PageRenderTime 71ms CodeModel.GetById 35ms RepoModel.GetById 0ms app.codeStats 0ms

/pivotx_2.2.5-sqlite/pivotx/modules/module_userreg.php

http://pivotx-sqlite.googlecode.com/
PHP | 932 lines | 708 code | 188 blank | 36 comment | 102 complexity | 59528a16da2bc929cd924a6f3dc5c395 MD5 | raw file
Possible License(s): AGPL-1.0, LGPL-2.1, BSD-3-Clause
  1. <?php
  2. // ---------------------------------------------------------------------------
  3. //
  4. // PIVOTX - LICENSE:
  5. //
  6. // This file is part of PivotX. PivotX and all its parts are licensed under
  7. // the GPL version 2. see: http://docs.pivotx.net/doku.php?id=help_about_gpl
  8. // for more information.
  9. //
  10. // $Id: module_userreg.php 3451 2011-01-24 07:59:54Z hansfn $
  11. //
  12. // ---------------------------------------------------------------------------
  13. // don't access directly..
  14. if(!defined('INPIVOTX')){ die('not in pivotx'); }
  15. // Lamer protection
  16. $currentfile = basename(__FILE__);
  17. require dirname(dirname(__FILE__))."/lamer_protection.php";
  18. /**
  19. * The class that handles the visitor registration.
  20. *
  21. */
  22. class Visitors {
  23. var $input;
  24. var $user;
  25. /**
  26. * Initialise the Visitors object.
  27. */
  28. function Visitors() {
  29. global $PIVOTX;
  30. // Clean up user input to avoid HTML injection and/or stored XSS.
  31. // Also using strip_tags since none of the fields should contain HTML.
  32. $input = array_merge($_POST, $_GET);
  33. foreach ($input as $key => $value) {
  34. $input[$key] = htmlspecialchars(strip_tags(trim($value)));
  35. }
  36. $this->input = $input;
  37. $this->input['message'] = '';
  38. // Make sure the db/users/ folder is present.
  39. makeDir($PIVOTX['paths']['db_path'].'users/');
  40. }
  41. function getPage() {
  42. $private_functions = array('options','edit_prefs','subm_prefs','del_user');
  43. $func = '';
  44. if ($user = $this->isLoggedIn()) {
  45. $this->user = $user;
  46. if (!isset($this->input['func']) || empty($this->input['func'])) {
  47. $func = "options";
  48. } else {
  49. $func = $this->input['func'];
  50. }
  51. } else {
  52. if (!in_array($this->input['func'],$private_functions)) {
  53. $func = $this->input['func'];
  54. } else {
  55. debug('Tried to access private function when not being logged in.');
  56. }
  57. }
  58. // FIXME / TODO - what if cookies are disabled?
  59. switch ($func) {
  60. case 'login':
  61. $page = $this->login();
  62. break;
  63. case 'options':
  64. $page = $this->showOptions();
  65. break;
  66. case 'logout':
  67. $page = $this->logout();
  68. break;
  69. case 'regUser':
  70. $page = $this->showRegPage();
  71. break;
  72. case 'del_user':
  73. $this->delUser();
  74. $page = $this->showLogin();
  75. break;
  76. case 'send_pass':
  77. $page = $this->sendPass();
  78. break;
  79. case 'reset_passwd':
  80. $page = $this->resetPasswd();
  81. break;
  82. case 'edit_prefs':
  83. $page = $this->editPrefs();
  84. break;
  85. case 'subm_reg':
  86. $page = $this->submitReg();
  87. break;
  88. case 'subm_prefs':
  89. $page = $this->submitPrefs();
  90. break;
  91. case 'verify':
  92. $page = $this->verify();
  93. break;
  94. default:
