function validate_member($use_screen_name = 'yes') { /** ------------------------------------- /** Instantiate validation class /** -------------------------------------*/ if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate' . EXT; } $VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $_POST['username'], 'cur_username' => '', 'screen_name' => $_POST['screen_name'], 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => $_POST['email'], 'cur_email' => '')); $VAL->validate_username(); $VAL->validate_email(); $VAL->validate_password(); if ($use_screen_name == 'yes') { $VAL->validate_screen_name(); } // Display errors if there are any if (count($VAL->errors) > 0) { return array('result' => 'failed', 'errors' => $VAL->errors); } else { return TRUE; } }
/** ---------------------------------- /** Update the username/password /** ----------------------------------*/ function update_un_pw() { ee()->load->library('auth'); // Run through basic verifications: authenticate, username and // password both exist, not banned, IP checking is okay if (!($verify_result = ee()->auth->verify())) { // In the event it's a string, send it to show_user_error return ee()->output->show_user_error('submission', implode(', ', ee()->auth->errors)); } list($username, $password, $incoming) = $verify_result; $member_id = $incoming->member('member_id'); /** ------------------------------------- /** Instantiate validation class /** -------------------------------------*/ if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate.php'; } $new_un = (string) ee()->input->post('new_username'); $new_pw = (string) ee()->input->post('new_password'); $new_pwc = (string) ee()->input->post('new_password_confirm'); $VAL = new EE_Validate(array('val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $new_un, 'password' => $new_pw, 'password_confirm' => $new_pwc, 'cur_password' => $password)); $un_exists = $new_un !== '' ? TRUE : FALSE; $pw_exists = ($new_pw !== '' and $new_pwc !== '') ? TRUE : FALSE; if ($un_exists) { $VAL->validate_username(); } if ($pw_exists) { $VAL->validate_password(); } /** ------------------------------------- /** Display errors if there are any /** -------------------------------------*/ if (count($VAL->errors) > 0) { return ee()->output->show_user_error('submission', $VAL->errors); } if ($un_exists) { ee()->auth->update_username($member_id, $new_un); } if ($pw_exists) { ee()->auth->update_password($member_id, $new_pw); } // Clear the tracker cookie since we're not sure where the redirect should go ee()->input->delete_cookie('tracker'); $return = ee()->functions->form_backtrack(); if (ee()->config->item('website_session_type') != 'c') { if (ee()->config->item('force_query_string') == 'y' && substr($return, 0, -3) == "php") { $return .= '?'; } if (ee()->session->userdata['session_id'] != '') { $return .= "/S=" . ee()->session->userdata['session_id'] . "/"; } } if (ee()->uri->segment(5)) { $link = ee()->functions->create_url(ee()->uri->segment(5)); $line = lang('return_to_forum'); } else { $link = $this->_member_path('login'); $line = lang('return_to_login'); } // We're done. $data = array('title' => lang('settings_update'), 'heading' => lang('thank_you'), 'content' => lang('unpw_updated'), 'link' => array($link, $line)); ee()->output->show_message($data); }
/** * Update the username/password * * This function performs the update once the update form is submitted * * @access public * @return mixed */ public function update_un_pw() { $this->lang->loadfile('member'); $missing = FALSE; if (!isset($_POST['new_username']) and !isset($_POST['new_password'])) { return $this->_un_pw_update_form(lang('all_fields_required')); } // Run through basic verifications: authenticate, username and // password both exist, not banned, IP checking is okay if (!($verify_result = $this->auth->verify())) { // In the event it's a string, send it to return to login $this->_return_to_login(implode(', ', $this->auth->errors)); } list($username, $password, $incoming) = $verify_result; $member_id = $incoming->member('member_id'); $new_un = (string) $this->input->post('new_username'); $new_pw = (string) $this->input->post('new_password'); $new_pwc = (string) $this->input->post('new_password_confirm'); // Make sure validation library is available if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate.php'; } // Load it up with the information needed $VAL = new EE_Validate(array('val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $new_un, 'password' => $new_pw, 'password_confirm' => $new_pwc, 'cur_password' => $this->input->post('password'))); $un_exists = FALSE; if ($new_un !== '') { $un_exists = $this->input->post('username') === $new_un ? FALSE : TRUE; } $pw_exists = ($new_pw !== '' and $new_pwc !== '') ? TRUE : FALSE; if ($un_exists) { $VAL->validate_username(); } if ($pw_exists) { $VAL->validate_password(); } // Display error is there are any if (count($VAL->errors) > 0) { $er = ''; foreach ($VAL->errors as $val) { $er .= $val . BR; } return $this->_un_pw_update_form($er); } if ($un_exists) { $this->auth->update_username($member_id, $new_un); } if ($pw_exists) { $this->auth->update_password($member_id, $new_pw); } // Send them back to login with updated username and password $this->session->set_flashdata('message', lang('unpw_updated')); $this->functions->redirect(BASE . AMP . 'C=login'); }
/** * Reset Password Processing Action * * Processing action to process a reset password. Sent here by the form presented * to the user in `Member_auth::reset_password()`. Process the form and return * the user to the appropriate login page. Expects to find the contents of the * form in `$_POST`. * * @since 2.6 */ public function process_reset_password() { // if the user is logged in, then send them away if (ee()->session->userdata('member_id') !== 0) { return ee()->functions->redirect(ee()->functions->fetch_site_index()); } // If the user is banned, send them away. if (ee()->session->userdata('is_banned') === TRUE) { return ee()->output->show_user_error('general', array(lang('not_authorized'))); } if (!($resetcode = ee()->input->get_post('resetcode'))) { return ee()->output->show_user_error('submission', array(lang('mbr_no_reset_id'))); } // We'll use this in a couple of places to determine whether a token is still valid // or not. Tokens expire after exactly 1 day. $a_day_ago = time() - 60 * 60 * 24; // Make sure the token is valid and belongs to a member. $member_id_query = ee()->db->select('member_id')->where('resetcode', $resetcode)->where('date >', $a_day_ago)->get('reset_password'); if ($member_id_query->num_rows() === 0) { return ee()->output->show_user_error('submission', array(lang('mbr_id_not_found'))); } // Ensure the passwords match. if (!($password = ee()->input->get_post('password'))) { return ee()->output->show_user_error('submission', array(lang('mbr_missing_password'))); } if (!($password_confirm = ee()->input->get_post('password_confirm'))) { return ee()->output->show_user_error('submission', array(lang('mbr_missing_confirm'))); } // Validate the password, using EE_Validate. This will also // handle checking whether the password and its confirmation // match. if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate.php'; } $VAL = new EE_Validate(array('password' => $password, 'password_confirm' => $password_confirm)); $VAL->validate_password(); if (count($VAL->errors) > 0) { return ee()->output->show_user_error('submission', $VAL->errors); } // Update the database with the new password. Apply the appropriate salt first. ee()->load->library('auth'); ee()->auth->update_password($member_id_query->row('member_id'), $password); // Invalidate the old token. While we're at it, may as well wipe out expired // tokens too, just to keep them from building up. ee()->db->where('date <', $a_day_ago)->or_where('member_id', $member_id_query->row('member_id'))->delete('reset_password'); // If we can get their last URL from the tracker, // then we'll use it. if (isset(ee()->session->tracker[3])) { $seg = ee()->session->tracker[3] != 'index' ? ee()->session->tracker[3] : ''; $site_name = stripslashes(ee()->config->item('site_name')); $return = reduce_double_slashes(ee()->functions->fetch_site_index() . '/' . $seg); } else { if (ee()->input->get_post('FROM') == 'forum') { $board_id = ee()->input->get_post('board_id'); $board_id = ($board_id === FALSE or !is_numeric($board_id)) ? 1 : $board_id; $forum_query = ee()->db->select('board_forum_url, board_label')->where('board_id', (int) $board_id)->get('forum_boards'); $site_name = $forum_query->row('board_label'); $return = $forum_query->row('board_forum_url'); } else { $site_name = stripslashes(ee()->config->item('site_name')); $return = ee()->functions->fetch_site_index(); } } // Build the success message that we'll show to the user. $data = array('title' => lang('mbr_password_changed'), 'heading' => lang('mbr_password_changed'), 'content' => lang('mbr_successfully_changed_password'), 'link' => array($return, $site_name), 'redirect' => $return, 'rate' => '5'); ee()->output->show_message($data); }
