/** * Check the email address * * @return @e void [Outputs to screen] */ public function checkEmail() { //----------------------------------------- // INIT //----------------------------------------- $email = ''; $banfilters = array(); if (is_string($_REQUEST['email'])) { $email = strtolower(IPSText::parseCleanValue(rawurldecode($_REQUEST['email']))); } if (!$email) { $this->returnString('found'); } if (!IPSText::checkEmailAddress($email)) { $this->returnString('found'); } //----------------------------------------- // Got the member? //----------------------------------------- if (!IPSMember::checkByEmail($email)) { //----------------------------------------- // Load ban filters //----------------------------------------- $this->DB->build(array('select' => '*', 'from' => 'banfilters')); $this->DB->execute(); while ($r = $this->DB->fetch()) { $banfilters[$r['ban_type']][] = $r['ban_content']; } //----------------------------------------- // Are they banned [EMAIL]? //----------------------------------------- if (is_array($banfilters['email']) and count($banfilters['email'])) { foreach ($banfilters['email'] as $memail) { $memail = str_replace("*", '.*', preg_quote($memail, "/")); if (preg_match("/^{$memail}\$/", $email)) { $this->returnString('banned'); break; } } } //----------------------------------------- // Load handler... //----------------------------------------- $classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login'); $han_login = new $classToLoad($this->registry); $han_login->init(); $han_login->emailExistsCheck($email); if ($han_login->return_code and $han_login->return_code != 'METHOD_NOT_DEFINED' and $han_login->return_code != 'EMAIL_NOT_IN_USE') { $this->returnString('found'); } $this->returnString('notfound'); } else { $this->returnString('found'); } }
/** * Execute selected method * * @access public * @param object Registry object * @return @e void */ public function doExecute(ipsRegistry $registry) { $_e = 0; /* Check input? */ if ($this->request['do'] == 'check') { if (!$this->request['username']) { $_e = 1; $this->registry->output->addWarning('Необходимо указать отображаемое имя пользователя'); } if (!$this->request['password']) { $_e = 1; $this->registry->output->addWarning('Необходимо ввести пароль'); } else { if ($this->request['password'] != $this->request['confirm_password']) { $_e = 1; $this->registry->output->addWarning('Введенные пароли не совпадают'); } } if (!$this->request['email'] or IPSText::checkEmailAddress($this->request['email']) !== TRUE) { $_e = 1; $this->registry->output->addWarning('Необходимо указать Email'); } if ($_e) { $this->registry->output->setTitle("Администратор: Ошибка"); $this->registry->output->setNextAction('admin&do=check'); $this->registry->output->addContent($this->registry->output->template()->page_admin()); $this->registry->output->sendOutput(); } else { /* Save Form Data */ IPSSetUp::setSavedData('admin_user', $this->request['username']); IPSSetUp::setSavedData('admin_pass', $this->request['password']); IPSSetUp::setSavedData('admin_email', $this->request['email']); /* Next Action */ $this->registry->autoLoadNextAction('install'); return; } } /* Output */ $this->registry->output->setTitle("Создание учетной записи администратора"); $this->registry->output->setNextAction('admin&do=check'); $this->registry->output->addContent($this->registry->output->template()->page_admin()); $this->registry->output->sendOutput(); }
/** * Execute selected method * * @access public * @param object Registry object * @return @e void */ public function doExecute(ipsRegistry $registry) { $_e = 0; /* Check input? */ if ($this->request['do'] == 'check') { if (!$this->request['username']) { $_e = 1; $this->registry->output->addWarning('You must specify a display name for the admin account'); } if (!$this->request['password']) { $_e = 1; $this->registry->output->addWarning('You must specify a password for the admin account'); } else { if ($this->request['password'] != $this->request['confirm_password']) { $_e = 1; $this->registry->output->addWarning('The admin passwords did not match'); } } if (!$this->request['email'] or IPSText::checkEmailAddress($this->request['email']) !== TRUE) { $_e = 1; $this->registry->output->addWarning('You must specify an email address for the admin account'); } if ($_e) { $this->registry->output->setTitle("Admin: Errors"); $this->registry->output->setNextAction('admin&do=check'); $this->registry->output->addContent($this->registry->output->template()->page_admin()); $this->registry->output->sendOutput(); } else { /* Save Form Data */ IPSSetUp::setSavedData('admin_user', $this->request['username']); IPSSetUp::setSavedData('admin_pass', $this->request['password']); IPSSetUp::setSavedData('admin_email', $this->request['email']); /* Next Action */ $this->registry->autoLoadNextAction('install'); return; } } /* Output */ $this->registry->output->setTitle("Admin Account Creation"); $this->registry->output->setNextAction('admin&do=check'); $this->registry->output->addContent($this->registry->output->template()->page_admin()); $this->registry->output->sendOutput(); }
/** * Processes the registration form * * @access public * @return void */ public function registerProcessForm() { $form_errors = array(); $coppa = $this->request['coppa_user'] == 1 ? 1 : 0; $in_password = trim($this->request['PassWord']); $in_email = strtolower(trim($this->request['EmailAddress'])); $_SFS_FOUND = FALSE; /* Check */ if ($this->settings['no_reg'] == 1) { $this->registry->output->showError('registration_disabled', 2016, true); } /* Custom profile field stuff */ require_once IPS_ROOT_PATH . 'sources/classes/customfields/profileFields.php'; $custom_fields = new customProfileFields(); $custom_fields->initData('edit'); $custom_fields->parseToSave($this->request, 'register'); /* Check */ if ($custom_fields->error_messages) { $form_errors['general'] = $custom_fields->error_messages; } /* Check the email address */ if (!$in_email or strlen($in_email) < 6 or !IPSText::checkEmailAddress($in_email)) { $form_errors['email'][$this->lang->words['err_invalid_email']] = $this->lang->words['err_invalid_email']; } if (trim($this->request['PassWord_Check']) != $in_password) { $form_errors['password'][$this->lang->words['passwords_not_match']] = $this->lang->words['passwords_not_match']; } /* Test email address */ $this->request['EmailAddress_two'] = strtolower(trim($this->request['EmailAddress_two'])); $this->request['EmailAddress'] = strtolower(trim($this->request['EmailAddress'])); if (!IPSText::checkEmailAddress($this->request['EmailAddress_two'])) { $form_errors['email'][$this->lang->words['reg_error_email_invalid']] = $this->lang->words['reg_error_email_invalid']; } else { if ($in_email and $this->request['EmailAddress_two'] != $in_email) { $form_errors['email'][$this->lang->words['reg_error_email_nm']] = $this->lang->words['reg_error_email_nm']; } } /* Need username? */ $uses_name = false; foreach ($this->cache->getCache('login_methods') as $method) { if ($method['login_user_id'] == 'username') { $uses_name = true; } } if (!$uses_name) { $_REQUEST['UserName'] = $_REQUEST['members_display_name']; $this->request['UserName'] = $this->request['members_display_name']; } /* Check the username */ $user_check = IPSMember::getFunction()->cleanAndCheckName($this->request['UserName'], array(), 'name'); if ($this->settings['auth_allow_dnames']) { $disp_check = IPSMember::getFunction()->cleanAndCheckName($this->request['members_display_name'], array(), 'members_display_name'); } if (is_array($user_check['errors']) && count($user_check['errors'])) { foreach ($user_check['errors'] as $key => $error) { $form_errors[$key][] = $error; } } if ($this->settings['auth_allow_dnames'] and is_array($disp_check['errors']) && count($disp_check['errors'])) { foreach ($disp_check['errors'] as $key => $error) { $form_errors[$key][] = $error; } } /* CHECK 1: Any errors (missing fields, etc)? */ if (count($form_errors)) { $this->registerForm($form_errors); return; } /* Is this email addy taken? */ if (IPSMember::checkByEmail($in_email) == TRUE) { $form_errors['email'][$this->lang->words['reg_error_email_taken']] = $this->lang->words['reg_error_email_taken']; } /* Load handler... */ require_once IPS_ROOT_PATH . 'sources/handlers/han_login.php'; $this->han_login = new han_login($this->registry); $this->han_login->init(); $this->han_login->emailExistsCheck($in_email); if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'EMAIL_NOT_IN_USE') { $form_errors['email'][$this->lang->words['reg_error_email_taken']] = $this->lang->words['reg_error_email_taken']; } /* Are they banned [EMAIL]? */ if (IPSMember::isBanned('email', $in_email) === TRUE) { $form_errors['email'][$this->lang->words['reg_error_email_ban']] = $this->lang->words['reg_error_email_ban']; } /* Check the CAPTCHA */ if ($this->settings['bot_antispam']) { if ($this->registry->getClass('class_captcha')->validate() !== TRUE) { $form_errors['general'][$this->lang->words['err_reg_code']] = $this->lang->words['err_reg_code']; } } /* Check the Q and A */ if ($this->settings['registration_qanda']) { $qanda = intval($this->request['qanda_id']); $pass = false; if ($qanda) { $data = $this->DB->buildAndFetch(array('select' => '*', 'from' => 'question_and_answer', 'where' => 'qa_id=' . $qanda)); if ($data['qa_id']) { $answers = explode("\n", str_replace("\r", "", $data['qa_answers'])); if (count($answers)) { foreach ($answers as $answer) { if (strtolower($answer) == strtolower($this->request['qa_answer'])) { $pass = true; break; } } } } } else { //----------------------------------------- // Do we have any questions? //----------------------------------------- $data = $this->DB->buildAndFetch(array('select' => 'COUNT(*) as questions', 'from' => 'question_and_answer')); if (!$data['questions']) { $pass = true; } } if (!$pass) { $form_errors['general'][$this->lang->words['err_q_and_a']] = $this->lang->words['err_q_and_a']; } } /* CHECK 2: Any errors ? */ if (count($form_errors)) { $this->registerForm($form_errors); return; } /* Build up the hashes */ $mem_group = $this->settings['member_group']; /* Are we asking the member or admin to preview? */ if ($this->settings['reg_auth_type']) { $mem_group = $this->settings['auth_group']; } else { if ($coppa == 1) { $mem_group = $this->settings['auth_group']; } } /* Create member */ $member = array('name' => $this->request['UserName'], 'password' => $in_password, 'members_display_name' => $this->settings['auth_allow_dnames'] ? $this->request['members_display_name'] : $this->request['UserName'], 'email' => $in_email, 'member_group_id' => $mem_group, 'joined' => time(), 'ip_address' => $this->member->ip_address, 'time_offset' => $this->request['time_offset'], 'coppa_user' => $coppa, 'members_auto_dst' => intval($this->request['dst']), 'allow_admin_mails' => intval($this->request['allow_admin_mail']), 'hide_email' => $this->request['allow_member_mail'] ? 