PageRenderTime 54ms CodeModel.GetById 11ms app.highlight 37ms RepoModel.GetById 1ms app.codeStats 0ms

/modules/profile/register.php

https://gitlab.com/VoyaTrax/vtCMS3
PHP | 324 lines | 243 code | 38 blank | 43 comment | 71 complexity | b1591cb90c4b1ef3273d34db90c50ff5 MD5 | raw file
  1<?php
  2/*
  3 You may not change or alter any portion of this comment or credits
  4 of supporting developers from this source code or any supporting source code
  5 which is considered copyrighted (c) material of the original comment or credit authors.
  6
  7 This program is distributed in the hope that it will be useful,
  8 but WITHOUT ANY WARRANTY; without even the implied warranty of
  9 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 10*/
 11
 12/**
 13 * Extended User Profile
 14 *
 15 * @copyright       The XOOPS Project http://sourceforge.net/projects/xoops/
 16 * @license         http://www.fsf.org/copyleft/gpl.html GNU public license
 17 * @package         profile
 18 * @since           2.3.0
 19 * @author          Taiwen Jiang <phppp@users.sourceforge.net>
 20 * @author          Jan Pedersen
 21 * @author          trabis <lusopoemas@gmail.com>
 22 * @version         $Id: register.php 10408 2012-12-16 18:43:15Z trabis $
 23 */
 24
 25include dirname(__FILE__) . DIRECTORY_SEPARATOR . 'header.php';
 26$xoops = Xoops::getInstance();
 27
 28if ($xoops->isUser()) {
 29    header('location: userinfo.php?uid= ' . $xoops->user->getVar('uid'));
 30    exit();
 31}
 32
 33if (!empty($_GET['op']) && in_array($_GET['op'], array('actv', 'activate'))) {
 34    header("location: ./activate.php" . (empty($_SERVER['QUERY_STRING']) ? "" : "?" . $_SERVER['QUERY_STRING']));
 35    exit();
 36}
 37
 38$myts = MyTextSanitizer::getInstance();
 39$xoops->getConfigs();
 40if (!$xoops->getConfig('allow_register')) {
 41    $xoops->redirect('index.php', 6, _US_NOREGISTER);
 42}
 43
 44$op = !isset($_POST['op']) ? 'register' : $_POST['op'];
 45$current_step = isset($_POST['step']) ? intval($_POST['step']) : 0;
 46
 47// The newly introduced variable $_SESSION['profile_post'] is contaminated by $_POST, thus we use an old vaiable to hold uid parameter
 48$uid = !empty($_SESSION['profile_register_uid']) ? intval($_SESSION['profile_register_uid']) : 0;
 49
 50// First step is already secured by with the captcha Token so lets check the others
 51if ($current_step > 0 && !$xoops->security()->check()) {
 52    $xoops->redirect('user.php', 5, _PROFILE_MA_EXPIRED);
 53}
 54
 55$criteria = new CriteriaCompo();
 56$criteria->setSort("step_order");
 57$regstep_handler = $xoops->getModuleHandler('regstep');
 58
 59if (!$steps = $regstep_handler->getAll($criteria, null, false, false)) {
 60    $xoops->redirect(XOOPS_URL . '/', 6, _PROFILE_MA_NOSTEPSAVAILABLE);
 61}
 62
 63foreach (array_keys($steps) as $key) {
 64    $steps[$key]['step_no'] = $key + 1;
 65}
 66
 67$xoops->header('profile_register.html');
 68
 69$xoops->tpl()->assign('steps', $steps);
 70$xoops->tpl()->assign('lang_register_steps', _PROFILE_MA_REGISTER_STEPS);
 71
 72$xoops->appendConfig('profile_breadcrumbs', array(
 73    'link' => $xoops->url('modules/profile/register.php'),
 74    'title' => _PROFILE_MA_REGISTER
 75));
 76
 77if (isset($steps[$current_step])) {
 78    $xoops->appendConfig('profile_breadcrumbs', array('title' => $steps[$current_step]['step_name']));
 79}
 80
 81$member_handler = $xoops->getHandlerMember();
 82
 83/* @var $profile_handler ProfileProfileHandler */
 84$profile_handler = $xoops->getModuleHandler('profile');
 85
 86$fields = $profile_handler->loadFields();
 87$userfields = $profile_handler->getUserVars();
 88
 89if ($uid == 0) {
 90    // No user yet? Create one and set default values.
