PageRenderTime 20ms CodeModel.GetById 2ms app.highlight 14ms RepoModel.GetById 1ms app.codeStats 0ms

/modules/profile/register.php

https://gitlab.com/VoyaTrax/vtCMS2
PHP | 342 lines | 265 code | 37 blank | 40 comment | 78 complexity | 74cd17fb9615fc1a07bb1eadf249e2d5 MD5 | raw file
  1<?php
  2/**
  3 * Extended User Profile
  4 *
  5 * You may not change or alter any portion of this comment or credits
  6 * of supporting developers from this source code or any supporting source code
  7 * which is considered copyrighted (c) material of the original comment or credit authors.
  8 * This program is distributed in the hope that it will be useful,
  9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 11 *
 12 * @copyright       (c) 2000-2016 XOOPS Project (www.xoops.org)
 13 * @license             GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
 14 * @package             profile
 15 * @since               2.3.0
 16 * @author              Taiwen Jiang <phppp@users.sourceforge.net>
 17 * @author              Jan Pedersen
 18 * @author              trabis <lusopoemas@gmail.com>
 19 */
 20
 21include __DIR__ . '/header.php';
 22
 23if ($GLOBALS['xoopsUser']) {
 24    header('location: userinfo.php?uid= ' . $GLOBALS['xoopsUser']->getVar('uid'));
 25    exit();
 26}
 27
 28if (!empty($_GET['op']) && in_array($_GET['op'], array('actv', 'activate'))) {
 29    header('location: ./activate.php' . (empty($_SERVER['QUERY_STRING']) ? '' : '?' . $_SERVER['QUERY_STRING']));
 30    exit();
 31}
 32
 33xoops_load('XoopsUserUtility');
 34$myts = MyTextSanitizer::getInstance();
 35
 36$config_handler             = xoops_getHandler('config');
 37$GLOBALS['xoopsConfigUser'] = $config_handler->getConfigsByCat(XOOPS_CONF_USER);
 38if (empty($GLOBALS['xoopsConfigUser']['allow_register'])) {
 39    redirect_header('index.php', 6, _US_NOREGISTER);
 40}
 41
 42// get the key we need to access our 'op' in $_POST
 43// if this key is not set, empty $_POST since this is a new registration and
 44// no legitimate data would be there.
 45$opkey = 'profile_opname';
 46if (isset($_SESSION[$opkey])) {
 47    $current_opname = $_SESSION[$opkey];
 48    unset($_SESSION[$opkey]);
 49    if (!isset($_POST[$current_opname])) {
 50        $_POST = array();
 51    }
 52} else {
 53    $_POST          = array();
 54    $current_opname = 'op'; // does not matter, it isn't there
 55}
 56
 57$op           = !isset($_POST[$current_opname]) ? 'register' : $_POST[$current_opname];
 58$current_step = isset($_POST['step']) ? (int)$_POST['step'] : 0;
 59
 60// The newly introduced variable $_SESSION['profile_post'] is contaminated by $_POST, thus we use an old vaiable to hold uid parameter
 61$uid = !empty($_SESSION['profile_register_uid']) ? (int)$_SESSION['profile_register_uid'] : 0;
 62
 63// First step is already secured by with the captcha Token so lets check the others
 64if ($current_step > 0 && !$GLOBALS['xoopsSecurity']->check()) {
 65    redirect_header('user.php', 5, _PROFILE_MA_EXPIRED);
 66}
 67
 68$criteria = new CriteriaCompo();
 69$criteria->setSort('step_order');
 70$regstep_handler = xoops_getModuleHandler('regstep');
 71
 72if (!$steps = $regstep_handler->getAll($criteria, null, false, false)) {
 73    redirect_header(XOOPS_URL . '/', 6, _PROFILE_MA_NOSTEPSAVAILABLE);
 74}
 75
 76foreach (array_keys($steps) as $key) {
 77    $steps[$key]['step_no'] = $key + 1;
 78}
 79
 80$xoopsOption['template_main'] = 'profile_register.tpl';
 81include $GLOBALS['xoops']->path('header.php');
 82
 83$GLOBALS['xoopsTpl']->assign('steps', $steps);
 84$GLOBALS['xoopsTpl']->assign('lang_register_steps', _PROFILE_MA_REGISTER_STEPS);
 85
 86$xoBreadcrumbs[] = array(
 87    'link'  => XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/register.php',
 88    'title' => _PROFILE_MA_REGISTER);
 89if (isset($steps[$current_step])) {
 90    $xoBreadcrumbs[] = array('title' => $steps[$current_step]['step_name']);
 91}
 92
 93$member_handler  = xoops_getHandler('member');
 94$profile_handler = xoops_getModuleHandler('profile');
 95
 96$fields     = $profile_handler->loadFields();
 97$userfields = $profile_handler->getUserVars();
 98
 99if ($uid == 0) {
100    // No user yet? Create one and set default values.
