Register.php 31 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849
  1. <?php
  2. /**
  3. * Simple Machines Forum (SMF)
  4. *
  5. * @package SMF
  6. * @author Simple Machines http://www.simplemachines.org
  7. * @copyright 2011 Simple Machines
  8. * @license http://www.simplemachines.org/about/smf/license.php BSD
  9. *
  10. * @version 2.0
  11. */
  12. if (!defined('SMF'))
  13. die('Hacking attempt...');
  14. /* This file has two main jobs, but they really are one. It registers new
  15. members, and it helps the administrator moderate member registrations.
  16. Similarly, it handles account activation as well.
  17. void Register()
  18. // !!!
  19. void Register2()
  20. // !!!
  21. void Activate()
  22. // !!!
  23. void CoppaForm()
  24. // !!!
  25. void VerificationCode()
  26. // Show the verification code or let it hear.
  27. void RegisterCheckUsername()
  28. // !!!
  29. */
  30. // Begin the registration process.
  31. function Register($reg_errors = array())
  32. {
  33. global $txt, $boarddir, $context, $settings, $modSettings, $user_info;
  34. global $language, $scripturl, $smcFunc, $sourcedir, $smcFunc, $cur_profile;
  35. // Is this an incoming AJAX check?
  36. if (isset($_GET['sa']) && $_GET['sa'] == 'usernamecheck')
  37. return RegisterCheckUsername();
  38. // Check if the administrator has it disabled.
  39. if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3)
  40. fatal_lang_error('registration_disabled', false);
  41. // If this user is an admin - redirect them to the admin registration page.
  42. if (allowedTo('moderate_forum') && !$user_info['is_guest'])
  43. redirectexit('action=admin;area=regcenter;sa=register');
  44. // You are not a guest, so you are a member - and members don't get to register twice!
  45. elseif (empty($user_info['is_guest']))
  46. redirectexit();
  47. loadLanguage('Login');
  48. loadTemplate('Register');
  49. // Do we need them to agree to the registration agreement, first?
  50. $context['require_agreement'] = !empty($modSettings['requireAgreement']);
  51. $context['registration_passed_agreement'] = !empty($_SESSION['registration_agreed']);
  52. $context['show_coppa'] = !empty($modSettings['coppaAge']);
  53. // Under age restrictions?
  54. if ($context['show_coppa'])
  55. {
  56. $context['skip_coppa'] = false;
  57. $context['coppa_agree_above'] = sprintf($txt['agreement_agree_coppa_above'], $modSettings['coppaAge']);
  58. $context['coppa_agree_below'] = sprintf($txt['agreement_agree_coppa_below'], $modSettings['coppaAge']);
  59. }
  60. // What step are we at?
  61. $current_step = isset($_REQUEST['step']) ? (int) $_REQUEST['step'] : ($context['require_agreement'] ? 1 : 2);
  62. // Does this user agree to the registation agreement?
  63. if ($current_step == 1 && (isset($_POST['accept_agreement']) || isset($_POST['accept_agreement_coppa'])))
  64. {
  65. $context['registration_passed_agreement'] = $_SESSION['registration_agreed'] = true;
  66. $current_step = 2;
  67. // Skip the coppa procedure if the user says he's old enough.
  68. if ($context['show_coppa'])
  69. {
  70. $_SESSION['skip_coppa'] = !empty($_POST['accept_agreement']);
  71. // Are they saying they're under age, while under age registration is disabled?
  72. if (empty($modSettings['coppaType']) && empty($_SESSION['skip_coppa']))
  73. {
  74. loadLanguage('Login');
  75. fatal_lang_error('under_age_registration_prohibited', false, array($modSettings['coppaAge']));
  76. }
  77. }
  78. }
  79. // Make sure they don't squeeze through without agreeing.
  80. elseif ($current_step > 1 && $context['require_agreement'] && !$context['registration_passed_agreement'])
  81. $current_step = 1;
  82. // Show the user the right form.
  83. $context['sub_template'] = $current_step == 1 ? 'registration_agreement' : 'registration_form';
  84. $context['page_title'] = $current_step == 1 ? $txt['registration_agreement'] : $txt['registration_form'];
  85. // Add the register chain to the link tree.
  86. $context['linktree'][] = array(
  87. 'url' => $scripturl . '?action=register',
  88. 'name' => $txt['register'],
  89. );
  90. // If you have to agree to the agreement, it needs to be fetched from the file.
  91. if ($context['require_agreement'])
  92. {
  93. // Have we got a localized one?
