b2evolution PHP Cross Reference Blogging Systems

Source: /htsrv/register.php - 347 lines - 11354 bytes - Text - Print

Description: Register a new user. This file is part of the evoCore framework - {@link http://evocore.net/} See also {@link http://sourceforge.net/projects/evocms/}.

   1  <?php
   2  /**
   3   * Register a new user.
   4   *
   5   * This file is part of the evoCore framework - {@link http://evocore.net/}
   6   * See also {@link http://sourceforge.net/projects/evocms/}.
   7   *
   8   * @copyright (c)2003-2014 by Francois Planque - {@link http://fplanque.com/}
   9   * Parts of this file are copyright (c)2004-2006 by Daniel HAHLER - {@link http://thequod.de/contact}.
  10   *
  11   * {@internal License choice
  12   * - If you have received this file as part of a package, please find the license.txt file in
  13   *   the same folder or the closest folder above for complete license terms.
  14   * - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/)
  15   *   then you must choose one of the following licenses before using the file:
  16   *   - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php
  17   *   - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php
  18   * }}
  19   *
  20   * {@internal Open Source relicensing agreement:
  21   * Daniel HAHLER grants Francois PLANQUE the right to license
  22   * Daniel HAHLER's contributions to this file and the b2evolution project
  23   * under any OSI approved OSS license (http://www.opensource.org/licenses/).
  24   * }}
  25   *
  26   * @package htsrv
  27   *
  28   * {@internal Below is a list of authors who have contributed to design/coding of this file: }}
  29   * @author blueyed: Daniel HAHLER
  30   * @author fplanque: Francois PLANQUE
  31   *
  32   * @version $Id: register.php 6136 2014-03-08 07:59:48Z manuel $
  33   */
  34  
  35  /**
  36   * Includes:
  37   */
  38  require_once dirname(__FILE__).'/../conf/_config.php';
  39  
  40  require_once $inc_path.'_main.inc.php';
  41  
  42  // Login is not required on the register page:
  43  $login_required = false;
  44  
  45  global $baseurl;
  46  
  47  if( is_logged_in() )
  48  { // if a user is already logged in don't allow to register
  49      header_redirect( $baseurl );
  50  }
  51  
  52  // Save trigger page
  53  $session_registration_trigger_url = $Session->get( 'registration_trigger_url' );
  54  if( empty( $session_registration_trigger_url ) && isset( $_SERVER['HTTP_REFERER'] ) )
  55  {    // Trigger page still is not defined
  56      $session_registration_trigger_url = $_SERVER['HTTP_REFERER'];
  57      $Session->set( 'registration_trigger_url', $session_registration_trigger_url );
  58  }
  59  
  60  // Check if country is required
  61  $registration_require_country = (bool)$Settings->get('registration_require_country');
  62  // Check if firstname is required
  63  $registration_require_firstname = (bool)$Settings->get('registration_require_firstname');
  64  // Check if gender is required
  65  $registration_require_gender = $Settings->get('registration_require_gender');
  66  // Check if registration ask for locale
  67  $registration_ask_locale = $Settings->get('registration_ask_locale');
  68  
  69  $login = param( $dummy_fields[ 'login' ], 'string', '' );
  70  $email = param( $dummy_fields[ 'email' ], 'string', '' );
  71  param( 'action', 'string', '' );
  72  param( 'country', 'integer', '' );
  73  param( 'firstname', 'string', '' );
  74  param( 'gender', 'string', NULL );
  75  param( 'locale', 'string', '' );
  76  param( 'source', 'string', '' );
  77  param( 'redirect_to', 'url', '' ); // do not default to $admin_url; "empty" gets handled better in the end (uses $blogurl, if no admin perms).
  78  param( 'inskin', 'boolean', false, true );
  79  
  80  global $Blog;
  81  if( $inskin && empty( $Blog ) )
  82  {
  83      param( 'blog', 'integer', 0 );
  84  
  85      if( isset( $blog) && $blog > 0 )
  86      {
  87          $BlogCache = & get_BlogCache();
  88          $Blog = $BlogCache->get_by_ID( $blog, false, false );
  89      }
  90  }
  91  
  92  if( $inskin && !empty( $Blog ) )
  93  { // in-skin register, activate current Blog locale
  94      locale_activate( $Blog->get('locale') );
  95  }
  96  
  97  if( ! $Settings->get('newusers_canregister') )
  98  {
  99      $action = 'disabled';
 100  }
 101  
 102  if( $register_user = $Session->get('core.register_user') )
 103  {    // Get an user data from predefined session (after adding of a comment)
 104      $login = preg_replace( '/[^a-z0-9 ]/i', '', $register_user['name'] );
 105      $login = str_replace( ' ', '_', $login );
 106      $login = evo_substr( $login, 0, 20 );
 107      $email = $register_user['email'];
 108  
 109      $Session->delete( 'core.register_user' );
 110  }
 111  
 112  switch( $action )
 113  {
 114      case 'register':
 115          // Stop a request from the blocked IP addresses
 116          antispam_block_ip();
 117  
 118          // Check that this action request is not a CSRF hacked request:
