function validate_member($use_screen_name = 'yes')
{
/** -------------------------------------
/** Instantiate validation class
/** -------------------------------------*/
if (!class_exists('EE_Validate')) {
require APPPATH . 'libraries/Validate' . EXT;
}
$VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $_POST['username'], 'cur_username' => '', 'screen_name' => $_POST['screen_name'], 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => $_POST['email'], 'cur_email' => ''));
$VAL->validate_username();
$VAL->validate_email();
$VAL->validate_password();
if ($use_screen_name == 'yes') {
$VAL->validate_screen_name();
}
// Display errors if there are any
if (count($VAL->errors) > 0) {
return array('result' => 'failed', 'errors' => $VAL->errors);
} else {
return TRUE;
}
}
/** ----------------------------------
/** Update the username/password
/** ----------------------------------*/
function update_un_pw()
{
ee()->load->library('auth');
// Run through basic verifications: authenticate, username and
// password both exist, not banned, IP checking is okay
if (!($verify_result = ee()->auth->verify())) {
// In the event it's a string, send it to show_user_error
return ee()->output->show_user_error('submission', implode(', ', ee()->auth->errors));
}
list($username, $password, $incoming) = $verify_result;
$member_id = $incoming->member('member_id');
/** -------------------------------------
/** Instantiate validation class
/** -------------------------------------*/
if (!class_exists('EE_Validate')) {
require APPPATH . 'libraries/Validate.php';
}
$new_un = (string) ee()->input->post('new_username');
$new_pw = (string) ee()->input->post('new_password');
$new_pwc = (string) ee()->input->post('new_password_confirm');
$VAL = new EE_Validate(array('val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $new_un, 'password' => $new_pw, 'password_confirm' => $new_pwc, 'cur_password' => $password));
$un_exists = $new_un !== '' ? TRUE : FALSE;
$pw_exists = ($new_pw !== '' and $new_pwc !== '') ? TRUE : FALSE;
if ($un_exists) {
$VAL->validate_username();
}
if ($pw_exists) {
$VAL->validate_password();
}
/** -------------------------------------
/** Display errors if there are any
/** -------------------------------------*/
if (count($VAL->errors) > 0) {
return ee()->output->show_user_error('submission', $VAL->errors);
}
if ($un_exists) {
ee()->auth->update_username($member_id, $new_un);
}
if ($pw_exists) {
ee()->auth->update_password($member_id, $new_pw);
}
// Clear the tracker cookie since we're not sure where the redirect should go
ee()->input->delete_cookie('tracker');
$return = ee()->functions->form_backtrack();
if (ee()->config->item('website_session_type') != 'c') {
if (ee()->config->item('force_query_string') == 'y' && substr($return, 0, -3) == "php") {
$return .= '?';
}
if (ee()->session->userdata['session_id'] != '') {
$return .= "/S=" . ee()->session->userdata['session_id'] . "/";
}
}
if (ee()->uri->segment(5)) {
$link = ee()->functions->create_url(ee()->uri->segment(5));
$line = lang('return_to_forum');
} else {
$link = $this->_member_path('login');
$line = lang('return_to_login');
}
// We're done.
$data = array('title' => lang('settings_update'), 'heading' => lang('thank_you'), 'content' => lang('unpw_updated'), 'link' => array($link, $line));
ee()->output->show_message($data);
}
/**
* insert new entry to db
*
* @access public
* @return null
*/
function insert_new_entry()
{
$default = array('name', 'email');
$all_fields = '';
$fields = array();
$entry_id = '';
$msg = array();
foreach ($default as $val)
{
if ( ! isset($_POST[$val]))
{
$_POST[$val] = '';
}
}
// ----------------------------------------
// Fetch the freeform language pack
// ----------------------------------------
ee()->lang->loadfile('freeform');
// ----------------------------------------
// Is the user banned?
// ----------------------------------------
if (ee()->session->userdata['is_banned'] == TRUE)
{
return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized')));
}
// ----------------------------------------
// Is the IP address and User Agent required?
// ----------------------------------------
if ( $this->check_yes($this->_param('require_ip')) )
{
if (ee()->session->userdata['group_id'] != 1 AND ee()->input->ip_address() == '0.0.0.0')
{
return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized')));
}
}
// ----------------------------------------
// Is the nation of the user banned?
// ----------------------------------------
ee()->session->nation_ban_check();
// ----------------------------------------
// Blacklist/Whitelist Check
// ----------------------------------------
if ($this->check_yes(ee()->blacklist->blacklisted) && $this->check_no(ee()->blacklist->whitelisted))
{
return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized')));
}
// ----------------------------------------
// Check duplicates
// ----------------------------------------
if ( $this->_param('prevent_duplicate_on') AND
$this->_param('prevent_duplicate_on') != '' AND
( ee()->session->userdata['group_id'] != 1 OR
ee()->input->get_post('email') != '' )
)
{
$sql = " SELECT COUNT(*)
AS count
FROM exp_freeform_entries
WHERE status != 'closed'";
if ( $this->_param('form_name') )
{
$sql .= " AND form_name = '".ee()->db->escape_str($this->_param('form_name'))."'";
}
if ( $this->_param('prevent_duplicate_on') == 'member_id' AND ee()->session->userdata['member_id'] != '0' )
{
$sql .= " AND author_id = '".ee()->db->escape_str(ee()->session->userdata['member_id'])."'";
}
elseif ( $this->_param('prevent_duplicate_on') == 'ip_address' AND
ee()->input->ip_address() != '0.0.0.0' AND
ee()->session->userdata['group_id'] != 1)
{
$sql .= " AND ip_address = '".ee()->db->escape_str(ee()->input->ip_address())."'";
}
else
{
$sql .= " AND email = '".ee()->db->escape_str(ee()->input->get_post('email'))."'";
}
$dup = ee()->db->query( $sql );
if ( $dup->row('count') > 0 )
{
return ee()->output->show_user_error('general', array(ee()->lang->line('no_duplicates')));
}
}
// ----------------------------------------
// Start error trapping on required fields
// ----------------------------------------
$errors = array();
// Are there any required fields?
if ( $this->_param('ee_required') != '' )
{
$required_fields = preg_split("/,|\|/" ,$this->_param('ee_required'));
// ----------------------------------------
// Let's get labels from the DB
// ----------------------------------------
$query = ee()->db->query(
"SELECT *
FROM exp_freeform_fields"
);
$labels = array();
if ( $query->num_rows() > 0 )
{
foreach ($query->result_array() as $row)
{
$labels[$row['name']] = $row['label'];
}
// Check for empty fields
foreach ( $required_fields as $val )
{
if ( ! ee()->input->post($val) OR ee()->input->post($val) == '' )
{
if (array_key_exists($val, $labels))
{
$errors[] = ee()->lang->line('field_required') . ' ' . $labels[$val];
}
else
{
$errors[] = ee()->lang->line('not_in_field_list') . ' ' . $val;
}
}
}
// End empty check
}
// End labels from DB
// ----------------------------------------
// Do we require an email address?
// ----------------------------------------
if ( isset( $labels['email'] ) AND ee()->input->get_post('email') )
{
// ----------------------------------------
// Valid email address?
// ----------------------------------------
//1.x
if (APP_VER < 2.0)
{
if ( ! class_exists('Validate'))
{
require PATH_CORE.'core.validate'.EXT;
}
$VAL = new Validate( array( 'email' => ee()->input->get_post('email') ) );
}
//2.x
else
{
if ( ! class_exists('EE_Validate'))
{
require APPPATH . 'libraries/Validate'.EXT;
}
$VAL = new EE_Validate( array( 'email' => ee()->input->get_post('email') ) );
}
$VAL->validate_email();
// ----------------------------------------
// Display errors if there are any
// ----------------------------------------
if (count($VAL->errors) > 0)
{
return ee()->output->show_user_error('general', $VAL->errors );
}
}
}
// ----------------------------------------
// Are we trying to accept file uploads?
// ----------------------------------------
if ( $this->_param('file_upload') != '' AND $this->upload_limit = $this->_param('upload_limit') )
{
$this->_upload_files( TRUE );
}
// ----------------------------------------
// 'freeform_module_validate_end' hook.
// - This allows developers to do more form validation.
// ----------------------------------------
if (ee()->extensions->active_hook('freeform_module_validate_end') === TRUE)
{
$errors = ee()->extensions->universal_call('freeform_module_validate_end', $errors);
if (ee()->extensions->end_script === TRUE) return;
}
// ----------------------------------------
// ----------------------------------------
// Do we have errors to display?
// ----------------------------------------
if (count($errors) > 0)
{
return ee()->output->show_user_error('submission', $errors);
}
// ----------------------------------------
// Do we require captcha?
// ----------------------------------------
if ( $this->_param('require_captcha') AND $this->check_yes($this->_param('require_captcha')) )
{
if ( $this->check_yes(ee()->config->item('captcha_require_members')) OR
( $this->check_no(ee()->config->item('captcha_require_members')) AND
ee()->session->userdata('member_id') == 0)
)
{
if ( ! ee()->input->post('captcha') OR ee()->input->post('captcha') == '')
{
return ee()->output->show_user_error('submission', ee()->lang->line('captcha_required'));
}
else
{
$res = ee()->db->query(
"SELECT COUNT(*)
AS count
FROM exp_captcha
WHERE word='" . ee()->db->escape_str(ee()->input->post('captcha')) . "'
AND ip_address = '" . ee()->db->escape_str(ee()->input->ip_address()) . "'
AND date > UNIX_TIMESTAMP()-7200"
);
if ($res->row('count') == 0)
{
return ee()->output->show_user_error('submission', ee()->lang->line('captcha_incorrect'));
}
// Moved because of file uploading errors
/*
ee()->db->query("DELETE FROM exp_captcha
WHERE (word='".ee()->db->escape_str($_POST['captcha'])."'
AND ip_address = '".ee()->db->escape_str(ee()->input->ip_address())."')
OR date < UNIX_TIMESTAMP()-7200");
*/
}
}
}
// ----------------------------------------
// Check Form Hash
// ----------------------------------------
if ( $this->check_yes(ee()->config->item('secure_forms')) )
{
$query = ee()->db->query(
"SELECT COUNT(*)
AS count
FROM exp_security_hashes
WHERE hash='" . ee()->db->escape_str(ee()->input->post('XID')) . "'
AND ip_address = '" . ee()->db->escape_str(ee()->input->ip_address())."'
AND date > UNIX_TIMESTAMP()-7200"
);
//email_change
if ($query->row('count') == 0)
{
return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized')));
}
// Moved because of file uploading errors
/* ee()->db->query("DELETE FROM exp_security_hashes
WHERE (hash='".ee()->db->escape_str($_POST['XID'])."'
AND ip_address = '".ee()->db->escape_str(ee()->input->ip_address())."')
OR date < UNIX_TIMESTAMP()-7200");
*/
}
// ----------------------------------------
// Let's get all of the fields from the
// database for testing purposes
// ----------------------------------------
$fields['form_name'] = "Collection Name";
$query = ee()->db->query(
"SELECT name, label
FROM exp_freeform_fields
ORDER BY field_order
ASC"
);
if ($query->num_rows() > 0)
{
foreach($query->result_array() as $row)
{
$fields[$row['name']] = $row['label'];
}
}
else
{
return false;
}
// ----------------------------------------
// Build the data array
// ----------------------------------------
$exclude = array('ACT', 'RET', 'URI', 'PRV', 'XID', 'return', 'ee_notify', 'ee_required', 'submit');
$include = array('status');
$data = array(
'author_id' => ee()->session->userdata['member_id'],
'group_id' => ee()->session->userdata['group_id'],
'ip_address' => ee()->input->ip_address(),
'entry_date' => ee()->localize->now,
'edit_date' => ee()->localize->now
);
foreach ( $_POST as $key => $val )
{
// ----------------------------------------
// If the given field is not a FreeForm
// field or not in our include list, then
// skip it.
// ----------------------------------------
if ( ! array_key_exists( $key, $fields ) AND ! in_array( $key, $include ) ) continue;
// ----------------------------------------
// If the given field is in our exclude
// list, then skip it.
// ----------------------------------------
if ( in_array( $key, $exclude ) ) continue;
if ( $key == 'website' )
{
ee()->security->xss_clean( prep_url( ee()->input->post('website') ) );
$data[$key] = ee()->input->post($key);
}
// If the field is a multi-select field, then handle it as such.
if ( is_array( $val ) )
{
$val = implode( "\n", $val );
$data[$key] = ee()->security->xss_clean($val);
}
else
{
$data[$key] = ee()->security->xss_clean($val);
}
}
//backup for form name in case it isnt in the post data
if ( ! isset($data['form_name']) AND $this->_param('form_name') !== FALSE)
{
$data['form_name'] = $this->_param('form_name');
}
//check to see if there is any missing data that we have in the params:
/*foreach($fields as $f_key => $f_value)
{
if ( ! isset($data[$f_key]) AND $this->_param($f_key) !== FALSE)
{
$data[$f_key] = $this->_param($f_key);
}
}*/
//i dont want to remove this because we might need it for some god awful reason, but it screws with stuff.
