1: <?php
2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24:
25: $plugin_is_filter = 5 | FEATURE_PLUGIN;
26: $plugin_description = gettext("Provides a means for placing a user registration form on your theme pages.");
27: $plugin_author = "Stephen Billard (sbillard)";
28:
29: $option_interface = 'register_user';
30:
31: $_zp_conf_vars['special_pages']['register_user'] = array('define' => '_REGISTER_USER_', 'rewrite' => getOption('register_user_link'),
32: 'option' => 'register_user_link', 'default' => '_PAGE_/register');
33: $_zp_conf_vars['special_pages'][] = array('definition' => '%REGISTER_USER%', 'rewrite' => '_REGISTER_USER_');
34:
35: $_zp_conf_vars['special_pages'][] = array('define' => false, 'rewrite' => '%REGISTER_USER%', 'rule' => '^%REWRITE%/*$ index.php?p=' . 'register' . ' [L,QSA]');
36:
37:
38: if (getOption('register_user_address_info')) {
39: require_once(SERVERPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/comment_form/functions.php');
40: }
41:
42: 43: 44: 45:
46: class register_user {
47:
48: function __construct() {
49: global $_zp_authority;
50: setOptionDefault('register_user_link', '_PAGE_/register');
51: gettext($str = 'You have received this email because you registered with the user id %3$s on this site.' . "\n" . 'To complete your registration visit %1$s.');
52: setOptionDefault('register_user_text', getAllTranslations($str));
53: gettext($str = 'Click here to register for this site.');
54: setOptionDefault('register_user_page_tip', getAllTranslations($str));
55: gettext($str = 'Register');
56: setOptionDefault('register_user_page_link', getAllTranslations($str));
57: setOptionDefault('register_user_captcha', 0);
58: setOptionDefault('register_user_email_is_id', 1);
59: setOptionDefault('register_user_create_album', 0);
60: $mailinglist = $_zp_authority->getAdminEmail(ADMIN_RIGHTS);
61: if (count($mailinglist) == 0) {
62: setOption('register_user_notify', 0);
63: } else {
64: setOptionDefault('register_user_notify', 1);
65: }
66: }
67:
68: function getOptionsSupported() {
69: global $_zp_authority, $_common_notify_handler, $_zp_captcha;
70: $options = array(
71: gettext('Link text') => array('key' => 'register_user_page_link', 'type' => OPTION_TYPE_TEXTAREA,
72: 'order' => 1,
73: 'desc' => gettext('If this option is set, the visitor login form will include a link to this page. The link text will be labeled with the text provided.')),
74: gettext('Hint text') => array('key' => 'register_user_page_tip', 'type' => OPTION_TYPE_TEXTAREA,
75: 'order' => 2.5,
76: 'desc' => gettext('If this option is set, the visitor login form will include a link to this page. The link text will be labeled with the text provided.')),
77: gettext('Notify*') => array('key' => 'register_user_notify', 'type' => OPTION_TYPE_CHECKBOX,
78: 'order' => 4,
79: 'desc' => gettext('If checked, an e-mail will be sent to the gallery admin when a new user has verified his registration.')),
80: gettext('User album') => array('key' => 'register_user_create_album', 'type' => OPTION_TYPE_CHECKBOX,
81: 'order' => 6,
82: 'desc' => gettext('If checked, an album will be created and assigned to the user.')),
83: gettext('Email ID') => array('key' => 'register_user_email_is_id', 'type' => OPTION_TYPE_CHECKBOX,
84: 'order' => 4,
85: 'desc' => gettext('If checked, The use’s e-mail address will be used as his User ID.')),
86: gettext('Email notification text') => array('key' => 'register_user_text', 'type' => OPTION_TYPE_TEXTAREA,
87: 'order' => 3,
