1<?php 2/** 3 * Extended User Profile 4 * 5 * You may not change or alter any portion of this comment or credits 6 * of supporting developers from this source code or any supporting source code 7 * which is considered copyrighted (c) material of the original comment or credit authors. 8 * This program is distributed in the hope that it will be useful, 9 * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 11 * 12 * @copyright (c) 2000-2016 XOOPS Project (www.xoops.org) 13 * @license GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html) 14 * @package profile 15 * @since 2.3.0 16 * @author Taiwen Jiang <phppp@users.sourceforge.net> 17 * @author Jan Pedersen 18 * @author trabis <lusopoemas@gmail.com> 19 */ 20 21include __DIR__ . '/header.php'; 22 23if ($GLOBALS['xoopsUser']) { 24 header('location: userinfo.php?uid= ' . $GLOBALS['xoopsUser']->getVar('uid')); 25 exit(); 26} 27 28if (!empty($_GET['op']) && in_array($_GET['op'], array('actv', 'activate'))) { 29 header('location: ./activate.php' . (empty($_SERVER['QUERY_STRING']) ? '' : '?' . $_SERVER['QUERY_STRING'])); 30 exit(); 31} 32 33xoops_load('XoopsUserUtility'); 34$myts = MyTextSanitizer::getInstance(); 35 36/* @var XoopsConfigHandler $config_handler */ 37$config_handler = xoops_getHandler('config'); 38$GLOBALS['xoopsConfigUser'] = $config_handler->getConfigsByCat(XOOPS_CONF_USER); 39if (empty($GLOBALS['xoopsConfigUser']['allow_register'])) { 40 redirect_header('index.php', 6, _US_NOREGISTER); 41} 42 43// get the key we need to access our 'op' in $_POST 44// if this key is not set, empty $_POST since this is a new registration and 45// no legitimate data would be there. 46$opkey = 'profile_opname'; 47if (isset($_SESSION[$opkey])) { 48 $current_opname = $_SESSION[$opkey]; 49 unset($_SESSION[$opkey]); 50 if (!isset($_POST[$current_opname])) { 51 $_POST = array(); 52 } 53} else { 54 $_POST = array(); 55 $current_opname = 'op'; // does not matter, it isn't there 56} 57 58$op = !isset($_POST[$current_opname]) ? 'register' : $_POST[$current_opname]; 59$current_step = isset($_POST['step']) ? (int)$_POST['step'] : 0; 60 61// The newly introduced variable $_SESSION['profile_post'] is contaminated by $_POST, thus we use an old vaiable to hold uid parameter 62$uid = !empty($_SESSION['profile_register_uid']) ? (int)$_SESSION['profile_register_uid'] : 0; 63 64// First step is already secured by with the captcha Token so lets check the others 65if ($current_step > 0 && !$GLOBALS['xoopsSecurity']->check()) { 66 redirect_header('user.php', 5, _PROFILE_MA_EXPIRED); 67} 68 69$criteria = new CriteriaCompo(); 70$criteria->setSort('step_order'); 71$regstep_handler = xoops_getModuleHandler('regstep'); 72 73if (!$steps = $regstep_handler->getAll($criteria, null, false, false)) { 74 redirect_header(XOOPS_URL . '/', 6, _PROFILE_MA_NOSTEPSAVAILABLE); 75} 76 77foreach (array_keys($steps) as $key) { 78 $steps[$key]['step_no'] = $key + 1; 79} 80 81$GLOBALS['xoopsOption']['template_main'] = 'profile_register.tpl'; 82include $GLOBALS['xoops']->path('header.php'); 83 84$GLOBALS['xoopsTpl']->assign('steps', $steps); 85$GLOBALS['xoopsTpl']->assign('lang_register_steps', _PROFILE_MA_REGISTER_STEPS); 86 87$xoBreadcrumbs[] = array( 88 'link' => XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/register.php', 89 'title' => _PROFILE_MA_REGISTER); 90if (isset($steps[$current_step])) { 91 $xoBreadcrumbs[] = array('title' => $steps[$current_step]['step_name']); 92} 93 94/* @var XoopsMemberHandler $member_handler */ 95$member_handler = xoops_getHandler('member'); 96$profile_handler = xoops_getModuleHandler('profile'); 97 98$fields = $profile_handler->loadFields(); 99$userfields = $profile_handler->getUserVars(); 100 101if ($uid == 0) { 102 // No user yet? Create one and set default values. 