1<?php
2	/**************************************************************************\
3	* phpGroupWare - Registration                                              *
4	* http://www.phpgroupware.org                                              *
5	* This application written by Joseph Engo <jengo@phpgroupware.org>         *
6	* Modified by Jason Wies (Zone) <zone@users.sourceforge.net>               *
7	* Modified by Loic Dachary <loic@gnu.org>                                  *
8	* --------------------------------------------                             *
9	* Funding for this program was provided by http://www.checkwithmom.com     *
10	* --------------------------------------------                             *
11	*  This program is free software; you can redistribute it and/or modify it *
12	*  under the terms of the GNU General Public License as published by the   *
13	*  Free Software Foundation; either version 2 of the License, or (at your  *
14	*  option) any later version.                                              *
15	\**************************************************************************/
16
17	/* $Id: class.soreg.inc.php 12131 2003-03-25 22:55:28Z  $ */
18
19	class soreg
20	{
21		var $reg_id;
22		var $db;
23
24		function soreg()
25		{
26			$this->db = $GLOBALS['phpgw']->db;
27		}
28
29		function account_exists($account_lid)
30		{
31			$this->db->lock('phpgw_reg_accounts');
32			$this->db->query("select count(*) from phpgw_reg_accounts where reg_lid='$account_lid'",__LINE__,__FILE__);
33			$this->db->next_record();
34
35			$GLOBALS['phpgw']->db->lock('phpgw_accounts');
36			if ($GLOBALS['phpgw']->accounts->exists($account_lid) || $this->db->f(0))
37			{
38				$GLOBALS['phpgw']->db->unlock();
39				$this->db->unlock();
40				return True;
41			}
42			else
43			{
44				$GLOBALS['phpgw']->db->unlock();
45				// To prevent race conditions, reserve the account_lid
46				$this->db->query("insert into phpgw_reg_accounts values ('','$account_lid','','" . time() . "')",__LINE__,__FILE__);
47				$this->db->unlock();
48				$GLOBALS['phpgw']->session->appsession('loginid','registration',$account_lid);
49				return False;
50			}
51		}
52
53		function step2($fields)
54		{
55			global $config, $SERVER_NAME;
56
57			$smtp = createobject('phpgwapi.send');
58
59			// We are not going to use link(), because we may not have the same sessionid by that time
60			// If we do, it will not affect it
61			$url = $GLOBALS['phpgw_info']['server']['webserver_url'] . "/registration/main.php";
62
63			$this->reg_id = md5(time() . $account_lid . $GLOBALS['phpgw']->common->randomstring(32));
64			$account_lid  = $GLOBALS['phpgw']->session->appsession('loginid','registration');
65
66			$GLOBALS['phpgw']->db->query("update phpgw_reg_accounts set reg_id='" . $this->reg_id . "', reg_dla='"
67				. time() . "', reg_info='" . base64_encode(serialize($fields))
68				. "' where reg_lid='$account_lid'",__LINE__,__FILE__);
69
70			$GLOBALS['phpgw']->template->set_file(array(
71				'message' => 'confirm_email.tpl'
72			));
73
74			if ($fields['n_given'])
75			{
76				$GLOBALS['phpgw']->template->set_var ('firstname', $fields['n_given'] . ' ');
77			}
78
79			if ($fields['n_family'])
80			{
81				$GLOBALS['phpgw']->template->set_var ('lastname', $fields['n_family'] . ' ');
82			}
83
84			$GLOBALS['phpgw']->template->set_var ('activate_url',$url . '?menuaction=registration.boreg.step4&reg_id='. $this->reg_id);
85
86			if ($config['support_email'])
87			{
88				$GLOBALS['phpgw']->template->set_var ('support_email_text', lang ('Report all problems and abuse to'));
89				$GLOBALS['phpgw']->template->set_var ('support_email', $config['support_email']);
90			}
91
92			$subject = $config['subject_confirm'] ? lang($config['subject_confirm']) : lang('Account registration');
93			$noreply = $config['mail_nobody'] ? ('No reply <' . $config['mail_nobody'] . '>') : ('No reply <noreply@' . $SERVER_NAME . '>');
94
95			$smtp->msg('email',$fields['email'],$subject,$GLOBALS['phpgw']->template->fp('out','message'),'','','',$noreply);
96
97			return $this->reg_id;
98		}
99
100		//
101		// username
102		//
103		function lostpw1($account_lid)
104		{
105			global $SERVER_NAME, $config;
106
107			$url = $GLOBALS['phpgw_info']['server']['webserver_url'] . "/registration/main.php";
108
109			$error = '';
110
111			//
112			// Remember md5 string sent by mail
113			//
114			$reg_id = md5(time() . $account_lid . $GLOBALS['phpgw']->common->randomstring(32));
115			$this->db->query("insert into phpgw_reg_accounts values ('$reg_id','$account_lid','','" . time() . "')",__LINE__,__FILE__);
116
117			//
118			// Send the mail that will allow to change the password
119			//
120			$GLOBALS['phpgw']->db->query("select * from phpgw_accounts, phpgw_addressbook where account_lid='$account_lid' and phpgw_addressbook.lid='*$account_lid*'",__LINE__,__FILE__);
121			$GLOBALS['phpgw']->db->next_record();
122
123			$info = array(
124				'firstname' => $GLOBALS['phpgw']->db->f('account_firstname'),
125				'lastname' => $GLOBALS['phpgw']->db->f('account_lastname'),
