Posted on: 02/14/08 09:35am
By: Anonymous (earnest)
Running Geeklog 1.4.1
My custom registration works well at user registration.
But the user is able to go into his Account Settings AFTER registration, remove all the custom fields he entered, then resave his account. Geeklog doesn't go through the usercheck routine to make sure the data is there.
Is there aNyone willing to help?
I see the problem.
In usersettings.php (the script that lets a user edit his account) there is this:
Text Formatted Code
function saveuser($A)
{
...
// Call custom registration save function if enabled and exists
if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userSave'))) {
CUSTOM_userSave($_USER['uid']);
}
...
}
It is calling CUSTOM_usersave.
Well, in my lib-custom.php, the CUSTOM_userSave function looks something like this:
Text Formatted Code
function CUSTOM_usersave($uid)
{
global $_TABLES;
$firstname = COM_applyFilter($_POST['cust_firstname']);
$lastname = COM_applyFilter($_POST['cust_lastname']);
$phone = COM_applyFilter($_POST['cust_phone']);
etc., etc.,
DB_query("UPDATE {$_TABLES['usersextended']} SET firstname='$firstname' WHERE uid='$uid'");
DB_query("UPDATE {$_TABLES['usersextended']} SET lastname='$lastname' WHERE uid='$uid'");
DB_query("UPDATE {$_TABLES['usersextended']} SET phone='$phone' WHERE uid='$uid'");
}
So we can see that we never check the use contents before saving.
The reason it all works at registration is that users.php calls CUSTOM_usercheck to make sure the data is valid.
My CUSTOM_usercheck look something like this:
Text Formatted Code
/**
* Check if it's okay to create a new user.
*
* Geeklog is about to create a new user with the given username and email
* address. This is the custom code's last chance to prevent that,
* e.g. to check if all required data has been entered.
*
* @param string $username username that Geeklog would use for the new user
* @param string $email email address of that user
* @return string an error message or an empty string for "OK"
*
*/
function CUSTOM_usercheck ($username, $email) {
$msg = '';
// Check fields and complain if missing
if (empty($_POST['cust_phone'])) {
$msg = 'Please enter your home phone!';
}
if (empty($_POST['cust_lastname'])) {
$msg = 'Please enter your last name!';
}
if (empty($_POST['cust_firstname'])) {
$msg = 'Please enter your first name!';
}
return $msg;
}
OBVIOUSLY I AM MISSING SOMETHING? ANYONE KNOW WHAT IT IS?
Re: CUSTOM registration and the usercheck function
Posted on: 02/14/08 10:27am
By: jmucchiello
Quote by: earnestOBVIOUSLY I AM MISSING SOMETHING? ANYONE KNOW WHAT IT IS?
No, you aren't missing anything. Geeklog is.
Try adding this to usersettings.php in the saveform() function. Search for the comment
// a quick spam check with the unfiltered field contents
and insert this before it. It might work, I haven't checked.
Text Formatted Code
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$msg = CUSTOM_userCheck($username, $email);
if (!empty($msg)) {
// no, it's not okay with the custom userform
return COM_refresh($_CONF['site_url']
. '/usersettings.php?mode=edit&msg=$msg');
}
}
// a quick spam check with the unfiltered field contents
Re: CUSTOM registration and the usercheck function
Posted on: 02/14/08 11:52am
By: Anonymous (earnest)
Thanks a lot for your reply.
I actually tried this exact code and in exactly the place you described. The $msg from CUSTOM_usercheck does not display because the COM_refresh line expects a message
number. CUSTOM_usercheck sends the message itself in $msg.
Otherwise, this code works, and I can tell it works by inserting an echo of the $msg variable - like this:
Text Formatted Code
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$msg = CUSTOM_userCheck($username, $email);
if (!empty($msg)) {
echo $msg;
return COM_refresh($_CONF['site_url']
. '/usersettings.php?mode=edit&msg=$msg');
}
}
I was hoping that the problem was with me, and that I would not have to alter the original code. Thanks very much for your help!
Re: CUSTOM registration and the usercheck function
Posted on: 02/14/08 03:24pm
By: jmucchiello
Well, hopefully one of the Devs will come along and make a fix to the core code. This is a quick hack.
Replace the "COM_refresh" with:
Text Formatted Code
global $MESSAGE;
$MESSAGE[9999] = $msg;
$display .= COM_siteHeader('menu', $LANG04[16]);
$display .= COM_showMessage(9999);
$display .= edituser();
$display .= COM_siteFooter();
echo $display;
exit;
Re: CUSTOM registration and the usercheck function
Posted on: 02/14/08 03:58pm
By: Anonymous (earnest)
ah. I didn't know I could use 9999 as a generic code for all the messages. That is a nice and simple hack. Much better than what I did (which, though it worked, I won't mention further because it is too embarrassing
).
Thanks much!
-E
Re: CUSTOM registration and the usercheck function
Posted on: 02/14/08 09:26pm
By: jmucchiello
It's just a number. It only works because we did not refresh.
Re: CUSTOM registration
Posted on: 05/26/08 09:33pm
By: luizcruz
Hi,
It is possible to change the form of registration of geeklog?
With mandatory fields below.
Name
homepage (URL)
Email
confirm email
Please as I do?
Thanks
Luiz
Re: CUSTOM registration and the usercheck function
Posted on: 05/27/08 08:05pm
By: Blaine
Quote by: jmucchielloWell, hopefully one of the Devs will come along and make a fix to the core code.
What is there to modify ? as this is the way it's supposed to work. Just define $MESSAGE[xx] in your lib-custom.php file at the top as a global and pass back xx as the integer reference to the error message.
Re: CUSTOM registration and the usercheck function
Posted on: 05/27/08 09:41pm
By: luizcruz
Hello,
sorry, not understand.
Thanks
Luiz
Re: CUSTOM registration and the usercheck function
Posted on: 05/28/08 11:41am
By: jmucchiello
Quote by: BlaineQuote by: jmucchielloWell, hopefully one of the Devs will come along and make a fix to the core code.
What is there to modify ?.
Blaine, read the first post. Usersettings.php doesn't call CUSTOM_usercheck when modifying the profile data. So "required" fields on login can be erased by going to your profile after you log in. That is the core change I'm hoping for.
Also, CUSTOM_usercheck returns a string as an error. How does this get maintained after COM_refresh? It can't be. Thus, the second mod. CUSTOM_usercheck should have allow the return of message codes but it wasn't designed that way. The caller of CUSTOM_usercheck could check if the return is numeric and do a COM_refresh with msg=returnvalue but that's not how it works at the moment.
Re: CUSTOM registration and the usercheck function
Posted on: 05/28/08 11:44am
By: jmucchiello
Quote by: luizcruzHello,
sorry, not understand.
Thanks
Luiz
This thread is about a bug in custom registration.
Try
this thread for an example of custom registration.