101    $newuser = $member_handler->createUser();
102    $profile = $profile_handler->create();
103    if (count($fields) > 0) {
104        foreach (array_keys($fields) as $i) {
105            $fieldname = $fields[$i]->getVar('field_name');
106            if (in_array($fieldname, $userfields)) {
107                $default = $fields[$i]->getVar('field_default');
108                if ($default === '' || $default === null) {
109                    continue;
110                }
111                $newuser->setVar($fieldname, $default);
112            }
113        }
114    }
115} else {
116    // We already have a user? Just load it! Security is handled by token so there is no fake uid here.
117    $newuser = $member_handler->getUser($uid);
118    $profile = $profile_handler->get($uid);
119}
120
121// Lets merge current $_POST  with $_SESSION['profile_post'] so we can have access to info submited in previous steps
122// Get all fields that we can expect from a $_POST inlcuding our private '_message_'
123$fieldnames = array();
124foreach (array_keys($fields) as $i) {
125    $fieldnames[] = $fields[$i]->getVar('field_name');
126}
127$fieldnames   = array_merge($fieldnames, $userfields);
128$fieldnames[] = '_message_';
129
130// Get $_POST that matches above criteria, we do not need to store step, tokens, etc
131$postfields = array();
132foreach ($fieldnames as $fieldname) {
133    if (isset($_POST[$fieldname])) {
134        $postfields[$fieldname] = $_POST[$fieldname];
135    }
136}
137
138if ($current_step == 0) {
139    // Reset any previous session for first step
140    $_SESSION['profile_post']         = array();
141    $_SESSION['profile_register_uid'] = null;
142} else {
143    // Merge current $_POST  with $_SESSION['profile_post']
144    $_SESSION['profile_post'] = array_merge($_SESSION['profile_post'], $postfields);
145    $_POST                    = array_merge($_SESSION['profile_post'], $_POST);
146}
147
148// Set vars from $_POST/$_SESSION['profile_post']
149foreach (array_keys($fields) as $field) {
150    if (!isset($_POST[$field])) {
151        continue;
152    }
153
154    $value = $fields[$field]->getValueForSave($_POST[$field]);
155    if (in_array($field, $userfields)) {
156        $newuser->setVar($field, $value);
157    } else {
158        $profile->setVar($field, $value);
159    }
160}
161
162$stop = '';
163
164//Client side validation
165if (isset($_POST['step']) && isset($_SESSION['profile_required'])) {
166    foreach ($_SESSION['profile_required'] as $name => $title) {
167        if (!isset($_POST[$name]) || empty($_POST[$name])) {
168            $stop .= sprintf(_FORM_ENTER, $title) . '<br />';
169        }
170    }
171}
172
173// Check user data at first step
174if ($current_step == 1) {
175    $uname      = isset($_POST['uname']) ? $myts->stripSlashesGPC(trim($_POST['uname'])) : '';
176    $email      = isset($_POST['email']) ? $myts->stripSlashesGPC(trim($_POST['email'])) : '';
177    $url        = isset($_POST['url']) ? $myts->stripSlashesGPC(trim($_POST['url'])) : '';
178    $pass       = isset($_POST['pass']) ? $myts->stripSlashesGPC(trim($_POST['pass'])) : '';
179    $vpass      = isset($_POST['vpass']) ? $myts->stripSlashesGPC(trim($_POST['vpass'])) : '';
180    $agree_disc = (isset($_POST['agree_disc']) && (int)$_POST['agree_disc']) ? 1 : 0;
181
182    if ($GLOBALS['xoopsConfigUser']['reg_dispdsclmr'] != 0 && $GLOBALS['xoopsConfigUser']['reg_disclaimer'] !== '') {
183        if (empty($agree_disc)) {
184            $stop .= _US_UNEEDAGREE . '<br />';
185        }
186    }
187
188    $newuser->setVar('uname', $uname);
189    $newuser->setVar('email', $email);
190    $newuser->setVar('pass', $pass ? password_hash($pass, PASSWORD_DEFAULT) : '');
191    $stop .= XoopsUserUtility::validate($newuser, $pass, $vpass);
192
193    xoops_load('XoopsCaptcha');
194    $xoopsCaptcha = XoopsCaptcha::getInstance();
195    if (!$xoopsCaptcha->verify()) {
196        $stop .= $xoopsCaptcha->getMessage();
197    }
198}
199
200// If the last step required SAVE or if we're on the last step then we will insert/update user on database
201if ($current_step > 0 && empty($stop) && (!empty($steps[$current_step - 1]['step_save']) || !isset($steps[$current_step]))) {
202    if ($GLOBALS['xoopsModuleConfig']['profileCaptchaAfterStep1'] == 1 && $current_step > 1) {
203        xoops_load('XoopsCaptcha');
