API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 24th, 2018
345
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.65 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. UserSpice 4
  4. An Open Source PHP User Management System
  5. by the UserSpice Team at http://UserSpice.com
  6.  
  7. This program is free software: you can redistribute it and/or modify
  8. it under the terms of the GNU General Public License as published by
  9. the Free Software Foundation, either version 3 of the License, or
  10. (at your option) any later version.
  11.  
  12. This program is distributed in the hope that it will be useful,
  13. but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. GNU General Public License for more details.
  16.  
  17. You should have received a copy of the GNU General Public License
  18. along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. */
  20. // error_reporting(E_ALL);
  21. // ini_set('display_errors', 1);
  22. ini_set("allow_url_fopen", 1);
  23. ?>
  24. <?php require_once '../users/init.php';?>
  25. <?php require_once $abs_us_root.$us_url_root.'users/includes/header.php'; ?>
  26. <?php require_once $abs_us_root.$us_url_root.'users/includes/navigation.php';
  27. use PragmaRX\Google2FA\Google2FA;
  28. if($settings->twofa == 1){
  29. $google2fa = new Google2FA();
  30. }
  31. ?>
  32.  
  33. <?php if (!securePage($_SERVER['PHP_SELF'])){die();} ?>
  34. <?php
  35. if(ipCheckBan()){Redirect::to($us_url_root.'usersc/scripts/banned.php');die();}
  36. if($user->isLoggedIn()) Redirect::to($us_url_root.'index.php');
  37. $settingsQ = $db->query("SELECT * FROM settings");
  38. $settings = $settingsQ->first();
  39. if($settings->recaptcha == 1 || $settings->recaptcha == 2){
  40. require_once($abs_us_root.$us_url_root."users/includes/recaptcha.config.php");
  41. }
  42. //There is a lot of commented out code for a future release of sign ups with payments
  43. $ref = Input::get('ref');
  44. $form_method = 'POST';
  45. $form_action = 'join.php?ref='.$ref;
  46. $vericode = randomstring(15);
  47.  
  48. $form_valid=FALSE;
  49.  
  50. //Decide whether or not to use email activation
  51. $query = $db->query("SELECT * FROM email");
  52. $results = $query->first();
  53. $act = $results->email_act;
  54.  
  55. //Opposite Day for Pre-Activation - Basically if you say in email
  56. //settings that you do NOT want email activation, this lists new
  57. //users as active in the database, otherwise they will become
  58. //active after verifying their email.
  59. if($act==1){
  60. $pre = 0;
  61. } else {
  62. $pre = 1;
  63. }
  64.  
  65. $reCaptchaValid=FALSE;
  66.  
  67. if(Input::exists()){
  68.  
  69. $token = $_POST['csrf'];
  70. if(!Token::check($token)){
  71. include($abs_us_root.$us_url_root.'usersc/scripts/token_error.php');
  72. }
  73. $fname = Input::get('fname');
  74. $lname = Input::get('lname');
  75. $email = Input::get('email');
  76. if($settings->auto_assign_un==1) {
  77. $preusername = $fname[0];
  78. $preusername .= $lname;
  79. $preQ = $db->query("SELECT username FROM users WHERE username = ?",array($preusername));
  80. $preQCount = $preQ->count();
  81. if($preQCount == 0)
  82. {
  83. $username = strtolower($preusername);
  84. }
  85. else
  86. {
  87. $preusername2 = $fname;
  88. $preusername2 .= $lname[0];
  89. $preQ2 = $db->query("SELECT username FROM users WHERE username = ?",array($preusername2));
  90. $preQCount2 = $preQ2->count();
  91. if($preQCount2 == 0)
  92. {
  93. $username = strtolower($preusername2);
  94. }
  95. else
  96. {
  97. $username = $email;
  98. }
  99. } }
  100. if($settings->auto_assign_un==0) $username = Input::get('username');
  101. $agreement_checkbox = Input::get('agreement_checkbox');
  102.  
  103. if ($agreement_checkbox=='on'){
  104. $agreement_checkbox=TRUE;
  105. }else{
  106. $agreement_checkbox=FALSE;
  107. }
  108.  
