PageRenderTime 59ms CodeModel.GetById 33ms RepoModel.GetById 0ms app.codeStats 1ms

/modules/profile/register.php

https://gitlab.com/VoyaTrax/vtCMS2
PHP | 342 lines | 265 code | 37 blank | 40 comment | 78 complexity | 74cd17fb9615fc1a07bb1eadf249e2d5 MD5 | raw file
Possible License(s): AGPL-1.0, GPL-2.0, MIT, GPL-3.0, BSD-3-Clause, LGPL-2.1
  1. <?php
  2. /**
  3. * Extended User Profile
  4. *
  5. * You may not change or alter any portion of this comment or credits
  6. * of supporting developers from this source code or any supporting source code
  7. * which is considered copyrighted (c) material of the original comment or credit authors.
  8. * This program is distributed in the hope that it will be useful,
  9. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  10. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  11. *
  12. * @copyright (c) 2000-2016 XOOPS Project (www.xoops.org)
  13. * @license GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
  14. * @package profile
  15. * @since 2.3.0
  16. * @author Taiwen Jiang <phppp@users.sourceforge.net>
  17. * @author Jan Pedersen
  18. * @author trabis <lusopoemas@gmail.com>
  19. */
  20. include __DIR__ . '/header.php';
  21. if ($GLOBALS['xoopsUser']) {
  22. header('location: userinfo.php?uid= ' . $GLOBALS['xoopsUser']->getVar('uid'));
  23. exit();
  24. }
  25. if (!empty($_GET['op']) && in_array($_GET['op'], array('actv', 'activate'))) {
  26. header('location: ./activate.php' . (empty($_SERVER['QUERY_STRING']) ? '' : '?' . $_SERVER['QUERY_STRING']));
  27. exit();
  28. }
  29. xoops_load('XoopsUserUtility');
  30. $myts = MyTextSanitizer::getInstance();
  31. $config_handler = xoops_getHandler('config');
  32. $GLOBALS['xoopsConfigUser'] = $config_handler->getConfigsByCat(XOOPS_CONF_USER);
  33. if (empty($GLOBALS['xoopsConfigUser']['allow_register'])) {
  34. redirect_header('index.php', 6, _US_NOREGISTER);
  35. }
  36. // get the key we need to access our 'op' in $_POST
  37. // if this key is not set, empty $_POST since this is a new registration and
  38. // no legitimate data would be there.
  39. $opkey = 'profile_opname';
  40. if (isset($_SESSION[$opkey])) {
  41. $current_opname = $_SESSION[$opkey];
  42. unset($_SESSION[$opkey]);
  43. if (!isset($_POST[$current_opname])) {
  44. $_POST = array();
  45. }
  46. } else {
  47. $_POST = array();
  48. $current_opname = 'op'; // does not matter, it isn't there
  49. }
  50. $op = !isset($_POST[$current_opname]) ? 'register' : $_POST[$current_opname];
  51. $current_step = isset($_POST['step']) ? (int)$_POST['step'] : 0;
  52. // The newly introduced variable $_SESSION['profile_post'] is contaminated by $_POST, thus we use an old vaiable to hold uid parameter
  53. $uid = !empty($_SESSION['profile_register_uid']) ? (int)$_SESSION['profile_register_uid'] : 0;
  54. // First step is already secured by with the captcha Token so lets check the others
  55. if ($current_step > 0 && !$GLOBALS['xoopsSecurity']->check()) {
  56. redirect_header('user.php', 5, _PROFILE_MA_EXPIRED);
  57. }
  58. $criteria = new CriteriaCompo();
  59. $criteria->setSort('step_order');
  60. $regstep_handler = xoops_getModuleHandler('regstep');
  61. if (!$steps = $regstep_handler->getAll($criteria, null, false, false)) {
  62. redirect_header(XOOPS_URL . '/', 6, _PROFILE_MA_NOSTEPSAVAILABLE);
  63. }
  64. foreach (array_keys($steps) as $key) {
  65. $steps[$key]['step_no'] = $key + 1;
  66. }
  67. $xoopsOption['template_main'] = 'profile_register.tpl';
  68. include $GLOBALS['xoops']->path('header.php');
  69. $GLOBALS['xoopsTpl']->assign('steps', $steps);
  70. $GLOBALS['xoopsTpl']->assign('lang_register_steps', _PROFILE_MA_REGISTER_STEPS);
  71. $xoBreadcrumbs[] = array(
  72. 'link' => XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/register.php',
  73. 'title' => _PROFILE_MA_REGISTER);
  74. if (isset($steps[$current_step])) {
  75. $xoBreadcrumbs[] = array('title' => $steps[$current_step]['step_name']);
  76. }
  77. $member_handler = xoops_getHandler('member');
  78. $profile_handler = xoops_getModuleHandler('profile');
  79. $fields = $profile_handler->loadFields();
  80. $userfields = $profile_handler->getUserVars();
  81. if ($uid == 0) {
  82. // No user yet? Create one and set default values.
