Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Q
question2answer
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
outils
question2answer
Commits
e449b233
Commit
e449b233
authored
Jul 15, 2016
by
Scott
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Coding style (user pages)
parent
b0af268c
Expand all
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
204 additions
and
230 deletions
+204
-230
account.php
qa-include/pages/account.php
+0
-0
confirm.php
qa-include/pages/confirm.php
+48
-54
login.php
qa-include/pages/login.php
+60
-61
logout.php
qa-include/pages/logout.php
+5
-11
register.php
qa-include/pages/register.php
+49
-57
reset.php
qa-include/pages/reset.php
+42
-47
No files found.
qa-include/pages/account.php
View file @
e449b233
This diff is collapsed.
Click to expand it.
qa-include/pages/confirm.php
View file @
e449b233
...
@@ -20,106 +20,106 @@
...
@@ -20,106 +20,106 @@
More about this license: http://www.question2answer.org/license.php
More about this license: http://www.question2answer.org/license.php
*/
*/
if
(
!
defined
(
'QA_VERSION'
))
{
// don't allow this page to be requested directly from browser
if
(
!
defined
(
'QA_VERSION'
))
{
// don't allow this page to be requested directly from browser
header
(
'Location: ../'
);
header
(
'Location: ../'
);
exit
;
exit
;
}
}
// Check we're not using single-sign on integration, that we're not already confirmed, and that we're not blocked
// Check we're not using single-sign on integration, that we're not already confirmed, and that we're not blocked
if
(
QA_FINAL_EXTERNAL_USERS
)
if
(
QA_FINAL_EXTERNAL_USERS
)
qa_fatal_error
(
'User login is handled by external code'
);
qa_fatal_error
(
'User login is handled by external code'
);
// Check if we've been asked to send a new link or have a successful email confirmation
// Check if we've been asked to send a new link or have a successful email confirmation
$incode
=
trim
(
qa_get
(
'c'
));
// trim to prevent passing in blank values to match uninitiated DB rows
$incode
=
trim
(
qa_get
(
'c'
));
// trim to prevent passing in blank values to match uninitiated DB rows
$inhandle
=
qa_get
(
'u'
);
$inhandle
=
qa_get
(
'u'
);
$loginuserid
=
qa_get_logged_in_userid
();
$loginuserid
=
qa_get_logged_in_userid
();
$useremailed
=
false
;
$useremailed
=
false
;
$userconfirmed
=
false
;
$userconfirmed
=
false
;
if
(
isset
(
$loginuserid
)
&&
qa_clicked
(
'dosendconfirm'
))
{
// button clicked to send a link
if
(
isset
(
$loginuserid
)
&&
qa_clicked
(
'dosendconfirm'
))
{
// button clicked to send a link
require_once
QA_INCLUDE_DIR
.
'app/users-edit.php'
;
require_once
QA_INCLUDE_DIR
.
'app/users-edit.php'
;
if
(
!
qa_check_form_security_code
(
'confirm'
,
qa_post_text
(
'code'
)))
if
(
!
qa_check_form_security_code
(
'confirm'
,
qa_post_text
(
'code'
)))
$pageerror
=
qa_lang_html
(
'misc/form_security_again'
);
$pageerror
=
qa_lang_html
(
'misc/form_security_again'
);
else
{
else
{
qa_send_new_confirm
(
$loginuserid
);
qa_send_new_confirm
(
$loginuserid
);
$useremailed
=
true
;
$useremailed
=
true
;
}
}
}
elseif
(
strlen
(
$incode
))
{
// non-empty code detected from the URL
}
elseif
(
strlen
(
$incode
))
{
// non-empty code detected from the URL
require_once
QA_INCLUDE_DIR
.
'db/selects.php'
;
require_once
QA_INCLUDE_DIR
.
'db/selects.php'
;
require_once
QA_INCLUDE_DIR
.
'app/users-edit.php'
;
require_once
QA_INCLUDE_DIR
.
