X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Flibs%2Fuser_functions.php;h=07c71ce74169aace4be92cfbf7d6e64e03abc01d;hb=27e6b186e667c55eb097de7c4910aaa7f3465989;hp=b305181ace1ca0ac88b985075a47c5240c736fb6;hpb=4f7df133f736da124e6f7bd02008b9093f736451;p=mailer.git diff --git a/inc/libs/user_functions.php b/inc/libs/user_functions.php index b305181ace..07c71ce741 100644 --- a/inc/libs/user_functions.php +++ b/inc/libs/user_functions.php @@ -16,7 +16,7 @@ * $Author:: $ * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * - * Copyright (c) 2009 - 2012 by Mailer Developer Team * + * Copyright (c) 2009 - 2016 by Mailer Developer Team * * For more information visit: http://mxchange.org * * * * This program is free software; you can redistribute it and/or modify * @@ -199,7 +199,7 @@ function generateUserEmailLink ($email, $mod = 'admin') { } // END - if // Search for the email address - $result = SQL_QUERY_ESC("SELECT + $result = sqlQueryEscaped("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` @@ -210,16 +210,16 @@ LIMIT 1", array($email), __FUNCTION__, __LINE__); // Is there an entry? - if (SQL_NUMROWS($result) == 1) { + if (sqlNumRows($result) == 1) { // Load userid - list($userid) = SQL_FETCHROW($result); + list($userid) = sqlFetchRow($result); // Rewrite email address to contact link $email = '{%url=modules.php?module=' . $mod . '&what=user_contct&userid=' . bigintval($userid) . '%}'; } // END - if // Free memory - SQL_FREERESULT($result); + sqlFreeResult($result); // Return rewritten (?) email address return $email; @@ -241,20 +241,20 @@ function determineRandomReferralId () { $randUserid = mt_rand(0, ($totalUsers - 1)); // Look for random user - $result = SQL_QUERY_ESC("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` " . runFilterChain('user_exclusion_sql', "WHERE `status`='CONFIRMED'") . ' AND `rand_confirmed` >= {?user_min_confirmed?} ORDER BY `rand_confirmed` DESC LIMIT %s, 1', + $result = sqlQueryEscaped("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` " . runFilterChain('user_exclusion_sql', "WHERE `status`='CONFIRMED'") . ' AND `rand_confirmed` >= {?user_min_confirmed?} ORDER BY `rand_confirmed` DESC LIMIT %s, 1', array($randUserid), __FUNCTION__, __LINE__); // Is there one entry there? - if (SQL_NUMROWS($result) == 1) { + if (sqlNumRows($result) == 1) { // Use that userid as new referral id - list($refid) = SQL_FETCHROW($result); + list($refid) = sqlFetchRow($result); // Debug message /* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'refid=' . $refid . ' - choosen!'); } // END - if // Free result - SQL_FREERESULT($result); + sqlFreeResult($result); } // END - if } // END - if @@ -303,10 +303,10 @@ function doUserLogin ($userid, $passwd, $successUrl = '', $errorUrl = 'modules.p } // END - if // Debug message - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'userid=' . $userid . ',isUserDataValid()=' . intval(isUserDataValid()) . ',userStatus=' . getUserData('status') . ',errorCode=' . $errorCode . ',ext=' . $ext . ',isFound=' . intval($isFound)); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'userid=' . $userid . ',isValidUserData()=' . intval(isValidUserData()) . ',userStatus=' . getUserData('status') . ',errorCode=' . $errorCode . ',ext=' . $ext . ',isFound=' . intval($isFound)); // Is there an entry? - if (($errorCode == '0') && (isUserDataValid()) && (getUserData('status') == 'CONFIRMED') && (!empty($content['userid']))) { + if (($errorCode == '0') && (isValidUserData()) && (getUserData('status') == 'CONFIRMED') && (!empty($content['userid']))) { // Check for old MD5 passwords if ((strlen(getUserData('password')) == 32) && (md5($passwd) == getUserData('password'))) { // Just set the hash to the password from DB... :) @@ -323,7 +323,7 @@ function doUserLogin ($userid, $passwd, $successUrl = '', $errorUrl = 'modules.p // ... and update database // @TODO Make this filter working: $ADDON = runFilterChain('post_login_update', $content); - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `password`='%s' WHERE `userid`=%s AND `status`='CONFIRMED' LIMIT 1", + sqlQueryEscaped("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `password`='%s' WHERE `userid`=%s AND `status`='CONFIRMED' LIMIT 1", array($content['hash'], $userid), __FUNCTION__, __LINE__); // No login bonus by default @@ -360,9 +360,9 @@ function doUserLogin ($userid, $passwd, $successUrl = '', $errorUrl = 'modules.p //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'userid=' . $userid . ',hash=' . $content['hash'] . '(' . strlen($content['hash']) . ')'); if ((setSession('userid', $userid )) && (setSession('u_hash', encodeHashForCookie($content['hash'])))) { // Update database records - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `total_logins`=`total_logins`+1" . $add . " WHERE `userid`=%s LIMIT 1", + sqlQueryEscaped("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `total_logins`=`total_logins`+1" . $add . " WHERE `userid`=%s LIMIT 1", array($userid), __FUNCTION__, __LINE__); - if (!SQL_HASZEROAFFECTED()) { + if (!ifSqlHasZeroAffectedRows()) { // Is a success URL set? if (empty($successUrl)) { // Procedure to checking for login data @@ -387,19 +387,19 @@ function doUserLogin ($userid, $passwd, $successUrl = '', $errorUrl = 'modules.p } } elseif (isExtensionInstalledAndNewer('sql_patches', '0.6.1')) { // Update failure counter - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `login_failures`=`login_failures`+1,`last_failure`=NOW() WHERE `userid`=%s LIMIT 1", + sqlQueryEscaped("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `login_failures`=`login_failures`+1,`last_failure`=NOW() WHERE `userid`=%s LIMIT 1", array($userid), __FUNCTION__, __LINE__); // Wrong password! $errorCode = getCode('WRONG_PASS'); } - } elseif ((isUserDataValid()) && (getUserData('status') != 'CONFIRMED')) { + } elseif ((isValidUserData()) && (getUserData('status') != 'CONFIRMED')) { // Create an error code from given status $errorCode = generateErrorCodeFromUserStatus(getUserData('status')); // Set userid in session setSession('userid', getUserData('userid')); - } elseif (!isUserDataValid()) { + } elseif (!isValidUserData()) { // User id not found $errorCode = getCode('WRONG_ID'); } else { @@ -452,7 +452,7 @@ function doNewUserPassword ($email, $userid) { $newPassword = generatePassword(); // Update database - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `password`='%s' WHERE `userid`=%s LIMIT 1", + sqlQueryEscaped("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `password`='%s' WHERE `userid`=%s LIMIT 1", array( generateHash($newPassword), getUserData('userid') @@ -466,7 +466,7 @@ function doNewUserPassword ($email, $userid) { ), getUserData('userid')); // ... and send it away - sendEmail(bigintval(getUserData('userid')), '{--GUEST_NEW_PASSWORD--}', $message); + sendEmail(bigintval(getUserData('userid')), '{--GUEST_NEW_PASSWORD_SUBJECT--}', $message); // Output note to user displayMessage('{--GUEST_NEW_PASSWORD_SEND--}'); @@ -504,7 +504,7 @@ function getEpocheTimeFromUserStats ($statsType, $statsData, $userid = NULL) { } // END - if // Try to find the entry - $result = SQL_QUERY_ESC("SELECT + $result = sqlQueryEscaped("SELECT UNIX_TIMESTAMP(`inserted`) AS `inserted` FROM `{?_MYSQL_PREFIX?}_user_stats_data` @@ -520,13 +520,13 @@ LIMIT 1", ), __FUNCTION__, __LINE__); // Is the entry there? - if (SQL_NUMROWS($result) == 1) { + if (sqlNumRows($result) == 1) { // Get this stamp - $data = SQL_FETCHARRAY($result); + $data = sqlFetchArray($result); } // END - if // Free result - SQL_FREERESULT($result); + sqlFreeResult($result); // Return stamp return $data['inserted']; @@ -546,7 +546,7 @@ function insertUserStatsRecord ($userid, $statsType, $statsData) { // Does it exist? if ((!getEpocheTimeFromUserStats($statsType, $statsData, $userid)) && (!is_array($statsData))) { // Then insert it! - SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_user_stats_data` (`userid`, `stats_type`, `stats_data`) VALUES (%s,'%s','%s')", + sqlQueryEscaped("INSERT INTO `{?