0 : 1); /* Spam Service */ $spamCode = 0; if ($this->settings['spam_service_enabled'] && $this->settings['spam_service_api_key']) { /* Query the service */ $spamCode = IPSMember::querySpamService($in_email); /* Action to perform */ $action = $this->settings['spam_service_action_' . $spamCode]; /* Perform Action */ switch ($action) { /* Proceed with registraction */ case 1: break; /* Flag for admin approval */ /* Flag for admin approval */ case 2: $member['member_group_id'] = $this->settings['auth_group']; $this->settings['reg_auth_type'] = 'admin'; break; /* Approve the account, but ban it */ /* Approve the account, but ban it */ case 3: $member['member_banned'] = 1; $member['member_group_id'] = $this->settings['banned_group']; $this->settings['reg_auth_type'] = ''; break; } } //----------------------------------------- // Create the account //----------------------------------------- $member = IPSMember::create(array('members' => $member, 'pfields_content' => $this->request)); //----------------------------------------- // Login handler create account callback //----------------------------------------- $this->han_login->createAccount(array('email' => $member['email'], 'joined' => $member['joined'], 'password' => $in_password, 'ip_address' => $this->member->ip_address, 'username' => $member['members_display_name'])); //----------------------------------------- // We'll just ignore if this fails - it shouldn't hold up IPB anyways //----------------------------------------- /*if ( $han_login->return_code AND ( $han_login->return_code != 'METHOD_NOT_DEFINED' AND $han_login->return_code != 'SUCCESS' ) ) { $this->registry->output->showError( 'han_login_create_failed', 2017, true ); }*/ //----------------------------------------- // Validation //----------------------------------------- $validate_key = md5(IPSLib::makePassword() . time()); $time = time(); if ($coppa != 1) { if ($this->settings['reg_auth_type'] == 'user' or $this->settings['reg_auth_type'] == 'admin' or $this->settings['reg_auth_type'] == 'admin_user') { //----------------------------------------- // We want to validate all reg's via email, // after email verificiation has taken place, // we restore their previous group and remove the validate_key //----------------------------------------- $this->DB->insert('validating', array('vid' => $validate_key, 'member_id' => $member['member_id'], 'real_group' => $this->settings['member_group'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => $time, 'coppa_user' => $coppa, 'new_reg' => 1, 'ip_address' => $member['ip_address'])); if ($this->settings['reg_auth_type'] == 'user' or $this->settings['reg_auth_type'] == 'admin_user') { IPSText::getTextClass('email')->getTemplate("reg_validate"); IPSText::getTextClass('email')->buildMessage(array('THE_LINK' => $this->settings['base_url'] . "app=core&module=global§ion=register&do=auto_validate&uid=" . urlencode($member['member_id']) . "&aid=" . urlencode($validate_key), 'NAME' => $member['members_display_name'], 'MAN_LINK' => $this->settings['base_url'] . "app=core&module=global§ion=register&do=05", 'EMAIL' => $member['email'], 'ID' => $member['member_id'], 'CODE' => $validate_key)); IPSText::getTextClass('email')->subject = $this->lang->words['new_registration_email'] . $this->settings['board_name']; IPSText::getTextClass('email')->to = $member['email']; IPSText::getTextClass('email')->sendMail(); $this->output = $this->registry->output->getTemplate('register')->showAuthorize($member); } else { if ($this->settings['reg_auth_type'] == 'admin') { $this->output = $this->registry->output->getTemplate('register')->showPreview($member); } } if ($this->settings['new_reg_notify']) { $date = $this->registry->class_localization->getDate(time(), 'LONG', 1); IPSText::getTextClass('email')->getTemplate('admin_newuser'); IPSText::getTextClass('email')->buildMessage(array('DATE' => $date, 'MEMBER_NAME' => $member['members_display_name'])); IPSText::getTextClass('email')->subject = $this->lang->words['new_registration_email1'] . $this->settings['board_name']; IPSText::getTextClass('email')->to = $this->settings['email_in']; IPSText::getTextClass('email')->sendMail(); } $this->registry->output->setTitle($this->lang->words['reg_success']); $this->registry->output->addNavigation($this->lang->words['nav_reg'], ''); } else { /* We don't want to preview, or get them to validate via email. */ $stat_cache = $this->caches['stats']; if ($member['members_display_name'] and $member['member_id']) { $stat_cache['last_mem_name'] = $member['members_display_name']; $stat_cache['last_mem_id'] = $member['member_id']; } $stat_cache['mem_count'] += 1; $this->cache->setCache('stats', $stat_cache, array('array' => 1, 'deletefirst' => 0)); if ($this->settings['new_reg_notify']) { $date = $this->registry->class_localization->getDate(time(), 'LONG', 1); IPSText::getTextClass('email')->getTemplate('admin_newuser'); IPSText::getTextClass('email')->buildMessage(array('DATE' => $date, 'MEMBER_NAME' => $member['members_display_name'])); IPSText::getTextClass('email')->subject = $this->lang->words['new_registration_email1'] . $this->settings['board_name']; IPSText::getTextClass('email')->to = $this->settings['email_in']; IPSText::getTextClass('email')->sendMail(); } IPSCookie::set('pass_hash', $member['member_login_key'], 1); IPSCookie::set('member_id', $member['member_id'], 1); //----------------------------------------- // Fix up session //----------------------------------------- $privacy = $this->request['Privacy'] ? 1 : 0; if ($member['g_hide_online_list']) { $privacy = 1; } $this->member->sessionClass()->convertGuestToMember(array('member_name' => $member['members_display_name'], 'member_id' => $member['member_id'], 'member_group' => $member['member_group_id'], 'login_type' => $privacy)); $this->registry->output->silentRedirect($this->settings['base_url'] . '&app=core&module=global§ion=login&do=autologin&fromreg=1'); } } else { /* This is a COPPA user, so lets tell them they registered OK and redirect to the form. */ $this->DB->insert('validating', array('vid' => $validate_key, 'member_id' => $member['member_id'], 'real_group' => $this->settings['member_group'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => $time, 'coppa_user' => $coppa, 'new_reg' => 1, 'ip_address' => $member['ip_address'])); $this->registry->output->redirectScreen($this->lang->words['cp_success'], $this->settings['base_url'] . 'app=core&module=global&section=register&do=12'); } }
/** * Authenticate log in * * @access public * @param string Username (from $this->request) * @param string Password (from $this->request) * @return mixed TRUE if successful, string (message) if not */ public function authenticateLogIn($username, $password) { require_once IPS_ROOT_PATH . 'sources/handlers/han_login.php'; $han_login = new han_login($this->registry); $han_login->is_admin_auth = 1; $han_login->init(); $email = ''; /* Is this a username or email address? */ if (IPSText::checkEmailAddress($username)) { $email = $username; $username = ''; } $han_login->loginAuthenticate($username, $email, $password); $mem = $han_login->member_data; if (!$mem['member_id'] or $han_login->return_code == 'NO_USER') { return 'No user found by that sign in name'; } if ($han_login->return_code == 'NO_ACCESS') { return 'You do not have access to the upgrade system'; } else { if ($han_login->return_code != 'SUCCESS') { return 'Password or sign in name incorrect'; } } /* Test seconday groups */ $mem = ipsRegistry::member()->setUpSecondaryGroups($mem); if ($mem['g_access_cp'] != 1) { return 'You do not have access to the upgrade system'; } /* Set up _member */ $this->loadMemberData($mem['member_id']); /* Still here? */ return TRUE; }
/** * Processes the registration form * * @return @e void */ public function registerProcessForm() { $this->_resetMember(); $form_errors = array(); $coppa = $this->request['coppa_user'] == 1 ? 1 : 0; $in_password = trim($this->request['PassWord']); $in_email = strtolower(trim($this->request['EmailAddress'])); /* Did we agree to the t&c? */ if (!$this->request['agree_tos']) { $form_errors['tos'] = array($this->lang->words['must_agree_to_terms']); } /* Custom profile field stuff */ $classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/classes/customfields/profileFields.php', 'customProfileFields'); $custom_fields = new $classToLoad(); $custom_fields->initData('edit'); $custom_fields->parseToSave($_POST, 'register'); /* Check */ if ($custom_fields->error_messages) { $form_errors['general'] = $custom_fields->error_messages; } /* Check the email address */ if (!$in_email or strlen($in_email) < 6 or !IPSText::checkEmailAddress($in_email)) { $form_errors['email'][$this->lang->words['err_invalid_email']] = $this->lang->words['err_invalid_email']; } if (trim($this->request['PassWord_Check']) != $in_password or !$in_password) { $form_errors['password'][$this->lang->words['passwords_not_match']] = $this->lang->words['passwords_not_match']; } /* There's no reason for this - http://community.invisionpower.com/resources/bugs.html/_/ip-board/registrations-limit-passwords-to-32-characters-for-no-apparent-reason-r37770 elseif ( strlen( $in_password ) < 3 ) { $form_errors['password'][$this->lang->words['pass_too_short']] = $this->lang->words['pass_too_short']; } elseif ( strlen( $in_password ) > 32 ) { $form_errors['password'][$this->lang->words['pass_too_long']] = $this->lang->words['pass_too_long']; } */ /* Check the username */ $user_check = IPSMember::getFunction()->cleanAndCheckName($this->request['members_display_name'], array(), 'name'); $disp_check = IPSMember::getFunction()->cleanAndCheckName($this->request['members_display_name'], array(), 'members_display_name'); if (is_array($user_check['errors']) && count($user_check['errors'])) { foreach ($user_check['errors'] as $key => $error) { $form_errors['dname'][$error] = isset($this->lang->words[$error]) ? $this->lang->words[$error] : $error; } } /* this duplicates username error above */ /*if( is_array( $disp_check['errors'] ) && count( $disp_check['errors'] ) ) { foreach( $disp_check['errors'] as $key => $error ) { $form_errors['dname'][ $error ] = isset($this->lang->words[ $error ]) ? $this->lang->words[ $error ] : $error; } }*/ /* Is this email addy taken? */ if (IPSMember::checkByEmail($in_email) == TRUE) { $form_errors['email'][$this->lang->words['reg_error_email_taken']] = $this->lang->words['reg_error_email_taken']; } /* Load handler... */ $classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login'); $this->han_login = new $classToLoad($this->registry); $this->han_login->init(); $this->han_login->emailExistsCheck($in_email); if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'EMAIL_NOT_IN_USE') { $form_errors['email'][$this->lang->words['reg_error_email_taken']] = $this->lang->words['reg_error_email_taken']; } /* Are they banned [EMAIL]? */ if (IPSMember::isBanned('email', $in_email) === TRUE) { $form_errors['email'][$this->lang->words['reg_error_email_ban']] = $this->lang->words['reg_error_email_ban']; } /* Check the CAPTCHA */ if ($this->settings['bot_antispam_type'] != 'none') { if ($this->registry->getClass('class_captcha')->validate() !== TRUE) { $form_errors['general'][$this->lang->words['err_reg_code']] = $this->lang->words['err_reg_code']; } } /* Check the Q and A */ $qanda = intval($this->request['qanda_id']); $pass = true; if ($qanda) { $pass = false; $data = $this->DB->buildAndFetch(array('select' => '*', 'from' => 'question_and_answer', 'where' => 'qa_id=' . $qanda)); if ($data['qa_id']) { $answers = explode("\n", str_replace("\r", "", $data['qa_answers'])); if (count($answers)) { foreach ($answers as $answer) { $answer = trim($answer); if (IPSText::mbstrlen($answer) and mb_strtolower($answer) == mb_strtolower($this->request['qa_answer'])) { $pass = true; break; } } } } } else { //----------------------------------------- // Do we have any questions? //----------------------------------------- $data = $this->DB->buildAndFetch(array('select' => 'COUNT(*) as questions', 'from' => 'question_and_answer')); if ($data['questions']) { $pass = false; } } if (!