/** * Update the username/password * * This function performs the update once the update form is submitted * * @access public * @return mixed */ function update_un_pw() { $this->lang->loadfile('member'); $missing = FALSE; if (!isset($_POST['new_username']) and !isset($_POST['new_password'])) { $missing = TRUE; } if ($missing === TRUE) { return $this->_un_pw_update_form(lang('all_fields_required')); } /** ---------------------------------------- /** Check password lockout status /** ----------------------------------------*/ if ($this->session->check_password_lockout($this->input->post('username')) === TRUE) { $line = str_replace("%x", $this->config->item('password_lockout_interval'), lang('password_lockout_in_effect')); return $this->_un_pw_update_form($line); } /** ---------------------------------------- /** Fetch member data /** ----------------------------------------*/ $this->db->select('member_id, group_id'); $this->db->where('username', $this->input->post('username')); $this->db->where('password', do_hash(base64_decode($this->input->post('password')))); $query = $this->db->get('members'); $member_id = $query->row('member_id'); /** ---------------------------------------- /** Invalid Username or Password /** ----------------------------------------*/ if ($query->num_rows() == 0) { $this->session->save_password_lockout($this->input->post('username')); return $this->_un_pw_update_form(lang('invalid_existing_un_pw')); } /** ---------------------------------------- /** Is the user banned? /** ----------------------------------------*/ // Super Admins can't be banned if ($query->row('group_id') != 1) { if ($this->session->ban_check()) { return $this->output->fatal_error(lang('not_authorized')); } } /** ------------------------------------- /** Instantiate validation class /** -------------------------------------*/ if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate' . EXT; } $new_un = $this->input->post('new_username') ? $this->input->post('new_username') : ''; $new_pw = $this->input->post('new_password') ? $this->input->post('new_password') : ''; $new_pwc = $this->input->post('new_password_confirm') ? $this->input->post('new_password_confirm') : ''; $VAL = new EE_Validate(array('val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $new_un, 'password' => $new_pw, 'password_confirm' => $new_pwc, 'cur_password' => $this->input->post('password'))); if ($this->input->post('new_username') && $this->input->post('new_username') != '') { if ($this->input->post('username') == $new_un) { $un_exists = FALSE; } else { $un_exists = TRUE; } } $pw_exists = (isset($_POST['new_password']) and $_POST['new_password'] != '') ? TRUE : FALSE; if ($un_exists) { $VAL->validate_username(); } if ($pw_exists) { $VAL->validate_password(); } /** ------------------------------------- /** Display error is there are any /** -------------------------------------*/ if (count($VAL->errors) > 0) { $er = ''; foreach ($VAL->errors as $val) { $er .= $val . BR; } return $this->_un_pw_update_form($er); } if ($un_exists) { $this->db->set('username', $this->input->post('new_username')); $this->db->where('member_id', $member_id); $this->db->update('members'); } if ($pw_exists) { $this->load->helper('security'); $this->db->set('password', do_hash($this->input->post('new_password'))); $this->db->where('member_id', $member_id); $this->db->update('members'); } $this->session->set_flashdata('message', lang('unpw_updated')); $this->functions->redirect(BASE . AMP . 'C=login' . AMP . 'M=login_form'); }
/** * Register Member */ public function register_member() { // Do we allow new member registrations? if (ee()->config->item('allow_member_registration') == 'n') { return FALSE; } // Is user banned? if (ee()->session->userdata('is_banned') === TRUE) { return ee()->output->show_user_error('general', array(lang('not_authorized'))); } // Blacklist/Whitelist Check if (ee()->blacklist->blacklisted == 'y' && ee()->blacklist->whitelisted == 'n') { return ee()->output->show_user_error('general', array(lang('not_authorized'))); } ee()->load->helper('url'); // ------------------------------------------- // 'member_member_register_start' hook. // - Take control of member registration routine // - Added EE 1.4.2 // ee()->extensions->call('member_member_register_start'); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- // Set the default globals $default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location'); foreach ($default as $val) { if (!isset($_POST[$val])) { $_POST[$val] = ''; } } if ($_POST['screen_name'] == '') { $_POST['screen_name'] = $_POST['username']; } // Instantiate validation class if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate.php'; } $VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => trim_nbs($_POST['username']), 'cur_username' => '', 'screen_name' => trim_nbs($_POST['screen_name']), 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => trim($_POST['email']), 'cur_email' => '')); $VAL->validate_username(); $VAL->validate_screen_name(); $VAL->validate_password(); $VAL->validate_email(); // Do we have any custom fields? $query = ee()->db->select('m_field_id, m_field_name, m_field_label, m_field_type, m_field_list_items, m_field_required')->where('m_field_reg', 'y')->get('member_fields'); $cust_errors = array(); $cust_fields = array(); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $field_name = 'm_field_id_' . $row['m_field_id']; // Assume we're going to save this data, unless it's empty to begin with $valid = isset($_POST[$field_name]) && $_POST[$field_name] != ''; // Basic validations if ($row['m_field_required'] == 'y' && !$valid) { $cust_errors[] = lang('mbr_field_required') . ' ' . $row['m_field_label']; } elseif ($row['m_field_type'] == 'select' && $valid) { // Ensure their selection is actually a valid choice $options = explode("\n", $row['m_field_list_items']); if (!in_array(htmlentities($_POST[$field_name]), $options)) { $valid = FALSE; $cust_errors[] = lang('mbr_field_invalid') . ' ' . $row['m_field_label']; } } if ($valid) { $cust_fields[$field_name] = ee()->security->xss_clean($_POST[$field_name]); } } } if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) { $cust_errors[] = lang('mbr_emails_not_match'); } if (ee()->config->item('use_membership_captcha') == 'y') { if (!isset($_POST['captcha']) or $_POST['captcha'] == '') { $cust_errors[] = lang('captcha_required'); } } if (ee()->config->item('require_terms_of_service') == 'y') { if (!isset($_POST['accept_terms'])) { $cust_errors[] = lang('mbr_terms_of_service_required'); } } // ------------------------------------------- // 'member_member_register_errors' hook. // - Additional error checking prior to submission // - Added EE 2.5.0 // ee()->extensions->call('member_member_register_errors', $this); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- $errors = array_merge($VAL->errors, $cust_errors, $this->errors); // Display error is there are any if (count($errors) > 0) { return ee()->output->show_user_error('submission', $errors); } // Do we require captcha? if (ee()->config->item('use_membership_captcha') == 