XOOPS 2.5.6  Final
 All Classes Namespaces Files Functions Variables Pages
register.php
Go to the documentation of this file.
1 <?php
22 include dirname(__FILE__) . DIRECTORY_SEPARATOR . 'header.php';
23 
24 if ($GLOBALS['xoopsUser']) {
25  header('location: userinfo.php?uid= ' . $GLOBALS['xoopsUser']->getVar('uid'));
26  exit();
27 }
28 
29 if (!empty($_GET['op']) && in_array($_GET['op'], array('actv', 'activate'))) {
30  header("location: ./activate.php" . (empty($_SERVER['QUERY_STRING']) ? "" : "?" . $_SERVER['QUERY_STRING']));
31  exit();
32 }
33 
34 xoops_load('XoopsUserUtility');
35 $myts =& MyTextSanitizer::getInstance();
36 
37 $config_handler =& xoops_gethandler('config');
38 $GLOBALS['xoopsConfigUser'] = $config_handler->getConfigsByCat(XOOPS_CONF_USER);
39 if (empty($GLOBALS['xoopsConfigUser']['allow_register'])) {
40  redirect_header('index.php', 6, _US_NOREGISTER);
41  exit();
42 }
43 
44 $op = !isset($_POST['op']) ? 'register' : $_POST['op'];
45 $current_step = isset($_POST['step']) ? intval( $_POST['step'] ) : 0;
46 
47 // The newly introduced variable $_SESSION['profile_post'] is contaminated by $_POST, thus we use an old vaiable to hold uid parameter
48 $uid = !empty($_SESSION['profile_register_uid']) ? intval($_SESSION['profile_register_uid']) : 0;
49 
50 // First step is already secured by with the captcha Token so lets check the others
51 if ($current_step > 0 && !$GLOBALS['xoopsSecurity']->check()) {
52  redirect_header('user.php', 5, _PROFILE_MA_EXPIRED);
53  exit();
54 }
55 
56 $criteria = new CriteriaCompo();
57 $criteria->setSort("step_order");
58 $regstep_handler = xoops_getmodulehandler('regstep');
59 
60 if (!$steps = $regstep_handler->getAll($criteria, null, false, false)) {
61  redirect_header(XOOPS_URL . '/', 6, _PROFILE_MA_NOSTEPSAVAILABLE);
62  exit();
63 }
64 
65 foreach (array_keys($steps) as $key) {
66  $steps[$key]['step_no'] = $key + 1;
67 }
68 
69 $xoopsOption['template_main'] = 'profile_register.html';
70 include $GLOBALS['xoops']->path('header.php');
71 
72 $GLOBALS['xoopsTpl']->assign('steps', $steps);
73 $GLOBALS['xoopsTpl']->assign('lang_register_steps', _PROFILE_MA_REGISTER_STEPS);
74 
75 $xoBreadcrumbs[] = array('link' => XOOPS_URL . "/modules/" . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/register.php', 'title' => _PROFILE_MA_REGISTER);
76 if (isset($steps[$current_step])) {
77  $xoBreadcrumbs[] = array('title' => $steps[$current_step]['step_name']);
78 }
79 
80 $member_handler =& xoops_gethandler('member');
81 $profile_handler = xoops_getmodulehandler('profile');
82 
83 $fields = $profile_handler->loadFields();
84 $userfields = $profile_handler->getUserVars();
85 
86 if ($uid == 0) {
87  // No user yet? Create one and set default values.
88  $newuser = $member_handler->createUser();
89  $profile = $profile_handler->create();
90  if (count($fields) > 0) {
91  foreach (array_keys($fields) as $i) {
92  $fieldname = $fields[$i]->getVar('field_name');
93  if (in_array($fieldname, $userfields)) {
94  $default = $fields[$i]->getVar('field_default');
95  if ($default === '' || $default === null) {
96  continue;
97  }
98  $newuser->setVar($fieldname, $default);
99  }
100  }
101  }
102 } else {
103  // We already have a user? Just load it! Security is handled by token so there is no fake uid here.