$pass) { $form_errors['general'][$this->lang->words['err_q_and_a']] = $this->lang->words['err_q_and_a']; } /* CHECK 2: Any errors ? */ if (count($form_errors)) { $this->registerForm($form_errors); return; } /* Build up the hashes */ $mem_group = $this->settings['member_group']; /* Are we asking the member or admin to preview? */ if ($this->settings['reg_auth_type']) { $mem_group = $this->settings['auth_group']; } else { if ($coppa == 1) { $mem_group = $this->settings['auth_group']; } } /* Create member */ $member = array('name' => $this->request['members_display_name'], 'password' => $in_password, 'members_display_name' => $this->request['members_display_name'], 'email' => $in_email, 'member_group_id' => $mem_group, 'joined' => time(), 'ip_address' => $this->member->ip_address, 'time_offset' => $this->request['time_offset'], 'coppa_user' => $coppa, 'members_auto_dst' => intval($this->settings['time_dst_auto_correction']), 'allow_admin_mails' => intval($this->request['allow_admin_mail']), 'language' => $this->member->language_id); /* Spam Service */ $spamCode = 0; $_spamFlag = 0; if ($this->settings['spam_service_enabled']) { /* Query the service */ $spamCode = IPSMember::querySpamService($in_email); /* Action to perform */ $action = $this->settings['spam_service_action_' . $spamCode]; /* Perform Action */ switch ($action) { /* Proceed with registration */ case 1: break; /* Flag for admin approval */ /* Flag for admin approval */ case 2: $member['member_group_id'] = $this->settings['auth_group']; $this->settings['reg_auth_type'] = 'admin'; $_spamFlag = 1; break; /* Approve the account, but ban it */ /* Approve the account, but ban it */ case 3: $member['member_banned'] = 1; $member['bw_is_spammer'] = 1; $this->settings['reg_auth_type'] = ''; break; /* Deny registration */ /* Deny registration */ case 4: $this->registry->output->showError('spam_denied_account', '100x001', FALSE, '', 200); break; } } //----------------------------------------- // Create the account //----------------------------------------- $member = IPSMember::create(array('members' => $member, 'pfields_content' => $custom_fields->out_fields), FALSE, FALSE, FALSE); //----------------------------------------- // Login handler create account callback //----------------------------------------- $this->han_login->createAccount(array('member_id' => $member['member_id'], 'email' => $member['email'], 'joined' => $member['joined'], 'password' => $in_password, 'ip_address' => $this->member->ip_address, 'username' => $member['members_display_name'], 'name' => $member['name'], 'members_display_name' => $member['members_display_name'])); //----------------------------------------- // We'll just ignore if this fails - it shouldn't hold up IPB anyways //----------------------------------------- /*if ( $han_login->return_code AND ( $han_login->return_code != 'METHOD_NOT_DEFINED' AND $han_login->return_code != 'SUCCESS' ) ) { $this->registry->output->showError( 'han_login_create_failed', 2017, true ); }*/ //----------------------------------------- // Validation //----------------------------------------- $validate_key = md5(IPSMember::makePassword() . time()); $time = time(); if ($coppa != 1) { if ($this->settings['reg_auth_type'] == 'user' or $this->settings['reg_auth_type'] == 'admin' or $this->settings['reg_auth_type'] == 'admin_user') { //----------------------------------------- // We want to validate all reg's via email, // after email verificiation has taken place, // we restore their previous group and remove the validate_key //----------------------------------------- $this->DB->insert('validating', array('vid' => $validate_key, 'member_id' => $member['member_id'], 'real_group' => $this->settings['member_group'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => $time, 'coppa_user' => $coppa, 'new_reg' => 1, 'ip_address' => $member['ip_address'], 'spam_flag' => $_spamFlag)); if ($this->settings['reg_auth_type'] == 'user' or $this->settings['reg_auth_type'] == 'admin_user') { /* Send out the email. */ $message = array('THE_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=auto_validate&uid=" . urlencode($member['member_id']) . "&aid=" . urlencode($validate_key), 'publicNoSession', 'false'), 'NAME' => $member['members_display_name'], 'MAN_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=05", 'publicNoSession', 'false'), 'EMAIL' => $member['email'], 'ID' => $member['member_id'], 'CODE' => $validate_key); IPSText::getTextClass('email')->setPlainTextTemplate(IPSText::getTextClass('email')->getTemplate("reg_validate", $this->member->language_id)); IPSText::getTextClass('email')->buildPlainTextContent($message); IPSText::getTextClass('email')->buildHtmlContent($message); IPSText::getTextClass('email')->subject = sprintf($this->lang->words['new_registration_email'], $this->settings['board_name']); IPSText::getTextClass('email')->to = $member['email']; IPSText::getTextClass('email')->sendMail(); $this->output = $this->registry->output->getTemplate('register')->showAuthorize($member); } else { if ($this->settings['reg_auth_type'] == 'admin') { $this->output = $this->registry->output->getTemplate('register')->showPreview($member); } } /* Only send new registration email if the member wasn't banned */ if ($this->settings['new_reg_notify'] and !$member['member_banned']) { $date = $this->registry->class_localization->getDate(time(), 'LONG', 1); IPSText::getTextClass('email')->getTemplate('admin_newuser'); IPSText::getTextClass('email')->buildMessage(array('DATE' => $date, 'LOG_IN_NAME' => $member['name'], 'EMAIL' => $member['email'], 'IP' => $member['ip_address'], 'DISPLAY_NAME' => $member['members_display_name'])); IPSText::getTextClass('email')->subject = sprintf($this->lang->words['new_registration_email1'], $this->settings['board_name']); IPSText::getTextClass('email')->to = $this->settings['email_in']; IPSText::getTextClass('email')->sendMail(); } $this->registry->output->setTitle($this->lang->words['reg_success'] . ' - ' . ipsRegistry::$settings['board_name']); $this->registry->output->addNavigation($this->lang->words['nav_reg'], ''); } else { /* We don't want to preview, or get them to validate via email. */ $stat_cache = $this->cache->getCache('stats'); if ($member['members_display_name'] and $member['member_id'] and !$this->caches['group_cache'][$member['member_group_id']]['g_hide_online_list']) { $stat_cache['last_mem_name'] = $member['members_display_name']; $stat_cache['last_mem_name_seo'] = IPSText::makeSeoTitle($member['members_display_name']); $stat_cache['last_mem_id'] = $member['member_id']; } $stat_cache['mem_count'] += 1; $this->cache->setCache('stats', $stat_cache, array('array' => 1)); /* Only send new registration email if the member wasn't banned */ if ($this->settings['new_reg_notify'] and !$member['member_banned']) { $date = $this->registry->class_localization->getDate(time(), 'LONG', 1); IPSText::getTextClass('email')->getTemplate('admin_newuser'); IPSText::getTextClass('email')->buildMessage(array('DATE' => $date, 'LOG_IN_NAME' => $member['name'], 'EMAIL' => $member['email'], 'IP' => $member['ip_address'], 'DISPLAY_NAME' => $member['members_display_name'])); IPSText::getTextClass('email')->subject = sprintf($this->lang->words['new_registration_email1'], $this->settings['board_name']); IPSText::getTextClass('email')->to = $this->settings['email_in']; IPSText::getTextClass('email')->sendMail(); } IPSCookie::set('pass_hash', $member['member_login_key'], 1); IPSCookie::set('member_id', $member['member_id'], 1); //----------------------------------------- // Fix up session //----------------------------------------- $privacy = $member['g_hide_online_list'] || empty($this->settings['disable_anonymous']) && !empty($this->request['Privacy']) ? 1 : 0; # Update value for onCompleteAccount call $member['login_anonymous'] = $privacy . '&1'; $this->member->sessionClass()->convertGuestToMember(array('member_name' => $member['members_display_name'], 'member_id' => $member['member_id'], 'member_group' => $member['member_group_id'], 'login_type' => $privacy)); IPSLib::runMemberSync('onCompleteAccount', $member); $this->registry->output->silentRedirect($this->settings['base_url'] . '&app=core&module=global§ion=login&do=autologin&fromreg=1'); } } else { /* This is a COPPA user, so lets tell them they registered OK and redirect to the form. */ $this->DB->insert('validating', array('vid' => $validate_key, 'member_id' => $member['member_id'], 'real_group' => $this->settings['member_group'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => $time, 'coppa_user' => $coppa, 'new_reg' => 1, 'ip_address' => $member['ip_address'])); $this->registry->output->redirectScreen($this->lang->words['cp_success'], $this->settings['base_url'] . 'app=core&module=global&section=register&do=12'); } }
/** * Wrapper for loginAuthenticate - returns more information * * @access public * @return mixed array [0=Words to show, 1=URL to send to, 2=error message language key] */ public function verifyLogin() { $url = ""; $member = array(); $username = ''; $email = ''; $password = trim($this->request['password']); $errors = ''; $core = array(); //----------------------------------------- // Is this a username or email address? //----------------------------------------- if (IPSText::checkEmailAddress($this->request['username'])) { $email = $this->request['username']; } else { $username = $this->request['username']; } //----------------------------------------- // Check auth //----------------------------------------- $this->loginAuthenticate($username, $email, $password); $member = $this->member_data; //----------------------------------------- // Check return code... //----------------------------------------- if ($this->return_code != 'SUCCESS') { if ($this->return_code == 'MISSING_DATA') { return array(null, null, 'complete_form'); } if ($this->return_code == 'ACCOUNT_LOCKED') { $extra = "<!-- -->"; if ($this->settings['ipb_bruteforce_unlock']) { if ($this->account_unlock) { $time = time() - $this->account_unlock; $time = $this->settings['ipb_bruteforce_period'] - ceil($time / 60) > 0 ? $this->settings['ipb_bruteforce_period'] - ceil($time / 60) : 1; } } return array(null, null, 'bruteforce_account_unlock', $time); } else { if ($this->return_code == 'WRONG_OPENID') { return array(null, null, 'wrong_openid'); } else { if ($this->return_code == 'FLAGGED_REMOTE') { return array(null, null, 'flagged_remote'); } else { return array(null, null, 'wrong_auth'); } } } } //----------------------------------------- // Is this a partial member? // Not completed their sign in? //----------------------------------------- if ($member['members_created_remote'] and isset($member['full']) and !$member['full']) { return array($this->lang->words['partial_login'], $this->settings['base_url'] . 'app=core&module=global&section=register&do=complete_login&mid=' . $member['member_id'] . '&key=' . $member['timenow']); } //----------------------------------------- // Generate a new log in key //----------------------------------------- $_ok = 1; $_time = $this->settings['login_key_expire'] ? time() + intval($this->settings['login_key_expire']) * 86400 : 0; $_sticky = $_time ? 0 : 1; $_days = $_time ? $this->settings['login_key_expire'] : 365; if ($this->settings['login_change_key'] or !$member['member_login_key'] or $this->settings['login_key_expire'] and time() > $member['member_login_key_expire']) { $member['member_login_key'] = IPSMember::generateAutoLoginKey(); $core['member_login_key'] = $member['member_login_key']; $core['member_login_key_expire'] = $_time; } //----------------------------------------- // Cookie me softly? //----------------------------------------- if ($this->request['rememberMe']) { IPSCookie::set("member_id", $member['member_id'], 1); IPSCookie::set("pass_hash", $member['member_login_key'], $_sticky, $_days); } else { IPSCookie::set("member_id", $member['member_id'], 0); IPSCookie::set("pass_hash", $member['member_login_key'], 0); } //----------------------------------------- // Remove any COPPA cookies previously set //----------------------------------------- IPSCookie::set("coppa", '0', 0); //----------------------------------------- // Update profile if IP addr missing //----------------------------------------- if ($member['ip_address'] == "" or $member['ip_address'] == '127.0.0.1') { $core['ip_address'] = $this->member->ip_address; } //----------------------------------------- // Create / Update session //----------------------------------------- $privacy = $this->request['anonymous'] ? 1 : 0; if ($member['g_hide_online_list']) { $privacy = 1; } $session_id = $this->member->sessionClass()->convertGuestToMember(array('member_name' => $member['members_display_name'], 'member_id' => $member['member_id'], 'member_group' => $member['member_group_id'], 'login_type' => $privacy)); if ($this->request['referer'] and $this->request['referer'] and $this->request['section'] != 'register') { if (stripos($this->request['referer'], 'section=register') or stripos($this->request['referer'], 'section=login') or stripos($this->request['referer'], 'section=lostpass') or stripos($this->request['referer'], CP_DIRECTORY . '/')) { $url = $this->settings['base_url'] . '?'; } else { $url = str_replace('&', '&', $this->request['referer']); $url = preg_replace("#s=(\\w){32}#", "", $url); if ($this->member->session_type != 'cookie') { $url = $this->settings['board_url'] . '/index.php?s=' . $session_id; } } } else { $url = $this->settings['base_url'] . '?'; } //----------------------------------------- // Set our privacy status //----------------------------------------- $core['login_anonymous'] = intval($privacy) . '&1'; $core['failed_logins'] = ''; $core['failed_login_count'] = 0; IPSMember::save($member['member_id'], array('core' => $core)); //----------------------------------------- // Clear out any passy change stuff //----------------------------------------- $this->DB->delete('validating', 'member_id=' . $this->memberData['member_id'] . ' AND lost_pass=1'); //----------------------------------------- // Redirect them to either the board // index, or where they came from //----------------------------------------- if ($this->request['return']) { $return = urldecode($this->request['return']); if (strpos($return, "http://") === 0) { return array($this->lang->words['partial_login'], $return); } } //----------------------------------------- // Still here? //----------------------------------------- /* Member Sync */ IPSLib::runMemberSync('onLogin', $member); return array($this->lang->words['partial_login'], $url); }