  94. if (file_exists($boarddir . '/agreement.' . $user_info['language'] . '.txt'))
  95. $context['agreement'] = parse_bbc(file_get_contents($boarddir . '/agreement.' . $user_info['language'] . '.txt'), true, 'agreement_' . $user_info['language']);
  96. elseif (file_exists($boarddir . '/agreement.txt'))
  97. $context['agreement'] = parse_bbc(file_get_contents($boarddir . '/agreement.txt'), true, 'agreement');
  98. else
  99. $context['agreement'] = '';
  100. }
  101. if (!empty($modSettings['userLanguage']))
  102. {
  103. $selectedLanguage = empty($_SESSION['language']) ? $language : $_SESSION['language'];
  104. // Do we have any languages?
  105. if (empty($context['languages']))
  106. getLanguages();
  107. // Try to find our selected language.
  108. foreach ($context['languages'] as $key => $lang)
  109. {
  110. $context['languages'][$key]['name'] = strtr($lang['name'], array('-utf8' => ''));
  111. // Found it!
  112. if ($selectedLanguage == $lang['filename'])
  113. $context['languages'][$key]['selected'] = true;
  114. }
  115. }
  116. // Any custom fields we want filled in?
  117. require_once($sourcedir . '/Profile.php');
  118. loadCustomFields(0, 'register');
  119. // Or any standard ones?
  120. if (!empty($modSettings['registration_fields']))
  121. {
  122. require_once($sourcedir . '/Profile-Modify.php');
  123. // Setup some important context.
  124. loadLanguage('Profile');
  125. loadTemplate('Profile');
  126. $context['user']['is_owner'] = true;
  127. // Here, and here only, emulate the permissions the user would have to do this.
  128. $user_info['permissions'] = array_merge($user_info['permissions'], array('profile_account_own', 'profile_extra_own'));
  129. $reg_fields = explode(',', $modSettings['registration_fields']);
  130. // We might have had some submissions on this front - go check.
  131. foreach ($reg_fields as $field)
  132. if (isset($_POST[$field]))
  133. $cur_profile[$field] = $smcFunc['htmlspecialchars']($_POST[$field]);
  134. // Load all the fields in question.
  135. setupProfileContext($reg_fields);
  136. }
  137. // Generate a visual verification code to make sure the user is no bot.
  138. if (!empty($modSettings['reg_verification']))
  139. {
  140. require_once($sourcedir . '/Subs-Editor.php');
  141. $verificationOptions = array(
  142. 'id' => 'register',
  143. );
  144. $context['visual_verification'] = create_control_verification($verificationOptions);
  145. $context['visual_verification_id'] = $verificationOptions['id'];
  146. }
  147. // Otherwise we have nothing to show.
  148. else
  149. $context['visual_verification'] = false;
  150. // Are they coming from an OpenID login attempt?
  151. if (!empty($_SESSION['openid']['verified']) && !empty($_SESSION['openid']['openid_uri']))
  152. {
  153. $context['openid'] = $_SESSION['openid']['openid_uri'];
  154. $context['username'] = $smcFunc['htmlspecialchars'](!empty($_POST['user']) ? $_POST['user'] : $_SESSION['openid']['nickname']);
  155. $context['email'] = $smcFunc['htmlspecialchars'](!empty($_POST['email']) ? $_POST['email'] : $_SESSION['openid']['email']);
  156. }
  157. // See whether we have some prefiled values.
  158. else
  159. {
  160. $context += array(
  161. 'openid' => isset($_POST['openid_identifier']) ? $_POST['openid_identifier'] : '',
  162. 'username' => isset($_POST['user']) ? $smcFunc['htmlspecialchars']($_POST['user']) : '',
  163. 'email' => isset($_POST['email']) ? $smcFunc['htmlspecialchars']($_POST['email']) : '',
  164. );
  165. }
  166. // !!! Why isn't this a simple set operation?
  167. // Were there any errors?
  168. $context['registration_errors'] = array();
  169. if (!empty($reg_errors))
  170. foreach ($reg_errors as $error)
  171. $context['registration_errors'][] = $error;
  172. }
  173. // Actually register the member.
  174. function Register2($verifiedOpenID = false)
  175. {
  176. global $scripturl, $txt, $modSettings, $context, $sourcedir;
  177. global $user_info, $options, $settings, $smcFunc;
  178. // Start collecting together any errors.
  179. $reg_errors = array();
  180. // Did we save some open ID fields?
  181. if ($verifiedOpenID && !empty($context['openid_save_fields']))
  182. {
  183. foreach ($context['openid_save_fields'] as $id => $value)
  184. $_POST[$id] = $value;
  185. }
  186. // You can't register if it's disabled.
