phpBB

Code Changes

File: includes/ucp/ucp_register.php

  Unmodified   Added   Modified   Removed
Line 37Line 37

include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);



include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);


		$confirm_id		= request_var('confirm_id', '');

 
		$coppa			= (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false;
$agreed = (!empty($_POST['agreed'])) ? 1 : 0;
$submit = (isset($_POST['submit'])) ? true : false;
$change_lang = request_var('change_lang', '');
$user_lang = request_var('lang', $user->lang_name);

		$coppa			= (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false;
$agreed = (!empty($_POST['agreed'])) ? 1 : 0;
$submit = (isset($_POST['submit'])) ? true : false;
$change_lang = request_var('change_lang', '');
$user_lang = request_var('lang', $user->lang_name);



// not so fast, buddy
if (($submit && !check_form_key('ucp_register', false, '', false, $config['min_time_reg']))
|| (!$submit && !check_form_key('ucp_register_terms', false, '', false, $config['min_time_terms'])))
{
$agreed = false;
}

 
		
if ($agreed)
{

		
if ($agreed)
{

Line 60Line 51
		{
add_form_key('ucp_register_terms');
}

		{
add_form_key('ucp_register_terms');
}



 

if ($change_lang || $user_lang != $config['default_lang'])
{
$use_lang = ($change_lang) ? basename($change_lang) : basename($user_lang);



if ($change_lang || $user_lang != $config['default_lang'])
{
$use_lang = ($change_lang) ? basename($change_lang) : basename($user_lang);


			if (file_exists($phpbb_root_path . 'language/' . $use_lang . '/'))

			if (!validate_language_iso_name($use_lang))

			{
if ($change_lang)
{

			{
if ($change_lang)
{

Line 76Line 66
					$agreed = (empty($_GET['change_lang'])) ? 0 : $agreed;
}


					$agreed = (empty($_GET['change_lang'])) ? 0 : $agreed;
}


				$user->lang_name = $lang = $use_lang;
$user->lang_path = $phpbb_root_path . 'language/' . $lang . '/';

				$user->lang_name = $user_lang = $use_lang;


				$user->lang = array();

				$user->lang = array();

 
				$user->data['user_lang'] = $user->lang_name;

				$user->add_lang(array('common', 'ucp'));
}
else

				$user->add_lang(array('common', 'ucp'));
}
else

Line 87Line 77
				$user_lang = $user->lang_name;
}
}

				$user_lang = $user->lang_name;
}
}

 



$cp = new custom_profile();

$error = $cp_data = $cp_error = array();



$cp = new custom_profile();

$error = $cp_data = $cp_error = array();


		//

 
		if (!$agreed || ($coppa === false && $config['coppa_enable']) || ($coppa && !$config['coppa_enable']))
{
$add_lang = ($change_lang) ? '&change_lang=' . urlencode($change_lang) : '';
$add_coppa = ($coppa !== false) ? '&coppa=' . $coppa : '';


		if (!$agreed || ($coppa === false && $config['coppa_enable']) || ($coppa && !$config['coppa_enable']))
{
$add_lang = ($change_lang) ? '&change_lang=' . urlencode($change_lang) : '';
$add_coppa = ($coppa !== false) ? '&coppa=' . $coppa : '';


			$s_hidden_fields = ($confirm_id) ? array('confirm_id' => $confirm_id) : array();



			$s_hidden_fields = array(
'change_lang' => $change_lang,
);


// If we change the language, we want to pass on some more possible parameter.
if ($change_lang)
{


// If we change the language, we want to pass on some more possible parameter.
if ($change_lang)
{

				// We do not include the password!

