phpBB/modules/ucp/ucp_register.php

   1 <?php
   2 /**
   3 *
   4 * @package ucp
   5 * @version $Id$
   6 * @copyright (c) 2005 phpBB Group
   7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
   8 *
   9 */
  10
  11 /**
  12 * @ignore
  13 */
  14 if (!defined('IN_PHPBB'))
  15 {
  16         exit;
  17 }
  18
  19 /**
  20 * ucp_register
  21 * Board registration
  22 * @package ucp
  23 */
  24 class ucp_register
  25 {
  26         var $u_action;
  27
  28         function main($id, $mode)
  29         {
  30                 //
  31                 if (phpbb::$config['require_activation'] == USER_ACTIVATION_DISABLE)
  32                 {
  33                         trigger_error('UCP_REGISTER_DISABLE');
  34                 }
  35
  36                 include(PHPBB_ROOT_PATH . 'includes/functions_profile_fields.' . PHP_EXT);
  37
  38                 $coppa                  = phpbb_request::is_set('coppa') ? ((request_var('coppa', false)) ? 1 : 0) : false;
  39                 $agreed                 = phpbb_request::variable('agreed', false, false, phpbb_request::POST) ? 1 : 0;
  40                 $submit                 = phpbb_request::is_set_post('submit');
  41                 $change_lang    = request_var('change_lang', '');
  42                 $user_lang              = request_var('lang', phpbb::$user->lang_name);
  43
  44                 if ($agreed)
  45                 {
  46                         add_form_key('ucp_register');
  47                 }
  48                 else
  49                 {
  50                         add_form_key('ucp_register_terms');
  51                 }
  52
  53                 if (phpbb::$config['enable_confirm'])
  54                 {
  55                         include(PHPBB_ROOT_PATH . 'includes/captcha/captcha_factory.' . PHP_EXT);
  56                         $captcha = phpbb_captcha_factory::get_instance(phpbb::$config['captcha_plugin']);
  57                         $captcha->init(CONFIRM_REG);
  58                 }
  59
  60                 if ($change_lang || $user_lang != phpbb::$config['default_lang'])
  61                 {
  62                         $use_lang = ($change_lang) ? basename($change_lang) : basename($user_lang);
  63
  64                         if (file_exists(phpbb::$user->lang_path . $use_lang . '/'))
  65                         {
  66                                 if ($change_lang)
  67                                 {
  68                                         $submit = false;
  69
  70                                         // Setting back agreed to let the user view the agreement in his/her language
  71                                         $agreed = (phpbb_request::is_set_post('change_lang')) ? 0 : $agreed;
  72                                 }
  73
  74                                 phpbb::$user->lang_name = $lang = $use_lang;
  75                                 phpbb::$user->lang = array();
  76                                 phpbb::$user->add_lang(array('common', 'ucp'));
  77                         }
  78                         else
  79                         {
  80                                 $change_lang = '';
  81                                 $user_lang = phpbb::$user->lang_name;
  82                         }
  83                 }
  84
  85                 $cp = new custom_profile();
  86
  87                 $error = $cp_data = $cp_error = array();
  88
  89
  90                 if (!$agreed || ($coppa === false && phpbb::$config['coppa_enable']) || ($coppa && !phpbb::$config['coppa_enable']))
  91                 {
  92                         $add_lang = ($change_lang) ? '&amp;change_lang=' . urlencode($change_lang) : '';
  93                         $add_coppa = ($coppa !== false) ? '&amp;coppa=' . $coppa : '';
  94
  95                         $s_hidden_fields = array();
  96
  97                         // If we change the language, we want to pass on some more possible parameter.