88: 'desc' => gettext('Text for the body of the email sent to the registrant for registration verification. <p class="notebox"><strong>Note:</strong> You must include <code>%1$s</code> in your message where you wish the <em>registration verification</em> link to appear. You may also insert the registrant’s <em>name</em> (<code>%2$s</code>), <em>user id</em> (<code>%3$s</code>), and <em>password</em>* (<code>%4$s</code>).<br /><br />*For security reasons we recommend <strong>not</strong> inserting the <em>password</em>.</p>')),
89: gettext('CAPTCHA') => array('key' => 'register_user_captcha', 'type' => OPTION_TYPE_CHECKBOX,
90: 'order' => 5,
91: 'desc' => ($_zp_captcha->name) ? gettext('If checked, the form will include a Captcha verification.') : '<span class="notebox">' . gettext('No captcha handler is enabled.') . '</span>'),
92: );
93: if (extensionEnabled('userAddressFields')) {
94: $options[gettext('Address fields')] = array('key' => 'register_user_address_info', 'type' => OPTION_TYPE_RADIO,
95: 'order' => 4.5,
96: 'buttons' => array(gettext('Omit') => 0, gettext('Show') => 1, gettext('Require') => 'required'),
97: 'desc' => gettext('If <em>Address fields</em> are shown or required, the form will include positions for address information. If required, the user must supply data in each address field.'));
98: }
99: if ($_common_notify_handler) {
100: $options['note'] = array('key' => 'menu_truncate_note', 'type' => OPTION_TYPE_NOTE,
101: 'order' => 8,
102: 'desc' => '<p class="notebox">' . $_common_notify_handler . '</p>');
103: } else {
104: $_common_notify_handler = gettext('* The option may be set via the <a href="javascript:gotoName(\'register_user\');"><em>register_user</em></a> plugin options.');
105: $options['note'] = array('key' => 'menu_truncate_note',
106: 'type' => OPTION_TYPE_NOTE,
107: 'order' => 8,
108: 'desc' => gettext('<p class="notebox">*<strong>Note:</strong> The setting of this option is shared with other plugins.</p>'));
109: }
110: $mailinglist = $_zp_authority->getAdminEmail(ADMIN_RIGHTS);
111: if (count($mailinglist) == 0) {
112: $options[gettext('Notify*')]['disabled'] = true;
113: $options[gettext('Notify*')]['desc'] .= ' ' . gettext('Of course there must be some Administrator with an e-mail address for this option to make sense!');
114: }
115: if (class_exists('user_groups')) {
116: $admins = $_zp_authority->getAdministrators('groups');
117: $defaultrights = ALL_RIGHTS;
118: $ordered = array();
119: foreach ($admins as $key => $admin) {
120: $ordered[$admin['user']] = $admin['user'];
121: if ($admin['rights'] < $defaultrights && $admin['rights'] >= NO_RIGHTS) {
122: $nullselection = $admin['user'];
123: $defaultrights = $admin['rights'];
124: }
125: }
126: if (!empty($nullselection)) {
127: if (is_numeric(getOption('register_user_user_rights'))) {
128: setOption('register_user_user_rights', $nullselection);
129: } else {
130: setOptionDefault('register_user_user_rights', $nullselection);
131: }
132: }
133: $options[gettext('Default user group')] = array('key' => 'register_user_user_rights', 'type' => OPTION_TYPE_SELECTOR,
134: 'order' => 1,
135: 'selections' => $ordered,
136: 'desc' => gettext("Initial group assignment for the new user."));
137: } else {
138: if (is_numeric(getOption('register_user_user_rights'))) {
139: setOptionDefault('register_user_user_rights', NO_RIGHTS);
140: } else {
141: setOption('register_user_user_rights', NO_RIGHTS);
142: }
143: $options[gettext('Default rights')] = array('key' => 'register_user_user_rights', 'type' => OPTION_TYPE_CUSTOM,
144: 'order' => 2,
