mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-05 14:17:49 +02:00
Code Issues Releases Wiki Activity

signup.php code clean-up

Browse Source
This commit is contained in:
Moc
2014-08-29 14:17:37 +02:00
parent 2f9dae5eed
commit 8f0f9027a5
1 changed files with 63 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

127
signup.php
View File

@@ -2,7 +2,7 @@
/*
* e107 website system
*
* Copyright (C) 2008-2013 e107 Inc (e107.org)
* Copyright (C) 2008-2014 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
@@ -10,13 +10,13 @@
*
*/
require_once("class2.php");
if(vartrue($_POST['email2'])) // spam-trap.
{
exit;
}
$qs = explode(".", e_QUERY);
if($qs[0] != 'activate')
@@ -34,8 +34,7 @@ e107::js('core', 'jquery.mailcheck.min.js','jquery',2);
include_once(e_HANDLER.'user_extended_class.php');
$usere = new e107_user_extended;
// require_once(e_HANDLER.'calendar/calendar_class.ph_');
// $cal = new DHTML_Calendar(true);
require_once(e_HANDLER.'validator_class.php');
// require_once(e_HANDLER.'user_handler.php');
$userMethods = e107::getUserSession();
@@ -43,8 +42,6 @@ $userMethods->deleteExpired(); // Delete time-expired partial registrations
require_once(e107::coreTemplatePath('signup')); //correct way to load a core template.
//include_once(e_CORE.'shortcodes/batch/signup_shortcodes.php');
$signup_shortcodes = e107::getScBatch('signup');
// $facebook_shortcodes = e107::getScBatch('facebook',TRUE);
@@ -53,7 +50,6 @@ $text = '';
$extraErrors = array();
$error = FALSE;
//-------------------------------
// Resend Activation Email
//-------------------------------
@@ -61,13 +57,13 @@ if((e_QUERY == 'resend') && !USER && ($pref['user_reg_veri'] == 1))
{
require_once(HEADERF);
$clean_email = $tp -> toDB($_POST['resend_email']);
$clean_email = $tp->toDB($_POST['resend_email']);
if(!check_email($clean_email))
{
$clean_email = "xxx";
}
$new_email = $tp -> toDB(varset($_POST['resend_newemail'], ''));
$new_email = $tp->toDB(varset($_POST['resend_newemail'], ''));
if(!check_email($new_email ))
{
$new_email = FALSE;
@@ -79,35 +75,35 @@ if((e_QUERY == 'resend') && !USER && ($pref['user_reg_veri'] == 1))
// 'resend_newemail' - corrected email address
// 'resend_password' - password (required if changing email address)
if($_POST['resend_email'] && !$new_email && $clean_email && $sql->db_Select_gen("SELECT * FROM #user WHERE user_ban=0 AND user_sess='' AND (`user_loginname`= '".$clean_email."' OR `user_name` = '".$clean_email."' OR `user_email` = '".$clean_email."' ) "))
if($_POST['resend_email'] && !$new_email && $clean_email && $sql->select_gen("SELECT * FROM #user WHERE user_ban=0 AND user_sess='' AND (`user_loginname`= '".$clean_email."' OR `user_name` = '".$clean_email."' OR `user_email` = '".$clean_email."' ) "))
{ // Account already activated
$ns -> tablerender(LAN_SIGNUP_40,LAN_SIGNUP_41."<br />");
$ns->tablerender(LAN_SIGNUP_40,LAN_SIGNUP_41."<br />");
require_once(FOOTERF);
exit();
}
// Start by looking up the user
if(!$sql->db_Select("user", "*", "(`user_loginname` = '".$clean_email."' OR `user_name` = '".$clean_email."' OR `user_email` = '".$clean_email."' ) AND `user_ban`=".USER_REGISTERED_NOT_VALIDATED." AND `user_sess` !='' LIMIT 1"))
if(!$sql->select("user", "*", "(`user_loginname` = '".$clean_email."' OR `user_name` = '".$clean_email."' OR `user_email` = '".$clean_email."' ) AND `user_ban`=".USER_REGISTERED_NOT_VALIDATED." AND `user_sess` !='' LIMIT 1"))
{
message_handler("ALERT",LAN_SIGNUP_64.': '.$clean_email); // email (or other info) not valid.
require_once(FOOTERF);
exit();
}
$row = $sql -> db_Fetch();
$row = $sql -> fetch();
// We should have a user record here
if(trim($_POST['resend_password']) !="" && $new_email)
{ // Need to change the email address - check password to make sure
if ($userMethods->CheckPassword($_POST['resend_password'], $row['user_loginname'], $row['user_password']) === TRUE)
{
if ($sql->db_select('user', 'user_id, user_email', "user_email='".$new_email."'"))
if ($sql->select('user', 'user_id, user_email', "user_email='".$new_email."'"))