204        $xoopsCaptcha2 = XoopsCaptcha::getInstance();
205        if (!$xoopsCaptcha2->verify()) {
206            $stop .= $xoopsCaptcha2->getMessage();
207        }
208    }
209
210    if (empty($stop)) {
211        $isNew = $newuser->isNew();
212
213        //Did created an user already? If not then let us set some extra info
214        if ($isNew) {
215            $uname = isset($_POST['uname']) ? $myts->stripSlashesGPC(trim($_POST['uname'])) : '';
216            $email = isset($_POST['email']) ? $myts->stripSlashesGPC(trim($_POST['email'])) : '';
217            $url   = isset($_POST['url']) ? $myts->stripSlashesGPC(trim($_POST['url'])) : '';
218            $pass  = isset($_POST['pass']) ? $myts->stripSlashesGPC(trim($_POST['pass'])) : '';
219            $newuser->setVar('uname', $uname);
220            $newuser->setVar('email', $email);
221            $newuser->setVar('pass', $pass ? password_hash($pass, PASSWORD_DEFAULT) : '');
222            $actkey = substr(md5(uniqid(mt_rand(), 1)), 0, 8);
223            $newuser->setVar('actkey', $actkey, true);
224            $newuser->setVar('user_regdate', time(), true);
225            $newuser->setVar('uorder', $GLOBALS['xoopsConfig']['com_order'], true);
226            $newuser->setVar('umode', $GLOBALS['xoopsConfig']['com_mode'], true);
227            $newuser->setVar('theme', $GLOBALS['xoopsConfig']['theme_set'], true);
228            $newuser->setVar('user_avatar', 'avatars/blank.gif', true);
229            if ($GLOBALS['xoopsConfigUser']['activation_type'] == 1) {
230                $newuser->setVar('level', 1, true);
231            } else {
232                $newuser->setVar('level', 0, true);
233            }
234        }
235
236        // Insert/update user and check if we have succeded
237        if (!$member_handler->insertUser($newuser)) {
238            $stop .= _US_REGISTERNG . '<br />';
239            $stop .= implode('<br />', $newuser->getErrors());
240        } else {
241            // User inserted! Now insert custom profile fields
242            $profile->setVar('profile_id', $newuser->getVar('uid'));
243            $profile_handler->insert($profile);
244
245            // We are good! If this is 'was' a new user then we handle notification
246            if ($isNew) {
247                if ($GLOBALS['xoopsConfigUser']['new_user_notify'] == 1 && !empty($GLOBALS['xoopsConfigUser']['new_user_notify_group'])) {
248                    $xoopsMailer =& xoops_getMailer();
249                    $xoopsMailer->reset();
250                    $xoopsMailer->useMail();
251                    $xoopsMailer->setToGroups($member_handler->getGroup($GLOBALS['xoopsConfigUser']['new_user_notify_group']));
252                    $xoopsMailer->setFromEmail($GLOBALS['xoopsConfig']['adminmail']);
253                    $xoopsMailer->setFromName($GLOBALS['xoopsConfig']['sitename']);
254                    $xoopsMailer->setSubject(sprintf(_US_NEWUSERREGAT, $GLOBALS['xoopsConfig']['sitename']));
255                    $xoopsMailer->setBody(sprintf(_US_HASJUSTREG, $newuser->getVar('uname')));
256                    $xoopsMailer->send(true);
257                }
258
259                $message = '';
260                if (!$member_handler->addUserToGroup(XOOPS_GROUP_USERS, $newuser->getVar('uid'))) {
261                    $message = _PROFILE_MA_REGISTER_NOTGROUP . '<br />';
262                } else {
263                    if ($GLOBALS['xoopsConfigUser']['activation_type'] == 1) {
264                        XoopsUserUtility::sendWelcome($newuser);
265                    } else {
266                        if ($GLOBALS['xoopsConfigUser']['activation_type'] == 0) {
267                            $xoopsMailer =& xoops_getMailer();
268                            $xoopsMailer->reset();
269                            $xoopsMailer->useMail();
270                            $xoopsMailer->setTemplate('register.tpl');
271                            $xoopsMailer->assign('SITENAME', $GLOBALS['xoopsConfig']['sitename']);
272                            $xoopsMailer->assign('ADMINMAIL', $GLOBALS['xoopsConfig']['adminmail']);
273                            $xoopsMailer->assign('SITEURL', XOOPS_URL . '/');
274                            $xoopsMailer->assign('X_UPASS', $_POST['vpass']);
275                            $xoopsMailer->setToUsers($newuser);