  95. $page = $this->showLogin();
  96. break;
  97. }
  98. return $page;
  99. }
  100. function showLogin() {
  101. $link_login = makeVisitorPageLink('login');
  102. $link_reset_passwd = str_replace('login','reset_passwd',$link_login);
  103. $link_regUser = str_replace('login','regUser',$link_login);
  104. $form = <<<EOM
  105. <h2>%header%</h2>
  106. <p><b>%message%</b></p>
  107. <form name="form1" id="form1" method="post" action="$link_login">
  108. <table border="0" cellspacing="0" cellpadding="3">
  109. <tr>
  110. <td>%formname%:</td>
  111. <td><input type="text" name="name" /></td>
  112. </tr>
  113. <tr>
  114. <td>%formpass%:</td>
  115. <td><input type="password" name="pass" /></td>
  116. </tr>
  117. <tr>
  118. <td>&nbsp;</td>
  119. <td><input type="submit" name="Submit" value="%login%" /></td>
  120. </tr>
  121. <tr>
  122. <td colspan="2"><p><br />&raquo; <a href="$link_reset_passwd">%pass_forgot%</a></p>
  123. <p>&raquo; <a href="$link_regUser">%register_new%</a></p></td>
  124. </tr>
  125. </table>
  126. </form>
  127. EOM;
  128. foreach ($this->input as $key => $val) {
  129. $form = str_replace("%".$key."%", $val, $form);
  130. }
  131. $trans = array();
  132. $trans['header'] = __('Log in as a registered visitor');
  133. $trans['formname'] = __('Username');
  134. $trans['formpass'] = __('Password');
  135. $trans['login'] = __('Login');
  136. $trans['pass_forgot'] = __('Forgotten your password?');
  137. $trans['register_new'] = __('Register a new username.');
  138. foreach ($trans as $key => $val) {
  139. $form = str_replace("%".$key."%", $val, $form);
  140. }
  141. $form .= $this->weblogLinks();
  142. return $form;
  143. }
  144. function showOptions() {
  145. global $PIVOTX;
  146. $link_logout = makeVisitorPageLink('logout');
  147. $link_edit_prefs = str_replace('logout','edit_prefs',$link_logout);
  148. $link_del_user = str_replace('logout','del_user',$link_logout);
  149. $form = <<<EOM
  150. <h2>%loggedinas% %name%</h2>
  151. <p>%message%</p>
  152. <p>&raquo; <a href="$link_edit_prefs">%pref_edit%</a></p>
  153. <p>&raquo; <a href="$link_logout">%logout%</a></p>
  154. <p>&raquo; <a href="$link_del_user">%del_user%</a></p>
  155. EOM;
  156. foreach ($this->input as $key => $val) {
  157. $form = str_replace("%".$key."%", $val, $form);
  158. }
  159. if (is_array($this->user)) {
  160. foreach ($this->user as $key => $val) {
  161. $form = str_replace("%".$key."%", $val, $form);
  162. }
  163. }
  164. $trans = array();
  165. $trans['loggedinas'] = __('Logged in as');
  166. $trans['logout'] = __('Log out.');
  167. $trans['del_user'] = __('Delete account.');
  168. $trans['pref_edit'] = __('Edit your preferences');
  169. foreach ($trans as $key => $val) {
  170. $form = str_replace("%".$key."%", $val, $form);
  171. }
  172. $form .= $this->weblogLinks();
  173. return $form;
  174. }
  175. function login() {
  176. global $PIVOTX;
  177. $logged_in = false;
  178. if ($user=$this->loadUser($this->input['name'])) {
  179. if ($user['pass'] == $this->input['pass']) {
  180. $logged_in = true;
  181. // This is an old Pivot user which isn't using the new hashed passwords
  182. // so we create a new salt, and set the hashed/salted password.