{ // Email address already used by someone
message_handler("ALERT",LAN_SIGNUP_106); // Duplicate email
require_once(FOOTERF);
exit();
}
if($sql->db_Update("user", "user_email='".$new_email."' WHERE user_id = '".$row['user_id']."' LIMIT 1 "))
if($sql->update("user", "user_email='".$new_email."' WHERE user_id = '".$row['user_id']."' LIMIT 1 "))
{
$row['user_email'] = $new_email;
}
@@ -133,12 +129,12 @@ if((e_QUERY == 'resend') && !USER && ($pref['user_reg_veri'] == 1))
if(!sendemail($row['user_email'], $eml['subject'], $eml['message'], $row['user_name'], "", "", $eml['attachments'], $eml['cc'], $eml['bcc'], $returnpath, $returnreceipt,$eml['inline-images']))
{
$ns -> tablerender(LAN_ERROR,LAN_SIGNUP_42);
$ns->tablerender(LAN_ERROR,LAN_SIGNUP_42);
$do_log['signup_result'] = LAN_SIGNUP_62;
}
else
{
$ns -> tablerender(LAN_SIGNUP_43,LAN_SIGNUP_44." ".$row['user_email']." - ".LAN_SIGNUP_45."<br /><br />");
$ns->tablerender(LAN_SIGNUP_43,LAN_SIGNUP_44." ".$row['user_email']." - ".LAN_SIGNUP_45."<br /><br />");
$do_log['signup_result'] = LAN_SIGNUP_61;
}
// Now log this (log will ignore if its disabled)
@@ -147,7 +143,8 @@ if((e_QUERY == 'resend') && !USER && ($pref['user_reg_veri'] == 1))
exit;
}
elseif(!$_POST['submit_resend'])
{ // Display form to get info from user
{
// Display form to get info from user
$text .= "<div style='text-align:center'>
<form method='post' action='".e_SELF."?resend' id='resend_form' autocomplete='off'>
<table style='".USER_WIDTH."' class='fborder'>
@@ -181,7 +178,7 @@ if((e_QUERY == 'resend') && !USER && ($pref['user_reg_veri'] == 1))
</form>
</div>";
$ns -> tablerender(LAN_SIGNUP_47, $text);
$ns->tablerender(LAN_SIGNUP_47, $text);
require_once(FOOTERF);
exit;
}
@@ -207,15 +204,6 @@ if(!$_POST)
}
if(ADMIN && (e_QUERY == 'preview' || e_QUERY == 'test' || e_QUERY == 'preview.aftersignup'))
{
if(e_QUERY == "preview.aftersignup")
@@ -233,7 +221,7 @@ if(ADMIN && (e_QUERY == 'preview' || e_QUERY == 'test' || e_QUERY == 'preview.a
}
$temp = array();
$eml = render_email($temp,TRUE); // It ignores the data, anyway
$eml = render_email($temp, TRUE); // It ignores the data, anyway
echo $eml['preview'];
if(e_QUERY == 'test')
@@ -253,6 +241,7 @@ if(ADMIN && (e_QUERY == 'preview' || e_QUERY == 'test' || e_QUERY == 'preview.a
exit;
}
// FIXME - strange HTML output in browser
if ($pref['membersonly_enabled'])
{
$HEADER = "<div style='text-align:center; width:100%;margin-left:auto;margin-right:auto;text-align:center'><div style='width:70%;text-align:center;margin-left:auto;margin-right:auto'><br />";
@@ -268,12 +257,13 @@ if ($pref['membersonly_enabled'])
$FOOTER = '</div></div>';
}
/*
if($signup_imagecode)
{
// require_once(e_HANDLER."secure_img_handler.php");
// $sec_img = new secure_image;
}
*/
if ((USER || ($pref['user_reg'] != 1) || (vartrue($pref['auth_method'],'e107') != 'e107')) && !getperms('0'))
{
@@ -305,7 +295,7 @@ if (e_QUERY)
$qs = explode('.', e_QUERY);
if ($qs[0] == 'activate' && (count($qs) == 3 || count($qs) == 4) && $qs[2])
{
//TODO use generic multilanguage selection
// FIXME TODO use generic multilanguage selection => e107::coreLan();
// return the message in the correct language.