  187. if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3)
  188. fatal_lang_error('registration_disabled', false);
  189. // Things we don't do for people who have already confirmed their OpenID allegances via register.
  190. if (!$verifiedOpenID)
  191. {
  192. // Well, if you don't agree, you can't register.
  193. if (!empty($modSettings['requireAgreement']) && empty($_SESSION['registration_agreed']))
  194. redirectexit();
  195. // Make sure they came from *somewhere*, have a session.
  196. if (!isset($_SESSION['old_url']))
  197. redirectexit('action=register');
  198. // Are they under age, and under age users are banned?
  199. if (!empty($modSettings['coppaAge']) && empty($modSettings['coppaType']) && empty($_SESSION['skip_coppa']))
  200. {
  201. // !!! This should be put in Errors, imho.
  202. loadLanguage('Login');
  203. fatal_lang_error('under_age_registration_prohibited', false, array($modSettings['coppaAge']));
  204. }
  205. // Check whether the visual verification code was entered correctly.
  206. if (!empty($modSettings['reg_verification']))
  207. {
  208. require_once($sourcedir . '/Subs-Editor.php');
  209. $verificationOptions = array(
  210. 'id' => 'register',
  211. );
  212. $context['visual_verification'] = create_control_verification($verificationOptions, true);
  213. if (is_array($context['visual_verification']))
  214. {
  215. loadLanguage('Errors');
  216. foreach ($context['visual_verification'] as $error)
  217. $reg_errors[] = $txt['error_' . $error];
  218. }
  219. }
  220. }
  221. foreach ($_POST as $key => $value)
  222. {
  223. if (!is_array($_POST[$key]))
  224. $_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
  225. }
  226. // Collect all extra registration fields someone might have filled in.
  227. $possible_strings = array(
  228. 'website_url', 'website_title',
  229. 'aim', 'yim',
  230. 'location', 'birthdate',
  231. 'time_format',
  232. 'buddy_list',
  233. 'pm_ignore_list',
  234. 'smiley_set',
  235. 'signature', 'personal_text', 'avatar',
  236. 'lngfile',
  237. 'secret_question', 'secret_answer',
  238. );
  239. $possible_ints = array(
  240. 'pm_email_notify',
  241. 'notify_types',
  242. 'icq',
  243. 'gender',
  244. 'id_theme',
  245. );
  246. $possible_floats = array(
  247. 'time_offset',
  248. );
  249. $possible_bools = array(
  250. 'notify_announcements', 'notify_regularity', 'notify_send_body',
  251. 'hide_email', 'show_online',
  252. );
  253. if (isset($_POST['secret_answer']) && $_POST['secret_answer'] != '')
  254. $_POST['secret_answer'] = md5($_POST['secret_answer']);
  255. // Needed for isReservedName() and registerMember().
  256. require_once($sourcedir . '/Subs-Members.php');
  257. // Validation... even if we're not a mall.
  258. if (isset($_POST['real_name']) && (!empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum')))
  259. {
  260. $_POST['real_name'] = trim(preg_replace('~[\s]~' . ($context['utf8'] ? 'u' : ''), ' ', $_POST['real_name']));
  261. if (trim($_POST['real_name']) != '' && !isReservedName($_POST['real_name']) && $smcFunc['strlen']($_POST['real_name']) < 60)
  262. $possible_strings[] = 'real_name';
  263. }
  264. if (isset($_POST['msn']) && preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $_POST['msn']) != 0)
  265. $profile_strings[] = 'msn';
  266. // Handle a string as a birthdate...
  267. if (isset($_POST['birthdate']) && $_POST['birthdate'] != '')
  268. $_POST['birthdate'] = strftime('%Y-%m-%d', strtotime($_POST['birthdate']));
  269. // Or birthdate parts...
  270. elseif (!empty($_POST['bday1']) && !empty($_POST['bday2']))
  271. $_POST['birthdate'] = sprintf('%04d-%02d-%02d', empty($_POST['bday3']) ? 0 : (int) $_POST['bday3'], (int) $_POST['bday1'], (int) $_POST['bday2']);
  272. // By default assume email is hidden, only show it if we tell it to.
  273. $_POST['hide_email'] = !empty($_POST['allow_email']) ? 0 : 1;
  274. // Validate the passed language file.
  275. if (isset($_POST['lngfile']) && !empty($modSettings['userLanguage']))
  276. {
  277. // Do we have any languages?
  278. if (empty($context['languages']))
  279. getLanguages();
  280. // Did we find it?
