data['user_id'] != ANONYMOUS) && (!isset($_GET['key'])) )
{
header('Location: settings.php' . $SID);
}
parent::eqdkp_admin();
// Data to be put into the form
// If it's not in POST, we get it from config defaults
$this->data = array(
'username' => post_or_db('username'),
'user_email' => post_or_db('user_email'),
'user_alimit' => post_or_db('user_alimit', $eqdkp->config, 'default_alimit'),
'user_elimit' => post_or_db('user_elimit', $eqdkp->config, 'default_elimit'),
'user_ilimit' => post_or_db('user_ilimit', $eqdkp->config, 'default_ilimit'),
'user_nlimit' => post_or_db('user_nlimit', $eqdkp->config, 'default_nlimit'),
'user_rlimit' => post_or_db('user_rlimit', $eqdkp->config, 'default_rlimit'),
'user_lang' => post_or_db('user_lang', $eqdkp->config, 'default_lang'),
'user_style' => post_or_db('user_style', $eqdkp->config, 'default_style')
);
$this->assoc_buttons(array(
'submit' => array(
'name' => 'submit',
'process' => 'process_submit'),
'form' => array(
'name' => '',
'process' => 'display_form'))
);
$this->assoc_params(array(
'lostpassword' => array(
'name' => 'mode',
'value' => 'lostpassword',
'process' => 'process_lostpassword'),
'activate' => array(
'name' => 'mode',
'value' => 'activate',
'process' => 'process_activate'))
);
// Build the server URL
// ---------------------------------------------------------
$script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($eqdkp->config['server_path']));
$script_name = ( $script_name != '' ) ? $script_name . '/register.php' : 'register.php';
$server_name = trim($eqdkp->config['server_name']);
$server_port = ( intval($eqdkp->config['server_port']) != 80 ) ? ':' . trim($eqdkp->config['server_port']) . '/' : '/';
$this->server_url = 'http://' . $server_name . $server_port . $script_name;
}
function error_check()
{
global $db, $user;
if ( isset($_POST['submit']) )
{
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . "
WHERE username='" . $_POST['username'] . "'";
if ( $db->num_rows($db->query($sql)) > 0 )
{
$this->fv->errors['username'] = $user->lang['fv_already_registered_username'];
}
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . "
WHERE user_email='" . $_POST['user_email'] . "'";
if ( $db->num_rows($db->query($sql)) > 0 )
{
$this->fv->errors['user_email'] = $user->lang['fv_already_registered_email'];
}
$this->fv->matching_passwords('user_password1', 'user_password2', $user->lang['fv_match_password']);
$this->fv->is_number(array(
'user_alimit' => $user->lang['fv_number'],
'user_elimit' => $user->lang['fv_number'],
'user_ilimit' => $user->lang['fv_number'],
'user_nlimit' => $user->lang['fv_number'],
'user_rlimit' => $user->lang['fv_number'])
);
$this->fv->is_email_address('user_email', $user->lang['fv_invalid_email']);
$this->fv->is_filled(array(
'username' => $user->lang['fv_required_user'],
'user_email' => $user->lang['fv_required_email'],
'user_password1' => $user->lang['fv_required_password'],
'user_password2' => '')
);
}
return $this->fv->is_error();
}
// ---------------------------------------------------------
// Process Submit
// ---------------------------------------------------------
function process_submit()
{
global $db, $eqdkp, $user, $tpl, $pm;
global $SID;
// If the config requires account activation, generate a random key for validation
if ( ($eqdkp->config['account_activation'] == USER_ACTIVATION_SELF) || ($eqdkp->config['account_activation'] == USER_ACTIVATION_ADMIN) )
{
$user_key = $this->random_string(true);
$key_len = 54 - (strlen($this->server_url));
$key_len = ($key_len > 6) ? $key_len : 6;
$user_key = substr($user_key, 0, $key_len);
$user_active = 0;
if ($user->data['user_id'] != ANONYMOUS)
{
$user->destroy();
}
}
else
{
$user_key = '';
$user_active = '1';
}
// Insert them into the users table
$query = $db->build_query('INSERT', array(