145: 'desc' => gettext("Initial rights for the new user. (If no rights are set, approval of the user will be required.)"));
146: }
147: return $options;
148: }
149:
150: function handleOption($option, $currentValue) {
151: global $_zp_gallery;
152: switch ($option) {
153: case 'register_user_user_rights':
154: printAdminRightsTable('register_user', '', '', getOption('register_user_user_rights'));
155: break;
156: }
157: }
158:
159: static function handleOptionSave($themename, $themealbum) {
160: if (!class_exists('user_groups')) {
161: $saved_rights = NO_RIGHTS;
162: $rightslist = sortMultiArray(Zenphoto_Authority::getRights(), array('set', 'value'));
163: foreach ($rightslist as $rightselement => $right) {
164: if (isset($_POST['register_user-' . $rightselement])) {
165: $saved_rights = $saved_rights | $_POST['register_user-' . $rightselement];
166: }
167: }
168: setOption('register_user_user_rights', $saved_rights);
169: }
170: return false;
171: }
172:
173: 174: 175: 176: 177: 178:
179: static function getUserInfo($i) {
180: $result = array();
181: if (isset($_POST[$i . '-comment_form_website']))
182: $result['website'] = sanitize($_POST[$i . '-comment_form_website'], 1);
183: if (isset($_POST[$i . '-comment_form_street']))
184: $result['street'] = sanitize($_POST[$i . '-comment_form_street'], 1);
185: if (isset($_POST[$i . '-comment_form_city']))
186: $result['city'] = sanitize($_POST[$i . '-comment_form_city'], 1);
187: if (isset($_POST[$i . '-comment_form_state']))
188: $result['state'] = sanitize($_POST[$i . '-comment_form_state'], 1);
189: if (isset($_POST[$i . '-comment_form_country']))
190: $result['country'] = sanitize($_POST[$i . '-comment_form_country'], 1);
191: if (isset($_POST[$i . '-comment_form_postal']))
192: $result['postal'] = sanitize($_POST[$i . '-comment_form_postal'], 1);
193: return $result;
194: }
195:
196: static function getLink() {
197: return zp_apply_filter('getLink', rewrite_path(_REGISTER_USER_ . '/', '/index.php?p=register'), 'register.php', NULL);
198: }
199:
200: static function post_processor() {
201: global $admin_e, $admin_n, $user, $_zp_authority, $_zp_captcha, $_zp_gallery, $_notify, $_link, $_message;
202:
203: if (isset($_POST['username']) && !empty($_POST['username'])) {
204: $_notify = 'honeypot';
205: }
206: if (getOption('register_user_captcha')) {
207: if (isset($_POST['code'])) {
208: $code = sanitize($_POST['code'], 3);
209: $code_ok = sanitize($_POST['code_h'], 3);
210: } else {
211: $code = '';
212: $code_ok = '';
213: }
214: if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
215: $_notify = 'invalidcaptcha';
216: }
217: }
218: $admin_n = trim(sanitize($_POST['admin_name']));
219: if (empty($admin_n)) {
220: $_notify = 'incomplete';
221: }
222: $user = trim(sanitize($_POST['user']));
223: if (getOption('register_user_email_is_id')) {
224: $mail_duplicate = $_zp_authority->checkUniqueMailaddress($user, $user);
225: if ($mail_duplicate) {
226: $_notify = 'exists';
227: }
228: }
229: if (isset($_POST['admin_email'])) {
230: $admin_e = trim(sanitize($_POST['admin_email']));
231: $mail_duplicate = $_zp_authority->checkUniqueMailaddress($admin_e, $user);
232: if($mail_duplicate) {
233: $_notify = 'duplicateemail';
234: }
235: } else {
236: $admin_e = $user;
237: }
238: if (!is_valid_email_zp($admin_e)) {
239: $_notify = 'invalidemail';
240: }
241: $pass = trim(sanitize($_POST['pass']));
242: if (empty($pass)) {
243: $_notify = 'empty';
244: } else if (!empty($user) && !(empty($admin_n)) && !empty($admin_e)) {
245: if (isset($_POST['disclose_password']) || $pass == trim(sanitize($_POST['pass_r']))) {