  183. $salt = md5(rand(1,999999) . mktime());
  184. $md5_pass = md5($user['pass'] . $salt);
  185. $user['salt'] = $salt;
  186. $user['pass'] = $md5_pass;
  187. } else if ( (md5($this->input['pass'] . $user['salt']) == $user['pass']) &&
  188. ($user['verified']==1) && ($user['disabled']!=1)) {
  189. $logged_in = true;
  190. } else if ($user['disabled']==1) {
  191. $this->input['message'] = __('User disabled');
  192. $text = $this->showLogin();
  193. } else {
  194. $this->input['message'] = __('Incorrect password or username');
  195. $text = $this->showLogin();
  196. }
  197. } else {
  198. $this->input['message'] = __('Incorrect password or username');
  199. $text = $this->showLogin();
  200. }
  201. if ($logged_in) {
  202. $PIVOTX['session']->setCookie('piv_reguser', stripslashes($user['name'].'|'.md5($user['pass'])));
  203. $user['last_login'] = date("Y-m-d");
  204. $this->saveUser($user);
  205. $this->input['message'] = __('Logged in');
  206. $text = $this->showOptions();
  207. }
  208. return $text;
  209. }
  210. function showRegPage() {
  211. $link = makeVisitorPageLink();
  212. $link_subm_reg = makeVisitorPageLink('subm_reg');
  213. $form= <<<EOM
  214. <h2>%register%: </h2>
  215. <p><b>%message%</b></p>
  216. <form name="form1" id="form1" method="post" action="$link_subm_reg">
  217. <p>%register_info%</p>
  218. <table border="0" cellspacing="0" cellpadding="3">
  219. <tr>
  220. <td>%formname%:</td>
  221. <td colspan="4"><input name="name" type="text" id="name" value="%name%" /></td>
  222. </tr>
  223. <tr>
  224. <td>%formemail%:</td>
  225. <td colspan="4"><input name="email" type="text" id="email" value="%email%" /></td>
  226. </tr>
  227. <tr>
  228. <td>%formurl%:</td>
  229. <td colspan="4"><input name="url" type="text" id="url" value="%url%" /></td>
  230. </tr>
  231. <tr>
  232. <td>%formpass1%:</td>
  233. <td colspan="4"><input name="pass" type="password" id="pass" /></td>
  234. </tr>
  235. <tr>
  236. <td valign="top">%formpass2%:</td>
  237. <td colspan="4"><input name="pass2" type="password" id="pass2" />
  238. </td>
  239. </tr>
  240. <tr>
  241. <td colspan="5">
  242. <strong>%options%:</strong></td>
  243. </tr>
  244. <tr>
  245. <td>%show_email%: </td>
  246. <td><input name="show_address" type="radio" value="1" %radio1a% /> %Yes%</td>
  247. <td><input name="show_address" type="radio" value="0" %radio1b% /> %No%</td>
  248. <td></td><td></td>
  249. </tr>
  250. <tr>
  251. <td>%notify%: </td>
  252. <td><input name="notify_entries" type="radio" value="1" %radio2a% /> %Yes%</td>
  253. <td><input name="notify_entries" type="radio" value="0" %radio2b% /> %No%</td>
  254. <td></td><td></td>
  255. </tr>
  256. <tr>
  257. <td>%def_notify%:</td>
  258. <td><input name="notify_default" type="radio" value="1" %radio3a% /> %Yes%</td>
  259. <td><input name="notify_default" type="radio" value="0" %radio3b% /> %No%</td>
  260. <td></td><td></td>
  261. </tr>
  262. <tr>
  263. <td>&nbsp;</td>
  264. <td colspan="4"><br />
  265. <input type="submit" name="Submit" value="%register%" /></td></tr>
  266. <tr>
  267. <td colspan="5"><p><br />
  268. &laquo; <a href="$link">%back_login%</a></p>
  269. </td>
  270. </tr>
  271. </table>
  272. </form>
  273. EOM;
  274. $input = $this->input;
  275. if (!isset($input['name'])) { $input['name'] = ""; }