103 $newuser = $member_handler->createUser(); 104 $profile = $profile_handler->create(); 105 if (count($fields) > 0) { 106 foreach (array_keys($fields) as $i) { 107 $fieldname = $fields[$i]->getVar('field_name'); 108 if (in_array($fieldname, $userfields)) { 109 $default = $fields[$i]->getVar('field_default'); 110 if ($default === '' || $default === null) { 111 continue; 112 } 113 $newuser->setVar($fieldname, $default); 114 } 115 } 116 } 117} else { 118 // We already have a user? Just load it! Security is handled by token so there is no fake uid here. 119 $newuser = $member_handler->getUser($uid); 120 $profile = $profile_handler->get($uid); 121} 122 123// Lets merge current $_POST with $_SESSION['profile_post'] so we can have access to info submited in previous steps 124// Get all fields that we can expect from a $_POST inlcuding our private '_message_' 125$fieldnames = array(); 126foreach (array_keys($fields) as $i) { 127 $fieldnames[] = $fields[$i]->getVar('field_name'); 128} 129$fieldnames = array_merge($fieldnames, $userfields); 130$fieldnames[] = '_message_'; 131 132// Get $_POST that matches above criteria, we do not need to store step, tokens, etc 133$postfields = array(); 134foreach ($fieldnames as $fieldname) { 135 if (isset($_POST[$fieldname])) { 136 $postfields[$fieldname] = $_POST[$fieldname]; 137 } 138} 139 140if ($current_step == 0) { 141 // Reset any previous session for first step 142 $_SESSION['profile_post'] = array(); 143 $_SESSION['profile_register_uid'] = null; 144} else { 145 // Merge current $_POST with $_SESSION['profile_post'] 146 $_SESSION['profile_post'] = array_merge($_SESSION['profile_post'], $postfields); 147 $_POST = array_merge($_SESSION['profile_post'], $_POST); 148} 149 150// Set vars from $_POST/$_SESSION['profile_post'] 151foreach (array_keys($fields) as $field) { 152 if (!isset($_POST[$field])) { 153 continue; 154 } 155 156 $value = $fields[$field]->getValueForSave($_POST[$field]); 157 if (in_array($field, $userfields)) { 158 $newuser->setVar($field, $value); 159 } else { 160 $profile->setVar($field, $value); 161 } 162} 163 164$stop = ''; 165 166//Client side validation 167if (isset($_POST['step']) && isset($_SESSION['profile_required'])) { 168 foreach ($_SESSION['profile_required'] as $name => $title) { 169 if (!isset($_POST[$name]) || empty($_POST[$name])) { 170 $stop .= sprintf(_FORM_ENTER, $title) . '<br>'; 171 } 172 } 173} 174 175// Check user data at first step 176if ($current_step == 1) { 177 $uname = isset($_POST['uname']) ? $myts->stripSlashesGPC(trim($_POST['uname'])) : ''; 178 $email = isset($_POST['email']) ? $myts->stripSlashesGPC(trim($_POST['email'])) : ''; 179 $url = isset($_POST['url']) ? $myts->stripSlashesGPC(trim($_POST['url'])) : ''; 180 $pass = isset($_POST['pass']) ? $myts->stripSlashesGPC(trim($_POST['pass'])) : ''; 181 $vpass = isset($_POST['vpass']) ? $myts->stripSlashesGPC(trim($_POST['vpass'])) : ''; 182 $agree_disc = (isset($_POST['agree_disc']) && (int)$_POST['agree_disc']) ? 1 : 0; 183 184 if ($GLOBALS['xoopsConfigUser']['reg_dispdsclmr'] != 0 && $GLOBALS['xoopsConfigUser']['reg_disclaimer'] !== '') { 185 if (empty($agree_disc)) { 186 $stop .= _US_UNEEDAGREE . '<br>'; 187 } 188 } 189 190 $newuser->setVar('uname', $uname); 191 $newuser->setVar('email', $email); 192 $newuser->setVar('pass', $pass ? password_hash($pass, PASSWORD_DEFAULT) : ''); 193 $stop .