'app/users-edit.php'
;
if
(
!
empty
(
$inhandle
))
{
// match based on code and handle provided on URL
if
(
!
empty
(
$inhandle
))
{
// match based on code and handle provided on URL
$userinfo
=
qa_db_select_with_pending
(
qa_db_user_account_selectspec
(
$inhandle
,
false
));
$userinfo
=
qa_db_select_with_pending
(
qa_db_user_account_selectspec
(
$inhandle
,
false
));
if
(
strtolower
(
trim
(
@
$userinfo
[
'emailcode'
]))
==
strtolower
(
$incode
))
{
if
(
strtolower
(
trim
(
@
$userinfo
[
'emailcode'
]))
==
strtolower
(
$incode
))
{
qa_complete_confirm
(
$userinfo
[
'userid'
],
$userinfo
[
'email'
],
$userinfo
[
'handle'
]);
qa_complete_confirm
(
$userinfo
[
'userid'
],
$userinfo
[
'email'
],
$userinfo
[
'handle'
]);
$userconfirmed
=
true
;
$userconfirmed
=
true
;
}
}
}
}
if
((
!
$userconfirmed
)
&&
isset
(
$loginuserid
))
{
// as a backup, also match code on URL against logged in user
if
((
!
$userconfirmed
)
&&
isset
(
$loginuserid
))
{
// as a backup, also match code on URL against logged in user
$userinfo
=
qa_db_select_with_pending
(
qa_db_user_account_selectspec
(
$loginuserid
,
true
));
$userinfo
=
qa_db_select_with_pending
(
qa_db_user_account_selectspec
(
$loginuserid
,
true
));
$flags
=
$userinfo
[
'flags'
];
$flags
=
$userinfo
[
'flags'
];
if
(
(
$flags
&
QA_USER_FLAGS_EMAIL_CONFIRMED
)
&&
!
(
$flags
&
QA_USER_FLAGS_MUST_CONFIRM
)
)
if
((
$flags
&
QA_USER_FLAGS_EMAIL_CONFIRMED
)
&&
!
(
$flags
&
QA_USER_FLAGS_MUST_CONFIRM
)
)
$userconfirmed
=
true
;
// if they confirmed before, just show message as if it happened now
$userconfirmed
=
true
;
// if they confirmed before, just show message as if it happened now
elseif
(
strtolower
(
trim
(
$userinfo
[
'emailcode'
]))
==
strtolower
(
$incode
))
{
elseif
(
strtolower
(
trim
(
$userinfo
[
'emailcode'
]))
==
strtolower
(
$incode
))
{
qa_complete_confirm
(
$userinfo
[
'userid'
],
$userinfo
[
'email'
],
$userinfo
[
'handle'
]);
qa_complete_confirm
(
$userinfo
[
'userid'
],
$userinfo
[
'email'
],
$userinfo
[
'handle'
]);
$userconfirmed
=
true
;
$userconfirmed
=
true
;
}
}
}
}
}
}
// Prepare content for theme
// Prepare content for theme
$qa_content
=
qa_content_prepare
();
$qa_content
=
qa_content_prepare
();
$qa_content
[
'title'
]
=
qa_lang_html
(
'users/confirm_title'
);
$qa_content
[
'title'
]
=
qa_lang_html
(
'users/confirm_title'
);
$qa_content
[
'error'
]
=
@
$pageerror
;
$qa_content
[
'error'
]
=
@
$pageerror
;
if
(
$useremailed
)
if
(
$useremailed
)
{
$qa_content
[
'error'
]
=
qa_lang_html
(
'users/confirm_emailed'
);
// not an error, but display it prominently anyway
$qa_content
[
'error'
]
=
qa_lang_html
(
'users/confirm_emailed'
);
// not an error, but display it prominently anyway
elseif
(
$userconfirmed
)
{
}
elseif
(
$userconfirmed
)
{
$qa_content
[
'error'
]
=
qa_lang_html
(
'users/confirm_complete'
);
$qa_content
[
'error'
]
=
qa_lang_html
(
'users/confirm_complete'
);
if
(
!
isset
(
$loginuserid
))
if
(
!
isset
(
$loginuserid
))
{
$qa_content
[
'suggest_next'
]
=
strtr
(
$qa_content
[
'suggest_next'
]
=
strtr
(
qa_lang_html
(
'users/log_in_to_access'
),
qa_lang_html
(
'users/log_in_to_access'
),
array
(
array
(
'^1'
=>
'<a href="'
.
qa_path_html
(
'login'
,
array
(
'e'
=>
$inhandle
))
.
