PageRenderTime 46ms CodeModel.GetById 21ms RepoModel.GetById 0ms app.codeStats 1ms

/components/com_registration/registration.php

https://bitbucket.org/dgough/annamaria-daneswood-25102012
PHP | 290 lines | 206 code | 62 blank | 22 comment | 36 complexity | effab30e995b0537e24d08d616259357 MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.1
  1. <?php
  2. /**
  3. * @version $Id: registration.php 5914 2006-12-02 03:53:59Z pasamio $
  4. * @package Joomla
  5. * @copyright Copyright (C) 2005 Open Source Matters. All rights reserved.
  6. * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
  7. * Joomla! is free software. This version may have been modified pursuant
  8. * to the GNU General Public License, and as distributed it includes or
  9. * is derivative of works licensed under the GNU General Public License or
  10. * other free or open source software licenses.
  11. * See COPYRIGHT.php for copyright notices and details.
  12. */
  13. // no direct access
  14. defined( '_VALID_MOS' ) or die( 'Restricted access' );
  15. global $mosConfig_frontend_login;
  16. require_once( $mainframe->getPath( 'front_html' ) );
  17. if ( $mosConfig_frontend_login != NULL && ($mosConfig_frontend_login === 0 || $mosConfig_frontend_login === '0')) {
  18. echo _NOT_AUTH;
  19. return;
  20. }
  21. switch( $task ) {
  22. case 'lostPassword':
  23. lostPassForm( $option );
  24. break;
  25. case 'sendNewPass':
  26. sendNewPass( $option );
  27. break;
  28. case 'register':
  29. registerForm( $option, $mosConfig_useractivation );
  30. break;
  31. case 'saveRegistration':
  32. saveRegistration();
  33. break;
  34. case 'activate':
  35. activate( $option );
  36. break;
  37. }
  38. function lostPassForm( $option ) {
  39. global $mainframe;
  40. $mainframe->SetPageTitle(_PROMPT_PASSWORD);
  41. HTML_registration::lostPassForm($option);
  42. }
  43. function sendNewPass( $option ) {
  44. global $database;
  45. global $mosConfig_live_site, $mosConfig_sitename;
  46. global $mosConfig_mailfrom, $mosConfig_fromname;
  47. // simple spoof check security
  48. josSpoofCheck();
  49. $_live_site = $mosConfig_live_site;
  50. $_sitename = $mosConfig_sitename;
  51. //$checkusername = stripslashes( mosGetParam( $_POST, 'checkusername', '' ) );
  52. $confirmEmail = stripslashes( mosGetParam( $_POST, 'confirmEmail', '') );
  53. if (!$confirmEmail) {
  54. mosRedirect( "index.php?option=$option&task=lostPassword&mosmsg="._ERROR_PASS );
  55. }
  56. $query = "SELECT id, username"
  57. . "\n FROM #__users"
  58. . "\n WHERE email = " . $database->Quote( $confirmEmail )
  59. ;
  60. $database->setQuery( $query );
  61. foreach($database->loadObjectList() as $user){
  62. $username = $user->username;
  63. $newpass = mosMakePassword();
  64. $message = _NEWPASS_MSG;
  65. eval ("\$message = \"$message\";");
  66. $subject = _NEWPASS_SUB;
  67. eval ("\$subject = \"$subject\";");
  68. mosMail($mosConfig_mailfrom, $mosConfig_fromname, $confirmEmail, $subject, $message);
  69. $salt = mosMakePassword(16);
  70. $crypt = md5($newpass.$salt);
  71. $newpass = $crypt.':'.$salt;
  72. $sql = "UPDATE #__users"
  73. . "\n SET password = " . $database->Quote( $newpass )
  74. . "\n WHERE id = " . (int) $user->id
  75. ;
  76. $database->setQuery( $sql );
  77. if (!$database->query()) {
  78. die("SQL error" . $database->stderr(true));
  79. }
  80. }
  81. mosRedirect( 'index.php?option=com_registration&mosmsg='. _NEWPASS_SENT );
  82. }
  83. function registerForm( $option, $useractivation ) {
  84. global $mainframe;
  85. if (!$mainframe->getCfg( 'allowUserRegistration' )) {
  86. mosNotAuth();
  87. return;
  88. }
  89. $mainframe->SetPageTitle(_REGISTER_TITLE);
  90. HTML_registration::registerForm($option, $useractivation);
  91. }
  92. function saveRegistration() {
  93. global $database, $acl;
  94. global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
  95. global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;
  96. if ( $mosConfig_allowUserRegistration == 0 ) {
  97. mosNotAuth();
  98. return;
  99. }
  100. // simple spoof check security
  101. josSpoofCheck();
  102. $row = new mosUser( $database );
  103. if (!$row->bind( $_POST, 'usertype' )) {
  104. mosErrorAlert( $row->getError() );
  105. }
  106. $row->name = trim( $row->name );
  107. $row->email = trim( $row->email );
  108. $row->username = trim( $row->username );
  109. $row->password = trim( $row->password );
  110. mosMakeHtmlSafe($row);
  111. $row->id = 0;
  112. $row->usertype = '';
  113. $row->gid = $acl->get_group_id( 'Registered', 'ARO' );
  114. if ( $mosConfig_useractivation == 1 ) {