  109. $db = DB::getInstance();
  110. $settingsQ = $db->query("SELECT * FROM settings");
  111. $settings = $settingsQ->first();
  112. $validation = new Validate();
  113. if($settings->auto_assign_un==0) {
  114. $validation->check($_POST,array(
  115. 'username' => array(
  116. 'display' => 'Username',
  117. 'required' => true,
  118. 'min' => $settings->min_un,
  119. 'max' => $settings->max_un,
  120. 'unique' => 'users',
  121. ),
  122. 'fname' => array(
  123. 'display' => 'First Name',
  124. 'required' => true,
  125. 'min' => 1,
  126. 'max' => 60,
  127. ),
  128. 'lname' => array(
  129. 'display' => 'Last Name',
  130. 'required' => true,
  131. 'min' => 1,
  132. 'max' => 60,
  133. ),
  134. 'email' => array(
  135. 'display' => 'Email',
  136. 'required' => true,
  137. 'valid_email' => true,
  138. 'unique' => 'users',
  139. ),
  140.  
  141. 'password' => array(
  142. 'display' => 'Password',
  143. 'required' => true,
  144. 'min' => $settings->min_pw,
  145. 'max' => $settings->max_pw,
  146. ),
  147. 'confirm' => array(
  148. 'display' => 'Confirm Password',
  149. 'required' => true,
  150. 'matches' => 'password',
  151. ),
  152. )); }
  153. if($settings->auto_assign_un==1) {
  154. $validation->check($_POST,array(
  155. 'fname' => array(
  156. 'display' => 'First Name',
  157. 'required' => true,
  158. 'min' => 1,
  159. 'max' => 60,
  160. ),
  161. 'lname' => array(
  162. 'display' => 'Last Name',
  163. 'required' => true,
  164. 'min' => 1,
  165. 'max' => 60,
  166. ),
  167. 'email' => array(
  168. 'display' => 'Email',
  169. 'required' => true,
  170. 'valid_email' => true,
  171. 'unique' => 'users',
  172. ),
  173.  
  174. 'password' => array(
  175. 'display' => 'Password',
  176. 'required' => true,
  177. 'min' => $settings->min_pw,
  178. 'max' => $settings->max_pw,
  179. ),
  180. 'confirm' => array(
  181. 'display' => 'Confirm Password',
  182. 'required' => true,
  183. 'matches' => 'password',
  184. ),
  185. ));
  186. }
  187.  
  188. //if the agreement_checkbox is not checked, add error
  189. if (!$agreement_checkbox){
  190. $validation->addError(["Please read and accept terms and conditions"]);
  191. }
  192.  
  193. if($validation->passed() && $agreement_checkbox){
  194. //Logic if ReCAPTCHA is turned ON
  195. if($settings->recaptcha == 1 || $settings->recaptcha == 2){
  196. require_once($abs_us_root.$us_url_root."users/includes/recaptcha.config.php");
  197. //reCAPTCHA 2.0 check
  198. $response = null;
  199.  
  200. // check secret key
  201. $reCaptcha = new ReCaptcha($settings->recap_private);
  202.  
  203. // if submitted check response
  204. if ($_POST["g-recaptcha-response"]) {
  205. $response = $reCaptcha->verifyResponse(
  206. $_SERVER["REMOTE_ADDR"],
  207. $_POST["g-recaptcha-response"]);
  208. }
  209. if ($response != null && $response->success) {
  210. // account creation code goes here
  211. $reCaptchaValid=TRUE;
  212. $form_valid=TRUE;
  213. }else{
  214. $reCaptchaValid=FALSE;
  215. $form_valid=FALSE;
  216. $validation->addError(["Please check the reCaptcha box."]);
  217. }
  218.  
  219. } //else for recaptcha
  220.  
  221. if($reCaptchaValid || $settings->recaptcha == 0){
  222.  