$fields['subject'] = "Subject";
// ----------------------------------------
// 'freeform_module_insert_begin' hook.
// - This allows developers to do one last thing before Freeform submit is ended.
// ----------------------------------------
if (ee()->extensions->active_hook('freeform_module_insert_begin') === TRUE)
{
$data = ee()->extensions->universal_call('freeform_module_insert_begin', $data);
if (ee()->extensions->end_script === TRUE) return;
}
// ------------------------------------------------------------------------------------
// Discarded data email_change
// ------------------------------------------------------------------------------------
// ----------------------------------------
// Are we discarding some field values and preventing data save on them?
// ----------------------------------------
if ( $this->_param('discard_field') != '' )
{
foreach ( explode( "|", $this->_param('discard_field') ) as $val )
{
if ( ! empty( $data[ $val ] ) )
{
$data[ $val ] = ee()->lang->line('discarded_field_data');
}
}
}
// ------------------------------------------------------------------------------------
// end Discarded data email_change
// ------------------------------------------------------------------------------------
// ----------------------------------------
// Submit data into DB
// ----------------------------------------
$sql = ee()->db->insert_string( 'exp_freeform_entries', $data ); //email_change
$query = ee()->db->query( $sql );
$this->entry_id = ee()->db->insert_id();
// ----------------------------------------
// Process file uploads
// ----------------------------------------
if ( count( $this->upload ) > 0 )
{
$this->_upload_files();
}
//----------------------------------------
// Delete CAPTCHA and Form Hash - Moved here because of File Upload Error possibilities
// ----------------------------------------
if ( $this->check_yes($this->_param('require_captcha')) && isset($_POST['captcha']))
{
ee()->db->query(
"DELETE FROM exp_captcha
WHERE (word='" . ee()->db->escape_str(ee()->input->post('captcha')) . "'
AND ip_address = '" . ee()->db->escape_str(ee()->input->ip_address()) . "')
OR date < UNIX_TIMESTAMP()-7200"
);
}
if ( $this->check_yes(ee()->config->item('secure_forms')) && ee()->input->post('XID') )
{
ee()->db->query(
"DELETE FROM exp_security_hashes
WHERE (hash='" . ee()->db->escape_str(ee()->input->post('XID')) . "'
AND ip_address = '" . ee()->db->escape_str(ee()->input->ip_address()) . "')
OR date < UNIX_TIMESTAMP()-7200"
);
}
// ----------------------------------------
// Send notifications
// ----------------------------------------
if ( $this->_param('ee_notify') != '' )
{
$recipients = preg_split("/,|\|/" , $this->_param('ee_notify') );
$template = ( $this->_param('template') AND $this->_param('template') != '' ) ?
$this->_param('template'): 'default_template';
// ----------------------------------------
// Generate message
// ----------------------------------------
$msg = array();
$query = ee()->db->query(
"SELECT *
FROM exp_freeform_templates
WHERE template_name = '" . ee()->db->escape_str($template) . "'
AND enable_template = 'y'
LIMIT 1"
);
if ( $query->num_rows() == 0 )
{
return ee()->output->show_user_error('general', array(ee()->lang->line('template_not_available')));
}
$msg['from_name'] = ( $query->row('data_from_name') != '' ) ?
$query->row('data_from_name'): ee()->config->item('webmaster_name');
$msg['from_email'] = ( $query->row('data_from_email') != '' ) ?
$query->row('data_from_email'): ee()->config->item('webmaster_email');
$msg['subject'] = $query->row('data_title');
$msg['msg'] = $query->row('template_data');
$wordwrap = $this->check_yes($query->row('wordwrap'));
$msg['subject'] = str_replace( LD.'entry_date'.RD,
ee()->localize->set_human_time(ee()->localize->now),
$msg['subject'] );
$msg['msg'] = str_replace( LD.'entry_date'.RD,
ee()->localize->set_human_time(ee()->localize->now),
$msg['msg'] );
$msg['subject'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['subject'] );
$msg['msg'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['msg'] );
if (preg_match_all("/".LD."(entry_date)\s+format=([\"'])(.*?)\\2".RD."/is",
$msg['subject'].$msg['msg'], $matches)
)
{
for ($j = 0; $j < count($matches[0]); $j++)
{
$val = $matches[3][$j];
foreach (ee()->localize->fetch_date_params($matches[3][$j]) AS $dvar)
{
$val = str_replace($dvar, ee()->localize->convert_timestamp($dvar, ee()->localize->now, TRUE), $val);
}
$msg['subject'] = str_replace( $matches[0][$j], $val, $msg['subject'] );
$msg['msg'] = str_replace( $matches[0][$j], $val, $msg['msg'] );
}
}
// ----------------------------------------
// Parse conditionals
// ----------------------------------------
//template isn't defined yet, so we have to fetch it
//1.x
if(APP_VER < 2.0)
{
if ( ! class_exists('Template'))
{
require PATH_CORE.'core.template'.EXT;
}
$local_TMPL = new Template();
}
//2.x
else
{
ee()->load->library('template');
$local_TMPL =& ee()->template;
}
$data['attachment_count'] = count( $this->attachments );
//i have no idea why this is being done instead of just using $data...
$cond = $data;
foreach( $msg as $key => $val )
{
$msg[$key] = $local_TMPL->advanced_conditionals(
ee()->functions->prep_conditionals( $msg[$key], $cond )
);
}
unset( $cond );
// ----------------------------------------
// Parse individual fields
// ----------------------------------------
$exclude = array('submit');
foreach ( $msg as $key => $val )
{
// ----------------------------------------
// Handle attachments
// ----------------------------------------
$msg[$key] = str_replace( LD."attachment_count".RD, $data['attachment_count'], $msg[$key] );
if ( $key == 'msg' )
{
$all_fields .= "Attachments: ".$data['attachment_count']."\n";
$n = 0;
foreach ( $this->attachments as $file )
{
$n++;
$all_fields .= "Attachment $n: ".$file['filename']." ".$this->upload['url'].$file['filename']."\n";
}
}
if ( preg_match( "/".LD."attachments".RD."(.*?)".LD."\/attachments".RD."/s", $msg[$key], $match ) )
{
if ( count( $this->attachments ) > 0 )
{
$str = '';
foreach ( $this->attachments as $file )
{
$tagdata = $match['1'];
$tagdata = str_replace( LD."fileurl".RD, $this->upload['url'].$file['filename'], $tagdata );
$tagdata = str_replace( LD."filename".RD, $file['filename'], $tagdata );
$str .= $tagdata;
}
$msg[$key] = str_replace( $match['0'], $str, $msg[$key] );
}
else
{
$msg[$key] = str_replace( $match['0'], "", $msg[$key] );
}
}
// ----------------------------------------
// Loop
// ----------------------------------------
foreach ( $fields as $name => $label )
{
if ( isset( $data[$name] ) AND ! in_array( $name, $exclude ) )
{
$msg[$key] = str_replace( LD.$name.RD, $data[$name], $msg[$key] );
// ----------------------------------------
// We don't want to concatenate for every
// time through the main loop.
// ----------------------------------------
if ( $key == 'msg' )
{
$all_fields .= $label.": ".$data[$name]."\n";
}
}
else
{
$msg[$key] = str_replace( LD.$name.RD, '', $msg[$key] );
}
}
}
// ----------------------------------------
// Parse all fields variable
// ----------------------------------------
if ( stristr( $msg['msg'], LD.'all_custom_fields'.RD ) )
{
$msg['msg'] = str_replace( LD.'all_custom_fields'.RD, $all_fields, $msg['msg'] );
}
// ----------------------------------------
// 'freeform_module_admin_notification' hook.
// - This allows developers to alter the
// $msg array before admin notification is sent.
// ----------------------------------------
if (ee()->extensions->active_hook('freeform_module_admin_notification') === TRUE)
{
$msg = ee()->extensions->universal_call('freeform_module_admin_notification', $fields, $this->entry_id, $msg);
if (ee()->extensions->end_script === TRUE) return;
}
// ----------------------------------------
// ----------------------------------------
// Send email
// ----------------------------------------
ee()->email->wordwrap = $wordwrap;
ee()->email->mailtype = ( $this->check_yes($query->row('html')) ) ? 'html': 'text';
if ( count( $this->attachments ) > 0 AND $this->check_yes($this->_param('send_attachment')) )
{
foreach ( $this->attachments as $file_name )
{
ee()->email->attach( $file_name['filepath'] );
}
ee()->db->query(
ee()->db->update_string(
'exp_freeform_attachments',
array( 'emailed' => 'y' ),
array( 'entry_id' => $this->entry_id )
)
);
}
foreach ($recipients as $val)
{
ee()->email->initialize();
ee()->email->from($msg['from_email'], $msg['from_name']);
ee()->email->to($val);
ee()->email->subject($msg['subject']);
ee()->email->message(entities_to_ascii($msg['msg']));
ee()->email->send();
}
ee()->email->clear(TRUE);
$msg = array();
// ----------------------------------------
// Register the template used
// ----------------------------------------
ee()->db->query(
ee()->db->update_string(
'exp_freeform_entries',
array( 'template' => $template),
array( 'entry_id' => $this->entry_id )
)
);
}
// ----------------------------------------
// Send user email email_change
// ----------------------------------------
if ($this->check_yes($this->_param('recipients')) AND
( ee()->session->userdata['group_id'] == 1 OR ee()->input->ip_address() != '0.0.0.0' ) AND
ee()->input->post('recipient_email') !== FALSE)
{
$all_fields = '';
//don't we already do this...?
$template = ( $this->_param('recipient_template') AND $this->_param('recipient_template') != '' ) ?
$this->_param('recipient_template') : 'default_template';
// ----------------------------------------
// Array of recipients?
// ----------------------------------------
if ( is_array( ee()->input->post('recipient_email') ) === TRUE AND
count( ee()->input->post('recipient_email') ) > 0 )
{
$recipient_email = ee()->input->post('recipient_email');
}
else
{
$recipient_email = array( ee()->input->post('recipient_email') );
}
// if we are using 'static recipients'. e.g., recipient1='bob|bob@email.com'
// parse out the uniqids and replace them with the real stored emails
if ( $this->_param('static_recipients') == TRUE )
{
//prevents injection and only uses hashed emails from the form
$temp_email = $recipient_email;
$recipient_email = array();
//parse email
$stored_recipients = $this->_param('static_recipients_list');
//have to check each email against the entire list.
foreach ( $temp_email as $key => $value )
{
foreach ( $stored_recipients as $recipient_data )
{
if ( $value == $recipient_data['key'] )
{
$recipient_email[] = $recipient_data['email'];
}
}
}
}
// ----------------------------------------
// Validate recipients?
// ----------------------------------------
$array = $this->_validate_recipients( implode( ",", $recipient_email ) );
$error = $array['error'];
$approved_tos = $array['approved'];
// ----------------------------------------
// Over our spam limit?
// ----------------------------------------
if ( $this->_param('static_recipients') != TRUE AND
count( $approved_tos ) > $this->_param( 'recipient_limit' ) )
{
$error[] = ee()->lang->line( 'recipient_limit_exceeded' );
}
// ----------------------------------------
// Errors?
// ----------------------------------------
if ( count( $error ) > 0 )
{
return ee()->output->show_user_error( 'general', $error );
}
// ----------------------------------------
// Check for spamming or hacking
// ----------------------------------------
$query = ee()->db->query(
"SELECT SUM(exp_freeform_user_email.email_count) AS count
FROM exp_freeform_entries, exp_freeform_user_email
WHERE exp_freeform_entries.entry_id = exp_freeform_user_email.entry_id
AND exp_freeform_entries.ip_address = '" . ee()->db->escape_str( ee()->input->ip_address() )."'
AND exp_freeform_entries.entry_date > '" . ee()->db->escape_str(
ee()->localize->now - ( 60 * ( (int) $this->prefs['spam_interval'] ) )
) . "'"
);
if ( $query->row('count') > $this->prefs['spam_count'] )
{
return ee()->email->output->show_user_error(
'general', array(ee()->lang->line('em_limit_exceeded')));
}
// ----------------------------------------
// Log the number of emails sent
// ----------------------------------------
ee()->db->query(
ee()->db->insert_string(
"exp_freeform_user_email",
array(
'email_count' => count( $approved_tos ) ,
'entry_id' => $this->entry_id
)
)
);
// ----------------------------------------
// Generate message
// ----------------------------------------
$msg = array();
$query = ee()->db->query(
"SELECT *
FROM exp_freeform_templates
WHERE template_name = '" . ee()->db->escape_str($template) . "'
AND enable_template = 'y'
LIMIT 1"
);
if ( $query->num_rows() == 0 )
{
return ee()->output->show_user_error('general', array(ee()->lang->line('template_not_available')));
}
$msg['from_name'] = ( $query->row('data_from_name') != '' ) ?
$query->row('data_from_name'): ee()->config->item('webmaster_name');
$msg['from_email'] = ( $query->row('data_from_email') != '' ) ?
