Welcome to Geeklog Friday, September 25 2020 @ 10:33 pm EDT

Geeklog Forums

CUSTOM registration and the usercheck function


earnest

Anonymous
Running Geeklog 1.4.1 My custom registration works well at user registration. But the user is able to go into his Account Settings AFTER registration, remove all the custom fields he entered, then resave his account. Geeklog doesn't go through the usercheck routine to make sure the data is there. Is there aNyone willing to help? I see the problem. In usersettings.php (the script that lets a user edit his account) there is this:
PHP Formatted Code
function saveuser($A)
{
...
        // Call custom registration save function if enabled and exists
        if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userSave'))) {
            CUSTOM_userSave($_USER['uid']);
        }
...
}
It is calling CUSTOM_usersave. Well, in my lib-custom.php, the CUSTOM_userSave function looks something like this:
PHP Formatted Code

function CUSTOM_usersave($uid)
{
    global $_TABLES;
    $firstname = COM_applyFilter($_POST['cust_firstname']);
    $lastname  = COM_applyFilter($_POST['cust_lastname']);
    $phone     = COM_applyFilter($_POST['cust_phone']);
etc., etc.,
    DB_query("UPDATE {$_TABLES['usersextended']} SET firstname='$firstname' WHERE uid='$uid'");
    DB_query("UPDATE {$_TABLES['usersextended']} SET lastname='$lastname' WHERE uid='$uid'");
    DB_query("UPDATE {$_TABLES['usersextended']} SET phone='$phone' WHERE uid='$uid'");
}
 
So we can see that we never check the use contents before saving. The reason it all works at registration is that users.php calls CUSTOM_usercheck to make sure the data is valid. My CUSTOM_usercheck look something like this:
PHP Formatted Code
/**
* Check if it's okay to create a new user.
*
* Geeklog is about to create a new user with the given username and email
* address. This is the custom code's last chance to prevent that,
* e.g. to check if all required data has been entered.
*
* @param    string  $username   username that Geeklog would use for the new user
* @param    string  $email      email address of that user
* @return   string              an error message or an empty string for "OK"
*
*/

function CUSTOM_usercheck ($username, $email) {
    $msg = '';

    // Check fields and complain if missing

    if (empty($_POST['cust_phone'])) {
        $msg = 'Please enter your home phone!';
    }
    if (empty($_POST['cust_lastname'])) {
        $msg = 'Please enter your last name!';
    }
    if (empty($_POST['cust_firstname'])) {
        $msg = 'Please enter your first name!';
    }
    return $msg;
}
OBVIOUSLY I AM MISSING SOMETHING? ANYONE KNOW WHAT IT IS?
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 29/08/05
Posts: 985
Quote by: earnest

OBVIOUSLY I AM MISSING SOMETHING? ANYONE KNOW WHAT IT IS?

No, you aren't missing anything. Geeklog is.

Try adding this to usersettings.php in the saveform() function. Search for the comment
// a quick spam check with the unfiltered field contents
and insert this before it. It might work, I haven't checked.
PHP Formatted Code
            if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
                $msg = CUSTOM_userCheck($username, $email);
                if (!empty($msg)) {
                    // no, it's not okay with the custom userform
                    return COM_refresh($_CONF['site_url']
                        . '/usersettings.php?mode=edit&msg=$msg');
                }
            }

    // a quick spam check with the unfiltered field contents
 
 Quote

earnest

Anonymous
Thanks a lot for your reply.

I actually tried this exact code and in exactly the place you described. The $msg from CUSTOM_usercheck does not display because the COM_refresh line expects a message number. CUSTOM_usercheck sends the message itself in $msg.

Otherwise, this code works, and I can tell it works by inserting an echo of the $msg variable - like this:

PHP Formatted Code
   if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
       $msg = CUSTOM_userCheck($username, $email);
       if (!empty($msg)) {
echo $msg;
           return COM_refresh($_CONF['site_url']
           . '/usersettings.php?mode=edit&msg=$msg');
       }
   }
 


I was hoping that the problem was with me, and that I would not have to alter the original code. Thanks very much for your help!
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 29/08/05
Posts: 985
Well, hopefully one of the Devs will come along and make a fix to the core code. This is a quick hack.

Replace the "COM_refresh" with:
PHP Formatted Code
        global $MESSAGE;
        $MESSAGE[9999] = $msg;
        $display .= COM_siteHeader('menu', $LANG04[16]);
        $display .= COM_showMessage(9999);
        $display .= edituser();
        $display .= COM_siteFooter();
        echo $display;
        exit;
 
 Quote

earnest

Anonymous
ah. I didn't know I could use 9999 as a generic code for all the messages. That is a nice and simple hack. Much better than what I did (which, though it worked, I won't mention further because it is too embarrassing Oops! ).

Thanks much!

-E
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 29/08/05
Posts: 985
It's just a number. It only works because we did not refresh.
 Quote

Status: offline

luizcruz

Forum User
Newbie
Registered: 26/05/08
Posts: 5

Hi,

It is possible to change the form of registration of geeklog?
With mandatory fields below.

Name
homepage (URL)
Email
confirm email

Please as I do?

Thanks
Luiz
 Quote

Status: offline

Blaine

Forum User
Moderator
Registered: 16/07/02
Posts: 1232
Location:Canada
Quote by: jmucchiello

Well, hopefully one of the Devs will come along and make a fix to the core code.


What is there to modify ? as this is the way it's supposed to work. Just define $MESSAGE[xx] in your lib-custom.php file at the top as a global and pass back xx as the integer reference to the error message.
Geeklog components by PortalParts -- www.portalparts.com
 Quote

Status: offline

luizcruz

Forum User
Newbie
Registered: 26/05/08
Posts: 5
Hello,
sorry, not understand.

Thanks
Luiz
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 29/08/05
Posts: 985
Quote by: Blaine

Quote by: jmucchiello

Well, hopefully one of the Devs will come along and make a fix to the core code.


What is there to modify ?.

Blaine, read the first post. Usersettings.php doesn't call CUSTOM_usercheck when modifying the profile data. So "required" fields on login can be erased by going to your profile after you log in. That is the core change I'm hoping for.

Also, CUSTOM_usercheck returns a string as an error. How does this get maintained after COM_refresh? It can't be. Thus, the second mod. CUSTOM_usercheck should have allow the return of message codes but it wasn't designed that way. The caller of CUSTOM_usercheck could check if the return is numeric and do a COM_refresh with msg=returnvalue but that's not how it works at the moment.
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 29/08/05
Posts: 985
Quote by: luizcruz

Hello,
sorry, not understand.

Thanks
Luiz

This thread is about a bug in custom registration.

Try this thread for an example of custom registration.
 Quote

All times are EDT. The time is now 10:33 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content