  98                         if ($change_lang)
  99                         {
 100                                 // We do not include the password
 101                                 $s_hidden_fields = array_merge($s_hidden_fields, array(
 102                                         'username'                      => utf8_normalize_nfc(request_var('username', '', true)),
 103                                         'email'                         => strtolower(request_var('email', '')),
 104                                         'email_confirm'         => strtolower(request_var('email_confirm', '')),
 105                                         'lang'                          => phpbb::$user->lang_name,
 106                                         'tz'                            => request_var('tz', (float) phpbb::$config['board_timezone']),
 107                                 ));
 108
 109                                 if (phpbb::$config['enable_confirm'])
 110                                 {
 111                                         $s_hidden_fields = array_merge($s_hidden_fields, $captcha->get_hidden_fields());
 112                                 }
 113                         }
 114
 115                         if ($coppa === false && phpbb::$config['coppa_enable'])
 116                         {
 117                                 $now = getdate();
 118                                 $coppa_birthday = phpbb::$user->format_date(mktime($now['hours'] + phpbb::$user->data['user_dst'], $now['minutes'], $now['seconds'], $now['mon'], $now['mday'] - 1, $now['year'] - 13), phpbb::$user->lang['DATE_FORMAT']);
 119                                 unset($now);
 120
 121                                 phpbb::$template->assign_vars(array(
 122                                         'L_COPPA_NO'            => sprintf(phpbb::$user->lang['UCP_COPPA_BEFORE'], $coppa_birthday),
 123                                         'L_COPPA_YES'           => sprintf(phpbb::$user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday),
 124
 125                                         'U_COPPA_NO'            => append_sid('ucp', 'mode=register&amp;coppa=0' . $add_lang),
 126                                         'U_COPPA_YES'           => append_sid('ucp', 'mode=register&amp;coppa=1' . $add_lang),
 127
 128                                         'S_SHOW_COPPA'          => true,
 129                                         'S_HIDDEN_FIELDS'       => build_hidden_fields($s_hidden_fields),
 130                                         'S_UCP_ACTION'          => append_sid('ucp', 'mode=register' . $add_lang),
 131                                 ));
 132                         }
 133                         else
 134                         {
 135                                 phpbb::$template->assign_vars(array(
 136                                         'L_TERMS_OF_USE'        => sprintf(phpbb::$user->lang['TERMS_OF_USE_CONTENT'], phpbb::$config['sitename'], generate_board_url()),
 137
 138                                         'S_SHOW_COPPA'          => false,
 139                                         'S_REGISTRATION'        => true,
 140                                         'S_HIDDEN_FIELDS'       => build_hidden_fields($s_hidden_fields),
 141                                         'S_UCP_ACTION'          => append_sid('ucp', 'mode=register' . $add_lang . $add_coppa),
 142                                 ));
 143                         }
 144
 145                         $this->tpl_name = 'ucp_agreement';
 146                         return;
 147                 }
 148
 149
 150                 // Try to manually determine the timezone and adjust the dst if the server date/time complies with the default setting +/- 1
 151                 $timezone = date('Z') / 3600;
 152                 $is_dst = date('I');
 153
 154                 if (phpbb::$config['board_timezone'] == $timezone || phpbb::$config['board_timezone'] == ($timezone - 1))
 155                 {
 156                         $timezone = ($is_dst) ? $timezone - 1 : $timezone;
 157
 158                         if (!isset(phpbb::$user->lang['tz_zones'][(string) $timezone]))
 159                         {
 160                                 $timezone = phpbb::$config['board_timezone'];
 161                         }
 162                 }
 163                 else
 164                 {
 165                         $is_dst = phpbb::$config['board_dst'];
 166                         $timezone = phpbb::$config['board_timezone'];
 167                 }
 168
 169                 $data = array(
 170                         'username'                      => utf8_normalize_nfc(request_var('username', '', true)),
 171                         'new_password'          => request_var('new_password', '', true),
 172                         'password_confirm'      => request_var('password_confirm', '', true),
 173                         'email'                         => strtolower(request_var('email', '')),
 174                         'email_confirm'         => strtolower(request_var('email_confirm', '')),
 175                         'lang'                          => basename(request_var('lang', phpbb::$user->lang_name)),
 176                         'tz'                            => request_var('tz', (float) $timezone),
 177                 );
 178
 179                 // Check and initialize some variables if needed
 180                 if ($submit)
 181                 {
 182                         $error = validate_data($data, array(
 183                                 'username'                      => array(
 184                                         array('string', false, phpbb::$config['min_name_chars'], phpbb::$config['max_name_chars']),
 185                                         array('username', '')),
 186                                 'new_password'          => array(
 187                                         array('string', false, phpbb::$config['min_pass_chars'], phpbb::$config['max_pass_chars']),
 188                                         array('password')),
 189                                 'password_confirm'      => array('string', false, phpbb::$config['min_pass_chars'], phpbb::$config['max_pass_chars']),
 190                                 'email'                         => array(
 191                                         array('string', false, 6, 60),
 192                                         array('email')),
 193                                 'email_confirm'         => array('string', false, 6, 60),
 194                                 'tz'                            => array('num', false, -14, 14),