'y') { $query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return ee()->output->show_user_error('submission', array(lang('captcha_incorrect'))); } ee()->db->query("DELETE FROM exp_captcha WHERE (word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } ee()->load->helper('security'); // Assign the base query data $data = array('username' => trim_nbs(ee()->input->post('username')), 'password' => sha1($_POST['password']), 'ip_address' => ee()->input->ip_address(), 'unique_id' => ee()->functions->random('encrypt'), 'join_date' => ee()->localize->now, 'email' => trim_nbs(ee()->input->post('email')), 'screen_name' => trim_nbs(ee()->input->post('screen_name')), 'url' => prep_url(ee()->input->post('url')), 'location' => ee()->input->post('location'), 'language' => ee()->config->item('deft_lang') ? ee()->config->item('deft_lang') : 'english', 'date_format' => ee()->config->item('date_format') ? ee()->config->item('date_format') : '%n/%j/%y', 'time_format' => ee()->config->item('time_format') ? ee()->config->item('time_format') : '12', 'include_seconds' => ee()->config->item('include_seconds') ? ee()->config->item('include_seconds') : 'n', 'timezone' => ee()->config->item('default_site_timezone')); // Set member group if (ee()->config->item('req_mbr_activation') == 'manual' or ee()->config->item('req_mbr_activation') == 'email') { $data['group_id'] = 4; // Pending } else { if (ee()->config->item('default_member_group') == '') { $data['group_id'] = 4; // Pending } else { $data['group_id'] = ee()->config->item('default_member_group'); } } // Optional Fields $optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'date_format' => 'date_format', 'time_format' => 'time_format', 'include_seconds' => 'include_seconds'); foreach ($optional as $key => $value) { if (isset($_POST[$value])) { $data[$key] = $_POST[$value]; } } // We generate an authorization code if the member needs to self-activate if (ee()->config->item('req_mbr_activation') == 'email') { $data['authcode'] = ee()->functions->random('alnum', 10); } // Insert basic member data ee()->db->query(ee()->db->insert_string('exp_members', $data)); $member_id = ee()->db->insert_id(); // Insert custom fields $cust_fields['member_id'] = $member_id; ee()->db->query(ee()->db->insert_string('exp_member_data', $cust_fields)); // Create a record in the member homepage table // This is only necessary if the user gains CP access, // but we'll add the record anyway. ee()->db->query(ee()->db->insert_string('exp_member_homepage', array('member_id' => $member_id))); // Mailinglist Subscribe $mailinglist_subscribe = FALSE; if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) { // Kill duplicate emails from authorizatin queue. ee()->db->where('email', $_POST['email'])->delete('mailing_list_queue'); // Validate Mailing List ID $query = ee()->db->select('COUNT(*) as count')->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_lists'); // Email Not Already in Mailing List $results = ee()->db->select('COUNT(*) as count')->where('email', $_POST['email'])->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_list'); // INSERT Email if ($query->row('count') > 0 && $results->row('count') == 0) { $mailinglist_subscribe = TRUE; $code = ee()->functions->random('alnum', 10); if (ee()->config->item('req_mbr_activation') == 'email') { // Activated When Membership Activated ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); } elseif (ee()->config->item('req_mbr_activation') == 'manual') { // Mailing List Subscribe Email ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); ee()->lang->loadfile('mailinglist'); $action_id = ee()->functions->fetch_action_id('Mailinglist', 'authorize_email'); $swap = array('activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $code, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url')); $template = ee()->functions->fetch_email_template('mailinglist_activation_instructions'); $email_tit = ee()->functions->var_swap($template['title'], $swap); $email_msg = ee()->functions->var_swap($template['data'], $swap); // Send email ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->mailtype = 'plain'; ee()->email->priority = '3'; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($_POST['email']); ee()->email->subject($email_tit); ee()->email->message($email_msg); ee()->email->send(); } else { // Automatically Accepted ee()->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)\r\n\t\t\t\t\t\t\t\t\t\t VALUES ('" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str(ee()->input->ip_address()) . "')"); } } } // Update if (ee()->config->item('req_mbr_activation') == 'none') { ee()->stats->update_member_stats(); } // Send admin notifications if (ee()->config->item('new_member_notification') == 'y' && ee()->config->item('mbr_notification_emails') != '') { $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $swap = array('name' => $name, 'site_name' => stripslashes(ee()->config->item('site_name')), 'control_panel_url' => ee()->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email']); $template = ee()->functions->fetch_email_template('admin_notify_reg'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); // Remove multiple commas $notify_address = reduce_multiples(ee()->config->item('mbr_notification_emails'), ',', TRUE); // Send email ee()->load->helper('text'); ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($notify_address); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); } // ------------------------------------------- // 'member_member_register' hook. // - Additional processing when a member is created through the User Side // - $member_id added in 2.0.1 // ee()->extensions->call('member_member_register', $data, $member_id); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- // Send user notifications if (ee()->config->item('req_mbr_activation') == 'email') { $action_id = ee()->functions->fetch_action_id('Member', 'activate_member'); $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $board_id = ee()->input->get_post('board_id') !== FALSE && is_numeric(ee()->input->get_post('board_id')) ? ee()->input->get_post('board_id') : 1; $forum_id = ee()->input->get_post('FROM') == 'forum' ? '&r=f&board_id=' . $board_id : ''; $add = $mailinglist_subscribe !== TRUE ? '' : '&mailinglist=' . $_POST['mailinglist_subscribe']; $swap = array('name' => $name, 'activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $data['authcode'] . $forum_id . $add, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email']); $template = ee()->functions->fetch_email_template('mbr_activation_instructions'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); // Send email ee()->load->helper('text'); ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($data['email']); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); $message = lang('mbr_membership_instructions_email'); } elseif (ee()->config->item('req_mbr_activation') == 'manual') { $message = lang('mbr_admin_will_activate'); } else { // Log user in (the extra query is a little annoying) ee()->load->library('auth'); $member_data_q = ee()->db->get_where('members', array('member_id' => $member_id)); $incoming = new Auth_result($member_data_q->row()); $incoming->remember_me(); $incoming->start_session(); $message = lang('mbr_your_are_logged_in'); } // Build the message if (ee()->input->get_post('FROM') == 'forum') { $query = $this->_do_form_query(); $site_name = $query->row('board_label'); $return = $query->row('board_forum_url'); } else { $site_name = ee()->config->item('site_name') == '' ? lang('back') : stripslashes(ee()->config->item('site_name')); $return = ee()->config->item('site_url'); } $data = array('title' => lang('mbr_registration_complete'), 'heading' => lang('thank_you'), 'content' => lang('mbr_registration_completed') . "\n\n" . $message, 'redirect' => '', 'link' => array($return, $site_name)); ee()->output->show_message($data); }
