Welcome to Geeklog, Anonymous Friday, November 08 2024 @ 10:05 pm EST
Geeklog Forums
Custom Registration Example
Page navigation
Status: offline
Blaine
Forum User
Moderator
Registered: 07/16/02
Posts: 1232
Location:Canada
A few weeks ago, I assisted a member with the custom membership to add two additional fields. As part of his School reunion site, new members signing up would be required to enter their "Full Name" and "Graduation Year".
Adding more then one new field is not much more work since it requires all the custom functions to be created and a new database table to store the additional field(s). So this should be a good example even if you want to add 10 fields.
I have uploaded this complete example and the archive is available here includes the complete functions, SQL and detailed instructions.
Geeklog components by PortalParts -- www.portalparts.com
Adding more then one new field is not much more work since it requires all the custom functions to be created and a new database table to store the additional field(s). So this should be a good example even if you want to add 10 fields.
I have uploaded this complete example and the archive is available here includes the complete functions, SQL and detailed instructions.
Geeklog components by PortalParts -- www.portalparts.com
60
42
Quote
Status: offline
tesn
Forum User
Chatty
Registered: 10/23/02
Posts: 41
Location:Magnolia, Texas
I took your example and modified the Graduation_Year to my information that is in this format: "STEAM_0"01234567" However, If I enter it in this manor it reverts to a "0" when I view it from the users profile. I can go into phpmyadmin and edit this information and it will be displayed correctly.
If I use the following format it will be entered as I type it "01234567" but I really need everthing after the "STEAM_ " to show up.
I am also wanting to know how I can have this information displayed in the users "Account Information" page so that they can edit this when they need to.
Thanks
John
If I use the following format it will be entered as I type it "01234567" but I really need everthing after the "STEAM_ " to show up.
I am also wanting to know how I can have this information displayed in the users "Account Information" page so that they can edit this when they need to.
Thanks
John
49
43
Quote
SmackDaddy
Anonymous
How do I edit the text located on the registration page: http://mysite.url/users.php?mode=new ???
It says nothing about "Do NOT use spaces" in a username, although in the admin section, it clearly states it....and I have had problems with people logging in after using spaces despite not knowing they shouldn't....
Thanks
It says nothing about "Do NOT use spaces" in a username, although in the admin section, it clearly states it....and I have had problems with people logging in after using spaces despite not knowing they shouldn't....
Thanks
52
42
Quote
Status: offline
tesn
Forum User
Chatty
Registered: 10/23/02
Posts: 41
Location:Magnolia, Texas
Around line 102 of your lib-custom.php file
John
Text Formatted Code
$message = "<br><font color=black><b>Please complete the application below. Once you have completed the application, click the Submit button and the application will be processed immediately.</b></font>";John
46
48
Quote
thud
Anonymous
Hi guys,
This is similar to what I want to do - but I want to add extra text field (eg: graduation year) into the story posting page - so you'd have title, topic, EXTRA FIELD 1, EXTRA FIELD 2, intro text, body text etc.
Is there a way to do this? I'd love it if there was
This is similar to what I want to do - but I want to add extra text field (eg: graduation year) into the story posting page - so you'd have title, topic, EXTRA FIELD 1, EXTRA FIELD 2, intro text, body text etc.
Is there a way to do this? I'd love it if there was
53
42
Quote
Status: offline
tesn
Forum User
Chatty
Registered: 10/23/02
Posts: 41
Location:Magnolia, Texas
This code will not work , atleast on my site it is not. When I try and edit my account which is already on the site it will not input the information into the database. I am using the sample listed here with NO changes.
Any ideas on where to look??
Maybe this is why it would not work with my modifications.
Anyone else using this code ??
John
Any ideas on where to look??
Maybe this is why it would not work with my modifications.
Anyone else using this code ??
John
50
42
Quote
Status: offline
Blaine
Forum User
Moderator
Registered: 07/16/02
Posts: 1232
Location:Canada
This example worked fine and was installed by my client without modification. I provided this as yet another documented example of how to use the customized registration function. As noted, this requires PHP and mysql knowledge as you are writting or editing code.
If you have a specific question then I or others can assist. If you need a set of custom functions written - then you can contact me as I have offered for a quote.
Geeklog components by PortalParts -- www.portalparts.com
If you have a specific question then I or others can assist. If you need a set of custom functions written - then you can contact me as I have offered for a quote.
Geeklog components by PortalParts -- www.portalparts.com
44
47
Quote
Status: offline
tesn
Forum User
Chatty
Registered: 10/23/02
Posts: 41
Location:Magnolia, Texas
Well it is not working when I as a existing member of my site try and enter my grad year, it comes back as a 0.
It does work for "New" members who enter this information during registration, but Existing members can not.
I am using your example with no changes.
John
It does work for "New" members who enter this information during registration, but Existing members can not.
I am using your example with no changes.
John
44
42
Quote
Status: offline
Vapour71
Forum User
Chatty
Registered: 02/10/05
Posts: 55
Location:Great White North Eh!
I am going to try this example on my site. However I do not want to use the example "graduation year". I would like to have something different. Is it correct that I only have to edit the line "`grad_year` varchar(4) NOT NULL default ''," by changing the 'graduation_year' to whatever I would like it to be?
Are there any other files within the other directories supplied that also need to be edited?
Finally, one last question, with regards to the "Full Name" being not being not prompted for at registration time, how can I make it prompt for the Full Name and have it be a required field that must be completed before registration can be submitted?
Thanks in advance for the help
I've Gone To Find Myself. If I Show Up Before I Return, Make Me Wait Here Until I Get Back.
Are there any other files within the other directories supplied that also need to be edited?
Finally, one last question, with regards to the "Full Name" being not being not prompted for at registration time, how can I make it prompt for the Full Name and have it be a required field that must be completed before registration can be submitted?
Thanks in advance for the help
I've Gone To Find Myself. If I Show Up Before I Return, Make Me Wait Here Until I Get Back.
43
48
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by Vapour71: Finally, one last question, with regards to the "Full Name" being not being not prompted for at registration time, how can I make it prompt for the Full Name and have it be a required field that must be completed before registration can be submitted?
The sample code in lib-custom.php implements just that. Please refer to the instructions there.
bye, Dirk
41
39
Quote
Status: offline
Vapour71
Forum User
Chatty
Registered: 02/10/05
Posts: 55
Location:Great White North Eh!
I read it originally, but just needed to make sure I understood it correctly. Thanks again Dirk!
I've Gone To Find Myself. If I Show Up Before I Return, Make Me Wait Here Until I Get Back.
I've Gone To Find Myself. If I Show Up Before I Return, Make Me Wait Here Until I Get Back.
42
45
Quote
Status: offline
jetshack
Forum User
Full Member
Registered: 06/29/04
Posts: 122
Location:Texas
As an aside... blaine originally wrote the above example for me, and it's working flawlessly. The site in question is up to 210 members and sees about 3 new members a week. (considering how small and rural the town is that's a pretty astounding number)
Once again, Thanks Blaine for a great piece of work.
Once again, Thanks Blaine for a great piece of work.
41
41
Quote
Dave
Anonymous
I'm having problems with it. And its a specific problem I'm changing it to "referred by". ANyway, when people go to sign up as new user, it doesn't process it.
go to www.theultimatecasinoguide.com and try and sign up as a new user. it will not process. i think something simple but i cannot see what, and know one of you pros probably can get it lol
go to www.theultimatecasinoguide.com and try and sign up as a new user. it will not process. i think something simple but i cannot see what, and know one of you pros probably can get it lol
42
44
Quote
Dave
Anonymous
got it nm THANKS
46
44
Quote
Dave
Anonymous
Darn not working,its progcessing new user, but in referred by it lists it as a 0
55
47
Quote
Dave
Anonymous
Okay I know a bit more. Heres what happens:
- User can register fine.
- If they input "Steve" in referral line, it does not work.
- If they input "1982" in referral line, it does.
So obviously, its liking the numbers but not the text! I will keep working on this but if someone can point in right direction that would be great.
PS: Blaine I'm the guy that sent you that award 2 or 3 christmas ago Still got it?
- User can register fine.
- If they input "Steve" in referral line, it does not work.
- If they input "1982" in referral line, it does.
So obviously, its liking the numbers but not the text! I will keep working on this but if someone can point in right direction that would be great.
PS: Blaine I'm the guy that sent you that award 2 or 3 christmas ago Still got it?
47
43
Quote
Status: offline
the Modfather
Forum User
Newbie
Registered: 03/09/03
Posts: 6
Being that I am new to PHP and MySQL, I'm wondering if someone wouldn't mind explaining to me how to "require" first and last names for new registrations. I looked thru the lib-custom.php, but really dont' know what I'm looking for.
Any help is appreciated.
Any help is appreciated.
45
44
Quote
Status: offline
jordydme
Forum User
Full Member
Registered: 11/03/05
Posts: 135
Hi Blaine,
I am currently strugglling with this modification you made. I have been working with it on and off for the last couple of weeks and can't seem to get it going.
Here is a link to the site: here
It all looks as though it's good to go but nothing happens once the info is filled in and submitted:
I have enabled the custom reg option to "true" in the GL config file.
Looks like the new table (gl_localuserinfo) was created successfully.
Most of the directions seemed pretty strraight forward.
I added the edited theme files as described for users and preferences. I aslo created the "custom" directory as described.
The only thing that I felt was a little ambigous was how to edit the System/lib-custom file. I am pasting my edited lib-custom bellow:
<?php
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
// | Geeklog 1.3 |
// +---------------------------------------------------------------------------+
// | lib-custom.php |
// | Your very own custom Geeklog library. |
// | |
// | This is the file where you should put all of your custom code. When |
// | possible you should not alter lib-common.php but, instead, put code here. |
// | This will make upgrading to future versions of Geeklog easier for you |
// | because you will always be gauranteed that the Geeklog developers will |
// | NOT add code to this file. NOTE: we have already gone through the trouble |
// | of making sure that we always include this file when lib-common.php is |
// | included some place so you will have access to lib-common.php. It |
// | follows then that you should not include lib-common.php in this file |
// | |
// +---------------------------------------------------------------------------+
// | Copyright (C) 2000-2005 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
// | Blaine Lang - blaine AT portalparts DOT com |
// | Dirk Haun - dirk AT haun-online DOT de |
// +---------------------------------------------------------------------------+
// | |
// | This program is free software; you can redistribute it and/or |
// | modify it under the terms of the GNU General Public License |
// | as published by the Free Software Foundation; either version 2 |
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
//
// $Id: lib-custom.php,v 1.11.2.1 2005/10/03 09:24:36 dhaun Exp $
// You can use this global variable to print useful messages to the errorlog
// using COM_errorLog(). To see an example of how to do this, look in
// lib-common.php and see how $_COM_VERBOSE was used throughout the code
$_CST_VERBOSE = false;
/**
* Sample PHP Block function
*
* this is a sample function used by a PHP block. This will show the rights that
* a user has in the "What you have access to" block.
*
*/
function phpblock_showrights()
{
global $_RIGHTS, $_CST_VERBOSE;
if ($_CST_VERBOSE) {
COM_errorLog('**** Inside phpblock_showrights in lib-custom.php ****', 1);
}
$retval .= ' ';
for ($i = 0; $i < count($_RIGHTS); $i++) {
$retval .= '<li>' . $_RIGHTS[$i] . '</li>' . LB;
}
if ($_CST_VERBOSE) {
COM_errorLog('**** Leaving phpblock_showrights in lib-custom.php ****', 1);
}
return $retval;
}
/***
*
* Get Bent()
*
* Php function to tell you how if your site is grossly insecure
*
**/
function phpblock_getBent()
{
global $_CONF, $_TABLES;
$secure = true;
$retval = '';
$secure_msg = 'Could not find any gross insecurities in your site. Do not take this ';
$secure_msg .= 'as meaning your site is 100% secure, as no site ever is. I can only ';
$secure_msg .= 'check things that should be blatantly obvious.';
$insecure_msg = '';
// we don't have the path to the admin directory, so try to figure it out
// from $_CONF['site_admin_url']
$adminurl = $_CONF['site_admin_url'];
if (strrpos ($adminurl, '/') == strlen ($adminurl)) {
$adminurl = substr ($adminurl, 0, -1);
}
$pos = strrpos ($adminurl, '/');
if ($pos === false) {
// only guessing ...
$installdir = $_CONF['path_html'] . 'admin/install';
} else {
$installdir = $_CONF['path_html'] . substr ($adminurl, $pos + 1)
. '/install';
}
if (is_dir ($installdir)) {
$insecure_msg .= '<p>You should really remove the install directory <b>' . $installdir .'</b> once you have your site up and running without any errors.';
$insecure_msg .= ' Keeping it around would allow malicious users the ability to destroy your current install, take over your site, or retrieve sensitive information.';
$secure = false;
}
// check to see if any account still has 'password' as its password.
$count = DB_query("select count(*) as count from {$_TABLES['users']} where passwd='" . md5('password') . "'");
$A = DB_fetchArray($count);
if ( $A['count'] > 0 ) {
$secure = false;
$insecure_msg .= '<p>You still have not changed the default password from "password" on ' . $A['count'] . ' account(s). ';
$insecure_msg .= 'This will allow people to do serious harm to your site!';
}
if ($secure) {
$retval = $secure_msg;
} else {
$retval = $insecure_msg;
}
$retval = wordwrap($retval,20,' ',1);
return $retval;
}
/* Sample Custom Member Functions to create and update Custom Membership registration and profile
Note1: Enable CustomRegistration Feature in config.php
$_CONF['custom_registration'] = true; // Set to true if you have custom code
Note2: This example requries a template file called memberdetail.thtml to be
located under the theme_dir/custom directory.
Sample is provided under /system with the distribution.
Functions have been provided that are called from the Core Geeklog user and admin functions
- This works with User Moderation as well
- Admin will see the new registration info when checking a members profile only
- All other users will see the standard User profile with the optional extended custom information
- Customization requires changes to a few of the core template files to add {customfields} variable
- See notes below in the custom function about the template changes
*/
/* Create any new records in additional tables you may have added */
/* Update any fields in the core GL tables for this user as needed */
/* Called when user is first created */
function custom_usercreate($uid) {
global $_TABLES;
$grad_year = COM_applyFilter($_POST['cust_gradyear'],true);
$fullname = COM_applyFilter($_POST['cust_fullname']);
// Ensure all data is prepared correctly before inserts, quotes may need to be escaped with addslashes()
DB_query("INSERT INTO {$_TABLES['localuserinfo']} (uid,grad_year) VALUES ('$uid', '$grad_year')");
DB_query("UPDATE {$_TABLES['users']} SET fullname = '$fullname' WHERE uid='$uid'");
return true;
}
// Delete user record from custom user info table
function custom_userdelete($uid) {
global $_TABLES;
DB_query("DELETE FROM {$_TABLES['localuserinfo']} WHERE uid='$uid'");
return true;
}
/* Called from users.php - when user is displaying a member profile */
/* This function can now return any extra fields that need to be shown */
/* Output is then replaced in {customfields) -- This variable needs to be added to your templates */
/* Template: path_layout/users/profile/profile.thtml */
function custom_userdisplay($uid) {
global $_CONF,$_TABLES;
$grad_year = DB_getItem($_TABLES['localuserinfo'], "grad_year", "uid='$uid'");
$fullname = DB_getItem($_TABLES['users'], "fullname", "uid='$uid'");
$retval .= '<tr>
<td align="right"><b>Full Name:</b></td>
<td>' . $fullname .'</td>
</tr>';
$retval .= '<tr>
<td align="right"><b>Graduation Year:</b></td>
<td>' . $grad_year .'</td>
</tr>';
return $retval;
}
/* Function called when editing user profile. */
/* Called from usersettings.php - when user is eding their own profile */
/* and from admin/user.php when admin is editing a member profile */
/* This function can now return any extra fields that need to be shown for editing */
/* Output is then replaced in {customfields} -- This variable needs to be added to your templates */
/* User: path_layout/preferences/profile.thtml and Admin: path_layout/admin/user/edituser.thtml */
/* This example shows adding the Cookie Timeout setting and extra text field */
/* As noted: You need to add the {customfields} template variable. */
/* For the edituser.thtml - maybe it would be added about the {group_edit} variable. */
function custom_useredit($uid) {
global $_TABLES,$_CONF;
$grad_year = DB_getItem($_TABLES['localuserinfo'], "grad_year", "uid='$uid'");
$fullname = DB_getItem($_TABLES['users'], "fullname", "uid='$uid'");
$retval .= '<tr>
<td align="right"><b>Full Name:</b></td>
<td><input type="text" name="cust_fullname" size="50" value="' . $fullname .'"></td>
</tr>';
$retval .= '<tr>
<td align="right"><b>Graduation Year:</b></td>
<td><input type="text" name="cust_gradyear" size="5" maxlength="4" value="' . $grad_year .'"></td>
</tr>';
$retval .= '<tr><td colspan="2"><hr></td></tr>';
return $retval;
}
/* Function called when saving the user profile. */
/* This function can now update any extra fields */
function custom_usersave($uid) {
global $_TABLES;
$grad_year = COM_applyFilter($_POST['cust_gradyear'],true);
$fullname = COM_applyFilter($_POST['fullname']);
DB_query("UPDATE {$_TABLES['users']} SET fullname='$fullname' WHERE uid='$uid'");
if ($grad_year > 0) {
DB_query("UPDATE {$_TABLES['localuserinfo']} SET grad_year='$grad_year' WHERE uid='$uid'");
}
}
/**
* Main Form used for Custom membership when member is registering
*
* Note: Requires a file custom/memberdetail.thtml in every theme that is
* installed on the site!