_MYSQL_PREFIX?}_user_stats_data` (`userid`, `stats_type`, `stats_data`) VALUES (%s,'%s','%s')", array( bigintval($userid), $statsType, @@ -554,7 +554,7 @@ function insertUserStatsRecord ($userid, $statsType, $statsData) { ), __FUNCTION__, __LINE__); // Does it have worked? - $return = (!SQL_HASZEROAFFECTED()); + $return = (!ifSqlHasZeroAffectedRows()); } elseif (is_array($statsData)) { // Invalid data! logDebugMessage(__FUNCTION__, __LINE__, 'userid=' . $userid . ',type=' . $statsType . ',data=' . gettype($statsData) . ': Invalid statistics data type!'); @@ -576,23 +576,50 @@ function doConfirmUserAccount ($hash) { $userid = NULL; // Search for an unconfirmed or confirmed account - $result = SQL_QUERY_ESC("SELECT `userid`, `refid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `user_hash`='%s' AND (`status`='UNCONFIRMED' OR `status`='CONFIRMED') LIMIT 1", + $result = sqlQueryEscaped("SELECT `userid`, `refid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `user_hash`='%s' AND (`status`='UNCONFIRMED' OR `status`='CONFIRMED') LIMIT 1", array($hash), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) { - // Ok, he want's to confirm now so we load some data - list($userid, $refid) = SQL_FETCHROW($result); - - // Fetch user data - if (!fetchUserData($userid)) { - // Not found, should not happen - reportBug(__FILE__, __LINE__, 'User account ' . $userid . ' not found.'); - } // END - if - // Load all data and add points - $content = getUserDataArray(); + // One result should be found + if (ifSqlHasZeroNumRows($result)) { + // Nothing found or tried to confirm twice? + displayMessage('{--GUEST_CONFIRMED_TWICE--}'); + return; + } // END - if + + // Okay, the user want's to confirm now so we load some data + list($userid, $refid) = sqlFetchRow($result); + // Fetch user data + if (!fetchUserData($userid)) { + // Not found, should not happen + reportBug(__FILE__, __LINE__, 'User account ' . $userid . ' not found.'); + } // END - if + + // Load all data and add points + $content = merge_array($content, getUserDataArray()); + + // Is 'user' updated? + if (isExtensionInstalledAndNewer('user', '0.6.3')) { + // Unlock his account (but only when it is on UNCONFIRMED!) + sqlQueryEscaped("UPDATE + `{?_MYSQL_PREFIX?}_user_data` +SET + `status`='CONFIRMED', + `user_hash`=NULL, + `confirmed_timestamp`=NOW(), + `confirmed_ip_address`='%s' +WHERE + `user_hash`='%s' AND + `status`='UNCONFIRMED' +LIMIT 1", + array( + determineRealRemoteAddress(), + $hash + ), __FILE__, __LINE__ + ); + } else { // Unlock his account (but only when it is on UNCONFIRMED!) - SQL_QUERY_ESC("UPDATE + sqlQueryEscaped("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `status`='CONFIRMED', @@ -601,68 +628,65 @@ WHERE `user_hash`='%s' AND `status`='UNCONFIRMED' LIMIT 1", - array($hash), __FILE__, __LINE__); - - // Was it updated? - if (!SQL_HASZEROAFFECTED()) { - // Send email if updated - $message = loadEmailTemplate('guest_user_confirmed', $content, bigintval($userid)); - - // And send him right away the confirmation mail - sendEmail($userid, '{--GUEST_THANX_CONFIRM--}', $message); - - // Maybe he got "referraled"? - if ((isValidId($refid)) && ($refid != $userid)) { - // Select the referral userid - if (fetchUserData($refid)) { - // Update ref counter... - updateReferralCounter($refid); - - // If version matches add ref bonus to refid's account - if ((isExtensionInstalledAndNewer('bonus', '0.4.4')) && (isBonusRallyeActive())) { - // Add points (directly only!) - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `bonus_ref`=`bonus_ref`+{?bonus_ref?