246: $currentadmin = Zenphoto_Authority::getAnAdmin(array('`user`=' => $user, '`valid`>' => 0));
247: if (is_object($currentadmin)) {
248: $_notify = 'exists';
249: }
250: if (empty($_notify)) {
251: $userobj = Zenphoto_Authority::newAdministrator('');
252: $userobj->transient = false;
253: $userobj->setUser($user);
254: $userobj->setPass($pass);
255: $userobj->setName($admin_n);
256: $userobj->setEmail($admin_e);
257: $userobj->setRights(0);
258: $userobj->setObjects(NULL);
259: $userobj->setGroup('');
260: $userobj->setCustomData('');
261: $userobj->setLanguage(getUserLocale());
262: if (extensionEnabled('userAddressFields')) {
263: $addresses = getOption('register_user_address_info');
264: $userinfo = register_user::getUserInfo(0);
265: $_comment_form_save_post = serialize($userinfo);
266: if ($addresses == 'required') {
267: if (!isset($userinfo['street']) || empty($userinfo['street'])) {
268: $userobj->transient = true;
269: $userobj->msg .= ' ' . gettext('You must supply the street field.');
270: }
271: if (!isset($userinfo['city']) || empty($userinfo['city'])) {
272: $userobj->transient = true;
273: $userobj->msg .= ' ' . gettext('You must supply the city field.');
274: }
275: if (!isset($userinfo['state']) || empty($userinfo['state'])) {
276: $userobj->transient = true;
277: $userobj->msg .= ' ' . gettext('You must supply the state field.');
278: }
279: if (!isset($userinfo['country']) || empty($userinfo['country'])) {
280: $userobj->transient = true;
281: $userobj->msg .= ' ' . gettext('You must supply the country field.');
282: }
283: if (!isset($userinfo['postal']) || empty($userinfo['postal'])) {
284: $userobj->transient = true;
285: $userobj->msg .= ' ' . gettext('You must supply the postal code field.');
286: }
287: }
288: zp_setCookie('reister_user_form_addresses', $_comment_form_save_post);
289: userAddressFields::setCustomData($userobj, $userinfo);
290: }
291:
292: zp_apply_filter('register_user_registered', $userobj);
293: if ($userobj->transient) {
294: if (empty($_notify)) {
295: $_notify = 'filter';
296: }
297: } else {
298: $userobj->save();
299: if (MOD_REWRITE) {
300: $verify = '?verify=';
301: } else {
302: $verify ='&verify=';
303: }
304: $_link = PROTOCOL . "://" . $_SERVER['HTTP_HOST'] . register_user::getLink() . $verify . bin2hex(serialize(array('user' => $user, 'email' => $admin_e)));
305: $_message = sprintf(get_language_string(getOption('register_user_text')), $_link, $admin_n, $user, $pass);
306: $_notify = zp_mail(get_language_string(gettext('Registration confirmation')), $_message, array($user => $admin_e));
307: if (empty($_notify)) {
308: $_notify = 'accepted';
309: }
310: }
311: }
312: } else {
313: $_notify = 'mismatch';
314: }
315: } else {
316: $_notify = 'incomplete';
317: }
318: }
319:
320: }
321:
322: 323: 324: 325: 326: 327:
328: function printRegistrationForm($thanks = NULL) {
329: global $admin_e, $admin_n, $user, $_zp_authority, $_zp_captcha, $_zp_gallery, $_notify, $_link, $_message;
330: require_once(SERVERPATH . '/' . ZENFOLDER . '/admin-functions.php');
331: $userobj = NULL;
332:
333: if (isset($_GET['verify'])) {
334: $currentadmins = $_zp_authority->getAdministrators();
335: $params = unserialize(pack("H*", trim(sanitize($_GET['verify']), '.')));
336:
337: unset($_GET['verify']);
338: $_link = explode('?', getRequestURI());
339: $p = array();
340: if (isset($_link[1])) {
341: $p = explode('&', $_link[1]);
342: foreach ($p as $k => $v) {
343: if (strpos($v, 'verify=') === 0) {
344: unset($p[$k]);
345: }
346: }
347: unset($p['verify']);
348: }