$query->row('data_from_email'): ee()->config->item('webmaster_email');
$msg['subject'] = $query->row('data_title');
$msg['msg'] = $query->row('template_data');
$wordwrap = $this->check_yes($query->row('wordwrap'));
$msg['subject'] = str_replace( LD.'entry_date'.RD,
ee()->localize->set_human_time(ee()->localize->now),
$msg['subject'] );
$msg['msg'] = str_replace( LD.'entry_date'.RD,
ee()->localize->set_human_time(ee()->localize->now),
$msg['msg'] );
$msg['subject'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['subject'] );
$msg['msg'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['msg'] );
if (preg_match_all("/".LD."(entry_date)\s+format=([\"'])(.*?)\\2".RD."/is",
$msg['subject'].$msg['msg'], $matches)
)
{
for ($j = 0; $j < count($matches[0]); $j++)
{
$val = $matches[3][$j];
foreach (ee()->localize->fetch_date_params($matches[3][$j]) AS $dvar)
{
$val = str_replace($dvar, ee()->localize->convert_timestamp($dvar, ee()->localize->now, TRUE), $val);
}
$msg['subject'] = str_replace( $matches[0][$j], $val, $msg['subject'] );
$msg['msg'] = str_replace( $matches[0][$j], $val, $msg['msg'] );
}
}
// ----------------------------------------
// Parse conditionals
// ----------------------------------------
//template isn't defined yet, so we have to fetch it
//1.x
if(APP_VER < 2.0)
{
if ( ! class_exists('Template'))
{
require PATH_CORE.'core.template'.EXT;
}
$local_TMPL = new Template();
}
//2.x
else
{
ee()->load->library('template');
$local_TMPL =& ee()->template;
}
$data['attachment_count'] = count( $this->attachments );
$cond = $data;
foreach( $msg as $key => $val )
{
$msg[$key] = $local_TMPL->advanced_conditionals(
ee()->functions->prep_conditionals( $msg[$key], $cond )
);
}
unset( $cond );
// ----------------------------------------
// Parse individual fields
// ----------------------------------------
$exclude = array('submit');
foreach ( $msg as $key => $val )
{
// ----------------------------------------
// Handle attachments
// ----------------------------------------
$msg[$key] = str_replace( LD."attachment_count".RD, $data['attachment_count'], $msg[$key] );
if ( $key == 'msg' )
{
$all_fields .= "Attachments: ".$data['attachment_count']."\n";
$n = 0;
foreach ( $this->attachments as $file )
{
$n++;
$all_fields .= "Attachment $n: ".$file['filename']." ".$this->upload['url'].$file['filename']."\n";
}
}
if ( preg_match( "/".LD."attachments".RD."(.*?)".LD."\/attachments".RD."/s", $msg[$key], $match ) )
{
if ( count( $this->attachments ) > 0 )
{
$str = '';
foreach ( $this->attachments as $file )
{
$tagdata = $match['1'];
$tagdata = str_replace( LD."fileurl".RD, $this->upload['url'].$file['filename'], $tagdata );
$tagdata = str_replace( LD."filename".RD, $file['filename'], $tagdata );
$str .= $tagdata;
}
$msg[$key] = str_replace( $match['0'], $str, $msg[$key] );
}
else
{
$msg[$key] = str_replace( $match['0'], "", $msg[$key] );
}
}
// ----------------------------------------
// Loop
// ----------------------------------------
foreach ( $fields as $name => $label )
{
if ( isset( $data[$name] ) AND ! in_array( $name, $exclude ) )
{
$msg[$key] = str_replace( LD.$name.RD, $data[$name], $msg[$key] );
// ----------------------------------------
// We don't want to concatenate for every
// time through the main loop.
// ----------------------------------------
if ( $key == 'msg' )
{
$all_fields .= $label.": ".$data[$name]."\n";
}
}
else
{
$msg[$key] = str_replace( LD.$name.RD, '', $msg[$key] );
}
}
}
// ----------------------------------------
// Parse all fields variable
// ----------------------------------------
if ( stristr( $msg['msg'], LD.'all_custom_fields'.RD ) )
{
$msg['msg'] = str_replace( LD.'all_custom_fields'.RD, $all_fields, $msg['msg'] );
}
// ----------------------------------------
// 'freeform_recipient_email' hook.
// - This allows developers to alter the
// $msg array before admin notification is sent.
// ----------------------------------------
if (ee()->extensions->active_hook('freeform_recipient_email') === TRUE)
{
$msg = ee()->extensions->universal_call('freeform_recipient_email', $fields, $this->entry_id, $msg);
if (ee()->extensions->end_script === TRUE) return;
}
// ----------------------------------------
// ----------------------------------------
// Send email
// ----------------------------------------
ee()->email->wordwrap = $wordwrap;
ee()->email->mailtype = ( $this->check_yes($query->row('html')) ) ? 'html': 'text';
if ( count( $this->attachments ) > 0 AND $this->check_yes($this->_param('send_attachment')) )
{
foreach ( $this->attachments as $file_name )
{
ee()->email->attach( $file_name['filepath'] );
}
ee()->db->query(
ee()->db->update_string(
'exp_freeform_attachments',
array( 'emailed' => 'y' ),
array( 'entry_id' => $this->entry_id )
)
);
}
foreach ($approved_tos as $val)
{
ee()->email->initialize();
ee()->email->from($msg['from_email'], $msg['from_name']);
ee()->email->to($val);
ee()->email->subject($msg['subject']);
ee()->email->message(entities_to_ascii($msg['msg']));
ee()->email->send();
}
ee()->email->clear(TRUE);
$msg = array();
// ----------------------------------------
// Register the template used
// ----------------------------------------
ee()->db->query(
ee()->db->update_string(
'exp_freeform_entries',
array( 'template' => $template),
array( 'entry_id' => $this->entry_id )
)
);
}
// End send user recipients
// ----------------------------------------
// Send user email
// ----------------------------------------
//$msg = array(); email_change
if ( $this->check_yes($this->_param('send_user_email')) AND ee()->input->get_post('email') )
{
$all_fields = '';
$recipients = array();
$recipients[] = ee()->input->get_post('email');
$template = ( $this->_param('user_email_template') AND $this->_param('user_email_template') != '' ) ?
$this->_param('user_email_template'): 'default_template';
// ----------------------------------------
// Generate message
// ----------------------------------------
$msg = array();
$query = ee()->db->query(
"SELECT *
FROM exp_freeform_templates
WHERE template_name = '" . ee()->db->escape_str($template) . "'
AND enable_template = 'y'
LIMIT 1"
);
if ( $query->num_rows() == 0 )
{
return ee()->output->show_user_error('general', array(ee()->lang->line('template_not_available')));
}
$msg['from_name'] = ( $query->row('data_from_name') != '' ) ?
$query->row('data_from_name') : ee()->config->item('webmaster_name');
$msg['from_email'] = ( $query->row('data_from_email') != '' ) ?
$query->row('data_from_email') : ee()->config->item('webmaster_email');
$msg['subject'] = $query->row('data_title');
$msg['msg'] = $query->row('template_data');
$wordwrap = ( $this->check_yes($query->row('wordwrap')) ) ? TRUE: FALSE;
$msg['subject'] = str_replace( LD.'entry_date'.RD,
ee()->localize->set_human_time(ee()->localize->now),
$msg['subject'] );
$msg['msg'] = str_replace( LD.'entry_date'.RD,
ee()->localize->set_human_time(ee()->localize->now),
$msg['msg'] );
$msg['subject'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['subject'] );
$msg['msg'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['msg'] );
/* email_change*/
if (preg_match_all("/".LD."(entry_date)\s+format=([\"'])(.*?)\\2".RD."/is", $msg['subject'].$msg['msg'], $matches))
{
for ($j = 0; $j < count($matches[0]); $j++)
{
$val = $matches[3][$j];
foreach (ee()->localize->fetch_date_params($matches[3][$j]) AS $dvar)
{
$val = str_replace( $dvar,
ee()->localize->convert_timestamp($dvar, ee()->localize->now, TRUE),
$val);
}
$msg['subject'] = str_replace( $matches[0][$j], $val, $msg['subject'] );
$msg['msg'] = str_replace( $matches[0][$j], $val, $msg['msg'] );
}
}
// ----------------------------------------
// Parse conditionals
// ----------------------------------------
//template isn't defined yet, so we have to fetch it
//1.x
if(APP_VER < 2.0)
{
if ( ! class_exists('Template'))
{
require PATH_CORE.'core.template'.EXT;
}
$local_TMPL = new Template();
}
//2.x
else
{
ee()->load->library('template');
$local_TMPL =& ee()->template;
}
$data['attachment_count'] = count( $this->attachments );
$cond = $data;
foreach( $msg as $key => $val )
{
$msg[$key] = $local_TMPL->advanced_conditionals(
ee()->functions->prep_conditionals( $msg[$key], $cond )
);
}
unset( $cond );
// ----------------------------------------
// Parse individual fields
// ----------------------------------------
$exclude = array('submit');
foreach ( $msg as $key => $val )
{
// ----------------------------------------
// Handle attachments
// ----------------------------------------
$msg[$key] = str_replace( LD."attachment_count".RD, $data['attachment_count'], $msg[$key] );
if ( $key == 'msg' )
{
$all_fields .= "Attachments: ".$data['attachment_count']."\n";
$n = 0;
foreach ( $this->attachments as $file )
{
$n++;
$all_fields .= "Attachment $n: ".$file['filename']." ".$this->upload['url'].$file['filename']."\n";
}
}
if ( preg_match( "/".LD."attachments".RD."(.*?)".LD."\/attachments".RD."/s", $msg[$key], $match ) )
{
if ( count( $this->attachments ) > 0 )
{
$str = '';
foreach ( $this->attachments as $file )
{
$tagdata = $match['1'];
$tagdata = str_replace( LD."fileurl".RD, $this->upload['url'].$file['filename'], $tagdata );
$tagdata = str_replace( LD."filename".RD, $file['filename'], $tagdata );
$str .= $tagdata;
}
$msg[$key] = str_replace( $match['0'], $str, $msg[$key] );
}
else
{
$msg[$key] = str_replace( $match['0'], "", $msg[$key] );
}
}
// ----------------------------------------
// Loop
// ----------------------------------------
foreach ( $fields as $name => $label )
{
if ( isset( $data[$name] ) AND ! in_array( $name, $exclude ) )
{
$msg[$key] = str_replace( LD.$name.RD, $data[$name], $msg[$key] );
// ----------------------------------------
// We don't want to concatenate for every
// time through the main loop.
// ----------------------------------------
if ( $key == 'msg' )
{
$all_fields .= $label.": ".$data[$name]."\n";
}
}
else
{
$msg[$key] = str_replace( LD.$name.RD, '', $msg[$key] );
}
}
}
// ----------------------------------------
// Parse all fields variable
// ----------------------------------------
if ( stristr( $msg['msg'], LD.'all_custom_fields'.RD ) )
{
$msg['msg'] = str_replace( LD.'all_custom_fields'.RD, $all_fields, $msg['msg'] );
}
// ----------------------------------------
// 'freeform_module_user_notification' hook.
// - This allows developers to alter the $msg array before user notification is sent.
// ----------------------------------------
if (ee()->extensions->active_hook('freeform_module_user_notification') === TRUE)
{
$msg = ee()->extensions->universal_call('freeform_module_user_notification', $fields, $this->entry_id, $msg);
if (ee()->extensions->end_script === TRUE) return;
}
// ----------------------------------------
// ----------------------------------------
// Send email
// ----------------------------------------
//ee()->load->library('email');
ee()->email->wordwrap = $wordwrap;
ee()->email->mailtype = ( $this->check_yes($query->row('html')) ) ? 'html': 'text';
if ( count( $this->attachments ) > 0 AND $this->check_yes($this->_param('send_user_attachment')) )
{
foreach ( $this->attachments as $file_name )
{
ee()->email->attach( $file_name['filepath'] );
}
ee()->db->query(
ee()->db->update_string(
'exp_freeform_attachments',
array( 'emailed' => 'y' ),
array( 'entry_id' => $this->entry_id )
)
);
}
foreach ($recipients as $val)
{
ee()->email->initialize();
ee()->email->from($msg['from_email'], $msg['from_name']);
ee()->email->to($val);
ee()->email->subject($msg['subject']);
ee()->email->message(entities_to_ascii($msg['msg']));
ee()->email->send();
}
$msg = array();
ee()->email->clear(TRUE);
}
// End send user email
// ----------------------------------------
// Subscribe to mailing lists
// ----------------------------------------
if ( ee()->input->get_post('mailinglist') )
{
if ( ee()->db->table_exists('exp_mailing_lists') )
{
// ----------------------------------------
// Do we have an email?
