == 'username' || $key == 'name' || $key == 'surname') {
// Trim and space-collapse usernames, so people can't
// impersonate as other users using the same username,
// but with extra spaces in it.
$_POST[$key] = preg_replace('/\\s+/', ' ', trim($val));
} else {
$_POST[$key] = trim($val);
}
}
// Check if all required fields are filled and valid.
if (!isset($_POST["username"]) || empty($_POST['username'])) {
$error = $PHORUM["DATA"]["LANG"]["ErrUsername"];
} elseif (!isset($_POST["email"]) || !phorum_valid_email($_POST["email"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrEmail"];
} elseif (empty($_POST["password"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrPasswordEmpty"];
} elseif ($_POST["password"] != $_POST["password2"]) {
$error = $PHORUM["DATA"]["LANG"]["ErrPassword"];
} elseif (strlen($_POST["password"]) < 8) {
$error = $PHORUM["DATA"]["LANG"]["ErrPasswordLen"];
} elseif (!preg_match('/[^a-zA-Z]/', $_POST["password"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrPasswordNoSpecial"];
}
// Check additional data - name, surname, clubid ...
if (!isset($_POST["name"]) || empty($_POST["name"]) || !isset($_POST["surname"]) || empty($_POST["surname"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrRealname"];
}
if (!isset($_POST["clubid"]) || empty($_POST["clubid"])) {