349: $_SERVER['REQUEST_URI'] = $_link[0];
350: if (!empty($p)) {
351: $_SERVER['REQUEST_URI'] .= '?' . implode('&', $p);
352: }
353:
354: $userobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $params['user'], '`valid`=' => 1));
355: if ($userobj && $userobj->getEmail() == $params['email']) {
356: if (!$userobj->getRights()) {
357: $userobj->setCredentials(array('registered', 'user', 'email'));
358: $rights = getOption('register_user_user_rights');
359: $group = NULL;
360: if (!is_numeric($rights)) {
361: $admin = Zenphoto_Authority::getAnAdmin(array('`user`=' => $rights, '`valid`=' => 0));
362: if ($admin) {
363: $userobj->setObjects($admin->getObjects());
364: if ($admin->getName() != 'template') {
365: $group = $rights;
366: }
367: $rights = $admin->getRights();
368: } else {
369: $rights = NO_RIGHTS;
370: }
371: }
372: $userobj->setRights($rights | NO_RIGHTS);
373: $userobj->setGroup($group);
374: zp_apply_filter('register_user_verified', $userobj);
375: if (getOption('register_user_notify')) {
376: $_notify = zp_mail(gettext('Zenphoto Gallery registration'), sprintf(gettext('%1$s (%2$s) has registered for the zenphoto gallery providing an e-mail address of %3$s.'), $userobj->getName(), $userobj->getUser(), $userobj->getEmail()));
377: }
378: if (empty($_notify)) {
379: if (getOption('register_user_create_album')) {
380: $userobj->createPrimealbum();
381: }
382: $_notify = 'verified';
383: $_POST['user'] = $userobj->getUser();
384: }
385: $userobj->save();
386: } else {
387: $_notify = 'already_verified';
388: }
389: } else {
390: $_notify = 'not_verified';
391: }
392: }
393:
394: if (isset($_GET['login'])) {
395: $_notify = 'loginfailed';
396: }
397:
398: if (zp_loggedin()) {
399: if (isset($_GET['login'])) {
400: echo '<meta http-equiv="refresh" content="1; url=' . WEBPATH . '/">';
401: } else {
402: echo '<div class="errorbox fade-message">';
403: echo '<h2>' . gettext("you are already logged in.") . '</h2>';
404: echo '</div>';
405: }
406: return;
407: }
408: if (isset($_GET['login'])) {
409: $_notify = 'loginfailed';
410: }
411: if (!empty($_notify)) {
412: switch ($_notify) {
413: case'verified':
414: if (is_null($thanks))
415: $thanks = gettext("Thank you for registering.");
416: ?>
417: <div class="Messagebox fade-message">
418: <p><?php echo $thanks; ?></p>
419: <p><?php echo gettext('You may now log onto the site and verify your personal information.'); ?></p>
420: </div>
421: <?php
422: case 'already_verified':
423: case 'loginfailed':
424: $_link = getRequestURI();
425: if (strpos($_link, '?') === false) {
426: $_SERVER['REQUEST_URI'] = $_link . '?login=true';
427: } else {
428: $_SERVER['REQUEST_URI'] = $_link . '&login=true';
429: }
430: require_once(SERVERPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/user_login-out.php');
431: printPasswordForm(NULL, true, false, WEBPATH . '/' . ZENFOLDER . '/admin-users.php?page=users');
432: $_notify = 'success';
433: break;
434: case 'honeypot':
435: case 'accepted':
436: ?>
437: <div class="Messagebox fade-message">
438: <p><?php echo gettext('Your registration information has been accepted. An email has been sent to you to verify your email address.'); ?></p>
439: </div>
440: <?php
441: if ($_notify != 'honeypot')
442: $_notify = 'success';
443: break;
444: case 'exists':
445: ?>
446: <div class="errorbox fade-message">
447: <h2><?php echo gettext("Registration failed."); ?></h2>
448: <?php
449: if(getOption('register_user_email_is_id')) {
450: $idnote = $admin_e;
451: } else {
452: $idnote = $user;
453: }
454: ?>