104  $newuser = $member_handler->getUser($uid);
105  $profile = $profile_handler->get($uid);
106 }
107 
108 // Lets merge current $_POST with $_SESSION['profile_post'] so we can have access to info submited in previous steps
109 // Get all fields that we can expect from a $_POST inlcuding our private '_message_'
110 $fieldnames = array();
111 foreach (array_keys($fields) as $i ) {
112  $fieldnames[] = $fields[$i]->getVar('field_name');
113 }
114 $fieldnames = array_merge($fieldnames, $userfields);
115 $fieldnames[] = '_message_';
116 
117 // Get $_POST that matches above criteria, we do not need to store step, tokens, etc
118 $postfields = array();
119 foreach ($fieldnames as $fieldname ) {
120  if (isset($_POST[$fieldname])) {
121  $postfields[$fieldname] = $_POST[$fieldname];
122  }
123 }
124 
125 if ($current_step == 0) {
126  // Reset any previous session for first step
127  $_SESSION['profile_post'] = array();
128  $_SESSION['profile_register_uid'] = null;
129 } else {
130  // Merge current $_POST with $_SESSION['profile_post']
131  $_SESSION['profile_post'] = array_merge($_SESSION['profile_post'], $postfields);
132  $_POST = array_merge($_SESSION['profile_post'], $_POST);
133 }
134 
135 // Set vars from $_POST/$_SESSION['profile_post']
136 foreach (array_keys($fields) as $field) {
137  if (!isset($_POST[$field])) {
138  continue;
139  }
140 
141  $value = $fields[$field]->getValueForSave($_POST[$field]);
142  if (in_array($field, $userfields)) {
143  $newuser->setVar($field, $value);
144  } else {
145  $profile->setVar($field, $value);
146  }
147 }
148 
149 $stop = '';
150 
151 //Client side validation
152 if (isset($_POST['step']) && isset($_SESSION['profile_required'])) {
153  foreach ($_SESSION['profile_required'] as $name => $title) {
154  if (!isset($_POST[$name]) || empty($_POST[$name])) {
155  $stop .= sprintf(_FORM_ENTER, $title) . '<br />';
156  }
157  }
158 }
159 
160 // Check user data at first step
161 if ($current_step == 1) {
162  $uname = isset($_POST['uname']) ? $myts->stripSlashesGPC(trim($_POST['uname']) ) : '';
163  $email = isset($_POST['email']) ? $myts->stripSlashesGPC(trim($_POST['email']) ) : '';
164  $url = isset($_POST['url']) ? $myts->stripSlashesGPC(trim($_POST['url']) ) : '';
165  $pass = isset($_POST['pass']) ? $myts->stripSlashesGPC(trim($_POST['pass']) ) : '';
166  $vpass = isset($_POST['vpass']) ? $myts->stripSlashesGPC(trim($_POST['vpass']) ) : '';
167  $agree_disc = (isset($_POST['agree_disc']) && intval($_POST['agree_disc']) ) ? 1 : 0;
168 
169  if ($GLOBALS['xoopsConfigUser']['reg_dispdsclmr'] != 0 && $GLOBALS['xoopsConfigUser']['reg_disclaimer'] != '') {
170  if (empty($agree_disc)) {
171  $stop .= _US_UNEEDAGREE . '<br />';
172  }
173  }
174 
175  $newuser->setVar('uname', $uname);
176  $newuser->setVar('email', $email);
177  $newuser->setVar('pass', $pass ? md5($pass) : '');
178  $stop .= XoopsUserUtility::validate($newuser, $pass, $vpass);
179 
180  xoops_load('XoopsCaptcha');
181  $xoopsCaptcha = XoopsCaptcha::getInstance();
182  if (!$xoopsCaptcha->verify()) {
183  $stop .= $xoopsCaptcha->getMessage();
184  }
185 }
186 
187 // If the last step required SAVE or if we're on the last step then we will insert/update user on database
188 if ($current_step > 0 && empty($stop) && (!empty($steps[$current_step - 1]['step_save']) || !isset($steps[$current_step]))) {