  276. if (!isset($input['email'])) { $input['email'] = ""; }
  277. if (!isset($input['url'])) { $input['url'] = ""; }
  278. if ($input['show_address']==1) {
  279. $input['radio1a'] = "checked='checked' ";
  280. $input['radio1b'] = "";
  281. } else {
  282. $input['radio1a'] = "";
  283. $input['radio1b'] = "checked='checked' ";
  284. }
  285. if ($input['notify_entries']==1) {
  286. $input['radio2a'] = "checked='checked' ";
  287. $input['radio2b'] = "";
  288. } else {
  289. $input['radio2a'] = "";
  290. $input['radio2b'] = "checked='checked' ";
  291. }
  292. if ($input['notify_default']==1) {
  293. $input['radio3a'] = "checked='checked' ";
  294. $input['radio3b'] = "";
  295. } else {
  296. $input['radio3a'] = "";
  297. $input['radio3b'] = "checked='checked' ";
  298. }
  299. foreach ($input as $key => $val) {
  300. $form = str_replace("%".$key."%", $val, $form);
  301. }
  302. $trans = array();
  303. $trans['register'] = __('Register');
  304. $trans['register_info'] = __('Please fill out the following information. <strong>Be sure to give a valid email address</strong>, because we will send a verification email to that address.');
  305. $trans['Yes'] = __('Yes');
  306. $trans['No'] = __('No');
  307. $trans['formname'] = __('Username');
  308. $trans['formemail'] = __('Email');
  309. $trans['formurl'] = __('URL');
  310. $trans['formpass1'] = __('Password');
  311. $trans['formpass2'] = __('Password (confirm)');
  312. $trans['options'] = __('Options');
  313. $trans['back_login'] = __('Back to login');
  314. $trans['show_email'] = __('Show my email address with comments');
  315. $trans['notify'] = __('Notify me via email of new entries');
  316. $trans['def_notify'] = __('Default notification of replies');
  317. $trans['back_login'] = __('Back to login');
  318. foreach ($trans as $key => $val) {
  319. $form = str_replace("%".$key."%", $val, $form);
  320. }
  321. return $form;
  322. }
  323. function editPrefs() {
  324. $link = makeVisitorPageLink();
  325. $link_subm_prefs = makeVisitorPageLink('subm_prefs');
  326. $form= <<<EOM
  327. <h2>%pref_edit%: </h2>
  328. <p><b>%message%</b></p>
  329. <form name="form1" id="form1" method="post" action="$link_subm_prefs">
  330. <p>%change_info%</p>
  331. <table border="0" cellspacing="0" cellpadding="3">
  332. <tr>
  333. <td>%formname%:</td>
  334. <td colspan="4"><input name="name" type="text" id="name" value="%name%" readonly="readonly" /></td>
  335. </tr>
  336. <tr>
  337. <td>%formemail%:</td>
  338. <td colspan="4"><input name="email" type="text" id="email" value="%email%" /></td>
  339. </tr>
  340. <tr>
  341. <td>%formurl%:</td>
  342. <td colspan="4"><input name="url" type="text" id="url" value="%url%" /></td>
  343. </tr>
  344. <tr>
  345. <td>%formpass1%:</td>
  346. <td colspan="4"><input name="ch_pass" type="password" id="ch_pass" value="" /></td>
  347. </tr>
  348. <tr>
  349. <td>%formpass2%:</td>
  350. <td colspan="4"><input name="ch_pass2" type="password" id="ch_pass2" value="" /></td>
  351. </tr>
  352. <tr>
  353. <td colspan="5"><strong>%options%:</strong></td>
  354. </tr>
  355. <tr>
  356. <td>%show_email%: </td>
  357. <td><input name="show_address" type="radio" value="1" %radio1a% /></td>
  358. <td>%Yes%</td>
  359. <td><input name="show_address" type="radio" value="0" %radio1b% /></td>