*
* @param string $msg an error message to display or the word 'new'
* @return string HTML for the registration form
*
*/
function custom_userform($uid="",$msg="") {
global $_CONF,$_TABLES, $LANG04;
if (!empty($msg)) {
$retval .= COM_startBlock($LANG04[21]) . $msg . COM_endBlock();
}
$post_url = $_CONF['site_url']."/users.php";
$postmode = "create";
$submitbutton = '<input type="submit" value="Register Now!">';
$passwd_input = "";
$message = "<br><font color=black><b>Please complete the application below. Once you have completed the application, click the Submit button and the application will be processed immediately.</b></font>";
$A=array();
$user_templates = new Template ($_CONF['path_layout'] . 'custom');
$user_templates->set_file('memberdetail', 'memberdetail.thtml');
$user_templates->set_var('layout_url', $_CONF['layout_url']);
$user_templates->set_var('post_url', $post_url);
$user_templates->set_var('startblock', COM_startBlock("Custom Registration Example"));
$user_templates->set_var('message', $message);
$user_templates->set_var('USERNAME', "Username");
$user_templates->set_var('USERNAME_HELP', "Name to be used when accessing this site");
$user_templates->set_var('username', $A['username']);
$user_templates->set_var('passwd_input', $passwd_input);
$user_templates->set_var('EMAIL', "Email Address");
$user_templates->set_var('EMAIL_HELP', "Valid email address");
$user_templates->set_var('email', $A['email']);
$user_templates->set_var('FULLNAME', "Full Name");
$user_templates->set_var('FULLNAME_HELP', "First and Last Name");
$user_templates->set_var('fullname', $A['fullname']);
$user_templates->set_var('GRADYEAR', "Graduation Year");
$user_templates->set_var('GRADYEAR_HELP', "That big year!");
$user_templates->set_var('grad_year', "");
$user_templates->set_var('user_id', $user);
$user_templates->set_var('postmode', $postmode);
$user_templates->set_var('submitbutton', $submitbutton);
$user_templates->set_var('endblock', COM_endBlock());
$user_templates->parse('output', 'memberdetail');
$retval .= $user_templates->finish($user_templates->get_var('output'));
return $retval;
}
/**
* Check if it's okay to create a new user.
*
* Geeklog is about to create a new user with the given username and email
* address. This is the custom code's last chance to prevent that,
* e.g. to check if all required data has been entered.
*
* @param string $username username that Geeklog would use for the new user* @param string $email email address of that user
* @return string an error message or an empty string for "OK"
*
*/
function custom_usercheck ($username, $email)
{
$msg = '';
// Example, check that the full name has been entered
// and complain if it's missing
if (empty ($_POST['fullname'])) {
$msg = 'Please enter your full name!';
}
return $msg;
}
/**
* Custom function to retrieve and return a formatted list of blocks
* Can be used when calling COM_siteHeader or COM_SiteFooter
* Example:
* 1: Setup an array of blocks to display
* 2: Call COM_siteHeader or COM_siteFooter
*
* $myblocks = array ('site_menu','site_news','poll_block');
* COM_siteHeader( array('COM_showCustomBlocks',$myblocks) ) ;
* COM_siteFooter( true, array('COM_showCustomBlocks',$myblocks));
* @param array $showblocks An array of block names to retrieve and format
* @return string Formated HTML containing site footer and optionally right blocks
*/
function custom_showBlocks($showblocks)
{
global $_CONF, $_TABLES;
$retval = '';
foreach($showblocks as $block) {
$sql = "SELECT bid, name,type,title,content,rdfurl,phpblockfn,help FROM {$_TABLES['blocks']} WHERE name='$block'";
$result = DB_query($sql);
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
$retval .= COM_formatBlock($A);
}
}
return $retval;
}
/**
* This is an example of a custom email function. When this function is NOT
* commented out, Geeklog would send all emails through this function
* instead of sending them through COM_mail in lib-common.php.
*
* This is basically a re-implementation of the way emails were sent
* prior to Geeklog 1.3.9 (Geeklog uses PEAR::Mail as of version 1.3.9).
*
*/
/*
function CUSTOM_mail($to, $subject, $message, $from = '', $html = false, $priority = 0)
{
global $_CONF, $LANG_CHARSET;
if (empty ($LANG_CHARSET)) {
$charset = $_CONF['default_charset'];
if (empty ($charset)) {
$charset = 'iso-8859-1';
}
} else {
$charset = $LANG_CHARSET;
}
if (empty ($from)) {
$from = $_CONF['site_name'] . ' <' . $_CONF['site_mail'] . '>';
}
$headers = 'From: ' . $from . "rn"
. 'X-Mailer: Geeklog ' . VERSION . "rn";
if ($priority > 0) {
$headers .= 'X-Priority: ' . $priority . "rn";
}
if ($html) {
$headers .= "Content-Type: text/html; charset={$charset}rn"
. 'Content-Transfer-Encoding: 8bit';
} else {
$headers .= "Content-Type: text/plain; charset={$charset}";
}
return mail ($to, $subject, $message, $headers);
}
*/
/**
* This is an example of a function that returns menu entries to be used for
* the 'custom' entry in $_CONF['menu_elements'] (see config.php).
*
*/
/*
function CUSTOM_menuEntries ()
{
global $_CONF, $_USER;
$myentries = array ();
// Sample link #1: Link to Gallery
$myentries[] = array ('url' => $_CONF['site_url'] . '/gallery/',
'label' => 'Gallery');
// Sample link #2: Link to the Personal Calendar - only visible for
// logged-in users
if (!empty ($_USER['uid']) && ($_USER['uid'] > 1)) {
$myentries[] = array ('url' => $_CONF['site_url']
. '/calendar.php?mode=personal',
'label' => 'My Calendar');
}
return $myentries;
}
*/
?>
Let me say that I do not know PHP or MYsql but I am learning it at snails pace:
THis is my Lib-database.php file:
<?php
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
// | Geeklog 1.3 |
// +---------------------------------------------------------------------------+
// | lib-database.php |
// | |
// | Geeklog database library. |
// +---------------------------------------------------------------------------+
// | Copyright (C) 2000-2004 by the following authors: |
// | |
// | Authors: Tony Bibbs, tony@tonybibbs.com |
// +---------------------------------------------------------------------------+
// | |
// | This program is free software; you can redistribute it and/or |
// | modify it under the terms of the GNU General Public License |
// | as published by the Free Software Foundation; either version 2 |
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
//
// $Id: lib-database.php,v 1.33 2004/11/20 17:55:07 dhaun Exp $
/**
* This is the high-level database layer for Geeklog (for the low-level stuff,
* see the system/databases directory).
*
* NOTE: As of Geeklog 1.3.5 you should not have to edit this file any more.
*/
// +---------------------------------------------------------------------------+
// | Table definitions, these are used by the install program to create the |
// | database schema. If you don't like the tables names, change them PRIOR |
// | to running the install after running the install program DO NOT TOUCH |
// | these. You have been warned! Also, these variables are used in the core |
// | Geeklog code |
// +---------------------------------------------------------------------------+
$_TABLES['access'] = $_DB_table_prefix . 'access';
$_TABLES['article_images'] = $_DB_table_prefix . 'article_images';
$_TABLES['blocks'] = $_DB_table_prefix . 'blocks';
$_TABLES['commentcodes'] = $_DB_table_prefix . 'commentcodes';
$_TABLES['commentmodes'] = $_DB_table_prefix . 'commentmodes';
$_TABLES['comments'] = $_DB_table_prefix . 'comments';
$_TABLES['cookiecodes'] = $_DB_table_prefix . 'cookiecodes';
$_TABLES['dateformats'] = $_DB_table_prefix . 'dateformats';
$_TABLES['events'] = $_DB_table_prefix . 'events';
$_TABLES['eventsubmission'] = $_DB_table_prefix . 'eventsubmission';
$_TABLES['featurecodes'] = $_DB_table_prefix . 'featurecodes';
$_TABLES['features'] = $_DB_table_prefix . 'features';
$_TABLES['frontpagecodes'] = $_DB_table_prefix . 'frontpagecodes';
$_TABLES['group_assignments'] = $_DB_table_prefix . 'group_assignments';
$_TABLES['groups'] = $_DB_table_prefix . 'groups';
$_TABLES['links'] = $_DB_table_prefix . 'links';
$_TABLES['linksubmission'] = $_DB_table_prefix . 'linksubmission';
$_TABLES['maillist'] = $_DB_table_prefix . 'maillist';
$_TABLES['personal_events'] = $_DB_table_prefix . 'personal_events';
$_TABLES['plugins'] = $_DB_table_prefix . 'plugins';
$_TABLES['pollanswers'] = $_DB_table_prefix . 'pollanswers';
$_TABLES['pollquestions'] = $_DB_table_prefix . 'pollquestions';
$_TABLES['pollvoters'] = $_DB_table_prefix . 'pollvoters';
$_TABLES['postmodes'] = $_DB_table_prefix . 'postmodes';
$_TABLES['sessions'] = $_DB_table_prefix . 'sessions';
$_TABLES['sortcodes'] = $_DB_table_prefix . 'sortcodes';
$_TABLES['speedlimit'] = $_DB_table_prefix . 'speedlimit';
$_TABLES['statuscodes'] = $_DB_table_prefix . 'statuscodes';
$_TABLES['stories'] = $_DB_table_prefix . 'stories';
$_TABLES['storysubmission'] = $_DB_table_prefix . 'storysubmission';
$_TABLES['syndication'] = $_DB_table_prefix . 'syndication';
$_TABLES['topics'] = $_DB_table_prefix . 'topics';
$_TABLES['tzcodes'] = $_DB_table_prefix . 'tzcodes';
$_TABLES['usercomment'] = $_DB_table_prefix . 'usercomment';
$_TABLES['userindex'] = $_DB_table_prefix . 'userindex';
$_TABLES['userinfo'] = $_DB_table_prefix . 'userinfo';
$_TABLES['userprefs'] = $_DB_table_prefix . 'userprefs';
$_TABLES['users'] = $_DB_table_prefix . 'users';
$_TABLES['vars'] = $_DB_table_prefix . 'vars';
$_TABLES['localuserinfo'] = $_DB_table_prefix . 'localuserinfo';
// the static pages plugin has become an integral part of Geeklog anyway ...
$_TABLES['staticpage'] = $_DB_table_prefix . 'staticpage';
// ditto for spamx
$_TABLES['spamx'] = $_DB_table_prefix . 'spamx';
// these tables aren't used by Geeklog any more, but the table names are needed
// when upgrading from old versions
$_TABLES['commentspeedlimit'] = $_DB_table_prefix . 'commentspeedlimit';
$_TABLES['submitspeedlimit'] = $_DB_table_prefix . 'submitspeedlimit';
$_TABLES['userevent'] = $_DB_table_prefix . 'userevent';
// +---------------------------------------------------------------------------+
// | DO NOT TOUCH ANYTHING BELOW HERE |
// +---------------------------------------------------------------------------+
if (eregi ('lib-database.php', $HTTP_SERVER_VARS['PHP_SELF'])) {
die ('This file can not be used on its own.');
}
/**
* Include appropriate DBMS object
*
*/
require_once($_CONF['path_system'] . 'databases/'. $_DB_dbms . '.class.php');
// Instantiate the database object
$_DB = new database($_DB_host,$_DB_name,$_DB_user,$_DB_pass,'COM_errorLog');
// +---------------------------------------------------------------------------+
// | These are the library functions. In all cases they turn around and make |
// | calls to the DBMS specific functions. These ARE to be used directly in |
// | the code...do NOT use the $_DB methods directly
// +---------------------------------------------------------------------------+
/**
* Turns debug mode on for the database library
*
* Setting this to true will cause the database code to print out
* various debug messages. Setting it to false will supress the
* messages (is false by default). NOTE: Gl developers have put many
* useful debug messages into the mysql implementation of this. If
* you are using something other than MySQL and if the GL team did
* not write it then you may or may not get something useful by turning
* this on.
*
* @param boolean $flag true or false
*
*/
function DB_setdebug($flag)
{
global $_DB;
$_DB->setVerbose($flag);
}
/**
* Executes a query on the db server
*
* This executes the passed SQL and returns the recordset or errors out
*
* @param string $sql SQL to be executed
* @param int $ignore_errors If 1 this function supresses any error messages
* @return object Returns results from query
*
*/
function DB_query($sql, $ignore_errors=0)
{
global $_DB;
return $_DB->dbQuery($sql,$ignore_errors);
}
/**
* Saves information to the database
*
* This will use a REPLACE INTO to save a record into the
* database. NOTE: this function is going to change in the near future
* to remove dependency of REPLACE INTO. Please use DB_query if you can
*
* @param string $table The table to save to
* @param string $fields Comma demlimited list of fields to save
* @param string $values Values to save to the database table
* @param string $return_page URL to send user to when done
*
*/
function DB_save($table,$fields,$values,$return_page='')
{
global $_DB,$_TABLES,$_CONF;
$_DB->dbSave($table,$fields,$values);
if (!empty($return_page)) {
print COM_refresh("$return_page");
}
}
/**
* Deletes data from the database
*
* This will delete some data from the given table where id = value
*
* @param string $table Table to delete data from
* @param array|string $id field name(s) to use in where clause
* @param array|string $value value(s) to use in where clause
* @param string $return_page page to send user to when done
*
*/
function DB_delete($table,$id,$value,$return_page='')
{
global $_DB,$_TABLES,$_CONF;
$_DB->dbDelete($table,$id,$value);
if (!empty($return_page)) {
print COM_refresh("$return_page");
}
}
/**
* Gets a single item from the database
*
* @param string $table Table to get item from
* @param string $what field name to get
* @param string $selection Where clause to use in SQL
* @return mixed Returns value sought
*
*/
function DB_getItem($table,$what,$selection='')
{
if (!empty($selection)) {
$result = DB_query("SELECT $what FROM $table WHERE $selection");
} else {
$result = DB_query("SELECT $what FROM $table");
}
$ITEM = DB_fetchArray($result, true);
return $ITEM[0];
}
/**
* Changes records in a table
*
* This will change the data in the given table that meet the given criteria and will
* redirect user to another page if told to do so
*
* @param string $table Table to perform change on
* @param string $item_to_set field name to set
* @param string $value_to_set Value to set abovle field to
* @param array|string $id field name(s) to use in where clause
* @param array|string $value Value(s) to use in where clause
* @param string $return_page page to send user to when done with change
* @param boolean $supress_quotes whether or not to use single quotes in where clause
*
*/
function DB_change($table,$item_to_set,$value_to_set,$id='',$value='',$return_page='',$supress_quotes=false)
{
global $_DB,$_TABLES,$_CONF;
$_DB->dbChange($table,$item_to_set,$value_to_set,$id,$value,$supress_quotes);
if (!empty($return_page)) {
print COM_refresh("$return_page");
}
}
/**
* Count records in a table
*
* This will return the number of records which meet the given criteria in the
* given table.
*
* @param string $table Table to perform count on
* @param array|string $id field name(s) to use in where clause
* @param array|string $value Value(s) to use in where clause
* @return int Returns row count from generated SQL
*
*/
function DB_count($table,$id='',$value='')
{
global $_DB;
return $_DB->dbCount($table,$id,$value);
}
/**
* Copies a record from one table to another (can be the same table)
*
* This will use a REPLACE INTO...SELECT FROM to copy a record from one table
* to another table. They can be the same table.