// ----------------------------------------
if ( $email = ee()->input->get_post('email') )
{
// ----------------------------------------
// Explode mailinglist parameter
// ----------------------------------------
if ( is_array( ee()->input->post('mailinglist') ) )
{
$lists = implode( "','", ee()->db->escape_str(ee()->input->post('mailinglist')));
}
else
{
$lists = ee()->db->escape_str(ee()->input->post('mailinglist'));
}
// ----------------------------------------
// Get lists
// ----------------------------------------
$subscribed = '';
$sub = ee()->db->query(
"SELECT list_id
FROM exp_mailing_list
WHERE email = '" . ee()->db->escape_str($email) . "'
GROUP BY list_id"
);
if ( $sub->num_rows() > 0 )
{
foreach( $sub->result_array() as $row )
{
$subscribed[] = $row['list_id'];
}
$subscribed = " AND list_id NOT IN (".implode(',', $subscribed).") ";
}
$query = ee()->db->query(
"SELECT DISTINCT list_id, list_title
FROM exp_mailing_lists
WHERE ( list_id IN ('" . $lists . "') OR
list_name IN ('" . $lists . "') ) " . $subscribed
);
if ( $query->num_rows() > 0 AND $query->num_rows() < 50 )
{
// Kill duplicate emails from authorization queue. This prevents an error if a user
// signs up but never activates their email, then signs up again.
ee()->db->query(
"DELETE FROM exp_mailing_list_queue
WHERE email = '" . ee()->db->escape_str($email) . "'"
);
foreach ( $query->result_array() as $row )
{
// ----------------------------------------
// Insert email
// ----------------------------------------
$code = ee()->functions->random('alpha', 10);
if ( $this->check_no(ee()->input->get_post('mailinglist_opt_in')) )
{
ee()->db->query(
ee()->db->insert_string(
'exp_mailing_list',
array(
'user_id' => '',
'list_id' => $row['list_id'],
'authcode' => $code,
'email' => $email,
'ip_address' => ee()->input->ip_address()
)
)
);
// ----------------------------------------
// Is there an admin notification to send?
// ----------------------------------------
if ($this->check_yes(ee()->config->item('mailinglist_notify')) AND
ee()->config->item('mailinglist_notify_emails') != '')
{
$query = ee()->db->query(
"SELECT list_title
FROM exp_mailing_lists
WHERE list_id = '" . ee()->db->escape_str($row['list_id']) . "'"
);
$swap = array(
'email' => $email,
'mailing_list' => $query->row('list_title')
);
$template = ee()->functions->fetch_email_template('admin_notify_mailinglist');
$email_tit = ee()->functions->var_swap($template['title'], $swap);
$email_msg = ee()->functions->var_swap($template['data'], $swap);
// ----------------------------
// Send email
// ----------------------------
$notify_address = $this->remove_extra_commas(
ee()->config->item('mailinglist_notify_emails')
);
if ($notify_address != '')
{
// ----------------------------
// Send email
// ----------------------------
//ee()->load->library('email');
foreach (explode(',', $notify_address) as $addy)
{
ee()->email->initialize();
ee()->email->wordwrap = true;
ee()->email->from(
ee()->config->item('webmaster_email'),
ee()->config->item('webmaster_name')
);
ee()->email->to($addy);
ee()->email->reply_to(ee()->config->item('webmaster_email'));
ee()->email->subject($email_tit);
ee()->email->message(entities_to_ascii($email_msg));
ee()->email->Send();
}
ee()->email->clear(TRUE);
}
}
}
else
{
ee()->db->query(
"INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)
VALUES ('" . ee()->db->escape_str($email) . "', '" .
ee()->db->escape_str($row['list_id']) ."', '" .
ee()->db->escape_str($code) . "', '" . time() . "')"
);
$this->send_email_confirmation($email, $row, $code);
}
}
}
}
}
}
// End subscribe to mailinglists
// ----------------------------------------
// 'freeform_module_insert_end' hook.
// - This allows developers to do one last thing before Freeform submit is ended.
// ----------------------------------------
if (ee()->extensions->active_hook('freeform_module_insert_end') === TRUE)
{
$edata = ee()->extensions->universal_call('freeform_module_insert_end', $fields, $this->entry_id, $msg);
if (ee()->extensions->end_script === TRUE) return;
}
// ----------------------------------------
// ----------------------------------------
// Set return
// ----------------------------------------
if ( ! $return = ee()->input->get_post('return') )
{
$return = ee()->input->get_post('RET');
}
if ( preg_match( "/".LD."\s*path=(.*?)".RD."/", $return, $match ) > 0 )
{
$return = ee()->functions->create_url( $match['1'] );
}
elseif ( stristr( $return, "http://" ) === FALSE && stristr( $return, "https://" ) === FALSE )
{
$return = ee()->functions->create_url( $return );
}
$return = str_replace( "%%entry_id%%", $this->entry_id, $return );
$return = $this->_chars_decode( $return );
// ----------------------------------------
// Return the user
// ----------------------------------------
if ( $return != '' )
{
ee()->functions->redirect( $return );
}
else
{
ee()->functions->redirect( ee()->functions->fetch_site_index() );
}
exit;
}
/**
* Update the username/password
*
* This function performs the update once the update form is submitted
*
* @access public
* @return mixed
*/
public function update_un_pw()
{
$this->lang->loadfile('member');
$missing = FALSE;
if (!isset($_POST['new_username']) and !isset($_POST['new_password'])) {
return $this->_un_pw_update_form(lang('all_fields_required'));
}
// Run through basic verifications: authenticate, username and
// password both exist, not banned, IP checking is okay
if (!($verify_result = $this->auth->verify())) {
// In the event it's a string, send it to return to login
$this->_return_to_login(implode(', ', $this->auth->errors));
}
list($username, $password, $incoming) = $verify_result;
$member_id = $incoming->member('member_id');
$new_un = (string) $this->input->post('new_username');
$new_pw = (string) $this->input->post('new_password');
$new_pwc = (string) $this->input->post('new_password_confirm');
// Make sure validation library is available
if (!class_exists('EE_Validate')) {
require APPPATH . 'libraries/Validate.php';
}
// Load it up with the information needed
$VAL = new EE_Validate(array('val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $new_un, 'password' => $new_pw, 'password_confirm' => $new_pwc, 'cur_password' => $this->input->post('password')));
$un_exists = FALSE;
if ($new_un !== '') {
$un_exists = $this->input->post('username') === $new_un ? FALSE : TRUE;
}
$pw_exists = ($new_pw !== '' and $new_pwc !== '') ? TRUE : FALSE;
if ($un_exists) {
$VAL->validate_username();
}
if ($pw_exists) {
$VAL->validate_password();
}
// Display error is there are any
if (count($VAL->errors) > 0) {
$er = '';
foreach ($VAL->errors as $val) {
$er .= $val . BR;
}
return $this->_un_pw_update_form($er);
}
if ($un_exists) {
$this->auth->update_username($member_id, $new_un);
}
if ($pw_exists) {
$this->auth->update_password($member_id, $new_pw);
}
// Send them back to login with updated username and password
$this->session->set_flashdata('message', lang('unpw_updated'));
$this->functions->redirect(BASE . AMP . 'C=login');
}
/**
* Reset Password Processing Action
*
* Processing action to process a reset password. Sent here by the form presented
* to the user in `Member_auth::reset_password()`. Process the form and return
* the user to the appropriate login page. Expects to find the contents of the
* form in `$_POST`.
*
* @since 2.6
*/
public function process_reset_password()
{
// if the user is logged in, then send them away
if (ee()->session->userdata('member_id') !== 0) {
return ee()->functions->redirect(ee()->functions->fetch_site_index());
}
// If the user is banned, send them away.
if (ee()->session->userdata('is_banned') === TRUE) {
return ee()->output->show_user_error('general', array(lang('not_authorized')));
}
if (!($resetcode = ee()->input->get_post('resetcode'))) {
return ee()->output->show_user_error('submission', array(lang('mbr_no_reset_id')));
}
// We'll use this in a couple of places to determine whether a token is still valid
// or not. Tokens expire after exactly 1 day.
$a_day_ago = time() - 60 * 60 * 24;
// Make sure the token is valid and belongs to a member.
$member_id_query = ee()->db->select('member_id')->where('resetcode', $resetcode)->where('date >', $a_day_ago)->get('reset_password');
if ($member_id_query->num_rows() === 0) {
return ee()->output->show_user_error('submission', array(lang('mbr_id_not_found')));
}
// Ensure the passwords match.
if (!($password = ee()->input->get_post('password'))) {
return ee()->output->show_user_error('submission', array(lang('mbr_missing_password')));
}
if (!($password_confirm = ee()->input->get_post('password_confirm'))) {
return ee()->output->show_user_error('submission', array(lang('mbr_missing_confirm')));
}
// Validate the password, using EE_Validate. This will also
// handle checking whether the password and its confirmation
// match.
if (!class_exists('EE_Validate')) {
require APPPATH . 'libraries/Validate.php';
}
$VAL = new EE_Validate(array('password' => $password, 'password_confirm' => $password_confirm));
$VAL->validate_password();
if (count($VAL->errors) > 0) {
return ee()->output->show_user_error('submission', $VAL->errors);
}
// Update the database with the new password. Apply the appropriate salt first.
ee()->load->library('auth');
ee()->auth->update_password($member_id_query->row('member_id'), $password);
// Invalidate the old token. While we're at it, may as well wipe out expired
// tokens too, just to keep them from building up.
ee()->db->where('date <', $a_day_ago)->or_where('member_id', $member_id_query->row('member_id'))->delete('reset_password');
// If we can get their last URL from the tracker,
// then we'll use it.
if (isset(ee()->session->tracker[3])) {
$seg = ee()->session->tracker[3] != 'index' ? ee()->session->tracker[3] : '';
$site_name = stripslashes(ee()->config->item('site_name'));
$return = reduce_double_slashes(ee()->functions->fetch_site_index() . '/' . $seg);
} else {
if (ee()->input->get_post('FROM') == 'forum') {
$board_id = ee()->input->get_post('board_id');
$board_id = ($board_id === FALSE or !is_numeric($board_id)) ? 1 : $board_id;
$forum_query = ee()->db->select('board_forum_url, board_label')->where('board_id', (int) $board_id)->get('forum_boards');
$site_name = $forum_query->row('board_label');
$return = $forum_query->row('board_forum_url');
} else {
$site_name = stripslashes(ee()->config->item('site_name'));
$return = ee()->functions->fetch_site_index();
}
}
// Build the success message that we'll show to the user.
$data = array('title' => lang('mbr_password_changed'), 'heading' => lang('mbr_password_changed'), 'content' => lang('mbr_successfully_changed_password'), 'link' => array($return, $site_name), 'redirect' => $return, 'rate' => '5');
ee()->output->show_message($data);
}
/**
* Update the username/password
*
* This function performs the update once the update form is submitted
*
* @access public
* @return mixed
*/
function update_un_pw()
{
$this->lang->loadfile('member');
$missing = FALSE;
if (!isset($_POST['new_username']) and !isset($_POST['new_password'])) {
$missing = TRUE;
}
if ($missing === TRUE) {
return $this->_un_pw_update_form(lang('all_fields_required'));
}
/** ----------------------------------------
/** Check password lockout status
/** ----------------------------------------*/
if ($this->session->check_password_lockout($this->input->post('username')) === TRUE) {
$line = str_replace("%x", $this->config->item('password_lockout_interval'), lang('password_lockout_in_effect'));
return $this->_un_pw_update_form($line);
}
/** ----------------------------------------
/** Fetch member data
/** ----------------------------------------*/
$this->db->select('member_id, group_id');
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', do_hash(base64_decode($this->input->post('password'))));
$query = $this->db->get('members');
$member_id = $query->row('member_id');
/** ----------------------------------------
/** Invalid Username or Password
/** ----------------------------------------*/
if ($query->num_rows() == 0) {
$this->session->save_password_lockout($this->input->post('username'));
return $this->_un_pw_update_form(lang('invalid_existing_un_pw'));
}
/** ----------------------------------------
/** Is the user banned?
/** ----------------------------------------*/
// Super Admins can't be banned
if ($query->row('group_id') != 1) {
if ($this->session->ban_check()) {
return $this->output->fatal_error(lang('not_authorized'));
}
}
/** -------------------------------------
/** Instantiate validation class
/** -------------------------------------*/
if (!class_exists('EE_Validate')) {
require APPPATH . 'libraries/Validate' . EXT;
}
$new_un = $this->input->post('new_username') ? $this->input->post('new_username') : '';
$new_pw = $this->input->post('new_password') ? $this->input->post('new_password') : '';
$new_pwc = $this->input->post('new_password_confirm') ? $this->input->post('new_password_confirm') : '';
$VAL = new EE_Validate(array('val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $new_un, 'password' => $new_pw, 'password_confirm' => $new_pwc, 'cur_password' => $this->input->post('password')));
if ($this->input->post('new_username') && $this->input->post('new_username') != '') {
if ($this->input->post('username') == $new_un) {
$un_exists = FALSE;
} else {
$un_exists = TRUE;
}
}
$pw_exists = (isset($_POST['new_password']) and $_POST['new_password'] != '') ? TRUE : FALSE;
if ($un_exists) {
$VAL->validate_username();
}
if ($pw_exists) {
$VAL->validate_password();
}
/** -------------------------------------
/** Display error is there are any
/** -------------------------------------*/
if (count($VAL->errors) > 0) {
$er = '';
foreach ($VAL->errors as $val) {
$er .= $val . BR;
}
return $this->_un_pw_update_form($er);
}
if ($un_exists) {
$this->db->set('username', $this->input->post('new_username'));
$this->db->where('member_id', $member_id);
$this->db->update('members');
}
if ($pw_exists) {
$this->load->helper('security');
$this->db->set('password', do_hash($this->input->post('new_password')));
$this->db->where('member_id', $member_id);
$this->db->update('members');
}
$this->session->set_flashdata('message', lang('unpw_updated'));
$this->functions->redirect(BASE . AMP . 'C=login' . AMP . 'M=login_form');
}
/**
* Register Member
*/
public function register_member()
{
// Do we allow new member registrations?
if (ee()->config->item('allow_member_registration') == 'n') {
return FALSE;
}
// Is user banned?
if (ee()->session->userdata('is_banned') === TRUE) {
return ee()->output->show_user_error('general', array(lang('not_authorized')));
}
// Blacklist/Whitelist Check
if (ee()->blacklist->blacklisted == 'y' && ee()->blacklist->whitelisted == 'n') {
return ee()->output->show_user_error('general', array(lang('not_authorized')));
}
ee()->load->helper('url');
// -------------------------------------------
// 'member_member_register_start' hook.
