code of, 2.0.18.2 register.php 271 line?
// $Id: register.php 1029 2007-09-09 03:49:25Z phppp $
// ------------------------------------------------------------------------ //
// XOOPS - PHP Content Management System //
// Copyright (c) 2000 XOOPS.org //
// //
// ------------------------------------------------------------------------ //
// This program is free software; you can redistribute it and/or modify //
// it under the terms of the GNU General Public License as published by //
// the Free Software Foundation; either version 2 of the License, or //
// (at your option) any later version. //
// //
// You may not change or alter any portion of this comment or credits //
// of supporting developers from this source code or any supporting //
// source code which is considered copyrighted (c) material of the //
// original comment or credit authors. //
// //
// This program is distributed in the hope that it will be useful, //
// but WITHOUT ANY WARRANTY; without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
// GNU General Public License for more details. //
// //
// You should have received a copy of the GNU General Public License //
// along with this program; if not, write to the Free Software //
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
// ------------------------------------------------------------------------ //
$xoopsOption['pagetype'] = 'user';
include 'mainfile.php';
$myts =& MyTextSanitizer::getInstance();
$config_handler =& xoops_gethandler('config');
$xoopsConfigUser =& $config_handler->getConfigsByCat(XOOPS_CONF_USER);
if (empty($xoopsConfigUser['allow_register'])) {
redirect_header('index.php', 6, _US_NOREGISTER);
exit();
}
function userCheck($uname, $email, $pass, $vpass)
{
global $xoopsConfigUser;
$xoopsDB =& Database::getInstance();
$myts =& MyTextSanitizer::getInstance();
$stop = '';
if (!checkEmail($email)) {
$stop .= _US_INVALIDMAIL.'';
}
foreach ($xoopsConfigUser['bad_emails'] as $be) {
if (!empty($be) && preg_match("/".$be."/i", $email)) {
$stop .= _US_INVALIDMAIL.'';
break;
}
}
if (strrpos($email,' ') > 0) {
$stop .= _US_EMAILNOSPACES.'';
}
$uname = xoops_trim($uname);
switch ($xoopsConfigUser['uname_test_level']) {
case 0:
// strict
$restriction = '/[^a-zA-Z0-9_-]/';
break;
case 1:
// medium
$restriction = '/[^a-zA-Z0-9_-<>,.$%#@!\'"]/';
break;
case 2:
// loose
$restriction = '/[�00-�40]/';
break;
}
if (empty($uname) || preg_match($restriction, $uname)) {
$stop .= _US_INVALIDNICKNAME."<br />";
}
if (strlen($uname) > $xoopsConfigUser['maxuname']) {
$stop .= sprintf(_US_NICKNAMETOOLONG, $xoopsConfigUser['maxuname'])."<br />";
}
if (strlen($uname) < $xoopsConfigUser['minuname']) {
$stop .= sprintf(_US_NICKNAMETOOSHORT, $xoopsConfigUser['minuname'])."<br />";
}
foreach ($xoopsConfigUser['bad_unames'] as $bu) {
if (!empty($bu) && preg_match("/".$bu."/i", $uname)) {
$stop .= _US_NAMERESERVED."<br />";
break;
}
}
if (strrpos($uname, ' ') > 0) {
$stop .= _US_NICKNAMENOSPACES."<br />";
}
$sql = sprintf('SELECT COUNT(*) FROM %s WHERE uname = %s', $xoopsDB->prefix('users'), $xoopsDB->quoteString(addslashes($uname)));
$result = $xoopsDB->query($sql);
list($count) = $xoopsDB->fetchRow($result);
if ($count > 0) {
$stop .= _US_NICKNAMETAKEN."<br />";
}
$count = 0;