if(isset($qs[3]) && strlen($qs[3]) == 2 )
{
@@ -327,23 +317,27 @@ if (e_QUERY)
}
$e107cache->clear("online_menu_totals");
if ($sql->db_Select("user", "*", "user_sess='".$tp -> toDB($qs[2], true)."' "))
e107::getCache()->clear("online_menu_totals");
if ($sql->select("user", "*", "user_sess='".$tp->toDB($qs[2], true)."' "))
{
if ($row = $sql->db_Fetch())
if ($row = $sql->fetch())
{
$dbData = array();
$dbData['WHERE'] = " user_sess='".$tp -> toDB($qs[2], true)."' ";
$dbData['WHERE'] = " user_sess='".$tp->toDB($qs[2], true)."' ";
$dbData['data'] = array('user_ban'=>'0', 'user_sess'=>'');
// Set initial classes, and any which the user can opt to join
if ($userMethods->userClassUpdate($row, 'userveri'))
{
$dbData['data']['user_class'] = $row['user_class'];
}
$userMethods->addNonDefaulted($dbData);
validatorClass::addFieldTypes($userMethods->userVettingInfo,$dbData);
$newID = $sql->db_Update('user',$dbData);
if ($newID === FALSE)
$newID = $sql->update('user',$dbData);
if($newID === FALSE)
{
$admin_log->e_log_event(10,debug_backtrace(),'USER','Verification Fail',print_r($row,TRUE),FALSE,LOG_TO_ROLLING);
require_once(HEADERF);
@@ -352,18 +346,19 @@ if (e_QUERY)
exit;
}
// Log to user audit log if enabled
$admin_log->user_audit(USER_AUDIT_EMAILACK,$row);
$e_event->trigger('userveri', $row); // Legacy event
$e_event->trigger('userfull', $row); // 'New' event
e107::getEvent()->trigger('userveri', $row); // Legacy event
e107::getEvent()->trigger('userfull', $row); // 'New' event
if (varset($pref['autologinpostsignup']))
{
require_once(e_HANDLER.'login.php');
$usr = new userlogin();
$usr->login($row['user_loginname'], md5($row['user_name'].$row['user_password'].$row['user_join']), 'signup', '');
}
require_once(HEADERF);
$text = LAN_SIGNUP_74." <a href='index.php'>".LAN_SIGNUP_22."</a> ".LAN_SIGNUP_23."<br />".LAN_SIGNUP_24." ".SITENAME;
$ns->tablerender(LAN_SIGNUP_75, $text);
@@ -372,7 +367,8 @@ if (e_QUERY)
}
}
else
{ // Invalid activation code
{
// Invalid activation code
header("location: ".e_BASE."index.php");
exit;
}
@@ -386,7 +382,8 @@ if (e_QUERY)
if (isset($_POST['register']) && $pref['user_reg'] == 1)
{
$e107cache->clear("online_menu_totals");
e107::getCache()->clear("online_menu_totals");
if (isset($_POST['rand_num']) && $signup_imagecode)
{
if ($badCodeMsg = e107::getSecureImg()->invalidCode($_POST['rand_num'], $_POST['code_verify'])) // better: allows class to return the error.
@@ -397,7 +394,7 @@ if (isset($_POST['register']) && $pref['user_reg'] == 1)
}
}
if($invalid = $e_event->trigger("usersup_veri", $_POST))
if($invalid = e107::getEvent()->trigger("usersup_veri", $_POST))
{
$extraErrors[] = $invalid."\\n";
$error = TRUE;
@@ -432,12 +429,15 @@ if (isset($_POST['register']) && $pref['user_reg'] == 1)
validatorClass::checkMandatory('user_name,user_loginname', $allData); // Check for missing fields (email done in userValidation() )
validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', 0); // Do basic DB-related checks
$userMethods->userValidation($allData); // Do user-specific DB checks
if (!isset($allData['errors']['user_password']))
{ // No errors in password - keep it outside the main data array
{
// No errors in password - keep it outside the main data array
$savePassword = $allData['data']['user_password'];
unset($allData['data']['user_password']); // Delete the password value in the output array
unset($allData['data']['user_password']); // Delete the password value in the output array
}
unset($_POST['password1']); // Restrict the scope of this
unset($_POST['password1']); // Restrict the scope of this
unset($_POST['password2']);
$allData['user_ip'] = e107::getIPHandler()->getIP(FALSE);
@@ -446,13 +446,13 @@ if (isset($_POST['register']) && $pref['user_reg'] == 1)
// check for multiple signups from the same IP address. But ignore localhost
if ($allData['user_ip'] != e107::LOCALHOST_IP)
{
if($ipcount = $sql->db_Select('user', '*', "user_ip='".$allData['user_ip']."' and user_ban !='2' "))
if($ipcount = $sql->select('user', '*', "user_ip='".$allData['user_ip']."' and user_ban !='2' "))
{
if($ipcount >= $pref['signup_maxip'] && trim($pref['signup_maxip']) != "")
{
$allData['errors']['user_email'] = ERR_GENERIC;
$allData['errortext']['user_email'] = LAN_SIGNUP_71;
$admin_log->log_event('USET_15',LAN_SIGNUP_103.e107::getIPHandler()->getIP(FALSE),4);
$admin_log->log_event('USET_15',LAN_SIGNUP_103.e107::getIPHandler()->getIP(FALSE), 4);
}
}
}
@@ -487,7 +487,7 @@ if (isset($_POST['register']) && $pref['user_reg'] == 1)
$eufVals = array();
//if (isset($_POST['ue']))
{
$eufVals = $usere->userExtendedValidateAll(varset($_POST['ue'], array()), varset($_POST['hide'],array()), TRUE); // Validate the extended user fields
$eufVals = $usere->userExtendedValidateAll(varset($_POST['ue'], array()), varset($_POST['hide'],array()), TRUE); // Validate the extended user fields
}
@@ -536,14 +536,14 @@ if (isset($_POST['register']) && $pref['user_reg'] == 1)
exit;
}
if ($_POST['email'] && $sql->db_Select("user", "*", "user_email='".$_POST['email']."' AND user_ban='".USER_BANNED."'"))