function register_member($ext, $doRegister = TRUE, $error_handling = '') { $this->EE->load->helper('security'); $inline_errors = array(); //$this->EE->load->language("member"); /** ------------------------------------- /** Do we allow new member registrations? /** ------------------------------------*/ if ($this->EE->config->item('allow_member_registration') == 'n') { return array('general', array($this->EE->lang->line('member_registrations_not_allowed'))); } /** ---------------------------------------- /** Is user banned? /** ----------------------------------------*/ if ($this->EE->session->userdata['is_banned'] == TRUE) { return array('general', array($this->EE->lang->line('not_authorized'))); } /** ---------------------------------------- /** Blacklist/Whitelist Check /** ----------------------------------------*/ if ($this->EE->blacklist->blacklisted == 'y' && $this->EE->blacklist->whitelisted == 'n') { return array('general', array($this->EE->lang->line('not_authorized'))); } $this->EE->load->helper('url'); /* ------------------------------------------- /* 'member_member_register_start' hook. /* - Take control of member registration routine /* - Added EE 1.4.2 */ $edata = $this->EE->extensions->call('member_member_register_start'); if ($this->EE->extensions->end_script === TRUE) { return; } /* /* -------------------------------------------*/ /** ---------------------------------------- /** Set the default globals /** ----------------------------------------*/ $default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location'); foreach ($default as $val) { if (!isset($_POST[$val])) { $_POST[$val] = ''; } } if ($_POST['screen_name'] == '') { $_POST['screen_name'] = $_POST['username']; } /** ------------------------------------- /** Instantiate validation class /** -------------------------------------*/ if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate' . EXT; } $VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $_POST['username'], 'cur_username' => '', 'screen_name' => $_POST['screen_name'], 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => $_POST['email'], 'cur_email' => '')); // load the language file $this->EE->lang->loadfile('zoo_visitor'); $VAL->validate_email(); $inline_errors["email"] = $VAL->errors; $offset = count($VAL->errors); /** ------------------------------------- /** Zoo Visitor conditional checking /** -------------------------------------*/ if ($this->zoo_settings['email_is_username'] != 'yes') { $VAL->validate_username(); $inline_errors["username"] = array_slice($VAL->errors, $offset); $offset = count($VAL->errors); } if ($this->zoo_settings['use_screen_name'] != "no") { $VAL->validate_screen_name(); $inline_errors["screen_name"] = array_slice($VAL->errors, $offset); $offset = count($VAL->errors); } $VAL->validate_password(); $inline_errors["password"] = array_slice($VAL->errors, $offset); $offset = count($VAL->errors); /** ------------------------------------- /** Do we have any custom fields? /** -------------------------------------*/ $query = $this->EE->db->query("SELECT m_field_id, m_field_name, m_field_label, m_field_required FROM exp_member_fields"); $cust_errors = array(); $cust_fields = array(); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { if ($row['m_field_required'] == 'y' && (!isset($_POST['m_field_id_' . $row['m_field_id']]) or $_POST['m_field_id_' . $row['m_field_id']] == '')) { $cust_errors[] = $this->EE->lang->line('mbr_field_required') . ' ' . $row['m_field_label']; $inline_errors[$row['m_field_name']] = array($this->EE->lang->line('mbr_field_required') . ' ' . $row['m_field_label']); } elseif (isset($_POST['m_field_id_' . $row['m_field_id']])) { $cust_fields['m_field_id_' . $row['m_field_id']] = $this->EE->security->xss_clean($_POST['m_field_id_' . $row['m_field_id']]); } } } if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) { $cust_errors[] = $this->EE->lang->line('mbr_emails_not_match'); $inline_errors["email_confirm"] = array($this->EE->lang->line('mbr_emails_not_match')); } if ($this->EE->config->item('use_membership_captcha') == 'y') { if (!isset($_POST['captcha']) or $_POST['captcha'] == '') { $cust_errors[] = $this->EE->lang->line('captcha_required'); $inline_errors["captcha"] = array($this->EE->lang->line('captcha_required')); } } /** ---------------------------------------- /** Do we require captcha? /** ----------------------------------------*/ if ($this->EE->config->item('use_membership_captcha') == 'y') { $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . $this->EE->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { $cust_errors[] = $this->EE->lang->line('captcha_incorrect'); $inline_errors["captcha"] = array($this->EE->lang->line('captcha_incorrect')); } //$this->EE->db->query("DELETE FROM exp_captcha WHERE (word='" . $this->EE->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } if ($this->EE->config->item('require_terms_of_service') == 'y') { if (!isset($_POST['accept_terms'])) { $cust_errors[] = $this->EE->lang->line('mbr_terms_of_service_required'); $inline_errors["accept_terms"] = array($this->EE->lang->line('mbr_terms_of_service_required')); } } $errors = array_merge($VAL->errors, $cust_errors); // =========================== // = Set default membergroup = // =========================== if ($this->EE->config->item('req_mbr_activation') == 'manual' or $this->EE->config->item('req_mbr_activation') == 'email') { $data['group_id'] = 4; // Pending } else { if ($this->EE->config->item('default_member_group') == '') { $data['group_id'] = 4; // Pending } else { $data['group_id'] = $this->EE->config->item('default_member_group'); } } // ============================================ // = Check if there is a membergroup selected = // ============================================ $selected_group_id = $this->check_membergroup_change($data); /** ------------------------------------- /** Display error is there are any /** -------------------------------------*/ if (count($errors) > 0) { return array('submission', $inline_errors); //return array('submission', $errors); } if (!$doRegister) { return TRUE; } /** ---------------------------------------- /** Secure Mode Forms? /** ----------------------------------------*/ if ($this->EE->config->item('secure_forms') == 'y') { if (version_compare(APP_VER, '2.5.4', '>=')) { // Secure Mode Forms? if ($this->EE->config->item('secure_forms') == 'y' and !$this->EE->security->secure_forms_check($this->EE->input->post('XID'))) { return $this->EE->output->show_user_error('general', array(lang('not_authorized'))); } } else { $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='" . $this->EE->db->escape_str($_POST['XID']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return array('general', array($this->EE->lang->line('not_authorized'))); } $this->EE->db->query("DELETE FROM exp_security_hashes WHERE (hash='" . $this->EE->db->escape_str($_POST['XID']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } } /** ------------------------------------- /** Assign the base query data /** -------------------------------------*/ $data['username'] = $_POST['username']; $data['password'] = version_compare(APP_VER, '2.6.0', '<') ? $this->EE->functions->hash(stripslashes($_POST['password'])) : do_hash(stripslashes($_POST['password'])); $data['ip_address'] = $this->EE->input->ip_address(); $data['unique_id'] = $this->EE->functions->random('encrypt'); $data['join_date'] = $this->EE->localize->now; $data['email'] = $_POST['email']; $data['screen_name'] = $_POST['screen_name']; $data['url'] = prep_url($_POST['url']); $data['location'] = $_POST['location']; // overridden below if used as optional fields $data['language'] = $this->EE->config->item('deft_lang') ? $this->EE->config->item('deft_lang') : 'english'; $data['time_format'] = $this->EE->config->item('time_format') ? $this->EE->config->item('time_format') : 'us'; $data['timezone'] = $this->EE->config->item('default_site_timezone') && $this->EE->config->item('default_site_timezone') != '' ? $this->EE->config->item('default_site_timezone') : $this->EE->config->item('server_timezone'); if (APP_VER < '2.6.0') { $data['daylight_savings'] = $this->EE->config->item('default_site_dst') && $this->EE->config->item('default_site_dst') != '' ? $this->EE->config->item('default_site_dst') : $this->EE->config->item('daylight_savings'); } // ========================== // = Standard