$stmt = $con->prepare('SELECT * FROM fusion_eligible_registrants WHERE user_last = ?');
$stmt->bind_param('s', $_POST['user_last']);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
// continue to process registration
} else {
exit('Last Name not on eligible to register list!');
}
$user_info = unserialize(base64_decode(($data['user_info'])));
$result = dbquery("INSERT INTO ".DB_USERS." (".$user_info['user_field_fields'].") VALUES (".$user_info['user_field_inputs'].")");
$user_info = unserialize(base64_decode(($data['user_info'])));
$result = dbquery("INSERT INTO ".DB_USERS." (".$user_info['user_field_fields'].") VALUES (".$user_info['user_field_inputs'].")");
$user_info = unserialize(base64_decode(($data['user_info'])));
// code for checking users last name against other data table
$name_check = $user_info['user_last'];
$stuff = dbquery("SELECT * FROM ".DB_FUSION_ELIGIBLE_REGISTRANTS." WHERE user_last='$name_check'");
if (dbrows($stuff)) {
$result = dbquery("INSERT INTO ".DB_USERS." (".$user_info['user_field_fields'].") VALUES (".$user_info['user_field_inputs'].")");
$result = dbquery("DELETE FROM ".DB_NEW_USERS." WHERE user_code='".$_GET['code']."' LIMIT 1");
opentable($locale['u155']);
if ($settings['admin_activation'] == "1") {
echo "<div style='text-align:center'><br />n".$locale['u171']."<br /><br />n".$locale['u162']."<br /><br />n</div>n";
} else {
echo "<div style='text-align:center'><br />n".$locale['u171']."<br /><br />n".$locale['u161']."<br /><br />n</div>n";
}
closetable();
} else {
exit('Last Name not on eligible to register list!');
// end code for checking users last name
redirect("index.php");
}
} else if (isset($_POST['register'])) {
private function _settUserName() {
global $locale;
$this->_userName = isset($_POST['user_name']) ? stripinput(trim(preg_replace("/ +/i", " ", $_POST['user_name']))) : "";
if ($this->_userName != "" && $this->_userName != $this->userData['user_name']) {
if (!preg_match("/^[p{Latin}p{Arabic}p{Cyrillic}p{Han}p{Hebrew}a-zA-Zp{N}]+h?[p{N}p{Latin}p{Arabic}p{Cyrillic}p{Han}p{Hebrew}a-zA-Z]*$/um", $this->_userName)) {
$this->_setError("user_name", $locale['u120']);
} else {
$name_active = dbcount("(user_id)", DB_USERS, "user_name='".$this->_userName."'");
$name_inactive = dbcount("(user_code)", DB_NEW_USERS, "user_name='".$this->_userName."'");
if ($name_active == 0 && $name_inactive == 0) {
$this->_userLogFields[] = "user_name";
$this->_setDBValue("user_name", $this->_userName);
} else {
$this->_setError("user_name", $locale['u121']);
}
}
} else {
$this->_setError("user_name", $locale['u122'], TRUE);
}
}
....
$inf_newtable[1] = DB_ELIGIBLE_REGS." (
er_id MEDIUMINT(8) UNSIGNED NOT NULL AUTO_INCREMENT,
er_name VARCHAR(50) NOT NULL DEFAULT '',
PRIMARY KEY (er_id)
) ENGINE=MyISAM;";
$inf_insertdbrow[1] = DB_ELIGIBLE_REGS." (er_name) VALUES ('Mathias')";
$inf_insertdbrow[2] = DB_ELIGIBLE_REGS." (er_name) VALUES ('Test')";
$inf_insertdbrow[3] = DB_ELIGIBLE_REGS." (er_name) VALUES ('afoster')";
...
