From 11dea7bfe10a659183665aaa0a6cf08b5da66783 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Sat, 19 Sep 2009 23:34:17 +0000 Subject: [PATCH] Possible fix and rewrite for ticket #128 --- inc/modules/guest/what-register.php | 80 +++++++++++++++-------------- 1 file changed, 41 insertions(+), 39 deletions(-) diff --git a/inc/modules/guest/what-register.php b/inc/modules/guest/what-register.php index 2400030566..5b37fad630 100644 --- a/inc/modules/guest/what-register.php +++ b/inc/modules/guest/what-register.php @@ -51,7 +51,10 @@ ADD_DESCR('guest', __FILE__); global $DATA; // Initialize variables -$isFailed = false; $SHORT_PASS = false; $cats = 0; $IP_TIMEOUT = false; +$isFailed = false; +$shortPass = false; +$cats = 0; +$ipTimedOut = false; if (!isFormSent()) REQUEST_UNSET_POST('ok'); @@ -133,7 +136,7 @@ if (isFormSent()) { // Is the password long enouth? if ((strlen(REQUEST_POST('pass1')) < getConfig('pass_len')) && ($isFailed === false)) { - $SHORT_PASS = true; + $shortPass = true; $isFailed = true; } // END - if @@ -167,7 +170,7 @@ if (isFormSent()) { if (SQL_NUMROWS($result) == 1) { // Same IP in timeout range and different email address entered... Eat this, faker! ;-) // But admins are allowed to fake their own exchange service. - $IP_TIMEOUT = true; + $ipTimedOut = true; $isFailed = true; } // END - if } // END - if @@ -183,18 +186,19 @@ if ((isFormSent()) && (($isFailed === false) || (IS_ADMIN()))) { // Get total ... // ... confirmed, ... - $confirmedUsers = GET_TOTAL_DATA('CONFIRMED', 'user_data', 'userid', 'status', true); + $confirmedUsers = GET_TOTAL_DATA('CONFIRMED' , 'user_data', 'userid', 'status', true); // ... unconfirmed ... $unconfirmedUsers = GET_TOTAL_DATA('UNCONFIRMED', 'user_data', 'userid', 'status', true); // ... and locked users! - $lockedUsers = GET_TOTAL_DATA('LOCKED', 'user_data', 'userid', 'status', true); + $lockedUsers = GET_TOTAL_DATA('LOCKED' , 'user_data', 'userid', 'status', true); // Generate hash which will be inserted into confirmation mail - $hash = generateHash(sha1($confirmedUsers.getConfig('ENCRYPT_SEPERATOR').$unconfirmedUsers.getConfig('ENCRYPT_SEPERATOR').$lockedUsers.getConfig('ENCRYPT_SEPERATOR').REQUEST_POST('month') . '-'.REQUEST_POST('day') . '-'.REQUEST_POST('year').getConfig('ENCRYPT_SEPERATOR').getenv('SERVER_NAME').getConfig('ENCRYPT_SEPERATOR').detectRemoteAddr().getConfig('ENCRYPT_SEPERATOR').detectUserAgent().'/'.getConfig('SITE_KEY') . '/'.getConfig('DATE_KEY') . '/'.constant('RAND_NUMBER'))); + $hash = generateHash(sha1($confirmedUsers.getConfig('ENCRYPT_SEPERATOR').$unconfirmedUsers.getConfig('ENCRYPT_SEPERATOR').$lockedUsers.getConfig('ENCRYPT_SEPERATOR').REQUEST_POST('month') . '-'.REQUEST_POST('day') . '-'.REQUEST_POST('year').getConfig('ENCRYPT_SEPERATOR').getenv('SERVER_NAME').getConfig('ENCRYPT_SEPERATOR').detectRemoteAddr().getConfig('ENCRYPT_SEPERATOR').detectUserAgent() . '/' . getConfig('SITE_KEY') . '/' . getConfig('DATE_KEY') . '/'. constant('RAND_NUMBER'))); // Add design when extension sql_patches is v0.2.7 or greater // @TODO Rewrite these all to a single filter - $ADD1 = ''; $ADD2 = ''; + $ADD1 = ''; + $ADD2 = ''; if (GET_EXT_VERSION('theme') >= '0.0.8') { // Okay, add design here $ADD1 = ", `curr_theme`"; @@ -239,24 +243,24 @@ if ((isFormSent()) && (($isFailed === false) || (IS_ADMIN()))) { SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_data` (gender, surname, family, street_nr,%s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.") VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONFIRMED','%s','%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")", array( - $countryRow, - substr(REQUEST_POST('gender'), 