member fields = // ========================== $fields = array('bday_y', 'bday_m', 'bday_d', 'url', 'location', 'occupation', 'interests', 'aol_im', 'icq', 'yahoo_im', 'msn_im', 'bio'); foreach ($fields as $val) { if ($this->EE->input->post($val)) { $data[$val] = isset($_POST[$val]) ? $this->EE->security->xss_clean($_POST[$val]) : ''; unset($_POST[$val]); } } if (isset($data['bday_d']) && is_numeric($data['bday_d']) && is_numeric($data['bday_m'])) { $year = $data['bday_y'] != '' ? $data['bday_y'] : date('Y'); $mdays = $this->EE->localize->fetch_days_in_month($data['bday_m'], $year); if ($data['bday_d'] > $mdays) { $data['bday_d'] = $mdays; } } // Optional Fields $optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'time_format' => 'time_format'); foreach ($optional as $key => $value) { if (isset($_POST[$value])) { $data[$key] = $_POST[$value]; } } /* if ($this->EE->input->post('daylight_savings') == 'y') { $data['daylight_savings'] = 'y'; } elseif ($this->EE->input->post('daylight_savings') == 'n') { $data['daylight_savings'] = 'n'; } */ // We generate an authorization code if the member needs to self-activate if ($this->EE->config->item('req_mbr_activation') == 'email') { $data['authcode'] = $this->EE->functions->random('alnum', 10); } /** ------------------------------------- /** Insert basic member data /** -------------------------------------*/ $this->EE->db->query($this->EE->db->insert_string('exp_members', $data)); $member_id = $this->EE->db->insert_id(); // ============================================= // = Override the screenname for use in emails = // ============================================= $screen_name_overriden = $this->get_override_screen_name(); $data['screen_name'] = $screen_name_overriden !== FALSE ? $screen_name_overriden : $data['screen_name']; // ========================================================================================= // = Store the selected membergroup if it is defined in the form AND activation is required = // ========================================================================================== if (isset($selected_group_id) and is_numeric($selected_group_id) and $selected_group_id != '1') { if ($this->EE->config->item('req_mbr_activation') == 'email' || $this->EE->config->item('req_mbr_activation') == 'manual') { $activation_data = array(); $activation_data['member_id'] = $member_id; $activation_data['group_id'] = $selected_group_id; $this->EE->db->insert('zoo_visitor_activation_membergroup', $activation_data); } } // ===================== // = HASH THE PASSWORD = // ===================== $this->EE->load->library('auth'); $hashed_pair = $this->EE->auth->hash_password($_POST['password']); if ($hashed_pair === FALSE) { } else { $this->EE->db->where('member_id', (int) $member_id); $this->EE->db->update('members', $hashed_pair); } /** ------------------------------------- /** Insert custom fields /** -------------------------------------*/ $cust_fields['member_id'] = $member_id; $this->EE->db->query($this->EE->db->insert_string('exp_member_data', $cust_fields)); /** ------------------------------------- /** Create a record in the member homepage table /** -------------------------------------*/ // This is only necessary if the user gains CP access, but we'll add the record anyway. $this->EE->db->query($this->EE->db->insert_string('exp_member_homepage', array('member_id' => $member_id))); /** ------------------------------------- /** Mailinglist Subscribe /** -------------------------------------*/ $mailinglist_subscribe = FALSE; if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) { // Kill duplicate emails from authorizatin queue. $this->EE->db->query("DELETE FROM exp_mailing_list_queue WHERE email = '" . $this->EE->db->escape_str($_POST['email']) . "'"); // Validate Mailing List ID $query = $this->EE->db->query("SELECT COUNT(*) AS count\n\t\t\t\t\t\t\t\t FROM exp_mailing_lists\n\t\t\t\t\t\t\t\t WHERE list_id = '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "'"); // Email Not Already in Mailing List $results = $this->EE->db->query("SELECT count(*) AS count\n\t\t\t\t\t\t\t\t\tFROM exp_mailing_list\n\t\t\t\t\t\t\t\t\tWHERE email = '" . $this->EE->db->escape_str($_POST['email']) . "'\n\t\t\t\t\t\t\t\t\tAND list_id = '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "'"); /** ------------------------------------- /** INSERT Email /** -------------------------------------*/ if ($query->row('count') > 0 && $results->row('count') == 0) { $mailinglist_subscribe = TRUE; $code = $this->EE->functions->random('alnum', 10); if ($this->EE->config->item('req_mbr_activation') == 'email') { // Activated When Membership Activated $this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\n\t\t\t\t\t\t\t\tVALUES ('" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); } elseif ($this->EE->config->item('req_mbr_activation') == 'manual') { // Mailing List Subscribe Email $this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\n\t\t\t\t\t\t\t\tVALUES ('" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); $this->EE->lang->loadfile('mailinglist'); $action_id = $this->EE->functions->fetch_action_id('Mailinglist', 'authorize_email'); $swap = array('activation_url' => $this->EE->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $code, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url')); $template = $this->EE->functions->fetch_email_template('mailinglist_activation_instructions'); $email_tit = $this->EE->functions->var_swap($template['title'], $swap); $email_msg = $this->EE->functions->var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->mailtype = 'plain'; $this->EE->email->priority = '3'; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($_POST['email']); $this->EE->email->subject($email_tit); $this->EE->email->message($email_msg); $this->EE->email->send(); } else { // Automatically Accepted $this->EE->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)\n\t\t\t\t\t\t\t\t\t\t VALUES ('" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($this->EE->input->ip_address()) . "')"); } } } /** ------------------------------------- /** Update /** -------------------------------------*/ if ($this->EE->config->item('req_mbr_activation') == 'none') { $this->EE->stats->update_member_stats(); } /** ------------------------------------- /** Send admin notifications /** -------------------------------------*/ if ($this->EE->config->item('new_member_notification') == 'y' and $this->EE->config->item('mbr_notification_emails') != '') { $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $swap = array('name' => $name, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'control_panel_url' => $this->EE->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email']); $template = $this->EE->functions->fetch_email_template('admin_notify_reg'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); $this->EE->load->helper('string'); // Remove multiple commas $notify_address = reduce_multiples($this->EE->config->item('mbr_notification_emails'), ',', TRUE); /** ---------------------------- /** Send email /** ----------------------------*/ // Load the text helper $this->EE->load->helper('text'); $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($notify_address); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->Send(); } // ------------------------------------------- // 'member_member_register' hook. // - Additional processing when a member is created through the User Side // - $member_id added in 2.0.1 // $edata = $this->EE->extensions->call('member_member_register', $data, $member_id); if ($this->EE->extensions->end_script === TRUE) { return; } // // ------------------------------------------- /** ------------------------------------- /** Zoo Visitor assignment /** -------------------------------------*/ $member_data = $data; $member_data["member_id"] = $member_id; /** ------------------------------------- /** Send user notifications /** -------------------------------------*/ if ($this->EE->config->item('req_mbr_activation') == 'email') { $action_id = $this->EE->functions->fetch_action_id('Member', 'activate_member'); $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $board_id = $this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id')) ? $this->EE->input->get_post('board_id') : 1; $forum_id = $this->EE->input->get_post('FROM') == 'forum' ? '&r=f&board_id=' . $board_id : ''; $add = $mailinglist_subscribe !