 91    $newuser = $member_handler->createUser();
 92    $profile = $profile_handler->create();
 93    if (count($fields) > 0) {
 94        /* @var ProfileField $field */
 95        foreach ($fields as $field) {
 96            $fieldname = $field->getVar('field_name');
 97            if (in_array($fieldname, $userfields)) {
 98                $default = $field->getVar('field_default');
 99                if ($default === '' || $default === null) {
100                    continue;
101                }
102                $newuser->setVar($fieldname, $default);
103            }
104        }
105    }
106} else {
107    // We already have a user? Just load it! Security is handled by token so there is no fake uid here.
108    $newuser = $member_handler->getUser($uid);
109    $profile = $profile_handler->getProfile($uid);
110}
111
112// Lets merge current $_POST  with $_SESSION['profile_post'] so we can have access to info submited in previous steps
113// Get all fields that we can expect from a $_POST including our private '_message_'
114$fieldnames = array();
115/* @var ProfileField $field */
116foreach ($fields as $field) {
117    $fieldnames[] = $field->getVar('field_name');
118}
119$fieldnames = array_merge($fieldnames, $userfields);
120$fieldnames[] = '_message_';
121
122// Get $_POST that matches above criteria, we do not need to store step, tokens, etc
123$postfields = array();
124foreach ($fieldnames as $fieldname) {
125    if (isset($_POST[$fieldname])) {
126        $postfields[$fieldname] = $_POST[$fieldname];
127    }
128}
129
130if ($current_step == 0) {
131    // Reset any previous session for first step
132    $_SESSION['profile_post'] = array();
133    $_SESSION['profile_register_uid'] = null;
134} else {
135    // Merge current $_POST  with $_SESSION['profile_post']
136    $_SESSION['profile_post'] = array_merge($_SESSION['profile_post'], $postfields);
137    $_POST = array_merge($_SESSION['profile_post'], $_POST);
138}
139
140// Set vars from $_POST/$_SESSION['profile_post']
141foreach ($fields as $fieldname => $field) {
142    if (!isset($_POST[$fieldname])) {
143        continue;
144    }
145
146    $value = $field->getValueForSave($_POST[$fieldname]);
147    if (in_array($field, $userfields)) {
148        $newuser->setVar($fieldname, $value);
149    } else {
150        $profile->setVar($fieldname, $value);
151    }
152}
153
154$stop = '';
155
156//Client side validation
157if (isset($_POST['step']) && isset($_SESSION['profile_required'])) {
158    foreach ($_SESSION['profile_required'] as $name => $title) {
159        if (!isset($_POST[$name]) || empty($_POST[$name])) {
160            $stop .= sprintf(_FORM_ENTER, $title) . '<br />';
161        }
162    }
163}
164
165// Check user data at first step
166if ($current_step == 1) {
167    $uname = isset($_POST['uname']) ? $myts->stripSlashesGPC(trim($_POST['uname'])) : '';
168    $email = isset($_POST['email']) ? $myts->stripSlashesGPC(trim($_POST['email'])) : '';
169    $url = isset($_POST['url']) ? $myts->stripSlashesGPC(trim($_POST['url'])) : '';
170    $pass = isset($_POST['pass']) ? $myts->stripSlashesGPC(trim($_POST['pass'])) : '';
171    $vpass = isset($_POST['vpass']) ? $myts->stripSlashesGPC(trim($_POST['vpass'])) : '';
172    $agree_disc = (isset($_POST['agree_disc']) && intval($_POST['agree_disc'])) ? 1 : 0;
173
174    if ($xoops->getConfig('reg_dispdsclmr') != 0 && $xoops->getConfig('reg_disclaimer') != '') {
175        if (empty($agree_disc)) {
176            $stop .= _US_UNEEDAGREE . '<br />';
177        }
178    }
179
180    $newuser->setVar('uname', $uname);
181    $newuser->setVar('email', $email);
182    $newuser->setVar('pass', $pass ? md5($pass) : '');
183    $stop .= XoopsUserUtility::validate($newuser, $pass, $vpass);
184
185    $xoopsCaptcha = XoopsCaptcha::getInstance();
186    if (!$xoopsCaptcha->verify()) {
187        $stop .= $xoopsCaptcha->getMessage();
188    }
189}
190
191// If the last step required SAVE or if we're on the last step then we will insert/update user on database