/** * Wrapper for loginAuthenticate - returns more information * * @return mixed array [0=Words to show, 1=URL to send to, 2=error message language key] */ public function verifyLogin() { $url = ""; $member = array(); $username = ''; $email = ''; $password = trim($this->request['ips_password']); $errors = ''; $core = array(); $mobileSSO = false; $memberData = $this->registry->member()->fetchMemberData(); /* Mobile app + sso */ if ($memberData['userAgentType'] == 'mobileApp') { $file = IPS_ROOT_PATH . 'sources/classes/session/ssoMobileAppLogIn.php'; if (is_file($file)) { require_once $file; if (class_exists('ssoMobileAppLogIn')) { $mobileSSO = true; $logIn = new ssoMobileAppLogIn($this->registry); $done = $logIn->authenticate($this->request['ips_username'], $password); $this->return_code = $done['code']; $this->member_data = IPSMember::load(intval($done['memberId'])); $member = $this->member_data; } } } /* No mobile log in? Log in normally */ if (!$mobileSSO) { //----------------------------------------- // Is this a username or email address? //----------------------------------------- if (IPSText::checkEmailAddress($this->request['ips_username'])) { $email = $this->request['ips_username']; } else { $username = $this->request['ips_username']; } //----------------------------------------- // Check auth //----------------------------------------- $this->loginAuthenticate($username, $email, $password); $member = $this->member_data; } //----------------------------------------- // Check return code... //----------------------------------------- if ($this->return_code != 'SUCCESS') { if ($this->return_code == 'MISSING_DATA') { return array(null, null, 'complete_form'); } if ($this->return_code == 'ACCOUNT_LOCKED') { $extra = "<!-- -->"; if ($this->settings['ipb_bruteforce_unlock']) { if ($this->account_unlock) { $time = time() - $this->account_unlock; $time = $this->settings['ipb_bruteforce_period'] - ceil($time / 60) > 0 ? $this->settings['ipb_bruteforce_period'] - ceil($time / 60) : 1; } } return array(null, null, $this->settings['ipb_bruteforce_unlock'] ? 'bruteforce_account_unlock' : 'bruteforce_account_lock', $time); } else { if ($this->return_code == 'MISSING_EXTENSIONS') { return array(null, null, 'missing_extensions'); } else { if ($this->return_code == 'FLAGGED_REMOTE') { return array(null, null, 'flagged_remote'); } else { if ($this->return_code == 'VALIDATING') { if ($this->revalidate_url == 'ADMIN_VALIDATION') { return array(null, null, 'validating_remote', ipsRegistry::getClass('class_localization')->words['admin_validation_msg']); } else { return array(null, null, 'validating_remote', "<a href='{$this->revalidate_url}' target='_blank'>" . ipsRegistry::getClass('class_localization')->words['resend_val'] . "</a>"); } } else { return array(null, null, 'wrong_auth'); } } } } } //----------------------------------------- // Is this a partial member? // Not completed their sign in? //----------------------------------------- if ($member['members_created_remote'] and isset($member['full']) and !$member['full']) { return array($this->registry->getClass('class_localization')->words['partial_login'], $this->settings['base_url'] . 'app=core&module=global&section=register&do=complete_login&mid=' . $member['member_id'] . '&key=' . $member['timenow']); } //----------------------------------------- // Generate a new log in key //----------------------------------------- $_ok = 1; $_time = $this->settings['login_key_expire'] ? time() + intval($this->settings['login_key_expire']) * 86400 : 0; $_sticky = $_time ? 0 : 1; $_days = $_time ? $this->settings['login_key_expire'] : 365; if (!$member['member_login_key'] or $this->settings['login_key_expire'] and time() > $member['member_login_key_expire']) { $member['member_login_key'] = IPSMember::generateAutoLoginKey(); $core['member_login_key'] = $member['member_login_key']; $core['member_login_key_expire'] = $_time; } //----------------------------------------- // Cookie me softly? //----------------------------------------- if ($this->request['rememberMe']) { IPSCookie::set("member_id", $member['member_id'], 1, 0, FALSE, TRUE); IPSCookie::set("pass_hash", $member['member_login_key'], $_sticky, $_days, FALSE, TRUE); IPSCookie::set("ipsconnect_" . md5($this->settings['board_url'] . '/interface/ipsconnect/ipsconnect.php'), '1', $_sticky, $_days, FALSE, FALSE); } else { // Ticket 824266 // IPSCookie::set( "member_id" , $member['member_id'], 0 ); // IPSCookie::set( "pass_hash" , $member['member_login_key'], 0 ); IPSCookie::set("ipsconnect_" . md5($this->settings['board_url'] . '/interface/ipsconnect/ipsconnect.php'), '1', 0, 0, FALSE, FALSE); } //----------------------------------------- // Remove any COPPA cookies previously set //----------------------------------------- IPSCookie::set("coppa", '0', 0); //----------------------------------------- // Update profile if IP addr missing //----------------------------------------- if ($member['ip_address'] == "" or $member['ip_address'] == '127.0.0.1') { $core['ip_address'] = $this->registry->member()->ip_address; } //----------------------------------------- // Create / Update session //----------------------------------------- $privacy = $member['g_hide_online_list'] || empty($this->settings['disable_anonymous']) && !empty($this->request['anonymous']) ? 1 : 0; $session_id = $this->registry->member()->sessionClass()->convertGuestToMember(array('member_name' => $member['members_display_name'], 'member_id' => $member['member_id'], 'member_group' => $member['member_group_id'], 'login_type' => $privacy)); if (!empty($this->request['referer']) and $this->request['section'] != 'register') { if (stripos($this->request['referer'], 'section=register') or stripos($this->request['referer'], 'section=login') or stripos($this->request['referer'], 'section=lostpass') or stripos($this->request['referer'], CP_DIRECTORY . '/')) { $url = $this->settings['base_url']; } else { $url = str_replace('&', '&', $this->request['referer']); if ($this->registry->member()->session_type == 'cookie') { $url = preg_replace('#s=(\\w){32}#', "", $url); } } } else { $url = $this->settings['base_url']; } //----------------------------------------- // Set our privacy status //----------------------------------------- $core['login_anonymous'] = intval($privacy) . '&1'; $core['failed_logins'] = ''; $core['failed_login_count'] = 0; IPSMember::save($member['member_id'], array('core' => $core)); //----------------------------------------- // Clear out any passy change stuff //----------------------------------------- $this->DB->delete('validating', 'member_id=' . $this->registry->member()->getProperty('member_id') . ' AND lost_pass=1'); //----------------------------------------- // Run member sync //----------------------------------------- $member['plainPassword'] = $password; IPSLib::runMemberSync('onLogin', $member); unset($member['plainPassword']); //----------------------------------------- // Redirect them to either the board // index, or where they came from //----------------------------------------- if (!empty($this->request['return'])) { $return = urldecode($this->request['return']); if (strpos($return, "http://") === 0 || strpos($return, "https://") === 0) { return array($this->registry->getClass('class_localization')->words['partial_login'], $return); } } //----------------------------------------- // Still here? //----------------------------------------- return array($this->registry->getClass('class_localization')->words['partial_login'], $url); }
/** * Check and verify the login was successful * * @access public * @return void */ public function loginComplete() { //----------------------------------------- // Check form details. //----------------------------------------- $this->request['email'] = str_replace('|', '|', $this->request['email']); $username = ''; $email = ''; //----------------------------------------- // Is this a username or email address? //----------------------------------------- if (IPSText::checkEmailAddress($this->request['username'])) { $email = $this->request['username']; } else { $username = $this->request['username']; } //----------------------------------------- // Check auth //----------------------------------------- $this->han_login->loginAuthenticate($username, $email, trim($this->request['password'])); //----------------------------------------- // Check return code... //----------------------------------------- $mem = $this->han_login->member_data; if (!$mem['member_id'] or $this->han_login->return_code == 'NO_USER') { $this->_writeToLog($this->request['username'], 'fail'); $this->loginForm($this->lang->words['bad_email_password']); } if ($this->han_login->return_code == 'NO_ACCESS') { $this->_writeToLog($this->request['username'], 'fail'); $this->loginForm($this->lang->words['no_acp_access']); } else { if ($this->han_login->return_code != 'SUCCESS') { $this->_writeToLog($this->request['username'], 'fail'); $this->loginForm($this->lang->words['bad_email_password']); } } //----------------------------------------- // And sort secondary groups... //----------------------------------------- $mem = $this->member->setUpSecondaryGroups($mem); //----------------------------------------- // Check access... //----------------------------------------- if ($mem['g_access_cp'] != 1) { $this->_writeToLog($this->request['username'], 'fail'); $this->loginForm($this->lang->words['no_acp_access']); } else { //----------------------------------------- // Fix up query string... //----------------------------------------- $extra_query = ""; if ($_POST['qstring']) { $extra_query = stripslashes($_POST['qstring']); $extra_query = str_replace($this->settings['_original_base_url'], "", $extra_query); $extra_query = str_ireplace("?index." . $this->settings['php_ext'], "", $extra_query); $extra_query = ltrim($extra_query, '?'); $extra_query = preg_replace("!adsess=(\\w){32}!", "", $extra_query); $extra_query = str_replace("adsess=x", "", $extra_query); $extra_query = str_replace(array('old_&', 'old_&'), "", $extra_query); $extra_query = preg_replace("!s=(\\w){32}!", "", $extra_query); $extra_query = str_replace("module=login", "", $extra_query); $extra_query = str_replace("do=login-complete", "", $extra_query); $extra_query = str_replace("/admin", "", $extra_query); $extra_query = str_replace('&', '&', $extra_query); $extra_query = preg_replace("#&{1,}#", "&", $extra_query); } //----------------------------------------- // Insert session //----------------------------------------- $sess_id = md5(uniqid(microtime())); $this->DB->delete('core_sys_cp_sessions', 'session_member_id=' . $mem['member_id']); /* Grab user agent */ $uAgent = array(); $this->DB->insert('core_sys_cp_sessions', array('session_id' => $sess_id, 'session_ip_address' => $this->member->ip_address, 'session_member_name' => $mem['members_display_name'], 'session_member_id' => $mem['member_id'], 'session_member_login_key' => $mem['member_login_key'], 'session_location' => 'index', 'session_log_in_time' => time(), 'session_running_time' => time(), 'session_app_data' => serialize($uAgent), 'session_url' => '')); $this->request['adsess'] = $sess_id; //----------------------------------------- // Redirect... //----------------------------------------- $url = $this->settings['_original_base_url'] . '/' . CP_DIRECTORY . '/index.php?adsess=' . $sess_id . '&' . $extra_query; $this->_writeToLog($this->request['username'], 'ok'); ipsRegistry::getClass('output')->redirect($url, $this->lang->words['login_successful']); } }