if ( $email ) {
$sql = sprintf('SELECT COUNT(*) FROM %s WHERE email = %s', $xoopsDB->prefix('users'), $xoopsDB->quoteString(addslashes($email)));
$result = $xoopsDB->query($sql);
list($count) = $xoopsDB->fetchRow($result);
if ( $count > 0 ) {
$stop .= _US_EMAILTAKEN."<br />";
}
}
if ( !isset($pass) || $pass == '' || !isset($vpass) || $vpass == '' ) {
$stop .= _US_ENTERPWD.'';
}
if ( (isset($pass)) && ($pass != $vpass) ) {
$stop .= _US_PASSNOTSAME.'';
} elseif ( ($pass != '') && (strlen($pass) < $xoopsConfigUser['minpass']) ) {
$stop .= sprintf(_US_PWDTOOSHORT,$xoopsConfigUser['minpass'])."<br />";
}
return $stop;
}
$op = !isset($_POST['op']) ? 'register' : $_POST['op'];
$uname = isset($_POST['uname']) ? $myts->stripSlashesGPC($_POST['uname']) : '';
$email = isset($_POST['email']) ? trim($myts->stripSlashesGPC($_POST['email'])) : '';
$url = isset($_POST['url']) ? trim($myts->stripSlashesGPC($_POST['url'])) : '';
$pass = isset($_POST['pass']) ? $myts->stripSlashesGPC($_POST['pass']) : '';
$vpass = isset($_POST['vpass']) ? $myts->stripSlashesGPC($_POST['vpass']) : '';
$timezone_offset = isset($_POST['timezone_offset']) ? intval($_POST['timezone_offset']) : $xoopsConfig['default_TZ'];
$user_viewemail = (isset($_POST['user_viewemail']) && intval($_POST['user_viewemail'])) ? 1 : 0;
$user_mailok = (isset($_POST['user_mailok']) && intval($_POST['user_mailok'])) ? 1 : 0;
$agree_disc = (isset($_POST['agree_disc']) && intval($_POST['agree_disc'])) ? 1 : 0;
switch ( $op ) {
case 'newuser':
include 'header.php';
$stop = '';
if (!$GLOBALS['xoopsSecurity']->check()) {
$stop .= implode('', $GLOBALS['xoopsSecurity']->getErrors())."<br />";
}
if ($xoopsConfigUser['reg_dispdsclmr'] != 0 && $xoopsConfigUser['reg_disclaimer'] != '') {
if (empty($agree_disc)) {
$stop .= _US_UNEEDAGREE.'';
}
}
$stop .= userCheck($uname, $email, $pass, $vpass);
if (empty($stop)) {
echo _US_USERNAME.": ".$myts->htmlSpecialChars($uname)."<br />";
echo _US_EMAIL.": ".$myts->htmlSpecialChars($email)."<br />";
if ($url != '') {
$url = formatURL($url);
echo _US_WEBSITE.': '.$myts->htmlSpecialChars($url).'';
}
$f_timezone = ($timezone_offset < 0) ? 'GMT '.$timezone_offset : 'GMT +'.$timezone_offset;
echo _US_TIMEZONE.": $f_timezone<br />";
echo "<form action='register.php' method='post'>
<input type='hidden' name='uname' value='".$myts->htmlSpecialChars($uname)."' />
<input type='hidden' name='email' value='".$myts->htmlSpecialChars($email)."' />";
echo "<input type='hidden' name='user_viewemail' value='".$user_viewemail."' />
<input type='hidden' name='timezone_offset' value='".(float)$timezone_offset."' />
<input type='hidden' name='url' value='".$myts->htmlSpecialChars($url)."' />
<input type='hidden' name='pass' value='".$myts->htmlSpecialChars($pass)."' />
<input type='hidden' name='vpass' value='".$myts->htmlSpecialChars($vpass)."' />
<input type='hidden' name='user_mailok' value='".$user_mailok."' />
<br /><br /><input type='hidden' name='op' value='finish' />".$GLOBALS['xoopsSecurity']->getTokenHTML()."<input type='submit' value='". _US_FINISH ."' />form>";
} else {
echo "<span style='color:#ff0000;'>$stopspan>";
include 'include/registerform.php';
$reg_form->display();
}
include 'footer.php';
break;
case 'finish':
include 'header.php';