				// We do not include the password

				$s_hidden_fields = array_merge($s_hidden_fields, array(
'username' => utf8_normalize_nfc(request_var('username', '', true)),
'email' => strtolower(request_var('email', '')),
'email_confirm' => strtolower(request_var('email_confirm', '')),

				$s_hidden_fields = array_merge($s_hidden_fields, array(
'username' => utf8_normalize_nfc(request_var('username', '', true)),
'email' => strtolower(request_var('email', '')),
'email_confirm' => strtolower(request_var('email_confirm', '')),

					'confirm_code'		=> request_var('confirm_code', ''),

 
					'lang'				=> $user->lang_name,
'tz' => request_var('tz', (float) $config['board_timezone']),
));

					'lang'				=> $user->lang_name,
'tz' => request_var('tz', (float) $config['board_timezone']),
));

 


			}

			}

 

// Checking amount of available languages
$sql = 'SELECT lang_id
FROM ' . LANG_TABLE;
$result = $db->sql_query($sql);

$lang_row = array();
while ($row = $db->sql_fetchrow($result))
{
$lang_row[] = $row;
}
$db->sql_freeresult($result);


if ($coppa === false && $config['coppa_enable'])
{


if ($coppa === false && $config['coppa_enable'])
{

Line 121Line 125
				unset($now);

$template->assign_vars(array(

				unset($now);

$template->assign_vars(array(

 
					'S_LANG_OPTIONS'	=> (sizeof($lang_row) > 1) ? language_select($user_lang) : '',

					'L_COPPA_NO'		=> sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday),
'L_COPPA_YES' => sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday),


					'L_COPPA_NO'		=> sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday),
'L_COPPA_YES' => sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday),


Line 135Line 140
			else
{
$template->assign_vars(array(

			else
{
$template->assign_vars(array(

 
					'S_LANG_OPTIONS'	=> (sizeof($lang_row) > 1) ? language_select($user_lang) : '',

					'L_TERMS_OF_USE'	=> sprintf($user->lang['TERMS_OF_USE_CONTENT'], $config['sitename'], generate_board_url()),

'S_SHOW_COPPA' => false,
'S_REGISTRATION' => true,
'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields),
'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register' . $add_lang . $add_coppa),

					'L_TERMS_OF_USE'	=> sprintf($user->lang['TERMS_OF_USE_CONTENT'], $config['sitename'], generate_board_url()),

'S_SHOW_COPPA' => false,
'S_REGISTRATION' => true,
'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields),
'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register' . $add_lang . $add_coppa),

					'S_TIME'			=> 1000 * ((int) $config['min_time_terms']),

 
					)
);
}

					)
);
}

 
			unset($lang_row);


$this->tpl_name = 'ucp_agreement';
return;
}




$this->tpl_name = 'ucp_agreement';
return;
}



		// Try to manually determine the timezone and adjust the dst if the server date/time complies with the default setting +/- 1
$timezone = date('Z') / 3600;
$is_dst = date('I');

if ($config['board_timezone'] == $timezone || $config['board_timezone'] == ($timezone - 1))

		// The CAPTCHA kicks in here. We can't help that the information gets lost on language change. 
if ($config['enable_confirm'])




		{

		{

			$timezone = ($is_dst) ? $timezone - 1 : $timezone;




			include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_REG);
}





			if (!isset($user->lang['tz_zones'][(string) $timezone]))
{
$timezone = $config['board_timezone'];
}
}
else
{

 
			$is_dst = $config['board_dst'];
$timezone = $config['board_timezone'];

			$is_dst = $config['board_dst'];
$timezone = $config['board_timezone'];

		}

 

$data = array(
'username' => utf8_normalize_nfc(request_var('username', '', true)),


$data = array(
'username' => utf8_normalize_nfc(request_var('username', '', true)),

Line 176Line 174
			'password_confirm'	=> request_var('password_confirm', '', true),
'email' => strtolower(request_var('email', '')),
'email_confirm' => strtolower(request_var('email_confirm', '')),

			'password_confirm'	=> request_var('password_confirm', '', true),
'email' => strtolower(request_var('email', '')),
'email_confirm' => strtolower(request_var('email_confirm', '')),

			'confirm_code'		=> request_var('confirm_code', ''),

 
			'lang'				=> basename(request_var('lang', $user->lang_name)),
'tz' => request_var('tz', (float) $timezone),
);

			'lang'				=> basename(request_var('lang', $user->lang_name)),
'tz' => request_var('tz', (float) $timezone),
);

Line 196Line 193
					array('string', false, 6, 60),
array('email')),
'email_confirm' => array('string', false, 6, 60),

					array('string', false, 6, 60),
array('email')),
'email_confirm' => array('string', false, 6, 60),