*
* @param string $table Table to insert record into
* @param string $fields Comma delmited list of fields to copy over
* @param string $values Values to store in database field
* @param string $tablefrom Table to get record from
* @param array|string $id Field name(s) to use in where clause
* @param array|string $value Value(s) to use in where clause
* @param string $return_page Page to send user to when done
*
*/
function DB_copy($table,$fields,$values,$tablefrom,$id,$value,$return_page='')
{
global $_DB,$_TABLES,$_CONF;
$_DB->dbCopy($table,$fields,$values,$tablefrom,$id,$value);
if (!empty($return_page)) {
print COM_refresh("$return_page");
}
}
/**
* Retrieves the number of rows in a recordset
*
* This returns the number of rows in a recordset
*
* @param object $recordset The recordset to operate one
* @return int Returns number of rows returned by a previously executed query
*
*/
function DB_numRows($recordset)
{
global $_DB;
return $_DB->dbNumRows($recordset);
}
/**
* Retrieves the contents of a field
*
* This returns the contents of a field from a result set
*
* @param object $recordset The recordset to operate on
* @param int $row row to get data from
* @param string $field field to return
* @return (depends on the contents of the field)
*
*/
function DB_result($recordset,$row,$field)
{
global $_DB;
return $_DB->dbResult($recordset,$row,$field);
}
/**
* Retrieves the number of fields in a recordset
*
* This returns the number of fields in a recordset
*
* @param object $recordset The recordset to operate on
* @return int Returns the number fields in a result set
*
*/
function DB_numFields($recordset)
{
global $_DB;
return $_DB->dbNumFields($recordset);
}
/**
* Retrieves returns the field name for a field
*
* Returns the field name for a given field number
*
* @param object $recordset The recordset to operate on
* @param int $fnumber field number to return the name of
* @return string Returns name of specified field
*
*/
function DB_fieldName($recordset,$fnumber)
{
global $_DB;
return $_DB->dbFieldName($recordset,$fnumber);
}
/**
* Retrieves returns the number of effected rows for last query
*
* Retrieves returns the number of effected rows for last query
*
* @param object $recordset The recordset to operate on
* @return int returns numbe of rows affected by previously executed query
*
*/
function DB_affectedRows($recordset)
{
global $_DB;
return $_DB->dbAffectedRows($recordset);
}
/**
* Retrieves record from a recordset
*
* Gets the next record in a recordset and returns in array
*
* @param object $recordset The recordset to operate on
* @param boolean $both get both assoc and numeric indices
* @return Array Returns data for a record in an array
*
*/
function DB_fetchArray($recordset, $both = true)
{
global $_DB;
return $_DB->dbFetchArray($recordset, $both);
}
/**
* Returns the last ID inserted
*
* Returns the last auto_increment ID generated
*
* @param resources $link_identifier identifier for opened link
* @return int Returns the last ID auto-generated
*
*/
function DB_insertId($link_identifier = '')
{
global $_DB;
return $_DB->dbInsertId($link_identifier);
}
/**
* returns a database error string
*
* Returns an database error message
*
* @return string Returns database error message
*
*/
function DB_error()
{
global $_DB;
return $_DB->dbError();
}
/**
* Creates database structures for fresh installation
*
* This may not be used by Geeklog currently
*
* @return boolean returns true on success otherwise false
*
*/
function DB_createDatabaseStructures()
{
global $_DB;
return $_DB->dbCreateStructures();
}
/**
* Executes the sql upgrade script(s)
*
* @param string $current_gl_version version of geeklog to upgrade from
* @return boolean returns true on success otherwise false
*
*/
function DB_doDatabaseUpgrade($current_gl_version)
{
global $_DB;
return $_DB->dbDoDatabaseUpgrade($current_gl_version);
}
?>
Not really sure what I messed up with
I am currently strugglling with this modification you made. I have been working with it on and off for the last couple of weeks and can't seem to get it going.
Here is a link to the site: here
It all looks as though it's good to go but nothing happens once the info is filled in and submitted:
I have enabled the custom reg option to "true" in the GL config file.
Looks like the new table (gl_localuserinfo) was created successfully.
Most of the directions seemed pretty strraight forward.
I added the edited theme files as described for users and preferences. I aslo created the "custom" directory as described.
The only thing that I felt was a little ambigous was how to edit the System/lib-custom file. I am pasting my edited lib-custom bellow:
Text Formatted Code
<?php
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
// | Geeklog 1.3 |
// +---------------------------------------------------------------------------+
// | lib-custom.php |
// | Your very own custom Geeklog library. |
// | |
// | This is the file where you should put all of your custom code. When |
// | possible you should not alter lib-common.php but, instead, put code here. |
// | This will make upgrading to future versions of Geeklog easier for you |
// | because you will always be gauranteed that the Geeklog developers will |
// | NOT add code to this file. NOTE: we have already gone through the trouble |
// | of making sure that we always include this file when lib-common.php is |
// | included some place so you will have access to lib-common.php. It |
// | follows then that you should not include lib-common.php in this file |
// | |
// +---------------------------------------------------------------------------+
// | Copyright (C) 2000-2005 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
// | Blaine Lang - blaine AT portalparts DOT com |
// | Dirk Haun - dirk AT haun-online DOT de |
// +---------------------------------------------------------------------------+
// | |
// | This program is free software; you can redistribute it and/or |
// | modify it under the terms of the GNU General Public License |
// | as published by the Free Software Foundation; either version 2 |
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
//
// $Id: lib-custom.php,v 1.11.2.1 2005/10/03 09:24:36 dhaun Exp $
// You can use this global variable to print useful messages to the errorlog
// using COM_errorLog(). To see an example of how to do this, look in
// lib-common.php and see how $_COM_VERBOSE was used throughout the code
$_CST_VERBOSE = false;
/**
* Sample PHP Block function
*
* this is a sample function used by a PHP block. This will show the rights that
* a user has in the "What you have access to" block.
*
*/
function phpblock_showrights()
{
global $_RIGHTS, $_CST_VERBOSE;
if ($_CST_VERBOSE) {
COM_errorLog('**** Inside phpblock_showrights in lib-custom.php ****', 1);
}
$retval .= ' ';
for ($i = 0; $i < count($_RIGHTS); $i++) {
$retval .= '<li>' . $_RIGHTS[$i] . '</li>' . LB;
}
if ($_CST_VERBOSE) {
COM_errorLog('**** Leaving phpblock_showrights in lib-custom.php ****', 1);
}
return $retval;
}
/***
*
* Get Bent()
*
* Php function to tell you how if your site is grossly insecure
*
**/
function phpblock_getBent()
{
global $_CONF, $_TABLES;
$secure = true;
$retval = '';
$secure_msg = 'Could not find any gross insecurities in your site. Do not take this ';
$secure_msg .= 'as meaning your site is 100% secure, as no site ever is. I can only ';
$secure_msg .= 'check things that should be blatantly obvious.';
$insecure_msg = '';
// we don't have the path to the admin directory, so try to figure it out
// from $_CONF['site_admin_url']
$adminurl = $_CONF['site_admin_url'];
if (strrpos ($adminurl, '/') == strlen ($adminurl)) {
$adminurl = substr ($adminurl, 0, -1);
}
$pos = strrpos ($adminurl, '/');
if ($pos === false) {
// only guessing ...
$installdir = $_CONF['path_html'] . 'admin/install';
} else {
$installdir = $_CONF['path_html'] . substr ($adminurl, $pos + 1)
. '/install';
}
if (is_dir ($installdir)) {
$insecure_msg .= '<p>You should really remove the install directory <b>' . $installdir .'</b> once you have your site up and running without any errors.';
$insecure_msg .= ' Keeping it around would allow malicious users the ability to destroy your current install, take over your site, or retrieve sensitive information.';
$secure = false;
}
// check to see if any account still has 'password' as its password.
$count = DB_query("select count(*) as count from {$_TABLES['users']} where passwd='" . md5('password') . "'");
$A = DB_fetchArray($count);
if ( $A['count'] > 0 ) {
$secure = false;
$insecure_msg .= '<p>You still have not changed the default password from "password" on ' . $A['count'] . ' account(s). ';
$insecure_msg .= 'This will allow people to do serious harm to your site!';
}
if ($secure) {
$retval = $secure_msg;
} else {
$retval = $insecure_msg;
}
$retval = wordwrap($retval,20,' ',1);
return $retval;
}
/* Sample Custom Member Functions to create and update Custom Membership registration and profile
Note1: Enable CustomRegistration Feature in config.php
$_CONF['custom_registration'] = true; // Set to true if you have custom code
Note2: This example requries a template file called memberdetail.thtml to be
located under the theme_dir/custom directory.
Sample is provided under /system with the distribution.
Functions have been provided that are called from the Core Geeklog user and admin functions
- This works with User Moderation as well
- Admin will see the new registration info when checking a members profile only
- All other users will see the standard User profile with the optional extended custom information
- Customization requires changes to a few of the core template files to add {customfields} variable
- See notes below in the custom function about the template changes
*/
/* Create any new records in additional tables you may have added */
/* Update any fields in the core GL tables for this user as needed */
/* Called when user is first created */
function custom_usercreate($uid) {
global $_TABLES;
$grad_year = COM_applyFilter($_POST['cust_gradyear'],true);
$fullname = COM_applyFilter($_POST['cust_fullname']);
// Ensure all data is prepared correctly before inserts, quotes may need to be escaped with addslashes()
DB_query("INSERT INTO {$_TABLES['localuserinfo']} (uid,grad_year) VALUES ('$uid', '$grad_year')");
DB_query("UPDATE {$_TABLES['users']} SET fullname = '$fullname' WHERE uid='$uid'");
return true;
}
// Delete user record from custom user info table
function custom_userdelete($uid) {
global $_TABLES;
DB_query("DELETE FROM {$_TABLES['localuserinfo']} WHERE uid='$uid'");
return true;
}
/* Called from users.php - when user is displaying a member profile */
/* This function can now return any extra fields that need to be shown */
/* Output is then replaced in {customfields) -- This variable needs to be added to your templates */
/* Template: path_layout/users/profile/profile.thtml */
function custom_userdisplay($uid) {
global $_CONF,$_TABLES;
$grad_year = DB_getItem($_TABLES['localuserinfo'], "grad_year", "uid='$uid'");
$fullname = DB_getItem($_TABLES['users'], "fullname", "uid='$uid'");
$retval .= '<tr>
<td align="right"><b>Full Name:</b></td>
<td>' . $fullname .'</td>
</tr>';
$retval .= '<tr>
<td align="right"><b>Graduation Year:</b></td>
<td>' . $grad_year .'</td>
</tr>';
return $retval;
}
/* Function called when editing user profile. */
/* Called from usersettings.php - when user is eding their own profile */
/* and from admin/user.php when admin is editing a member profile */
/* This function can now return any extra fields that need to be shown for editing */
/* Output is then replaced in {customfields} -- This variable needs to be added to your templates */
/* User: path_layout/preferences/profile.thtml and Admin: path_layout/admin/user/edituser.thtml */
/* This example shows adding the Cookie Timeout setting and extra text field */
/* As noted: You need to add the {customfields} template variable. */
/* For the edituser.thtml - maybe it would be added about the {group_edit} variable. */
function custom_useredit($uid) {
global $_TABLES,$_CONF;
$grad_year = DB_getItem($_TABLES['localuserinfo'], "grad_year", "uid='$uid'");
$fullname = DB_getItem($_TABLES['users'], "fullname", "uid='$uid'");
$retval .= '<tr>
<td align="right"><b>Full Name:</b></td>
<td><input type="text" name="cust_fullname" size="50" value="' . $fullname .'"></td>
</tr>';
$retval .= '<tr>
<td align="right"><b>Graduation Year:</b></td>
<td><input type="text" name="cust_gradyear" size="5" maxlength="4" value="' . $grad_year .'"></td>
</tr>';
$retval .= '<tr><td colspan="2"><hr></td></tr>';
return $retval;
}
/* Function called when saving the user profile. */
/* This function can now update any extra fields */
function custom_usersave($uid) {
global $_TABLES;
$grad_year = COM_applyFilter($_POST['cust_gradyear'],true);
$fullname = COM_applyFilter($_POST['fullname']);
DB_query("UPDATE {$_TABLES['users']} SET fullname='$fullname' WHERE uid='$uid'");
if ($grad_year > 0) {
DB_query("UPDATE {$_TABLES['localuserinfo']} SET grad_year='$grad_year' WHERE uid='$uid'");
}
}
/**
* Main Form used for Custom membership when member is registering
*
* Note: Requires a file custom/memberdetail.thtml in every theme that is
* installed on the site!
*
* @param string $msg an error message to display or the word 'new'
* @return string HTML for the registration form
*
*/
function custom_userform($uid="",$msg="") {
global $_CONF,$_TABLES, $LANG04;
if (!empty($msg)) {
$retval .= COM_startBlock($LANG04[21]) . $msg . COM_endBlock();
}
$post_url = $_CONF['site_url']."/users.php";
$postmode = "create";
$submitbutton = '<input type="submit" value="Register Now!">';
$passwd_input = "";
$message = "<br><font color=black><b>Please complete the application below. Once you have completed the application, click the Submit button and the application will be processed immediately.</b></font>";
$A=array();
$user_templates = new Template ($_CONF['path_layout'] . 'custom');
$user_templates->set_file('memberdetail', 'memberdetail.thtml');
$user_templates->set_var('layout_url', $_CONF['layout_url']);
$user_templates->set_var('post_url', $post_url);
$user_templates->set_var('startblock', COM_startBlock("Custom Registration Example"));
$user_templates->set_var('message', $message);
$user_templates->set_var('USERNAME', "Username");
$user_templates->set_var('USERNAME_HELP', "Name to be used when accessing this site");
$user_templates->set_var('username', $A['username']);
$user_templates->set_var('passwd_input', $passwd_input);
$user_templates->set_var('EMAIL', "Email Address");
$user_templates->set_var('EMAIL_HELP', "Valid email address");
$user_templates->set_var('email', $A['email']);
$user_templates->set_var('FULLNAME', "Full Name");
$user_templates->set_var('FULLNAME_HELP', "First and Last Name");
$user_templates->set_var('fullname', $A['fullname']);
$user_templates->set_var('GRADYEAR', "Graduation Year");
$user_templates->set_var('GRADYEAR_HELP', "That big year!");
$user_templates->set_var('grad_year', "");
$user_templates->set_var('user_id', $user);
$user_templates->set_var('postmode', $postmode);
$user_templates->set_var('submitbutton', $submitbutton);
$user_templates->set_var('endblock', COM_endBlock());
$user_templates->parse('output', 'memberdetail');
$retval .= $user_templates->finish($user_templates->get_var('output'));
return $retval;
}
/**
* Check if it's okay to create a new user.
*
* Geeklog is about to create a new user with the given username and email
* address. This is the custom code's last chance to prevent that,
* e.g. to check if all required data has been entered.
*
* @param string $username username that Geeklog would use for the new user* @param string $email email address of that user
* @return string an error message or an empty string for "OK"
*
*/
function custom_usercheck ($username, $email)
{
$msg = '';
// Example, check that the full name has been entered
// and complain if it's missing
if (empty ($_POST['fullname'])) {
$msg = 'Please enter your full name!';
}
return $msg;
}
/**
* Custom function to retrieve and return a formatted list of blocks
* Can be used when calling COM_siteHeader or COM_SiteFooter
* Example:
* 1: Setup an array of blocks to display
* 2: Call COM_siteHeader or COM_siteFooter
*
* $myblocks = array ('site_menu','site_news','poll_block');
* COM_siteHeader( array('COM_showCustomBlocks',$myblocks) ) ;
* COM_siteFooter( true, array('COM_showCustomBlocks',$myblocks));
* @param array $showblocks An array of block names to retrieve and format
* @return string Formated HTML containing site footer and optionally right blocks
*/
function custom_showBlocks($showblocks)
{
global $_CONF, $_TABLES;
$retval = '';
foreach($showblocks as $block) {
$sql = "SELECT bid, name,type,title,content,rdfurl,phpblockfn,help FROM {$_TABLES['blocks']} WHERE name='$block'";
$result = DB_query($sql);
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
$retval .= COM_formatBlock($A);
}
}
return $retval;
}
/**
* This is an example of a custom email function. When this function is NOT
* commented out, Geeklog would send all emails through this function
* instead of sending them through COM_mail in lib-common.php.
*
* This is basically a re-implementation of the way emails were sent
* prior to Geeklog 1.3.9 (Geeklog uses PEAR::Mail as of version 1.3.9).
*
*/
/*
function CUSTOM_mail($to, $subject, $message, $from = '', $html = false, $priority = 0)
{
global $_CONF, $LANG_CHARSET;
if (empty ($LANG_CHARSET)) {
$charset = $_CONF['default_charset'];
if (empty ($charset)) {
$charset = 'iso-8859-1';
}
} else {
$charset = $LANG_CHARSET;
}
if (empty ($from)) {
$from = $_CONF['site_name'] . ' <' . $_CONF['site_mail'] . '>';
}
$headers = 'From: ' . $from . "rn"
. 'X-Mailer: Geeklog ' . VERSION . "rn";
if ($priority > 0) {
$headers .= 'X-Priority: ' . $priority . "rn";
}
if ($html) {
$headers .= "Content-Type: text/html; charset={$charset}rn"
. 'Content-Transfer-Encoding: 8bit';
} else {
$headers .= "Content-Type: text/plain; charset={$charset}";
}
return mail ($to, $subject, $message, $headers);
}
*/
/**
* This is an example of a function that returns menu entries to be used for
* the 'custom' entry in $_CONF['menu_elements'] (see config.php).