/** * UserCP Save Form: Email Address * * @return mixed Array of errors / boolean true */ public function saveFormEmailPassword() { //----------------------------------------- // INIT //----------------------------------------- $_emailOne = strtolower(trim($this->request['in_email_1'])); $_emailTwo = strtolower(trim($this->request['in_email_2'])); $cur_pass = trim($this->request['current_pass']); $new_pass = trim($this->request['new_pass_1']); $chk_pass = trim($this->request['new_pass_2']); $isRemote = (!$this->memberData['bw_local_password_set'] and $this->memberData['members_created_remote']) ? true : false; if ($cur_pass or $new_pass) { if ($this->memberData['g_access_cp']) { return array(0 => $this->lang->words['admin_emailpassword']); } if ($isRemote === false and (!$_POST['current_pass'] or empty($new_pass) or empty($chk_pass))) { return array(0 => $this->lang->words['complete_entire_form']); } //----------------------------------------- // Do the passwords actually match? //----------------------------------------- if ($new_pass != $chk_pass) { return array(0 => $this->lang->words['passwords_not_matchy']); } //----------------------------------------- // Check password... //----------------------------------------- if ($isRemote === false) { if ($this->_checkPassword($cur_pass) !== TRUE) { return array(0 => $this->lang->words['current_pw_bad']); } } else { /* This is INIT in _checkPassword */ $classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login'); $this->han_login = new $classToLoad($this->registry); $this->han_login->init(); } //----------------------------------------- // Create new password... //----------------------------------------- $md5_pass = md5($new_pass); //----------------------------------------- // han_login was loaded during check_password //----------------------------------------- $this->han_login->changePass($this->memberData['email'], $md5_pass, $new_pass, $this->memberData); if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'SUCCESS') { return array(0 => $this->lang->words['hanlogin_pw_failed']); } //----------------------------------------- // Update the DB //----------------------------------------- IPSMember::updatePassword($this->memberData['email'], $md5_pass); IPSLib::runMemberSync('onPassChange', $this->memberData['member_id'], $new_pass); //----------------------------------------- // Update members log in key... //----------------------------------------- $key = IPSMember::generateAutoLoginKey(); IPSMember::save($this->memberData['member_id'], array('core' => array('member_login_key' => $key, 'bw_local_password_set' => 1))); $this->ok_message = $this->lang->words['pw_change_successful']; } if ($_emailOne or $_emailTwo) { //----------------------------------------- // Do not allow validating members to change // email when admin validation is on // @see http://community.invisionpower.com/tracker/issue-19964-loophole-in-registration-procedure/ //----------------------------------------- if ($this->memberData['member_group_id'] == $this->settings['auth_group'] and in_array($this->settings['reg_auth_type'], array('admin', 'admin_user'))) { $this->registry->output->showError($this->lang->words['admin_val_no_email_chg'], 10190); } //----------------------------------------- // Check input //----------------------------------------- if ($this->memberData['g_access_cp']) { return array(0 => $this->lang->words['admin_emailpassword']); } if (!$_POST['in_email_1'] or !$_POST['in_email_2']) { return array(0 => $this->lang->words['complete_entire_form']); } //----------------------------------------- // Check password... //----------------------------------------- if (!$this->_isFBUser) { if ($this->_checkPassword($this->request['password']) === FALSE) { return array(0 => $this->lang->words['current_pw_bad']); } } //----------------------------------------- // Test email addresses //----------------------------------------- if ($_emailOne != $_emailTwo) { return array(0 => $this->lang->words['emails_no_matchy']); } if (IPSText::checkEmailAddress($_emailOne) !== TRUE) { return array(0 => $this->lang->words['email_not_valid']); } //----------------------------------------- // Is this email addy taken? //----------------------------------------- if (IPSMember::checkByEmail($_emailOne) == TRUE) { return array(0 => $this->lang->words['email_is_taken']); } //----------------------------------------- // Load ban filters //----------------------------------------- $banfilters = array(); $this->DB->build(array('select' => '*', 'from' => 'banfilters')); $this->DB->execute(); while ($r = $this->DB->fetch()) { $banfilters[$r['ban_type']][] = $r['ban_content']; } //----------------------------------------- // Check in banned list //----------------------------------------- if (isset($banfilters['email']) and is_array($banfilters['email']) and count($banfilters['email'])) { foreach ($banfilters['email'] as $email) { $email = str_replace('\\*', '.*', preg_quote($email, "/")); if (preg_match("/^{$email}\$/i", $_emailOne)) { return array(0 => $this->lang->words['email_is_taken']); } } } //----------------------------------------- // Load handler... //----------------------------------------- $classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login'); $this->han_login = new $classToLoad($this->registry); $this->han_login->init(); if ($this->han_login->emailExistsCheck($_emailOne) !== FALSE) { return array(0 => $this->lang->words['email_is_taken']); } $this->han_login->changeEmail($this->memberData['email'], $_emailOne, $this->memberData); if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'SUCCESS') { return array(0 => $this->lang->words['email_is_taken']); } //----------------------------------------- // Want a new validation? NON ADMINS ONLY //----------------------------------------- if ($this->settings['reg_auth_type'] and !$this->memberData['g_access_cp']) { //----------------------------------------- // Remove any existing entries //----------------------------------------- $_previous = $this->DB->buildAndFetch(array('select' => 'prev_email, real_group', 'from' => 'validating', 'where' => "member_id={$this->memberData['member_id']} AND email_chg=1")); if ($_previous['prev_email']) { $this->DB->delete('validating', "member_id={$this->memberData['member_id']} AND email_chg=1"); $this->memberData['email'] = $_previous['prev_email']; $this->memberData['member_group_id'] = $_previous['real_group']; } $validate_key = md5(IPSMember::makePassword() . time()); //----------------------------------------- // Update the new email, but enter a validation key // and put the member in "awaiting authorisation" // and send an email.. //----------------------------------------- $db_str = array('vid' => $validate_key, 'member_id' => $this->memberData['member_id'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => time(), 'coppa_user' => 0, 'email_chg' => 1, 'ip_address' => $this->member->ip_address, 'prev_email' => $this->memberData['email']); if ($this->memberData['member_group_id'] != $this->settings['auth_group']) { $db_str['real_group'] = $this->memberData['member_group_id']; } $this->DB->insert('validating', $db_str); IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($_emailOne), $this->memberData['email']); IPSMember::save($this->memberData['member_id'], array('core' => array('member_group_id' => $this->settings['auth_group'], 'email' => $_emailOne))); //----------------------------------------- // Update their session with the new member group //----------------------------------------- if ($this->member->session_id) { $this->member->sessionClass()->convertMemberToGuest(); } //----------------------------------------- // Kill the cookies to stop auto log in //----------------------------------------- IPSCookie::set('pass_hash', '-1', 0); IPSCookie::set('member_id', '-1', 0); IPSCookie::set('session_id', '-1', 0); //----------------------------------------- // Dispatch the mail, and return to the activate form. //----------------------------------------- IPSText::getTextClass('email')->getTemplate("newemail"); IPSText::getTextClass('email')->buildMessage(array('NAME' => $this->memberData['members_display_name'], 'THE_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=auto_validate&type=newemail&uid=" . $this->memberData['member_id'] . "&aid=" . $validate_key, 'publicNoSession', 'false'), 'ID' => $this->memberData['member_id'], 'MAN_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=07", 'publicNoSession', 'false'), 'CODE' => $validate_key)); IPSText::getTextClass('email')->subject = $this->lang->words['lp_subject'] . ' ' . $this->settings['board_name']; IPSText::getTextClass('email')->to = $_emailOne; IPSText::getTextClass('email')->sendMail(); $this->registry->getClass('output')->silentRedirect($this->settings['base_url'] . 'app=core&module=global&section=register&do=07'); } else { //----------------------------------------- // No authorisation needed, change email addy and return //----------------------------------------- IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($_emailOne), $this->memberData['email']); IPSMember::save($this->memberData['member_id'], array('core' => array('email' => $_emailOne))); //----------------------------------------- // Add to OK message //----------------------------------------- $this->ok_message = $this->lang->words['ok_email_changed']; } } return TRUE; }
/** * Forward the page (sends the email) * * @access private * @return void [Outputs to screen/redirects] */ private function _sendEmail() { //----------------------------------------- // Check //----------------------------------------- if ($this->request['k'] != $this->member->form_hash) { $this->registry->getClass('output')->showError('no_permission', 2029); } $lang_to_use = 1; foreach (ipsRegistry::cache()->getCache('lang_data') as $l) { if ($this->request['lang'] == $l['lang_id']) { $lang_to_use = $l['lang_id']; } } $check_array = array('to_name' => 'stf_no_name', 'to_email' => 'stf_no_email', 'message' => 'stf_no_msg', 'subject' => 'stf_no_subject'); foreach ($check_array as $input => $msg) { if (!$this->request[$input]) { $this->registry->output->showError($msg, 10325); } } if (!IPSText::checkEmailAddress($this->request['to_email'])) { $this->registry->output->showError('email_address_invalid', 10326); } IPSText::getTextClass('email')->getTemplate("forward_page", $lang_to_use); IPSText::getTextClass('email')->buildMessage(array('THE_MESSAGE' => $this->request['message'], 'TO_NAME' => $this->request['to_name'], 'FROM_NAME' => $this->memberData['members_display_name'])); IPSText::getTextClass('email')->subject = $this->request['subject']; IPSText::getTextClass('email')->to = $this->request['to_email']; IPSText::getTextClass('email')->from = $this->memberData['email']; IPSText::getTextClass('email')->sendMail(); $this->registry->output->redirectScreen($this->lang->words['redirect'], $this->settings['base_url'] . "showtopic=" . $this->topic['tid'] . "&st=" . $this->request['st']); }