'">'
,
'^1'
=>
'<a href="'
.
qa_path_html
(
'login'
,
array
(
'e'
=>
$inhandle
))
.
'">'
,
'^2'
=>
'</a>'
,
'^2'
=>
'</a>'
,
)
)
);
);
}
}
elseif
(
isset
(
$loginuserid
))
{
// if logged in, allow sending a fresh link
}
elseif
(
isset
(
$loginuserid
))
{
// if logged in, allow sending a fresh link
require_once
QA_INCLUDE_DIR
.
'util/string.php'
;
require_once
QA_INCLUDE_DIR
.
'util/string.php'
;
if
(
strlen
(
$incode
))
if
(
strlen
(
$incode
))
$qa_content
[
'error'
]
=
qa_lang_html
(
'users/confirm_wrong_resend'
);
$qa_content
[
'error'
]
=
qa_lang_html
(
'users/confirm_wrong_resend'
);
$email
=
qa_get_logged_in_email
();
$email
=
qa_get_logged_in_email
();
$qa_content
[
'form'
]
=
array
(
$qa_content
[
'form'
]
=
array
(
'tags'
=>
'method="post" action="'
.
qa_path_html
(
'confirm'
)
.
'"'
,
'tags'
=>
'method="post" action="'
.
qa_path_html
(
'confirm'
)
.
'"'
,
'style'
=>
'tall'
,
'style'
=>
'tall'
,
'fields'
=>
array
(
'fields'
=>
array
(
'email'
=>
array
(
'email'
=>
array
(
'label'
=>
qa_lang_html
(
'users/email_label'
),
'label'
=>
qa_lang_html
(
'users/email_label'
),
'value'
=>
qa_html
(
$email
)
.
strtr
(
qa_lang_html
(
'users/change_email_link'
),
array
(
'value'
=>
qa_html
(
$email
)
.
strtr
(
qa_lang_html
(
'users/change_email_link'
),
array
(
'^1'
=>
'<a href="'
.
qa_path_html
(
'account'
)
.
'">'
,
'^1'
=>
'<a href="'
.
qa_path_html
(
'account'
)
.
'">'
,
'^2'
=>
'</a>'
,
'^2'
=>
'</a>'
,
)),
)),
'type'
=>
'static'
,
'type'
=>
'static'
,
...
@@ -139,17 +139,12 @@
...
@@ -139,17 +139,12 @@
);
);
if
(
!
qa_email_validate
(
$email
))
{
if
(
!
qa_email_validate
(
$email
))
{
$qa_content
[
'error'
]
=
qa_lang_html
(
'users/email_invalid'
);
$qa_content
[
'error'
]
=
qa_lang_html
(
'users/email_invalid'
);
unset
(
$qa_content
[
'form'
][
'buttons'
][
'send'
]);
unset
(
$qa_content
[
'form'
][
'buttons'
][
'send'
]);
}
}
}
else
}
else
$qa_content
[
'error'
]
=
qa_insert_login_links
(
qa_lang_html
(
'users/confirm_wrong_log_in'
),
'confirm'
);
$qa_content
[
'error'
]
=
qa_insert_login_links
(
qa_lang_html
(
'users/confirm_wrong_log_in'
),
'confirm'
);
return
$qa_content
;
return
$qa_content
;
/*
Omit PHP closing tag to help avoid accidental output
*/
\ No newline at end of file
qa-include/pages/login.php
View file @
e449b233
...
@@ -20,60 +20,61 @@
...