  281. if (isset($context['languages'][$_POST['lngfile']]))
  282. $_SESSION['language'] = $_POST['lngfile'];
  283. else
  284. unset($_POST['lngfile']);
  285. }
  286. else
  287. unset($_POST['lngfile']);
  288. // Set the options needed for registration.
  289. $regOptions = array(
  290. 'interface' => 'guest',
  291. 'username' => !empty($_POST['user']) ? $_POST['user'] : '',
  292. 'email' => !empty($_POST['email']) ? $_POST['email'] : '',
  293. 'password' => !empty($_POST['passwrd1']) ? $_POST['passwrd1'] : '',
  294. 'password_check' => !empty($_POST['passwrd2']) ? $_POST['passwrd2'] : '',
  295. 'openid' => !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : '',
  296. 'auth_method' => !empty($_POST['authenticate']) ? $_POST['authenticate'] : '',
  297. 'check_reserved_name' => true,
  298. 'check_password_strength' => true,
  299. 'check_email_ban' => true,
  300. 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']),
  301. 'require' => !empty($modSettings['coppaAge']) && !$verifiedOpenID && empty($_SESSION['skip_coppa']) ? 'coppa' : (empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval')),
  302. 'extra_register_vars' => array(),
  303. 'theme_vars' => array(),
  304. );
  305. // Include the additional options that might have been filled in.
  306. foreach ($possible_strings as $var)
  307. if (isset($_POST[$var]))
  308. $regOptions['extra_register_vars'][$var] = $smcFunc['htmlspecialchars']($_POST[$var], ENT_QUOTES);
  309. foreach ($possible_ints as $var)
  310. if (isset($_POST[$var]))
  311. $regOptions['extra_register_vars'][$var] = (int) $_POST[$var];
  312. foreach ($possible_floats as $var)
  313. if (isset($_POST[$var]))
  314. $regOptions['extra_register_vars'][$var] = (float) $_POST[$var];
  315. foreach ($possible_bools as $var)
  316. if (isset($_POST[$var]))
  317. $regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1;
  318. // Registration options are always default options...
  319. if (isset($_POST['default_options']))
  320. $_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
  321. $regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? $_POST['options'] : array();
  322. // Make sure they are clean, dammit!
  323. $regOptions['theme_vars'] = htmlspecialchars__recursive($regOptions['theme_vars']);
  324. // If Quick Reply hasn't been set then set it to be shown but collapsed.
  325. if (!isset($regOptions['theme_vars']['display_quick_reply']))
  326. $regOptions['theme_vars']['display_quick_reply'] = 1;
  327. // Check whether we have fields that simply MUST be displayed?
  328. $request = $smcFunc['db_query']('', '
  329. SELECT col_name, field_name, field_type, field_length, mask, show_reg
  330. FROM {db_prefix}custom_fields
  331. WHERE active = {int:is_active}',
  332. array(
  333. 'is_active' => 1,
  334. )
  335. );
  336. $custom_field_errors = array();
  337. while ($row = $smcFunc['db_fetch_assoc']($request))
  338. {
  339. // Don't allow overriding of the theme variables.
  340. if (isset($regOptions['theme_vars'][$row['col_name']]))
  341. unset($regOptions['theme_vars'][$row['col_name']]);
  342. // Not actually showing it then?
  343. if (!$row['show_reg'])
  344. continue;
  345. // Prepare the value!
  346. $value = isset($_POST['customfield'][$row['col_name']]) ? trim($_POST['customfield'][$row['col_name']]) : '';
  347. // We only care for text fields as the others are valid to be empty.
  348. if (!in_array($row['field_type'], array('check', 'select', 'radio')))
  349. {
  350. // Is it too long?
  351. if ($row['field_length'] && $row['field_length'] < $smcFunc['strlen']($value))
  352. $custom_field_errors[] = array('custom_field_too_long', array($row['field_name'], $row['field_length']));
  353. // Any masks to apply?
  354. if ($row['field_type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none')
  355. {
  356. //!!! We never error on this - just ignore it at the moment...
  357. if ($row['mask'] == 'email' && (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $value) === 0 || strlen($value) > 255))
  358. $custom_field_errors[] = array('custom_field_invalid_email', array($row['field_name']));
  359. elseif ($row['mask'] == 'number' && preg_match('~[^\d]~', $value))
  360. $custom_field_errors[] = array('custom_field_not_number', array($row['field_name']));
  361. elseif (substr($row['mask'], 0, 5) == 'regex' && preg_match(substr($row['mask'], 5), $value) === 0)
  362. $custom_field_errors[] = array('custom_field_inproper_format', array($row['field_name']));
  363. }
  364. }
  365. // Is this required but not there?