private function _settUserName() {
global $locale;
$this->_userName = isset($_POST['user_name']) ? stripinput(trim(preg_replace("/ +/i", " ", $_POST['user_name']))) : "";
if ($this->_userName != "" && $this->_userName != $this->userData['user_name']) {
if (!preg_match("/^[p{Latin}p{Arabic}p{Cyrillic}p{Han}p{Hebrew}a-zA-Zp{N}]+h?[p{N}p{Latin}p{Arabic}p{Cyrillic}p{Han}p{Hebrew}a-zA-Z]*$/um", $this->_userName)) {
$this->_setError("user_name", $locale['u120']);
} else {
$name_active = dbcount("(user_id)", DB_USERS, "user_name='".$this->_userName."'");
$name_inactive = dbcount("(user_code)", DB_NEW_USERS, "user_name='".$this->_userName."'");
include INFUSIONS."eligible_registrants/infusion_db.php";
$name_eligible = dbcount("(er_id)", DB_ELIGIBLE_REGS, "er_name='".$this->_userName."'");
if ($name_eligible == 1) {
if ($name_active == 0 && $name_inactive == 0) {
$this->_userLogFields[] = "user_name";
$this->_setDBValue("user_name", $this->_userName);
} else {
$this->_setError("user_name", $locale['u121']);
}
} else {
$this->_setError("user_name", "The selected username is not allowed.");
}
}
} else {
$this->_setError("user_name", $locale['u122'], TRUE);
}
}
<?php
/*-------------------------------------------------------+
| PHPFusion Content Management System
| Copyright (C) PHP Fusion Inc
| https://phpfusion.com/
+--------------------------------------------------------+
| Filename: UserFieldsInput.class.php
| Author: Hans Kristian Flaatten (Starefossen)
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
if (!defined("IN_FUSION")) {
die("Access Denied");
}
require_once CLASSES."PasswordAuth.class.php";
class UserFieldsInput {
public $adminActivation = 1;
public $emailVerification = 1;
public $isAdminPanel = FALSE;
public $verifyNewEmail = FALSE;
public $userData;
public $validation = 0;
public $registration = FALSE;
// On insert or admin edit
public $skipCurrentPass = FALSE;
private $_completeMessage;
private $_errorMessages = [];
private $_fieldsRequired = [];
private $_method;
private $_noErrors = TRUE;
private $_userEmail;
private $_userHideEmail;
private $_userName;
private $_userNameLast;
// Passwords
private $_isValidCurrentPassword = FALSE;
private $_isValidCurrentAdminPassword = FALSE;
private $_userHash = FALSE;
private $_userPassword = FALSE;
private $_newUserPassword = FALSE;
private $_newUserPassword2 = FALSE;
private $_newUserPasswordHash = FALSE;
private $_newUserPasswordSalt = FALSE;
private $_newUserPasswordAlgo = FALSE;
private $_userAdminPassword = FALSE;
private $_newUserAdminPassword = FALSE;
private $_newUserAdminPassword2 = FALSE;
// Database inputs
private $_dbFields;
private $_dbValues;
// User Log System
private $_userLogData = [];
private $_userLogFields = [];
// Settings
private $_userNameChange = TRUE;
// Flags
private $_themeChanged = FALSE;
public function saveInsert() {
$this->_method = "validate_insert";
$this->_fieldsRequired = [
"user_name" => TRUE,
"user_password" => TRUE,
"user_email" => TRUE,
"user_captcha" => TRUE,
"email_activation" => TRUE,
"user_namelast" => TRUE,
];
$this->userData = [
"user_password" => "", "user_algo" => "", "user_salt" => "",
"user_admin_password" => "", "user_admin_algo" => "", "user_admin_salt" => "",
"user_name" => "", "user_email" => ""
];
if ($this->_userNameChange) {
$this->_settUserName();
}
$this->_setNewUserPassword();
$this->_setUserEmail();
if ($this->validation == 1) {
$this->_setValidationError();
}
$this->_setEmptyFields();
$this->_setCustomUserFieldsData();
if ($this->_noErrors) {
if ($this->emailVerification) {
$this->_setEmailVerification();
} else {
$this->_setUserDataInput();
}
}
$this->_settUserNameLast();
}
public function saveUpdate() {
$this->_method = "validate_update";
$this->_settUserName();
$this->_setNewUserPassword();
$this->_setNewAdminPassword();