  83. $newuser = $member_handler->createUser();
  84. $profile = $profile_handler->create();
  85. if (count($fields) > 0) {
  86. foreach (array_keys($fields) as $i) {
  87. $fieldname = $fields[$i]->getVar('field_name');
  88. if (in_array($fieldname, $userfields)) {
  89. $default = $fields[$i]->getVar('field_default');
  90. if ($default === '' || $default === null) {
  91. continue;
  92. }
  93. $newuser->setVar($fieldname, $default);
  94. }
  95. }
  96. }
  97. } else {
  98. // We already have a user? Just load it! Security is handled by token so there is no fake uid here.
  99. $newuser = $member_handler->getUser($uid);
  100. $profile = $profile_handler->get($uid);
  101. }
  102. // Lets merge current $_POST with $_SESSION['profile_post'] so we can have access to info submited in previous steps
  103. // Get all fields that we can expect from a $_POST inlcuding our private '_message_'
  104. $fieldnames = array();
  105. foreach (array_keys($fields) as $i) {
  106. $fieldnames[] = $fields[$i]->getVar('field_name');
  107. }
  108. $fieldnames = array_merge($fieldnames, $userfields);
  109. $fieldnames[] = '_message_';
  110. // Get $_POST that matches above criteria, we do not need to store step, tokens, etc
  111. $postfields = array();
  112. foreach ($fieldnames as $fieldname) {
  113. if (isset($_POST[$fieldname])) {
  114. $postfields[$fieldname] = $_POST[$fieldname];
  115. }
  116. }
  117. if ($current_step == 0) {
  118. // Reset any previous session for first step
  119. $_SESSION['profile_post'] = array();
  120. $_SESSION['profile_register_uid'] = null;
  121. } else {
  122. // Merge current $_POST with $_SESSION['profile_post']
  123. $_SESSION['profile_post'] = array_merge($_SESSION['profile_post'], $postfields);
  124. $_POST = array_merge($_SESSION['profile_post'], $_POST);
  125. }
  126. // Set vars from $_POST/$_SESSION['profile_post']
  127. foreach (array_keys($fields) as $field) {
  128. if (!isset($_POST[$field])) {
  129. continue;
  130. }
  131. $value = $fields[$field]->getValueForSave($_POST[$field]);
  132. if (in_array($field, $userfields)) {
  133. $newuser->setVar($field, $value);
  134. } else {
  135. $profile->setVar($field, $value);
  136. }
  137. }
  138. $stop = '';
  139. //Client side validation
  140. if (isset($_POST['step']) && isset($_SESSION['profile_required'])) {
  141. foreach ($_SESSION['profile_required'] as $name => $title) {
  142. if (!isset($_POST[$name]) || empty($_POST[$name])) {
  143. $stop .= sprintf(_FORM_ENTER, $title) . '<br />';
  144. }
  145. }
  146. }
  147. // Check user data at first step
  148. if ($current_step == 1) {
  149. $uname = isset($_POST['uname']) ? $myts->stripSlashesGPC(trim($_POST['uname'])) : '';
  150. $email = isset($_POST['email']) ? $myts->stripSlashesGPC(trim($_POST['email'])) : '';
  151. $url = isset($_POST['url']) ? $myts->stripSlashesGPC(trim($_POST['url'])) : '';
  152. $pass = isset($_POST['pass']) ? $myts->stripSlashesGPC(trim($_POST['pass'])) : '';
  153. $vpass = isset($_POST['vpass']) ? $myts->stripSlashesGPC(trim($_POST['vpass'])) : '';
  154. $agree_disc = (isset($_POST['agree_disc']) && (int)$_POST['agree_disc']) ? 1 : 0;
  155. if ($GLOBALS['xoopsConfigUser']['reg_dispdsclmr'] != 0 && $GLOBALS['xoopsConfigUser']['reg_disclaimer'] !== '') {
  156. if (empty($agree_disc)) {
  157. $stop .= _US_UNEEDAGREE . '<br />';
  158. }
  159. }
  160. $newuser->setVar('uname', $uname);
  161. $newuser->setVar('email', $email);
  162. $newuser->setVar('pass', $pass ? password_hash($pass, PASSWORD_DEFAULT) : '');
  163. $stop .= XoopsUserUtility::validate($newuser, $pass, $vpass);
  164. xoops_load('XoopsCaptcha');
  165. $xoopsCaptcha = XoopsCaptcha::getInstance();