= XoopsUserUtility::validate($newuser, $pass, $vpass); 194 195 xoops_load('XoopsCaptcha'); 196 $xoopsCaptcha = XoopsCaptcha::getInstance(); 197 if (!$xoopsCaptcha->verify()) { 198 $stop .= $xoopsCaptcha->getMessage(); 199 } 200} 201 202// If the last step required SAVE or if we're on the last step then we will insert/update user on database 203if ($current_step > 0 && empty($stop) && (!empty($steps[$current_step - 1]['step_save']) || !isset($steps[$current_step]))) { 204 if ($GLOBALS['xoopsModuleConfig']['profileCaptchaAfterStep1'] == 1 && $current_step > 1) { 205 xoops_load('XoopsCaptcha'); 206 $xoopsCaptcha2 = XoopsCaptcha::getInstance(); 207 if (!$xoopsCaptcha2->verify()) { 208 $stop .= $xoopsCaptcha2->getMessage(); 209 } 210 } 211 212 if (empty($stop)) { 213 $isNew = $newuser->isNew(); 214 215 //Did created an user already? If not then let us set some extra info 216 if ($isNew) { 217 $uname = isset($_POST['uname']) ? $myts->stripSlashesGPC(trim($_POST['uname'])) : ''; 218 $email = isset($_POST['email']) ? $myts->stripSlashesGPC(trim($_POST['email'])) : ''; 219 $url = isset($_POST['url']) ? $myts->stripSlashesGPC(trim($_POST['url'])) : ''; 220 $pass = isset($_POST['pass']) ? $myts->stripSlashesGPC(trim($_POST['pass'])) : ''; 221 $newuser->setVar('uname', $uname); 222 $newuser->setVar('email', $email); 223 $newuser->setVar('pass', $pass ? password_hash($pass, PASSWORD_DEFAULT) : ''); 224 $actkey = substr(md5(uniqid(mt_rand(), 1)), 0, 8); 225 $newuser->setVar('actkey', $actkey, true); 226 $newuser->setVar('user_regdate', time(), true); 227 $newuser->setVar('uorder', $GLOBALS['xoopsConfig']['com_order'], true); 228 $newuser->setVar('umode', $GLOBALS['xoopsConfig']['com_mode'], true); 229 $newuser->setVar('theme', $GLOBALS['xoopsConfig']['theme_set'], true); 230 $newuser->setVar('user_avatar', 'avatars/blank.gif', true); 231 if ($GLOBALS['xoopsConfigUser']['activation_type'] == 1) { 232 $newuser->setVar('level', 1, true); 233 } else { 234 $newuser->setVar('level', 0, true); 235 } 236 } 237 238 // Insert/update user and check if we have succeded 239 if (!$member_handler->insertUser($newuser)) { 240 $stop .= _US_REGISTERNG . '<br>'; 241 $stop .= implode('<br>', $newuser->getErrors()); 242 } else { 243 // User inserted! Now insert custom profile fields 244 $profile->setVar('profile_id', $newuser->getVar('uid')); 245 $profile_handler->insert($profile); 246 247 // We are good! If this is 'was' a new user then we handle notification 248 if ($isNew) { 249 if ($GLOBALS['xoopsConfigUser']['new_user_notify'] == 1 && !empty($GLOBALS['xoopsConfigUser']['new_user_notify_group'])) { 250 $xoopsMailer =& xoops_getMailer(); 251 $xoopsMailer->reset(); 252 $xoopsMailer->useMail(); 253 $xoopsMailer->setToGroups($member_handler->getGroup($GLOBALS['xoopsConfigUser']['new_user_notify_group'])); 254 $xoopsMailer->setFromEmail($GLOBALS['xoopsConfig']['adminmail']); 255 $xoopsMailer->setFromName($GLOBALS['xoopsConfig']['sitename']); 256 $xoopsMailer->setSubject(sprintf(_US_NEWUSERREGAT, $GLOBALS['xoopsConfig']['sitename'])); 257 $xoopsMailer->setBody(sprintf(_US_HASJUSTREG, $newuser->getVar('uname'))); 258 $xoopsMailer->send(true); 259 } 260 261 $message = ''; 262 if (!