$this->_setUserEmail();
if ($this->validation == 1) {
$this->_setValidationError();
}
$this->_setEmptyFields();
$this->_setUserAvatar();
$this->_setCustomUserFieldsData();
if ($this->_noErrors) {
$this->_setUserDataUpdate();
}
}
public function getErrorsArray() {
return $this->_errorMessages;
}
public function displayMessages() {
global $locale;
if ($this->_noErrors) {
if ($this->_method == "validate_insert") {
$title = $locale['u170'];
$message = "<br />n".$this->_completeMessage."<br /><br />n";
} else {
$title = $locale['u169'];
$message = "<br />n".$this->_completeMessage."<br /><br />n";
}
} else {
$title = $this->_method == "validate_insert" ? $locale['u165'] : $locale['u164'];
$message = $title." ".$locale['u167']."<br /><br />n";
foreach ($this->_errorMessages as $err => $msg) {
$message .= $msg."<br />n";
}
$message .= "n".$locale['u168'];
}
opentable($title);
echo "<div style='text-align:center'>".$message."</div>n";
closetable();
}
public function setUserNameChange($value) {
$this->_userNameChange = $value;
}
public function verifyCode($value) {
global $locale, $userdata;
if (!preg_check("/^[0-9a-z]{32}$/i", $value))
redirect("index.php");
$result = dbquery("SELECT * FROM ".DB_EMAIL_VERIFY." WHERE user_code='".$value."'");
if (dbrows($result)) {
$data = dbarray($result);
if ($data['user_id'] == $userdata['user_id']) {
if ($data['user_email'] != $userdata['user_email']) {
$result = dbquery("SELECT user_email FROM ".DB_USERS." WHERE user_email='".$data['user_email']."'");
if (dbrows($result)) {
$this->_noErrors = FALSE;
$this->_errorMessages[0] = $locale['u164']."<br />n".$locale['u121'];
} else {
$this->_completeMessage = $locale['u169'];
}
$result = dbquery("UPDATE ".DB_USERS." SET user_email='".$data['user_email']."' WHERE user_id='".$data['user_id']."'");
$result = dbquery("DELETE FROM ".DB_EMAIL_VERIFY." WHERE user_id='".$data['user_id']."'");
}
} else {
redirect("index.php");
}
} else {
redirect("index.php");
}
}
public function themeChanged() {
return $this->_themeChanged;
}
private function _settUserName() {
global $locale;
$this->_userName = isset($_POST['user_name']) ? stripinput(trim(preg_replace("/ +/i", " ", $_POST['user_name']))) : "";
if ($this->_userName != "" && $this->_userName != $this->userData['user_name']) {
if (!preg_match("/^[p{Latin}p{Arabic}p{Cyrillic}p{Han}p{Hebrew}a-zA-Zp{N}]+h?[p{N}p{Latin}p{Arabic}p{Cyrillic}p{Han}p{Hebrew}a-zA-Z]*$/um", $this->_userName)) {
$this->_setError("user_name", $locale['u120']);
} else {
$name_active = dbcount("(user_id)", DB_USERS, "user_name='".$this->_userName."'");
$name_inactive = dbcount("(user_code)", DB_NEW_USERS, "user_name='".$this->_userName."'");
if ($name_active == 0 && $name_inactive == 0) {
$this->_userLogFields[] = "user_name";
$this->_setDBValue("user_name", $this->_userName);
} else {
$this->_setError("user_name", $locale['u121']);
}
}
} else {
$this->_setError("user_name", $locale['u122'], TRUE);
}
}
private function _settUserNameLast() {
global $locale;
$this->_userNameLast = isset($_POST['user_namelast']) ? stripinput(trim(preg_replace("/ +/i", " ", $_POST['user_namelast']))) : "";
if ($this->_userNameLast != "" && $this->_userNameLast != $this->userData['user_namelast']) {
if (!preg_match("/^[p{Latin}p{Arabic}p{Cyrillic}p{Han}p{Hebrew}a-zA-Zp{N}]+h?[p{N}p{Latin}p{Arabic}p{Cyrillic}p{Han}p{Hebrew}a-zA-Z]*$/um", $this->_userNameLast)) {
$this->_setError("user_namelast", $locale['u120']);
} else {
include INFUSIONS."eligible_registrants/infusion_db.php";
$name_eligible = dbcount("(er_id)", DB_ELIGIBLE_REGS, "er_name='".$this->_userNameLast."'");
if ($name_eligible == 1) {
$this->_userLogFields[] = "user_namelast";
$this->_setDBValue("user_namelast", $this->_userNameLast);
} else {
$this->_setError("user_namelast", "The selected username is not allowed.");