'username' => $_POST['username'],
'user_password' => md5($_POST['user_password1']),
'user_email' => $_POST['user_email'],
'user_alimit' => $_POST['user_alimit'],
'user_elimit' => $_POST['user_elimit'],
'user_ilimit' => $_POST['user_ilimit'],
'user_nlimit' => $_POST['user_nlimit'],
'user_rlimit' => $_POST['user_rlimit'],
'user_style' => $_POST['user_style'],
'user_lang' => $_POST['user_lang'],
'user_key' => $user_key,
'user_active' => $user_active,
'user_lastvisit' => $this->time)
);
$sql = 'INSERT INTO ' . USERS_TABLE . $query;
if ( !($db->query($sql)) )
{
message_die('Could not add user information', '', __FILE__, __LINE__, $sql);
}
$user_id = $db->insert_id();
// Insert their permissions into the table
$sql = 'SELECT auth_id, auth_default
FROM ' . AUTH_OPTIONS_TABLE . '
ORDER BY auth_id';
$result = $db->query($sql);
while ( $row = $db->fetch_record($result) )
{
$au_sql = 'INSERT INTO ' . AUTH_USERS_TABLE . "
(user_id, auth_id, auth_setting)
VALUES ('" . $user_id . "','" . $row['auth_id'] . "','" . $row['auth_default'] . "')";
$db->query($au_sql);
}
if ($eqdkp->config['account_activation'] == USER_ACTIVATION_SELF)
{
$success_message = sprintf($user->lang['register_activation_self'], stripslashes($_POST['user_email']));
$email_template = 'register_activation_self';
}
elseif ($eqdkp->config['account_activation'] == USER_ACTIVATION_ADMIN)
{
$success_message = sprintf($user->lang['register_activation_admin'], stripslashes($_POST['user_email']));
$email_template = 'register_activation_admin';
}
else
{
$success_message = sprintf($user->lang['register_activation_none'], '', '', stripslashes($_POST['user_email']));
$email_template = 'register_activation_none';
}
//
// Email a notice
//
include_once($eqdkp->root_path . 'includes/class_email.php');
$email = new EMail;
$headers = "From: " . $eqdkp->config['admin_email'] . "\nReturn-Path: " . $eqdkp->config['admin_email'] . "\r\n";
$email->set_template($email_template, stripslashes($_POST['user_lang']));
$email->address(stripslashes($_POST['user_email']));
$email->subject(); // Grabbed from the template itself
$email->extra_headers($headers);
$email->assign_vars(array(
'GUILDTAG' => $eqdkp->config['guildtag'],
'DKP_NAME' => $eqdkp->config['dkp_name'],
'USERNAME' => stripslashes($_POST['username']),
'PASSWORD' => stripslashes($_POST['user_password1']),
'U_ACTIVATE' => $this->server_url . '?mode=activate&key=' . $user_key)
);
$email->send();
$email->reset();
// Now email the admin if we need to
if ( $eqdkp->config['account_activation'] == USER_ACTIVATION_ADMIN )
{
$email->set_template('register_activation_admin_activate', $eqdkp->config['default_lang']);
$email->address($eqdkp->config['admin_email']);
$email->subject();
$email->extra_headers($headers);
$email->assign_vars(array(
'GUILDTAG' => $eqdkp->config['guildtag'],
'DKP_NAME' => $eqdkp->config['dkp_name'],
'USERNAME' => stripslashes($_POST['username']),
'U_ACTIVATE' => $this->server_url . '?mode=activate&key=' . $user_key)
);
$email->send();
$email->reset();
}
message_die($success_message);
}
// ---------------------------------------------------------
// Process Lost Password
// ---------------------------------------------------------
function process_lostpassword()
{
global $db, $eqdkp, $user, $tpl, $pm;
global $SID;
$username = ( !empty($_POST['username']) ) ? trim(strip_tags($_POST['username'])) : '';
$user_email = ( !empty($_POST['user_email']) ) ? trim(strip_tags($_POST['user_email'])) : '';
//
// Look up record based on the username and e-mail
//
$sql = 'SELECT user_id, username, user_email, user_active, user_lang
FROM ' . USERS_TABLE . "
WHERE user_email='" . $user_email . "'
AND username='" . $username . "'";
if ( $result = $db->query($sql) )
{
if ( $row = $db->fetch_record($result) )
{
// Account's inactive, can't give them their password
