<?php/** * ../../ext/pok4/register/ext.php * * @package default */na

1. <?php
2. /**
3. * ../../ext/pok4/register/ext.php
4. *
5. * @package default
6. */
7. namespace ext\pok4;
8. use \PDO;
9. use App\Entity\CSRF;
10. use App\Entity\FormValidator;
11. use App\Entity\Cookie;
12. if (count(get_included_files()) == 1) exit("Direct access not permitted."); //Don't edit
13. //Your Extension Script
14. class register extends \App\Controllers\BaseController {
15.  
16.  
17.  
18. /**
19. *
20. */
21. public function __construct() {
22. parent::__construct();
23. }
24.  
25.  
26.  
27.  
28.  
29. /**
30. *
31. * @return unknown
32. */
33. public function custom_page() {
34.  
35. if (strpos($_SERVER['REQUEST_URI'], '/pages/register') !== false) {
36.  
37.  
38. $csrf = new CSRF();
39. $cookie = new Cookie();
40. $cookie->set( 'argos_reg', '1', 1200 ); //set cookie and check it below
41. $submit = "";//globalize
42. if(isset($_POST['register'])) {
43.  
44. $validations = [
45. 'username' => 'alfanum',
46. 'email' => 'email',
47. 'pass'=>'password',
48. 'r_pass'=>'password',
49. 'captcha_code'=>'not_empty',
50. ];
51. $required = ['username', 'email','pass','r_pass','captcha_code'];
52. $validator = new FormValidator($validations, $required);
53. $cookie_value = $cookie->get( 'argos_reg' );
54. if($cookie_value == 1) {
55. if ($csrf->isTokenValid($_POST['_csrf'])) {
56. if($validator->validate($_POST))
57. {
58. $_POST = $validator->sanatize($_POST);
59.  
60. if($this->stop_spam($_POST['username'],$_POST['email']) == false) { die('bot'); } //remove bots
61.  
62. $captchaCode = $_SESSION['captchaCode'];
63. $enteredcaptchaCode = $_POST['captcha_code'];
64. if($enteredcaptchaCode === $captchaCode){
65. if($_POST['pass']==$_POST['r_pass']) {
66.  
67.  
68. $go = $this->db->prepare("SELECT username,user_email FROM `".$this->forum_db."`.".$this->forum_db_prefix."_users WHERE username =? OR user_email=?");
69. $go->bindParam(1, $_POST['username'], PDO::PARAM_STR);
70. $go->bindParam(2, $_POST['email'], PDO::PARAM_STR);
71. $go->execute();
72.  
73. if($go->rowCount() < 1){
74. //Everything is OK, and we proceed to make requests to db
75. $user_row = array(
76. 'username' => $_POST['username'], //потребителското име за акаунта
77. 'user_password' => phpbb_hash($_POST['pass']), //паролата на потребителя с phpbb_hash
78. 'user_email' => $_POST['email'],
79. 'group_id' => 2, //default user group
80. 'user_timezone' => '2.00', //GMT+2 (Sofia, Helsinki...)
81. 'user_lang' => 'en', //default language
82. 'user_type' => 0, //is not admin
83. 'user_actkey' => '', //we dont need this one
84. 'user_dateformat' => 'd M Y H:i', //date format for this user
85. 'user_regdate' => time(), //Date of reg
86. );
87. user_add($user_row);
88.  
89. //Your custom code here...
90.  
91. //End Custom code...
92.  
93. $submit .= '<div class="alert alert-success">'.$this->lang['ext_register_lang_success'].'</div>';
94. } else {
95. $submit .= '<div class="alert alert-danger">'.$this->lang['ext_register_lang_taken'].'</div>';
96. }
97. } else {
98. $submit .= '<div class="alert alert-danger">'.$this->lang['ext_register_lang_pass_not_match'].'</div>';
99. }
100. } else {
101. $submit .= '<div class="alert alert-danger">'.$this->lang['ext_register_antibot_not_ok'].'</div>';
102. }
103. } else {
104. foreach(array_keys($validator->getErrors()['errors']) as $v => $k) {
105. switch($k) {
106. case 'username': {
107. $submit .= '<div class="alert alert-danger">'.$this->lang['ext_register_name_req'].'</div>';
108. break;
109. }
110. case 'email': {
111. $submit .= "<div class='alert alert-danger'>".$this->lang['ext_register_email_req']."</div>";
112. break;
113. }
114. case 'pass': {
115. $submit .= "<div class='alert alert-danger'>".$this->lang['ext_register_pass_req']."</div>";
116. break;
117. }
118. case 'r_pass': {
119. $submit .= "<div class='alert alert-danger'>".$this->lang['ext_register_repeat_pw']."</div>";
120. break;
121. }
122. case 'captcha_code': {
123. $submit .= "<div class='alert alert-danger'>".$this->lang['ext_register_antibot_req']."</div>";
124. break;
125. }
126. }
127. }
128. }
129. } else {
130. $submit .= '<div class="alert alert-danger">CSRF Token is not valid.</div>';
131. }
132. } else {
133. $submit .= "<div class='alert alert-danger'>Cookie not set.</div>";
134. }
135. }
136.  
