public function validateSignupForm(array $data = array()) { $data['referral_member_num'] = Session::hasValidToken(); $data = $this->initSignupForm($data); if ($data['password'] !== $data['password2']) { return [false, ['password' => \Tbmt\Localizer::get('error.password_unequal')], null, null]; } $res = \Tbmt\Validator::getErrors($data, $this->SIGNUP_FORM_FILTERS); if ($res !== false) { return [false, $res, null, null]; } // Validate member number exists $parentMember = \MemberQuery::create()->filterByDeletionDate(null, \Criteria::ISNULL)->filterByType(\Member::TYPE_SYSTEM, \Criteria::NOT_EQUAL)->findOneByHash($data['referral_member_num'])->findOneByIsExtended(1); if ($parentMember == null || $parentMember->getNum() == 0) { return [false, ['referral_member_num' => \Tbmt\Localizer::get('error.referral_member_num')], null, null]; } // else if ( $parentMember->hadPaid() ) { // return [false, ['referral_member_num' => \Tbmt\Localizer::get('error.referrer_paiment_outstanding')], null]; // } $invitation = null; if ($data['invitation_code'] !== '') { $invitation = \InvitationQuery::create()->findOneByHash($data['invitation_code']); if ($parentMember == null) { return [false, ['invitation_code' => \Tbmt\Localizer::get('error.invitation_code_inexisting')], null, null]; } if ($invitation->getMemberId() != $parentMember->getId()) { return [false, ['invitation_code' => \Tbmt\Localizer::get('error.invitation_code_invalid')], null, null]; } if ($invitation->getAcceptedMemberId()) { return [false, ['invitation_code' => \Tbmt\Localizer::get('error.invitation_code_used')], null, null]; } } if (!isset($data['email'])) { $data['email'] = ''; } return [true, $data, $parentMember, $invitation]; }
<?php // aasdf namespace Tbmt; define('BASE_DIR', dirname(__FILE__) . DIRECTORY_SEPARATOR); try { require BASE_DIR . 'include' . DIRECTORY_SEPARATOR . 'bootstrap.php'; $isAllowed = false; Session::start(); $login = Session::getLogin(); if ($login) { $isAllowed = true; } else { if (Session::hasValidToken()) { $isAllowed = true; } else { $token = isset($_REQUEST['tkn']) ? $_REQUEST['tkn'] : null; if ($token) { $res = \Member::getByHash($token); if ($res != null && $res instanceof \Member && $res->isExtended()) { $isAllowed = true; Session::setValidToken($token); } } } } if ($isAllowed !== true) { die('<h1>Permission Denied</h1>'); } /* Dispatch controller