// - Take control of member registration routine
// - Added EE 1.4.2
//
ee()->extensions->call('member_member_register_start');
if (ee()->extensions->end_script === TRUE) {
return;
}
//
// -------------------------------------------
// Set the default globals
$default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location');
foreach ($default as $val) {
if (!isset($_POST[$val])) {
$_POST[$val] = '';
}
}
if ($_POST['screen_name'] == '') {
$_POST['screen_name'] = $_POST['username'];
}
// Instantiate validation class
if (!class_exists('EE_Validate')) {
require APPPATH . 'libraries/Validate.php';
}
$VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => trim_nbs($_POST['username']), 'cur_username' => '', 'screen_name' => trim_nbs($_POST['screen_name']), 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => trim($_POST['email']), 'cur_email' => ''));
$VAL->validate_username();
$VAL->validate_screen_name();
$VAL->validate_password();
$VAL->validate_email();
// Do we have any custom fields?
$query = ee()->db->select('m_field_id, m_field_name, m_field_label, m_field_type, m_field_list_items, m_field_required')->where('m_field_reg', 'y')->get('member_fields');
$cust_errors = array();
$cust_fields = array();
if ($query->num_rows() > 0) {
foreach ($query->result_array() as $row) {
$field_name = 'm_field_id_' . $row['m_field_id'];
// Assume we're going to save this data, unless it's empty to begin with
$valid = isset($_POST[$field_name]) && $_POST[$field_name] != '';
// Basic validations
if ($row['m_field_required'] == 'y' && !$valid) {
$cust_errors[] = lang('mbr_field_required') . ' ' . $row['m_field_label'];
} elseif ($row['m_field_type'] == 'select' && $valid) {
// Ensure their selection is actually a valid choice
$options = explode("\n", $row['m_field_list_items']);
if (!in_array(htmlentities($_POST[$field_name]), $options)) {
$valid = FALSE;
$cust_errors[] = lang('mbr_field_invalid') . ' ' . $row['m_field_label'];
}
}
if ($valid) {
$cust_fields[$field_name] = ee()->security->xss_clean($_POST[$field_name]);
}
}
}
if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) {
$cust_errors[] = lang('mbr_emails_not_match');
}
if (ee()->config->item('use_membership_captcha') == 'y') {
if (!isset($_POST['captcha']) or $_POST['captcha'] == '') {
$cust_errors[] = lang('captcha_required');
}
}
if (ee()->config->item('require_terms_of_service') == 'y') {
if (!isset($_POST['accept_terms'])) {
$cust_errors[] = lang('mbr_terms_of_service_required');
}
}
// -------------------------------------------
// 'member_member_register_errors' hook.
// - Additional error checking prior to submission
// - Added EE 2.5.0
//
ee()->extensions->call('member_member_register_errors', $this);
if (ee()->extensions->end_script === TRUE) {
return;
}
//
// -------------------------------------------
$errors = array_merge($VAL->errors, $cust_errors, $this->errors);
// Display error is there are any
if (count($errors) > 0) {
return ee()->output->show_user_error('submission', $errors);
}
// Do we require captcha?
if (ee()->config->item('use_membership_captcha') == 'y') {
$query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200");
if ($query->row('count') == 0) {
return ee()->output->show_user_error('submission', array(lang('captcha_incorrect')));
}
ee()->db->query("DELETE FROM exp_captcha WHERE (word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200");
}
ee()->load->helper('security');
// Assign the base query data
$data = array('username' => trim_nbs(ee()->input->post('username')), 'password' => sha1($_POST['password']), 'ip_address' => ee()->input->ip_address(), 'unique_id' => ee()->functions->random('encrypt'), 'join_date' => ee()->localize->now, 'email' => trim_nbs(ee()->input->post('email')), 'screen_name' => trim_nbs(ee()->input->post('screen_name')), 'url' => prep_url(ee()->input->post('url')), 'location' => ee()->input->post('location'), 'language' => ee()->config->item('deft_lang') ? ee()->config->item('deft_lang') : 'english', 'date_format' => ee()->config->item('date_format') ? ee()->config->item('date_format') : '%n/%j/%y', 'time_format' => ee()->config->item('time_format') ? ee()->config->item('time_format') : '12', 'include_seconds' => ee()->config->item('include_seconds') ? ee()->config->item('include_seconds') : 'n', 'timezone' => ee()->config->item('default_site_timezone'));
// Set member group
if (ee()->config->item('req_mbr_activation') == 'manual' or ee()->config->item('req_mbr_activation') == 'email') {
$data['group_id'] = 4;
// Pending
} else {
if (ee()->config->item('default_member_group') == '') {
$data['group_id'] = 4;
// Pending
} else {
$data['group_id'] = ee()->config->item('default_member_group');
}
}
// Optional Fields
$optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'date_format' => 'date_format', 'time_format' => 'time_format', 'include_seconds' => 'include_seconds');
foreach ($optional as $key => $value) {
if (isset($_POST[$value])) {
$data[$key] = $_POST[$value];
}
}
// We generate an authorization code if the member needs to self-activate
if (ee()->config->item('req_mbr_activation') == 'email') {
$data['authcode'] = ee()->functions->random('alnum', 10);
}
// Insert basic member data
ee()->db->query(ee()->db->insert_string('exp_members', $data));
$member_id = ee()->db->insert_id();
// Insert custom fields
$cust_fields['member_id'] = $member_id;
ee()->db->query(ee()->db->insert_string('exp_member_data', $cust_fields));
// Create a record in the member homepage table
// This is only necessary if the user gains CP access,
// but we'll add the record anyway.
ee()->db->query(ee()->db->insert_string('exp_member_homepage', array('member_id' => $member_id)));
// Mailinglist Subscribe
$mailinglist_subscribe = FALSE;
if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) {
// Kill duplicate emails from authorizatin queue.
ee()->db->where('email', $_POST['email'])->delete('mailing_list_queue');
// Validate Mailing List ID
$query = ee()->db->select('COUNT(*) as count')->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_lists');
// Email Not Already in Mailing List
$results = ee()->db->select('COUNT(*) as count')->where('email', $_POST['email'])->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_list');
// INSERT Email
if ($query->row('count') > 0 && $results->row('count') == 0) {
$mailinglist_subscribe = TRUE;
$code = ee()->functions->random('alnum', 10);
if (ee()->config->item('req_mbr_activation') == 'email') {
// Activated When Membership Activated
ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')");
} elseif (ee()->config->item('req_mbr_activation') == 'manual') {
// Mailing List Subscribe Email
ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')");
ee()->lang->loadfile('mailinglist');
$action_id = ee()->functions->fetch_action_id('Mailinglist', 'authorize_email');
$swap = array('activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $code, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url'));
$template = ee()->functions->fetch_email_template('mailinglist_activation_instructions');
$email_tit = ee()->functions->var_swap($template['title'], $swap);
$email_msg = ee()->functions->var_swap($template['data'], $swap);
// Send email
ee()->load->library('email');
ee()->email->wordwrap = true;
ee()->email->mailtype = 'plain';
ee()->email->priority = '3';
ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name'));
ee()->email->to($_POST['email']);
ee()->email->subject($email_tit);
ee()->email->message($email_msg);
ee()->email->send();
} else {
// Automatically Accepted
ee()->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)\r\n\t\t\t\t\t\t\t\t\t\t VALUES ('" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str(ee()->input->ip_address()) . "')");
}
}
}
// Update
if (ee()->config->item('req_mbr_activation') == 'none') {
ee()->stats->update_member_stats();
}
// Send admin notifications
if (ee()->config->item('new_member_notification') == 'y' && ee()->config->item('mbr_notification_emails') != '') {
$name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username'];
$swap = array('name' => $name, 'site_name' => stripslashes(ee()->config->item('site_name')), 'control_panel_url' => ee()->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email']);
$template = ee()->functions->fetch_email_template('admin_notify_reg');
$email_tit = $this->_var_swap($template['title'], $swap);
$email_msg = $this->_var_swap($template['data'], $swap);
// Remove multiple commas
$notify_address = reduce_multiples(ee()->config->item('mbr_notification_emails'), ',', TRUE);
// Send email
ee()->load->helper('text');
ee()->load->library('email');
ee()->email->wordwrap = true;
ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name'));
ee()->email->to($notify_address);
ee()->email->subject($email_tit);
ee()->email->message(entities_to_ascii($email_msg));
ee()->email->Send();
}
// -------------------------------------------
// 'member_member_register' hook.
// - Additional processing when a member is created through the User Side
// - $member_id added in 2.0.1
//
ee()->extensions->call('member_member_register', $data, $member_id);
if (ee()->extensions->end_script === TRUE) {
return;
}
//
// -------------------------------------------
// Send user notifications
if (ee()->config->item('req_mbr_activation') == 'email') {
$action_id = ee()->functions->fetch_action_id('Member', 'activate_member');
$name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username'];
$board_id = ee()->input->get_post('board_id') !== FALSE && is_numeric(ee()->input->get_post('board_id')) ? ee()->input->get_post('board_id') : 1;
$forum_id = ee()->input->get_post('FROM') == 'forum' ? '&r=f&board_id=' . $board_id : '';
$add = $mailinglist_subscribe !== TRUE ? '' : '&mailinglist=' . $_POST['mailinglist_subscribe'];
$swap = array('name' => $name, 'activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $data['authcode'] . $forum_id . $add, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email']);
$template = ee()->functions->fetch_email_template('mbr_activation_instructions');
$email_tit = $this->_var_swap($template['title'], $swap);
$email_msg = $this->_var_swap($template['data'], $swap);
// Send email
ee()->load->helper('text');
ee()->load->library('email');
ee()->email->wordwrap = true;
ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name'));
ee()->email->to($data['email']);
ee()->email->subject($email_tit);
ee()->email->message(entities_to_ascii($email_msg));
ee()->email->Send();
$message = lang('mbr_membership_instructions_email');
} elseif (ee()->config->item('req_mbr_activation') == 'manual') {
$message = lang('mbr_admin_will_activate');
} else {
// Log user in (the extra query is a little annoying)
ee()->load->library('auth');
$member_data_q = ee()->db->get_where('members', array('member_id' => $member_id));
$incoming = new Auth_result($member_data_q->row());
$incoming->remember_me();
$incoming->start_session();
$message = lang('mbr_your_are_logged_in');
}
// Build the message
if (ee()->input->get_post('FROM') == 'forum') {
$query = $this->_do_form_query();
$site_name = $query->row('board_label');
$return = $query->row('board_forum_url');
} else {
$site_name = ee()->config->item('site_name') == '' ? lang('back') : stripslashes(ee()->config->item('site_name'));
$return = ee()->config->item('site_url');
}
$data = array('title' => lang('mbr_registration_complete'), 'heading' => lang('thank_you'), 'content' => lang('mbr_registration_completed') . "\n\n" . $message, 'redirect' => '', 'link' => array($return, $site_name));
ee()->output->show_message($data);
}
function register_member($ext, $doRegister = TRUE, $error_handling = '')
{
$this->EE->load->helper('security');
$inline_errors = array();
//$this->EE->load->language("member");
/** -------------------------------------
/** Do we allow new member registrations?
/** ------------------------------------*/
if ($this->EE->config->item('allow_member_registration') == 'n') {
return array('general', array($this->EE->lang->line('member_registrations_not_allowed')));
}
/** ----------------------------------------
/** Is user banned?
/** ----------------------------------------*/
if ($this->EE->session->userdata['is_banned'] == TRUE) {
return array('general', array($this->EE->lang->line('not_authorized')));
}
/** ----------------------------------------
/** Blacklist/Whitelist Check
/** ----------------------------------------*/
if ($this->EE->blacklist->blacklisted == 'y' && $this->EE->blacklist->whitelisted == 'n') {
return array('general', array($this->EE->lang->line('not_authorized')));
}
$this->EE->load->helper('url');
/* -------------------------------------------
/* 'member_member_register_start' hook.