*
*/
/*
function CUSTOM_menuEntries ()
{
global $_CONF, $_USER;
$myentries = array ();
// Sample link #1: Link to Gallery
$myentries[] = array ('url' => $_CONF['site_url'] . '/gallery/',
'label' => 'Gallery');
// Sample link #2: Link to the Personal Calendar - only visible for
// logged-in users
if (!empty ($_USER['uid']) && ($_USER['uid'] > 1)) {
$myentries[] = array ('url' => $_CONF['site_url']
. '/calendar.php?mode=personal',
'label' => 'My Calendar');
}
return $myentries;
}
*/
?>
Let me say that I do not know PHP or MYsql but I am learning it at snails pace:
THis is my Lib-database.php file:
Text Formatted Code
<?php
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
// | Geeklog 1.3 |
// +---------------------------------------------------------------------------+
// | lib-database.php |
// | |
// | Geeklog database library. |
// +---------------------------------------------------------------------------+
// | Copyright (C) 2000-2004 by the following authors: |
// | |
// | Authors: Tony Bibbs, tony@tonybibbs.com |
// +---------------------------------------------------------------------------+
// | |
// | This program is free software; you can redistribute it and/or |
// | modify it under the terms of the GNU General Public License |
// | as published by the Free Software Foundation; either version 2 |
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
//
// $Id: lib-database.php,v 1.33 2004/11/20 17:55:07 dhaun Exp $
/**
* This is the high-level database layer for Geeklog (for the low-level stuff,
* see the system/databases directory).
*
* NOTE: As of Geeklog 1.3.5 you should not have to edit this file any more.
*/
// +---------------------------------------------------------------------------+
// | Table definitions, these are used by the install program to create the |
// | database schema. If you don't like the tables names, change them PRIOR |
// | to running the install after running the install program DO NOT TOUCH |
// | these. You have been warned! Also, these variables are used in the core |
// | Geeklog code |
// +---------------------------------------------------------------------------+
$_TABLES['access'] = $_DB_table_prefix . 'access';
$_TABLES['article_images'] = $_DB_table_prefix . 'article_images';
$_TABLES['blocks'] = $_DB_table_prefix . 'blocks';
$_TABLES['commentcodes'] = $_DB_table_prefix . 'commentcodes';
$_TABLES['commentmodes'] = $_DB_table_prefix . 'commentmodes';
$_TABLES['comments'] = $_DB_table_prefix . 'comments';
$_TABLES['cookiecodes'] = $_DB_table_prefix . 'cookiecodes';
$_TABLES['dateformats'] = $_DB_table_prefix . 'dateformats';
$_TABLES['events'] = $_DB_table_prefix . 'events';
$_TABLES['eventsubmission'] = $_DB_table_prefix . 'eventsubmission';
$_TABLES['featurecodes'] = $_DB_table_prefix . 'featurecodes';
$_TABLES['features'] = $_DB_table_prefix . 'features';
$_TABLES['frontpagecodes'] = $_DB_table_prefix . 'frontpagecodes';
$_TABLES['group_assignments'] = $_DB_table_prefix . 'group_assignments';
$_TABLES['groups'] = $_DB_table_prefix . 'groups';
$_TABLES['links'] = $_DB_table_prefix . 'links';
$_TABLES['linksubmission'] = $_DB_table_prefix . 'linksubmission';
$_TABLES['maillist'] = $_DB_table_prefix . 'maillist';
$_TABLES['personal_events'] = $_DB_table_prefix . 'personal_events';
$_TABLES['plugins'] = $_DB_table_prefix . 'plugins';
$_TABLES['pollanswers'] = $_DB_table_prefix . 'pollanswers';
$_TABLES['pollquestions'] = $_DB_table_prefix . 'pollquestions';
$_TABLES['pollvoters'] = $_DB_table_prefix . 'pollvoters';
$_TABLES['postmodes'] = $_DB_table_prefix . 'postmodes';
$_TABLES['sessions'] = $_DB_table_prefix . 'sessions';
$_TABLES['sortcodes'] = $_DB_table_prefix . 'sortcodes';
$_TABLES['speedlimit'] = $_DB_table_prefix . 'speedlimit';
$_TABLES['statuscodes'] = $_DB_table_prefix . 'statuscodes';
$_TABLES['stories'] = $_DB_table_prefix . 'stories';
$_TABLES['storysubmission'] = $_DB_table_prefix . 'storysubmission';
$_TABLES['syndication'] = $_DB_table_prefix . 'syndication';
$_TABLES['topics'] = $_DB_table_prefix . 'topics';
$_TABLES['tzcodes'] = $_DB_table_prefix . 'tzcodes';
$_TABLES['usercomment'] = $_DB_table_prefix . 'usercomment';
$_TABLES['userindex'] = $_DB_table_prefix . 'userindex';
$_TABLES['userinfo'] = $_DB_table_prefix . 'userinfo';
$_TABLES['userprefs'] = $_DB_table_prefix . 'userprefs';
$_TABLES['users'] = $_DB_table_prefix . 'users';
$_TABLES['vars'] = $_DB_table_prefix . 'vars';
$_TABLES['localuserinfo'] = $_DB_table_prefix . 'localuserinfo';
// the static pages plugin has become an integral part of Geeklog anyway ...
$_TABLES['staticpage'] = $_DB_table_prefix . 'staticpage';
// ditto for spamx
$_TABLES['spamx'] = $_DB_table_prefix . 'spamx';
// these tables aren't used by Geeklog any more, but the table names are needed
// when upgrading from old versions
$_TABLES['commentspeedlimit'] = $_DB_table_prefix . 'commentspeedlimit';
$_TABLES['submitspeedlimit'] = $_DB_table_prefix . 'submitspeedlimit';
$_TABLES['userevent'] = $_DB_table_prefix . 'userevent';
// +---------------------------------------------------------------------------+
// | DO NOT TOUCH ANYTHING BELOW HERE |
// +---------------------------------------------------------------------------+
if (eregi ('lib-database.php', $HTTP_SERVER_VARS['PHP_SELF'])) {
die ('This file can not be used on its own.');
}
/**
* Include appropriate DBMS object
*
*/
require_once($_CONF['path_system'] . 'databases/'. $_DB_dbms . '.class.php');
// Instantiate the database object
$_DB = new database($_DB_host,$_DB_name,$_DB_user,$_DB_pass,'COM_errorLog');
// +---------------------------------------------------------------------------+
// | These are the library functions. In all cases they turn around and make |
// | calls to the DBMS specific functions. These ARE to be used directly in |
// | the code...do NOT use the $_DB methods directly
// +---------------------------------------------------------------------------+
/**
* Turns debug mode on for the database library
*
* Setting this to true will cause the database code to print out
* various debug messages. Setting it to false will supress the
* messages (is false by default). NOTE: Gl developers have put many
* useful debug messages into the mysql implementation of this. If
* you are using something other than MySQL and if the GL team did
* not write it then you may or may not get something useful by turning
* this on.
*
* @param boolean $flag true or false
*
*/
function DB_setdebug($flag)
{
global $_DB;
$_DB->setVerbose($flag);
}
/**
* Executes a query on the db server
*
* This executes the passed SQL and returns the recordset or errors out
*
* @param string $sql SQL to be executed
* @param int $ignore_errors If 1 this function supresses any error messages
* @return object Returns results from query
*
*/
function DB_query($sql, $ignore_errors=0)
{
global $_DB;
return $_DB->dbQuery($sql,$ignore_errors);
}
/**
* Saves information to the database
*
* This will use a REPLACE INTO to save a record into the
* database. NOTE: this function is going to change in the near future
* to remove dependency of REPLACE INTO. Please use DB_query if you can
*
* @param string $table The table to save to
* @param string $fields Comma demlimited list of fields to save
* @param string $values Values to save to the database table
* @param string $return_page URL to send user to when done
*
*/
function DB_save($table,$fields,$values,$return_page='')
{
global $_DB,$_TABLES,$_CONF;
$_DB->dbSave($table,$fields,$values);
if (!empty($return_page)) {
print COM_refresh("$return_page");
}
}
/**
* Deletes data from the database
*
* This will delete some data from the given table where id = value
*
* @param string $table Table to delete data from
* @param array|string $id field name(s) to use in where clause
* @param array|string $value value(s) to use in where clause
* @param string $return_page page to send user to when done
*
*/
function DB_delete($table,$id,$value,$return_page='')
{
global $_DB,$_TABLES,$_CONF;
$_DB->dbDelete($table,$id,$value);
if (!empty($return_page)) {
print COM_refresh("$return_page");
}
}
/**
* Gets a single item from the database
*
* @param string $table Table to get item from
* @param string $what field name to get
* @param string $selection Where clause to use in SQL
* @return mixed Returns value sought
*
*/
function DB_getItem($table,$what,$selection='')
{
if (!empty($selection)) {
$result = DB_query("SELECT $what FROM $table WHERE $selection");
} else {
$result = DB_query("SELECT $what FROM $table");
}
$ITEM = DB_fetchArray($result, true);
return $ITEM[0];
}
/**
* Changes records in a table
*
* This will change the data in the given table that meet the given criteria and will
* redirect user to another page if told to do so
*
* @param string $table Table to perform change on
* @param string $item_to_set field name to set
* @param string $value_to_set Value to set abovle field to
* @param array|string $id field name(s) to use in where clause
* @param array|string $value Value(s) to use in where clause
* @param string $return_page page to send user to when done with change
* @param boolean $supress_quotes whether or not to use single quotes in where clause
*
*/
function DB_change($table,$item_to_set,$value_to_set,$id='',$value='',$return_page='',$supress_quotes=false)
{
global $_DB,$_TABLES,$_CONF;
$_DB->dbChange($table,$item_to_set,$value_to_set,$id,$value,$supress_quotes);
if (!empty($return_page)) {
print COM_refresh("$return_page");
}
}
/**
* Count records in a table
*
* This will return the number of records which meet the given criteria in the
* given table.
*
* @param string $table Table to perform count on
* @param array|string $id field name(s) to use in where clause
* @param array|string $value Value(s) to use in where clause
* @return int Returns row count from generated SQL
*
*/
function DB_count($table,$id='',$value='')
{
global $_DB;
return $_DB->dbCount($table,$id,$value);
}
/**
* Copies a record from one table to another (can be the same table)
*
* This will use a REPLACE INTO...SELECT FROM to copy a record from one table
* to another table. They can be the same table.
*
* @param string $table Table to insert record into
* @param string $fields Comma delmited list of fields to copy over
* @param string $values Values to store in database field
* @param string $tablefrom Table to get record from
* @param array|string $id Field name(s) to use in where clause
* @param array|string $value Value(s) to use in where clause
* @param string $return_page Page to send user to when done
*
*/
function DB_copy($table,$fields,$values,$tablefrom,$id,$value,$return_page='')
{
global $_DB,$_TABLES,$_CONF;
$_DB->dbCopy($table,$fields,$values,$tablefrom,$id,$value);
if (!empty($return_page)) {
print COM_refresh("$return_page");
}
}
/**
* Retrieves the number of rows in a recordset
*
* This returns the number of rows in a recordset
*
* @param object $recordset The recordset to operate one
* @return int Returns number of rows returned by a previously executed query
*
*/
function DB_numRows($recordset)
{
global $_DB;
return $_DB->dbNumRows($recordset);
}
/**
* Retrieves the contents of a field
*
* This returns the contents of a field from a result set
*
* @param object $recordset The recordset to operate on
* @param int $row row to get data from
* @param string $field field to return
* @return (depends on the contents of the field)
*
*/
function DB_result($recordset,$row,$field)
{
global $_DB;
return $_DB->dbResult($recordset,$row,$field);
}
/**
* Retrieves the number of fields in a recordset
*
* This returns the number of fields in a recordset
*
* @param object $recordset The recordset to operate on
* @return int Returns the number fields in a result set
*
*/
function DB_numFields($recordset)
{
global $_DB;
return $_DB->dbNumFields($recordset);
}
/**
* Retrieves returns the field name for a field
*
* Returns the field name for a given field number
*
* @param object $recordset The recordset to operate on
* @param int $fnumber field number to return the name of
* @return string Returns name of specified field
*
*/
function DB_fieldName($recordset,$fnumber)
{
global $_DB;
return $_DB->dbFieldName($recordset,$fnumber);
}
/**
* Retrieves returns the number of effected rows for last query
*
* Retrieves returns the number of effected rows for last query
*
* @param object $recordset The recordset to operate on
* @return int returns numbe of rows affected by previously executed query
*
*/
function DB_affectedRows($recordset)
{
global $_DB;
return $_DB->dbAffectedRows($recordset);
}
/**
* Retrieves record from a recordset
*
* Gets the next record in a recordset and returns in array
*
* @param object $recordset The recordset to operate on
* @param boolean $both get both assoc and numeric indices
* @return Array Returns data for a record in an array
*
*/
function DB_fetchArray($recordset, $both = true)
{
global $_DB;
return $_DB->dbFetchArray($recordset, $both);
}
/**
* Returns the last ID inserted
*
* Returns the last auto_increment ID generated
*
* @param resources $link_identifier identifier for opened link
* @return int Returns the last ID auto-generated
*
*/
function DB_insertId($link_identifier = '')
{
global $_DB;
return $_DB->dbInsertId($link_identifier);
}
/**
* returns a database error string
*
* Returns an database error message
*
* @return string Returns database error message
*
*/
function DB_error()
{
global $_DB;
return $_DB->dbError();
}
/**
* Creates database structures for fresh installation
*
* This may not be used by Geeklog currently
*
* @return boolean returns true on success otherwise false
*
*/
function DB_createDatabaseStructures()
{
global $_DB;
return $_DB->dbCreateStructures();
}
/**
* Executes the sql upgrade script(s)
*
* @param string $current_gl_version version of geeklog to upgrade from
* @return boolean returns true on success otherwise false
*
*/
function DB_doDatabaseUpgrade($current_gl_version)
{
global $_DB;
return $_DB->dbDoDatabaseUpgrade($current_gl_version);
}
?>
Not really sure what I messed up with
43
42
Quote
Status: offline
Blaine
Forum User
Moderator
Registered: 07/16/02
Posts: 1232
Location:Canada
It does not appear your site is picking up the fact custom_registration is being enabled. Is this a upgraded site or a new GL 1.3.11 intallation?
On a new 1.3.11 site - if I enable the option and make no changes in lib-custom or add the required custom template - then I will see a theme related error "missing template" when I try to register a new user. So that will show and prove the setting is being detected.
Compare public_html/users.php - there are several places in the code in that file where it checks for the setting of $_CONF['custom_registration']
Geeklog components by PortalParts -- www.portalparts.com
On a new 1.3.11 site - if I enable the option and make no changes in lib-custom or add the required custom template - then I will see a theme related error "missing template" when I try to register a new user. So that will show and prove the setting is being detected.
Compare public_html/users.php - there are several places in the code in that file where it checks for the setting of $_CONF['custom_registration']
Geeklog components by PortalParts -- www.portalparts.com
46
63
Quote
Status: offline
jordydme
Forum User
Full Member
Registered: 11/03/05
Posts: 135
Blaine,
Thanks for getting back to me. This site of mine is a fresh install, not an upgrade. It is the latest 1.3 version, not the beta 1.4.
I am not knowledgable on PHP so some things you speak of seem a little vague to me.
This is waht I did. I replace the edited lib-custom.php with an original copy from the install files. I then temporarily changed the name of the "custom" directory that i created to something other than "custom" for the sake of this test. I left all other files that were edited for the custom registration in place. When I went to the site and clicked new user registration, I got this error:
Template Error: set_root: /home/jordydme/public_html/geeklog/layout/professional/custom is not a directory.
Halted.
Did I do what you described correctly? Does this varify thata the system is recognizing the custom reg setting in the config?
Wen you say:
What am I comparing it to?