189 
190  $isNew = $newuser->isNew();
191 
192  //Did created an user already? If not then let us set some extra info
193  if ($isNew) {
194  $uname = isset($_POST['uname']) ? $myts->stripSlashesGPC(trim($_POST['uname'])) : '';
195  $email = isset($_POST['email']) ? $myts->stripSlashesGPC(trim($_POST['email'])) : '';
196  $url = isset($_POST['url']) ? $myts->stripSlashesGPC(trim($_POST['url'])) : '';
197  $pass = isset($_POST['pass']) ? $myts->stripSlashesGPC(trim($_POST['pass'])) : '';
198  $newuser->setVar('uname', $uname);
199  $newuser->setVar('email', $email);
200  $newuser->setVar('pass', $pass ? md5($pass) : '');
201  $actkey = substr(md5(uniqid(mt_rand(), 1) ), 0, 8);
202  $newuser->setVar('actkey', $actkey, true);
203  $newuser->setVar('user_regdate', time(), true);
204  $newuser->setVar('uorder', $GLOBALS['xoopsConfig']['com_order'], true);
205  $newuser->setVar('umode', $GLOBALS['xoopsConfig']['com_mode'], true);
206  $newuser->setVar('theme', $GLOBALS['xoopsConfig']['theme_set'], true);
207  $newuser->setVar('user_avatar', 'avatars/blank.gif', true);
208  if ($GLOBALS['xoopsConfigUser']['activation_type'] == 1) {
209  $newuser->setVar('level', 1, true);
210  } else {
211  $newuser->setVar('level', 0, true);
212  }
213  }
214 
215  // Insert/update user and check if we have succeded
216  if (!$member_handler->insertUser($newuser)) {
217  $stop .= _US_REGISTERNG . "<br />";
218  $stop .= implode('<br />', $newuser->getErrors() );
219  } else {
220  // User inserted! Now insert custom profile fields
221  $profile->setVar('profile_id', $newuser->getVar('uid') );
222  $profile_handler->insert($profile);
223 
224  // We are good! If this is 'was' a new user then we handle notification
225  if ($isNew) {
226  if ($GLOBALS['xoopsConfigUser']['new_user_notify'] == 1 && !empty($GLOBALS['xoopsConfigUser']['new_user_notify_group'])) {
227  $xoopsMailer =& xoops_getMailer();
228  $xoopsMailer->reset();
229  $xoopsMailer->useMail();
230  $xoopsMailer->setToGroups($member_handler->getGroup($GLOBALS['xoopsConfigUser']['new_user_notify_group']));
231  $xoopsMailer->setFromEmail($GLOBALS['xoopsConfig']['adminmail']);
232  $xoopsMailer->setFromName($GLOBALS['xoopsConfig']['sitename']);
233  $xoopsMailer->setSubject(sprintf(_US_NEWUSERREGAT,$GLOBALS['xoopsConfig']['sitename']));
234  $xoopsMailer->setBody(sprintf(_US_HASJUSTREG, $newuser->getVar('uname')));
235  $xoopsMailer->send(true);
236  }
237 
238  $message = "";
239  if (!$member_handler->addUserToGroup(XOOPS_GROUP_USERS, $newuser->getVar('uid'))) {
240  $message = _PROFILE_MA_REGISTER_NOTGROUP . "<br />";
241  } else if ($GLOBALS['xoopsConfigUser']['activation_type'] == 1) {
242  XoopsUserUtility::sendWelcome($newuser);
243  } else if ($GLOBALS['xoopsConfigUser']['activation_type'] == 0) {
244  $xoopsMailer =& xoops_getMailer();
245  $xoopsMailer->reset();
246  $xoopsMailer->useMail();
247  $xoopsMailer->setTemplate('register.tpl');
248  $xoopsMailer->assign('SITENAME', $GLOBALS['xoopsConfig']['sitename']);
249  $xoopsMailer->assign('ADMINMAIL', $GLOBALS['xoopsConfig']['adminmail']);
250  $xoopsMailer->assign('SITEURL', XOOPS_URL."/");
251  $xoopsMailer->assign('X_UPASS', $_POST['vpass']);
252  $xoopsMailer->setToUsers($newuser);