/* - Take control of member registration routine
/* - Added EE 1.4.2
*/
$edata = $this->EE->extensions->call('member_member_register_start');
if ($this->EE->extensions->end_script === TRUE) {
return;
}
/*
/* -------------------------------------------*/
/** ----------------------------------------
/** Set the default globals
/** ----------------------------------------*/
$default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location');
foreach ($default as $val) {
if (!isset($_POST[$val])) {
$_POST[$val] = '';
}
}
if ($_POST['screen_name'] == '') {
$_POST['screen_name'] = $_POST['username'];
}
/** -------------------------------------
/** Instantiate validation class
/** -------------------------------------*/
if (!class_exists('EE_Validate')) {
require APPPATH . 'libraries/Validate' . EXT;
}
$VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $_POST['username'], 'cur_username' => '', 'screen_name' => $_POST['screen_name'], 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => $_POST['email'], 'cur_email' => ''));
// load the language file
$this->EE->lang->loadfile('zoo_visitor');
$VAL->validate_email();
$inline_errors["email"] = $VAL->errors;
$offset = count($VAL->errors);
/** -------------------------------------
/** Zoo Visitor conditional checking
/** -------------------------------------*/
if ($this->zoo_settings['email_is_username'] != 'yes') {
$VAL->validate_username();
$inline_errors["username"] = array_slice($VAL->errors, $offset);
$offset = count($VAL->errors);
}
if ($this->zoo_settings['use_screen_name'] != "no") {
$VAL->validate_screen_name();
$inline_errors["screen_name"] = array_slice($VAL->errors, $offset);
$offset = count($VAL->errors);
}
$VAL->validate_password();
$inline_errors["password"] = array_slice($VAL->errors, $offset);
$offset = count($VAL->errors);
/** -------------------------------------
/** Do we have any custom fields?
/** -------------------------------------*/
$query = $this->EE->db->query("SELECT m_field_id, m_field_name, m_field_label, m_field_required FROM exp_member_fields");
$cust_errors = array();
$cust_fields = array();
if ($query->num_rows() > 0) {
foreach ($query->result_array() as $row) {
if ($row['m_field_required'] == 'y' && (!isset($_POST['m_field_id_' . $row['m_field_id']]) or $_POST['m_field_id_' . $row['m_field_id']] == '')) {
$cust_errors[] = $this->EE->lang->line('mbr_field_required') . ' ' . $row['m_field_label'];
$inline_errors[$row['m_field_name']] = array($this->EE->lang->line('mbr_field_required') . ' ' . $row['m_field_label']);
} elseif (isset($_POST['m_field_id_' . $row['m_field_id']])) {
$cust_fields['m_field_id_' . $row['m_field_id']] = $this->EE->security->xss_clean($_POST['m_field_id_' . $row['m_field_id']]);
}
}
}
if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) {
$cust_errors[] = $this->EE->lang->line('mbr_emails_not_match');
$inline_errors["email_confirm"] = array($this->EE->lang->line('mbr_emails_not_match'));
}
if ($this->EE->config->item('use_membership_captcha') == 'y') {
if (!isset($_POST['captcha']) or $_POST['captcha'] == '') {
$cust_errors[] = $this->EE->lang->line('captcha_required');
$inline_errors["captcha"] = array($this->EE->lang->line('captcha_required'));
}
}
/** ----------------------------------------
/** Do we require captcha?
/** ----------------------------------------*/
if ($this->EE->config->item('use_membership_captcha') == 'y') {
$query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . $this->EE->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200");
if ($query->row('count') == 0) {
$cust_errors[] = $this->EE->lang->line('captcha_incorrect');
$inline_errors["captcha"] = array($this->EE->lang->line('captcha_incorrect'));
}
//$this->EE->db->query("DELETE FROM exp_captcha WHERE (word='" . $this->EE->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200");
}
if ($this->EE->config->item('require_terms_of_service') == 'y') {
if (!isset($_POST['accept_terms'])) {
$cust_errors[] = $this->EE->lang->line('mbr_terms_of_service_required');
$inline_errors["accept_terms"] = array($this->EE->lang->line('mbr_terms_of_service_required'));
}
}
$errors = array_merge($VAL->errors, $cust_errors);
// ===========================
// = Set default membergroup =
// ===========================
if ($this->EE->config->item('req_mbr_activation') == 'manual' or $this->EE->config->item('req_mbr_activation') == 'email') {
$data['group_id'] = 4;
// Pending
} else {
if ($this->EE->config->item('default_member_group') == '') {
$data['group_id'] = 4;
// Pending
} else {
$data['group_id'] = $this->EE->config->item('default_member_group');
}
}
// ============================================
// = Check if there is a membergroup selected =
// ============================================
$selected_group_id = $this->check_membergroup_change($data);
/** -------------------------------------
/** Display error is there are any
/** -------------------------------------*/
if (count($errors) > 0) {
return array('submission', $inline_errors);
//return array('submission', $errors);
}
if (!$doRegister) {
return TRUE;
}
/** ----------------------------------------
/** Secure Mode Forms?
/** ----------------------------------------*/
if ($this->EE->config->item('secure_forms') == 'y') {
if (version_compare(APP_VER, '2.5.4', '>=')) {
// Secure Mode Forms?
if ($this->EE->config->item('secure_forms') == 'y' and !$this->EE->security->secure_forms_check($this->EE->input->post('XID'))) {
return $this->EE->output->show_user_error('general', array(lang('not_authorized')));
}
} else {
$query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='" . $this->EE->db->escape_str($_POST['XID']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200");
if ($query->row('count') == 0) {
return array('general', array($this->EE->lang->line('not_authorized')));
}
$this->EE->db->query("DELETE FROM exp_security_hashes WHERE (hash='" . $this->EE->db->escape_str($_POST['XID']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200");
}
}
/** -------------------------------------
/** Assign the base query data
/** -------------------------------------*/
$data['username'] = $_POST['username'];
$data['password'] = version_compare(APP_VER, '2.6.0', '<') ? $this->EE->functions->hash(stripslashes($_POST['password'])) : do_hash(stripslashes($_POST['password']));
$data['ip_address'] = $this->EE->input->ip_address();
$data['unique_id'] = $this->EE->functions->random('encrypt');
$data['join_date'] = $this->EE->localize->now;
$data['email'] = $_POST['email'];
$data['screen_name'] = $_POST['screen_name'];
$data['url'] = prep_url($_POST['url']);
$data['location'] = $_POST['location'];
// overridden below if used as optional fields
$data['language'] = $this->EE->config->item('deft_lang') ? $this->EE->config->item('deft_lang') : 'english';
$data['time_format'] = $this->EE->config->item('time_format') ? $this->EE->config->item('time_format') : 'us';
$data['timezone'] = $this->EE->config->item('default_site_timezone') && $this->EE->config->item('default_site_timezone') != '' ? $this->EE->config->item('default_site_timezone') : $this->EE->config->item('server_timezone');
if (APP_VER < '2.6.0') {
$data['daylight_savings'] = $this->EE->config->item('default_site_dst') && $this->EE->config->item('default_site_dst') != '' ? $this->EE->config->item('default_site_dst') : $this->EE->config->item('daylight_savings');
}
// ==========================
// = Standard member fields =
// ==========================
$fields = array('bday_y', 'bday_m', 'bday_d', 'url', 'location', 'occupation', 'interests', 'aol_im', 'icq', 'yahoo_im', 'msn_im', 'bio');
foreach ($fields as $val) {
if ($this->EE->input->post($val)) {
$data[$val] = isset($_POST[$val]) ? $this->EE->security->xss_clean($_POST[$val]) : '';
unset($_POST[$val]);
}
}
if (isset($data['bday_d']) && is_numeric($data['bday_d']) && is_numeric($data['bday_m'])) {
$year = $data['bday_y'] != '' ? $data['bday_y'] : date('Y');
$mdays = $this->EE->localize->fetch_days_in_month($data['bday_m'], $year);
if ($data['bday_d'] > $mdays) {
$data['bday_d'] = $mdays;
}
}
// Optional Fields
$optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'time_format' => 'time_format');
foreach ($optional as $key => $value) {
if (isset($_POST[$value])) {
$data[$key] = $_POST[$value];
}
}
/*
if ($this->EE->input->post('daylight_savings') == 'y') {
$data['daylight_savings'] = 'y';
}
elseif ($this->EE->input->post('daylight_savings') == 'n') {
$data['daylight_savings'] = 'n';
}
*/
// We generate an authorization code if the member needs to self-activate
if ($this->EE->config->item('req_mbr_activation') == 'email') {
$data['authcode'] = $this->EE->functions->random('alnum', 10);
}
/** -------------------------------------
/** Insert basic member data
/** -------------------------------------*/
$this->EE->db->query($this->EE->db->insert_string('exp_members', $data));
$member_id = $this->EE->db->insert_id();
// =============================================
// = Override the screenname for use in emails =
// =============================================
$screen_name_overriden = $this->get_override_screen_name();
$data['screen_name'] = $screen_name_overriden !== FALSE ? $screen_name_overriden : $data['screen_name'];
// =========================================================================================
// = Store the selected membergroup if it is defined in the form AND activation is required =
// ==========================================================================================
if (isset($selected_group_id) and is_numeric($selected_group_id) and $selected_group_id != '1') {
if ($this->EE->config->item('req_mbr_activation') == 'email' || $this->EE->config->item('req_mbr_activation') == 'manual') {
$activation_data = array();
$activation_data['member_id'] = $member_id;
$activation_data['group_id'] = $selected_group_id;
$this->EE->db->insert('zoo_visitor_activation_membergroup', $activation_data);
}
}
// =====================
// = HASH THE PASSWORD =
// =====================
$this->EE->load->library('auth');
$hashed_pair = $this->EE->auth->hash_password($_POST['password']);
if ($hashed_pair === FALSE) {
} else {
$this->EE->db->where('member_id', (int) $member_id);
$this->EE->db->update('members', $hashed_pair);
}
/** -------------------------------------
/** Insert custom fields
/** -------------------------------------*/
$cust_fields['member_id'] = $member_id;
$this->EE->db->query($this->EE->db->insert_string('exp_member_data', $cust_fields));
/** -------------------------------------
/** Create a record in the member homepage table
/** -------------------------------------*/
// This is only necessary if the user gains CP access, but we'll add the record anyway.
$this->EE->db->query($this->EE->db->insert_string('exp_member_homepage', array('member_id' => $member_id)));
/** -------------------------------------
/** Mailinglist Subscribe
/** -------------------------------------*/
$mailinglist_subscribe = FALSE;
if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) {
// Kill duplicate emails from authorizatin queue.
$this->EE->db->query("DELETE FROM exp_mailing_list_queue WHERE email = '" . $this->EE->db->escape_str($_POST['email']) . "'");
// Validate Mailing List ID
$query = $this->EE->db->query("SELECT COUNT(*) AS count\n\t\t\t\t\t\t\t\t FROM exp_mailing_lists\n\t\t\t\t\t\t\t\t WHERE list_id = '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "'");
// Email Not Already in Mailing List
$results = $this->EE->db->query("SELECT count(*) AS count\n\t\t\t\t\t\t\t\t\tFROM exp_mailing_list\n\t\t\t\t\t\t\t\t\tWHERE email = '" . $this->EE->db->escape_str($_POST['email']) . "'\n\t\t\t\t\t\t\t\t\tAND list_id = '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "'");
/** -------------------------------------
/** INSERT Email
/** -------------------------------------*/
if ($query->row('count') > 0 && $results->row('count') == 0) {
$mailinglist_subscribe = TRUE;
$code = $this->EE->functions->random('alnum', 10);
if ($this->EE->config->item('req_mbr_activation') == 'email') {
// Activated When Membership Activated
$this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\n\t\t\t\t\t\t\t\tVALUES ('" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')");
} elseif ($this->EE->config->item('req_mbr_activation') == 'manual') {
// Mailing List Subscribe Email
$this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\n\t\t\t\t\t\t\t\tVALUES ('" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')");
$this->EE->lang->loadfile('mailinglist');
$action_id = $this->EE->functions->fetch_action_id('Mailinglist', 'authorize_email');
$swap = array('activation_url' => $this->EE->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $code, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url'));
$template = $this->EE->functions->fetch_email_template('mailinglist_activation_instructions');
$email_tit = $this->EE->functions->var_swap($template['title'], $swap);
$email_msg = $this->EE->functions->var_swap($template['data'], $swap);
/** ----------------------------
/** Send email
/** ----------------------------*/
$this->EE->load->library('email');
$this->EE->email->wordwrap = true;
$this->EE->email->mailtype = 'plain';
$this->EE->email->priority = '3';
$this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name'));
$this->EE->email->to($_POST['email']);
$this->EE->email->subject($email_tit);
$this->EE->email->message($email_msg);
$this->EE->email->send();
} else {
// Automatically Accepted
$this->EE->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)\n\t\t\t\t\t\t\t\t\t\t VALUES ('" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($this->EE->input->ip_address()) . "')");
}
}
}
/** -------------------------------------
/** Update
/** -------------------------------------*/
if ($this->EE->config->item('req_mbr_activation') == 'none') {
$this->EE->stats->update_member_stats();
}
/** -------------------------------------
/** Send admin notifications
/** -------------------------------------*/
if ($this->EE->config->item('new_member_notification') == 'y' and $this->EE->config->item('mbr_notification_emails') != '') {
$name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username'];
$swap = array('name' => $name, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'control_panel_url' => $this->EE->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email']);
$template = $this->EE->functions->fetch_email_template('admin_notify_reg');
$email_tit = $this->_var_swap($template['title'], $swap);
$email_msg = $this->_var_swap($template['data'], $swap);
$this->EE->load->helper('string');
// Remove multiple commas
$notify_address = reduce_multiples($this->EE->config->item('mbr_notification_emails'), ',', TRUE);
/** ----------------------------
/** Send email
/** ----------------------------*/
// Load the text helper
$this->EE->load->helper('text');
$this->EE->load->library('email');
$this->EE->email->wordwrap = true;
$this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name'));
$this->EE->email->to($notify_address);
$this->EE->email->subject($email_tit);
$this->EE->email->message(entities_to_ascii($email_msg));
$this->EE->email->Send();
}
// -------------------------------------------
// 'member_member_register' hook.