  166. if (!$xoopsCaptcha->verify()) {
  167. $stop .= $xoopsCaptcha->getMessage();
  168. }
  169. }
  170. // If the last step required SAVE or if we're on the last step then we will insert/update user on database
  171. if ($current_step > 0 && empty($stop) && (!empty($steps[$current_step - 1]['step_save']) || !isset($steps[$current_step]))) {
  172. if ($GLOBALS['xoopsModuleConfig']['profileCaptchaAfterStep1'] == 1 && $current_step > 1) {
  173. xoops_load('XoopsCaptcha');
  174. $xoopsCaptcha2 = XoopsCaptcha::getInstance();
  175. if (!$xoopsCaptcha2->verify()) {
  176. $stop .= $xoopsCaptcha2->getMessage();
  177. }
  178. }
  179. if (empty($stop)) {
  180. $isNew = $newuser->isNew();
  181. //Did created an user already? If not then let us set some extra info
  182. if ($isNew) {
  183. $uname = isset($_POST['uname']) ? $myts->stripSlashesGPC(trim($_POST['uname'])) : '';
  184. $email = isset($_POST['email']) ? $myts->stripSlashesGPC(trim($_POST['email'])) : '';
  185. $url = isset($_POST['url']) ? $myts->stripSlashesGPC(trim($_POST['url'])) : '';
  186. $pass = isset($_POST['pass']) ? $myts->stripSlashesGPC(trim($_POST['pass'])) : '';
  187. $newuser->setVar('uname', $uname);
  188. $newuser->setVar('email', $email);
  189. $newuser->setVar('pass', $pass ? password_hash($pass, PASSWORD_DEFAULT) : '');
  190. $actkey = substr(md5(uniqid(mt_rand(), 1)), 0, 8);
  191. $newuser->setVar('actkey', $actkey, true);
  192. $newuser->setVar('user_regdate', time(), true);
  193. $newuser->setVar('uorder', $GLOBALS['xoopsConfig']['com_order'], true);
  194. $newuser->setVar('umode', $GLOBALS['xoopsConfig']['com_mode'], true);
  195. $newuser->setVar('theme', $GLOBALS['xoopsConfig']['theme_set'], true);
  196. $newuser->setVar('user_avatar', 'avatars/blank.gif', true);
  197. if ($GLOBALS['xoopsConfigUser']['activation_type'] == 1) {
  198. $newuser->setVar('level', 1, true);
  199. } else {
  200. $newuser->setVar('level', 0, true);
  201. }
  202. }
  203. // Insert/update user and check if we have succeded
  204. if (!$member_handler->insertUser($newuser)) {
  205. $stop .= _US_REGISTERNG . '<br />';
  206. $stop .= implode('<br />', $newuser->getErrors());
  207. } else {
  208. // User inserted! Now insert custom profile fields
  209. $profile->setVar('profile_id', $newuser->getVar('uid'));
  210. $profile_handler->insert($profile);
  211. // We are good! If this is 'was' a new user then we handle notification
  212. if ($isNew) {
  213. if ($GLOBALS['xoopsConfigUser']['new_user_notify'] == 1 && !empty($GLOBALS['xoopsConfigUser']['new_user_notify_group'])) {
  214. $xoopsMailer =& xoops_getMailer();
  215. $xoopsMailer->reset();
  216. $xoopsMailer->useMail();
  217. $xoopsMailer->setToGroups($member_handler->getGroup($GLOBALS['xoopsConfigUser']['new_user_notify_group']));
  218. $xoopsMailer->setFromEmail($GLOBALS['xoopsConfig']['adminmail']);
  219. $xoopsMailer->setFromName($GLOBALS['xoopsConfig']['sitename']);
  220. $xoopsMailer->setSubject(sprintf(_US_NEWUSERREGAT, $GLOBALS['xoopsConfig']['sitename']));
  221. $xoopsMailer->setBody(sprintf(_US_HASJUSTREG, $newuser->getVar('uname')));
  222. $xoopsMailer->send(true);
  223. }
  224. $message = '';
  225. if (!$member_handler->addUserToGroup(XOOPS_GROUP_USERS, $newuser->getVar('uid'))) {
  226. $message = _PROFILE_MA_REGISTER_NOTGROUP . '<br />';
  227. } else {
  228. if ($GLOBALS['xoopsConfigUser']['activation_type'] == 1) {
  229. XoopsUserUtility::sendWelcome($newuser);
  230. } else {
  231. if ($GLOBALS['xoopsConfigUser']['activation_type'] == 0) {
  232. $xoopsMailer =& xoops_getMailer();
  233. $xoopsMailer->reset();
  234. $xoopsMailer->useMail();
  235. $xoopsMailer->setTemplate('register.tpl');