  115. $row->activation = md5( mosMakePassword() );
  116. $row->block = '1';
  117. }
  118. if (!$row->check()) {
  119. echo "<script> alert('".html_entity_decode($row->getError())."'); window.history.go(-1); </script>\n";
  120. exit();
  121. }
  122. $pwd = $row->password;
  123. $salt = mosMakePassword(16);
  124. $crypt = md5($row->password.$salt);
  125. $row->password = $crypt.':'.$salt;
  126. $row->registerDate = date( 'Y-m-d H:i:s' );
  127. if (!$row->store()) {
  128. echo "<script> alert('".html_entity_decode($row->getError())."'); window.history.go(-1); </script>\n";
  129. exit();
  130. }
  131. $row->checkin();
  132. $name = trim($row->name);
  133. $email = trim($row->email);
  134. $username = trim($row->username);
  135. $subject = sprintf (_SEND_SUB, $name, $mosConfig_sitename);
  136. $subject = html_entity_decode($subject, ENT_QUOTES);
  137. if ($mosConfig_useractivation == 1){
  138. $message = sprintf (_USEND_MSG_ACTIVATE, $name, $mosConfig_sitename, $mosConfig_live_site."/index.php?option=com_registration&task=activate&activation=".$row->activation, $mosConfig_live_site, $username, $pwd);
  139. } else {
  140. $message = sprintf (_USEND_MSG, $name, $mosConfig_sitename, $mosConfig_live_site);
  141. }
  142. $message = html_entity_decode($message, ENT_QUOTES);
  143. // check if Global Config `mailfrom` and `fromname` values exist
  144. if ($mosConfig_mailfrom != '' && $mosConfig_fromname != '') {
  145. $adminName2 = $mosConfig_fromname;
  146. $adminEmail2 = $mosConfig_mailfrom;
  147. } else {
  148. // use email address and name of first superadmin for use in email sent to user
  149. $query = "SELECT name, email"
  150. . "\n FROM #__users"
  151. . "\n WHERE LOWER( usertype ) = 'superadministrator'"
  152. . "\n OR LOWER( usertype ) = 'super administrator'"
  153. ;
  154. $database->setQuery( $query );
  155. $rows = $database->loadObjectList();
  156. $row2 = $rows[0];
  157. $adminName2 = $row2->name;
  158. $adminEmail2 = $row2->email;
  159. }
  160. // Send email to user
  161. mosMail($adminEmail2, $adminName2, $email, $subject, $message);
  162. // Send notification to all administrators
  163. $subject2 = sprintf (_SEND_SUB, $name, $mosConfig_sitename);
  164. $message2 = sprintf (_ASEND_MSG, $adminName2, $mosConfig_sitename, $row->name, $email, $username);
  165. $subject2 = html_entity_decode($subject2, ENT_QUOTES);
  166. $message2 = html_entity_decode($message2, ENT_QUOTES);
  167. // get email addresses of all admins and superadmins set to recieve system emails
  168. $query = "SELECT email, sendEmail"
  169. . "\n FROM #__users"
  170. . "\n WHERE ( gid = 24 OR gid = 25 )"
  171. . "\n AND sendEmail = 1"
  172. . "\n AND block = 0"
  173. ;
  174. $database->setQuery( $query );
  175. $admins = $database->loadObjectList();
  176. foreach ( $admins as $admin ) {
  177. // send email to admin & super admin set to recieve system emails
  178. mosMail($adminEmail2, $adminName2, $admin->email, $subject2, $message2);
  179. }
  180. if ( $mosConfig_useractivation == 1 ){
  181. echo _REG_COMPLETE_ACTIVATE;
  182. } else {
  183. echo _REG_COMPLETE;
  184. }
  185. }
  186. function activate( $option ) {
  187. global $database, $my;
  188. global $mosConfig_useractivation, $mosConfig_allowUserRegistration;
  189. if($my->id) {
  190. // They're already logged in, so redirect them to the home page
  191. mosRedirect( 'index.php' );
  192. }
  193. if ($mosConfig_allowUserRegistration == '0' || $mosConfig_useractivation == '0') {
  194. mosNotAuth();
  195. return;
  196. }
  197. $activation = stripslashes( mosGetParam( $_REQUEST, 'activation', '' ) );
  198. if (empty( $activation )) {
  199. echo _REG_ACTIVATE_NOT_FOUND;
  200. return;
  201. }
  202. $query = "SELECT id"
  203. . "\n FROM #__users"
  204. . "\n WHERE activation = " . $database->Quote( $activation )
  205. . "\n AND block = 1"
  206. ;
  207. $database->setQuery( $query );
  208. $result = $database->loadResult();
  209. if ($result) {
  210. $query = "UPDATE #__users"
  211. . "\n SET block = 0, activation = ''"
  212. . "\n WHERE activation = " . $database->Quote( $activation )
  213. . "\n AND block = 1"
  214. ;
  215. $database->setQuery( $query );
  216. if (!$database->query()) {
  217. if(!defined(_REG_ACTIVATE_FAILURE)) {
  218. DEFINE('_REG_ACTIVATE_FAILURE', '<div class="componentheading">Activation Failed!</div><br />The system was unable to activate your account, please contact the site administrator.');
  219. }
  220. echo _REG_ACTIVATE_FAILURE;
  221. } else {
  222. echo _REG_ACTIVATE_COMPLETE;
  223. }
  224. } else {
  225. echo _REG_ACTIVATE_NOT_FOUND;
  226. }
  227. }
  228. ?>