// - Additional processing when a member is created through the User Side
// - $member_id added in 2.0.1
//
$edata = $this->EE->extensions->call('member_member_register', $data, $member_id);
if ($this->EE->extensions->end_script === TRUE) {
return;
}
//
// -------------------------------------------
/** -------------------------------------
/** Zoo Visitor assignment
/** -------------------------------------*/
$member_data = $data;
$member_data["member_id"] = $member_id;
/** -------------------------------------
/** Send user notifications
/** -------------------------------------*/
if ($this->EE->config->item('req_mbr_activation') == 'email') {
$action_id = $this->EE->functions->fetch_action_id('Member', 'activate_member');
$name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username'];
$board_id = $this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id')) ? $this->EE->input->get_post('board_id') : 1;
$forum_id = $this->EE->input->get_post('FROM') == 'forum' ? '&r=f&board_id=' . $board_id : '';
$add = $mailinglist_subscribe !== TRUE ? '' : '&mailinglist=' . $_POST['mailinglist_subscribe'];
$swap = array('name' => $name, 'activation_url' => $this->EE->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $data['authcode'] . $forum_id . $add, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email']);
$template = $this->EE->functions->fetch_email_template('mbr_activation_instructions');
$email_tit = $this->_var_swap($template['title'], $swap);
$email_msg = $this->_var_swap($template['data'], $swap);
/** ----------------------------
/** Send email
/** ----------------------------*/
// Load the text helper
$this->EE->load->helper('text');
$this->EE->load->library('email');
$this->EE->email->wordwrap = true;
$this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name'));
$this->EE->email->to($data['email']);
$this->EE->email->subject($email_tit);
$this->EE->email->message(entities_to_ascii($email_msg));
$this->EE->email->Send();
$message = $this->EE->lang->line('mbr_membership_instructions_email');
} elseif ($this->EE->config->item('req_mbr_activation') == 'manual') {
$message = $this->EE->lang->line('mbr_admin_will_activate');
} else {
/** ----------------------------------------
/** Log user is handled at the end of the extension
/** ----------------------------------------*/
}
/** ----------------------------------------
/** Build the message
/** ----------------------------------------*/
if ($this->EE->input->get_post('FROM') == 'forum') {
if ($this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id'))) {
$query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '" . $this->EE->db->escape_str($this->EE->input->get_post('board_id')) . "'");
} else {
$query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '1'");
}
$site_name = $query->row('board_label');
$return = $query->row('board_forum_url');
} else {
$site_name = $this->EE->config->item('site_name') == '' ? $this->EE->lang->line('back') : stripslashes($this->EE->config->item('site_name'));
$return = $this->EE->config->item('site_url');
}
$data = array('title' => $this->EE->lang->line('mbr_registration_complete'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('mbr_registration_completed'), 'redirect' => '', 'link' => array($return, $site_name), 'result' => 'registration_complete', 'member_data' => $member_data);
//$this->EE->output->show_message($data);
return $data;
}
/** ----------------------------------
/** Update the username/password
/** ----------------------------------*/
function update_un_pw()
{
$missing = FALSE;
if ( ! isset($_POST['new_username']) AND ! isset($_POST['new_password']))
{
$missing = TRUE;
}
if ((isset($_POST['new_username']) AND $_POST['new_username'] == '') OR (isset($_POST['new_password']) AND $_POST['new_password'] == ''))
{
$missing = TRUE;
}
if ($this->EE->input->post('username') == '' OR $this->EE->input->get_post('password') == '')
{
$missing = TRUE;
}
if ($missing == TRUE)
{
return $this->EE->output->show_user_error('submission', $this->EE->lang->line('all_fields_required'));
}
/** ----------------------------------------
/** Check password lockout status
/** ----------------------------------------*/
if ($this->EE->session->check_password_lockout($this->EE->input->post('username')) === TRUE)
{
$line = str_replace("%x", $this->EE->config->item('password_lockout_interval'), $this->EE->lang->line('password_lockout_in_effect'));
return $this->EE->output->show_user_error('submission', $line);
}
/** ----------------------------------------
/** Fetch member data
/** ----------------------------------------*/
$sql = "SELECT member_id, group_id
FROM exp_members
WHERE username = '******'username'))."'
AND password = '******'password')))."'";
$query = $this->EE->db->query($sql);
/** ----------------------------------------
/** Invalid Username or Password
/** ----------------------------------------*/
if ($query->num_rows() == 0)
{
$this->EE->session->save_password_lockout($this->EE->input->post('username'));
return $this->EE->output->show_user_error('submission', $this->EE->lang->line('invalid_existing_un_pw'));
}
$member_id = $query->row('member_id') ;
/** ----------------------------------------
/** Is the user banned?
/** ----------------------------------------*/
// Super Admins can't be banned
if ($query->row('group_id') != 1)
{
if ($this->EE->session->ban_check())
{
return $this->EE->output->fatal_error($this->EE->lang->line('not_authorized'));
}
}
/** -------------------------------------
/** Instantiate validation class
/** -------------------------------------*/
if ( ! class_exists('EE_Validate'))
{
require APPPATH.'libraries/Validate'.EXT;
}
$new_un = (isset($_POST['new_username'])) ? $_POST['new_username'] : '';
$new_pw = (isset($_POST['new_password'])) ? $_POST['new_password'] : '';
$new_pwc = (isset($_POST['new_password_confirm'])) ? $_POST['new_password_confirm'] : '';
$VAL = new EE_Validate(
array(
'val_type' => 'new',
'fetch_lang' => TRUE,
'require_cpw' => FALSE,
'enable_log' => FALSE,
'username' => $new_un,
'password' => $new_pw,
'password_confirm' => $new_pwc,
'cur_password' => $_POST['password'],
)
);
$un_exists = (isset($_POST['new_username']) AND $_POST['new_username'] != '') ? TRUE : FALSE;
$pw_exists = (isset($_POST['new_password']) AND $_POST['new_password'] != '') ? TRUE : FALSE;
if ($un_exists)
$VAL->validate_username();
if ($pw_exists)
$VAL->validate_password();
/** -------------------------------------
/** Display error is there are any
/** -------------------------------------*/
if (count($VAL->errors) > 0)
{
return $this->EE->output->show_user_error('submission', $VAL->errors);
}
if ($un_exists)
{
$this->EE->db->query("UPDATE exp_members SET username = '******'new_username'])."' WHERE member_id = '{$member_id}'");
}
if ($pw_exists)
{
$this->EE->db->query("UPDATE exp_members SET password = '******'new_password']))."' WHERE member_id = '{$member_id}'");
}
// Clear the tracker cookie since we're not sure where the redirect should go
$this->EE->functions->set_cookie('tracker');
$return = $this->EE->functions->form_backtrack();
if ($this->EE->config->item('user_session_type') != 'c')
{
if ($this->EE->config->item('force_query_string') == 'y' && substr($return, 0, -3) == "php")
{
$return .= '?';
}
if ($this->EE->session->userdata['session_id'] != '')
{
$return .= "/S=".$this->EE->session->userdata['session_id']."/";
}
}
if ($this->EE->uri->segment(5))
{
$link = $this->EE->functions->create_url($this->EE->uri->segment(5));
$line = $this->EE->lang->line('return_to_forum');
}
else
{
$link = $this->_member_path('login');
$line = $this->EE->lang->line('return_to_login');
}
// We're done.
$data = array( 'title' => $this->EE->lang->line('settings_update'),
'heading' => $this->EE->lang->line('thank_you'),
'content' => $this->EE->lang->line('unpw_updated'),
'link' => array($link, $line)
);
$this->EE->output->show_message($data);
}
/** ----------------------------------------
/** Register Member
/** ----------------------------------------*/
function register_member()
{
/** -------------------------------------
/** Do we allow new member registrations?
/** ------------------------------------*/
if ($this->EE->config->item('allow_member_registration') == 'n')
{
return FALSE;
}
/** ----------------------------------------
/** Is user banned?
/** ----------------------------------------*/
if ($this->EE->session->userdata['is_banned'] == TRUE)
{
return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized')));
}
/** ----------------------------------------
/** Blacklist/Whitelist Check
/** ----------------------------------------*/
if ($this->EE->blacklist->blacklisted == 'y' && $this->EE->blacklist->whitelisted == 'n')
{
return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized')));
}
$this->EE->load->helper('url');
/* -------------------------------------------
/* 'member_member_register_start' hook.
/* - Take control of member registration routine
/* - Added EE 1.4.2
*/
$edata = $this->EE->extensions->call('member_member_register_start');
if ($this->EE->extensions->end_script === TRUE) return;
/*
/* -------------------------------------------*/
/** ----------------------------------------
/** Set the default globals
/** ----------------------------------------*/
$default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location');
foreach ($default as $val)
{
if ( ! isset($_POST[$val])) $_POST[$val] = '';
}
if ($_POST['screen_name'] == '')
$_POST['screen_name'] = $_POST['username'];
/** -------------------------------------
/** Instantiate validation class
/** -------------------------------------*/
if ( ! class_exists('EE_Validate'))
{
require APPPATH.'libraries/Validate'.EXT;
}
$VAL = new EE_Validate(
array(
'member_id' => '',
'val_type' => 'new', // new or update
'fetch_lang' => TRUE,
'require_cpw' => FALSE,
'enable_log' => FALSE,
'username' => $_POST['username'],
'cur_username' => '',
'screen_name' => $_POST['screen_name'],
'cur_screen_name' => '',
'password' => $_POST['password'],
'password_confirm' => $_POST['password_confirm'],
'cur_password' => '',
'email' => $_POST['email'],
'cur_email' => ''
)
);
$VAL->validate_username();
$VAL->validate_screen_name();
$VAL->validate_password();
$VAL->validate_email();
/** -------------------------------------
/** Do we have any custom fields?
/** -------------------------------------*/
$query = $this->EE->db->query("SELECT m_field_id, m_field_name, m_field_label, m_field_required FROM exp_member_fields WHERE m_field_reg = 'y'");
$cust_errors = array();
$cust_fields = array();
if ($query->num_rows() > 0)
{
foreach ($query->result_array() as $row)
{
if ($row['m_field_required'] == 'y' && ( ! isset($_POST['m_field_id_'.$row['m_field_id']]) OR $_POST['m_field_id_'.$row['m_field_id']] == ''))
{
$cust_errors[] = $this->EE->lang->line('mbr_field_required').' '.$row['m_field_label'];
}
elseif (isset($_POST['m_field_id_'.$row['m_field_id']]))
{
$cust_fields['m_field_id_'.$row['m_field_id']] = $this->EE->security->xss_clean($_POST['m_field_id_'.$row['m_field_id']]);
}
}
}
if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm'])
{
$cust_errors[] = $this->EE->lang->line('mbr_emails_not_match');
}
if ($this->EE->config->item('use_membership_captcha') == 'y')
{
if ( ! isset($_POST['captcha']) OR $_POST['captcha'] == '')
{
$cust_errors[] = $this->EE->lang->line('captcha_required');
}
}
if ($this->EE->config->item('require_terms_of_service') == 'y')
{
if ( ! isset($_POST['accept_terms']))
{
$cust_errors[] = $this->EE->lang->line('mbr_terms_of_service_required');
}
}
$errors = array_merge($VAL->errors, $cust_errors);
/** -------------------------------------
/** Display error is there are any
/** -------------------------------------*/
if (count($errors) > 0)
{
return $this->EE->output->show_user_error('submission', $errors);
}
/** ----------------------------------------
/** Do we require captcha?
/** ----------------------------------------*/
if ($this->EE->config->item('use_membership_captcha') == 'y')
{
$query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='".$this->EE->db->escape_str($_POST['captcha'])."' AND ip_address = '".$this->EE->input->ip_address()."' AND date > UNIX_TIMESTAMP()-7200");
if ($query->row('count') == 0)
{
return $this->EE->output->show_user_error('submission', array($this->EE->lang->line('captcha_incorrect')));
}
$this->EE->db->query("DELETE FROM exp_captcha WHERE (word='".$this->EE->db->escape_str($_POST['captcha'])."' AND ip_address = '".$this->EE->input->ip_address()."') OR date < UNIX_TIMESTAMP()-7200");
}
/** ----------------------------------------
/** Secure Mode Forms?