Here is the users.php code:
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
// | Geeklog 1.3 |
// +---------------------------------------------------------------------------+
// | users.php |
// | |
// | User authentication module. |
// +---------------------------------------------------------------------------+
// | Copyright (C) 2000-2004 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony@tonybibbs.com |
// | Mark Limburg - mlimburg@users.sourceforge.net |
// | Jason Whittenburg - jwhitten@securitygeeks.com |
// | Dirk Haun - dirk@haun-online.de |
// +---------------------------------------------------------------------------+
// | |
// | This program is free software; you can redistribute it and/or |
// | modify it under the terms of the GNU General Public License |
// | as published by the Free Software Foundation; either version 2 |
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
//
// $Id: users.php,v 1.93.2.4 2005/10/03 09:24:36 dhaun Exp $
/**
* This file handles user authentication
*
* @author Tony Bibbs <tony@tonybibbs.com>
* @author Mark Limburg <mlimburg@users.sourceforge.net>
* @author Jason Whittenburg
*
*/
/**
* Geeklog common function library
*/
require_once ('lib-common.php');
require_once ($_CONF['path_system'] . 'lib-user.php');
$VERBOSE = false;
// Uncomment the line below if you need to debug the HTTP variables being passed
// to the script. This will sometimes cause errors but it will allow you to see
// the data being passed in a POST operation
// echo COM_debug($HTTP_POST_VARS);
/**
* Shows a profile for a user
*
* This grabs the user profile for a given user and displays it
*
* @param int $user User ID of profile to get
* @param int $msg Message to display (if != 0)
* @return string HTML for user profile page
*
*/
function userprofile ($user, $msg = 0)
{
global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG_LOGIN;
$retval = '';
if (empty ($_USER['username']) &&
(($_CONF['loginrequired'] == 1) || ($_CONF['profileloginrequired'] == 1))) {
$retval .= COM_siteHeader ('menu');
$retval .= COM_startBlock ($LANG_LOGIN[1], '',
COM_getBlockTemplate ('_msg_block', 'header'));
$login = new Template($_CONF['path_layout'] . 'submit');
$login->set_file (array ('login'=>'submitloginrequired.thtml'));
$login->set_var ('login_message', $LANG_LOGIN[2]);
$login->set_var ('site_url', $_CONF['site_url']);
$login->set_var ('lang_login', $LANG_LOGIN[3]);
$login->set_var ('lang_newuser', $LANG_LOGIN[4]);
$login->parse ('output', 'login');
$retval .= $login->finish ($login->get_var('output'));
$retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
$retval .= COM_siteFooter ();
return $retval;
}
$result = DB_query("SELECT username,fullname,regdate,homepage,about,location,pgpkey,photo FROM {$_TABLES['userinfo']},{$_TABLES["users"]} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = $user");
$nrows = DB_numRows($result);
if ($nrows == 0) { // no such user
return COM_refresh ($_CONF['site_url'] . '/index.php');
}
$A = DB_fetchArray($result);
$retval .= COM_siteHeader ('menu', $LANG04[1] . ' ' . $A['username']);
if ($msg > 0) {
$retval .= COM_showMessage ($msg);
}
// format date/time to user preference
$curtime = COM_getUserDateTimeFormat($A["regdate"]);
$A['regdate'] = $curtime[0];
$user_templates = new Template($_CONF['path_layout'] . 'users');
$user_templates->set_file(array('profile'=>'profile.thtml','row'=>'commentrow.thtml','strow'=>'storyrow.thtml'));
$user_templates->set_var('site_url', $_CONF['site_url']);
$user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $A['username']));
$user_templates->set_var('end_block', COM_endBlock());
$user_templates->set_var('lang_username', $LANG04[2]);
$user_templates->set_var('username', $A['username']);
if (!empty($A['photo']) AND $_CONF['allow_user_photo'] == 1) {
if (strstr ($_CONF['path_images'], $_CONF['path_html'])) {
$imgpath = substr ($_CONF['path_images'],
strlen ($_CONF['path_html']));
$user_templates->set_var ('user_photo', '<img src="'
. $_CONF['site_url'] . '/' . $imgpath . 'userphotos/'
. $A['photo'] . '" alt="">');
} else {
$user_templates->set_var ('user_photo', '<img src="' . $_CONF['site_url'] . '/getimage.php?mode=userphotos&image=' . $A['photo'] . '" alt="">');
}
} else {
$user_templates->set_var('user_photo','');
}
$user_templates->set_var('user_fullname', $A['fullname']);
$user_templates->set_var('lang_membersince', $LANG04[67]);
$user_templates->set_var('user_regdate', $A['regdate']);
$user_templates->set_var('lang_email', $LANG04[5]);
$user_templates->set_var('user_id', $user);
$user_templates->set_var('lang_sendemail', $LANG04[81]);
$user_templates->set_var('lang_homepage', $LANG04[6]);
$user_templates->set_var('user_homepage', COM_killJS ($A['homepage']));
$user_templates->set_var('lang_location', $LANG04[106]);
$user_templates->set_var('user_location', $A['location']);
$user_templates->set_var('lang_bio', $LANG04[7]);
$user_templates->set_var('user_bio', nl2br(stripslashes($A['about'])));
$user_templates->set_var('lang_pgpkey', $LANG04[8]);
$user_templates->set_var('user_pgp', nl2br($A['pgpkey']));
$user_templates->set_var('start_block_last10stories',
COM_startBlock($LANG04[82] . ' ' . $A['username']));
$user_templates->set_var('start_block_last10comments',
COM_startBlock($LANG04[10] . ' ' . $A['username']));
$user_templates->set_var('start_block_postingstats',
COM_startBlock($LANG04[83] . ' ' . $A['username']));
// for alternative layouts: use these as headlines instead of block titles
$user_templates->set_var('headline_last10stories', $LANG04[82]);
$user_templates->set_var('headline_last10comments', $LANG04[10]);
$user_templates->set_var('headline_postingstats', $LANG04[83]);
$result = DB_query ("SELECT tid FROM {$_TABLES['topics']}"
. COM_getPermSQL ());
$nrows = DB_numRows ($result);
$tids = array ();
for ($i = 0; $i < $nrows; $i++) {
$T = DB_fetchArray ($result);
$tids[] = $T['tid'];
}
$topics = "'" . implode ("','", $tids) . "'";
// list of last 10 stories by this user
if (sizeof ($tids) > 0) {
$sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ($topics))" . COM_getPermSQL ('AND');
$sql .= " ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$nrows = DB_numRows($result);
} else {
$nrows = 0;
}
if ($nrows > 0) {
for ($i = 1; $i <= $nrows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('row_number', $i . '.');
$articleUrl = COM_buildUrl ($_CONF['site_url']
. '/article.php?story=' . $C['sid']);
$user_templates->set_var ('article_url', $articleUrl);
$user_templates->set_var ('story_begin_href',
'<a href="' . $articleUrl . '">');
$C['title'] = str_replace ('$', '$', $C['title']);
$user_templates->set_var('story_title', stripslashes($C['title']));
$user_templates->set_var('story_end_href', '</a>');
$storytime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('story_date', $storytime[0]);
$user_templates->parse('story_row','strow',true);
}
} else {
$user_templates->set_var('story_row','<tr><td>' . $LANG01[37] . '</td></tr>');
}
// list of last 10 comments by this user
$sidArray = array();
if (sizeof ($tids) > 0) {
// first, get a list of all stories the current visitor has access to
$sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ($topics))" . COM_getPermSQL ('AND');
$result = DB_query($sql);
$numsids = DB_numRows($result);
for ($i = 1; $i <= $numsids; $i++) {
$S = DB_fetchArray ($result);
$sidArray[] = $S['sid'];
}
}
// add all polls the current visitor has access to
$sql = "SELECT qid FROM {$_TABLES['pollquestions']}" . COM_getPermSQL ();
$result = DB_query($sql);
$numqids = DB_numRows($result);
for ($i = 1; $i <= $numqids; $i++) {
$Q = DB_fetchArray ($result);
$sidArray[] = $Q['qid'];
}
$sidList = implode("', '",$sidArray);
$sidList = "'$sidList'";
// then, find all comments by the user in those stories and polls
$sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = $user)";
// SQL NOTE: Using a HAVING clause is usually faster than a where if the
// field is part of the select
// if (!empty ($sidList)) {
// $sql .= " AND (sid in ($sidList))";
// }
if (!empty ($sidList)) {
$sql .= " HAVING sid in ($sidList)";
}
$sql .= " ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
for ($i = 1; $i <= $nrows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('row_number', $i . '.');
$user_templates->set_var ('comment_begin_href',
'<a href="' . $_CONF['site_url'] .
'/comment.php?mode=view&cid=' . $C['cid']. '">');
$C['title'] = str_replace('$','$',$C['title']);
$user_templates->set_var('comment_title', stripslashes($C['title']));
$user_templates->set_var('comment_end_href', '</a>');
$commenttime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('comment_date', $commenttime[0]);
$user_templates->parse('comment_row','row',true);
}
} else {
$user_templates->set_var('comment_row','<tr><td>' . $LANG01[29] . '</td></tr>');
}
// posting stats for this user
$user_templates->set_var ('lang_number_stories', $LANG04[84]);
$sql = "SELECT count(*) AS count FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND');
$result = DB_query($sql);
$N = DB_fetchArray ($result);
$user_templates->set_var('number_stories', $N['count']);
$user_templates->set_var ('lang_number_comments', $LANG04[85]);
$sql = "SELECT count(*) AS count FROM {$_TABLES['comments']} WHERE (uid = $user)";
if (!empty ($sidList)) {
$sql .= " AND (sid in ($sidList))";
}
$result = DB_query($sql);
$N = DB_fetchArray ($result);
$user_templates->set_var('number_comments', $N['count']);
$user_templates->set_var ('lang_all_postings_by', $LANG04[86] . ' ' . $A['username']);
// Call custom registration function if enabled and exists
if ($_CONF['custom_registration'] AND (function_exists(custom_userdisplay)) ) {
$user_templates->set_var ('customfields', custom_userdisplay($user) );
}
PLG_profileVariablesDisplay ($user, $user_templates);
$user_templates->parse('output', 'profile');
$retval .= $user_templates->finish($user_templates->get_var('output'));
$retval .= PLG_profileBlocksDisplay ($user);
$retval .= COM_siteFooter ();
return $retval;
}
/**
* Emails password to a user
*
* This will email the given user their password.
*
* @param string $username Username for which to get and email password
* @param int $msg Message number of message to show when done
* @return string Optionally returns the HTML for the default form if the user info can't be found
*
*/
function emailpassword ($username, $msg = 0)
{
global $_CONF, $_TABLES, $LANG04;
$retval = '';
$username = addslashes ($username);
$result = DB_query ("SELECT uid,email FROM {$_TABLES['users']} WHERE username = '$username'");
$nrows = DB_numRows ($result);
if ($nrows == 1) {
$A = DB_fetchArray ($result);
if (($_CONF['usersubmission'] == 1) && USER_isQueued ($A['uid'])) {
return COM_refresh ($_CONF['site_url'] . '/index.php?msg=48');
}
USER_createAndSendPassword ($username, $A['email']);
if ($msg) {
$retval = COM_refresh ("{$_CONF['site_url']}/index.php?msg=$msg");
} else {
$retval = COM_refresh ("{$_CONF['site_url']}/index.php");
}
} else {
$retval = COM_siteHeader ('menu', $LANG04[17])
. defaultform ($LANG04[17])
. COM_siteFooter ();
}
return $retval;
}
/**
* User request for a new password - send email with a link and request id
*
* @param username string name of user who requested the new password
* @param msg int index of message to display (if any)
* @return string form or meta redirect
*
*/
function requestpassword ($username, $msg = 0)
{
global $_CONF, $_TABLES, $LANG04;
$result = DB_query ("SELECT uid,email,passwd FROM {$_TABLES['users']} WHERE username = '$username'");
$nrows = DB_numRows ($result);
if ($nrows == 1) {
$A = DB_fetchArray ($result);
if (($_CONF['usersubmission'] == 1) && ($A['passwd'] == md5 (''))) {
return COM_refresh ($_CONF['site_url'] . '/index.php?msg=48');
}
$reqid = substr (md5 (uniqid (rand (), 1)), 1, 16);
DB_change ($_TABLES['users'], 'pwrequestid', "$reqid",
'username', $username);
$mailtext = sprintf ($LANG04[88], $username);
$mailtext .= $_CONF['site_url'] . '/users.php?mode=newpwd&uid=' . $A['uid'] . '&rid=' . $reqid . "nn";
$mailtext .= $LANG04[89];
$mailtext .= "{$_CONF["site_name"]}n";
$mailtext .= "{$_CONF['site_url']}n";
$subject = $_CONF['site_name'] . ': ' . $LANG04[16];
COM_mail ($A['email'], $subject, $mailtext);
if ($msg) {
$retval .= COM_refresh ($_CONF['site_url'] . "/index.php?msg=$msg");
} else {
$retval .= COM_refresh ($_CONF['site_url'] . '/index.php');
}
COM_updateSpeedlimit ('password');
} else {
$retval .= COM_siteHeader ('menu')
. defaultform ($LANG04[17]) . COM_siteFooter ();
}
return $retval;
}
/**
* Display a form where the user can enter a new password.
*
* @param uid int user id
* @param requestid string request id for password change
* @return string new password form
*
*/
function newpasswordform ($uid, $requestid)
{
global $_CONF, $_TABLES, $LANG04;
$pwform = new Template ($_CONF['path_layout'] . 'users');
$pwform->set_file (array ('newpw' => 'newpassword.thtml'));
$pwform->set_var ('site_url', $_CONF['site_url']);
$pwform->set_var ('layout_url', $_CONF['layout_url']);
$pwform->set_var ('user_id', $uid);
$pwform->set_var ('user_name', DB_getItem ($_TABLES['users'], 'username',
"uid = '{$uid}'"));
$pwform->set_var ('request_id', $requestid);
$pwform->set_var ('lang_explain', $LANG04[90]);
$pwform->set_var ('lang_username', $LANG04[2]);
$pwform->set_var ('lang_newpassword', $LANG04[4]);
$pwform->set_var ('lang_setnewpwd', $LANG04[91]);
$retval = COM_startBlock ($LANG04[92]);
$retval .= $pwform->finish ($pwform->parse ('output', 'newpw'));
$retval .= COM_endBlock ();
return $retval;
}
/**
* Send an email notification when a new user registers with the site.
*
* @param username string User name of the new user
* @param email string Email address of the new user
* @param uid int User id of the new user
* @param queued bool true = user was added to user submission queue
*
*/
function sendNotification ($username, $email, $uid, $queued = false)
{
global $_CONF, $_TABLES, $LANG01, $LANG04, $LANG08, $LANG28, $LANG29;
$mailbody = "$LANG04[2]: $usernamen"
. "$LANG04[5]: $emailn"
. "$LANG28[14]: " . strftime ($_CONF['date']) . "nn";
if ($queued) {
$mailbody .= "$LANG01[10] <{$_CONF['site_admin_url']}/moderation.php>nn";
} else {
$mailbody .= "$LANG29[4] <{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}>nn";
}
$mailbody .= "n------------------------------n";
$mailbody .= "n$LANG08[34]n";
$mailbody .= "n------------------------------n";
$mailsubject = $_CONF['site_name'] . ' ' . $LANG29[40];
COM_mail ($_CONF['site_mail'], $mailsubject, $mailbody);
}
/**
* Creates a user
*
* Creates a user with the give username and email address
*
* @param string $username username to create user for
* @param string $email email address to assign to user
* @return string HTML for the form again if error occurs, otherwise nothing.
*
*/
function createuser($username,$email)
{
global $_CONF, $_TABLES, $LANG01, $LANG04;
$username = trim ($username);
$email = trim ($email);
if (COM_isEmail ($email) && !empty ($username)) {
$ucount = DB_count ($_TABLES['users'], 'username',
addslashes ($username));
$ecount = DB_count ($_TABLES['users'], 'email', addslashes ($email));
if ($ucount == 0 AND $ecount == 0) {
// For Geeklog, it would be okay to create this user now. But check
// with a custom userform first, if one exists.
if ($_CONF['custom_registration'] &&
function_exists ('custom_usercheck')) {
$msg = custom_usercheck ($username, $email);
if (!empty ($msg)) {
// no, it's not okay with the custom userform
$retval = COM_siteHeader ('menu')
. custom_userform ($msg)
. COM_siteFooter ();
return $retval;
}
}
$uid = USER_createAccount ($username, $email);
$queueUser = USER_isQueued ($uid);
if ($queueUser) {
$msg = 48;
} else {
emailpassword ($username, 1);
$msg = 1;
}
if (isset ($_CONF['notification']) &&
in_array ('user', $_CONF['notification'])) {
sendNotification ($username, $email, $uid, $queueUser);
}
return COM_refresh($_CONF['site_url'] . '/index.php?msg=' . $msg);
} else {
$retval .= COM_siteHeader ('Menu');
if ($_CONF['custom_registration'] &&
function_exists ('custom_userform')) {
$retval .= custom_userform ($LANG04[19]);
} else {
$retval .= newuserform ($LANG04[19]);
}
$retval .= COM_siteFooter ();
}
} else {
if (empty ($username)) {
$msg = $LANG01[32]; // invalid username
} else {
$msg = $LANG04[18]; // invalid email address
}
$retval .= COM_siteHeader ('menu');
if ($_CONF['custom_registration'] && function_exists(custom_userform)) {
$retval .= custom_userform ($msg);
} else {
$retval .= newuserform ($msg);
}
$retval .= COM_siteFooter();
}
return $retval;
}
/**
* Shows the user login form after failed attempts to either login or access a page
* requiring login.