  366. if (trim($value) == '' && $row['show_reg'] > 1)
  367. $custom_field_errors[] = array('custom_field_empty', array($row['field_name']));
  368. }
  369. $smcFunc['db_free_result']($request);
  370. // Process any errors.
  371. if (!empty($custom_field_errors))
  372. {
  373. loadLanguage('Errors');
  374. foreach ($custom_field_errors as $error)
  375. $reg_errors[] = vsprintf($txt['error_' . $error[0]], $error[1]);
  376. }
  377. // Lets check for other errors before trying to register the member.
  378. if (!empty($reg_errors))
  379. {
  380. $_REQUEST['step'] = 2;
  381. return Register($reg_errors);
  382. }
  383. // If they're wanting to use OpenID we need to validate them first.
  384. if (empty($_SESSION['openid']['verified']) && !empty($_POST['authenticate']) && $_POST['authenticate'] == 'openid')
  385. {
  386. // What do we need to save?
  387. $save_variables = array();
  388. foreach ($_POST as $k => $v)
  389. if (!in_array($k, array('sc', 'sesc', $context['session_var'], 'passwrd1', 'passwrd2', 'regSubmit')))
  390. $save_variables[$k] = $v;
  391. require_once($sourcedir . '/Subs-OpenID.php');
  392. smf_openID_validate($_POST['openid_identifier'], false, $save_variables);
  393. }
  394. // If we've come from OpenID set up some default stuff.
  395. elseif ($verifiedOpenID || (!empty($_POST['openid_identifier']) && $_POST['authenticate'] == 'openid'))
  396. {
  397. $regOptions['username'] = !empty($_POST['user']) && trim($_POST['user']) != '' ? $_POST['user'] : $_SESSION['openid']['nickname'];
  398. $regOptions['email'] = !empty($_POST['email']) && trim($_POST['email']) != '' ? $_POST['email'] : $_SESSION['openid']['email'];
  399. $regOptions['auth_method'] = 'openid';
  400. $regOptions['openid'] = !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : $_SESSION['openid']['openid_uri'];
  401. }
  402. $memberID = registerMember($regOptions, true);
  403. // What there actually an error of some kind dear boy?
  404. if (is_array($memberID))
  405. {
  406. $reg_errors = array_merge($reg_errors, $memberID);
  407. $_REQUEST['step'] = 2;
  408. return Register($reg_errors);
  409. }
  410. // Do our spam protection now.
  411. spamProtection('register');
  412. // We'll do custom fields after as then we get to use the helper function!
  413. if (!empty($_POST['customfield']))
  414. {
  415. require_once($sourcedir . '/Profile.php');
  416. require_once($sourcedir . '/Profile-Modify.php');
  417. makeCustomFieldChanges($memberID, 'register');
  418. }
  419. // If COPPA has been selected then things get complicated, setup the template.
  420. if (!empty($modSettings['coppaAge']) && empty($_SESSION['skip_coppa']))
  421. redirectexit('action=coppa;member=' . $memberID);
  422. // Basic template variable setup.
  423. elseif (!empty($modSettings['registration_method']))
  424. {
  425. loadTemplate('Register');
  426. $context += array(
  427. 'page_title' => $txt['register'],
  428. 'title' => $txt['registration_successful'],
  429. 'sub_template' => 'after',
  430. 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']
  431. );
  432. }
  433. else
  434. {
  435. call_integration_hook('integrate_activate', array($row['member_name']));
  436. setLoginCookie(60 * $modSettings['cookieTime'], $memberID, sha1(sha1(strtolower($regOptions['username']) . $regOptions['password']) . $regOptions['register_vars']['password_salt']));
  437. redirectexit('action=login2;sa=check;member=' . $memberID, $context['server']['needs_login_fix']);
  438. }
  439. }
  440. function Activate()
  441. {
  442. global $context, $txt, $modSettings, $scripturl, $sourcedir, $smcFunc, $language;
  443. loadLanguage('Login');
  444. loadTemplate('Login');
  445. if (empty($_REQUEST['u']) && empty($_POST['user']))
  446. {
  447. if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == 3)
  448. fatal_lang_error('no_access', false);
  449. $context['member_id'] = 0;
  450. $context['sub_template'] = 'resend';
  451. $context['page_title'] = $txt['invalid_activation_resend'];
  452. $context['can_activate'] = empty($modSettings['registration_method']) || $modSettings['registration_method'] == 1;
  453. $context['default_username'] = isset($_GET['user']) ? $_GET['user'] : '';
  454. return;
  455. }
  456. // Get the code from the database...