}
}
} else {
$this->_setError("user_namelast", $locale['u122'], TRUE);
}
}
private function _isValidCurrentPassword($loginPass = TRUE, $skipCurrentPass = FALSE) {
if ($loginPass && !$skipCurrentPass) {
$this->_userHash = $this->_getPasswordInput("user_hash");
$this->_userPassword = $this->_getPasswordInput("user_password");
$password = $this->_userPassword;
$hash = $this->userData['user_password'];
$salt = $this->userData['user_salt'];
$algo = $this->userData['user_algo'];
} else if ($loginPass == FALSE && !$skipCurrentPass) {
$this->_userAdminPassword = $this->_getPasswordInput("user_admin_password");
$password = $this->_userAdminPassword;
$hash = $this->userData['user_admin_password'];
$salt = $this->userData['user_admin_salt'];
$algo = $this->userData['user_admin_algo'];
}
if ($skipCurrentPass == FALSE) {
// Check user auth
if ($loginPass && $this->_userHash != $hash) {
redirect(BASEDIR."index.php");
}
// Intialize password auth
$passAuth = new PasswordAuth();
$passAuth->inputPassword = $password;
$passAuth->currentAlgo = $algo;
$passAuth->currentSalt = $salt;
$passAuth->currentPasswordHash = $hash;
// Check if password is correct
if ($passAuth->isValidCurrentPassword(FALSE)) {
return TRUE;
} else {
return FALSE;
}
} else {
return TRUE;
}
}
// Set New User Password
private function _setNewUserPassword() {
global $locale;
$this->_isValidCurrentPassword = $this->_isValidCurrentPassword(TRUE, $this->skipCurrentPass);
$this->_newUserPassword = $this->_getPasswordInput("user_new_password");
$this->_newUserPassword2 = $this->_getPasswordInput("user_new_password2");
if ($this->_newUserPassword) {
// Set new password
if ($this->_isValidCurrentPassword) {
// Intialize password auth
$passAuth = new PasswordAuth();
$passAuth->inputPassword = $this->_userPassword;
$passAuth->inputNewPassword = $this->_newUserPassword;
$passAuth->inputNewPassword2 = $this->_newUserPassword2;
// Check new password
$_isValidNewPassword = $passAuth->isValidNewPassword();
if ($_isValidNewPassword === 0) {
// New password is valid
$this->_newUserPasswordHash = $passAuth->getNewHash();
$this->_newUserPasswordAlgo = $passAuth->getNewAlgo();
$this->_newUserPasswordSalt = $passAuth->getNewSalt();
$this->_setDBValue("user_algo", $this->_newUserPasswordAlgo);
$this->_setDBValue("user_salt", $this->_newUserPasswordSalt);
$this->_setDBValue("user_password", $this->_newUserPasswordHash);
if (!$this->isAdminPanel && !$this->skipCurrentPass) {
Authenticate::setUserCookie($this->userData['user_id'], $passAuth->getNewSalt(),
$passAuth->getNewAlgo(), FALSE);
}
} else {
if ($_isValidNewPassword === 1) {
// New Password equal old password
$this->_setError("user_password", $locale['u134'].$locale['u146'].$locale['u133'].".");
} else if ($_isValidNewPassword === 2) {
// The two new passwords are not identical
$this->_setError("user_password", $locale['u148']);
} else if ($_isValidNewPassword === 3) {
// New password contains invalid chars / symbols
$this->_setError("user_password", $locale['u134'].$locale['u142']."<br />".$locale['u147']);
}
}
} else {
// Current user password is invalid
$this->_setError("user_password", $locale['u149']);
}
} else {
// New user password is empty
$this->_setError("user_password", $locale['u134'].$locale['u143a'], TRUE);
}
}
// Set New Admin Password
private function _setNewAdminPassword() {
global $locale;
// Only accept if user is admin, updating his profile (not admin panel)
if (iADMIN && $this->_method == "validate_update" && !$this->isAdminPanel) {
if ($this->_getPasswordInput("user_admin_password") == "") {
if ($this->userData['user_admin_password'] == "") {
$this->_isValidCurrentAdminPassword = TRUE;
$showError = FALSE;
} else {
$this->_isValidCurrentAdminPassword = FALSE;
$showError = TRUE;
}
} else {