*
* @return string HTML for login form
*
*/
function loginform ($hide_forgotpw_link = false)
{
global $_CONF, $LANG04;
$retval = '';
$user_templates = new Template ($_CONF['path_layout'] . 'users');
$user_templates->set_file('login', 'loginform.thtml');
$user_templates->set_var('site_url', $_CONF['site_url']);
$user_templates->set_var('start_block_loginagain', COM_startBlock($LANG04[65]));
$user_templates->set_var('lang_message', $LANG04[66]);
$user_templates->set_var('lang_username', $LANG04[2]);
$user_templates->set_var('lang_password', $LANG04[4]);
if ($hide_forgotpw_link) {
$user_templates->set_var('lang_forgetpassword', '');
} else {
$user_templates->set_var('lang_forgetpassword', $LANG04[25]);
}
$user_templates->set_var('lang_login', $LANG04[80]);
$user_templates->set_var('end_block', COM_endBlock());
$user_templates->parse('output', 'login');
$retval .= $user_templates->finish($user_templates->get_var('output'));
return $retval;
}
/**
* Shows the user registration form
*
* @param int $msg message number to show
* @param string $referrer page to send user to after registration
* @return string HTML for user registration page
*/
function newuserform($msg = '')
{
global $LANG04, $_CONF;
$retval = '';
if (!empty ($msg)) {
$retval .= COM_startBlock ($LANG04[21], '',
COM_getBlockTemplate ('_msg_block', 'header'))
. $msg
. COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
}
$user_templates = new Template($_CONF['path_layout'] . 'users');
$user_templates->set_file('regform','registrationform.thtml');
$user_templates->set_var('site_url', $_CONF['site_url']);
$user_templates->set_var('start_block', COM_startBlock($LANG04[22]));
$user_templates->set_var('lang_instructions', $LANG04[23]);
$user_templates->set_var('lang_username', $LANG04[2]);
$user_templates->set_var('lang_email', $LANG04[5]);
$user_templates->set_var('lang_warning', $LANG04[24]);
$user_templates->set_var('lang_register', $LANG04[27]);
$user_templates->set_var('end_block', COM_endBlock());
$user_templates->parse('output', 'regform');
$retval .= $user_templates->finish($user_templates->get_var('output'));
return $retval;
}
/**
* Shows the password retrieval form
*
* @return string HTML for form used to retrieve user's password
*
*/
function getpasswordform()
{
global $_CONF, $LANG04;
$retval = '';
$user_templates = new Template($_CONF['path_layout'] . 'users');
$user_templates->set_file('form', 'getpasswordform.thtml');
$user_templates->set_var('site_url', $_CONF['site_url']);
$user_templates->set_var('start_block_forgetpassword', COM_startBlock($LANG04[25]));
$user_templates->set_var('lang_instructions', $LANG04[26]);
$user_templates->set_var('lang_username', $LANG04[2]);
$user_templates->set_var('lang_email', $LANG04[5]);
$user_templates->set_var('lang_emailpassword', $LANG04[28]);
$user_templates->set_var('end_block', COM_endBlock());
$user_templates->parse('output', 'form');
$retval .= $user_templates->finish($user_templates->get_var('output'));
return $retval;
}
/**
* Shows user their account info form
*
* @param string $msg message to display if one is needed
* @return string HTML for form
*
*/
function defaultform ($msg)
{
global $LANG04;
$retval = '';
if (!empty ($msg)) {
$retval .= COM_startBlock ($LANG04[21], '',
COM_getBlockTemplate ('_msg_block', 'header'))
. $msg
. COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
}
$retval .= loginform (true);
$retval .= newuserform ();
$retval .= getpasswordform ();
return $retval;
}
// MAIN
if (isset ($HTTP_POST_VARS['mode'])) {
$mode = $HTTP_POST_VARS['mode'];
}
elseif (isset ($HTTP_GET_VARS['mode'])) {
$mode = $HTTP_GET_VARS['mode'];
}
else {
$mode = "";
}
$display = '';
switch ($mode) {
case 'logout':
if (!empty ($_USER['uid']) AND $_USER['uid'] > 1) {
SESS_endUserSession ($_USER['uid']);
PLG_logoutUser ($_USER['uid']);
}
setcookie ($_CONF['cookie_session'], '', time() - 10000,
$_CONF['cookie_path'], $_CONF['cookiedomain'],
$_CONF['cookiesecure']);
setcookie ($_CONF['cookie_name'], '', time() - 10000, $_CONF['cookie_path'],
$_CONF['cookiedomain'], $_CONF['cookiesecure']);
$display = COM_refresh($_CONF['site_url'] . '/index.php?msg=8');
break;
case 'profile':
$uid = COM_applyFilter ($HTTP_GET_VARS['uid'], true);
if (is_numeric ($uid) && ($uid > 0)) {
$msg = COM_applyFilter ($HTTP_GET_VARS['msg'], true);
$display .= userprofile ($uid, $msg);
} else {
$display .= COM_refresh ($_CONF['site_url'] . '/index.php');
}
break;
case 'user':
$username = COM_applyFilter ($HTTP_GET_VARS['username']);
if (!empty ($username)) {
$username = addslashes ($username);
$uid = DB_getItem ($_TABLES['users'], 'uid', "username = '$username'");
if ($uid > 1) {
$display .= userprofile ($uid);
} else {
$display .= COM_refresh ($_CONF['site_url'] . '/index.php');
}
} else {
$display .= COM_refresh ($_CONF['site_url'] . '/index.php');
}
break;
case 'create':
$display .= createuser (COM_applyFilter ($HTTP_POST_VARS['username']),
COM_applyFilter ($HTTP_POST_VARS['email']));
break;
case 'getpassword':
$display .= COM_siteHeader ('menu');
if ($_CONF['passwordspeedlimit'] == 0) {
$_CONF['passwordspeedlimit'] = 300; // 5 minutes
}
COM_clearSpeedlimit ($_CONF['passwordspeedlimit'], 'password');
$last = COM_checkSpeedlimit ('password');
if ($last > 0) {
$display .= COM_startBlock ($LANG12[26], '',
COM_getBlockTemplate ('_msg_block', 'header'))
. sprintf ($LANG04[93], $last, $_CONF['passwordspeedlimit'])
. COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
} else {
$display .= getpasswordform ();
}
$display .= COM_siteFooter ();
break;
case 'newpwd':
$uid = COM_applyFilter ($HTTP_GET_VARS['uid'], true);
$reqid = COM_applyFilter ($HTTP_GET_VARS['rid']);
if (!empty ($uid) && is_numeric ($uid) && ($uid > 0) &&
!empty ($reqid) && (strlen ($reqid) == 16)) {
$valid = DB_count ($_TABLES['users'], array ('uid', 'pwrequestid'),
array ($uid, $reqid));
if ($valid == 1) {
$display .= COM_siteHeader ('menu');
$display .= newpasswordform ($uid, $reqid);
$display .= COM_siteFooter ();
} else { // request invalid or expired
$display .= COM_siteHeader ('menu');
$display .= COM_showMessage (54);
$display .= getpasswordform ();
$display .= COM_siteFooter ();
}
} else {
// this request doesn't make sense - ignore it
$display = COM_refresh ($_CONF['site_url']);
}
break;
case 'setnewpwd':
if (empty ($HTTP_POST_VARS['passwd'])) {
$display = COM_refresh ($_CONF['site_url']
. '/users.php?mode=newpwd&uid=' . $HTTP_POST_VARS['uid']
. '&rid=' . $HTTP_POST_VARS['rid']);
} else {
$uid = COM_applyFilter ($HTTP_POST_VARS['uid'], true);
$reqid = COM_applyFilter ($HTTP_POST_VARS['rid']);
if (!empty ($uid) && is_numeric ($uid) && ($uid > 0) &&
!empty ($reqid) && (strlen ($reqid) == 16)) {
$valid = DB_count ($_TABLES['users'], array ('uid', 'pwrequestid'),
array ($uid, $reqid));
if ($valid == 1) {
$passwd = md5 ($HTTP_POST_VARS['passwd']);
DB_change ($_TABLES['users'], 'passwd', "$passwd",
"uid", $uid);
DB_delete ($_TABLES['sessions'], 'uid', $uid);
DB_change ($_TABLES['users'], 'pwrequestid', "NULL",
'username', $username);
$display = COM_refresh ($_CONF['site_url'] . '/users.php?msg=53');
} else { // request invalid or expired
$display .= COM_siteHeader ('menu');
$display .= COM_showMessage (54);
$display .= getpasswordform ();
$display .= COM_siteFooter ();
}
} else {
// this request doesn't make sense - ignore it
$display = COM_refresh ($_CONF['site_url']);
}
}
break;
case 'emailpasswd':
if ($_CONF['passwordspeedlimit'] == 0) {
$_CONF['passwordspeedlimit'] = 300; // 5 minutes
}
COM_clearSpeedlimit ($_CONF['passwordspeedlimit'], 'password');
$last = COM_checkSpeedlimit ('password');
if ($last > 0) {
$display .= COM_siteHeader ('menu')
. COM_startBlock ($LANG12[26], '',
COM_getBlockTemplate ('_msg_block', 'header'))
. sprintf ($LANG04[93], $last, $_CONF['passwordspeedlimit'])
. COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'))
. COM_siteFooter ();
} else {
$username = COM_applyFilter ($HTTP_POST_VARS['username']);
$email = COM_applyFilter ($HTTP_POST_VARS['email']);
if (empty ($username) && !empty ($email)) {
$username = DB_getItem ($_TABLES['users'], 'username',
"email = '$email'");
}
if (!empty ($username)) {
$display .= requestpassword ($username, 55);
} else {
$display = COM_refresh ($_CONF['site_url']
. '/users.php?mode=getpassword');
}
}
break;
case 'new':
$display .= COM_siteHeader ('menu', $LANG04[22]);
// Call custom registration and account record create function
// if enabled and exists
if ($_CONF['custom_registration'] AND (function_exists('custom_userform'))) {
$display .= custom_userform('new');
} else {
$display .= newuserform();
}
$display .= COM_siteFooter();
break;
default:
// prevent dictionary attacks on passwords
if (!isset ($_CONF['login_speedlimit'])) {
$_CONF['login_speedlimit'] = 300;
}
if (!isset ($_CONF['login_attempts'])) {
$_CONF['login_attempts'] = 3;
}
COM_clearSpeedlimit ($_CONF['login_speedlimit'], 'login');
if (COM_checkSpeedlimit ('login', $_CONF['login_attempts']) > 0) {
if (empty ($LANG04[112])) {
$LANG04[112] = 'You have exceeded the number of allowed login attempts. Please try again later.';
}
$retval .= COM_siteHeader ()
. COM_startBlock ($LANG12[26], '',
COM_getBlockTemplate ('_msg_block', 'header'))
. $LANG04[112]
. COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'))
. COM_siteFooter ();
echo $retval;
exit();
}
if (isset ($HTTP_POST_VARS['loginname'])) {
$loginname = COM_applyFilter ($HTTP_POST_VARS['loginname']);
} else {
$loginname = COM_applyFilter ($HTTP_GET_VARS['loginname']);
}
if (isset ($HTTP_POST_VARS['passwd'])) {
$passwd = COM_applyFilter ($HTTP_POST_VARS['passwd']);
}
if (!empty($loginname) && !empty($passwd)) {
$mypasswd = COM_getPassword($loginname);
} else {
srand((double)microtime()*1000000);
$mypasswd = rand();
}
if (!empty ($passwd) && !empty ($mypasswd) && ($mypasswd == md5($passwd))) {
DB_change($_TABLES['users'],'pwrequestid',"NULL",'username',$loginname);
$userdata = SESS_getUserData($loginname);
$_USER=$userdata;
$sessid = SESS_newSession($_USER['uid'], $HTTP_SERVER_VARS['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
PLG_loginUser ($_USER['uid']);
// Now that we handled session cookies, handle longterm cookie
if (!isset($HTTP_COOKIE_VARS[$_CONF['cookie_name']]) || !isset($HTTP_COOKIE_VARS['password'])) {
// Either their cookie expired or they are new
$cooktime = COM_getUserCookieTimeout();
if ($VERBOSE) {
COM_errorLog("Trying to set permanent cookie with time of $cooktime",1);
}
if ($cooktime > 0) {
// They want their cookie to persist for some amount of time so set it now
if ($VERBOSE) {
COM_errorLog('Trying to set permanent cookie',1);
}
setcookie ($_CONF['cookie_name'], $_USER['uid'],
time() + $cooktime, $_CONF['cookie_path'],
$_CONF['cookiedomain'], $_CONF['cookiesecure']);
setcookie ($_CONF['cookie_password'], md5 ($passwd),
time() + $cooktime, $_CONF['cookie_path'],
$_CONF['cookiedomain'], $_CONF['cookiesecure']);
}
} else {
$userid = $HTTP_COOKIE_VARS[$_CONF['cookie_name']];
if (empty ($userid) || ($userid == 'deleted')) {
unset ($userid);
} else {
if ($VERBOSE) {
COM_errorLog('NOW trying to set permanent cookie',1);
COM_errorLog('Got '.$userid.' from perm cookie in users.php',1);
}
if ($userid) {
$user_logged_in = 1;
// Create new session
$userdata = SESS_getUserDataFromId($userid);
$_USER = $userdata;
if ($VERBOSE) {
COM_errorLog('Got '.$_USER['username'].' for the username in user.php',1);
}
}
}
}
// Now that we have users data see if their theme cookie is set.
// If not set it
setcookie ($_CONF['cookie_theme'], $_USER['theme'], time() + 31536000,
$_CONF['cookie_path'], $_CONF['cookiedomain'],
$_CONF['cookiesecure']);
if (!empty ($HTTP_SERVER_VARS['HTTP_REFERER']) && (strstr ($HTTP_SERVER_VARS['HTTP_REFERER'], '/users.php') === false)) {
$indexMsg = $_CONF['site_url'] . '/index.php?msg=';
if (substr ($HTTP_SERVER_VARS['HTTP_REFERER'], 0, strlen ($indexMsg)) == $indexMsg) {
$display .= COM_refresh ($_CONF['site_url'] . '/index.php');
} else {
$display .= COM_refresh ($HTTP_SERVER_VARS['HTTP_REFERER']);
}
} else {
$display .= COM_refresh ($_CONF['site_url'] . '/index.php');
}
} else {
// On failed login attempt, update speed limit
COM_updateSpeedlimit ('login');
$display .= COM_siteHeader('menu');
if (isset ($HTTP_POST_VARS['msg'])) {
$msg = $HTTP_POST_VARS['msg'];
} else if (isset ($HTTP_GET_VARS['msg'])) {
$msg = $HTTP_GET_VARS['msg'];
} else {
$msg = 0;
}
if ($msg > 0) {
$display .= COM_showMessage($msg);
}
switch ($mode) {
case 'create':
// Got bad account info from registration process, show error
// message and display form again
if ($_CONF['custom_registration'] AND (function_exists(custom_userform))) {
$display .= custom_userform ('new');
} else {
$display .= newuserform ();
}
break;
default:
// check to see if this was the last allowed attempt
if (!isset ($_CONF['login_attempts'])) {
$_CONF['login_attempts'] = 3;
}
if (COM_checkSpeedlimit ('login', $_CONF['login_attempts']) > 0) {
if (empty ($LANG04[112])) {
$LANG04[112] = 'You have exceeded the number of allowed login attempts. Please try again later.';
}
$retval .= COM_siteHeader ()
. COM_startBlock ($LANG12[26], '',
COM_getBlockTemplate ('_msg_block', 'header'))
. $LANG04[112]
. COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'))
. COM_siteFooter ();
echo $retval;
exit ();
} else { // Show login form
$display .= loginform();
}
break;
}
$display .= COM_siteFooter();
}
break;
}
echo $display;
?>
Thnaks for helping,
Jordy
Thanks for getting back to me. This site of mine is a fresh install, not an upgrade. It is the latest 1.3 version, not the beta 1.4.
I am not knowledgable on PHP so some things you speak of seem a little vague to me.
This is waht I did. I replace the edited lib-custom.php with an original copy from the install files. I then temporarily changed the name of the "custom" directory that i created to something other than "custom" for the sake of this test. I left all other files that were edited for the custom registration in place. When I went to the site and clicked new user registration, I got this error:
Template Error: set_root: /home/jordydme/public_html/geeklog/layout/professional/custom is not a directory.
Halted.
Did I do what you described correctly? Does this varify thata the system is recognizing the custom reg setting in the config?
Wen you say:
Compare public_html/users.php
What am I comparing it to?