  457. $request = $smcFunc['db_query']('', '
  458. SELECT id_member, validation_code, member_name, real_name, email_address, is_activated, passwd, lngfile
  459. FROM {db_prefix}members' . (empty($_REQUEST['u']) ? '
  460. WHERE member_name = {string:email_address} OR email_address = {string:email_address}' : '
  461. WHERE id_member = {int:id_member}') . '
  462. LIMIT 1',
  463. array(
  464. 'id_member' => isset($_REQUEST['u']) ? (int) $_REQUEST['u'] : 0,
  465. 'email_address' => isset($_POST['user']) ? $_POST['user'] : '',
  466. )
  467. );
  468. // Does this user exist at all?
  469. if ($smcFunc['db_num_rows']($request) == 0)
  470. {
  471. $context['sub_template'] = 'retry_activate';
  472. $context['page_title'] = $txt['invalid_userid'];
  473. $context['member_id'] = 0;
  474. return;
  475. }
  476. $row = $smcFunc['db_fetch_assoc']($request);
  477. $smcFunc['db_free_result']($request);
  478. // Change their email address? (they probably tried a fake one first :P.)
  479. if (isset($_POST['new_email'], $_REQUEST['passwd']) && sha1(strtolower($row['member_name']) . $_REQUEST['passwd']) == $row['passwd'])
  480. {
  481. if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == 3)
  482. fatal_lang_error('no_access', false);
  483. // !!! Separate the sprintf?
  484. if (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $_POST['new_email']) == 0)
  485. fatal_error(sprintf($txt['valid_email_needed'], htmlspecialchars($_POST['new_email'])), false);
  486. // Make sure their email isn't banned.
  487. isBannedEmail($_POST['new_email'], 'cannot_register', $txt['ban_register_prohibited']);
  488. // Ummm... don't even dare try to take someone else's email!!
  489. $request = $smcFunc['db_query']('', '
  490. SELECT id_member
  491. FROM {db_prefix}members
  492. WHERE email_address = {string:email_address}
  493. LIMIT 1',
  494. array(
  495. 'email_address' => $_POST['new_email'],
  496. )
  497. );
  498. // !!! Separate the sprintf?
  499. if ($smcFunc['db_num_rows']($request) != 0)
  500. fatal_lang_error('email_in_use', false, array(htmlspecialchars($_POST['new_email'])));
  501. $smcFunc['db_free_result']($request);
  502. updateMemberData($row['id_member'], array('email_address' => $_POST['new_email']));
  503. $row['email_address'] = $_POST['new_email'];
  504. $email_change = true;
  505. }
  506. // Resend the password, but only if the account wasn't activated yet.
  507. if (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'resend' && ($row['is_activated'] == 0 || $row['is_activated'] == 2) && (!isset($_REQUEST['code']) || $_REQUEST['code'] == ''))
  508. {
  509. require_once($sourcedir . '/Subs-Post.php');
  510. $replacements = array(
  511. 'REALNAME' => $row['real_name'],
  512. 'USERNAME' => $row['member_name'],
  513. 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $row['id_member'] . ';code=' . $row['validation_code'],
  514. 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $row['id_member'],
  515. 'ACTIVATIONCODE' => $row['validation_code'],
  516. 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder',
  517. );
  518. $emaildata = loadEmailTemplate('resend_activate_message', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
  519. sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
  520. $context['page_title'] = $txt['invalid_activation_resend'];
  521. // This will ensure we don't actually get an error message if it works!
  522. $context['error_title'] = '';
  523. fatal_lang_error(!empty($email_change) ? 'change_email_success' : 'resend_email_success', false);
  524. }
  525. // Quit if this code is not right.
  526. if (empty($_REQUEST['code']) || $row['validation_code'] != $_REQUEST['code'])
  527. {
  528. if (!empty($row['is_activated']))
  529. fatal_lang_error('already_activated', false);
  530. elseif ($row['validation_code'] == '')
  531. {
  532. loadLanguage('Profile');
  533. fatal_error($txt['registration_not_approved'] . ' <a href="' . $scripturl . '?action=activate;user=' . $row['member_name'] . '">' . $txt['here'] . '</a>.', false);
  534. }
  535. $context['sub_template'] = 'retry_activate';
  536. $context['page_title'] = $txt['invalid_activation_code'];
  537. $context['member_id'] = $row['id_member'];
  538. return;
  539. }
  540. // Let the integration know that they've been activated!