 195                                 'lang'                          => array('match', false, '#^[a-z_\-]{2,}$#i'),
 196                         ));
 197                         if (!check_form_key('ucp_register'))
 198                         {
 199                                 $error[] = phpbb::$user->lang['FORM_INVALID'];
 200                         }
 201                         // Replace "error" strings with their real, localised form
 202                         $error = preg_replace('#^([A-Z_]+)$#e', "phpbb::\$user->lang('\\1')", $error);
 203
 204                         if (phpbb::$config['enable_confirm'])
 205                         {
 206                                 $vc_response = $captcha->validate();
 207                                 if ($vc_response)
 208                                 {
 209                                         $error[] = $vc_response;
 210                                 }
 211                                 else
 212                                 {
 213                                         $captcha->reset();
 214                                 }
 215                                 if (phpbb::$config['max_reg_attempts'] && $captcha->get_attempt_count() > phpbb::$config['max_reg_attempts'])
 216                                 {
 217                                         $error[] = phpbb::$user->lang['TOO_MANY_REGISTERS'];
 218                                 }
 219                         }
 220                         // DNSBL check
 221                         if (phpbb::$config['check_dnsbl'])
 222                         {
 223                                 if (($dnsbl = phpbb::$user->check_dnsbl('register')) !== false)
 224                                 {
 225                                         $error[] = sprintf(phpbb::$user->lang['IP_BLACKLISTED'], phpbb::$user->ip, $dnsbl[1]);
 226                                 }
 227                         }
 228
 229                         // validate custom profile fields
 230                         $cp->submit_cp_field('register', phpbb::$user->get_iso_lang_id(), $cp_data, $error);
 231
 232                         if (!sizeof($error))
 233                         {
 234                                 if ($data['new_password'] != $data['password_confirm'])
 235                                 {
 236                                         $error[] = phpbb::$user->lang['NEW_PASSWORD_ERROR'];
 237                                 }
 238
 239                                 if ($data['email'] != $data['email_confirm'])
 240                                 {
 241                                         $error[] = phpbb::$user->lang['NEW_EMAIL_ERROR'];
 242                                 }
 243                         }
 244
 245                         if (!sizeof($error))
 246                         {
 247                                 $server_url = generate_board_url();
 248
 249                                 // Which group by default?
 250                                 $group_name = ($coppa) ? 'REGISTERED_COPPA' : 'REGISTERED';
 251
 252                                 $sql = 'SELECT group_id
 253                                         FROM ' . GROUPS_TABLE . "
 254                                         WHERE group_name = '" . phpbb::$db->sql_escape($group_name) . "'
 255                                                 AND group_type = " . GROUP_SPECIAL;
 256                                 $result = phpbb::$db->sql_query($sql);
 257                                 $row = phpbb::$db->sql_fetchrow($result);
 258                                 phpbb::$db->sql_freeresult($result);
 259
 260                                 if (!$row)
 261                                 {
 262                                         trigger_error('NO_GROUP');
 263                                 }
 264
 265                                 $group_id = $row['group_id'];
 266
 267                                 if (($coppa ||
 268                                         phpbb::$config['require_activation'] == USER_ACTIVATION_SELF ||
 269                                         phpbb::$config['require_activation'] == USER_ACTIVATION_ADMIN) && phpbb::$config['email_enable'])
 270                                 {
 271                                         $user_actkey = gen_rand_string(10);
 272                                         $key_len = 54 - (strlen($server_url));
 273                                         $key_len = ($key_len < 6) ? 6 : $key_len;
 274                                         $user_actkey = substr($user_actkey, 0, $key_len);
 275
 276                                         $user_type = phpbb::USER_INACTIVE;
 277                                         $user_inactive_reason = INACTIVE_REGISTER;
 278                                         $user_inactive_time = time();
 279                                 }
 280                                 else
 281                                 {
 282                                         $user_type = phpbb::USER_NORMAL;
 283                                         $user_actkey = '';
 284                                         $user_inactive_reason = 0;
 285                                         $user_inactive_time = 0;
 286                                 }
 287
 288                                 $user_row = array(
 289                                         'username'                              => $data['username'],
 290                                         'user_password'                 => phpbb_hash($data['new_password']),
 291                                         'user_email'                    => $data['email'],
 292                                         'group_id'                              => (int) $group_id,
 293                                         'user_timezone'                 => (float) $data['tz'],
 294                                         'user_dst'                              => $is_dst,
 295                                         'user_lang'                             => $data['lang'],
 296                                         'user_type'                             => $user_type,
 297                                         'user_actkey'                   => $user_actkey,
 298                                         'user_ip'                               => phpbb::$user->ip,
 299                                         'user_regdate'                  => time(),
 300                                         'user_inactive_reason'  => $user_inactive_reason,
 301                                         'user_inactive_time'    => $user_inactive_time,
 302                                 );
 303
 304                                 // Register user...