} WHERE `userid`=%s LIMIT 1", - array(bigintval($refid)), __FILE__, __LINE__); - - // Subtract points from system - handleBonusPoints(getBonusRef(), $refid); - } // END - if + array( + $hash + ), __FILE__, __LINE__ + ); + } - // Add one-time referral bonus over referral system or directly - initReferralSystem(); - addPointsThroughReferralSystem('referral_bonus', $refid, getPointsRef(), bigintval($userid)); - } // END - if - } // END - if + // Was it updated? + if (ifSqlHasZeroAffectedRows()) { + // Nobody was found unter this hash key... or our new member want's to confirm twice? + displayMessage('{--GUEST_CONFIRMED_TWICE--}'); + return; + } // END - if + + // Load email template + $message = loadEmailTemplate('guest_user_confirmed', $content, bigintval($userid)); + + // And send him right away the confirmation mail + sendEmail($userid, '{--GUEST_THANX_CONFIRM--}', $message); - if (isExtensionActive('rallye')) { - // Add user to rallye (or not?) - addUserToReferralRallye(bigintval($userid)); + // Maybe he got "referraled"? + if ((isValidId($refid)) && ($refid != $userid)) { + // Select the referral userid + if (fetchUserData($refid)) { + // Update ref counter... + updateReferralCounter($refid); + + // If version matches add ref bonus to refid's account + if ((isExtensionInstalledAndNewer('bonus', '0.4.4')) && (isBonusRallyeActive())) { + // Add points (directly only!) + sqlQueryEscaped("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `bonus_ref`=`bonus_ref`+{?bonus_ref?} WHERE `userid`=%s LIMIT 1", + array(bigintval($refid)), __FILE__, __LINE__); + + // Subtract points from system + handleBonusPoints(getBonusRef(), $refid); } // END - if - // Account confirmed! - if (isExtensionActive('lead')) { - // Set special lead cookie - setSession('lead_userid', bigintval($userid)); + // Add one-time referral bonus over referral system or directly + initReferralSystem(); + addPointsThroughReferralSystem('referral_bonus', $refid, getPointsRef(), bigintval($userid)); + } // END - if + } // END - if + + // @TODO Rewrite this to 2 filters as a possible redirect must always come last + if (isExtensionActive('rallye')) { + // Add user to rallye (or not?) + addUserToReferralRallye(bigintval($userid)); + } // END - if - // Lead-Code mode enabled - redirectToUrl('lead-confirm.php'); - } else { - $content['message'] = '{--GUEST_CONFIRMED_DONE--}'; - $content['userid'] = bigintval($userid); - } - } elseif (isExtensionActive('lead')) { - // Set special lead cookie - setSession('lead_userid', bigintval($userid)); + // Account confirmed! + if (isExtensionActive('lead')) { + // Set special lead cookie + setSession('lead_userid', bigintval($userid)); - // Lead-Code mode enabled - redirectToUrl('lead-confirm.php'); - } else { - // Nobody was found unter this hash key... or our new member want's to confirm twice? - $content['message'] = '{--GUEST_CONFIRMED_TWICE--}'; - } + // Lead-Code mode enabled + redirectToUrl('lead-confirm.php'); } else { - // Nobody was found unter this hash key... or our new member want's to confirm twice? - $content['message'] = '{--GUEST_CONFIRMED_TWICE--}'; + // Regular confirmation + $content['message'] = '{--GUEST_CONFIRMED_DONE--}'; + $content['userid'] = bigintval($userid); } // Load template @@ -682,7 +706,7 @@ function doResendUserConfirmationLink ($email) { // Is the account unconfirmed? if ($content['status'] == 'UNCONFIRMED') { // Load email template - $message = loadEmailTemplate('guest_request_confirm', array(), $content['userid']); + $message = loadEmailTemplate('guest_request_confirm', [], $content['userid']); // Send email sendEmail($content['userid'], '{--GUEST_REQUEST_CONFIRM_LINK_SUBJECT--}', $message); @@ -875,8 +899,8 @@ function isUserSubIdAssignedToMember ($subId, $userid = NULL) { 'user_subids', 'id', 'userid', - true, - sprintf(" AND `id`=%s", bigintval($subId)) + TRUE, + sprintf(' AND `id`=%s', bigintval($subId)) ) == 1 ) ); @@ -891,17 +915,17 @@ function getSubId ($id) { // Is there cache? if (!isset($GLOBALS[__FUNCTION__][$id])) { // Check database for record - $result = SQL_QUERY_ESC("SELECT `subid` FROM `{?