$stop = userCheck($uname, $email, $pass, $vpass);
if (!$GLOBALS['xoopsSecurity']->check()) {
$stop .= implode('', $GLOBALS['xoopsSecurity']->getErrors())."<br />";
}
if ( empty($stop) ) {
$member_handler =& xoops_gethandler('member');
$newuser =& $member_handler->createUser();
$newuser->setVar('user_viewemail',$user_viewemail, true);
$newuser->setVar('uname', $uname, true);
$newuser->setVar('email', $email, true);
if ($url != '') {
$newuser->setVar('url', formatURL($url), true);
}
$newuser->setVar('user_avatar','blank.gif', true);
$actkey = substr(md5(uniqid(mt_rand(), 1)), 0, 8);
$newuser->setVar('actkey', $actkey, true);
$newuser->setVar('pass', md5($pass), true);
$newuser->setVar('timezone_offset', $timezone_offset, true);
$newuser->setVar('user_regdate', time(), true);
$newuser->setVar('uorder',$xoopsConfig['com_order'], true);
$newuser->setVar('umode',$xoopsConfig['com_mode'], true);
$newuser->setVar('user_mailok',$user_mailok, true);
if ($xoopsConfigUser['activation_type'] == 1) {
$newuser->setVar('level', 1, true);
}
if (!$member_handler->insertUser($newuser)) {
echo _US_REGISTERNG;
include 'footer.php';
exit();
}
$newid = $newuser->getVar('uid');
if (!$member_handler->addUserToGroup(XOOPS_GROUP_USERS, $newid)) {
echo _US_REGISTERNG;
include 'footer.php';
exit();
}
if ($xoopsConfigUser['activation_type'] == 1) {
redirect_header('index.php', 4, _US_ACTLOGIN);
exit();
}
if ($xoopsConfigUser['activation_type'] == 0) {
$xoopsMailer =& getMailer();
$xoopsMailer->useMail();
$xoopsMailer->setTemplate('register.tpl');
$xoopsMailer->assign('SITENAME', $xoopsConfig['sitename']);
$xoopsMailer->assign('ADMINMAIL', $xoopsConfig['adminmail']);
$xoopsMailer->assign('SITEURL', XOOPS_URL."/");
$xoopsMailer->setToUsers(new XoopsUser($newid));
$xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
$xoopsMailer->setFromName($xoopsConfig['sitename']);
$xoopsMailer->setSubject(sprintf(_US_USERKEYFOR, $uname));
if ( !$xoopsMailer->send() ) {
echo _US_YOURREGMAILNG;
} else {
echo _US_YOURREGISTERED;
}
} elseif ($xoopsConfigUser['activation_type'] == 2) {
$xoopsMailer =& getMailer();
$xoopsMailer->useMail();
$xoopsMailer->setTemplate('adminactivate.tpl');
$xoopsMailer->assign('USERNAME', $uname);
$xoopsMailer->assign('USEREMAIL', $email);
$xoopsMailer->assign('USERACTLINK', XOOPS_URL.'/user.php?op=actv&id='.$newid.'&actkey='.$actkey);
$xoopsMailer->assign('SITENAME', $xoopsConfig['sitename']);
$xoopsMailer->assign('ADMINMAIL', $xoopsConfig['adminmail']);
$xoopsMailer->assign('SITEURL', XOOPS_URL."/");
$member_handler =& xoops_gethandler('member');
$xoopsMailer->setToGroups($member_handler->getGroup($xoopsConfigUser['activation_group']));
$xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
$xoopsMailer->setFromName($xoopsConfig['sitename']);
$xoopsMailer->setSubject(sprintf(_US_USERKEYFOR, $uname));
if ( !$xoopsMailer->send() ) {
echo _US_YOURREGMAILNG;
} else {
echo _US_YOURREGISTERED2;
}
}
if ($xoopsConfigUser['new_user_notify'] == 1 && !empty($xoopsConfigUser['new_user_notify_group'])) {
$xoopsMailer =& getMailer();
$xoopsMailer->useMail();
$member_handler =& xoops_gethandler('member');
$xoopsMailer->setToGroups($member_handler->getGroup($xoopsConfigUser['new_user_notify_group']));
$xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