  541. call_integration_hook('integrate_activate', array($row['member_name']));
  542. // Validation complete - update the database!
  543. updateMemberData($row['id_member'], array('is_activated' => 1, 'validation_code' => ''));
  544. // Also do a proper member stat re-evaluation.
  545. updateStats('member', false);
  546. if (!isset($_POST['new_email']))
  547. {
  548. require_once($sourcedir . '/Subs-Post.php');
  549. adminNotify('activation', $row['id_member'], $row['member_name']);
  550. }
  551. $context += array(
  552. 'page_title' => $txt['registration_successful'],
  553. 'sub_template' => 'login',
  554. 'default_username' => $row['member_name'],
  555. 'default_password' => '',
  556. 'never_expire' => false,
  557. 'description' => $txt['activate_success']
  558. );
  559. }
  560. // This function will display the contact information for the forum, as well a form to fill in.
  561. function CoppaForm()
  562. {
  563. global $context, $modSettings, $txt, $smcFunc;
  564. loadLanguage('Login');
  565. loadTemplate('Register');
  566. // No User ID??
  567. if (!isset($_GET['member']))
  568. fatal_lang_error('no_access', false);
  569. // Get the user details...
  570. $request = $smcFunc['db_query']('', '
  571. SELECT member_name
  572. FROM {db_prefix}members
  573. WHERE id_member = {int:id_member}
  574. AND is_activated = {int:is_coppa}',
  575. array(
  576. 'id_member' => (int) $_GET['member'],
  577. 'is_coppa' => 5,
  578. )
  579. );
  580. if ($smcFunc['db_num_rows']($request) == 0)
  581. fatal_lang_error('no_access', false);
  582. list ($username) = $smcFunc['db_fetch_row']($request);
  583. $smcFunc['db_free_result']($request);
  584. if (isset($_GET['form']))
  585. {
  586. // Some simple contact stuff for the forum.
  587. $context['forum_contacts'] = (!empty($modSettings['coppaPost']) ? $modSettings['coppaPost'] . '<br /><br />' : '') . (!empty($modSettings['coppaFax']) ? $modSettings['coppaFax'] . '<br />' : '');
  588. $context['forum_contacts'] = !empty($context['forum_contacts']) ? $context['forum_name_html_safe'] . '<br />' . $context['forum_contacts'] : '';
  589. // Showing template?
  590. if (!isset($_GET['dl']))
  591. {
  592. // Shortcut for producing underlines.
  593. $context['ul'] = '<u>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</u>';
  594. $context['template_layers'] = array();
  595. $context['sub_template'] = 'coppa_form';
  596. $context['page_title'] = $txt['coppa_form_title'];
  597. $context['coppa_body'] = str_replace(array('{PARENT_NAME}', '{CHILD_NAME}', '{USER_NAME}'), array($context['ul'], $context['ul'], $username), $txt['coppa_form_body']);
  598. }
  599. // Downloading.
  600. else
  601. {
  602. // The data.
  603. $ul = ' ';
  604. $crlf = "\r\n";
  605. $data = $context['forum_contacts'] . $crlf . $txt['coppa_form_address'] . ':' . $crlf . $txt['coppa_form_date'] . ':' . $crlf . $crlf . $crlf . $txt['coppa_form_body'];
  606. $data = str_replace(array('{PARENT_NAME}', '{CHILD_NAME}', '{USER_NAME}', '<br>', '<br />'), array($ul, $ul, $username, $crlf, $crlf), $data);
  607. // Send the headers.
  608. header('Connection: close');
  609. header('Content-Disposition: attachment; filename="approval.txt"');
  610. header('Content-Type: ' . ($context['browser']['is_ie'] || $context['browser']['is_opera'] ? 'application/octetstream' : 'application/octet-stream'));
  611. header('Content-Length: ' . count($data));
  612. echo $data;
  613. obExit(false);
  614. }
  615. }
  616. else
  617. {
  618. $context += array(
  619. 'page_title' => $txt['coppa_title'],
  620. 'sub_template' => 'coppa',
  621. );
  622. $context['coppa'] = array(
  623. 'body' => str_replace('{MINIMUM_AGE}', $modSettings['coppaAge'], $txt['coppa_after_registration']),
  624. 'many_options' => !empty($modSettings['coppaPost']) && !empty($modSettings['coppaFax']),
  625. 'post' => empty($modSettings['coppaPost']) ? '' : $modSettings['coppaPost'],
  626. 'fax' => empty($modSettings['coppaFax']) ? '' : $modSettings['coppaFax'],
  627. 'phone' => empty($modSettings['coppaPhone']) ? '' : str_replace('{PHONE_NUMBER}', $modSettings['coppaPhone'], $txt['coppa_send_by_phone']),
  628. 'id' => $_GET['member'],
  629. );
  630. }
  631. }
  632. // Show the verification code or let it hear.