 305                                 $user_id = user_add($user_row, $cp_data);
 306
 307                                 // This should not happen, because the required variables are listed above...
 308                                 if ($user_id === false)
 309                                 {
 310                                         trigger_error('NO_USER', E_USER_ERROR);
 311                                 }
 312
 313                                 if ($coppa && phpbb::$config['email_enable'])
 314                                 {
 315                                         $message = phpbb::$user->lang['ACCOUNT_COPPA'];
 316                                         $email_template = 'coppa_welcome_inactive';
 317                                 }
 318                                 else if (phpbb::$config['require_activation'] == USER_ACTIVATION_SELF && phpbb::$config['email_enable'])
 319                                 {
 320                                         $message = phpbb::$user->lang['ACCOUNT_INACTIVE'];
 321                                         $email_template = 'user_welcome_inactive';
 322                                 }
 323                                 else if (phpbb::$config['require_activation'] == USER_ACTIVATION_ADMIN && phpbb::$config['email_enable'])
 324                                 {
 325                                         $message = phpbb::$user->lang['ACCOUNT_INACTIVE_ADMIN'];
 326                                         $email_template = 'admin_welcome_inactive';
 327                                 }
 328                                 else
 329                                 {
 330                                         $message = phpbb::$user->lang['ACCOUNT_ADDED'];
 331                                         $email_template = 'user_welcome';
 332                                 }
 333
 334                                 if (phpbb::$config['email_enable'])
 335                                 {
 336                                         include_once(PHPBB_ROOT_PATH . 'includes/functions_messenger.' . PHP_EXT);
 337
 338                                         $messenger = new messenger(false);
 339
 340                                         $messenger->template($email_template, $data['lang']);
 341
 342                                         $messenger->to($data['email'], $data['username']);
 343
 344                                         $messenger->headers('X-AntiAbuse: Board servername - ' . phpbb::$config['server_name']);
 345                                         $messenger->headers('X-AntiAbuse: User_id - ' . phpbb::$user->data['user_id']);
 346                                         $messenger->headers('X-AntiAbuse: Username - ' . phpbb::$user->data['username']);
 347                                         $messenger->headers('X-AntiAbuse: User IP - ' . phpbb::$user->ip);
 348
 349                                         $messenger->assign_vars(array(
 350                                                 'WELCOME_MSG'   => htmlspecialchars_decode(sprintf(phpbb::$user->lang['WELCOME_SUBJECT'], phpbb::$config['sitename'])),
 351                                                 'USERNAME'              => htmlspecialchars_decode($data['username']),
 352                                                 'PASSWORD'              => htmlspecialchars_decode($data['new_password']),
 353                                                 'U_ACTIVATE'    => "$server_url/ucp." . PHP_EXT . "?mode=activate&u=$user_id&k=$user_actkey")
 354                                         );
 355
 356                                         if ($coppa)
 357                                         {
 358                                                 $messenger->assign_vars(array(
 359                                                         'FAX_INFO'              => phpbb::$config['coppa_fax'],
 360                                                         'MAIL_INFO'             => phpbb::$config['coppa_mail'],
 361                                                         'EMAIL_ADDRESS' => $data['email'],
 362                                                 ));
 363                                         }
 364
 365                                         $messenger->send(NOTIFY_EMAIL);
 366
 367                                         if (phpbb::$config['require_activation'] == USER_ACTIVATION_ADMIN)
 368                                         {
 369                                                 // Grab an array of user_id's with a_user permissions ... these users can activate a user
 370                                                 $admin_ary = phpbb::$acl->acl_get_list(false, 'a_user', false);
 371                                                 $admin_ary = (!empty($admin_ary[0]['a_user'])) ? $admin_ary[0]['a_user'] : array();
 372
 373                                                 // Also include founders
 374                                                 $where_sql = ' WHERE user_type = ' . phpbb::USER_FOUNDER;
 375
 376                                                 if (sizeof($admin_ary))
 377                                                 {
 378                                                         $where_sql .= ' OR ' . phpbb::$db->sql_in_set('user_id', $admin_ary);
 379                                                 }
 380
 381                                                 $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