$this->_isValidCurrentAdminPassword = $this->_isValidCurrentPassword(FALSE, FALSE);
$showError = TRUE;
}
//$this->_isValidCurrentAdminPassword = $this->_isValidCurrentPassword(false, false);
$this->_newUserAdminPassword = $this->_getPasswordInput("user_new_admin_password");
$this->_newUserAdminPassword2 = $this->_getPasswordInput("user_new_admin_password2");
// Require current password
if ($this->_isValidCurrentAdminPassword) {
// Require current admin password
if ($this->_isValidCurrentPassword) {
if ($this->_userAdminPassword != $this->_userPassword) {
// Intialize password auth
$passAuth = new PasswordAuth();
$passAuth->inputPassword = $this->_userAdminPassword;
$passAuth->inputNewPassword = $this->_newUserAdminPassword;
$passAuth->inputNewPassword2 = $this->_newUserAdminPassword2;
// Check admin new password
$_isValidNewPassword = $passAuth->isValidNewPassword();
if ($_isValidNewPassword === 0) {
// New password is valid
$this->_setDBValue("user_admin_algo", $passAuth->getNewAlgo());
$this->_setDBValue("user_admin_salt", $passAuth->getNewSalt());
$this->_setDBValue("user_admin_password", $passAuth->getNewHash());
} else {
if ($_isValidNewPassword === 1) {
// New Password equal old password
$this->_setError("user_password", $locale['u144'].$locale['u146'].$locale['u131']);
} else if ($_isValidNewPassword === 2) {
// The two new passwords are not identical
$this->_setError("user_password", $locale['u148a']);
} else if ($_isValidNewPassword === 3) {
// New password contains invalid chars / symbols
$this->_setError("user_password", $locale['u144'].$locale['u142']."<br />".$locale['u147']);
}
}
} else {
// New admin password equal Login password
$this->_setError("user_admin_password", $locale['u144'].$locale['u146'].$locale['u133']);
}
} else {
// Current login password is invalid
$this->_setError("user_admin_password", $locale['u149b']);
}
} else {
// Current admin password is invalid
$this->_setError("user_admin_password", $locale['u149a'], $showError);
}
}
}
// Set New User Email
private function _setUserEmail() {
global $locale, $settings;
$this->_userEmail = (isset($_POST['user_email']) ? stripinput(trim(preg_replace("/ +/i", " ", $_POST['user_email']))) : "");
if ($this->_userEmail != "" && $this->_userEmail != $this->userData['user_email']) {
// Require user password for email change
if ($this->_isValidCurrentPassword) {
// Require a valid email account
if (preg_check("/^[-0-9A-Z_.]{1,50}@([-0-9A-Z_.]+.){1,50}([0-9A-Z]){2,4}$/i", $this->_userEmail)) {
$email_domain = substr(strrchr($this->_userEmail, "@"), 1);
if (dbcount("(blacklist_id)", DB_BLACKLIST, "blacklist_email='".$this->_userEmail."' OR blacklist_email='".$email_domain."'") != 0) {
$this->_setError("user_email", $locale['u124']);
} else {
$email_active = dbcount("(user_id)", DB_USERS, "user_email='".$this->_userEmail."'");
$email_inactive = dbcount("(user_code)", DB_NEW_USERS, "user_email='".$this->_userEmail."'");
if ($email_active == 0 && $email_inactive == 0) {
if ($this->verifyNewEmail && $settings['email_verification'] == "1") {
$this->_verifyNewEmail();
} else {
$this->_userLogFields[] = "user_email";
$this->_setDBValue("user_email", $this->_userEmail);
}
} else {
$this->_setError("user_email", $locale['u125']);
}
}
} else {
$this->_setError("user_email", $locale['u123']);
}
} else {
$this->_setError("user_email", $locale['u156']);
}
} else {
$this->_setError("user_email", $locale['u126'], TRUE);
}
}
private function _verifyNewEmail() {
global $locale, $settings, $userdata;
require_once INCLUDES."sendmail_include.php";
mt_srand((double)microtime() * 1000000);
$salt = "";
for ($i = 0; $i <= 10; $i++) {
$salt .= chr(rand(97, 122));
}
$user_code = md5($this->_userEmail.$salt);
$email_verify_link = $settings['siteurl']."edit_profile.php?code=".$user_code;
$mailbody = str_replace(