192if ($current_step > 0 && empty($stop) && (!empty($steps[$current_step - 1]['step_save']) || !isset($steps[$current_step]))) {
193
194    $isNew = $newuser->isNew();
195
196    //Did created an user already? If not then let us set some extra info
197    if ($isNew) {
198        $uname = isset($_POST['uname']) ? $myts->stripSlashesGPC(trim($_POST['uname'])) : '';
199        $email = isset($_POST['email']) ? $myts->stripSlashesGPC(trim($_POST['email'])) : '';
200        $url = isset($_POST['url']) ? $myts->stripSlashesGPC(trim($_POST['url'])) : '';
201        $pass = isset($_POST['pass']) ? $myts->stripSlashesGPC(trim($_POST['pass'])) : '';
202        $newuser->setVar('uname', $uname);
203        $newuser->setVar('email', $email);
204        $newuser->setVar('pass', $pass ? md5($pass) : '');
205        $actkey = substr(md5(uniqid(mt_rand(), 1)), 0, 8);
206        $newuser->setVar('actkey', $actkey, true);
207        $newuser->setVar('user_regdate', time(), true);
208        $newuser->setVar('uorder', $xoops->getConfig('com_order'), true);
209        $newuser->setVar('umode', $xoops->getConfig('com_mode'), true);
210        $newuser->setVar('theme', $xoops->getConfig('theme_set'), true);
211        $newuser->setVar('user_avatar', 'avatars/blank.gif', true);
212        if ($xoops->getConfig('activation_type') == 1) {
213            $newuser->setVar('level', 1, true);
214        } else {
215            $newuser->setVar('level', 0, true);
216        }
217    }
218
219    // Insert/update user and check if we have succeded
220    if (!$member_handler->insertUser($newuser)) {
221        $stop .= _US_REGISTERNG . "<br />";
222        $stop .= implode('<br />', $newuser->getErrors());
223    } else {
224        // User inserted! Now insert custom profile fields
225        $profile->setVar('profile_id', $newuser->getVar('uid'));
226        $profile_handler->insert($profile);
227
228        // We are good! If this is 'was' a new user then we handle notification
229        if ($isNew) {
230            if ($xoops->getConfig('new_user_notify') == 1 && $xoops->getConfig('new_user_notify_group')) {
231                $xoopsMailer = $xoops->getMailer();
232                $xoopsMailer->reset();
233                $xoopsMailer->useMail();
234                $xoopsMailer->setToGroups($member_handler->getGroup($xoops->getConfig('new_user_notify_group')));
235                $xoopsMailer->setFromEmail($xoops->getConfig('adminmail'));
236                $xoopsMailer->setFromName($xoops->getConfig('sitename'));
237                $xoopsMailer->setSubject(sprintf(_US_NEWUSERREGAT, $xoops->getConfig('sitename')));
238                $xoopsMailer->setBody(sprintf(_US_HASJUSTREG, $newuser->getVar('uname')));
239                $xoopsMailer->send(true);
240            }
241
242            $message = "";
243            if (!$member_handler->addUserToGroup(XOOPS_GROUP_USERS, $newuser->getVar('uid'))) {
244                $message = _PROFILE_MA_REGISTER_NOTGROUP . "<br />";
245            } else {
246                if ($xoops->getConfig('activation_type') == 1) {
247                    XoopsUserUtility::sendWelcome($newuser);
248                } else {
249                    if ($xoops->getConfig('activation_type') == 0) {
250                        $xoopsMailer = $xoops->getMailer();
251                        $xoopsMailer->reset();
252                        $xoopsMailer->useMail();
253                        $xoopsMailer->setTemplate('register.tpl');
254                        $xoopsMailer->assign('SITENAME', $xoops->getConfig('sitename'));
255                        $xoopsMailer->assign('ADMINMAIL', $xoops->getConfig('adminmail'));
256                        $xoopsMailer->assign('SITEURL', XOOPS_URL . "/");
257                        $xoopsMailer->assign('X_UPASS', $_POST['vpass']);
258                        $xoopsMailer->setToUsers($newuser);
259                        $xoopsMailer->setFromEmail($xoops->getConfig('adminmail'));