				'confirm_code'		=> array('string', !$config['enable_confirm'], 5, 8),

 
				'tz'				=> array('num', false, -14, 14),

				'tz'				=> array('num', false, -14, 14),

				'lang'				=> array('match', false, '#^[a-z_\-]{2,}$#i'),

				'lang'				=> array('language_iso_name'),

			));


			));


			// Replace "error" strings with their real, localised form
$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);

// DNSBL check
if ($config['check_dnsbl'])

			if (!check_form_key('ucp_register'))





			{

			{

				if (($dnsbl = $user->check_dnsbl('register')) !== false)
{
$error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);
}

				$error[] = $user->lang['FORM_INVALID'];




			}


			}


			// validate custom profile fields
$cp->submit_cp_field('register', $user->get_iso_lang_id(), $cp_data, $error);

			// Replace "error" strings with their real, localised form
$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);





			// Visual Confirmation handling
$wrong_confirm = false;

 
			if ($config['enable_confirm'])
{

			if ($config['enable_confirm'])
{

				if (!$confirm_id)


				$vc_response = $captcha->validate($data);
if ($vc_response !== false)

				{

				{

					$error[] = $user->lang['CONFIRM_CODE_WRONG'];
$wrong_confirm = true;

					$error[] = $vc_response;


				}

				}

				else
{
$sql = 'SELECT code
FROM ' . CONFIRM_TABLE . "
WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
AND session_id = '" . $db->sql_escape($user->session_id) . "'
AND confirm_type = " . CONFIRM_REG;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);

 




					if ($row)

				if ($config['max_reg_attempts'] && $captcha->get_attempt_count() > $config['max_reg_attempts'])

					{

					{

						if (strcasecmp($row['code'], $data['confirm_code']) === 0)
{
$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
AND session_id = '" . $db->sql_escape($user->session_id) . "'
AND confirm_type = " . CONFIRM_REG;
$db->sql_query($sql);

					$error[] = $user->lang['TOO_MANY_REGISTERS'];







						}

						}

						else
{
$error[] = $user->lang['CONFIRM_CODE_WRONG'];
$wrong_confirm = true;

 
						}

						}

					}
else



// DNSBL check
if ($config['check_dnsbl'])

					{

					{

						$error[] = $user->lang['CONFIRM_CODE_WRONG'];
$wrong_confirm = true;
}

				if (($dnsbl = $user->check_dnsbl('register')) !== false)
{
$error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);

				}
}

				}
}

 

// validate custom profile fields
$cp->submit_cp_field('register', $user->get_iso_lang_id(), $cp_data, $error);


if (!sizeof($error))
{


if (!sizeof($error))
{

Line 299Line 270
					$config['require_activation'] == USER_ACTIVATION_SELF ||
$config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable'])
{

					$config['require_activation'] == USER_ACTIVATION_SELF ||
$config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable'])
{

					$user_actkey = gen_rand_string(10);
$key_len = 54 - (strlen($server_url));
$key_len = ($key_len < 6) ? 6 : $key_len;
$user_actkey = substr($user_actkey, 0, $key_len);


					$user_actkey = gen_rand_string(mt_rand(6, 10));





					$user_type = USER_INACTIVE;
$user_inactive_reason = INACTIVE_REGISTER;
$user_inactive_time = time();

					$user_type = USER_INACTIVE;
$user_inactive_reason = INACTIVE_REGISTER;
$user_inactive_time = time();

Line 331Line 298
					'user_inactive_reason'	=> $user_inactive_reason,
'user_inactive_time' => $user_inactive_time,
);

					'user_inactive_reason'	=> $user_inactive_reason,
'user_inactive_time' => $user_inactive_time,
);

 

if ($config['new_member_post_limit'])
{
$user_row['user_new'] = 1;
}


// Register user...
$user_id = user_add($user_row, $cp_data);


// Register user...
$user_id = user_add($user_row, $cp_data);

Line 339Line 311
				if ($user_id === false)
{
trigger_error('NO_USER', E_USER_ERROR);

				if ($user_id === false)
{
trigger_error('NO_USER', E_USER_ERROR);

 
				}

// Okay, captcha, your job is done.
if ($config['enable_confirm'] && isset($captcha))
{
$captcha->reset();

				}

if ($coppa && $config['email_enable'])

