1<?php 2 /**************************************************************************\ 3 * phpGroupWare - Registration * 4 * http://www.phpgroupware.org * 5 * This application written by Joseph Engo <jengo@phpgroupware.org> * 6 * Modified by Jason Wies (Zone) <zone@users.sourceforge.net> * 7 * Modified by Loic Dachary <loic@gnu.org> * 8 * -------------------------------------------- * 9 * Funding for this program was provided by http://www.checkwithmom.com * 10 * -------------------------------------------- * 11 * This program is free software; you can redistribute it and/or modify it * 12 * under the terms of the GNU General Public License as published by the * 13 * Free Software Foundation; either version 2 of the License, or (at your * 14 * option) any later version. * 15 \**************************************************************************/ 16 17 /* $Id: class.soreg.inc.php 12131 2003-03-25 22:55:28Z $ */ 18 19 class soreg 20 { 21 var $reg_id; 22 var $db; 23 24 function soreg() 25 { 26 $this->db = $GLOBALS['phpgw']->db; 27 } 28 29 function account_exists($account_lid) 30 { 31 $this->db->lock('phpgw_reg_accounts'); 32 $this->db->query("select count(*) from phpgw_reg_accounts where reg_lid='$account_lid'",__LINE__,__FILE__); 33 $this->db->next_record(); 34 35 $GLOBALS['phpgw']->db->lock('phpgw_accounts'); 36 if ($GLOBALS['phpgw']->accounts->exists($account_lid) || $this->db->f(0)) 37 { 38 $GLOBALS['phpgw']->db->unlock(); 39 $this->db->unlock(); 40 return True; 41 } 42 else 43 { 44 $GLOBALS['phpgw']->db->unlock(); 45 // To prevent race conditions, reserve the account_lid 46 $this->db->query("insert into phpgw_reg_accounts values ('','$account_lid','','" . time() . "')",__LINE__,__FILE__); 47 $this->db->unlock(); 48 $GLOBALS['phpgw']->session->appsession('loginid','registration',$account_lid); 49 return False; 50 } 51 } 52 53 function step2($fields) 54 { 55 global $config, $SERVER_NAME; 56 57 $smtp = createobject('phpgwapi.send'); 58 59 // We are not going to use link(), because we may not have the same sessionid by that time 60 // If we do, it will not affect it 61 $url = $GLOBALS['phpgw_info']['server']['webserver_url'] . "/registration/main.php"; 62 63 $this->reg_id = md5(time() . $account_lid . $GLOBALS['phpgw']->common->randomstring(32)); 64 $account_lid = $GLOBALS['phpgw']->session->appsession('loginid','registration'); 65 66 $GLOBALS['phpgw']->db->query("update phpgw_reg_accounts set reg_id='" . $this->reg_id . "', reg_dla='" 67 . time() . "', reg_info='" . base64_encode(serialize($fields)) 68 . "' where reg_lid='$account_lid'",__LINE__,__FILE__); 69 70 $GLOBALS['phpgw']->template->set_file(array( 71 'message' => 'confirm_email.tpl' 72 )); 73 74 if ($fields['n_given']) 75 { 76 $GLOBALS['phpgw']->template->set_var ('firstname', $fields['n_given'] . ' '); 77 } 78 79 if ($fields['n_family']) 80 { 81 $GLOBALS['phpgw']->template->set_var ('lastname', $fields['n_family'] . ' '); 82 } 83 84 $GLOBALS['phpgw']->template->set_var ('activate_url',$url . '?menuaction=registration.boreg.step4®_id='. $this->reg_id); 85 86 if ($config['support_email']) 87 { 88 $GLOBALS['phpgw']->template->set_var ('support_email_text', lang ('Report all problems and abuse to')); 89 $GLOBALS['phpgw']->template->set_var ('support_email', $config['support_email']); 90 } 91 92 $subject = $config['subject_confirm'] ? lang($config['subject_confirm']) : lang('Account registration'); 93 $noreply = $config['mail_nobody'] ? ('No reply <' . $config['mail_nobody'] . '>') : ('No reply <noreply@' . $SERVER_NAME . '>'); 94 95 $smtp->msg('email',$fields['email'],$subject,$GLOBALS['phpgw']->template->fp('out','message'),'','','',$noreply); 96 97 return $this->reg_id; 98 } 99 100 // 101 // username 102 // 103 function lostpw1($account_lid) 104 { 105 global $SERVER_NAME, $config; 106 107 $url = $GLOBALS['phpgw_info']['server']['webserver_url'] . "/registration/main.php"; 108 109 $error = ''; 110 111 // 112 // Remember md5 string sent by mail 113 // 114 $reg_id = md5(time() . $account_lid . $GLOBALS['phpgw']->common->randomstring(32)); 115 $this->db->query("insert into phpgw_reg_accounts values ('$reg_id','$account_lid','','" . time() . "')",__LINE__,__FILE__); 116 117 // 118 // Send the mail that will allow to change the password 119 // 120 $GLOBALS['phpgw']->db->query("select * from phpgw_accounts, phpgw_addressbook where account_lid='$account_lid' and phpgw_addressbook.lid='*$account_lid*'",__LINE__,__FILE__); 121 $GLOBALS['phpgw']->db->next_record(); 122 123 $info = array( 124 'firstname' => $GLOBALS['phpgw']->db->f('account_firstname'), 125 'lastname' => $GLOBALS['phpgw']->db->f('account_lastname'), 126 'email' => $GLOBALS['phpgw']->db->f('email') 127 ); 128 129 