  223. //add user to the database
  224. $user = new User();
  225. $join_date = date("Y-m-d H:i:s");
  226. $params = array(
  227. 'fname' => Input::get('fname'),
  228. 'email' => $email,
  229. 'username' => $username,
  230. 'vericode' => $vericode,
  231. 'join_vericode_expiry' => $settings->join_vericode_expiry
  232. );
  233. $vericode_expiry=date("Y-m-d H:i:s");
  234. if($act == 1) {
  235. //Verify email address settings
  236. $to = rawurlencode($email);
  237. $subject = 'Welcome to '.$settings->site_name;
  238. $body = email_body('_email_template_verify.php',$params);
  239. email($to,$subject,$body);
  240. $vericode_expiry=date("Y-m-d H:i:s",strtotime("+$settings->join_vericode_expiry hours",strtotime(date("Y-m-d H:i:s"))));
  241. }
  242. try {
  243. // echo "Trying to create user";
  244. $user->create(array(
  245. 'username' => $username,
  246. 'fname' => ucfirst(Input::get('fname')),
  247. 'lname' => ucfirst(Input::get('lname')),
  248. 'email' => Input::get('email'),
  249. 'password' => password_hash(Input::get('password', true), PASSWORD_BCRYPT, array('cost' => 12)),
  250. 'permissions' => 1,
  251. 'account_owner' => 1,
  252. 'join_date' => $join_date,
  253. 'email_verified' => $pre,
  254. 'active' => 1,
  255. 'vericode' => $vericode,
  256. 'vericode_expiry' => $vericode_expiry
  257. ));
  258. $theNewId=$db->lastId();
  259.  
  260. } catch (Exception $e) {
  261. die($e->getMessage());
  262. }
  263. if($settings->twofa == 1){
  264. $twoKey = $google2fa->generateSecretKey();
  265. $db->update('users',$theNewId,['twoKey' => $twoKey]);
  266. }
  267. include($abs_us_root.$us_url_root.'usersc/scripts/during_user_creation.php');
  268. if($act==1) logger($theNewId,"User","Registration completed and verification email sent.");
  269. if($act==0) logger($theNewId,"User","Registration completed.");
  270. Redirect::to($us_url_root.'users/joinThankYou.php');
  271. }
  272.  
  273. } //Validation and agreement checbox
  274. } //Input exists
  275.  
  276. ?>
  277. <?php header('X-Frame-Options: DENY'); ?>
  278. <div id="page-wrapper">
  279. <div class="container">
  280. <?php
  281. if($settings->registration==1) {
  282. if($settings->glogin==1 && !$user->isLoggedIn()){
  283. require_once $abs_us_root.$us_url_root.'users/includes/google_oauth_login.php';
  284. }
  285. if($settings->fblogin==1 && !$user->isLoggedIn()){
  286. require_once $abs_us_root.$us_url_root.'users/includes/facebook_oauth.php';
  287. }
  288. require $abs_us_root.$us_url_root.'users/views/_join.php';
  289. }
  290. else {
  291. require $abs_us_root.$us_url_root.'users/views/_joinDisabled.php';
  292. }
  293. ?>
  294.  
  295. </div>
  296. </div>
  297.  
  298. <!-- footers -->
  299. <?php require_once $abs_us_root.$us_url_root.'users/includes/page_footer.php'; // the final html footer copyright row + the external js calls ?>
  300.  
  301. <?php if($settings->recaptcha == 1 || $settings->recaptcha == 2){ ?>
  302. <script src="https://www.google.com/recaptcha/api.js" async defer></script>
  303. <script>
  304. function submitForm() {
  305. document.getElementById("payment-form").submit();
  306. }
  307. </script>
  308. <?php } ?>
  309. <?php if($settings->auto_assign_un==0) { ?>
  310. <script type="text/javascript">
  311. <?php } ?>
  312. <script type="text/javascript">
  313. $(document).ready(function(){
  314. $('#password_view_control').hover(function () {
  315. $('#password').attr('type', 'text');
  316. $('#confirm').attr('type', 'text');
  317. }, function () {
  318. $('#password').attr('type', 'password');
  319. $('#confirm').attr('type', 'password');
  320. });
  321. });
  322. </script>
  323.  
  324.  
  325.  
  326. <?php require_once $abs_us_root.$us_url_root.'users/includes/html_footer.php'; // currently just the closing /body and /html ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!