  633. function VerificationCode()
  634. {
  635. global $sourcedir, $modSettings, $context, $scripturl;
  636. $verification_id = isset($_GET['vid']) ? $_GET['vid'] : '';
  637. $code = $verification_id && isset($_SESSION[$verification_id . '_vv']) ? $_SESSION[$verification_id . '_vv']['code'] : (isset($_SESSION['visual_verification_code']) ? $_SESSION['visual_verification_code'] : '');
  638. // Somehow no code was generated or the session was lost.
  639. if (empty($code))
  640. {
  641. header('Content-Type: image/gif');
  642. die("\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B");
  643. }
  644. // Show a window that will play the verification code.
  645. elseif (isset($_REQUEST['sound']))
  646. {
  647. loadLanguage('Login');
  648. loadTemplate('Register');
  649. $context['verification_sound_href'] = $scripturl . '?action=verificationcode;rand=' . md5(mt_rand()) . ($verification_id ? ';vid=' . $verification_id : '') . ';format=.wav';
  650. $context['sub_template'] = 'verification_sound';
  651. $context['template_layers'] = array();
  652. obExit();
  653. }
  654. // If we have GD, try the nice code.
  655. elseif (empty($_REQUEST['format']))
  656. {
  657. require_once($sourcedir . '/Subs-Graphics.php');
  658. if (in_array('gd', get_loaded_extensions()) && !showCodeImage($code))
  659. header('HTTP/1.1 400 Bad Request');
  660. // Otherwise just show a pre-defined letter.
  661. elseif (isset($_REQUEST['letter']))
  662. {
  663. $_REQUEST['letter'] = (int) $_REQUEST['letter'];
  664. if ($_REQUEST['letter'] > 0 && $_REQUEST['letter'] <= strlen($code) && !showLetterImage(strtolower($code{$_REQUEST['letter'] - 1})))
  665. {
  666. header('Content-Type: image/gif');
  667. die("\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B");
  668. }
  669. }
  670. // You must be up to no good.
  671. else
  672. {
  673. header('Content-Type: image/gif');
  674. die("\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B");
  675. }
  676. }
  677. elseif ($_REQUEST['format'] === '.wav')
  678. {
  679. require_once($sourcedir . '/Subs-Sound.php');
  680. if (!createWaveFile($code))
  681. header('HTTP/1.1 400 Bad Request');
  682. }
  683. // We all die one day...
  684. die();
  685. }
  686. // See if a username already exists.
  687. function RegisterCheckUsername()
  688. {
  689. global $sourcedir, $smcFunc, $context, $txt;
  690. // This is XML!
  691. loadTemplate('Xml');
  692. $context['sub_template'] = 'check_username';
  693. $context['checked_username'] = isset($_GET['username']) ? $_GET['username'] : '';
  694. $context['valid_username'] = true;
  695. // Clean it up like mother would.
  696. $context['checked_username'] = preg_replace('~[\t\n\r\x0B\0' . ($context['utf8'] ? ($context['server']['complex_preg_chars'] ? '\x{A0}' : "\xC2\xA0") : '\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $context['checked_username']);
  697. if ($smcFunc['strlen']($context['checked_username']) > 25)
  698. $context['checked_username'] = $smcFunc['htmltrim']($smcFunc['substr']($context['checked_username'], 0, 25));
  699. // Only these characters are permitted.
  700. if (preg_match('~[<>&"\'=\\\]~', preg_replace('~&#(?:\\d{1,7}|x[0-9a-fA-F]{1,6});~', '', $context['checked_username'])) != 0 || $context['checked_username'] == '_' || $context['checked_username'] == '|' || strpos($context['checked_username'], '[code') !== false || strpos($context['checked_username'], '[/code') !== false)
  701. $context['valid_username'] = false;
  702. if (stristr($context['checked_username'], $txt['guest_title']) !== false)
  703. $context['valid_username'] = false;
  704. if (trim($context['checked_username']) == '')
  705. $context['valid_username'] = false;
  706. else
  707. {
  708. require_once($sourcedir . '/Subs-Members.php');
  709. $context['valid_username'] &= isReservedName($context['checked_username'], 0, false, false) ? 0 : 1;
  710. }
  711. }
  712. ?>