Here is the users.php code:
Text Formatted Code
<?php/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
// | Geeklog 1.3 |
// +---------------------------------------------------------------------------+
// | users.php |
// | |
// | User authentication module. |
// +---------------------------------------------------------------------------+
// | Copyright (C) 2000-2004 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony@tonybibbs.com |
// | Mark Limburg - mlimburg@users.sourceforge.net |
// | Jason Whittenburg - jwhitten@securitygeeks.com |
// | Dirk Haun - dirk@haun-online.de |
// +---------------------------------------------------------------------------+
// | |
// | This program is free software; you can redistribute it and/or |
// | modify it under the terms of the GNU General Public License |
// | as published by the Free Software Foundation; either version 2 |
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
//
// $Id: users.php,v 1.93.2.4 2005/10/03 09:24:36 dhaun Exp $
/**
* This file handles user authentication
*
* @author Tony Bibbs <tony@tonybibbs.com>
* @author Mark Limburg <mlimburg@users.sourceforge.net>
* @author Jason Whittenburg
*
*/
/**
* Geeklog common function library
*/
require_once ('lib-common.php');
require_once ($_CONF['path_system'] . 'lib-user.php');
$VERBOSE = false;
// Uncomment the line below if you need to debug the HTTP variables being passed
// to the script. This will sometimes cause errors but it will allow you to see
// the data being passed in a POST operation
// echo COM_debug($HTTP_POST_VARS);
/**
* Shows a profile for a user
*
* This grabs the user profile for a given user and displays it
*
* @param int $user User ID of profile to get
* @param int $msg Message to display (if != 0)
* @return string HTML for user profile page
*
*/
function userprofile ($user, $msg = 0)
{
global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG_LOGIN;
$retval = '';
if (empty ($_USER['username']) &&
(($_CONF['loginrequired'] == 1) || ($_CONF['profileloginrequired'] == 1))) {
$retval .= COM_siteHeader ('menu');
$retval .= COM_startBlock ($LANG_LOGIN[1], '',
COM_getBlockTemplate ('_msg_block', 'header'));
$login = new Template($_CONF['path_layout'] . 'submit');
$login->set_file (array ('login'=>'submitloginrequired.thtml'));
$login->set_var ('login_message', $LANG_LOGIN[2]);
$login->set_var ('site_url', $_CONF['site_url']);
$login->set_var ('lang_login', $LANG_LOGIN[3]);
$login->set_var ('lang_newuser', $LANG_LOGIN[4]);
$login->parse ('output', 'login');
$retval .= $login->finish ($login->get_var('output'));
$retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
$retval .= COM_siteFooter ();
return $retval;
}
$result = DB_query("SELECT username,fullname,regdate,homepage,about,location,pgpkey,photo FROM {$_TABLES['userinfo']},{$_TABLES["users"]} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = $user");
$nrows = DB_numRows($result);
if ($nrows == 0) { // no such user
return COM_refresh ($_CONF['site_url'] . '/index.php');
}
$A = DB_fetchArray($result);
$retval .= COM_siteHeader ('menu', $LANG04[1] . ' ' . $A['username']);
if ($msg > 0) {
$retval .= COM_showMessage ($msg);
}
// format date/time to user preference
$curtime = COM_getUserDateTimeFormat($A["regdate"]);
$A['regdate'] = $curtime[0];
$user_templates = new Template($_CONF['path_layout'] . 'users');
$user_templates->set_file(array('profile'=>'profile.thtml','row'=>'commentrow.thtml','strow'=>'storyrow.thtml'));
$user_templates->set_var('site_url', $_CONF['site_url']);
$user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $A['username']));
$user_templates->set_var('end_block', COM_endBlock());
$user_templates->set_var('lang_username', $LANG04[2]);
$user_templates->set_var('username', $A['username']);
if (!empty($A['photo']) AND $_CONF['allow_user_photo'] == 1) {
if (strstr ($_CONF['path_images'], $_CONF['path_html'])) {
$imgpath = substr ($_CONF['path_images'],
strlen ($_CONF['path_html']));
$user_templates->set_var ('user_photo', '<img src="'
. $_CONF['site_url'] . '/' . $imgpath . 'userphotos/'
. $A['photo'] . '" alt="">');
} else {
$user_templates->set_var ('user_photo', '<img src="' . $_CONF['site_url'] . '/getimage.php?mode=userphotos&image=' . $A['photo'] . '" alt="">');
}
} else {
$user_templates->set_var('user_photo','');
}
$user_templates->set_var('user_fullname', $A['fullname']);
$user_templates->set_var('lang_membersince', $LANG04[67]);
$user_templates->set_var('user_regdate', $A['regdate']);
$user_templates->set_var('lang_email', $LANG04[5]);
$user_templates->set_var('user_id', $user);
$user_templates->set_var('lang_sendemail', $LANG04[81]);
$user_templates->set_var('lang_homepage', $LANG04[6]);
$user_templates->set_var('user_homepage', COM_killJS ($A['homepage']));
$user_templates->set_var('lang_location', $LANG04[106]);
$user_templates->set_var('user_location', $A['location']);
$user_templates->set_var('lang_bio', $LANG04[7]);
$user_templates->set_var('user_bio', nl2br(stripslashes($A['about'])));
$user_templates->set_var('lang_pgpkey', $LANG04[8]);
$user_templates->set_var('user_pgp', nl2br($A['pgpkey']));
$user_templates->set_var('start_block_last10stories',
COM_startBlock($LANG04[82] . ' ' . $A['username']));
$user_templates->set_var('start_block_last10comments',
COM_startBlock($LANG04[10] . ' ' . $A['username']));
$user_templates->set_var('start_block_postingstats',
COM_startBlock($LANG04[83] . ' ' . $A['username']));
// for alternative layouts: use these as headlines instead of block titles
$user_templates->set_var('headline_last10stories', $LANG04[82]);
$user_templates->set_var('headline_last10comments', $LANG04[10]);
$user_templates->set_var('headline_postingstats', $LANG04[83]);
$result = DB_query ("SELECT tid FROM {$_TABLES['topics']}"
. COM_getPermSQL ());
$nrows = DB_numRows ($result);
$tids = array ();
for ($i = 0; $i < $nrows; $i++) {
$T = DB_fetchArray ($result);
$tids[] = $T['tid'];
}
$topics = "'" . implode ("','", $tids) . "'";
// list of last 10 stories by this user
if (sizeof ($tids) > 0) {
$sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ($topics))" . COM_getPermSQL ('AND');
$sql .= " ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$nrows = DB_numRows($result);
} else {
$nrows = 0;
}
if ($nrows > 0) {
for ($i = 1; $i <= $nrows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('row_number', $i . '.');
$articleUrl = COM_buildUrl ($_CONF['site_url']
. '/article.php?story=' . $C['sid']);
$user_templates->set_var ('article_url', $articleUrl);
$user_templates->set_var ('story_begin_href',
'<a href="' . $articleUrl . '">');
$C['title'] = str_replace ('$', '$', $C['title']);
$user_templates->set_var('story_title', stripslashes($C['title']));
$user_templates->set_var('story_end_href', '</a>');
$storytime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('story_date', $storytime[0]);
$user_templates->parse('story_row','strow',true);
}
} else {
$user_templates->set_var('story_row','<tr><td>' . $LANG01[37] . '</td></tr>');
}
// list of last 10 comments by this user
$sidArray = array();
if (sizeof ($tids) > 0) {
// first, get a list of all stories the current visitor has access to
$sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ($topics))" . COM_getPermSQL ('AND');
$result = DB_query($sql);
$numsids = DB_numRows($result);
for ($i = 1; $i <= $numsids; $i++) {
$S = DB_fetchArray ($result);
$sidArray[] = $S['sid'];
}
}
// add all polls the current visitor has access to
$sql = "SELECT qid FROM {$_TABLES['pollquestions']}" . COM_getPermSQL ();
$result = DB_query($sql);
$numqids = DB_numRows($result);
for ($i = 1; $i <= $numqids; $i++) {
$Q = DB_fetchArray ($result);
$sidArray[] = $Q['qid'];
}
$sidList = implode("', '",$sidArray);
$sidList = "'$sidList'";
// then, find all comments by the user in those stories and polls
$sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = $user)";
// SQL NOTE: Using a HAVING clause is usually faster than a where if the
// field is part of the select
// if (!empty ($sidList)) {
// $sql .= " AND (sid in ($sidList))";
// }
if (!empty ($sidList)) {
$sql .= " HAVING sid in ($sidList)";
}
$sql .= " ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
for ($i = 1; $i <= $nrows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('row_number', $i . '.');
$user_templates->set_var ('comment_begin_href',
'<a href="' . $_CONF['site_url'] .
'/comment.php?mode=view&cid=' . $C['cid']. '">');
$C['title'] = str_replace('$','$',$C['title']);
$user_templates->set_var('comment_title', stripslashes($C['title']));
$user_templates->set_var('comment_end_href', '</a>');
$commenttime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('comment_date', $commenttime[0]);
$user_templates->parse('comment_row','row',true);
}
} else {
$user_templates->set_var('comment_row','<tr><td>' . $LANG01[29] . '</td></tr>');
}
// posting stats for this user
$user_templates->set_var ('lang_number_stories', $LANG04[84]);
$sql = "SELECT count(*) AS count FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND');
$result = DB_query($sql);
$N = DB_fetchArray ($result);
$user_templates->set_var('number_stories', $N['count']);
$user_templates->set_var ('lang_number_comments', $LANG04[85]);
$sql = "SELECT count(*) AS count FROM {$_TABLES['comments']} WHERE (uid = $user)";
if (!empty ($sidList)) {
$sql .= " AND (sid in ($sidList))";
}
$result = DB_query($sql);
$N = DB_fetchArray ($result);
$user_templates->set_var('number_comments', $N['count']);
$user_templates->set_var ('lang_all_postings_by', $LANG04[86] . ' ' . $A['username']);
// Call custom registration function if enabled and exists
if ($_CONF['custom_registration'] AND (function_exists(custom_userdisplay)) ) {
$user_templates->set_var ('customfields', custom_userdisplay($user) );
}
PLG_profileVariablesDisplay ($user, $user_templates);
$user_templates->parse('output', 'profile');
$retval .= $user_templates->finish($user_templates->get_var('output'));
$retval .= PLG_profileBlocksDisplay ($user);
$retval .= COM_siteFooter ();
return $retval;
}
/**
* Emails password to a user
*
* This will email the given user their password.
*
* @param string $username Username for which to get and email password
* @param int $msg Message number of message to show when done
* @return string Optionally returns the HTML for the default form if the user info can't be found
*
*/
function emailpassword ($username, $msg = 0)
{
global $_CONF, $_TABLES, $LANG04;
$retval = '';
$username = addslashes ($username);
$result = DB_query ("SELECT uid,email FROM {$_TABLES['users']} WHERE username = '$username'");
$nrows = DB_numRows ($result);
if ($nrows == 1) {
$A = DB_fetchArray ($result);
if (($_CONF['usersubmission'] == 1) && USER_isQueued ($A['uid'])) {
return COM_refresh ($_CONF['site_url'] . '/index.php?msg=48');
}
USER_createAndSendPassword ($username, $A['email']);
if ($msg) {
$retval = COM_refresh ("{$_CONF['site_url']}/index.php?msg=$msg");
} else {
$retval = COM_refresh ("{$_CONF['site_url']}/index.php");
}
} else {
$retval = COM_siteHeader ('menu', $LANG04[17])
. defaultform ($LANG04[17])
. COM_siteFooter ();
}
return $retval;
}
/**
* User request for a new password - send email with a link and request id
*
* @param username string name of user who requested the new password
* @param msg int index of message to display (if any)
* @return string form or meta redirect
*
*/
function requestpassword ($username, $msg = 0)
{
global $_CONF, $_TABLES, $LANG04;
$result = DB_query ("SELECT uid,email,passwd FROM {$_TABLES['users']} WHERE username = '$username'");
$nrows = DB_numRows ($result);
if ($nrows == 1) {
$A = DB_fetchArray ($result);
if (($_CONF['usersubmission'] == 1) && ($A['passwd'] == md5 (''))) {
return COM_refresh ($_CONF['site_url'] . '/index.php?msg=48');
}
$reqid = substr (md5 (uniqid (rand (), 1)), 1, 16);
DB_change ($_TABLES['users'], 'pwrequestid', "$reqid",
'username', $username);
$mailtext = sprintf ($LANG04[88], $username);
$mailtext .= $_CONF['site_url'] . '/users.php?mode=newpwd&uid=' . $A['uid'] . '&rid=' . $reqid . "nn";
$mailtext .= $LANG04[89];
$mailtext .= "{$_CONF["site_name"]}n";
$mailtext .= "{$_CONF['site_url']}n";
$subject = $_CONF['site_name'] . ': ' . $LANG04[16];
COM_mail ($A['email'], $subject, $mailtext);
if ($msg) {
$retval .= COM_refresh ($_CONF['site_url'] . "/index.php?msg=$msg");
} else {
$retval .= COM_refresh ($_CONF['site_url'] . '/index.php');
}
COM_updateSpeedlimit ('password');
} else {
$retval .= COM_siteHeader ('menu')
. defaultform ($LANG04[17]) . COM_siteFooter ();
}
return $retval;
}
/**
* Display a form where the user can enter a new password.
*
* @param uid int user id
* @param requestid string request id for password change
* @return string new password form
*
*/
function newpasswordform ($uid, $requestid)
{
global $_CONF, $_TABLES, $LANG04;
$pwform = new Template ($_CONF['path_layout'] . 'users');
$pwform->set_file (array ('newpw' => 'newpassword.thtml'));
$pwform->set_var ('site_url', $_CONF['site_url']);
$pwform->set_var ('layout_url', $_CONF['layout_url']);
$pwform->set_var ('user_id', $uid);
$pwform->set_var ('user_name', DB_getItem ($_TABLES['users'], 'username',
"uid = '{$uid}'"));
$pwform->set_var ('request_id', $requestid);
$pwform->set_var ('lang_explain', $LANG04[90]);
$pwform->set_var ('lang_username', $LANG04[2]);
$pwform->set_var ('lang_newpassword', $LANG04[4]);
$pwform->set_var ('lang_setnewpwd', $LANG04[91]);
$retval = COM_startBlock ($LANG04[92]);
$retval .= $pwform->finish ($pwform->parse ('output', 'newpw'));
$retval .= COM_endBlock ();
return $retval;
}
/**
* Send an email notification when a new user registers with the site.
*
* @param username string User name of the new user
* @param email string Email address of the new user
* @param uid int User id of the new user
* @param queued bool true = user was added to user submission queue
*
*/
function sendNotification ($username, $email, $uid, $queued = false)
{
global $_CONF, $_TABLES, $LANG01, $LANG04, $LANG08, $LANG28, $LANG29;
$mailbody = "$LANG04[2]: $usernamen"
. "$LANG04[5]: $emailn"
. "$LANG28[14]: " . strftime ($_CONF['date']) . "nn";
if ($queued) {
$mailbody .= "$LANG01[10] <{$_CONF['site_admin_url']}/moderation.php>nn";
} else {
$mailbody .= "$LANG29[4] <{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}>nn";
}
$mailbody .= "n------------------------------n";
$mailbody .= "n$LANG08[34]n";
$mailbody .= "n------------------------------n";
$mailsubject = $_CONF['site_name'] . ' ' . $LANG29[40];
COM_mail ($_CONF['site_mail'], $mailsubject, $mailbody);
}
/**
* Creates a user
*
* Creates a user with the give username and email address
*
* @param string $username username to create user for
* @param string $email email address to assign to user
* @return string HTML for the form again if error occurs, otherwise nothing.
*
*/
function createuser($username,$email)
{
global $_CONF, $_TABLES, $LANG01, $LANG04;
$username = trim ($username);
$email = trim ($email);
if (COM_isEmail ($email) && !empty ($username)) {
$ucount = DB_count ($_TABLES['users'], 'username',
addslashes ($username));
$ecount = DB_count ($_TABLES['users'], 'email', addslashes ($email));
if ($ucount == 0 AND $ecount == 0) {
// For Geeklog, it would be okay to create this user now. But check
// with a custom userform first, if one exists.
if ($_CONF['custom_registration'] &&
function_exists ('custom_usercheck')) {
$msg = custom_usercheck ($username, $email);
if (!empty ($msg)) {
// no, it's not okay with the custom userform
$retval = COM_siteHeader ('menu')
. custom_userform ($msg)
. COM_siteFooter ();
return $retval;
}
}
$uid = USER_createAccount ($username, $email);
$queueUser = USER_isQueued ($uid);
if ($queueUser) {
$msg = 48;
} else {
emailpassword ($username, 1);
$msg = 1;
}
if (isset ($_CONF['notification']) &&
in_array ('user', $_CONF['notification'])) {
sendNotification ($username, $email, $uid, $queueUser);
}
return COM_refresh($_CONF['site_url'] . '/index.php?msg=' . $msg);
} else {
$retval .= COM_siteHeader ('Menu');
if ($_CONF['custom_registration'] &&
function_exists ('custom_userform')) {
$retval .= custom_userform ($LANG04[19]);
} else {
$retval .= newuserform ($LANG04[19]);
}
$retval .= COM_siteFooter ();
}
} else {
if (empty ($username)) {
$msg = $LANG01[32]; // invalid username
} else {
$msg = $LANG04[18]; // invalid email address
}
$retval .= COM_siteHeader ('menu');
if ($_CONF['custom_registration'] && function_exists(custom_userform)) {
$retval .= custom_userform ($msg);
} else {
$retval .= newuserform ($msg);
}
$retval .= COM_siteFooter();
}
return $retval;
}
/**
* Shows the user login form after failed attempts to either login or access a page
* requiring login.