 382                                                         FROM ' . USERS_TABLE . ' ' .
 383                                                         $where_sql;
 384                                                 $result = phpbb::$db->sql_query($sql);
 385
 386                                                 while ($row = phpbb::$db->sql_fetchrow($result))
 387                                                 {
 388                                                         $messenger->template('admin_activate', $row['user_lang']);
 389                                                         $messenger->to($row['user_email'], $row['username']);
 390                                                         $messenger->im($row['user_jabber'], $row['username']);
 391
 392                                                         $messenger->assign_vars(array(
 393                                                                 'USERNAME'                      => htmlspecialchars_decode($data['username']),
 394                                                                 'U_USER_DETAILS'        => "$server_url/memberlist." . PHP_EXT . "?mode=viewprofile&u=$user_id",
 395                                                                 'U_ACTIVATE'            => "$server_url/ucp." . PHP_EXT . "?mode=activate&u=$user_id&k=$user_actkey")
 396                                                         );
 397
 398                                                         $messenger->send($row['user_notify_type']);
 399                                                 }
 400                                                 phpbb::$db->sql_freeresult($result);
 401                                         }
 402                                 }
 403
 404                                 $message = $message . '<br /><br />' . sprintf(phpbb::$user->lang['RETURN_INDEX'], '<a href="' . append_sid('index') . '">', '</a>');
 405                                 trigger_error($message);
 406                         }
 407                 }
 408
 409                 $s_hidden_fields = array(
 410                         'agreed'                => 'true',
 411                         'change_lang'   => 0,
 412                 );
 413
 414                 if (phpbb::$config['coppa_enable'])
 415                 {
 416                         $s_hidden_fields['coppa'] = $coppa;
 417                 }
 418                 $s_hidden_fields = build_hidden_fields($s_hidden_fields);
 419
 420                 $confirm_image = '';
 421
 422                 // Visual Confirmation - Show images
 423
 424                 if (phpbb::$config['enable_confirm'])
 425                 {
 426                         if ($change_lang)
 427                         {
 428                                 $str = '&amp;change_lang=' . $change_lang;
 429                         }
 430                         else
 431                         {
 432                                 $str = '';
 433                         }
 434
 435                         phpbb::$template->assign_vars(array(
 436                                 'L_CONFIRM_EXPLAIN'             => sprintf(phpbb::$user->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars(phpbb::$config['board_contact']) . '">', '</a>'),
 437                                 'S_CAPTCHA'                             => $captcha->get_template(),
 438                         ));
 439                 }
 440
 441                 //
 442                 $l_reg_cond = '';
 443                 switch (phpbb::$config['require_activation'])
 444                 {
 445                         case USER_ACTIVATION_SELF:
 446                                 $l_reg_cond = phpbb::$user->lang['UCP_EMAIL_ACTIVATE'];
 447                         break;
 448
 449                         case USER_ACTIVATION_ADMIN:
 450                                 $l_reg_cond = phpbb::$user->lang['UCP_ADMIN_ACTIVATE'];
 451                         break;
 452                 }
 453
 454                 phpbb::$template->assign_vars(array(
 455                         'ERROR'                         => (sizeof($error)) ? implode('<br />', $error) : '',
 456                         'USERNAME'                      => $data['username'],
 457                         'PASSWORD'                      => $data['new_password'],
 458                         'PASSWORD_CONFIRM'      => $data['password_confirm'],
 459                         'EMAIL'                         => $data['email'],
 460                         'EMAIL_CONFIRM'         => $data['email_confirm'],
 461
 462                         'L_REG_COND'                            => $l_reg_cond,
 463                         'L_USERNAME_EXPLAIN'            => sprintf(phpbb::$user->lang[phpbb::$config['allow_name_chars'] . '_EXPLAIN'], phpbb::$config['min_name_chars'], phpbb::$config['max_name_chars']),
 464                         'L_PASSWORD_EXPLAIN'            => sprintf(phpbb::$user->lang[phpbb::$config['pass_complex'] . '_EXPLAIN'], phpbb::$config['min_pass_chars'], phpbb::$config['max_pass_chars']),
 465
 466                         'S_LANG_OPTIONS'        => language_select($data['lang']),
 467                         'S_TZ_OPTIONS'          => tz_select($data['tz']),
 468                         'S_CONFIRM_REFRESH'     => (phpbb::$config['enable_confirm'] && phpbb::$config['confirm_refresh']) ? true : false,
 469                         'S_COPPA'                       => $coppa,
 470                         'S_HIDDEN_FIELDS'       => $s_hidden_fields,
 471                         'S_UCP_ACTION'          => append_sid('ucp', 'mode=register'),
 472                 ));
 473
 474                 //
 475                 phpbb::$user->profile_fields = array();
 476
 477                 // Generate profile fields -> Template Block Variable profile_fields
 478                 $cp->generate_profile_fields('register', phpbb::$user->get_iso_lang_id());
 479
 480                 //
 481                 $this->tpl_name = 'ucp_register';
 482                 $this->page_title = 'UCP_REGISTRATION';
 483         }
 484 }
 485
 486 ?>