 119          $Session->assert_received_crumb( 'regform' );
 120  
 121          /*
 122           * Do the registration:
 123           */
 124          $pass1 = param( $dummy_fields[ 'pass1' ], 'raw', '' );
 125          $pass2 = param( $dummy_fields[ 'pass2' ], 'raw', '' );
 126  
 127          // Call plugin event to allow catching input in general and validating own things from DisplayRegisterFormFieldset event
 128          $Plugins->trigger_event( 'RegisterFormSent', array(
 129                  'login'     => & $login,
 130                  'email'     => & $email,
 131                  'country'   => & $country,
 132                  'firstname' => & $firstname,
 133                  'gender'    => & $gender,
 134                  'locale'    => & $locale,
 135                  'pass1'     => & $pass1,
 136                  'pass2'     => & $pass2,
 137              ) );
 138  
 139          if( $Messages->has_errors() )
 140          { // a Plugin has added an error
 141              break;
 142          }
 143  
 144          // Set params:
 145          $paramsList = array(
 146              'login'   => $login,
 147              'pass1'   => $pass1,
 148              'pass2'   => $pass2,
 149              'email'   => $email,
 150              'pass_required' => true );
 151  
 152          if( $registration_require_country )
 153          {
 154              $paramsList['country'] = $country;
 155          }
 156  
 157          if( $registration_require_firstname )
 158          {
 159              $paramsList['firstname'] = $firstname;
 160          }
 161  
 162          if( $registration_require_gender == 'required' )
 163          {
 164              $paramsList['gender'] = $gender;
 165          }
 166  
 167          // Check profile params:
 168          profile_check_params( $paramsList );
 169  
 170          // We want all logins to be lowercase to guarantee uniqueness regardless of the database case handling for UNIQUE indexes:
 171          $login = evo_strtolower( $login );
 172  
 173          $UserCache = & get_UserCache();
 174          if( $UserCache->get_by_login( $login ) )
 175          { // The login is already registered
 176              param_error( $dummy_fields[ 'login' ], sprintf( T_('The login &laquo;%s&raquo; is already registered, please choose another one.'), $login ) );
 177          }
 178  
 179          if( $Messages->has_errors() )
 180          {
 181              break;
 182          }
 183  
 184          $DB->begin();
 185  
 186          $new_User = new User();
 187          $new_User->set( 'login', $login );
 188          $new_User->set( 'pass', md5($pass1) ); // encrypted
 189          $new_User->set( 'ctry_ID', $country );
 190          $new_User->set( 'firstname', $firstname );
 191          $new_User->set( 'gender', $gender );
 192          $new_User->set( 'source', $source );
 193          $new_User->set_email( $email );
 194          $new_User->set_datecreated( $localtimenow );
 195          if( $registration_ask_locale )
 196          { // set locale if it was prompted, otherwise let default
 197              $new_User->set( 'locale', $locale );
 198          }
 199  
 200          $new_User->dbinsert();
 201  
 202          $new_user_ID = $new_User->ID; // we need this to "rollback" user creation if there's no DB transaction support
 203  
 204          // TODO: Optionally auto create a blog (handle this together with the LDAP plugin)
 205  
 206          // TODO: Optionally auto assign rights
 207  
 208          // Actions to be appended to the user registration transaction:
 209          if( $Plugins->trigger_event_first_false( 'AppendUserRegistrTransact', array( 'User' => & $new_User ) ) )
 210          {
 211              // TODO: notify the plugins that have been called before about canceling of the event?!
 212              $DB->rollback();
 213  
 214              // Delete, in case there's no transaction support:
 215              $new_User->dbdelete( $Debuglog );
 216  
 217              $Messages->add( T_('No user account has been created!'), 'error' );
 218              break; // break out to _reg_form.php
 219          }
 220  
 221          // User created:
 222          $DB->commit();
 223          $UserCache->add( $new_User );
 224  
 225          $initial_hit = $new_User->get_first_session_hit_params( $Session->ID );
 226          if( ! empty ( $initial_hit ) )
 227          {    // Save User Settings
 228              $UserSettings->set( 'initial_blog_ID' , $initial_hit->hit_blog_ID, $new_User->ID );
 229              $UserSettings->set( 'initial_URI' , $initial_hit->hit_uri, $new_User->ID );
 230              $UserSettings->set( 'initial_referer' , $initial_hit->hit_referer , $new_User->ID );
 231          }
 232          if( !empty( $session_registration_trigger_url ) )
 233          {    // Save Trigger page
 234              $UserSettings->set( 'registration_trigger_url' , $session_registration_trigger_url, $new_User->ID );
 235          }