if ( !$row['user_active'] )
{
message_die($user->lang['error_account_inactive']);
}
$username = $row['username'];
// Create a new activation key
$user_key = $this->random_string(true);
$key_len = 54 - (strlen($this->server_url));
$key_len = ($key_len > 6) ? $key_len : 6;
$user_key = substr($user_key, 0, $key_len);
$user_password = $this->random_string(false);
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_newpassword='" . md5($user_password) . "', user_key='" . $user_key . "'
WHERE user_id='" . $row['user_id'] . "'";
if ( !$db->query($sql) )
{
message_die('Could not update password information', '', __FILE__, __LINE__, $sql);
}
//
// Email them their new password
//
include_once($eqdkp->root_path . 'includes/class_email.php');
$email = new EMail;
$headers = "From: " . $eqdkp->config['admin_email'] . "\nReturn-Path: " . $eqdkp->config['admin_email'] . "\r\n";
$email->set_template('user_new_password', $row['user_lang']);
$email->address($row['user_email']);
$email->subject();
$email->extra_headers($headers);
$email->assign_vars(array(
'GUILDTAG' => $eqdkp->config['guildtag'],
'DKP_NAME' => $eqdkp->config['dkp_name'],
'USERNAME' => $row['username'],
'DATETIME' => date('m/d/y h:ia T', time()),
'IPADDRESS' => $user->ip_address,
'U_ACTIVATE' => $this->server_url . '?mode=activate&key=' . $user_key,
'USERNAME' => $row['username'],
'PASSWORD' => $user_password)
);
$email->send();
$email->reset();
message_die($user->lang['password_sent']);
}
else
{
message_die($user->lang['error_invalid_email']);
}
}
else
{
message_die('Could not obtain user information', '', __FILE__, __LINE__, $sql);
}
}
// ---------------------------------------------------------
// Process Activate
// ---------------------------------------------------------
function process_activate()
{
global $db, $eqdkp, $user, $tpl, $pm;
global $SID;
$sql = 'SELECT user_id, username, user_active, user_email, user_newpassword, user_lang, user_key
FROM ' . USERS_TABLE . "
WHERE user_key='" . $_GET['key'] . "'";
if ( !($result = $db->query($sql)) )
{
message_die('Could not obtain user information', '', __FILE__, __LINE__, $sql);
}
if ( $row = $db->fetch_record($result) )
{
// If they're already active, just bump them back
if ( ($row['user_active'] == '1') && ($row['user_key'] == '') )
{
message_die($user->lang['error_already_activated']);
}
else
{
// Update the password if we need to
$sql_password = ( !empty($row['user_newpassword']) ) ? ", user_password='" . $row['user_newpassword'] . "', user_newpassword=''" : '';
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_active='1', user_key=''" . $sql_password . "
WHERE user_id='" . $row['user_id'] . "'";
$db->query($sql);
// E-mail the user if this was activated by the admin
if ( $eqdkp->config['account_activation'] == USER_ACTIVATION_ADMIN )
{
include_once($eqdkp->root_path . 'includes/class_email.php');
$email = new EMail;
$headers = "From: " . $eqdkp->config['admin_email'] . "\nReturn-Path: " . $eqdkp->config['admin_email'] . "\r\n";
$email->set_template('register_activation_none', $row['user_lang']);
$email->address($row['user_email']);
$email->subject();
$email->extra_headers($headers);
$email->assign_vars(array(
'GUILDTAG' => $eqdkp->config['guildtag'],
'DKP_NAME' => $eqdkp->config['dkp_name'],
'USERNAME' => $row['username'],
'PASSWORD' => '(encrypted)')
);
$email->send();
$email->reset();
$success_message = $user->lang['account_activated_admin'];
}
else
{
$tpl->assign_vars(array(
'META' => '')
);
$success_message = sprintf($user->lang['account_activated_user'], '', '');
}
message_die($success_message);
}
}
else
{
message_die($user->lang['error_invalid_key']);
}
}
// ---------------------------------------------------------
// Process helper methods
// ---------------------------------------------------------