  360. <td> %No% </td>
  361. </tr>
  362. <tr>
  363. <td>%notify%:</td>
  364. <td><input name="notify_entries" type="radio" value="1" %radio2a% /></td>
  365. <td>%Yes%</td>
  366. <td><input name="notify_entries" type="radio" value="0" %radio2b% /></td>
  367. <td>%No%</td>
  368. </tr>
  369. <tr>
  370. <td>%def_notify%:</td>
  371. <td><input name="notify_default" type="radio" value="1" %radio3a% /></td>
  372. <td>%Yes%</td>
  373. <td><input name="notify_default" type="radio" value="0" %radio3b% /></td>
  374. <td>%No%</td>
  375. </tr>
  376. <tr>
  377. <td>&nbsp;</td>
  378. <td colspan="4"><br />
  379. <input type="submit" name="Submit" value="%pref_change%" /></td></tr>
  380. <tr>
  381. <td colspan="5"><p><br />
  382. &laquo; <a href="$link">%back_login%</a></p>
  383. </td>
  384. </tr>
  385. </table>
  386. </form>
  387. EOM;
  388. $user = $this->user;
  389. $user['message'] = $this->input['message'];
  390. $user['pass'] = "";
  391. if ($user['show_address']==1) {
  392. $user['radio1a'] = "checked='checked' ";
  393. $user['radio1b'] = "";
  394. } else {
  395. $user['radio1a'] = "";
  396. $user['radio1b'] = "checked='checked' ";
  397. }
  398. if ($user['notify_entries']==1) {
  399. $user['radio2a'] = "checked='checked' ";
  400. $user['radio2b'] = "";
  401. } else {
  402. $user['radio2a'] = "";
  403. $user['radio2b'] = "checked='checked' ";
  404. }
  405. if ($user['notify_default']==1) {
  406. $user['radio3a'] = "checked='checked' ";
  407. $user['radio3b'] = "";
  408. } else {
  409. $user['radio3a'] = "";
  410. $user['radio3b'] = "checked='checked' ";
  411. }
  412. foreach ($user as $key => $val) {
  413. $form = str_replace("%".$key."%", $val, $form);
  414. }
  415. $trans = array();
  416. $trans['Yes'] = __('Yes');
  417. $trans['No'] = __('No');
  418. $trans['change_info'] = __('Here you can change your information.');
  419. $trans['formname'] = __('Username');
  420. $trans['formemail'] = __('Email');
  421. $trans['formurl'] = __('URL');
  422. $trans['formpass1'] = __('Password');
  423. $trans['formpass2'] = __('Password (confirm)');
  424. $trans['options'] = __('Options');
  425. $trans['show_email'] = __('Show my email address with comments');
  426. $trans['notify'] = __('Notify me via email of new entries');
  427. $trans['def_notify'] = __('Default notification of replies');
  428. $trans['pref_edit'] = __('Edit your preferences');
  429. $trans['pref_change'] = __('Change preferences');
  430. $trans['back_login'] = __('Back to login');
  431. foreach ($trans as $key => $val) {
  432. $form = str_replace("%".$key."%", $val, $form);
  433. }
  434. return $form;
  435. }
  436. function resetPasswd() {
  437. if (isset($this->input['id'])) {
  438. $user = $this->loadUser($this->input['name']);
  439. if ($user && ($this->input['id'] == $user['reset_id'])) {
  440. $message = __('The new password is <q>%pass%</q>.');
  441. $this->input['message'] = str_replace('%pass%',$user['pass_reset'],$message);
  442. $user['salt'] = md5(rand(1,999999) . mktime());
  443. $user['pass'] = md5($user['pass_reset'] . $user['salt']);
  444. unset($user['pass_reset']);
  445. unset($user['reset_id']);
  446. $this->saveUser($user);
  447. } else {
  448. $this->input['message'] = __('Oops') . ' - ' .