== TRUE ? '' : '&mailinglist=' . $_POST['mailinglist_subscribe']; $swap = array('name' => $name, 'activation_url' => $this->EE->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $data['authcode'] . $forum_id . $add, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email']); $template = $this->EE->functions->fetch_email_template('mbr_activation_instructions'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ // Load the text helper $this->EE->load->helper('text'); $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($data['email']); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->Send(); $message = $this->EE->lang->line('mbr_membership_instructions_email'); } elseif ($this->EE->config->item('req_mbr_activation') == 'manual') { $message = $this->EE->lang->line('mbr_admin_will_activate'); } else { /** ---------------------------------------- /** Log user is handled at the end of the extension /** ----------------------------------------*/ } /** ---------------------------------------- /** Build the message /** ----------------------------------------*/ if ($this->EE->input->get_post('FROM') == 'forum') { if ($this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id'))) { $query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '" . $this->EE->db->escape_str($this->EE->input->get_post('board_id')) . "'"); } else { $query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '1'"); } $site_name = $query->row('board_label'); $return = $query->row('board_forum_url'); } else { $site_name = $this->EE->config->item('site_name') == '' ? $this->EE->lang->line('back') : stripslashes($this->EE->config->item('site_name')); $return = $this->EE->config->item('site_url'); } $data = array('title' => $this->EE->lang->line('mbr_registration_complete'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('mbr_registration_completed'), 'redirect' => '', 'link' => array($return, $site_name), 'result' => 'registration_complete', 'member_data' => $member_data); //$this->EE->output->show_message($data); return $data; }
/** ---------------------------------- /** Update the username/password /** ----------------------------------*/ function update_un_pw() { $missing = FALSE; if ( ! isset($_POST['new_username']) AND ! isset($_POST['new_password'])) { $missing = TRUE; } if ((isset($_POST['new_username']) AND $_POST['new_username'] == '') OR (isset($_POST['new_password']) AND $_POST['new_password'] == '')) { $missing = TRUE; } if ($this->EE->input->post('username') == '' OR $this->EE->input->get_post('password') == '') { $missing = TRUE; } if ($missing == TRUE) { return $this->EE->output->show_user_error('submission', $this->EE->lang->line('all_fields_required')); } /** ---------------------------------------- /** Check password lockout status /** ----------------------------------------*/ if ($this->EE->session->check_password_lockout($this->EE->input->post('username')) === TRUE) { $line = str_replace("%x", $this->EE->config->item('password_lockout_interval'), $this->EE->lang->line('password_lockout_in_effect')); return $this->EE->output->show_user_error('submission', $line); } /** ---------------------------------------- /** Fetch member data /** ----------------------------------------*/ $sql = "SELECT member_id, group_id FROM exp_members WHERE username = '******'username'))."' AND password = '******'password')))."'"; $query = $this->EE->db->query($sql); /** ---------------------------------------- /** Invalid Username or Password /** ----------------------------------------*/ if ($query->num_rows() == 0) { $this->EE->session->save_password_lockout($this->EE->input->post('username')); return $this->EE->output->show_user_error('submission', $this->EE->lang->line('invalid_existing_un_pw')); } $member_id = $query->row('member_id') ; /** ---------------------------------------- /** Is the user banned? /** ----------------------------------------*/ // Super Admins can't be banned if ($query->row('group_id') != 1) { if ($this->EE->session->ban_check()) { return $this->EE->output->fatal_error($this->EE->lang->line('not_authorized')); } } /** ------------------------------------- /** Instantiate validation class /** -------------------------------------*/ if ( ! class_exists('EE_Validate')) { require APPPATH.'libraries/Validate'.EXT; } $new_un = (isset($_POST['new_username'])) ? $_POST['new_username'] : ''; $new_pw = (isset($_POST['new_password'])) ? $_POST['new_password'] : ''; $new_pwc = (isset($_POST['new_password_confirm'])) ? $_POST['new_password_confirm'] : ''; $VAL = new EE_Validate( array( 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $new_un, 'password' => $new_pw, 'password_confirm' => $new_pwc, 'cur_password' => $_POST['password'], ) ); $un_exists = (isset($_POST['new_username']) AND $_POST['new_username'] != '') ? TRUE : FALSE; $pw_exists = (isset($_POST['new_password']) AND $_POST['new_password'] != '') ? TRUE : FALSE; if ($un_exists) $VAL->validate_username(); if ($pw_exists) $VAL->validate_password(); /** ------------------------------------- /** Display error is there are any /** -------------------------------------*/ if (count($VAL->errors) > 0) { return $this->EE->output->show_user_error('submission', $VAL->errors); } if ($un_exists) { $this->EE->db->query("UPDATE exp_members SET username = '******'new_username'])."' WHERE member_id = '{$member_id}'"); } if ($pw_exists) { $this->EE->db->query("UPDATE exp_members SET password = '******'new_password']))."' WHERE member_id = '{$member_id}'"); } // Clear the tracker cookie since we're not sure where the redirect should go $this->EE->functions->set_cookie('tracker'); $return = $this->EE->functions->form_backtrack(); if ($this->EE->config->item('user_session_type') != 'c') { if ($this->EE->config->item('force_query_string') == 'y' && substr($return, 0, -3) == "php") { $return .= '?'; } if ($this->EE->session->userdata['session_id'] != '') { $return .= "/S=".$this->EE->session->userdata['session_id']."/"; } } if ($this->EE->uri->segment(5)) { $link = $this->EE->functions->create_url($this->EE->uri->segment(5)); $line = $this->EE->lang->line('return_to_forum'); } else { $link = $this->_member_path('login'); $line = $this->EE->lang->line('return_to_login'); } // We're done. $data = array( 'title' => $this->EE->lang->line('settings_update'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('unpw_updated'), 'link' => array($link, $line) ); $this->EE->output->show_message($data); }
/** ---------------------------------------- /** Register Member /** ----------------------------------------*/ function register_member() { /** ------------------------------------- /** Do we allow new member registrations? /** ------------------------------------*/ if ($this->EE->config->item('allow_member_registration') == 'n') { return FALSE; } /** ---------------------------------------- /** Is user banned? /** ----------------------------------------*/ if ($this->EE->session->userdata['is_banned'] == TRUE) { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized'))); } /** ---------------------------------------- /** Blacklist/Whitelist Check /** ----------------------------------------*/ if ($this->EE->blacklist->blacklisted == 'y' && $this->EE->blacklist->whitelisted == 'n') { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized'))); } $this->EE->load->helper('url'); /* ------------------------------------------- /* 'member_member_register_start' hook. /* - Take control of member registration routine /* - Added EE 1.4.2 */ $edata = $this->EE->extensions->call('member_member_register_start'); if ($this->EE->extensions->end_script === TRUE) return; /* /* -------------------------------------------*/ /** ---------------------------------------- /** Set the default globals /** ----------------------------------------*/ $default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location'); foreach ($default as $val) { if ( ! isset($_POST[$val])) $_POST[$val] = ''; } if ($_POST['screen_name'] == '') $_POST['screen_name'] = $_POST['username']; /** ------------------------------------- /** Instantiate validation class /** -------------------------------------*/ if ( ! class_exists('EE_Validate')) { require APPPATH.'libraries/Validate'.EXT; } $VAL = new EE_Validate( array( 'member_id' => '', 'val_type' => 'new', // new or update 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $_POST['username'], 'cur_username' => '', 'screen_name' => $_POST['screen_name'], 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => $_POST['email'], 'cur_email' => '' ) ); $VAL->validate_username(); $VAL->validate_screen_name(); $VAL->validate_password(); $VAL->validate_email(); /** ------------------------------------- /** Do we have any custom fields? /** -------------------------------------*/ $query = $this->EE->db->query("SELECT m_field_id, m_field_name, m_field_label, m_field_required FROM exp_member_fields WHERE m_field_reg = 'y'"); $cust_errors = array(); $cust_fields = array(); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { if ($row['m_field_required'] == 'y' && ( ! isset($_POST['m_field_id_'.$row['m_field_id']]) OR $_POST['m_field_id_'.$row['m_field_id']] == '')) { $cust_errors[] = $this->EE->lang->line('mbr_field_required').' '.$row['m_field_label']; } elseif (isset($_POST['m_field_id_'.$row['m_field_id']])) { $cust_fields['m_field_id_'.$row['m_field_id']] = $this->EE->security->xss_clean($_POST['m_field_id_'.$row['m_field_id']]); } } } if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) { $cust_errors[] = $this->EE->lang->line('mbr_emails_not_match'); } if ($this->EE->config->item('use_membership_captcha') == 'y') { if ( ! isset($_POST['captcha']) OR $_POST['captcha'] == '') { $cust_errors[] = $this->EE->lang->line('captcha_required'); } } if ($this->EE->config->item('require_terms_of_service') == 'y') { if ( ! isset($_POST['accept_terms'])) { $cust_errors[] = $this->EE->lang->line('mbr_terms_of_service_required'); } } $errors = array_merge($VAL->errors, $cust_errors); /** ------------------------------------- /** Display error is there are any /** -------------------------------------*/ if (count($errors) > 0) { return $this->EE->output->show_user_error('submission', $errors); } /** ---------------------------------------- /** Do we require captcha? /** ----------------------------------------*/ if ($this->EE->config->item('use_membership_captcha') == 'y') { $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='".$this->EE->db->escape_str($_POST['captcha'])."' AND ip_address = '".$this->EE->input->ip_address()."' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return $this->EE->output->show_user_error('submission', array($this->EE->lang->line('captcha_incorrect'))); } $this->EE->db->query("DELETE FROM exp_captcha WHERE (word='".$this->EE->db->escape_str($_POST['captcha'])."' AND ip_address = '".$this->EE->input->ip_address()."') OR date < UNIX_TIMESTAMP()-7200"); } /** ---------------------------------------- /** Secure Mode Forms? /** ----------------------------------------*/ if ($this->EE->config->item('secure_forms') == 'y') { $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='".$this->EE->db->escape_str($_POST['XID'])."' AND ip_address = '".$this->EE->input->ip_address()."' AND ip_address = '".$this->EE->input->ip_address()."' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized'))); } $this->EE->db->query("DELETE FROM exp_security_hashes WHERE (hash='".$this->EE->db->escape_str($_POST['XID'])."' AND ip_address = '".$this->EE->input->ip_address()."') OR date < UNIX_TIMESTAMP()-7200"); } /** ------------------------------------- /** Assign the base query data /** -------------------------------------*/ // Set member group if ($this->EE->config->item('req_mbr_activation') == 'manual' OR $this->EE->config->item('req_mbr_activation') == 'email') { $data['group_id'] = 4; // Pending } else { if ($this->EE->config->item('default_member_group') == '') { $data['group_id'] = 4; // Pending } else { $data['group_id'] = $this->EE->config->item('default_member_group'); } } $data['username'] = $_POST['username']; $data['password'] = $this->EE->functions->hash(stripslashes($_POST['password'])); $data['ip_address'] = $this->EE->input->ip_address(); $data['unique_id'] = $this->EE->functions->random('encrypt'); $data['join_date'] = $this->EE->localize->now; $data['email'] = $_POST['email']; $data['screen_name'] = $_POST['screen_name']; $data['url'] = prep_url($_POST['url']); $data['location'] = $_POST['location']; // overridden below if used as optional fields $data['language'] = ($this->EE->config->item('deft_lang')) ? $this->EE->config->item('deft_lang') : 'english'; $data['time_format'] = ($this->EE->config->item('time_format')) ? $this->EE->config->item('time_format') : 'us'; $data['timezone'] = ($this->EE->config->item('default_site_timezone') && $this->EE->config->item('default_site_timezone') != '') ? $this->EE->config->item('default_site_timezone') : $this->EE->config->item('server_timezone'); $data['daylight_savings'] = ($this->EE->config->item('default_site_dst') && $this->EE->config->item('default_site_dst') != '') ? $this->EE->config->item('default_site_dst') : $this->EE->config->item('daylight_savings'); // Optional Fields $optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'time_format' => 'time_format'); foreach($optional as $key => $value) { if (isset($_POST[$value])) { $data[$key] = $_POST[$value]; } } if ($this->EE->input->post('daylight_savings') == 'y') { $data['daylight_savings'] = 'y'; } elseif ($this->EE->input->post('daylight_savings') == 'n') { $data['daylight_savings'] = 'n'; } // We generate an authorization code if the member needs to self-activate if ($this->EE->config->item('req_mbr_activation') == 'email') { $data['authcode'] = $this->EE->functions->random('alnum', 10); } /** ------------------------------------- /** Insert basic member data /** -------------------------------------*/ $this->EE->db->query($this->EE->db->insert_string('exp_members', $data)); $member_id = $this->EE->db->insert_id(); /** ------------------------------------- /** Insert custom fields /** -------------------------------------*/ $cust_fields['member_id'] = $member_id; $this->EE->db->query($this->EE->db->insert_string('exp_member_data', $cust_fields)); /** ------------------------------------- /** Create a record in the member homepage table /** -------------------------------------*/ // This is only necessary if the user gains CP access, but we'll add the record anyway. $this->EE->db->query($this->EE->db->insert_string('exp_member_homepage', array('member_id' => $member_id))); /** ------------------------------------- /** Mailinglist Subscribe /** -------------------------------------*/ $mailinglist_subscribe = FALSE; if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) { // Kill duplicate emails from authorizatin queue. $this->EE->db->query("DELETE FROM exp_mailing_list_queue WHERE email = '".$this->EE->db->escape_str($_POST['email'])."'"); // Validate Mailing List ID $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_mailing_lists WHERE list_id = '".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."'"); // Email Not Already in Mailing List $results = $this->EE->db->query("SELECT count(*) AS count FROM exp_mailing_list WHERE email = '".$this->EE->db->escape_str($_POST['email'])."' AND list_id = '".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."'"); /** ------------------------------------- /** INSERT Email /** -------------------------------------*/ if ($query->row('count') > 0 && $results->row('count') == 0) { $mailinglist_subscribe = TRUE; $code = $this->EE->functions->random('alnum', 10); if ($this->EE->config->item('req_mbr_activation') == 'email') { // Activated When Membership Activated $this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date) VALUES ('".