0, 1), - REQUEST_POST('surname'), - REQUEST_POST('family'), - REQUEST_POST('street_nr'), - $countryData, - bigintval(REQUEST_POST('zip')), - REQUEST_POST('city'), - REQUEST_POST('addy'), - bigintval(REQUEST_POST('day')), - bigintval(REQUEST_POST('month')), - bigintval(REQUEST_POST('year')), - generateHash(REQUEST_POST('pass1')), - bigintval(REQUEST_POST('max_mails')), - bigintval(REQUEST_POST('max_mails')), - bigintval(REQUEST_POST('refid')), - $hash, - detectRemoteAddr(), + $countryRow, + substr(REQUEST_POST('gender'), 0, 1), + REQUEST_POST('surname'), + REQUEST_POST('family'), + REQUEST_POST('street_nr'), + $countryData, + bigintval(REQUEST_POST('zip')), + REQUEST_POST('city'), + REQUEST_POST('addy'), + bigintval(REQUEST_POST('day')), + bigintval(REQUEST_POST('month')), + bigintval(REQUEST_POST('year')), + generateHash(REQUEST_POST('pass1')), + bigintval(REQUEST_POST('max_mails')), + bigintval(REQUEST_POST('max_mails')), + bigintval(REQUEST_POST('refid')), + $hash, + detectRemoteAddr(), ), __FILE__, __LINE__); // Get his userid @@ -347,24 +351,23 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF } // Continue with birthday... - switch (getLanguage()) - { + switch (getLanguage()) { case 'de': - $DATA['birthday'] = bigintval(REQUEST_POST('day')).'.'.bigintval(REQUEST_POST('month')).'.'.bigintval(REQUEST_POST('year')); + $DATA['birthday'] = bigintval(REQUEST_POST('day')) . '.' . bigintval(REQUEST_POST('month')) . '.' . bigintval(REQUEST_POST('year')); break; default: - $DATA['birthday'] = bigintval(REQUEST_POST('month')).'/'.bigintval(REQUEST_POST('day')).'/'.bigintval(REQUEST_POST('year')); + $DATA['birthday'] = bigintval(REQUEST_POST('month')) . '/' . bigintval(REQUEST_POST('day')) . '/' . bigintval(REQUEST_POST('year')); break; - } + } // END - switch // Display information to the user that he got mail and send it away - $msg_guest = LOAD_EMAIL_TEMPLATE('register-member', $DATA, $userid); + $messageGuest = LOAD_EMAIL_TEMPLATE('register-member', $DATA, $userid); // Send mail to user (confirmation link!) - $EMAIL = $DATA['email']; - sendEmail ($DATA['email'], getMessage('GUEST_CONFIRM_LINK'), $msg_guest); - $DATA['email'] = $EMAIL; + $email = $DATA['email']; + sendEmail($DATA['email'], getMessage('GUEST_CONFIRM_LINK'), $messageGuest); + $DATA['email'] = $email; // Send mail to admin sendAdminNotification(getMessage('ADMIN_NEW_ACCOUNT'), 'register-admin', $DATA, $userid); @@ -402,11 +405,11 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF registerOutputFailedMessage('ENTER_PASS2'); } - if ($SHORT_PASS === true) { + if ($shortPass === true) { registerOutputFailedMessage('SHORT_PASS', ": ".getConfig('pass_len')); } // END - if - if ($IP_TIMEOUT === true) { + if ($ipTimedOut === true) { registerOutputFailedMessage('REMOTE_ADDR_TIMEOUT'); } // END - if @@ -415,8 +418,7 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF } // END - if // Generate birthday selection - switch (getLanguage()) - { + switch (getLanguage()) { case 'de': // German date format define('BIRTHDAY_SELECTION', ADD_SELECTION('day', REQUEST_POST('day')).ADD_SELECTION('month', REQUEST_POST('month')).ADD_SELECTION('year', REQUEST_POST('year'))); break; @@ -464,7 +466,7 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF if (EXT_IS_ACTIVE('country')) { // New variant, good! $OUT = ""; -- 2.39.5