  449. __('Password reset request failed.');
  450. }
  451. return $this->showLogin();
  452. }
  453. $link = makeVisitorPageLink();
  454. $link_send_pass = makeVisitorPageLink('send_pass');
  455. $link_regUser = str_replace('send_pass','regUser',$link_send_pass);
  456. $form = <<<EOM
  457. <h2>%pass_reset%</h2>
  458. <p>%message%</p>
  459. <form name="form1" id="form1" method="post" action="$link_send_pass">
  460. <p>%pass_reset_desc%</p>
  461. <table border="0" cellspacing="0" cellpadding="3">
  462. <tr>
  463. <td>%name%:</td>
  464. <td><input name="name" type="text" id="name" /></td>
  465. </tr>
  466. <tr>
  467. <td>&nbsp;</td>
  468. <td><input type="submit" name="Submit" value="%pass_send%" /></td>
  469. </tr>
  470. <tr>
  471. <td colspan="2"><p><br />&laquo; <a href="$link">%back_login%</a></p>
  472. <p>&raquo; <a href="$link_regUser">%register_new%</a></p></td>
  473. </tr>
  474. </table>
  475. </form>
  476. EOM;
  477. foreach ($this->input as $key => $val) {
  478. $form = str_replace("%".$key."%", $val, $form);
  479. }
  480. $trans = array();
  481. $trans['name'] = __('Username');
  482. $trans['pass_send'] = __('Send password');
  483. $trans['pass_reset'] = __('Reset password');
  484. $trans['pass_reset_desc'] = __('If you\'ve forgotten your password, enter your username and PivotX will send you an email with a link to reset your password.');
  485. $trans['back_login'] = __('Back to login');
  486. $trans['register_new'] = __('Register a new username.');
  487. foreach ($trans as $key => $val) {
  488. $form = str_replace("%".$key."%", $val, $form);
  489. }
  490. return $form;
  491. }
  492. function submitReg() {
  493. $input = $this->input;
  494. if ($this->isUser($input['name'])) {
  495. $this->input['message'] .= __('User already exists... Please pick another name.');
  496. $text = $this->showRegPage();
  497. } else if ($this->emailTaken($input['email'])) {
  498. $this->input['message'] .= __('Email address is already taken... Please use another address.');
  499. $text = $this->showRegPage();
  500. } else if (strlen($input['pass'])<4) {
  501. $this->input['message'] .= __('Password must be at least 4 letters long.');
  502. $text = $this->showRegPage();
  503. } else if ($input['pass'] != $input['pass2']) {
  504. $this->input['message'] .= __('Passwords do not match');
  505. $text = $this->showRegPage();
  506. } else if (!isEmail($input['email'])) {
  507. $this->input['message'] .= __('You must give your email address, since without it\'ll ' .
  508. 'be impossible to verify your account. You can always choose not to show ' .
  509. 'your address to other visitors.');
  510. $text = $this->showRegPage();
  511. } else {
  512. // Create a new salt, and set the salted password.
  513. $salt = md5(rand(1,999999) . mktime());
  514. $md5_pass = md5($input['pass'] . $salt);
  515. $user = array(
  516. 'name' => $input['name'],
  517. 'email' => $input['email'],
  518. 'url' => $input['url'],
  519. 'salt' => $salt,
  520. 'pass' => $md5_pass,
  521. 'show_address' => $input['show_address'],
  522. 'notify_entries' => $input['notify_entries'],
  523. 'notify_default' => $input['notify_default'],
  524. 'verified' => 0,
  525. );
  526. $this->regUser($user);
  527. $text = $this->showOptions();
  528. }
  529. return $text;
  530. }
  531. function submitPrefs() {
  532. global $PIVOTX;
  533. $user = $this->user;
  534. $input = $this->input;
  535. if ((strlen($input['pass'])>0) && (strlen($input['pass'])<4)) {
  536. $this->input['message'] .= __('Password must be at least 4 letters long.');
  537. $text = $this->editPrefs();
  538. } else if ($input['ch_pass'] != $input['ch_pass2']) {
  539. $this->input['message'] .= __('Passwords do not match');
  540. $text = $this->editPrefs();
  541. } else {
  542. $this->input['message'] = __('The changes have been stored');
  543. if ( (strlen($input['ch_pass'])>3) && ($input['ch_pass'] == $input['ch_pass2']) ) {
  544. $user['pass'] = md5($input['ch_pass'] . $user['salt']);
  545. $PIVOTX['session']->setCookie("piv_reguser", stripslashes($user['name']."|".md5($user['pass'])));
  546. }
  547. $user['email'] = $input['email'];
  548. $user['url'] = $input['url'];
  549. $user['show_address'] = $input['show_address'];
  550. $user['notify_entries'] = $input['notify_entries'];
  551. $user['notify_default'] = $input['notify_default'];
  552. unset($user['message']);
  553. $this->saveUser($user);
  554. $text = $this->showOptions();
  555. }
  556. return $text;
  557. }
  558. function verify() {
  559. if ($user=$this->loadUser($this->input['name'])) {
  560. $verify_code = md5($user['pass']."email");
  561. if ($verify_code == $this->input['code']) {
  562. $user['verified'] = 1;
  563. $this->saveUser($user);
  564. $this->input['message'] = __('Your account is verified. Please log in..');
  565. sendMailNotification('visitor_registration', array('verify',$user['name']));
  566. $text = $this->showLogin();
  567. } else {
  568. $text = __('That code seems to be incorrect. I\'m sorry, but I can\'t verify.');
  569. }
  570. } else {
  571. $text = __('Oops');
  572. }
  573. return $text;
  574. }
  575. function sendPass() {
  576. global $PIVOTX;
  577. if ($user=$this->loadUser($this->input['name'])) {
  578. if ($user['name'] == $this->input['name']) {
  579. $user['reset_id'] = md5($PIVOTX['config']->get('server_spam_key') . $user['pass']);
  580. $user['pass_reset'] = randomString(10);;
  581. $this->saveUser($user);
  582. $link = $PIVOTX['paths']['host'] . makeVisitorPageLink('reset_passwd') .