["[USER_NAME]", "[EMAIL_VERIFY_LINK]", '[SITEUSERNAME]', '[SITENAME]'],
[$userdata['user_name'], $email_verify_link, $settings['siteusername'], $settings['sitename']],
$locale['u203']
);
sendemail($this->_userName, $this->_userEmail, $settings['siteusername'], $settings['siteemail'], str_replace('[SITENAME]', $settings['sitename'], $locale['u202']), $mailbody);
$result = dbquery("DELETE FROM ".DB_EMAIL_VERIFY." WHERE user_id='".$this->userData['user_id']."'");
$result = dbquery("INSERT INTO ".DB_EMAIL_VERIFY." (user_id, user_code, user_email, user_datestamp) VALUES('".$this->userData['user_id']."', '$user_code', '".$this->_userEmail."', '".time()."')");
}
private function _setValidationError() {
global $locale, $settings;
$_CAPTCHA_IS_VALID = FALSE;
include INCLUDES."captchas/".$settings['captcha']."/captcha_check.php";
if ($_CAPTCHA_IS_VALID == FALSE) {
$this->_setError("user_captcha", $locale['u194']);
}
}
private function _setUserAvatar() {
global $locale, $settings;
if (isset($_POST['delAvatar'])) {
if ($this->userData['user_avatar'] != "" && file_exists(IMAGES."avatars/".$this->userData['user_avatar']) &&
is_file(IMAGES."avatars/".$this->userData['user_avatar'])) {
unlink(IMAGES."avatars/".$this->userData['user_avatar']);
}
$this->_setDBValue("user_avatar", "");
}
if (isset($_FILES['user_avatar']) && $_FILES['user_avatar']['name'] != "") {
require_once INCLUDES."infusions_include.php";
$avatarUpload = upload_image(
"user_avatar", "", IMAGES."avatars/", "2000", "2000", $settings['avatar_filesize'], TRUE, TRUE, FALSE,
$settings['avatar_ratio'], IMAGES."avatars/", "[".$this->userData['user_id']."]", $settings['avatar_width'], $settings['avatar_height']
);
if ($avatarUpload['error'] == 0) {
if ($this->userData['user_avatar'] != "" && file_exists(IMAGES."avatars/".$this->userData['user_avatar']) &&
is_file(IMAGES."avatars/".$this->userData['user_avatar'])) {
unlink(IMAGES."avatars/".$this->userData['user_avatar']);
}
$this->_setDBValue("user_avatar", $avatarUpload['thumb1_name']);
} else if ($avatarUpload['error'] == 1) {
$this->_setError("user_avatar", str_replace('[LIMIT]', parsebytesize($settings['avatar_filesize']), $locale['u180']));
} else if ($avatarUpload['error'] == 2) {
$this->_setError("user_avatar", $locale['u181']);
} else if ($avatarUpload['error'] == 3) {
$this->_setError("user_avatar", str_replace(['[WIDTH]', '[HEIGHT]'], [$settings['avatar_width'], $settings['avatar_height']], $locale['u182']));
} else if ($avatarUpload['error'] == 4) {
// Invalid query string
} else if ($avatarUpload['error'] == 5) {
$this->_setError("user_avatar", $locale['u183']);
}
}
}
private function _setEmptyFields() {
$this->_userHideEmail = isset($_POST['user_hide_email']) && $_POST['user_hide_email'] == 1 ? 1 : 0;
$userStatus = $this->adminActivation == 1 ? 2 : 0;
if ($this->_method == "validate_insert") {
$this->_setDBValue("user_hide_email", $this->_userHideEmail);
$this->_setDBValue("user_avatar", "");
$this->_setDBValue("user_posts", 0);
$this->_setDBValue("user_threads", 0);
$this->_setDBValue("user_joined", time());
$this->_setDBValue("user_lastvisit", 0);
$this->_setDBValue("user_ip", USER_IP);
$this->_setDBValue("user_ip_type", USER_IP_TYPE);
$this->_setDBValue("user_rights", "");
$this->_setDBValue("user_groups", "");
$this->_setDBValue("user_level", 101);
$this->_setDBValue("user_status", $userStatus);
} else {
$this->_setDBValue("user_hide_email", $this->_userHideEmail);
}
}
private function _setCustomUserFieldsData() {
global $locale, $settings;
$profile_method = $this->_method;
if ($this->registration) {
$where = "WHERE field_registration='1'";
} else {
$where = "";
}
$result = dbquery(
"SELECT * FROM ".DB_USER_FIELDS." tuf
INNER JOIN ".DB_USER_FIELD_CATS." tufc ON tuf.field_cat = tufc.field_cat_id
".$where."