if ($_POST['email'] && $sql->select("user", "*", "user_email='".$_POST['email']."' AND user_ban='".USER_BANNED."'"))
{
exit;
}
$u_key = e_user_model::randomKey(); // Key for signup completion
$allData['data']['user_sess'] = $u_key; // Validation key
$u_key = e_user_model::randomKey(); // Key for signup completion
$allData['data']['user_sess'] = $u_key; // Validation key
$userMethods->userClassUpdate($allData['data'], 'usersup');
@@ -555,16 +555,15 @@ if (isset($_POST['register']) && $pref['user_reg'] == 1)
{
$allData['data']['user_ban'] = USER_VALIDATED;
}
// Work out data to be written to user audit trail
$signup_data = array('user_name', 'user_loginname', 'user_email', 'user_ip');
// foreach (array() as $f)
foreach ($signup_data as $f)
{
$signup_data[$f] = $allData['data'][$f]; // Just copy across selected fields
$signup_data[$f] = $allData['data'][$f]; // Just copy across selected fields
}
$allData['data']['user_password'] = $userMethods->HashPassword($savePassword,$allData['data']['user_loginname']);
if (vartrue($pref['allowEmailLogin']))
@@ -627,10 +626,9 @@ if (isset($_POST['register']) && $pref['user_reg'] == 1)
$adviseLoginName = LAN_SIGNUP_65.': '.$allData['data']['user_loginname'].'<br />'.LAN_SIGNUP_66.'<br />';
}
// Verification required (may be by email or by admin)
if ($pref['user_reg_veri'])
{ // Verification required (may be by email or by admin)
{
// ========== Send Email =========>
if (($pref['user_reg_veri'] != 2) && $allData['data']['user_email']) // Don't send if email address blank - means that its not compulsory
{
@@ -664,9 +662,9 @@ if (isset($_POST['register']) && $pref['user_reg'] == 1)
unset($allData['data']['user_password']);
}
$e_event->trigger('usersup', $_POST); // Old trigger - send everything in the template, including extended fields.
e107::getEvent()->trigger('usersup', $_POST); // Old trigger - send everything in the template, including extended fields.
// FIXME - undocummented feature - userpartial trigger (better trigger name?)
$e_event->trigger('userpartial', array_merge($allData['data'],$eufVals['data'])); // New trigger - send everything in the template, including extended fields.
e107::getEvent()->trigger('userpartial', array_merge($allData['data'],$eufVals['data'])); // New trigger - send everything in the template, including extended fields.
require_once(HEADERF);
@@ -680,15 +678,16 @@ if (isset($_POST['register']) && $pref['user_reg'] == 1)
{ // User can be signed up immediately
require_once(HEADERF);
if(!$sql -> db_Select("user", "user_id", "user_loginname='".$allData['data']['user_loginname']."' AND user_password='".$allData['data']['user_password']."'"))
{ // Error looking up newly created user
if(!$sql->db_Select("user", "user_id", "user_loginname='".$allData['data']['user_loginname']."' AND user_password='".$allData['data']['user_password']."'"))
{
// Error looking up newly created user
$ns->tablerender("", LAN_SIGNUP_36);
require_once(FOOTERF);
exit;
}
$e_event->trigger('usersup', $_POST); // send everything in the template, including extended fields.
$e_event->trigger('userfull', array_merge($allData['data'],$eufVals['data'])); // New trigger - send everything in the template, including extended fields.
e107::getEvent()->trigger('usersup', $_POST); // send everything in the template, including extended fields.
e107::getEvent()->trigger('userfull', array_merge($allData['data'],$eufVals['data'])); // New trigger - send everything in the template, including extended fields.
if (isset($pref['signup_text_after']) && (strlen($pref['signup_text_after']) > 2))
{