/** * Add a member [process] * * @return @e void */ protected function _memberDoAdd() { /* Init vars */ $in_username = trim($this->request['name']); $in_password = trim($this->request['password']); $in_email = trim(strtolower($this->request['email'])); $members_display_name = $this->request['mirror_loginname'] ? $in_username : trim($this->request['members_display_name']); $this->registry->output->global_error = ''; $this->registry->class_localization->loadLanguageFile(array('public_register'), 'core'); /* Check erros */ foreach (array('name', 'password', 'email', 'member_group_id') as $field) { if (!$_POST[$field]) { $this->registry->output->showError($this->lang->words['m_completeform'], 11238); } } //----------------------------------------- // Check //----------------------------------------- if (!IPSText::checkEmailAddress($in_email)) { $this->registry->output->global_error = $this->lang->words['m_emailinv']; } $userName = IPSMember::getFunction()->cleanAndCheckName($in_username, array(), 'name'); $displayName = IPSMember::getFunction()->cleanAndCheckName($members_display_name, array(), 'members_display_name'); if (count($userName['errors'])) { $_message = $this->lang->words[$userName['errors']['username']] ? $this->lang->words[$userName['errors']['username']] : $userName['errors']['username']; $this->registry->output->global_error .= '<p>' . $this->lang->words['sm_loginname'] . ': ' . $_message . '</p>'; } if ($this->settings['auth_allow_dnames'] and count($displayName['errors'])) { $_message = $this->lang->words[$displayName['errors']['dname']] ? $this->lang->words[$displayName['errors']['dname']] : $displayName['errors']['dname']; $this->registry->output->global_error .= '<p>' . $this->lang->words['sm_display'] . ': ' . $_message . '</p>'; } /* Errors? */ if ($this->registry->output->global_error) { $this->_memberAddForm(); return; } //----------------------------------------- // Load handler... //----------------------------------------- $classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login'); $this->han_login = new $classToLoad($this->registry); $this->han_login->init(); //----------------------------------------- // Only check local, else a user being in Converge // means that you can't manually add the user to the board //----------------------------------------- $email_check = $this->DB->buildAndFetch(array('select' => 'member_id', 'from' => 'members', 'where' => "email='" . $in_email . "'")); if ($email_check['member_id']) { $this->registry->output->global_error = $this->lang->words['m_emailalready']; $this->_memberAddForm(); return; } //$this->han_login->emailExistsCheck( $in_email ); //if( $this->han_login->return_code AND $this->han_login->return_code != 'METHOD_NOT_DEFINED' AND $this->han_login->return_code != 'EMAIL_NOT_IN_USE' ) //{ // $this->registry->output->global_message = $this->lang->words['m_emailalready']; // $this->_memberAddForm(); // return; //} //----------------------------------------- // Allowed to add administrators? //----------------------------------------- if ($this->caches['group_cache'][intval($this->request['member_group_id'])]['g_access_cp'] and !$this->registry->getClass('class_permissions')->checkPermission('member_add_admin')) { $this->registry->output->global_error = $this->lang->words['m_addadmin']; $this->_memberAddForm(); return; } $member = array('name' => $in_username, 'members_display_name' => $members_display_name ? $members_display_name : $in_username, 'email' => $in_email, 'member_group_id' => intval($this->request['member_group_id']), 'joined' => time(), 'ip_address' => $this->member->ip_address, 'time_offset' => $this->settings['time_offset'], 'coppa_user' => intval($this->request['coppa']), 'allow_admin_mails' => 1, 'password' => $in_password, 'language' => IPSLib::getDefaultLanguage()); //----------------------------------------- // Create the account //----------------------------------------- $member = IPSMember::create(array('members' => $member, 'pfields_content' => $this->request), FALSE, FALSE, FALSE); //----------------------------------------- // Login handler create account callback //----------------------------------------- $this->han_login->createAccount(array('email' => $in_email, 'joined' => $member['joined'], 'password' => $in_password, 'ip_address' => $member['ip_address'], 'username' => $member['members_display_name'])); /*if( $this->han_login->return_code AND $this->han_login->return_code != 'METHOD_NOT_DEFINED' AND $this->han_login->return_code != 'SUCCESS' ) { $this->registry->output->global_message = sprintf( $this->lang->words['m_cantadd'], $this->han_login->return_code ) . $this->han_login->return_details; $this->_memberAddForm(); return; }*/ //----------------------------------------- // Restriction permissions stuff //----------------------------------------- if ($this->memberData['row_perm_cache']) { if ($this->caches['group_cache'][intval($this->request['member_group_id'])]['g_access_cp']) { //----------------------------------------- // Copy restrictions... //----------------------------------------- $this->DB->insert('admin_permission_rows', array('row_member_id' => $member['member_id'], 'row_perm_cache' => $this->memberData['row_perm_cache'], 'row_updated' => time())); } } //----------------------------------------- // Send teh email (I love 'teh' as much as !!11!!1) //----------------------------------------- if ($this->request['sendemail']) { IPSText::getTextClass('email')->setPlainTextTemplate(IPSText::getTextClass('email')->getTemplate("account_created")); IPSText::getTextClass('email')->buildMessage(array('NAME' => $member['name'], 'EMAIL' => $member['email'], 'PASSWORD' => $in_password)); IPSText::getTextClass('email')->to = $member['email']; IPSText::getTextClass('email')->sendMail(); } //----------------------------------------- // Stats //----------------------------------------- $this->cache->rebuildCache('stats', 'global'); $this->cache->rebuildCache('birthdays', 'calendar'); //----------------------------------------- // Log and bog? //----------------------------------------- ipsRegistry::getClass('adminFunctions')->saveAdminLog(sprintf($this->lang->words['m_createlog'], $this->request['name'])); $this->registry->output->global_message = $this->lang->words['m_memadded']; $this->request['member_id'] = $member['member_id']; $this->_showAdminForm($member, array()); $this->_memberView(); }
/** * Save new email and/or pass * * @return @e void */ protected function _saveForm() { if (!$this->request['email'] and !$this->request['password']) { $this->registry->output->global_error = $this->lang->words['change_nothing_update']; $this->_showForm(); return; } if ($this->request['email']) { if (!$this->request['email_confirm']) { $this->registry->output->global_error = $this->lang->words['change_both_fields']; $this->_showForm(); return; } else { if ($this->request['email'] != $this->request['email_confirm']) { $this->registry->output->global_error = $this->lang->words['change_not_match']; $this->_showForm(); return; } } $email = trim($this->request['email']); if (!IPSText::checkEmailAddress($email)) { $this->registry->output->global_error = $this->lang->words['bad_email_supplied']; $this->_showForm(); return; } $email_check = IPSMember::load(strtolower($email)); if ($email_check['member_id']) { if ($email_check['member_id'] == $this->memberData['member_id']) { $this->registry->output->global_error = $this->lang->words['already_using_email']; } else { $this->registry->output->global_error = $this->lang->words['change_email_already_used']; } $this->_showForm(); return; } //----------------------------------------- // Load handler... //----------------------------------------- $classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login'); $han_login = new $classToLoad($this->registry); $han_login->init(); $han_login->changeEmail(trim(strtolower($this->memberData['email'])), trim(strtolower($email)), $this->memberData); IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($email), $this->memberData['email']); IPSMember::save($this->memberData['member_id'], array('core' => array('email' => strtolower($email)))); ipsRegistry::getClass('adminFunctions')->saveAdminLog(sprintf($this->lang->words['changed_email'], $email)); } if ($this->request['password']) { if (!$this->request['password_confirm']) { $this->registry->output->global_error = $this->lang->words['change_both_fields']; $this->_showForm(); return; } else { if ($this->request['password'] != $this->request['password_confirm']) { $this->registry->output->global_error = $this->lang->words['change_not_match_pw']; $this->_showForm(); return; } } $password = $this->request['password']; $salt = str_replace('\\', "\\\\", IPSMember::generatePasswordSalt(5)); $key = IPSMember::generateAutoLoginKey(); $md5_once = md5(trim($password)); $classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login'); $han_login = new $classToLoad($this->registry); $han_login->init(); $han_login->changePass($this->memberData['email'], $md5_once, $password, $this->memberData); IPSMember::save($this->memberData['member_id'], array('core' => array('members_pass_salt' => $salt, 'member_login_key' => $key))); IPSMember::updatePassword($this->memberData['member_id'], $md5_once); IPSLib::runMemberSync('onPassChange', $this->memberData['member_id'], $password); ipsRegistry::getClass('adminFunctions')->saveAdminLog($this->lang->words['changed_password']); } $this->registry->output->global_message = $this->lang->words['details_updated']; $this->registry->output->silentRedirectWithMessage($this->settings['base_url']); }
/** * Authenticate log in * * @access public * @param string Username (from $this->request) * @param string Password (from $this->request) * @return mixed TRUE if successful, string (message) if not */ public function authenticateLogIn($username, $password) { require_once IPS_ROOT_PATH . 'sources/handlers/han_login.php'; /*noLibHook*/ $han_login = new han_login($this->registry); $han_login->is_admin_auth = 1; $han_login->init(); $email = ''; /* Is this a username or email address? */ if (IPSText::checkEmailAddress($username)) { $email = $username; $username = ''; } $han_login->loginAuthenticate($username, $email, $password); $mem = $han_login->member_data; if (!$mem['member_id'] or $han_login->return_code == 'NO_USER') { return 'Пользователь не найден'; } if ($han_login->return_code == 'NO_ACCESS') { return 'У вас нет доступа к системе обновления'; } else { if ($han_login->return_code != 'SUCCESS') { return 'Имя пользователя или пароль неверны'; } } /* Test seconday groups */ $mem = ipsRegistry::member()->setUpSecondaryGroups($mem); if ($mem['g_access_cp'] != 1) { return 'У вас нет доступа к системе обновления'; } /* Set up _member */ $this->loadMemberData($mem['member_id']); /* Still here? */ return TRUE; }