276                            $xoopsMailer->setFromEmail($GLOBALS['xoopsConfig']['adminmail']);
277                            $xoopsMailer->setFromName($GLOBALS['xoopsConfig']['sitename']);
278                            $xoopsMailer->setSubject(sprintf(_US_USERKEYFOR, $newuser->getVar('uname')));
279                            if (!$xoopsMailer->send(true)) {
280                                $_SESSION['profile_post']['_message_'] = 0;
281                            } else {
282                                $_SESSION['profile_post']['_message_'] = 1;
283                            }
284                        } else {
285                            if ($GLOBALS['xoopsConfigUser']['activation_type'] == 2) {
286                                $xoopsMailer =& xoops_getMailer();
287                                $xoopsMailer->reset();
288                                $xoopsMailer->useMail();
289                                $xoopsMailer->setTemplate('adminactivate.tpl');
290                                $xoopsMailer->assign('USERNAME', $newuser->getVar('uname'));
291                                $xoopsMailer->assign('USEREMAIL', $newuser->getVar('email'));
292                                $xoopsMailer->assign('USERACTLINK', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/activate.php?id=' . $newuser->getVar('uid') . '&actkey=' . $newuser->getVar('actkey', 'n'));
293                                $xoopsMailer->assign('SITENAME', $GLOBALS['xoopsConfig']['sitename']);
294                                $xoopsMailer->assign('ADMINMAIL', $GLOBALS['xoopsConfig']['adminmail']);
295                                $xoopsMailer->assign('SITEURL', XOOPS_URL . '/');
296                                $xoopsMailer->setToGroups($member_handler->getGroup($GLOBALS['xoopsConfigUser']['activation_group']));
297                                $xoopsMailer->setFromEmail($GLOBALS['xoopsConfig']['adminmail']);
298                                $xoopsMailer->setFromName($GLOBALS['xoopsConfig']['sitename']);
299                                $xoopsMailer->setSubject(sprintf(_US_USERKEYFOR, $newuser->getVar('uname')));
300                                if (!$xoopsMailer->send()) {
301                                    $_SESSION['profile_post']['_message_'] = 2;
302                                } else {
303                                    $_SESSION['profile_post']['_message_'] = 3;
304                                }
305                            }
306                        }
307                    }
308                }
309                if ($message) {
310                    $GLOBALS['xoopsTpl']->append('confirm', $message);
311                }
312                $_SESSION['profile_register_uid'] = $newuser->getVar('uid');
313            }
314        }
315    }
316}
317
318if (!empty($stop) || isset($steps[$current_step])) {
319    include_once __DIR__ . '/include/forms.php';
320    $current_step = empty($stop) ? $current_step : $current_step - 1;
321    $reg_form     = profile_getRegisterForm($newuser, $profile, $steps[$current_step]);
322    $reg_form->assign($GLOBALS['xoopsTpl']);
323    $GLOBALS['xoopsTpl']->assign('current_step', $current_step);
324    $GLOBALS['xoopsTpl']->assign('stop', $stop);
325} else {
326    // No errors and no more steps, finish
327    $GLOBALS['xoopsTpl']->assign('finish', _PROFILE_MA_REGISTER_FINISH);
328    $GLOBALS['xoopsTpl']->assign('current_step', -1);
329    if ($GLOBALS['xoopsConfigUser']['activation_type'] == 1 && !empty($_SESSION['profile_post']['pass'])) {
330        $GLOBALS['xoopsTpl']->assign('finish_login', _PROFILE_MA_FINISH_LOGIN);
331        $GLOBALS['xoopsTpl']->assign('finish_uname', $newuser->getVar('uname'));
332        $GLOBALS['xoopsTpl']->assign('finish_pass', htmlspecialchars($_SESSION['profile_post']['pass']));
333    }
334    if (isset($_SESSION['profile_post']['_message_'])) {
335        //todo, if user is activated by admin, then we should inform it along with error messages.  _US_YOURREGMAILNG is not enough
336        $messages = array(_US_YOURREGMAILNG, _US_YOURREGISTERED, _US_YOURREGMAILNG, _US_YOURREGISTERED2);
337        $GLOBALS['xoopsTpl']->assign('finish_message', $messages[$_SESSION['profile_post']['_message_']]);
338    }
339    $_SESSION['profile_post'] = null;
340}
341
342include __DIR__ . '/footer.php';