  583. '&amp;name=' . urlencode($user['name']) . '&amp;id=' . $user['reset_id'];
  584. mailResetPasswordLink(array(
  585. 'name' => $user['name'],
  586. 'email' => $user['email'],
  587. 'reset_id' => $user['reset_id'],
  588. 'link' => $link)
  589. );
  590. }
  591. }
  592. // Posting this message even if an invalid username is given so
  593. // crackers can't enumerate usernames.
  594. $this->input['message'] = __('A link to reset your password was sent to your mailbox.');
  595. $text = $this->showLogin();
  596. return $text;
  597. }
  598. function delUser($name = '') {
  599. global $PIVOTX;
  600. $deleted = true;
  601. // If a name is supplied the function is not executed by a logged in visitor.
  602. if ($name == '') {
  603. $PIVOTX['session']->setCookie("piv_reguser", "", time()-1000);
  604. $name_md5 = strtolower(md5(strtolower($this->user['name'])));
  605. } else {
  606. $name_md5 = strtolower(md5(strtolower($name)));
  607. }
  608. $filename = $PIVOTX['paths']['db_path'].'users/'.$name_md5.'.php';
  609. if (file_exists($filename)) {
  610. unlink($filename);
  611. unset($this->user);
  612. $this->input['message'] = __('Account deleted.');
  613. } else {
  614. $this->input['message'] = __('Oops');
  615. $deleted = false;
  616. }
  617. return $deleted;
  618. }
  619. function logout() {
  620. global $PIVOTX;
  621. $PIVOTX['session']->setCookie("piv_reguser", "", time()-1000);
  622. unset ($this->user);
  623. $this->input['message'] = __('Logged out');
  624. return $this->showLogin();
  625. }
  626. function weblogLinks() {
  627. global $PIVOTX;
  628. if (isset($_GET['w']) && $PIVOTX['weblogs']->isWeblog($_GET['w'])) {
  629. $weblogkey = $_GET['w'];
  630. $our_weblogs = array($weblogkey => $PIVOTX['weblogs']->getWeblog($weblogkey));
  631. } else {
  632. $our_weblogs = $PIVOTX['weblogs']->getWeblogs();
  633. }
  634. $text = "<br />\n";
  635. foreach ($our_weblogs as $weblogkey => $weblog) {
  636. $text .= sprintf("<p>&laquo; ".__('Back to')." <a href=\"%s\">%s</a></p>",
  637. $weblog['link'], $weblog['name'] );
  638. }
  639. return $text;
  640. }
  641. function emailTaken($email) {
  642. global $PIVOTX;
  643. $found = false;
  644. foreach($this->getUsers() as $user) {
  645. if ($user['email'] == $email) {
  646. $found = true;
  647. break;
  648. }
  649. }
  650. return $found;
  651. }
  652. function getUsers() {
  653. global $PIVOTX;
  654. $users = array();
  655. $d = dir( $PIVOTX['paths']['db_path'].'users/');
  656. while(false !== ($entry = $d->read())) {
  657. $file = $PIVOTX['paths']['db_path'].'users/' . $entry;
  658. if (is_file($file) && (getExtension($file) == "php") &&
  659. ($user = loadSerialize($file,true))) {
  660. $users[urlencode($user['name'])] = $user;
  661. }
  662. }
  663. ksort($users);
  664. return $users;
  665. }
  666. function isUser($name) {
  667. global $PIVOTX;
  668. $name_md5 = strtolower(md5(strtolower($name)));