function random_string($hash = false)
{
$chars = array('a','A','b','B','c','C','d','D','e','E','f','F','g','G','h','H','i','I','j','J',
'k','K','l','L','m','M','n','N','o','O','p','P','q','Q','r','R','s','S','t','T',
'u','U','v','V','w','W','x','X','y','Y','z','Z','1','2','3','4','5','6','7','8',
'9','0');
$max_chars = count($chars) - 1;
srand( (double) microtime()*1000000);
$rand_str = '';
for($i = 0; $i < 8; $i++)
{
$rand_str = ( $i == 0 ) ? $chars[rand(0, $max_chars)] : $rand_str . $chars[rand(0, $max_chars)];
}
return ( $hash ) ? md5($rand_str) : $rand_str;
}
// ---------------------------------------------------------
// Display form
// ---------------------------------------------------------
function display_form()
{
global $db, $eqdkp, $user, $tpl, $pm;
global $SID;
$tpl->assign_vars(array(
'F_SETTINGS' => 'register.php' . $SID,
'S_CURRENT_PASSWORD' => false,
'S_NEW_PASSWORD' => false,
'S_SETTING_ADMIN' => false,
'S_MU_TABLE' => false,
'L_REGISTRATION_INFORMATION' => $user->lang['registration_information'],
'L_REQUIRED_FIELD_NOTE' => $user->lang['required_field_note'],
'L_USERNAME' => $user->lang['username'],
'L_EMAIL_ADDRESS' => $user->lang['email_address'],
'L_PASSWORD' => $user->lang['password'],
'L_CONFIRM_PASSWORD' => $user->lang['confirm_password'],
'L_PREFERENCES' => $user->lang['preferences'],
'L_ADJUSTMENTS_PER_PAGE' => $user->lang['adjustments_per_page'],
'L_EVENTS_PER_PAGE' => $user->lang['events_per_page'],
'L_ITEMS_PER_PAGE' => $user->lang['items_per_page'],
'L_NEWS_PER_PAGE' => $user->lang['news_per_page'],
'L_RAIDS_PER_PAGE' => $user->lang['raids_per_page'],
'L_LANGUAGE' => $user->lang['language'],
'L_STYLE' => $user->lang['style'],
'L_PREVIEW' => $user->lang['preview'],
'L_SUBMIT' => $user->lang['submit'],
'L_RESET' => $user->lang['reset'],
'USERNAME' => $this->data['username'],
'USER_EMAIL' => $this->data['user_email'],
'USER_ALIMIT' => $this->data['user_alimit'],
'USER_ELIMIT' => $this->data['user_elimit'],
'USER_ILIMIT' => $this->data['user_ilimit'],
'USER_NLIMIT' => $this->data['user_nlimit'],
'USER_RLIMIT' => $this->data['user_rlimit'],
'FV_USERNAME' => $this->fv->generate_error('username'),
'FV_USER_PASSWORD' => $this->fv->generate_error('user_password1'),
'FV_USER_EMAIL' => $this->fv->generate_error('user_email'),
'FV_USER_ALIMIT' => $this->fv->generate_error('user_alimit'),
'FV_USER_ELIMIT' => $this->fv->generate_error('user_elimit'),
'FV_USER_ILIMIT' => $this->fv->generate_error('user_ilimit'),
'FV_USER_NLIMIT' => $this->fv->generate_error('user_nlimit'),
'FV_USER_RLIMIT' => $this->fv->generate_error('user_rlimit'))
);
//
// Build language drop-down
//
if ( $dir = @opendir($eqdkp->root_path . 'language/') )
{
while ( $file = @readdir($dir) )
{
if ( (!is_file($eqdkp->root_path . 'language/' . $file)) && (!is_link($eqdkp->root_path . 'language/' . $file)) && ($file != '.') && ($file != '..') && ($file != 'CVS') )
{
$tpl->assign_block_vars('lang_row', array(
'VALUE' => $file,
'SELECTED' => ( $this->data['user_lang'] == $file ) ? ' selected="selected"' : '',
'OPTION' => ucfirst($file))
);
}
}
}
//
// Build style drop-down
//
$sql = 'SELECT style_id, style_name
FROM ' . STYLES_TABLE . '
ORDER BY style_name';
$result = $db->query($sql);
while ( $row = $db->fetch_record($result) )
{
$tpl->assign_block_vars('style_row', array(
'VALUE' => $row['style_id'],
'SELECTED' => ( $this->data['user_style'] == $row['style_id'] ) ? ' selected="selected"' : '',
'OPTION' => $row['style_name'])
);
}
$db->free_result($result);
$eqdkp->set_vars(array(
'page_title' => sprintf($user->lang['title_prefix'], $eqdkp->config['guildtag'], $eqdkp->config['dkp_name']).': ' . $user->lang['register_title'],
'template_file' => 'settings.html',
'display' => true)
);
}
}
$register = new Register;
$register->process();
?>