ORDER BY field_cat_order, field_order"
);
if (dbrows($result)) {
while ($data = dbarray($result)) {
$db_fields = "";
$db_values = "";
if ($data['field_required'] == 1) {
$this->_fieldsRequired[$data['field_name']] = TRUE;
}
if ($data['field_log'] == 1) {
$this->_userLogFields[] = $data['field_name'];
}
if (file_exists(LOCALE.LOCALESET."user_fields/".$data['field_name'].".php")) {
include LOCALE.LOCALESET."user_fields/".$data['field_name'].".php";
}
if (file_exists(INCLUDES."user_fields/".$data['field_name']."_include.php")) {
include INCLUDES."user_fields/".$data['field_name']."_include.php";
}
$this->_dbFields .= $db_fields;
$this->_dbValues .= $db_values;
}
}
}
private function _setDBValue($field, $value) {
if ($this->_method == "validate_insert") {
$this->_dbFields .= ($this->_dbFields != "" ? ", " : "").$field;
$this->_dbValues .= ($this->_dbValues != "" ? ", " : "")."'".$value."'";
} else {
if (in_array($field, $this->_userLogFields)) {
$this->_userLogData[$field] = $value;
}
$this->_dbValues .= ($this->_dbValues != "" ? ", " : "").$field."='".$value."'";
}
}
private function _setError($field, $message, $empty = FALSE) {
if (!$empty || (isset($this->_fieldsRequired[$field]) && $this->_fieldsRequired[$field] == TRUE)) {
$this->_noErrors = FALSE;
$this->_errorMessages[$field] = $message;
}
}
private function _isNotRequired($field) {
if (isset($this->_fieldsRequired[$field])) {
return FALSE;
} else {
return TRUE;
}
}
// Get Password Input - if empty return false
private function _getPasswordInput($field) {
return isset($_POST[$field]) && $_POST[$field] != "" ? $_POST[$field] : FALSE;
}
private function _setEmailVerification() {
global $settings, $locale, $userCode;
require_once INCLUDES."sendmail_include.php";
$userCode = hash_hmac("sha1", PasswordAuth::getNewPassword(), $this->_userEmail);
$activationUrl = $settings['siteurl']."register.php?email=".$this->_userEmail."&code=".$userCode;
$message = str_replace(
["ACTIVATION_LINK", "USER_NAME", "USER_PASSWORD", 'SITENAME', 'SITEUSERNAME'],
[$activationUrl, $this->_userName, $this->_newUserPassword, $settings['sitename'], $settings['siteusername']],
$locale['u152']
);
$template_result = dbquery(" SELECT * FROM ".DB_EMAIL_TEMPLATES." WHERE template_key='ACTIVATION' LIMIT 1");
if (dbrows($template_result)) {
$template_data = dbarray($template_result);
if ($template_data['template_active'] == "1") {
$tpl_message = strtr($template_data['template_content'], [
"ACTIVATION_LINK" => $activationUrl,
"USER_NAME" => $this->_userName,
"USER_PASSWORD" => $this->_newUserPassword,
'SITENAME' => $settings['sitename'],
'SITEUSERNAME' => $settings['siteusername']
]);
if (sendemail_template("ACTIVATION", str_replace('[SITENAME]', $settings['sitename'], $template_data['template_subject']), '', "", $template_data['template_sender_name'], "", $template_data['template_sender_email'], $this->_userName, $this->_userEmail, $tpl_message)) {
$this->newUserData();
} else {
$message = strtr($locale['u154'], [
'[LINK]' => "<a href='".BASEDIR."contact.php'><strong>",
'[/LINK]' => "</strong></a>"
]);
$this->_setError("email_activation", $locale['u153']."<br />".$message);
}
} else {
if (sendemail($this->_userName, $this->_userEmail, $settings['siteusername'], $settings['siteemail'], str_replace('[SITENAME]', $settings['sitename'], $locale['u151']), $message)) {
$this->newUserData();
} else {