137.  
138. return $this->m->render(file_get_contents("ext/pok4/register/template/register.html"),
139. [
140. 'csrf_token_form'=>$csrf->echoInputField(),
141. 'is_anony'=>$this->is_anonymous,
142. 'submit'=>$submit,
143. 'ext_register_allowed_username'=>$this->lang['ext_register_allowed_username'],
144. 'ext_register_allowed_password'=>$this->lang['ext_register_allowed_password'],
145. 'ext_register_already'=>$this->lang['ext_register_already'],
146. 'ext_register_lang_username'=>$this->lang['ext_register_lang_username'],
147. 'ext_register_lang_pass'=>$this->lang['ext_register_lang_pass'],
148. 'ext_register_lang_pass_r'=>$this->lang['ext_register_lang_pass_r'],
149. 'ext_register_lang_mail'=>$this->lang['ext_register_lang_mail'],
150. 'ext_register_lang_antibot'=>$this->lang['ext_register_lang_antibot'],
151. 'ext_register_button'=>$this->lang['ext_register_button'],
152. ]);
153. }
154.  
155. }
156.  
157. public function ajax() {
158. if(is_ajax()) {
159. if(isset($_POST['username2'])) {
160. $username = $_POST['username2'];
161. $go = $this->db->prepare("SELECT username from `".$this->forum_db."`.".$this->forum_db_prefix."_users WHERE username=?");
162. $go->bindParam(1, $username, PDO::PARAM_STR);
163. $go->execute();
164. if($go->rowCount() > 0) {
165. echo 1;
166. } else {
167. echo 0;
168. }
169. } else {
170. $email = $_POST['email2'];
171. $go = $this->db->prepare("SELECT user_email from `".$this->forum_db."`.".$this->forum_db_prefix."_users WHERE user_email=?");
172. $go->bindParam(1, $email, PDO::PARAM_STR);
173. $go->execute();
174. if($go->rowCount() > 0) {
175. echo 1;
176. } else {
177. echo 0;
178. }
179.  
180. }
181. }
182.  
183. }
184.  
185. public function stop_spam($username,$email) {
186. // setup the URL
187. $url = 'http://api.stopforumspam.org/api?json';
188.  
189. $data = array(
190. 'username' => $username,
191. 'email' => $email,
192. 'ip' => $_SERVER['REMOTE_ADDR'],
193. );
194.  
195. $data = http_build_query($data);
196.  
197. // init the request, set some info, send it and finally close it
198. $ch = curl_init($url);
199.  
200. curl_setopt($ch, CURLOPT_POST, 1);
201. curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
202. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
203.  
204. $result = curl_exec($ch);
205.  
206. curl_close($ch);
207.  
208. if(json_decode($result)->username->appears == 0 && json_decode($result)->email->appears == 0) {
209. return true;
210. } else {
211. return false;
212. }
213. }
214.  
215.  
216. /**
217. *
218. */
219. public function load() {
220.  
221. //check name/email availability
222. if (strpos($_SERVER['REQUEST_URI'], '/pages/register') !== false) {
223. $this->dispatcher->emit('core_event_inside_head_ready_front', [
224. $this->m->render(file_get_contents("ext/pok4/register/template/username_mail_checker.js"),[
225. 'ext_register_name_taken'=>$this->lang['ext_register_name_taken'],
226. 'ext_register_name_no_taken'=>$this->lang['ext_register_name_no_taken'],
227. 'ext_register_email_taken'=>$this->lang['ext_register_email_taken'],
228. 'ext_register_email_no_taken'=>$this->lang['ext_register_email_no_taken'],
229. ])
230. ]);
231. }
232. if(!$this->is_anonymous) {
233. //remove link in menu for registered members
234. $this->dispatcher->emit('core_event_inside_head_ready_front', [ '
235. $("a[href*=\"pages/register\"]").prev().remove();
236. $("a[href*=\"pages/register\"]").next().remove();
237. $("a[href*=\"pages/register\"]").remove();
238. ']);
239. }
240. $this->dispatcher->emit('core_event_inside_custom_menu', [$this->custom_page()]);
241.  
242. }
243.  
244.  
245. };
246.  
247. $load_ext = new register;
248. $load_ext->load();
249.