126				'email' => $GLOBALS['phpgw']->db->f('email')
127			);
128
129			if ($GLOBALS['phpgw']->db->f('account_lid'))
130			{
131				$smtp = createobject('phpgwapi.send');
132
133				$GLOBALS['phpgw']->template->set_file(array(
134					'message' => 'lostpw_email.tpl'
135				));
136				$GLOBALS['phpgw']->template->set_var('firstname',$info['firstname']);
137				$GLOBALS['phpgw']->template->set_var('lastname',$info['lastname']);
138				$GLOBALS['phpgw']->template->set_var('activate_url',$url . '?menuaction=registration.boreg.lostpw2&reg_id=' . $reg_id);
139
140				$subject = $config['subject_lostpw'] ? lang($config['subject_lostpw']) : lang('Account password retrieval');
141				$noreply = $config['mail_nobody'] ? ('No reply <' . $config['mail_nobody'] . '>') : ('No reply <noreply@' . $SERVER_NAME . '>');
142
143				$smtp->msg('email',$info['email'],$subject,$GLOBALS['phpgw']->template->fp('out','message'),'','','',$noreply);
144			}
145			else
146			{
147				$error = "Account $account_lid record could not be found, report to site administrator";
148			}
149
150			return $error;
151		}
152
153		//
154		// link sent by mail
155		//
156		function lostpw2($account_lid)
157		{
158			$GLOBALS['phpgw']->db->query("select account_id from phpgw_accounts where account_lid='$account_lid'",__LINE__,__FILE__);
159			$GLOBALS['phpgw']->db->next_record();
160			$account_id = $GLOBALS['phpgw']->db->f('account_id');
161
162			$GLOBALS['phpgw']->session->appsession('loginid','registration',$account_lid);
163			$GLOBALS['phpgw']->session->appsession('id','registration',$account_id);
164		}
165
166		//
167		// new password
168		//
169		function lostpw3($account_lid, $passwd)
170		{
171			$auth = createobject('phpgwapi.auth');
172			$auth->change_password('supposed to be old password', $passwd, $GLOBALS['phpgw']->session->appsession('id','registration'));
173
174			$GLOBALS['phpgw']->db->query("delete from phpgw_reg_accounts where reg_lid='$account_lid'",__LINE__,__FILE__);
175		}
176
177		function valid_reg($reg_id)
178		{
179			$GLOBALS['phpgw']->db->query("select * from phpgw_reg_accounts where reg_id='$reg_id'",__LINE__,__FILE__);
180			$GLOBALS['phpgw']->db->next_record();
181
182			if ($GLOBALS['phpgw']->db->f('reg_id'))
183			{
184				return array(
185					'reg_id'   => $GLOBALS['phpgw']->db->f('reg_id'),
186					'reg_lid'  => $GLOBALS['phpgw']->db->f('reg_lid'),
187					'reg_info' => $GLOBALS['phpgw']->db->f('reg_info'),
188					'reg_dla'  => $GLOBALS['phpgw']->db->f('reg_dla')
189				);
190			}
191			else
192			{
193				echo False;
194			}
195		}
196
197		function delete_reg_info($reg_id)
198		{
199			$this->db->query("delete from phpgw_reg_accounts where reg_id='$reg_id'",__LINE__,__FILE__);
200		}
201
202		function create_account($account_lid,$_reg_info)
203		{
204			global $config, $reg_info;
205
206			$fields             = unserialize(base64_decode($_reg_info));
207			$fields['lid'] = "*$account_lid*";
208
209			$reg_info['lid']    = $account_lid;
210			$reg_info['fields'] = $fields;
211
212			$account_id = $GLOBALS['phpgw_info']['user']['account_id'] = $GLOBALS['phpgw']->accounts->auto_add($account_lid,$fields['passwd'],True,False,0,'A');
213
214			if (!$account_id)
215			{
216				return False;
217			}
218
219			$accounts   = createobject('phpgwapi.accounts',$account_id);
220			$contacts   = createobject('phpgwapi.contacts');
221
222			$GLOBALS['phpgw']->db->transaction_begin();
223			$accounts->read_repository();
224			$accounts->data['firstname'] = $fields['n_given'];
225			$accounts->data['lastname']  = $fields['n_family'];
226			$accounts->save_repository();
227
228			$contact_fields = $fields;
229
230			if ($contact_fields['bday_day'])
231			{
232				$contact_fields['bday'] = $contact_fields['bday_month'] . '/' . $contact_fields['bday_day'] . '/' . $contact_fields['bday_year'];
233			}
234
235			/* There are certain things we don't want stored in contacts */
236			unset ($contact_fields['passwd']);
237			unset ($contact_fields['passwd_confirm']);
238			unset ($contact_fields['bday_day']);
239			unset ($contact_fields['bday_month']);
240			unset ($contact_fields['bday_year']);
241
242			/* Don't store blank values either */
243			reset ($contact_fields);
244			while (list ($num, $field) = each ($contact_fields))
245			{
246				if (!$contact_fields[$num])
247				{
248					unset ($contact_fields[$num]);
249				}
250			}
251
252			$contacts->add($account_id,$contact_fields,0,'P');
253
254			$GLOBALS['phpgw']->db->transaction_commit();
255
256			$accounts->read_repository();
257			if ($config['trial_accounts'])
258			{
259				$accounts->data['expires'] = time() + ((60 * 60) * ($config['days_until_trial_account_expires'] * 24));
260			}
261			else
262			{
263				$accounts->data['expires'] = -1;
264			}
265			$accounts->data['status'] = 'A';
266			$accounts->save_repository();
267
268			#if(@stat(PHPGW_SERVER_ROOT . '/messenger/inc/hook_registration.inc.php'))
269			#{
270			#	include(PHPGW_SERVER_ROOT . '/messenger/inc/hook_registration.inc.php');
271			#}
272		}
273	}
274