$xoopsMailer->setFromName($xoopsConfig['sitename']);
$xoopsMailer->setSubject(sprintf(_US_NEWUSERREGAT,$xoopsConfig['sitename']));
$xoopsMailer->setBody(sprintf(_US_HASJUSTREG, $uname));
$xoopsMailer->send();
}
} else {
echo "<span style='color:#ff0000; font-weight:bold;'>$stopspan>";
include 'include/registerform.php';
$reg_form->display();
}
include 'footer.php';
break;
case 'register':
default:
include 'header.php';
include 'include/registerform.php';
$reg_form->display();
include 'footer.php';
break;
}
?>
und of user.php 181 line
// $Id: user.php 1282 2008-01-29 04:26:44Z phppp $
// ------------------------------------------------------------------------ //
// XOOPS - PHP Content Management System //
// Copyright (c) 2000 XOOPS.org //
// //
// ------------------------------------------------------------------------ //
// This program is free software; you can redistribute it and/or modify //
// it under the terms of the GNU General Public License as published by //
// the Free Software Foundation; either version 2 of the License, or //
// (at your option) any later version. //
// //
// You may not change or alter any portion of this comment or credits //
// of supporting developers from this source code or any supporting //
// source code which is considered copyrighted (c) material of the //
// original comment or credit authors. //
// //
// This program is distributed in the hope that it will be useful, //
// but WITHOUT ANY WARRANTY; without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
// GNU General Public License for more details. //
// //
// You should have received a copy of the GNU General Public License //
// along with this program; if not, write to the Free Software //
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
// ------------------------------------------------------------------------ //
$xoopsOption['pagetype'] = 'user';
include 'mainfile.php';
$op = 'main';
if ( isset($_POST['op']) ) {
$op = trim($_POST['op']);
} elseif ( isset($_GET['op']) ) {
$op = trim($_GET['op']);
}
if ($op == 'main') {
if ( !$xoopsUser ) {
$xoopsOption['template_main'] = 'system_userform.html';
include 'header.php';
$xoopsTpl->assign('lang_login', _LOGIN);
$xoopsTpl->assign('lang_username', _USERNAME);
if (isset($_COOKIE[$xoopsConfig['usercookie']])) {
$xoopsTpl->assign('usercookie', $_COOKIE[$xoopsConfig['usercookie']]);
}
if (isset($_GET['xoops_redirect'])) {
$xoopsTpl->assign('redirect_page', htmlspecialchars(trim($_GET['xoops_redirect']), ENT_QUOTES));
}
$xoopsTpl->assign('lang_password', _PASSWORD);
$xoopsTpl->assign('lang_notregister', _US_NOTREGISTERED);
$xoopsTpl->assign('lang_lostpassword', _US_LOSTPASSWORD);
$xoopsTpl->assign('lang_noproblem', _US_NOPROBLEM);
$xoopsTpl->assign('lang_youremail', _US_YOUREMAIL);
$xoopsTpl->assign('lang_sendpassword', _US_SENDPASSWORD);
$xoopsTpl->assign('mailpasswd_token', $GLOBALS['xoopsSecurity']->createToken());
include 'footer.php';
exit();
}
if ( !empty($_GET['xoops_redirect']) ) {
$redirect = trim($_GET['xoops_redirect']);
$isExternal = false;
if ($pos = strpos( $redirect, '://' )) {
$xoopsLocation = substr( XOOPS_URL, strpos( XOOPS_URL, '://' ) + 3 );
if ( strcasecmp(substr($redirect, $pos + 3, strlen($xoopsLocation)), $xoopsLocation) ) {