$message = strtr($locale['u154'], [
'[LINK]' => "<a href='".BASEDIR."contact.php'><strong>",
'[/LINK]' => "</strong></a>"
]);
$this->_setError("email_activation", $locale['u153']."<br />".$message);
}
}
} else {
if (sendemail($this->_userName, $this->_userEmail, $settings['siteusername'], $settings['siteemail'], str_replace('[SITENAME]', $settings['sitename'], $locale['u151']), $message)) {
$this->newUserData();
} else {
$message = strtr($locale['u154'], [
'[LINK]' => "<a href='".BASEDIR."contact.php'><strong>",
'[/LINK]' => "</strong></a>"
]);
$this->_setError("email_activation", $locale['u153']."<br />".$message);
}
}
}
private function newUserData() {
global $locale, $userCode;
$userInfo = serialize([
"user_name" => $this->_userName,
"user_password" => $this->_newUserPasswordHash,
"user_salt" => $this->_newUserPasswordSalt,
"user_algo" => $this->_newUserPasswordAlgo,
"user_email" => $this->_userEmail,
"user_field_fields" => $this->_dbFields,
"user_field_inputs" => $this->_dbValues
]);
$userInfo = base64_encode($userInfo);
$result = dbquery(
"INSERT INTO ".DB_NEW_USERS." (
user_code, user_name, user_email, user_datestamp, user_info
) VALUES(
'".$userCode."', '".$this->_userName."', '".$this->_userEmail."', '".time()."', '".$userInfo."'
)"
);
$this->_completeMessage = $locale['u150'];
}
private function _setUserDataInput() {
global $locale, $settings, $userdata, $aidlink;
$result = dbquery("INSERT INTO ".DB_USERS." (".$this->_dbFields.") VALUES(".$this->_dbValues.")");
if ($this->adminActivation) {
$this->_completeMessage = $locale['u160']."<br /><br />n".$locale['u162'];
} else {
if (!$this->isAdminPanel) {
$this->_completeMessage = $locale['u160']."<br /><br />n".$locale['u161'];
} else {
require_once LOCALE.LOCALESET."admin/members_email.php";
require_once INCLUDES."sendmail_include.php";
$subject = $locale['email_create_subject'].$settings['sitename'];
$replace_this = ["[USER_NAME]", "[PASSWORD]", "[SITENAME]", "[SITEUSERNAME]"];
$replace_with = [$this->_userName, $this->_newUserPassword, $settings['sitename'], $settings['siteusername']];
$message = str_replace($replace_this, $replace_with, $locale['email_create_message']);
sendemail($this->_userName, $this->_userEmail, $settings['siteusername'], $settings['siteemail'], $subject, $message);
$this->_completeMessage = $locale['u172']."<br /><br />n<a href='members.php".$aidlink."'>".$locale['u173']."</a>";
$this->_completeMessage .= "<br /><br /><a href='members.php".$aidlink."&step=add'>".$locale['u174']."</a>";
}
}
}
private function _setUserDataUpdate() {
global $locale;
$this->_saveUserLog();
$result = dbquery("UPDATE ".DB_USERS." SET ".$this->_dbValues." WHERE user_id='".$this->userData['user_id']."'");
$this->_completeMessage = $locale['u163'];
}
private function _saveUserLog() {
$i = 0;
$sql = "";
foreach ($this->_userLogData as $field => $value) {
if ($this->userData[$field] != $value) {
if ($i == 0) {
$sql = "INSERT INTO ".DB_USER_LOG." (userlog_user_id, userlog_field, userlog_value_new, userlog_value_old, userlog_timestamp) VALUES ";
}
$sql .= ($i > 0 ? ", " : "")."(".$this->userData['user_id'].", '".$field."', '".$value."', '".$this->userData[$field]."', ".time().")";
$i++;
}
}
if ($sql != "") {
$result = dbquery($sql);
}
}
}
Category Forum
Settings - 8Labels
Statistics
0 participants
Notifications
You are not receiving notifications from this thread.
Related Questions