  669. if (file_exists($PIVOTX['paths']['db_path'].'users/'.$name_md5.'.php')) {
  670. return TRUE;
  671. } else {
  672. return FALSE;
  673. }
  674. }
  675. function regUser($user) {
  676. global $PIVOTX;
  677. $name_md5 = strtolower(md5(strtolower($user['name'])));
  678. if (saveSerialize($PIVOTX['paths']['db_path'].'users/'.$name_md5.'.php', $user)) {
  679. $text = sprintf("<h2>%s</h2>\n\n", __('User stored!'));
  680. } else {
  681. $text = sprintf("<h2>%s</h2>\n\n", __('Could not store new user!!'));
  682. }
  683. $mail1 = __("You have registered as a user on PivotX \"%s\" \n\n");
  684. $mail2 = __("To verify your account, click the following link:\n%s\n\n");;
  685. $url = sprintf("%s&amp;name=%s&amp;code=%s", $PIVOTX['paths']['host'] . makeVisitorPageLink('verify'),
  686. urlencode($user['name']), md5($user['pass']."email"));
  687. $mail = sprintf($mail1.$mail2, $PIVOTX['config']->get('sitename'), str_replace('&amp;', '&' , $url) );
  688. if (!pivotxMail($user['email'], __('Registration confirmation'), $mail)) {
  689. $mail2 = '<a href="%s">'.__('Verify your account').'</a>';
  690. $mail = sprintf($mail1.$mail2, $PIVOTX['config']->get('sitename'), $url );
  691. $text = "\n<br />". nl2br($mail) ."<br />\n";
  692. } else {
  693. $text = sprintf(__('Mail verification sent to %s. ' .
  694. 'Please check your email in a minute to confirm your account.'), $user['email']);
  695. }
  696. $this->input['message'] = $text;
  697. sendMailNotification('visitor_registration', array('add',$user['name']));
  698. }
  699. function loadUser($name) {
  700. global $PIVOTX;
  701. // Abort immediately if empty name given
  702. if ($name == "") {
  703. return FALSE;
  704. }
  705. if (strpos($name, "|")>0) {
  706. list($name) = explode("|", $name);
  707. }
  708. $name_md5 = strtolower(md5(strtolower($name)));
  709. if ($this->isUser($name)) {
  710. $user = loadSerialize($PIVOTX['paths']['db_path'].'users/'.$name_md5.'.php',true);
  711. return $user;
  712. } else {
  713. return FALSE;
  714. }
  715. }
  716. /**
  717. * Returns an array with user info if a registered visitor is logged in,
  718. * else false.
  719. */
  720. function isLoggedIn() {
  721. global $PIVOTX;
  722. if (isset($_COOKIE['piv_reguser'])) {
  723. list($name, $hash) = explode("|", $_COOKIE['piv_reguser']);
  724. $name_md5 = strtolower(md5(strtolower($name)));
  725. if ($this->isUser($name)) {
  726. $user = loadSerialize($PIVOTX['paths']['db_path'].'users/'.$name_md5.'.php',true);
  727. if (md5($user['pass']) == $hash) {
  728. return $user;
  729. }
  730. }
  731. }
  732. return false;
  733. }
  734. function saveUser($user) {
  735. global $PIVOTX;
  736. $name_md5 = strtolower(md5(strtolower($user['name'])));
  737. if (saveSerialize($PIVOTX['paths']['db_path'].'users/'.$name_md5.'.php', $user)) {
  738. // echo "User stored!<br /><br />";
  739. } else {
  740. echo "Could not store user!!<br /><br />";
  741. }
  742. }
  743. }
  744. ?>