@@ -20,60 +20,61 @@
More about this license: http://www.question2answer.org/license.php
More about this license: http://www.question2answer.org/license.php
*/
*/
if
(
!
defined
(
'QA_VERSION'
))
{
// don't allow this page to be requested directly from browser
if
(
!
defined
(
'QA_VERSION'
))
{
// don't allow this page to be requested directly from browser
header
(
'Location: ../'
);
header
(
'Location: ../'
);
exit
;
exit
;
}
}
// Check we're not using Q2A's single-sign on integration and that we're not logged in
// Check we're not using Q2A's single-sign on integration and that we're not logged in
if
(
QA_FINAL_EXTERNAL_USERS
)
if
(
QA_FINAL_EXTERNAL_USERS
)
qa_fatal_error
(
'User login is handled by external code'
);
qa_fatal_error
(
'User login is handled by external code'
);
if
(
qa_is_logged_in
())
if
(
qa_is_logged_in
())
qa_redirect
(
''
);
qa_redirect
(
''
);
// Process submitted form after checking we haven't reached rate limit
// Process submitted form after checking we haven't reached rate limit
$passwordsent
=
qa_get
(
'ps'
);
$passwordsent
=
qa_get
(
'ps'
);
$emailexists
=
qa_get
(
'ee'
);
$emailexists
=
qa_get
(
'ee'
);
$inemailhandle
=
qa_post_text
(
'emailhandle'
);
$inemailhandle
=
qa_post_text
(
'emailhandle'
);
$inpassword
=
qa_post_text
(
'password'
);
$inpassword
=
qa_post_text
(
'password'
);
$inremember
=
qa_post_text
(
'remember'
);
$inremember
=
qa_post_text
(
'remember'
);
if
(
qa_clicked
(
'dologin'
)
&&
(
strlen
(
$inemailhandle
)
||
strlen
(
$inpassword
))
)
{
if
(
qa_clicked
(
'dologin'
)
&&
(
strlen
(
$inemailhandle
)
||
strlen
(
$inpassword
))
)
{
require_once
QA_INCLUDE_DIR
.
'app/limits.php'
;
require_once
QA_INCLUDE_DIR
.
'app/limits.php'
;
if
(
qa_user_limits_remaining
(
QA_LIMIT_LOGINS
))
{
if
(
qa_user_limits_remaining
(
QA_LIMIT_LOGINS
))
{
require_once
QA_INCLUDE_DIR
.
'db/users.php'
;
require_once
QA_INCLUDE_DIR
.
'db/users.php'
;
require_once
QA_INCLUDE_DIR
.
'db/selects.php'
;
require_once
QA_INCLUDE_DIR
.
'db/selects.php'
;
if
(
!
qa_check_form_security_code
(
'login'
,
qa_post_text
(
'code'
)))
$pageerror
=
qa_lang_html
(
'misc/form_security_again'
);
if
(
!
qa_check_form_security_code
(
'login'
,
qa_post_text
(
'code'
)))
{
$pageerror
=
qa_lang_html
(
'misc/form_security_again'
);
}
else
{
else
{
qa_limits_increment
(
null
,
QA_LIMIT_LOGINS
);
qa_limits_increment
(
null
,
QA_LIMIT_LOGINS
);
$errors
=
array
();
$errors
=
array
();
if
(
qa_opt
(
'allow_login_email_only'
)
||
(
strpos
(
$inemailhandle
,
'@'
)
!==
false
))
// handles can't contain @ symbols
if
(
qa_opt
(
'allow_login_email_only'
)
||
strpos
(
$inemailhandle
,
'@'
)
!==
false
)
{
// handles can't contain @ symbols
$matchusers
=
qa_db_user_find_by_email
(
$inemailhandle
);
$matchusers
=
qa_db_user_find_by_email
(
$inemailhandle
);
else
}
else
{
$matchusers
=
qa_db_user_find_by_handle
(
$inemailhandle
);
$matchusers
=
qa_db_user_find_by_handle
(
$inemailhandle
);
}
if
(
count
(
$matchusers
)
==
1
)
{
// if matches more than one (should be impossible), don't log in
if
(
count
(
$matchusers
)
==
1
)
{
// if matches more than one (should be impossible), don't log in
$inuserid
=