 236          $UserSettings->set( 'created_fromIPv4', ip2int( $Hit->IP ), $new_User->ID );
 237          $UserSettings->set( 'user_domain', $Hit->get_remote_host( true ), $new_User->ID );
 238          $UserSettings->set( 'user_browser', substr( $Hit->get_user_agent(), 0 , 200 ), $new_User->ID );
 239          $UserSettings->dbupdate();
 240  
 241          // Send notification email about new user registrations to users with edit users permission
 242          $email_template_params = array(
 243                  'country'     => $country,
 244                  'firstname'   => $firstname,
 245                  'gender'      => $gender,
 246                  'locale'      => $locale,
 247                  'source'      => $source,
 248                  'trigger_url' => $session_registration_trigger_url,
 249                  'initial_hit' => $initial_hit,
 250                  'login'       => $login,
 251                  'email'       => $email,
 252                  'new_user_ID' => $new_User->ID,
 253              );
 254          send_admin_notification( NT_('New user registration'), 'account_new', $email_template_params );
 255  
 256          $Plugins->trigger_event( 'AfterUserRegistration', array( 'User' => & $new_User ) );
 257  
 258  
 259          if( $Settings->get('newusers_mustvalidate') )
 260          { // We want that the user validates his email address:
 261              $inskin_blog = $inskin ? $blog : NULL;
 262              if( $new_User->send_validate_email( $redirect_to, $inskin_blog ) )
 263              {
 264                  if( $inskin && !empty( $Blog ) )
 265                  {
 266                      $activateinfo_link = 'href="'.url_add_param( $Blog->gen_blogurl(), 'disp=activateinfo' ).'"';
 267                  }
 268                  else
 269                  {
 270                      $activateinfo_link = 'href="'.$secure_htsrv_url.'login.php?action=req_validatemail'.'"';
 271                  }
 272                  $Messages->add( sprintf( T_('An email has been sent to your email address. Please click on the link therein to activate your account. <a %s>More info &raquo;</a>'), $activateinfo_link ), 'success' );
 273              }
 274              elseif( $demo_mode )
 275              {
 276                  $Messages->add( 'Sorry, could not send email. Sending email in demo mode is disabled.', 'error' );
 277              }
 278              else
 279              {
 280                  $Messages->add( T_('Sorry, the email with the link to activate your account could not be sent.')
 281                      .'<br />'.T_('Possible reason: the PHP mail() function may have been disabled on the server.'), 'error' );
 282                  // fp> TODO: allow to enter a different email address (just in case it's that kind of problem)
 283              }
 284          }
 285  
 286          // Autologin the user. This is more comfortable for the user and avoids
 287          // extra confusion when account validation is required.
 288          $Session->set_User( $new_User );
 289  
 290          // Set redirect_to pending from after_registration setting
 291          $after_registration = $Settings->get( 'after_registration' );
 292          if( $after_registration == 'return_to_original' )
 293          { // Return to original page ( where user was before the registration process )
 294              if( empty( $redirect_to ) )
 295              { // redirect_to param was not set
 296                  if( $inskin && !empty( $Blog ) )
 297                  {
 298                      $redirect_to = $Blog->gen_blogurl();
 299                  }
 300                  else
 301                  {
 302                      $redirect_to = $baseurl;
 303                  }
 304              }
 305          }
 306          else
 307          { // Return to the specific URL which is set in the registration settings form
 308              $redirect_to = $after_registration;
 309          }
 310  
 311          header_redirect( $redirect_to );
 312          break;
 313  
 314  
 315      case 'disabled':
 316          /*
 317           * Registration disabled:
 318           */
 319          require $adminskins_path.'login/_reg_disabled.main.php';
 320  
 321          exit(0);
 322  }
 323  
 324  
 325  /*
 326   * Default: registration form:
 327   */
 328  if( $inskin && !empty( $Blog ) )
 329  { // in-skin display
 330      $SkinCache = & get_SkinCache();
 331      $Skin = & $SkinCache->get_by_ID( $Blog->get_skin_ID() );
 332      $skin = $Skin->folder;
 333      $disp = 'register';
 334      $ads_current_skin_path = $skins_path.$skin.'/';
 335      require $ads_current_skin_path.'index.main.php';
 336      // already exited here
 337      exit(0);
 338  }
 339  
 340  // Load jQuery library and functions to work with ajax response
 341  require_js( '#jquery#' );
 342  require_js( 'ajax.js' );
 343  
 344  // Display reg form:
 345  require $adminskins_path.'login/_reg_form.main.php';
 346  
 347  ?>

title

Description

title

Description

title

Description

title

title

Body