260                        $xoopsMailer->setFromName($xoops->getConfig('sitename'));
261                        $xoopsMailer->setSubject(sprintf(_US_USERKEYFOR, $newuser->getVar('uname')));
262                        if (!$xoopsMailer->send(true)) {
263                            $_SESSION['profile_post']['_message_'] = 0;
264                        } else {
265                            $_SESSION['profile_post']['_message_'] = 1;
266                        }
267                    } else {
268                        if ($xoops->getConfig('activation_type') == 2) {
269                            $xoopsMailer = $xoops->getMailer();
270                            $xoopsMailer->reset();
271                            $xoopsMailer->useMail();
272                            $xoopsMailer->setTemplate('adminactivate.tpl');
273                            $xoopsMailer->assign('USERNAME', $newuser->getVar('uname'));
274                            $xoopsMailer->assign('USEREMAIL', $newuser->getVar('email'));
275                            $xoopsMailer->assign('USERACTLINK', XOOPS_URL . "/modules/" . $xoops->module->getVar('dirname', 'n') . '/activate.php?id=' . $newuser->getVar('uid') . '&actkey=' . $newuser->getVar('actkey', 'n'));
276                            $xoopsMailer->assign('SITENAME', $xoops->getConfig('sitename'));
277                            $xoopsMailer->assign('ADMINMAIL', $xoops->getConfig('adminmail'));
278                            $xoopsMailer->assign('SITEURL', XOOPS_URL . "/");
279                            $xoopsMailer->setToGroups($member_handler->getGroup($xoops->getConfig('activation_group')));
280                            $xoopsMailer->setFromEmail($xoops->getConfig('adminmail'));
281                            $xoopsMailer->setFromName($xoops->getConfig('sitename'));
282                            $xoopsMailer->setSubject(sprintf(_US_USERKEYFOR, $newuser->getVar('uname')));
283                            if (!$xoopsMailer->send()) {
284                                $_SESSION['profile_post']['_message_'] = 2;
285                            } else {
286                                $_SESSION['profile_post']['_message_'] = 3;
287                            }
288                        }
289                    }
290                }
291            }
292            if ($message) {
293                $xoops->tpl()->append('confirm', $message);
294            }
295            $_SESSION['profile_register_uid'] = $newuser->getVar('uid');
296        }
297    }
298}
299
300if (!empty($stop) || isset($steps[$current_step])) {
301    include_once dirname(__FILE__) . '/include/forms.php';
302    $current_step = empty($stop) ? $current_step : $current_step - 1;
303    $reg_form = profile_getRegisterForm($newuser, $profile, $steps[$current_step]);
304    $reg_form->assign($xoops->tpl());
305    $xoops->tpl()->assign('current_step', $current_step);
306    $xoops->tpl()->assign('stop', $stop);
307} else {
308    // No errors and no more steps, finish
309    $xoops->tpl()->assign('finish', _PROFILE_MA_REGISTER_FINISH);
310    $xoops->tpl()->assign('current_step', -1);
311    if ($xoops->getConfig('activation_type') == 1 && !empty($_SESSION['profile_post']['pass'])) {
312        $xoops->tpl()->assign('finish_login', _PROFILE_MA_FINISH_LOGIN);
313        $xoops->tpl()->assign('finish_uname', $newuser->getVar('uname'));
314        $xoops->tpl()->assign('finish_pass', htmlspecialchars($_SESSION['profile_post']['pass']));
315    }
316    if (isset($_SESSION['profile_post']['_message_'])) {
317        //todo, if user is activated by admin, then we should inform it along with error messages.  _US_YOURREGMAILNG is not enough
318        $messages = array(_US_YOURREGMAILNG, _US_YOURREGISTERED, _US_YOURREGMAILNG, _US_YOURREGISTERED2);
319        $xoops->tpl()->assign('finish_message', $messages[$_SESSION['profile_post']['_message_']]);
320    }
321    $_SESSION['profile_post'] = null;
322}
323
324include dirname(__FILE__) . DIRECTORY_SEPARATOR . 'footer.php';