From 3bc384dd53d354d87478b257b1764aeb21e41987 Mon Sep 17 00:00:00 2001 From: NorHei Date: Fri, 9 Dec 2016 01:01:29 +0100 Subject: [PATCH] Bugfix for frontend registration https://forum.wbce.org/viewtopic.php?id=811 https://forum.wbce.org/viewtopic.php?id=812 --- wbce/account/signup2.php | 97 +++++++++++++++++++------------- wbce/admin/interface/version.php | 4 +- 2 files changed, 59 insertions(+), 42 deletions(-) diff --git a/wbce/account/signup2.php b/wbce/account/signup2.php index 6ef3ac293..6f18c3556 100644 --- a/wbce/account/signup2.php +++ b/wbce/account/signup2.php @@ -31,6 +31,10 @@ // Create a javascript back link $js_back = WB_URL.'/account/signup.php'; + +//error indicator +$bSignError=false; + /* if (!$wb->checkFTAN()) { @@ -41,17 +45,21 @@ // Check values if($groups_id == "") { $wb->print_error($MESSAGE['USERS_NO_GROUP'], $js_back, false); + $bSignError=true; } if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) { $wb->print_error( $MESSAGE['USERS_NAME_INVALID_CHARS'].' / '. $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back); + $bSignError=true; } if($email != "") { if($wb->validate_email($email) == false) { $wb->print_error($MESSAGE['USERS_INVALID_EMAIL'], $js_back, false); + $bSignError=true; } } else { $wb->print_error($MESSAGE['SIGNUP_NO_EMAIL'], $js_back, false); + $bSignError=true; } $email = $wb->add_slashes($email); @@ -64,31 +72,23 @@ // Check for a mismatch if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) { $wb->print_error($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'], $js_back, false); + $bSignError=true; } } else { $wb->print_error($MESSAGE['MOD_FORM_INCORRECT_CAPTCHA'], $js_back, false); + $bSignError=true; } } if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); } -// Generate a random password then update the database with it -$new_pass = ''; -$salt = "abchefghjkmnpqrstuvwxyz0123456789"; -srand((double)microtime()*1000000); -$i = 0; -while ($i <= 7) { - $num = rand() % 33; - $tmp = substr($salt, $num, 1); - $new_pass = $new_pass . $tmp; - $i++; -} -$md5_password = md5($new_pass); + // Check if username already exists $sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `username` = \''.$username.'\''; $results = $database->query($sql); if($results->numRows() > 0) { $wb->print_error($MESSAGE['USERS_USERNAME_TAKEN'], $js_back, false); + $bSignError=true; } // Check if the email already exists @@ -97,39 +97,56 @@ if($results->numRows() > 0) { if(isset($MESSAGE['USERS_EMAIL_TAKEN'])) { $wb->print_error($MESSAGE['USERS_EMAIL_TAKEN'], $js_back, false); + $bSignError=true; } else { $wb->print_error($MESSAGE['USERS_INVALID_EMAIL'], $js_back, false); + $bSignError=true; } } -// MD5 supplied password -$md5_password = md5($new_pass); +// No error, so lets go +if ($bSignError===false){ + // Generate a random password then update the database with it + $new_pass = ''; + $salt = "abchefghjkmnpqrstuvwxyz0123456789"; + srand((double)microtime()*1000000); + $i = 0; + while ($i <= 7) { + $num = rand() % 33; + $tmp = substr($salt, $num, 1); + $new_pass = $new_pass . $tmp; + $i++; + } + $md5_password = md5($new_pass); -// Inser the user into the database -$sql = ''; -$query = "INSERT INTO ".TABLE_PREFIX."users (group_id,groups_id,active,username,password,display_name,email) VALUES ('$groups_id', '$groups_id', '$active', '$username','$md5_password','$display_name','$email')"; -$database->query($query); + // MD5 supplied password + $md5_password = md5($new_pass); -if($database->is_error()) { - // Error updating database - $message = $database->get_error(); -} else { - // Setup email to send - $mail_to = $email; - $mail_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO']; - - // Replace placeholders from language variable with values - $search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}'); - $replace = array($display_name, WEBSITE_TITLE, $username, $new_pass); - $mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_INFO']); - - // Try sending the email - if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) { - $display_form = false; - $wb->print_success($MESSAGE['FORGOT_PASS_PASSWORD_RESET'], WB_URL.'/account/login.php' ); - } else { - $database->query("DELETE FROM ".TABLE_PREFIX."users WHERE username = '$username'"); - $wb->print_error($MESSAGE['FORGOT_PASS_CANNOT_EMAIL'], $js_back, false); - } -} + // Inser the user into the database + $sql = ''; + $query = "INSERT INTO ".TABLE_PREFIX."users (group_id,groups_id,active,username,password,display_name,email) VALUES ('$groups_id', '$groups_id', '$active', '$username','$md5_password','$display_name','$email')"; + $database->query($query); + + if($database->is_error()) { + // Error updating database + $message = $database->get_error(); + } else { + // Setup email to send + $mail_to = $email; + $mail_subject = $MESSAGE['SIGNUP2_SUBJECT_LOGIN_INFO']; + // Replace placeholders from language variable with values + $search = array('{LOGIN_DISPLAY_NAME}', '{LOGIN_WEBSITE_TITLE}', '{LOGIN_NAME}', '{LOGIN_PASSWORD}'); + $replace = array($display_name, WEBSITE_TITLE, $username, $new_pass); + $mail_message = str_replace($search, $replace, $MESSAGE['SIGNUP2_BODY_LOGIN_INFO']); + + // Try sending the email + if($wb->mail(SERVER_EMAIL,$mail_to,$mail_subject,$mail_message)) { + $display_form = false; + $wb->print_success($MESSAGE['FORGOT_PASS_PASSWORD_RESET'], WB_URL.'/account/login.php' ); + } else { + $database->query("DELETE FROM ".TABLE_PREFIX."users WHERE username = '$username'"); + $wb->print_error($MESSAGE['FORGOT_PASS_CANNOT_EMAIL'], $js_back, false); + } + } +} diff --git a/wbce/admin/interface/version.php b/wbce/admin/interface/version.php index 42d6aaa72..7ece6ca36 100644 --- a/wbce/admin/interface/version.php +++ b/wbce/admin/interface/version.php @@ -16,12 +16,12 @@ } // set WBCE version and release tag -define('NEW_WBCE_VERSION', '1.1.7'); +define('NEW_WBCE_VERSION', '1.1.8'); if (!defined('WBCE_VERSION')) { define('WBCE_VERSION', NEW_WBCE_VERSION); } -define('NEW_WBCE_TAG', '1.1.7'); +define('NEW_WBCE_TAG', '1.1.8'); if (!defined('WBCE_TAG')) { define('WBCE_TAG', NEW_WBCE_TAG); }