253  $xoopsMailer->setFromEmail($GLOBALS['xoopsConfig']['adminmail']);
254  $xoopsMailer->setFromName($GLOBALS['xoopsConfig']['sitename']);
255  $xoopsMailer->setSubject(sprintf(_US_USERKEYFOR, $newuser->getVar('uname')));
256  if (!$xoopsMailer->send(true)) {
257  $_SESSION['profile_post']['_message_'] = 0;
258  } else {
259  $_SESSION['profile_post']['_message_'] = 1;
260  }
261  } else if ($GLOBALS['xoopsConfigUser']['activation_type'] == 2) {
262  $xoopsMailer =& xoops_getMailer();
263  $xoopsMailer->reset();
264  $xoopsMailer->useMail();
265  $xoopsMailer->setTemplate('adminactivate.tpl');
266  $xoopsMailer->assign('USERNAME', $newuser->getVar('uname'));
267  $xoopsMailer->assign('USEREMAIL', $newuser->getVar('email'));
268  $xoopsMailer->assign('USERACTLINK', XOOPS_URL . "/modules/" . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/activate.php?id=' . $newuser->getVar('uid') . '&actkey=' . $newuser->getVar('actkey', 'n'));
269  $xoopsMailer->assign('SITENAME', $GLOBALS['xoopsConfig']['sitename']);
270  $xoopsMailer->assign('ADMINMAIL', $GLOBALS['xoopsConfig']['adminmail']);
271  $xoopsMailer->assign('SITEURL', XOOPS_URL . "/");
272  $xoopsMailer->setToGroups($member_handler->getGroup($GLOBALS['xoopsConfigUser']['activation_group']));
273  $xoopsMailer->setFromEmail($GLOBALS['xoopsConfig']['adminmail']);
274  $xoopsMailer->setFromName($GLOBALS['xoopsConfig']['sitename']);
275  $xoopsMailer->setSubject(sprintf(_US_USERKEYFOR, $newuser->getVar('uname')));
276  if (!$xoopsMailer->send()) {
277  $_SESSION['profile_post']['_message_'] = 2;
278  } else {
279  $_SESSION['profile_post']['_message_'] = 3;
280  }
281  }
282  if ($message) {
283  $GLOBALS['xoopsTpl']->append('confirm', $message);
284  }
285  $_SESSION['profile_register_uid'] = $newuser->getVar('uid');
286  }
287  }
288 }
289 
290 if (!empty($stop) || isset($steps[$current_step])) {
291  include_once dirname(__FILE__) . '/include/forms.php';
292  $current_step = empty($stop) ? $current_step : $current_step - 1;
293  $reg_form = profile_getRegisterForm($newuser, $profile, $steps[$current_step]);
294  $reg_form->assign($GLOBALS['xoopsTpl']);
295  $GLOBALS['xoopsTpl']->assign('current_step', $current_step);
296  $GLOBALS['xoopsTpl']->assign('stop', $stop);
297 } else {
298  // No errors and no more steps, finish
299  $GLOBALS['xoopsTpl']->assign('finish', _PROFILE_MA_REGISTER_FINISH);
300  $GLOBALS['xoopsTpl']->assign('current_step', -1);
301  if ( $GLOBALS['xoopsConfigUser']['activation_type'] == 1 && !empty($_SESSION['profile_post']['pass'])) {
302  $GLOBALS['xoopsTpl']->assign('finish_login', _PROFILE_MA_FINISH_LOGIN);
303  $GLOBALS['xoopsTpl']->assign('finish_uname', $newuser->getVar('uname'));
304  $GLOBALS['xoopsTpl']->assign('finish_pass', htmlspecialchars($_SESSION['profile_post']['pass']));
305  }
306  if (isset($_SESSION['profile_post']['_message_'])) {
307  //todo, if user is activated by admin, then we should inform it along with error messages. _US_YOURREGMAILNG is not enough
308  $messages = array(_US_YOURREGMAILNG, _US_YOURREGISTERED, _US_YOURREGMAILNG, _US_YOURREGISTERED2);
309  $GLOBALS['xoopsTpl']->assign('finish_message', $messages[$_SESSION['profile_post']['_message_']]);
310  }
311  $_SESSION['profile_post'] = null;
312 }
313 
314 include dirname(__FILE__) . DIRECTORY_SEPARATOR . 'footer.php';
315 
316 ?>