$isExternal = true;
}
}
if (!$isExternal) {
header('Location: ' . $redirect);
exit();
}
}
header('Location: '.XOOPS_URL.'/userinfo.php?uid='.$xoopsUser->getVar('uid'));
exit();
}
if ($op == 'login') {
include_once XOOPS_ROOT_PATH.'/include/checklogin.php';
exit();
}
if ($op == 'logout') {
$message = '';
$_SESSION = array();
session_destroy();
// clear entry from online users table
if (is_object($xoopsUser)) {
$online_handler =& xoops_gethandler('online');
$online_handler->destroy($xoopsUser->getVar('uid'));
}
$message = _US_LOGGEDOUT.''._US_THANKYOUFORVISIT;
redirect_header('index.php', 1, $message);
exit();
}
if ($op == 'actv') {
$id = intval($_GET['id']);
$actkey = trim($_GET['actkey']);
if (empty($id)) {
redirect_header('index.php',1,'');
exit();
}
$member_handler =& xoops_gethandler('member');
$thisuser =& $member_handler->getUser($id);
if (!is_object($thisuser)) {
exit();
}
if ($thisuser->getVar('actkey') != $actkey) {
redirect_header('index.php',5,_US_ACTKEYNOT);
} else {
if ($thisuser->getVar('level') > 0 ) {
redirect_header( 'user.php', 5, _US_ACONTACT, false );
} else {
if (false != $member_handler->activateUser($thisuser)) {
$config_handler =& xoops_gethandler('config');
$xoopsConfigUser =& $config_handler->getConfigsByCat(XOOPS_CONF_USER);
if ($xoopsConfigUser['activation_type'] == 2) {
$myts =& MyTextSanitizer::getInstance();
$xoopsMailer =& getMailer();
$xoopsMailer->useMail();
$xoopsMailer->setTemplate('activated.tpl');
$xoopsMailer->assign('SITENAME', $xoopsConfig['sitename']);
$xoopsMailer->assign('ADMINMAIL', $xoopsConfig['adminmail']);
$xoopsMailer->assign('SITEURL', XOOPS_URL."/");
$xoopsMailer->setToUsers($thisuser);
$xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
$xoopsMailer->setFromName($xoopsConfig['sitename']);
$xoopsMailer->setSubject(sprintf(_US_YOURACCOUNT,$xoopsConfig['sitename']));
include 'header.php';
if ( !$xoopsMailer->send() ) {
printf(_US_ACTVMAILNG, $thisuser->getVar('uname'));
} else {
printf(_US_ACTVMAILOK, $thisuser->getVar('uname'));
}
include 'footer.php';
} else {
redirect_header( 'user.php', 5, _US_ACTLOGIN, false );
}
} else {
redirect_header('index.php',5,'Activation failed!');
}
}
}
exit();
}
if ($op == 'delete') {
$config_handler =& xoops_gethandler('config');
$xoopsConfigUser =& $config_handler->getConfigsByCat(XOOPS_CONF_USER);
if (!$xoopsUser || $xoopsConfigUser['self_delete'] != 1) {
redirect_header('index.php',5,_US_NOPERMISS);
exit();
} else {
$groups = $xoopsUser->getGroups();
if (in_array(XOOPS_GROUP_ADMIN, $groups)){
// users in the webmasters group may not be deleted
redirect_header('user.php', 5, _US_ADMINNO);
exit();
}
$ok = !isset($_POST['ok']) ? 0 : intval($_POST['ok']);
if ($ok != 1) {
include 'header.php';
xoops_confirm(array('op' => 'delete', 'ok' => 1), 'user.php', _US_SURETODEL.'
'._US_REMOVEINFO);
include 'footer.php';
} else {
$del_uid = $xoopsUser->getVar("uid");
$member_handler =& xoops_gethandler('member');
if (false != $member_handler->deleteUser($xoopsUser)) {
$online_handler =& xoops_gethandler('online');
$online_handler->destroy($del_uid);
xoops_notification_deletebyuser($del_uid);
redirect_header('index.php', 5, _US_BEENDELED);
}
redirect_header('index.php',5,_US_NOPERMISS);
}
exit();
}
}
?>