/** ----------------------------------------*/
if ($this->EE->config->item('secure_forms') == 'y')
{
$query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='".$this->EE->db->escape_str($_POST['XID'])."' AND ip_address = '".$this->EE->input->ip_address()."' AND ip_address = '".$this->EE->input->ip_address()."' AND date > UNIX_TIMESTAMP()-7200");
if ($query->row('count') == 0)
{
return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized')));
}
$this->EE->db->query("DELETE FROM exp_security_hashes WHERE (hash='".$this->EE->db->escape_str($_POST['XID'])."' AND ip_address = '".$this->EE->input->ip_address()."') OR date < UNIX_TIMESTAMP()-7200");
}
/** -------------------------------------
/** Assign the base query data
/** -------------------------------------*/
// Set member group
if ($this->EE->config->item('req_mbr_activation') == 'manual' OR $this->EE->config->item('req_mbr_activation') == 'email')
{
$data['group_id'] = 4; // Pending
}
else
{
if ($this->EE->config->item('default_member_group') == '')
{
$data['group_id'] = 4; // Pending
}
else
{
$data['group_id'] = $this->EE->config->item('default_member_group');
}
}
$data['username'] = $_POST['username'];
$data['password'] = $this->EE->functions->hash(stripslashes($_POST['password']));
$data['ip_address'] = $this->EE->input->ip_address();
$data['unique_id'] = $this->EE->functions->random('encrypt');
$data['join_date'] = $this->EE->localize->now;
$data['email'] = $_POST['email'];
$data['screen_name'] = $_POST['screen_name'];
$data['url'] = prep_url($_POST['url']);
$data['location'] = $_POST['location'];
// overridden below if used as optional fields
$data['language'] = ($this->EE->config->item('deft_lang')) ? $this->EE->config->item('deft_lang') : 'english';
$data['time_format'] = ($this->EE->config->item('time_format')) ? $this->EE->config->item('time_format') : 'us';
$data['timezone'] = ($this->EE->config->item('default_site_timezone') && $this->EE->config->item('default_site_timezone') != '') ? $this->EE->config->item('default_site_timezone') : $this->EE->config->item('server_timezone');
$data['daylight_savings'] = ($this->EE->config->item('default_site_dst') && $this->EE->config->item('default_site_dst') != '') ? $this->EE->config->item('default_site_dst') : $this->EE->config->item('daylight_savings');
// Optional Fields
$optional = array('bio' => 'bio',
'language' => 'deft_lang',
'timezone' => 'server_timezone',
'time_format' => 'time_format');
foreach($optional as $key => $value)
{
if (isset($_POST[$value]))
{
$data[$key] = $_POST[$value];
}
}
if ($this->EE->input->post('daylight_savings') == 'y')
{
$data['daylight_savings'] = 'y';
}
elseif ($this->EE->input->post('daylight_savings') == 'n')
{
$data['daylight_savings'] = 'n';
}
// We generate an authorization code if the member needs to self-activate
if ($this->EE->config->item('req_mbr_activation') == 'email')
{
$data['authcode'] = $this->EE->functions->random('alnum', 10);
}
/** -------------------------------------
/** Insert basic member data
/** -------------------------------------*/
$this->EE->db->query($this->EE->db->insert_string('exp_members', $data));
$member_id = $this->EE->db->insert_id();
/** -------------------------------------
/** Insert custom fields
/** -------------------------------------*/
$cust_fields['member_id'] = $member_id;
$this->EE->db->query($this->EE->db->insert_string('exp_member_data', $cust_fields));
/** -------------------------------------
/** Create a record in the member homepage table
/** -------------------------------------*/
// This is only necessary if the user gains CP access, but we'll add the record anyway.
$this->EE->db->query($this->EE->db->insert_string('exp_member_homepage', array('member_id' => $member_id)));
/** -------------------------------------
/** Mailinglist Subscribe
/** -------------------------------------*/
$mailinglist_subscribe = FALSE;
if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe']))
{
// Kill duplicate emails from authorizatin queue.
$this->EE->db->query("DELETE FROM exp_mailing_list_queue WHERE email = '".$this->EE->db->escape_str($_POST['email'])."'");
// Validate Mailing List ID
$query = $this->EE->db->query("SELECT COUNT(*) AS count
FROM exp_mailing_lists
WHERE list_id = '".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."'");
// Email Not Already in Mailing List
$results = $this->EE->db->query("SELECT count(*) AS count
FROM exp_mailing_list
WHERE email = '".$this->EE->db->escape_str($_POST['email'])."'
AND list_id = '".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."'");
/** -------------------------------------
/** INSERT Email
/** -------------------------------------*/
if ($query->row('count') > 0 && $results->row('count') == 0)
{
$mailinglist_subscribe = TRUE;
$code = $this->EE->functions->random('alnum', 10);
if ($this->EE->config->item('req_mbr_activation') == 'email')
{
// Activated When Membership Activated
$this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)
VALUES ('".$this->EE->db->escape_str($_POST['email'])."', '".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".time()."')");
}
elseif ($this->EE->config->item('req_mbr_activation') == 'manual')
{
// Mailing List Subscribe Email
$this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)
VALUES ('".$this->EE->db->escape_str($_POST['email'])."', '".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".time()."')");
$this->EE->lang->loadfile('mailinglist');
$action_id = $this->EE->functions->fetch_action_id('Mailinglist', 'authorize_email');
$swap = array(
'activation_url' => $this->EE->functions->fetch_site_index(0, 0).QUERY_MARKER.'ACT='.$action_id.'&id='.$code,
'site_name' => stripslashes($this->EE->config->item('site_name')),
'site_url' => $this->EE->config->item('site_url')
);
$template = $this->EE->functions->fetch_email_template('mailinglist_activation_instructions');
$email_tit = $this->EE->functions->var_swap($template['title'], $swap);
$email_msg = $this->EE->functions->var_swap($template['data'], $swap);
/** ----------------------------
/** Send email
/** ----------------------------*/
$this->EE->load->library('email');
$this->EE->email->wordwrap = true;
$this->EE->email->mailtype = 'plain';
$this->EE->email->priority = '3';
$this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name'));
$this->EE->email->to($_POST['email']);
$this->EE->email->subject($email_tit);
$this->EE->email->message($email_msg);
$this->EE->email->send();
}
else
{
// Automatically Accepted
$this->EE->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)
VALUES ('".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".$this->EE->db->escape_str($_POST['email'])."', '".$this->EE->db->escape_str($this->EE->input->ip_address())."')");
}
}
}
/** -------------------------------------
/** Update
/** -------------------------------------*/
if ($this->EE->config->item('req_mbr_activation') == 'none')
{
$this->EE->stats->update_member_stats();
}
/** -------------------------------------
/** Send admin notifications
/** -------------------------------------*/
if ($this->EE->config->item('new_member_notification') == 'y' AND $this->EE->config->item('mbr_notification_emails') != '')
{
$name = ($data['screen_name'] != '') ? $data['screen_name'] : $data['username'];
$swap = array(
'name' => $name,
'site_name' => stripslashes($this->EE->config->item('site_name')),
'control_panel_url' => $this->EE->config->item('cp_url'),
'username' => $data['username'],
'email' => $data['email']
);
$template = $this->EE->functions->fetch_email_template('admin_notify_reg');
$email_tit = $this->_var_swap($template['title'], $swap);
$email_msg = $this->_var_swap($template['data'], $swap);
$this->EE->load->helper('string');
// Remove multiple commas
$notify_address = reduce_multiples($this->EE->config->item('mbr_notification_emails'), ',', TRUE);
/** ----------------------------
/** Send email
/** ----------------------------*/
// Load the text helper
$this->EE->load->helper('text');
$this->EE->load->library('email');
$this->EE->email->wordwrap = true;
$this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name'));
$this->EE->email->to($notify_address);
$this->EE->email->subject($email_tit);
$this->EE->email->message(entities_to_ascii($email_msg));
$this->EE->email->Send();
}
// -------------------------------------------
// 'member_member_register' hook.
// - Additional processing when a member is created through the User Side
// - $member_id added in 2.0.1
//
$edata = $this->EE->extensions->call('member_member_register', $data, $member_id);
if ($this->EE->extensions->end_script === TRUE) return;
//
// -------------------------------------------
/** -------------------------------------
/** Send user notifications
/** -------------------------------------*/
if ($this->EE->config->item('req_mbr_activation') == 'email')
{
$action_id = $this->EE->functions->fetch_action_id('Member', 'activate_member');
$name = ($data['screen_name'] != '') ? $data['screen_name'] : $data['username'];
$board_id = ($this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id'))) ? $this->EE->input->get_post('board_id') : 1;
$forum_id = ($this->EE->input->get_post('FROM') == 'forum') ? '&r=f&board_id='.$board_id : '';
$add = ($mailinglist_subscribe !== TRUE) ? '' : '&mailinglist='.$_POST['mailinglist_subscribe'];
$swap = array(
'name' => $name,
'activation_url' => $this->EE->functions->fetch_site_index(0, 0).QUERY_MARKER.'ACT='.$action_id.'&id='.$data['authcode'].$forum_id.$add,
'site_name' => stripslashes($this->EE->config->item('site_name')),
'site_url' => $this->EE->config->item('site_url'),
'username' => $data['username'],
'email' => $data['email']
);
$template = $this->EE->functions->fetch_email_template('mbr_activation_instructions');
$email_tit = $this->_var_swap($template['title'], $swap);
$email_msg = $this->_var_swap($template['data'], $swap);
/** ----------------------------
/** Send email
/** ----------------------------*/
// Load the text helper
$this->EE->load->helper('text');
$this->EE->load->library('email');
$this->EE->email->wordwrap = true;
$this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name'));
$this->EE->email->to($data['email']);
$this->EE->email->subject($email_tit);
$this->EE->email->message(entities_to_ascii($email_msg));
$this->EE->email->Send();
$message = $this->EE->lang->line('mbr_membership_instructions_email');
}
elseif ($this->EE->config->item('req_mbr_activation') == 'manual')
{
$message = $this->EE->lang->line('mbr_admin_will_activate');
}
else
{
/** ----------------------------------------
/** Log user in
/** ----------------------------------------*/
$expire = 60*60*24*182;
$this->EE->functions->set_cookie($this->EE->session->c_expire , time()+$expire, $expire);
$this->EE->functions->set_cookie($this->EE->session->c_uniqueid , $data['unique_id'], $expire);
$this->EE->functions->set_cookie($this->EE->session->c_password , $data['password'], $expire);
/** ----------------------------------------
/** Create a new session
/** ----------------------------------------*/
if ($this->EE->config->item('user_session_type') == 'cs' OR $this->EE->config->item('user_session_type') == 's')
{
$this->EE->session->sdata['session_id'] = $this->EE->functions->random();
$this->EE->session->sdata['member_id'] = $member_id;
$this->EE->session->sdata['last_activity'] = $this->EE->localize->now;
$this->EE->session->sdata['site_id'] = $this->EE->config->item('site_id');
$this->EE->functions->set_cookie($this->EE->session->c_session , $this->EE->session->sdata['session_id'], $this->EE->session->session_length);
$this->EE->db->query($this->EE->db->insert_string('exp_sessions', $this->EE->session->sdata));
}
/** ----------------------------------------
/** Update existing session variables
/** ----------------------------------------*/
$this->EE->session->userdata['username'] = $data['username'];
$this->EE->session->userdata['member_id'] = $member_id;
/** ----------------------------------------
/** Update stats
/** ----------------------------------------*/
$cutoff = $this->EE->localize->now - (15 * 60);
$this->EE->db->query("DELETE FROM exp_online_users WHERE site_id = '".$this->EE->db->escape_str($this->EE->config->item('site_id'))."' AND ((ip_address = '".$this->EE->input->ip_address()."' AND member_id = '0') OR date < $cutoff)");
$data = array(
'member_id' => $this->EE->session->userdata('member_id'),
'name' => ($this->EE->session->userdata['screen_name'] == '') ? $this->EE->session->userdata['username'] : $this->EE->session->userdata['screen_name'],
'ip_address' => $this->EE->input->ip_address(),
'date' => $this->EE->localize->now,
'anon' => 'y',
'site_id' => $this->EE->config->item('site_id')
);
$this->EE->db->query($this->EE->db->update_string('exp_online_users', $data, array("ip_address" => $this->EE->input->ip_address(), "member_id" => $data['member_id'])));
$message = $this->EE->lang->line('mbr_your_are_logged_in');
}
/** ----------------------------------------
/** Build the message
/** ----------------------------------------*/
if ($this->EE->input->get_post('FROM') == 'forum')
{
if ($this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id')))
{
$query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '".$this->EE->db->escape_str($this->EE->input->get_post('board_id'))."'");
}
else
{
$query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '1'");
}
$site_name = $query->row('board_label') ;
$return = $query->row('board_forum_url') ;
}
else
{
$site_name = ($this->EE->config->item('site_name') == '') ? $this->EE->lang->line('back') : stripslashes($this->EE->config->item('site_name'));
$return = $this->EE->config->item('site_url');
}
$data = array( 'title' => $this->EE->lang->line('mbr_registration_complete'),
'heading' => $this->EE->lang->line('thank_you'),
'content' => $this->EE->lang->line('mbr_registration_completed')."\n\n".$message,
'redirect' => '',
'link' => array($return, $site_name)
);
$this->EE->output->show_message($data);
}