_MYSQL_PREFIX?}_user_subids` WHERE `id`=%s LIMIT 1", + $result = sqlQueryEscaped("SELECT `subid` FROM `{?_MYSQL_PREFIX?}_user_subids` WHERE `id`=%s LIMIT 1", array(bigintval($id)), __FUNCTION__, __LINE__); // Is there an entry? - if (SQL_NUMROWS($result) == 1) { + if (sqlNumRows($result) == 1) { // Load it - list($GLOBALS[__FUNCTION__][$id]) = SQL_FETCHROW($result); + list($GLOBALS[__FUNCTION__][$id]) = sqlFetchRow($result); } // END - if // Free result - SQL_FREERESULT($result); + sqlFreeResult($result); } // END - if // Return cache @@ -923,6 +947,74 @@ function getTotalMemberSubIds () { return $GLOBALS[__FUNCTION__]; } +// Displays generic user registration form +function doDisplayGenericUserRegistrationForm () { + // Do this only if form is sent + if (isFormSent()) { + if (postRequestElement('agree') == '!') { + registerOutputFailedMessage('HAVE_TO_AGREE'); + } // END - if + + if (postRequestElement('email') == '!') { + registerOutputFailedMessage('ENTER_EMAIL'); + setPostRequestElement('email', ''); + } elseif (postRequestElement('email') == '?') { + registerOutputFailedMessage('GUEST_EMAIL_IS_ALREADY_REGISTERED'); + setPostRequestElement('email', ''); + } + + if (postRequestElement('surname') == '!') { + registerOutputFailedMessage('ENTER_SURNAME'); + setPostRequestElement('surname', ''); + } // END - if + + if (postRequestElement('family') == '!') { + registerOutputFailedMessage('ENTER_FAMILY'); + setPostRequestElement('family', ''); + } // END - if + + if ((postRequestElement('password1') == '!') && (postRequestElement('password2') == '!')) { + registerOutputFailedMessage('ENTER_BOTH_PASSWORDS'); + } elseif (postRequestElement('password1') == '!') { + registerOutputFailedMessage('ENTER_PASSWORD1'); + } elseif (postRequestElement('password2') == '!') { + registerOutputFailedMessage('ENTER_PASSWORD2'); + } + + if ((isset($GLOBALS['registration_weak_password'])) && ($GLOBALS['registration_weak_password'] === TRUE)) { + registerOutputFailedMessage('GUEST_WEAK_PASSWORD'); + } // END - if + + if ((isset($GLOBALS['registration_ip_timeout'])) && ($GLOBALS['registration_ip_timeout'] === TRUE)) { + registerOutputFailedMessage('REMOTE_ADDR_TIMEOUT'); + } // END - if + + if ((!empty($GLOBALS['registration_selected_cats'])) && ($GLOBALS['registration_selected_cats'] < getLeastCats())) { + registerOutputFailedMessage('', '{--CHOOSE_MORE_CATEGORIES--}'); + } // END - if + } // END - if + + // Generate birthday selection + $content['birthday_selection'] = generateDayMonthYearSelectionBox(postRequestElement('day'),postRequestElement('month'),postRequestElement('year')); + + // ZIP codes are numerical values + $content['zip'] = ''; + if ((isPostRequestElementSet('zip')) && (isValidNumber(postRequestElement('zip')))) { + $content['zip'] = bigintval(postRequestElement('zip')); + } // END - if + + // Other values + foreach (array('gender', 'surname', 'family', 'street_nr', 'city', 'email') as $entry) { + $content[$entry] = sqlEscapeString(postRequestElement($entry)); + } // END - foreach + + // Set must-fillout fields + $content = runFilterChain('register_must_fillout', $content); + + // Display registration form + loadTemplate('guest_register', FALSE, $content); +} + //----------------------------------------------------------------------------- // EL code functions //----------------------------------------------------------------------------- @@ -948,7 +1040,7 @@ function doExpressionUser ($data) { // Fix all together $functionName = "getFetchedUserData('userid', " . $data['matches'][4][$data['key']] . ", '" . $data['callback'] . "')"; } - } elseif ((!empty($data['callback'])) && (isUserDataValid())) { + } elseif ((!empty($data['callback'])) && (isValidUserData())) { // "Call-back" alias column for current logged in user's data $functionName = "getUserData('" . $data['callback'] . "')"; }