455: <p><?php printf(gettext('The user ID <em>%s</em> is already in use.'), $idnote); ?></p>
456: </div>
457: <?php
458: break;
459: case 'empty':
460: ?>
461: <div class="errorbox fade-message">
462: <h2><?php echo gettext("Registration failed."); ?></h2>
463: <p><?php echo gettext('Passwords may not be empty.'); ?></p>
464: </div>
465: <?php
466: break;
467: case 'mismatch':
468: ?>
469: <div class="errorbox fade-message">
470: <h2><?php echo gettext("Registration failed."); ?></h2>
471: <p><?php echo gettext('Your passwords did not match.'); ?></p>
472: </div>
473: <?php
474: break;
475: case 'incomplete':
476: ?>
477: <div class="errorbox fade-message">
478: <h2><?php echo gettext("Registration failed."); ?></h2>
479: <p><?php echo gettext('You have not filled in all the fields.'); ?></p>
480: </div>
481: <?php
482: break;
483: case 'notverified':
484: ?>
485: <div class="errorbox fade-message">
486: <h2><?php echo gettext("Registration failed."); ?></h2>
487: <p><?php echo gettext('Invalid verification link.'); ?></p>
488: </div>
489: <?php
490: break;
491: case 'invalidemail':
492: ?>
493: <div class="errorbox fade-message">
494: <h2><?php echo gettext("Registration failed."); ?></h2>
495: <p><?php echo gettext('Enter a valid email address.'); ?></p>
496: </div>
497: <?php
498: break;
499: case 'duplicateemail':
500: ?>
501: <div class="errorbox fade-message">
502: <h2><?php echo gettext("Registration failed."); ?></h2>
503: <p><?php echo gettext('The email address entered is already used.'); ?></p>
504: </div>
505: <?php
506: break;
507: case 'invalidcaptcha':
508: ?>
509: <div class="errorbox fade-message">
510: <h2><?php echo gettext("Registration failed."); ?></h2>
511: <p><?php echo gettext('The CAPTCHA you entered was not correct.'); ?></p>
512: </div>
513: <?php
514: break;
515: case 'not_verified':
516: ?>
517: <div class="errorbox fade-message">
518: <h2><?php echo gettext("Verification failed."); ?></h2>
519: <p><?php echo gettext('Your registration request could not be completed.'); ?></p>
520: </div>
521: <?php
522: break;
523: case 'filter':
524: ?>
525: <div class="errorbox fade-message">
526: <h2><?php echo gettext("Registration failed."); ?></h2>
527: <p>
528: <?php
529: if (is_object($userobj) && !empty($userobj->msg)) {
530: echo $userobj->msg;
531: } else {
532: echo gettext('Your registration attempt failed a <code>register_user_registered</code> filter check.');
533: }
534: ?>
535: </p>
536: </div>
537: <?php
538: break;
539: default:
540: ?>
541: <div class="errorbox fade-message">
542: <h2><?php echo gettext("Registration failed."); ?></h2>
543: <p><?php echo $_notify; ?></p>
544: </div>
545: <?php
546: break;
547: }
548: }
549: if ($_notify != 'success') {
550: $form = getPlugin('register_user/register_user_form.php', true);
551: require_once($form);
552: }
553: }
554:
555: 556: 557: 558: 559: 560: 561: 562:
563: function printRegisterURL($_linktext, $prev = '', $next = '', $class = NULL) {
564: if (!zp_loggedin()) {
565: if (!is_null($class)) {
566: $class = 'class="' . $class . '"';
567: }
568: if (is_null($_linktext)) {
569: $_linktext = get_language_string(getOption('register_user_page_link'));
570: }
571: echo $prev;
572: ?>
573: <a href="<?php echo html_encode(register_user::getLink()); ?>"<?php echo $class; ?> title="<?php echo html_encode($_linktext); ?>" id="register_link"><?php echo $_linktext; ?> </a>
574: <?php
575: echo $next;
576: }
577: }
578:
579: if (isset($_POST['register_user'])) {
580: zp_register_filter('load_theme_script', 'register_user::post_processor');
581: }
582: ?>