  236. $xoopsMailer->assign('SITENAME', $GLOBALS['xoopsConfig']['sitename']);
  237. $xoopsMailer->assign('ADMINMAIL', $GLOBALS['xoopsConfig']['adminmail']);
  238. $xoopsMailer->assign('SITEURL', XOOPS_URL . '/');
  239. $xoopsMailer->assign('X_UPASS', $_POST['vpass']);
  240. $xoopsMailer->setToUsers($newuser);
  241. $xoopsMailer->setFromEmail($GLOBALS['xoopsConfig']['adminmail']);
  242. $xoopsMailer->setFromName($GLOBALS['xoopsConfig']['sitename']);
  243. $xoopsMailer->setSubject(sprintf(_US_USERKEYFOR, $newuser->getVar('uname')));
  244. if (!$xoopsMailer->send(true)) {
  245. $_SESSION['profile_post']['_message_'] = 0;
  246. } else {
  247. $_SESSION['profile_post']['_message_'] = 1;
  248. }
  249. } else {
  250. if ($GLOBALS['xoopsConfigUser']['activation_type'] == 2) {
  251. $xoopsMailer =& xoops_getMailer();
  252. $xoopsMailer->reset();
  253. $xoopsMailer->useMail();
  254. $xoopsMailer->setTemplate('adminactivate.tpl');
  255. $xoopsMailer->assign('USERNAME', $newuser->getVar('uname'));
  256. $xoopsMailer->assign('USEREMAIL', $newuser->getVar('email'));
  257. $xoopsMailer->assign('USERACTLINK', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/activate.php?id=' . $newuser->getVar('uid') . '&actkey=' . $newuser->getVar('actkey', 'n'));
  258. $xoopsMailer->assign('SITENAME', $GLOBALS['xoopsConfig']['sitename']);
  259. $xoopsMailer->assign('ADMINMAIL', $GLOBALS['xoopsConfig']['adminmail']);
  260. $xoopsMailer->assign('SITEURL', XOOPS_URL . '/');
  261. $xoopsMailer->setToGroups($member_handler->getGroup($GLOBALS['xoopsConfigUser']['activation_group']));
  262. $xoopsMailer->setFromEmail($GLOBALS['xoopsConfig']['adminmail']);
  263. $xoopsMailer->setFromName($GLOBALS['xoopsConfig']['sitename']);
  264. $xoopsMailer->setSubject(sprintf(_US_USERKEYFOR, $newuser->getVar('uname')));
  265. if (!$xoopsMailer->send()) {
  266. $_SESSION['profile_post']['_message_'] = 2;
  267. } else {
  268. $_SESSION['profile_post']['_message_'] = 3;
  269. }
  270. }
  271. }
  272. }
  273. }
  274. if ($message) {
  275. $GLOBALS['xoopsTpl']->append('confirm', $message);
  276. }
  277. $_SESSION['profile_register_uid'] = $newuser->getVar('uid');
  278. }
  279. }
  280. }
  281. }
  282. if (!empty($stop) || isset($steps[$current_step])) {
  283. include_once __DIR__ . '/include/forms.php';
  284. $current_step = empty($stop) ? $current_step : $current_step - 1;
  285. $reg_form = profile_getRegisterForm($newuser, $profile, $steps[$current_step]);
  286. $reg_form->assign($GLOBALS['xoopsTpl']);
  287. $GLOBALS['xoopsTpl']->assign('current_step', $current_step);
  288. $GLOBALS['xoopsTpl']->assign('stop', $stop);
  289. } else {
  290. // No errors and no more steps, finish
  291. $GLOBALS['xoopsTpl']->assign('finish', _PROFILE_MA_REGISTER_FINISH);
  292. $GLOBALS['xoopsTpl']->assign('current_step', -1);
  293. if ($GLOBALS['xoopsConfigUser']['activation_type'] == 1 && !empty($_SESSION['profile_post']['pass'])) {
  294. $GLOBALS['xoopsTpl']->assign('finish_login', _PROFILE_MA_FINISH_LOGIN);
  295. $GLOBALS['xoopsTpl']->assign('finish_uname', $newuser->getVar('uname'));
  296. $GLOBALS['xoopsTpl']->assign('finish_pass', htmlspecialchars($_SESSION['profile_post']['pass']));
  297. }
  298. if (isset($_SESSION['profile_post']['_message_'])) {
  299. //todo, if user is activated by admin, then we should inform it along with error messages. _US_YOURREGMAILNG is not enough
  300. $messages = array(_US_YOURREGMAILNG, _US_YOURREGISTERED, _US_YOURREGMAILNG, _US_YOURREGISTERED2);
  301. $GLOBALS['xoopsTpl']->assign('finish_message', $messages[$_SESSION['profile_post']['_message_']]);
  302. }
  303. $_SESSION['profile_post'] = null;
  304. }
  305. include __DIR__ . '/footer.php';