$member_handler->addUserToGroup(XOOPS_GROUP_USERS, $newuser->getVar('uid'))) { 263 $message = _PROFILE_MA_REGISTER_NOTGROUP . '<br>'; 264 } else { 265 if ($GLOBALS['xoopsConfigUser']['activation_type'] == 1) { 266 XoopsUserUtility::sendWelcome($newuser); 267 } else { 268 if ($GLOBALS['xoopsConfigUser']['activation_type'] == 0) { 269 $xoopsMailer =& xoops_getMailer(); 270 $xoopsMailer->reset(); 271 $xoopsMailer->useMail(); 272 $xoopsMailer->setTemplate('register.tpl'); 273 $xoopsMailer->assign('SITENAME', $GLOBALS['xoopsConfig']['sitename']); 274 $xoopsMailer->assign('ADMINMAIL', $GLOBALS['xoopsConfig']['adminmail']); 275 $xoopsMailer->assign('SITEURL', XOOPS_URL . '/'); 276 $xoopsMailer->assign('X_UPASS', $_POST['vpass']); 277 $xoopsMailer->setToUsers($newuser); 278 $xoopsMailer->setFromEmail($GLOBALS['xoopsConfig']['adminmail']); 279 $xoopsMailer->setFromName($GLOBALS['xoopsConfig']['sitename']); 280 $xoopsMailer->setSubject(sprintf(_US_USERKEYFOR, $newuser->getVar('uname'))); 281 if (!$xoopsMailer->send(true)) { 282 $_SESSION['profile_post']['_message_'] = 0; 283 } else { 284 $_SESSION['profile_post']['_message_'] = 1; 285 } 286 } else { 287 if ($GLOBALS['xoopsConfigUser']['activation_type'] == 2) { 288 $xoopsMailer =& xoops_getMailer(); 289 $xoopsMailer->reset(); 290 $xoopsMailer->useMail(); 291 $xoopsMailer->setTemplate('adminactivate.tpl'); 292 $xoopsMailer->assign('USERNAME', $newuser->getVar('uname')); 293 $xoopsMailer->assign('USEREMAIL', $newuser->getVar('email')); 294 $xoopsMailer->assign('USERACTLINK', XOOPS_URL . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/activate.php?id=' . $newuser->getVar('uid') . '&actkey=' . $newuser->getVar('actkey', 'n')); 295 $xoopsMailer->assign('SITENAME', $GLOBALS['xoopsConfig']['sitename']); 296 $xoopsMailer->assign('ADMINMAIL', $GLOBALS['xoopsConfig']['adminmail']); 297 $xoopsMailer->assign('SITEURL', XOOPS_URL . '/'); 298 $xoopsMailer->setToGroups($member_handler->getGroup($GLOBALS['xoopsConfigUser']['activation_group'])); 299 $xoopsMailer->setFromEmail($GLOBALS['xoopsConfig']['adminmail']); 300 $xoopsMailer->setFromName($GLOBALS['xoopsConfig']['sitename']); 301 $xoopsMailer->setSubject(sprintf(_US_USERKEYFOR, $newuser->getVar('uname'))); 302 if (!$xoopsMailer->send()) { 303 $_SESSION['profile_post']['_message_'] = 2; 304 } else { 305 $_SESSION['profile_post']['_message_'] = 3; 306 } 307 } 308 } 309 } 310 } 311 if ($message) { 312 $GLOBALS['xoopsTpl']->append('confirm', $message); 313 } 314 $_SESSION['profile_register_uid'] = $newuser->getVar('uid'); 315 } 316 } 317 } 318} 319 320if (!empty($stop) || isset($steps[$current_step])) { 321 include_once __DIR__ . '/include/forms.php'; 322 $current_step = empty($stop) ? $current_step : $current_step - 1; 323 $reg_form = profile_getRegisterForm($newuser, $profile, $steps[$current_step]); 324 $reg_form->assign($GLOBALS['xoopsTpl']); 325 $GLOBALS['xoopsTpl']->assign('current_step', $current_step); 326 $GLOBALS['xoopsTpl']->assign('stop', $stop); 327} else { 328 // No errors and no more steps, finish 329 $GLOBALS['xoopsTpl']->assign('finish', _PROFILE_MA_REGISTER_FINISH); 330 $GLOBALS['xoopsTpl']->assign('current_step', -1); 331 if ($GLOBALS['xoopsConfigUser']['activation_type'] == 1 && !empty($_SESSION['profile_post']['pass'])) { 332 $GLOBALS['xoopsTpl']->assign('finish_login', _PROFILE_MA_FINISH_LOGIN); 333 $GLOBALS['xoopsTpl']->assign('finish_uname', $newuser->getVar('uname')); 334 $GLOBALS['xoopsTpl']->assign('finish_pass', htmlspecialchars($_SESSION['profile_post']['pass'])); 335 } 336 if (isset($_SESSION['profile_post']['_message_'])) { 337 //todo, if user is activated by admin, then we should inform it along with error messages. _US_YOURREGMAILNG is not enough 338 $messages = array(_US_YOURREGMAILNG, _US_YOURREGISTERED, _US_YOURREGMAILNG, _US_YOURREGISTERED2); 339 $GLOBALS['xoopsTpl']->assign('finish_message', $messages[$_SESSION['profile_post']['_message_']]); 340 } 341 $_SESSION['profile_post'] = null; 342} 343 344include __DIR__ . '/footer.php'; 345