/** * Parse event object in an ical feed * * @param int $start Line number * @return @e void * @link http://community.invisionpower.com/resources/bugs.html/_/ip-calendar/recurring-events-can-sometimes-be-skipped-in-ics-r41033 */ protected function _processEventObject($start) { //----------------------------------------- // Init //----------------------------------------- $_break = false; $_event = array(); //----------------------------------------- // Loop over lines //----------------------------------------- $_recid = null; for ($i = $start, $j = count($this->_rawIcsData); $i < $j; $i++) { //----------------------------------------- // Unparse and get the data //----------------------------------------- $tmp = $this->_unparseContent($this->_rawIcsData[$i], $i); if (!$tmp) { continue; } $_type = $tmp['type']; $_data = $tmp['data']; switch ($_type) { case 'CLASS': $_event['access_class'] = $_data; break; case 'CREATED': if (!$_event['created']) { $_event['created'] = strtotime($_data); } break; case 'SUMMARY': /* @link http://community.invisionpower.com/tracker/issue-32941-ical-summary/ */ if (strpos($_data, 'LANGUAGE=') === 0) { $_data = preg_replace("/^LANGUAGE=(.+?):(.+?)\$/i", "\\2", $_data); } $_event['summary'] = $this->_unencodeSpecialCharacters($_data); break; case 'DESCRIPTION': $_event['description'] = $this->_unencodeSpecialCharacters($_data); break; case 'DURATION': $_event['duration'] = $_data; break; case 'DTSTART': $_event['start'] = $this->_unparseTimeInfo($this->_rawIcsData[$i]); break; case 'DTEND': $_event['end'] = $this->_unparseTimeInfo($this->_rawIcsData[$i]); break; case 'DTSTAMP': $_event['created'] = strtotime($_data); break; case 'LAST-MODIFIED': $_event['last_modified'] = strtotime($_data); break; case 'TRANSP': $_event['time_transparent'] = $_data; break; case 'GEO': $_event['geo'] = $_data; break; case 'ORGANIZER': $line = explode(':', $_data); $_event['organizer'] = array('name' => str_replace('CN=', '', $line[0]), 'email' => $line[2]); break; case 'ATTENDEE': $line = explode(':', $_data); $_email = ''; foreach ($line as $_line) { $_line = str_replace('cn=', '', strtolower($_line)); if (IPSText::checkEmailAddress($_line)) { $_email = $_line; } } $_event['attendee'][] = array('name' => str_replace('CN=', '', $line[0]), 'email' => $_email); break; case 'UID': $_event['uid'] = $_data; break; case 'STATUS': $_event['status'] = $_data; break; case 'LOCATION': $_event['location'] = $_data; break; case 'SEQUENCE': $_event['sequence'] = intval($_data); break; case 'RRULE': $_event['recurr'] = $_event['recurr'] ? $_event['recurr'] : array(); $_event['recurr'] = array_merge($_event['recurr'], $this->_getRecurrenceData($_data)); break; case 'BEGIN': $this->_parseBeginBlock($_data, $i); break; case 'RECURRENCE-ID': $_recid = $_data; break; case 'END': $_break = true; break; } if ($_break) { if ($_recid) { $event['uid'] = md5($event['uid'] . $_recid); } $this->_parsedIcsData['events'][] = $_event; break; } } }
/** * Forward the page (sends the email) * * @return @e void [Outputs to screen/redirects] */ protected function _sendEmail() { //----------------------------------------- // Check //----------------------------------------- if ($this->request['k'] != $this->member->form_hash) { $this->registry->getClass('output')->showError('no_permission', 2029, null, null, 403); } /* Check the CAPTCHA */ if ($this->settings['bot_antispam_type'] != 'none') { if ($this->registry->getClass('class_captcha')->validate() !== TRUE) { return $this->_showForm('err_reg_code'); } } $lang_to_use = ''; foreach (ipsRegistry::cache()->getCache('lang_data') as $l) { if ($this->request['lang'] == $l['lang_id']) { $lang_to_use = $l['lang_id']; } } $check_array = array('to_name' => 'stf_no_name', 'to_email' => 'stf_no_email', 'message' => 'stf_no_msg', 'subject' => 'stf_no_subject'); foreach ($check_array as $input => $msg) { if (!$this->request[$input]) { $this->registry->output->showError($msg, 10325); } } if (!IPSText::checkEmailAddress($this->request['to_email'])) { $this->registry->output->showError('email_address_invalid', 10326); } IPSText::getTextClass('email')->getTemplate("forward_page", $lang_to_use); IPSText::getTextClass('email')->buildMessage(array('THE_MESSAGE' => $this->request['message'], 'TO_NAME' => $this->request['to_name'], 'FROM_NAME' => $this->memberData['members_display_name'])); IPSText::getTextClass('email')->subject = $this->request['subject']; IPSText::getTextClass('email')->to = $this->request['to_email']; IPSText::getTextClass('email')->from = $this->memberData['email']; IPSText::getTextClass('email')->sendMail(); $this->registry->output->redirectScreen($this->lang->words['redirect'], $this->page['url']); }
/** * Check against XSS * * NOTE: When this function is updated, please also update classIncomingEmail::cleanMessage() * * @access public * @param string Original string * @param boolean Fix script HTML tags * @return string "Cleaned" text */ public function checkXss($txt = '', $fixScript = false, $tag = '') { //----------------------------------------- // Opening script tags... // Check for spaces and new lines... //----------------------------------------- if ($fixScript) { $txt = preg_replace('#<(\\s+?)?s(\\s+?)?c(\\s+?)?r(\\s+?)?i(\\s+?)?p(\\s+?)?t#is', "<script", $txt); $txt = preg_replace('#<(\\s+?)?/(\\s+?)?s(\\s+?)?c(\\s+?)?r(\\s+?)?i(\\s+?)?p(\\s+?)?t#is', "</script", $txt); } /* got a tag? */ if ($tag) { $tag = strip_tags($tag, '<br>'); switch ($tag) { case 'entry': case 'blog': case 'topic': case 'post': $test = str_replace(array('"', "'", '"', '''), "", $txt); if (!is_numeric($test)) { $txt = false; } break; case 'acronym': $test = str_replace(array('"', "'", '"', '''), "", $txt); $test1 = str_replace(array('<', ">", '[', ']'), "", $test); //IPSText::alphanumericalClean( $test, '.+&#; ' ); if ($test != $test1) { $txt = false; } break; case 'email': $test = str_replace(array('"', "'", '"', '''), "", $txt); $test = IPSText::checkEmailAddress($test) ? $txt : FALSE; break; case 'font': /* Make sure it's clean */ $test = str_replace(array('"', "'", '"', '''), "", $txt); $test1 = IPSText::alphanumericalClean($test, '#.+, '); if ($test != $test1) { $txt = false; } break; case 'background': case 'color': /* Make sure it's clean */ $test = str_replace(array('"', "'", '"', '''), "", $txt); /* Make rgb() safe */ $test = preg_replace('#rgb(a)?\\(([^\\)]+?)\\)#i', '', $test); $test1 = IPSText::alphanumericalClean($test, '#.+, '); if ($test != $test1) { $txt = false; } break; default: $_regex = null; $_bbcodes = $this->cache->getCache('bbcode'); $_regex = $_bbcodes[$tag]['bbcode_custom_regex']; if ($_regex) { $test = str_replace(array('"', "'", '"', '''), "", $txt); if (!preg_match($_regex, $test)) { $txt = false; } } break; } /* If we didn't actually get any option data, then return false */ $test = str_replace(array('"', "'", '"', '''), "", $txt); if (strlen($txt) and strlen($test) < 1) { $txt = false; } if ($txt === false) { return false; } /* Still here? Safety, then */ $txt = strip_tags($txt, '<br>'); if (strpos($txt, '[') !== false or strpos($txt, ']') !== false) { $txt = str_replace(array('[', ']'), array('[', ']'), $txt); } } /* Attempt to make JS safe */ $txt = IPSText::xssMakeJavascriptSafe($txt); return $txt; }
/** * Add a member [process] * * @access private * @return void [Outputs to screen] */ private function _memberDoAdd() { //----------------------------------------- // INIT //----------------------------------------- $in_username = trim($this->request['name']); $in_password = trim($this->request['password']); $in_email = trim(strtolower($this->request['email'])); $members_display_name = trim($this->request['members_display_name']); $this->registry->output->global_message = ''; //----------------------------------------- // Check form //----------------------------------------- foreach (array('name', 'password', 'email', 'member_group_id') as $field) { if (!$_POST[$field]) { $this->registry->output->showError($this->lang->words['m_completeform'], 11238); } } //----------------------------------------- // Check //----------------------------------------- if (!IPSText::checkEmailAddress($in_email)) { $this->registry->output->global_message = $this->lang->words['m_emailinv']; } $userName = IPSMember::getFunction()->cleanAndCheckName($in_username, array(), 'name'); $displayName = IPSMember::getFunction()->cleanAndCheckName($members_display_name, array(), 'members_display_name'); if (count($userName['errors'])) { $this->registry->output->global_message .= '<p>' . $this->lang->words['sm_loginname'] . ' ' . $userName['errors']['username'] . '</p>'; } if ($this->settings['auth_allow_dnames'] and count($displayName['errors'])) { $this->registry->output->global_message .= '<p>' . $this->lang->words['sm_display'] . ' ' . $displayName['errors']['dname'] . '</p>'; } /* Errors? */ if ($this->registry->output->global_message) { $this->_memberAddForm(); return; } //----------------------------------------- // Load handler... //----------------------------------------- require_once IPS_ROOT_PATH . 'sources/handlers/han_login.php'; $this->han_login = new han_login($this->registry); $this->han_login->init(); $this->han_login->emailExistsCheck($in_email); if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'EMAIL_NOT_IN_USE') { $this->registry->output->global_message = $this->lang->words['m_emailalready']; $this->_memberAddForm(); return; } //----------------------------------------- // Allowed to add administrators? //----------------------------------------- if ($this->caches['group_cache'][intval($this->request['member_group_id'])]['g_access_cp'] and !$this->registry->getClass('class_permissions')->checkPermission('member_add_admin')) { $this->registry->output->global_message = $this->lang->words['m_addadmin']; $this->_memberAddForm(); return; } $member = array('name' => $in_username, 'members_display_name' => $members_display_name ? $members_display_name : $in_username, 'email' => $in_email, 'member_group_id' => intval($this->request['member_group_id']), 'joined' => time(), 'ip_address' => $this->member->ip_address, 'time_offset' => $this->settings['time_offset'], 'coppa_user' => intval($this->request['coppa']), 'allow_admin_mails' => 1, 'password' => $in_password); //----------------------------------------- // Create the account //----------------------------------------- $member = IPSMember::create(array('members' => $member, 'pfields_content' => $this->request)); //----------------------------------------- // Login handler create account callback //----------------------------------------- $this->han_login->createAccount(array('email' => $in_email, 'joined' => $member['joined'], 'password' => $in_password, 'ip_address' => $member['ip_address'], 'username' => $member['members_display_name'])); /*if( $this->han_login->return_code AND $this->han_login->return_code != 'METHOD_NOT_DEFINED' AND $this->han_login->return_code != 'SUCCESS' ) { $this->registry->output->global_message = sprintf( $this->lang->words['m_cantadd'], $this->han_login->return_code ) . $this->han_login->return_details; $this->_memberAddForm(); return; }*/ //----------------------------------------- // Restriction permissions stuff //----------------------------------------- if ($this->memberData['row_perm_cache']) { if ($this->caches['group_cache'][intval($this->request['member_group_id'])]['g_access_cp']) { //----------------------------------------- // Copy restrictions... //----------------------------------------- $this->DB->insert('admin_permission_rows', array('row_member_id' => $member_id, 'row_perm_cache' => $this->memberData['row_perm_cache'], 'row_updated' => time())); } } //----------------------------------------- // Send teh email (I love 'teh' as much as !!11!!1) //----------------------------------------- if ($this->request['sendemail']) { IPSText::getTextClass('email')->getTemplate("account_created"); IPSText::getTextClass('email')->buildMessage(array('NAME' => $member['name'], 'EMAIL' => $member['email'], 'PASSWORD' => $in_password)); IPSText::getTextClass('email')->to = $member['email']; IPSText::getTextClass('email')->sendMail(); } //----------------------------------------- // Stats //----------------------------------------- $this->cache->rebuildCache('stats', 'global'); //----------------------------------------- // Log and bog? //----------------------------------------- ipsRegistry::getClass('adminFunctions')->saveAdminLog(sprintf($this->lang->words['m_createlog'], $this->request['name'])); $this->registry->output->global_message = $this->lang->words['m_memadded']; $this->request['member_id'] = $member['member_id']; $this->_showAdminForm($member, array()); $this->_memberView(); }