$this->EE->db->escape_str($_POST['email'])."', '".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".time()."')"); } elseif ($this->EE->config->item('req_mbr_activation') == 'manual') { // Mailing List Subscribe Email $this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date) VALUES ('".$this->EE->db->escape_str($_POST['email'])."', '".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".time()."')"); $this->EE->lang->loadfile('mailinglist'); $action_id = $this->EE->functions->fetch_action_id('Mailinglist', 'authorize_email'); $swap = array( 'activation_url' => $this->EE->functions->fetch_site_index(0, 0).QUERY_MARKER.'ACT='.$action_id.'&id='.$code, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url') ); $template = $this->EE->functions->fetch_email_template('mailinglist_activation_instructions'); $email_tit = $this->EE->functions->var_swap($template['title'], $swap); $email_msg = $this->EE->functions->var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->mailtype = 'plain'; $this->EE->email->priority = '3'; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($_POST['email']); $this->EE->email->subject($email_tit); $this->EE->email->message($email_msg); $this->EE->email->send(); } else { // Automatically Accepted $this->EE->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address) VALUES ('".$this->EE->db->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".$this->EE->db->escape_str($_POST['email'])."', '".$this->EE->db->escape_str($this->EE->input->ip_address())."')"); } } } /** ------------------------------------- /** Update /** -------------------------------------*/ if ($this->EE->config->item('req_mbr_activation') == 'none') { $this->EE->stats->update_member_stats(); } /** ------------------------------------- /** Send admin notifications /** -------------------------------------*/ if ($this->EE->config->item('new_member_notification') == 'y' AND $this->EE->config->item('mbr_notification_emails') != '') { $name = ($data['screen_name'] != '') ? $data['screen_name'] : $data['username']; $swap = array( 'name' => $name, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'control_panel_url' => $this->EE->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email'] ); $template = $this->EE->functions->fetch_email_template('admin_notify_reg'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); $this->EE->load->helper('string'); // Remove multiple commas $notify_address = reduce_multiples($this->EE->config->item('mbr_notification_emails'), ',', TRUE); /** ---------------------------- /** Send email /** ----------------------------*/ // Load the text helper $this->EE->load->helper('text'); $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($notify_address); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->Send(); } // ------------------------------------------- // 'member_member_register' hook. // - Additional processing when a member is created through the User Side // - $member_id added in 2.0.1 // $edata = $this->EE->extensions->call('member_member_register', $data, $member_id); if ($this->EE->extensions->end_script === TRUE) return; // // ------------------------------------------- /** ------------------------------------- /** Send user notifications /** -------------------------------------*/ if ($this->EE->config->item('req_mbr_activation') == 'email') { $action_id = $this->EE->functions->fetch_action_id('Member', 'activate_member'); $name = ($data['screen_name'] != '') ? $data['screen_name'] : $data['username']; $board_id = ($this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id'))) ? $this->EE->input->get_post('board_id') : 1; $forum_id = ($this->EE->input->get_post('FROM') == 'forum') ? '&r=f&board_id='.$board_id : ''; $add = ($mailinglist_subscribe !== TRUE) ? '' : '&mailinglist='.$_POST['mailinglist_subscribe']; $swap = array( 'name' => $name, 'activation_url' => $this->EE->functions->fetch_site_index(0, 0).QUERY_MARKER.'ACT='.$action_id.'&id='.$data['authcode'].$forum_id.$add, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email'] ); $template = $this->EE->functions->fetch_email_template('mbr_activation_instructions'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ // Load the text helper $this->EE->load->helper('text'); $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($data['email']); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->Send(); $message = $this->EE->lang->line('mbr_membership_instructions_email'); } elseif ($this->EE->config->item('req_mbr_activation') == 'manual') { $message = $this->EE->lang->line('mbr_admin_will_activate'); } else { /** ---------------------------------------- /** Log user in /** ----------------------------------------*/ $expire = 60*60*24*182; $this->EE->functions->set_cookie($this->EE->session->c_expire , time()+$expire, $expire); $this->EE->functions->set_cookie($this->EE->session->c_uniqueid , $data['unique_id'], $expire); $this->EE->functions->set_cookie($this->EE->session->c_password , $data['password'], $expire); /** ---------------------------------------- /** Create a new session /** ----------------------------------------*/ if ($this->EE->config->item('user_session_type') == 'cs' OR $this->EE->config->item('user_session_type') == 's') { $this->EE->session->sdata['session_id'] = $this->EE->functions->random(); $this->EE->session->sdata['member_id'] = $member_id; $this->EE->session->sdata['last_activity'] = $this->EE->localize->now; $this->EE->session->sdata['site_id'] = $this->EE->config->item('site_id'); $this->EE->functions->set_cookie($this->EE->session->c_session , $this->EE->session->sdata['session_id'], $this->EE->session->session_length); $this->EE->db->query($this->EE->db->insert_string('exp_sessions', $this->EE->session->sdata)); } /** ---------------------------------------- /** Update existing session variables /** ----------------------------------------*/ $this->EE->session->userdata['username'] = $data['username']; $this->EE->session->userdata['member_id'] = $member_id; /** ---------------------------------------- /** Update stats /** ----------------------------------------*/ $cutoff = $this->EE->localize->now - (15 * 60); $this->EE->db->query("DELETE FROM exp_online_users WHERE site_id = '".$this->EE->db->escape_str($this->EE->config->item('site_id'))."' AND ((ip_address = '".$this->EE->input->ip_address()."' AND member_id = '0') OR date < $cutoff)"); $data = array( 'member_id' => $this->EE->session->userdata('member_id'), 'name' => ($this->EE->session->userdata['screen_name'] == '') ? $this->EE->session->userdata['username'] : $this->EE->session->userdata['screen_name'], 'ip_address' => $this->EE->input->ip_address(), 'date' => $this->EE->localize->now, 'anon' => 'y', 'site_id' => $this->EE->config->item('site_id') ); $this->EE->db->query($this->EE->db->update_string('exp_online_users', $data, array("ip_address" => $this->EE->input->ip_address(), "member_id" => $data['member_id']))); $message = $this->EE->lang->line('mbr_your_are_logged_in'); } /** ---------------------------------------- /** Build the message /** ----------------------------------------*/ if ($this->EE->input->get_post('FROM') == 'forum') { if ($this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id'))) { $query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '".$this->EE->db->escape_str($this->EE->input->get_post('board_id'))."'"); } else { $query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '1'"); } $site_name = $query->row('board_label') ; $return = $query->row('board_forum_url') ; } else { $site_name = ($this->EE->config->item('site_name') == '') ? $this->EE->lang->line('back') : stripslashes($this->EE->config->item('site_name')); $return = $this->EE->config->item('site_url'); } $data = array( 'title' => $this->EE->lang->line('mbr_registration_complete'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('mbr_registration_completed')."\n\n".$message, 'redirect' => '', 'link' => array($return, $site_name) ); $this->EE->output->show_message($data); }