				}

if ($coppa && $config['email_enable'])

Line 372Line 350

$messenger->to($data['email'], $data['username']);



$messenger->to($data['email'], $data['username']);


					$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);

					$messenger->anti_abuse_headers($config, $user);





$messenger->assign_vars(array(
'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),


$messenger->assign_vars(array(
'WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),

Line 446Line 421
		{
$s_hidden_fields['coppa'] = $coppa;
}

		{
$s_hidden_fields['coppa'] = $coppa;
}

		$s_hidden_fields = build_hidden_fields($s_hidden_fields);

 




 
		if ($config['enable_confirm'])
{
$s_hidden_fields = array_merge($s_hidden_fields, $captcha->get_hidden_fields());
}
$s_hidden_fields = build_hidden_fields($s_hidden_fields);

		$confirm_image = '';

// Visual Confirmation - Show images
if ($config['enable_confirm'])
{

		$confirm_image = '';

// Visual Confirmation - Show images
if ($config['enable_confirm'])
{

			$str = '';
if (!$change_lang)
{
$user->confirm_gc(CONFIRM_REG);

$sql = 'SELECT COUNT(session_id) AS attempts
FROM ' . CONFIRM_TABLE . "
WHERE session_id = '" . $db->sql_escape($user->session_id) . "'
AND confirm_type = " . CONFIRM_REG;
$result = $db->sql_query($sql);
$attempts = (int) $db->sql_fetchfield('attempts');
$db->sql_freeresult($result);

if ($config['max_reg_attempts'] && $attempts > $config['max_reg_attempts'])
{
trigger_error('TOO_MANY_REGISTERS');
}

$code = gen_rand_string(mt_rand(5, 8));
$confirm_id = md5(unique_id($user->ip));
$seed = hexdec(substr(unique_id(), 4, 10));

// compute $seed % 0x7fffffff
$seed -= 0x7fffffff * floor($seed / 0x7fffffff);

$sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array(
'confirm_id' => (string) $confirm_id,
'session_id' => (string) $user->session_id,
'confirm_type' => (int) CONFIRM_REG,
'code' => (string) $code,
'seed' => (int) $seed)
);
$db->sql_query($sql);
}
else
{
$str .= '&amp;change_lang=' . $change_lang;
}

$confirm_image = '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&amp;id=' . $confirm_id . '&amp;type=' . CONFIRM_REG . $str) . '" alt="" title="" />';
$s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';

			$template->assign_vars(array(
'CAPTCHA_TEMPLATE' => $captcha->get_template(),
));







































		}

//

		}

//

Line 516Line 457
			'PASSWORD_CONFIRM'	=> $data['password_confirm'],
'EMAIL' => $data['email'],
'EMAIL_CONFIRM' => $data['email_confirm'],

			'PASSWORD_CONFIRM'	=> $data['password_confirm'],
'EMAIL' => $data['email'],
'EMAIL_CONFIRM' => $data['email_confirm'],

			'CONFIRM_IMG'		=> $confirm_image,

 




			'L_CONFIRM_EXPLAIN'			=> sprintf($user->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'),

 
			'L_REG_COND'				=> $l_reg_cond,
'L_USERNAME_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
'L_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),

'S_LANG_OPTIONS' => language_select($data['lang']),
'S_TZ_OPTIONS' => tz_select($data['tz']),

			'L_REG_COND'				=> $l_reg_cond,
'L_USERNAME_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
'L_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),

'S_LANG_OPTIONS' => language_select($data['lang']),
'S_TZ_OPTIONS' => tz_select($data['tz']),

			'S_CONFIRM_CODE'	=> ($config['enable_confirm']) ? true : false,


			'S_CONFIRM_REFRESH'	=> ($config['enable_confirm'] && $config['confirm_refresh']) ? true : false,
'S_REGISTRATION' => true,

			'S_COPPA'			=> $coppa,
'S_HIDDEN_FIELDS' => $s_hidden_fields,
'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),

			'S_COPPA'			=> $coppa,
'S_HIDDEN_FIELDS' => $s_hidden_fields,
'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),

			'S_TIME'			=> 1000 * ((int) $config['min_time_reg']),
)
);

		));




//
$user->profile_fields = array();


//
$user->profile_fields = array();