/** * UserCP Save Form: Email Address * * @access public * @return mixed Array of errors / boolean true */ public function saveFormEmail() { //----------------------------------------- // INIT //----------------------------------------- $_emailOne = strtolower(trim($this->request['in_email_1'])); $_emailTwo = strtolower(trim($this->request['in_email_2'])); $captchaInput = trim(ipsRegistry::$request['captchaInput']); $captchaUniqueID = trim(ipsRegistry::$request['captchaUniqueID']); //----------------------------------------- // Check input //----------------------------------------- if ($this->memberData['g_access_cp']) { return array(0 => $this->lang->words['admin_emailpassword']); } if (!$_POST['in_email_1'] or !$_POST['in_email_2']) { return array(0 => $this->lang->words['complete_entire_form']); } //----------------------------------------- // Check password... //----------------------------------------- if (!$this->_isFBUser) { if ($this->_checkPassword($this->request['password']) === FALSE) { return array(0 => $this->lang->words['current_pw_bad']); } } //----------------------------------------- // Test email addresses //----------------------------------------- if ($_emailOne != $_emailTwo) { return array(0 => $this->lang->words['emails_no_matchy']); } if (IPSText::checkEmailAddress($_emailOne) !== TRUE) { return array(0 => $this->lang->words['email_not_valid']); } //----------------------------------------- // Is this email addy taken? //----------------------------------------- if (IPSMember::checkByEmail($_emailOne) == TRUE) { return array(0 => $this->lang->words['email_is_taken']); } //----------------------------------------- // Load ban filters //----------------------------------------- $this->DB->build(array('select' => '*', 'from' => 'banfilters')); $this->DB->execute(); while ($r = $this->DB->fetch()) { $banfilters[$r['ban_type']][] = $r['ban_content']; } //----------------------------------------- // Check in banned list //----------------------------------------- if (isset($banfilters['email']) and is_array($banfilters['email']) and count($banfilters['email'])) { foreach ($banfilters['email'] as $email) { $email = str_replace('\\*', '.*', preg_quote($email, "/")); if (preg_match("/^{$email}\$/i", $_emailOne)) { return array(0 => $this->lang->words['email_is_taken']); } } } //----------------------------------------- // Anti bot flood... //----------------------------------------- if ($this->settings['bot_antispam']) { if ($this->registry->getClass('class_captcha')->validate() !== TRUE) { return array(0 => $this->lang->words['captcha_email_invalid']); } } //----------------------------------------- // Load handler... //----------------------------------------- require_once IPS_ROOT_PATH . 'sources/handlers/han_login.php'; $this->han_login = new han_login($this->registry); $this->han_login->init(); if ($this->han_login->emailExistsCheck($_emailOne) !== FALSE) { return array(0 => $this->lang->words['email_is_taken']); } $this->han_login->changeEmail($this->memberData['email'], $_emailOne); if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'SUCCESS') { return array(0 => $this->lang->words['email_is_taken']); } //----------------------------------------- // Require new validation? NON ADMINS ONLY //----------------------------------------- if ($this->settings['reg_auth_type'] and !$this->memberData['g_access_cp']) { $validate_key = md5(IPSLib::makePassword() . time()); //----------------------------------------- // Update the new email, but enter a validation key // and put the member in "awaiting authorisation" // and send an email.. //----------------------------------------- $db_str = array('vid' => $validate_key, 'member_id' => $this->memberData['member_id'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => time(), 'coppa_user' => 0, 'email_chg' => 1, 'ip_address' => $this->request['IP_ADDRESS'], 'prev_email' => $this->memberData['email']); if ($this->memberData['member_group_id'] != $this->settings['auth_group']) { $db_str['real_group'] = $this->memberData['member_group_id']; } $this->DB->insert('validating', $db_str); IPSMember::save($this->memberData['member_id'], array('core' => array('member_group_id' => $this->settings['auth_group'], 'email' => $_emailOne))); IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($_emailOne)); //----------------------------------------- // Update their session with the new member group //----------------------------------------- if ($this->member->session_id) { $this->member->sessionClass()->convertMemberToGuest(); } //----------------------------------------- // Kill the cookies to stop auto log in //----------------------------------------- IPSCookie::set('pass_hash', '-1', 0); IPSCookie::set('member_id', '-1', 0); IPSCookie::set('session_id', '-1', 0); //----------------------------------------- // Dispatch the mail, and return to the activate form. //----------------------------------------- IPSText::getTextClass('email')->getTemplate("newemail"); IPSText::getTextClass('email')->buildMessage(array('NAME' => $this->memberData['members_display_name'], 'THE_LINK' => $this->settings['base_url'] . "app=core&module=global§ion=register&do=auto_validate&type=newemail&uid=" . $this->memberData['member_id'] . "&aid=" . $validate_key, 'ID' => $this->memberData['member_id'], 'MAN_LINK' => $this->settings['base_url'] . "app=core&module=global§ion=register&do=07", 'CODE' => $validate_key)); IPSText::getTextClass('email')->subject = $this->lang->words['lp_subject'] . ' ' . $this->settings['board_name']; IPSText::getTextClass('email')->to = $_emailOne; IPSText::getTextClass('email')->sendMail(); $this->registry->getClass('output')->redirectScreen($this->lang->words['ce_redirect'], $this->settings['base_url'] . 'app=core&module=global&section=register&do=07'); } else { //----------------------------------------- // No authorisation needed, change email addy and return //----------------------------------------- IPSMember::save($this->memberData['member_id'], array('core' => array('email' => $_emailOne))); IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($_emailOne)); //----------------------------------------- // Add to OK message //----------------------------------------- $this->ok_message = $this->lang->words['ok_email_changed']; return TRUE; } }
/** * Send Bulk Mail via Mandrill */ protected function _mailSendMandrill() { //----------------------------------------- // Load it //----------------------------------------- $id = intval($this->request['id']); $mail = $this->DB->buildAndFetch(array('select' => '*', 'from' => 'bulk_mail', 'where' => 'mail_id=' . $id)); if (!$mail['mail_id'] or !$mail['mail_subject'] or !$mail['mail_content']) { $this->registry->output->global_message = $this->lang->words['b_nosend']; $this->_mailStart(); return; } $opts = unserialize($mail['mail_opts']); //----------------------------------------- // Work out which vars we've actually used //----------------------------------------- $usedVars = array('unsubscribe'); foreach (array_keys($this->_getVariableInformation($this->memberData)) as $k) { if (strpos($mail['mail_content'], '{' . $k . '}') !== FALSE) { $usedVars[] = $k; } } //----------------------------------------- // Build the JSON document //----------------------------------------- $pergo = 2000; $recipientsTo = array(); $recipientsMerge = array(); /* Start with a basic query */ $queryData = array('select' => 'm.*', 'from' => array('members' => 'm'), 'order' => 'm.member_id', 'limit' => array($this->request['st'], $pergo)); /* Add in filters */ $done = 0; $complete = FALSE; $_queryData = $this->_buildMembersQuery($opts['filters']); $queryData['add_join'] = $_queryData['add_join']; $queryData['where'] = implode(' AND ', $_queryData['where']); /* Write the file */ $this->DB->build($queryData); $e = $this->DB->execute(); if (!$this->DB->getTotalRows($e)) { $complete = TRUE; } while ($r = $this->DB->fetch($e)) { /* Skip any invalid emails - the chars presented here are allowed via RFC (note that _ and - are already allowed in alphanumericClean and don't need to be specified) */ if (!$r['email'] or !$r['members_display_name'] or !IPSText::checkEmailAddress($r['email']) or $r['email'] != IPSText::alphanumericalClean($r['email'], '@.+!#$%&\'*/=?^`{|}~ ')) { continue; } $recipientsTo[] = array('email' => $r['email'], 'name' => $r['members_display_name']); $vars = array(); foreach ($this->_getVariableInformation($r, 1) as $k => $v) { if (in_array($k, $usedVars)) { $vars[] = array('name' => $k, 'content' => $v); } } if (!empty($vars)) { $recipientsMerge[] = array('rcpt' => $r['email'], 'vars' => $vars); } $done++; } //----------------------------------------- // Build Content //----------------------------------------- /* Sort out member vars */ $content = $mail['mail_content']; foreach ($this->_getVariableInformation($this->memberData) as $k => $v) { $content = str_replace('{' . $k . '}', '*|' . $k . '|*', $content); } /* Sort out global vars */ $globalMergeVars = array(); foreach ($this->_getVariableInformation(NULL, 2) as $k => $v) { if (in_array($k, $usedVars)) { $globalMergeVars[] = array('name' => $k, 'content' => $v); } } /* Get the full content */ IPSText::getTextClass('email')->clearContent(); IPSText::getTextClass('email')->unsubscribe = true; if ($opts['mail_html_on']) { IPSText::getTextClass('email')->setHtmlEmail(true); IPSText::getTextClass('email')->setHtmlTemplate(str_replace("\n", "", $content)); IPSText::getTextClass('email')->setHtmlWrapper('<#content#>'); } else { if ($this->settings['email_use_html']) { IPSText::getTextClass('email')->setHtmlEmail(true); IPSText::getTextClass('email')->setHtmlTemplate($content); } else { IPSText::getTextClass('email')->setPlainTextTemplate($content, true); } } if ($opts['mail_html_on'] or $this->settings['email_use_html']) { IPSText::getTextClass('email')->buildMessage(array('UNSUBSCRIBE' => '*|unsubscribe|*'), true, true); $content = IPSText::getTextClass('email')->getHtmlContent(); } else { IPSText::getTextClass('email')->buildMessage(array('UNSUBSCRIBE' => '*|unsubscribe|*')); $content = nl2br(IPSText::getTextClass('email')->getPlainTextContent()); } //----------------------------------------- // Send to Mandrill //----------------------------------------- if (IPS_DOC_CHAR_SET != "UTF-8") { $mail['mail_subject'] = IPSText::convertCharsets($mail['mail_subject'], IPS_DOC_CHAR_SET, "UTF-8"); } require_once IPSLib::getAppDir('members') . '/sources/classes/mandrill.php'; $mandrill = new Mandrill(); $response = $mandrill->messages_send(array('message' => array('html' => $content, 'subject' => $mail['mail_subject'], 'from_email' => $this->settings['email_out'], 'from_name' => $this->settings['board_name'], 'to' => $recipientsTo, 'auto_text' => true, 'url_strip_qs' => false, 'preserve_recipients' => false, 'merge' => true, 'global_merge_vars' => $globalMergeVars, 'merge_vars' => $recipientsMerge, 'tags' => array_merge(array('ips'), array_filter($opts['mandrill_tags'], create_function('$v', 'return (bool) $v;')))), 'async' => true)); if (isset($response->status) and $response->status == 'error') { $this->registry->output->showError('mandrill_error'); } //----------------------------------------- // Save //----------------------------------------- $this->DB->update('bulk_mail', array('mail_active' => 0, 'mail_updated' => time(), 'mail_sentto' => $mail['mail_sentto'] + count($recipientsTo)), 'mail_id=' . $mail['mail_id']); if ($complete !== TRUE) { $url = "{$this->settings['base_url']}app=members&module=bulkmail§ion=bulkmail&do=mail_send_mandrill&id={$id}&countmembers={$this->request['countmembers']}&st=" . ($this->request['st'] + $pergo); if (!$this->request['st']) { $this->registry->output->multipleRedirectInit($url); $this->registry->getClass('output')->html_main .= $this->registry->getClass('output')->global_template->global_frame_wrapper(); $this->registry->getClass('output')->sendOutput(); } else { $percentage = 100 / $this->request['countmembers'] * $this->request['st']; $percentage = floor($percentage); $this->registry->output->multipleRedirectHit($url, "Processing ({$percentage}% complete)"); } return; } else { $this->registry->output->multipleRedirectFinish(); } }