*
* @return string HTML for login form
*
*/
function loginform ($hide_forgotpw_link = false)
{
global $_CONF, $LANG04;
$retval = '';
$user_templates = new Template ($_CONF['path_layout'] . 'users');
$user_templates->set_file('login', 'loginform.thtml');
$user_templates->set_var('site_url', $_CONF['site_url']);
$user_templates->set_var('start_block_loginagain', COM_startBlock($LANG04[65]));
$user_templates->set_var('lang_message', $LANG04[66]);
$user_templates->set_var('lang_username', $LANG04[2]);
$user_templates->set_var('lang_password', $LANG04[4]);
if ($hide_forgotpw_link) {
$user_templates->set_var('lang_forgetpassword', '');
} else {
$user_templates->set_var('lang_forgetpassword', $LANG04[25]);
}
$user_templates->set_var('lang_login', $LANG04[80]);
$user_templates->set_var('end_block', COM_endBlock());
$user_templates->parse('output', 'login');
$retval .= $user_templates->finish($user_templates->get_var('output'));
return $retval;
}
/**
* Shows the user registration form
*
* @param int $msg message number to show
* @param string $referrer page to send user to after registration
* @return string HTML for user registration page
*/
function newuserform($msg = '')
{
global $LANG04, $_CONF;
$retval = '';
if (!empty ($msg)) {
$retval .= COM_startBlock ($LANG04[21], '',
COM_getBlockTemplate ('_msg_block', 'header'))
. $msg
. COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
}
$user_templates = new Template($_CONF['path_layout'] . 'users');
$user_templates->set_file('regform','registrationform.thtml');
$user_templates->set_var('site_url', $_CONF['site_url']);
$user_templates->set_var('start_block', COM_startBlock($LANG04[22]));
$user_templates->set_var('lang_instructions', $LANG04[23]);
$user_templates->set_var('lang_username', $LANG04[2]);
$user_templates->set_var('lang_email', $LANG04[5]);
$user_templates->set_var('lang_warning', $LANG04[24]);
$user_templates->set_var('lang_register', $LANG04[27]);
$user_templates->set_var('end_block', COM_endBlock());
$user_templates->parse('output', 'regform');
$retval .= $user_templates->finish($user_templates->get_var('output'));
return $retval;
}
/**
* Shows the password retrieval form
*
* @return string HTML for form used to retrieve user's password
*
*/
function getpasswordform()
{
global $_CONF, $LANG04;
$retval = '';
$user_templates = new Template($_CONF['path_layout'] . 'users');
$user_templates->set_file('form', 'getpasswordform.thtml');
$user_templates->set_var('site_url', $_CONF['site_url']);
$user_templates->set_var('start_block_forgetpassword', COM_startBlock($LANG04[25]));
$user_templates->set_var('lang_instructions', $LANG04[26]);
$user_templates->set_var('lang_username', $LANG04[2]);
$user_templates->set_var('lang_email', $LANG04[5]);
$user_templates->set_var('lang_emailpassword', $LANG04[28]);
$user_templates->set_var('end_block', COM_endBlock());
$user_templates->parse('output', 'form');
$retval .= $user_templates->finish($user_templates->get_var('output'));
return $retval;
}
/**
* Shows user their account info form
*
* @param string $msg message to display if one is needed
* @return string HTML for form
*
*/
function defaultform ($msg)
{
global $LANG04;
$retval = '';
if (!empty ($msg)) {
$retval .= COM_startBlock ($LANG04[21], '',
COM_getBlockTemplate ('_msg_block', 'header'))
. $msg
. COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
}
$retval .= loginform (true);
$retval .= newuserform ();
$retval .= getpasswordform ();
return $retval;
}
// MAIN
if (isset ($HTTP_POST_VARS['mode'])) {
$mode = $HTTP_POST_VARS['mode'];
}
elseif (isset ($HTTP_GET_VARS['mode'])) {
$mode = $HTTP_GET_VARS['mode'];
}
else {
$mode = "";
}
$display = '';
switch ($mode) {
case 'logout':
if (!empty ($_USER['uid']) AND $_USER['uid'] > 1) {
SESS_endUserSession ($_USER['uid']);
PLG_logoutUser ($_USER['uid']);
}
setcookie ($_CONF['cookie_session'], '', time() - 10000,
$_CONF['cookie_path'], $_CONF['cookiedomain'],
$_CONF['cookiesecure']);
setcookie ($_CONF['cookie_name'], '', time() - 10000, $_CONF['cookie_path'],
$_CONF['cookiedomain'], $_CONF['cookiesecure']);
$display = COM_refresh($_CONF['site_url'] . '/index.php?msg=8');
break;
case 'profile':
$uid = COM_applyFilter ($HTTP_GET_VARS['uid'], true);
if (is_numeric ($uid) && ($uid > 0)) {
$msg = COM_applyFilter ($HTTP_GET_VARS['msg'], true);
$display .= userprofile ($uid, $msg);
} else {
$display .= COM_refresh ($_CONF['site_url'] . '/index.php');
}
break;
case 'user':
$username = COM_applyFilter ($HTTP_GET_VARS['username']);
if (!empty ($username)) {
$username = addslashes ($username);
$uid = DB_getItem ($_TABLES['users'], 'uid', "username = '$username'");
if ($uid > 1) {
$display .= userprofile ($uid);
} else {
$display .= COM_refresh ($_CONF['site_url'] . '/index.php');
}
} else {
$display .= COM_refresh ($_CONF['site_url'] . '/index.php');
}
break;
case 'create':
$display .= createuser (COM_applyFilter ($HTTP_POST_VARS['username']),
COM_applyFilter ($HTTP_POST_VARS['email']));
break;
case 'getpassword':
$display .= COM_siteHeader ('menu');
if ($_CONF['passwordspeedlimit'] == 0) {
$_CONF['passwordspeedlimit'] = 300; // 5 minutes
}
COM_clearSpeedlimit ($_CONF['passwordspeedlimit'], 'password');
$last = COM_checkSpeedlimit ('password');
if ($last > 0) {
$display .= COM_startBlock ($LANG12[26], '',
COM_getBlockTemplate ('_msg_block', 'header'))
. sprintf ($LANG04[93], $last, $_CONF['passwordspeedlimit'])
. COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
} else {
$display .= getpasswordform ();
}
$display .= COM_siteFooter ();
break;
case 'newpwd':
$uid = COM_applyFilter ($HTTP_GET_VARS['uid'], true);
$reqid = COM_applyFilter ($HTTP_GET_VARS['rid']);
if (!empty ($uid) && is_numeric ($uid) && ($uid > 0) &&
!empty ($reqid) && (strlen ($reqid) == 16)) {
$valid = DB_count ($_TABLES['users'], array ('uid', 'pwrequestid'),
array ($uid, $reqid));
if ($valid == 1) {
$display .= COM_siteHeader ('menu');
$display .= newpasswordform ($uid, $reqid);
$display .= COM_siteFooter ();
} else { // request invalid or expired
$display .= COM_siteHeader ('menu');
$display .= COM_showMessage (54);
$display .= getpasswordform ();
$display .= COM_siteFooter ();
}
} else {
// this request doesn't make sense - ignore it
$display = COM_refresh ($_CONF['site_url']);
}
break;
case 'setnewpwd':
if (empty ($HTTP_POST_VARS['passwd'])) {
$display = COM_refresh ($_CONF['site_url']
. '/users.php?mode=newpwd&uid=' . $HTTP_POST_VARS['uid']
. '&rid=' . $HTTP_POST_VARS['rid']);
} else {
$uid = COM_applyFilter ($HTTP_POST_VARS['uid'], true);
$reqid = COM_applyFilter ($HTTP_POST_VARS['rid']);
if (!empty ($uid) && is_numeric ($uid) && ($uid > 0) &&
!empty ($reqid) && (strlen ($reqid) == 16)) {
$valid = DB_count ($_TABLES['users'], array ('uid', 'pwrequestid'),
array ($uid, $reqid));
if ($valid == 1) {
$passwd = md5 ($HTTP_POST_VARS['passwd']);
DB_change ($_TABLES['users'], 'passwd', "$passwd",
"uid", $uid);
DB_delete ($_TABLES['sessions'], 'uid', $uid);
DB_change ($_TABLES['users'], 'pwrequestid', "NULL",
'username', $username);
$display = COM_refresh ($_CONF['site_url'] . '/users.php?msg=53');
} else { // request invalid or expired
$display .= COM_siteHeader ('menu');
$display .= COM_showMessage (54);
$display .= getpasswordform ();
$display .= COM_siteFooter ();
}
} else {
// this request doesn't make sense - ignore it
$display = COM_refresh ($_CONF['site_url']);
}
}
break;
case 'emailpasswd':
if ($_CONF['passwordspeedlimit'] == 0) {
$_CONF['passwordspeedlimit'] = 300; // 5 minutes
}
COM_clearSpeedlimit ($_CONF['passwordspeedlimit'], 'password');
$last = COM_checkSpeedlimit ('password');
if ($last > 0) {
$display .= COM_siteHeader ('menu')
. COM_startBlock ($LANG12[26], '',
COM_getBlockTemplate ('_msg_block', 'header'))
. sprintf ($LANG04[93], $last, $_CONF['passwordspeedlimit'])
. COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'))
. COM_siteFooter ();
} else {
$username = COM_applyFilter ($HTTP_POST_VARS['username']);
$email = COM_applyFilter ($HTTP_POST_VARS['email']);
if (empty ($username) && !empty ($email)) {
$username = DB_getItem ($_TABLES['users'], 'username',
"email = '$email'");
}
if (!empty ($username)) {
$display .= requestpassword ($username, 55);
} else {
$display = COM_refresh ($_CONF['site_url']
. '/users.php?mode=getpassword');
}
}
break;
case 'new':
$display .= COM_siteHeader ('menu', $LANG04[22]);
// Call custom registration and account record create function
// if enabled and exists
if ($_CONF['custom_registration'] AND (function_exists('custom_userform'))) {
$display .= custom_userform('new');
} else {
$display .= newuserform();
}
$display .= COM_siteFooter();
break;
default:
// prevent dictionary attacks on passwords
if (!isset ($_CONF['login_speedlimit'])) {
$_CONF['login_speedlimit'] = 300;
}
if (!isset ($_CONF['login_attempts'])) {
$_CONF['login_attempts'] = 3;
}
COM_clearSpeedlimit ($_CONF['login_speedlimit'], 'login');
if (COM_checkSpeedlimit ('login', $_CONF['login_attempts']) > 0) {
if (empty ($LANG04[112])) {
$LANG04[112] = 'You have exceeded the number of allowed login attempts. Please try again later.';
}
$retval .= COM_siteHeader ()
. COM_startBlock ($LANG12[26], '',
COM_getBlockTemplate ('_msg_block', 'header'))
. $LANG04[112]
. COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'))
. COM_siteFooter ();
echo $retval;
exit();
}
if (isset ($HTTP_POST_VARS['loginname'])) {
$loginname = COM_applyFilter ($HTTP_POST_VARS['loginname']);
} else {
$loginname = COM_applyFilter ($HTTP_GET_VARS['loginname']);
}
if (isset ($HTTP_POST_VARS['passwd'])) {
$passwd = COM_applyFilter ($HTTP_POST_VARS['passwd']);
}
if (!empty($loginname) && !empty($passwd)) {
$mypasswd = COM_getPassword($loginname);
} else {
srand((double)microtime()*1000000);
$mypasswd = rand();
}
if (!empty ($passwd) && !empty ($mypasswd) && ($mypasswd == md5($passwd))) {
DB_change($_TABLES['users'],'pwrequestid',"NULL",'username',$loginname);
$userdata = SESS_getUserData($loginname);
$_USER=$userdata;
$sessid = SESS_newSession($_USER['uid'], $HTTP_SERVER_VARS['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
PLG_loginUser ($_USER['uid']);
// Now that we handled session cookies, handle longterm cookie
if (!isset($HTTP_COOKIE_VARS[$_CONF['cookie_name']]) || !isset($HTTP_COOKIE_VARS['password'])) {
// Either their cookie expired or they are new
$cooktime = COM_getUserCookieTimeout();
if ($VERBOSE) {
COM_errorLog("Trying to set permanent cookie with time of $cooktime",1);
}
if ($cooktime > 0) {
// They want their cookie to persist for some amount of time so set it now
if ($VERBOSE) {
COM_errorLog('Trying to set permanent cookie',1);
}
setcookie ($_CONF['cookie_name'], $_USER['uid'],
time() + $cooktime, $_CONF['cookie_path'],
$_CONF['cookiedomain'], $_CONF['cookiesecure']);
setcookie ($_CONF['cookie_password'], md5 ($passwd),
time() + $cooktime, $_CONF['cookie_path'],
$_CONF['cookiedomain'], $_CONF['cookiesecure']);
}
} else {
$userid = $HTTP_COOKIE_VARS[$_CONF['cookie_name']];
if (empty ($userid) || ($userid == 'deleted')) {
unset ($userid);
} else {
if ($VERBOSE) {
COM_errorLog('NOW trying to set permanent cookie',1);
COM_errorLog('Got '.$userid.' from perm cookie in users.php',1);
}
if ($userid) {
$user_logged_in = 1;
// Create new session
$userdata = SESS_getUserDataFromId($userid);
$_USER = $userdata;
if ($VERBOSE) {
COM_errorLog('Got '.$_USER['username'].' for the username in user.php',1);
}
}
}
}
// Now that we have users data see if their theme cookie is set.
// If not set it
setcookie ($_CONF['cookie_theme'], $_USER['theme'], time() + 31536000,
$_CONF['cookie_path'], $_CONF['cookiedomain'],
$_CONF['cookiesecure']);
if (!empty ($HTTP_SERVER_VARS['HTTP_REFERER']) && (strstr ($HTTP_SERVER_VARS['HTTP_REFERER'], '/users.php') === false)) {
$indexMsg = $_CONF['site_url'] . '/index.php?msg=';
if (substr ($HTTP_SERVER_VARS['HTTP_REFERER'], 0, strlen ($indexMsg)) == $indexMsg) {
$display .= COM_refresh ($_CONF['site_url'] . '/index.php');
} else {
$display .= COM_refresh ($HTTP_SERVER_VARS['HTTP_REFERER']);
}
} else {
$display .= COM_refresh ($_CONF['site_url'] . '/index.php');
}
} else {
// On failed login attempt, update speed limit
COM_updateSpeedlimit ('login');
$display .= COM_siteHeader('menu');
if (isset ($HTTP_POST_VARS['msg'])) {
$msg = $HTTP_POST_VARS['msg'];
} else if (isset ($HTTP_GET_VARS['msg'])) {
$msg = $HTTP_GET_VARS['msg'];
} else {
$msg = 0;
}
if ($msg > 0) {
$display .= COM_showMessage($msg);
}
switch ($mode) {
case 'create':
// Got bad account info from registration process, show error
// message and display form again
if ($_CONF['custom_registration'] AND (function_exists(custom_userform))) {
$display .= custom_userform ('new');
} else {
$display .= newuserform ();
}
break;
default:
// check to see if this was the last allowed attempt
if (!isset ($_CONF['login_attempts'])) {
$_CONF['login_attempts'] = 3;
}
if (COM_checkSpeedlimit ('login', $_CONF['login_attempts']) > 0) {
if (empty ($LANG04[112])) {
$LANG04[112] = 'You have exceeded the number of allowed login attempts. Please try again later.';
}
$retval .= COM_siteHeader ()
. COM_startBlock ($LANG12[26], '',
COM_getBlockTemplate ('_msg_block', 'header'))
. $LANG04[112]
. COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'))
. COM_siteFooter ();
echo $retval;
exit ();
} else { // Show login form
$display .= loginform();
}
break;
}
$display .= COM_siteFooter();
}
break;
}
echo $display;
?>
Thnaks for helping,
Jordy
45
61
Quote
Page navigation
All times are EST. The time is now 10:05 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content