if ($GLOBALS['phpgw']->db->f('account_lid')) 130 { 131 $smtp = createobject('phpgwapi.send'); 132 133 $GLOBALS['phpgw']->template->set_file(array( 134 'message' => 'lostpw_email.tpl' 135 )); 136 $GLOBALS['phpgw']->template->set_var('firstname',$info['firstname']); 137 $GLOBALS['phpgw']->template->set_var('lastname',$info['lastname']); 138 $GLOBALS['phpgw']->template->set_var('activate_url',$url . '?menuaction=registration.boreg.lostpw2®_id=' . $reg_id); 139 140 $subject = $config['subject_lostpw'] ? lang($config['subject_lostpw']) : lang('Account password retrieval'); 141 $noreply = $config['mail_nobody'] ? ('No reply <' . $config['mail_nobody'] . '>') : ('No reply <noreply@' . $SERVER_NAME . '>'); 142 143 $smtp->msg('email',$info['email'],$subject,$GLOBALS['phpgw']->template->fp('out','message'),'','','',$noreply); 144 } 145 else 146 { 147 $error = "Account $account_lid record could not be found, report to site administrator"; 148 } 149 150 return $error; 151 } 152 153 // 154 // link sent by mail 155 // 156 function lostpw2($account_lid) 157 { 158 $GLOBALS['phpgw']->db->query("select account_id from phpgw_accounts where account_lid='$account_lid'",__LINE__,__FILE__); 159 $GLOBALS['phpgw']->db->next_record(); 160 $account_id = $GLOBALS['phpgw']->db->f('account_id'); 161 162 $GLOBALS['phpgw']->session->appsession('loginid','registration',$account_lid); 163 $GLOBALS['phpgw']->session->appsession('id','registration',$account_id); 164 } 165 166 // 167 // new password 168 // 169 function lostpw3($account_lid, $passwd) 170 { 171 $auth = createobject('phpgwapi.auth'); 172 $auth->change_password('supposed to be old password', $passwd, $GLOBALS['phpgw']->session->appsession('id','registration')); 173 174 $GLOBALS['phpgw']->db->query("delete from phpgw_reg_accounts where reg_lid='$account_lid'",__LINE__,__FILE__); 175 } 176 177 function valid_reg($reg_id) 178 { 179 $GLOBALS['phpgw']->db->query("select * from phpgw_reg_accounts where reg_id='$reg_id'",__LINE__,__FILE__); 180 $GLOBALS['phpgw']->db->next_record(); 181 182 if ($GLOBALS['phpgw']->db->f('reg_id')) 183 { 184 return array( 185 'reg_id' => $GLOBALS['phpgw']->db->f('reg_id'), 186 'reg_lid' => $GLOBALS['phpgw']->db->f('reg_lid'), 187 'reg_info' => $GLOBALS['phpgw']->db->f('reg_info'), 188 'reg_dla' => $GLOBALS['phpgw']->db->f('reg_dla') 189 ); 190 } 191 else 192 { 193 echo False; 194 } 195 } 196 197 function delete_reg_info($reg_id) 198 { 199 $this->db->query("delete from phpgw_reg_accounts where reg_id='$reg_id'",__LINE__,__FILE__); 200 } 201 202 function create_account($account_lid,$_reg_info) 203 { 204 global $config, $reg_info; 205 206 $fields = unserialize(base64_decode($_reg_info)); 207 $fields['lid'] = "*$account_lid*"; 208 209 $reg_info['lid'] = $account_lid; 210 $reg_info['fields'] = $fields; 211 212 $account_id = $GLOBALS['phpgw_info']['user']['account_id'] = $GLOBALS['phpgw']->accounts->auto_add($account_lid,$fields['passwd'],True,False,0,'A'); 213 214 if (!$account_id) 215 { 216 return False; 217 } 218 219 $accounts = createobject('phpgwapi.accounts',$account_id); 220 $contacts = createobject('phpgwapi.contacts'); 221 222 $GLOBALS['phpgw']->db->transaction_begin(); 223 $accounts->read_repository(); 224 $accounts->data['firstname'] = $fields['n_given']; 225 $accounts->data['lastname'] = $fields['n_family']; 226 $accounts->save_repository(); 227 228 $contact_fields = $fields; 229 230 if ($contact_fields['bday_day']) 231 { 232 $contact_fields['bday'] = $contact_fields['bday_month'] . '/' . $contact_fields['bday_day'] . '/' . $contact_fields['bday_year']; 233 } 234 235 /* There are certain things we don't want stored in contacts */ 236 unset ($contact_fields['passwd']); 237 unset ($contact_fields['passwd_confirm']); 238 unset ($contact_fields['bday_day']); 239 unset ($contact_fields['bday_month']); 240 unset ($contact_fields['bday_year']); 241 242 /* Don't store blank values either */ 243 reset ($contact_fields); 244 while (list ($num, $field) = each ($contact_fields)) 245 { 246 if (!$contact_fields[$num]) 247 { 248 unset ($contact_fields[$num]); 249 } 250 } 251 252 $contacts->add($account_id,$contact_fields,0,'P'); 253 254 $GLOBALS['phpgw']->db->transaction_commit(); 255 256 $accounts->read_repository(); 257 if ($config['trial_accounts']) 258 { 259 $accounts->data['expires'] = time() + ((60 * 60) * ($config['days_until_trial_account_expires'] * 24)); 260 } 261 else 262 { 263 $accounts->data['expires'] = -1; 264 } 265 $accounts->data['status'] = 'A'; 266 $accounts->save_repository(); 267 268 #if(@stat(PHPGW_SERVER_ROOT . '/messenger/inc/hook_registration.inc.php')) 269 #{ 270 # include(PHPGW_SERVER_ROOT . '/messenger/inc/hook_registration.inc.php'); 271 #} 272 } 273 } 274