$matchusers
[
0
];
$inuserid
=
$matchusers
[
0
];
$userinfo
=
qa_db_select_with_pending
(
qa_db_user_account_selectspec
(
$inuserid
,
true
));
$userinfo
=
qa_db_select_with_pending
(
qa_db_user_account_selectspec
(
$inuserid
,
true
));
$legacyPassOk
=
hash_equals
(
strtolower
(
$userinfo
[
'passcheck'
]),
strtolower
(
qa_db_calc_passcheck
(
$inpassword
,
$userinfo
[
'passsalt'
])));
$legacyPassOk
=
hash_equals
(
strtolower
(
$userinfo
[
'passcheck'
]),
strtolower
(
qa_db_calc_passcheck
(
$inpassword
,
$userinfo
[
'passsalt'
])));
if
(
QA_PASSWORD_HASH
)
{
if
(
QA_PASSWORD_HASH
)
{
$haspassword
=
isset
(
$userinfo
[
'passhash'
]);
$haspassword
=
isset
(
$userinfo
[
'passhash'
]);
$haspasswordold
=
isset
(
$userinfo
[
'passsalt'
])
&&
isset
(
$userinfo
[
'passcheck'
]);
$haspasswordold
=
isset
(
$userinfo
[
'passsalt'
])
&&
isset
(
$userinfo
[
'passcheck'
]);
$passOk
=
password_verify
(
$inpassword
,
$userinfo
[
'passhash'
]);
$passOk
=
password_verify
(
$inpassword
,
$userinfo
[
'passhash'
]);
if
((
$haspasswordold
&&
$legacyPassOk
)
||
(
$haspassword
&&
$passOk
))
{
if
((
$haspasswordold
&&
$legacyPassOk
)
||
(
$haspassword
&&
$passOk
))
{
// upgrade password or rehash, when options like the cost parameter changed
// upgrade password or rehash, when options like the cost parameter changed
...
@@ -81,57 +82,60 @@
...
@@ -81,57 +82,60 @@
qa_db_user_set_password
(
$inuserid
,
$inpassword
);
qa_db_user_set_password
(
$inuserid
,
$inpassword
);
}
}
}
else
{
}
else
{
$errors
[
'password'
]
=
qa_lang
(
'users/password_wrong'
);
$errors
[
'password'
]
=
qa_lang
(
'users/password_wrong'
);
}
}
}
else
{
}
else
{
if
(
!
$legacyPassOk
)
{
if
(
!
$legacyPassOk
)
{
$errors
[
'password'
]
=
qa_lang
(
'users/password_wrong'
);
$errors
[
'password'
]
=
qa_lang
(
'users/password_wrong'
);
}
}
}
}
if
(
!
isset
(
$errors
[
'password'
]))
{
if
(
!
isset
(
$errors
[
'password'
]))
{
// login and redirect
// login and redirect
require_once
QA_INCLUDE_DIR
.
'app/users.php'
;
require_once
QA_INCLUDE_DIR
.
'app/users.php'
;
qa_set_logged_in_user
(
$inuserid
,
$userinfo
[
'handle'
],
!
empty
(
$inremember
));
qa_set_logged_in_user
(
$inuserid
,
$userinfo
[
'handle'
],
!
empty
(
$inremember
));
$topath
=
qa_get
(
'to'
);
$topath
=
qa_get
(
'to'
);
if
(
isset
(
$topath
))
if
(
isset
(
$topath
))
qa_redirect_raw
(
qa_path_to_root
()
.
$topath
);
// path already provided as URL fragment
qa_redirect_raw
(
qa_path_to_root
()
.
$topath
);
// path already provided as URL fragment
elseif
(
$passwordsent
)
elseif
(
$passwordsent
)
qa_redirect
(
'account'
);
qa_redirect
(
'account'
);
else
else
qa_redirect
(
''
);
qa_redirect
(
''
);
}
}
}
else
}
else
{
$errors
[
'emailhandle'
]
=
qa_lang
(
'users/user_not_found'
);
$errors
[
'emailhandle'
]
=
qa_lang
(
'users/user_not_found'
);
}
}
}
}
else
}
else
{
$pageerror
=
qa_lang
(
'users/login_limit'
);
$pageerror
=
qa_lang
(
'users/login_limit'
);
}
}
else
}
else
{
$inemailhandle
=
qa_get
(
'e'
);
$inemailhandle
=
qa_get
(
'e'
);
}
// Prepare content for theme
// Prepare content for theme
$qa_content
=
qa_content_prepare
();
$qa_content
=
qa_content_prepare
();
$qa_content
[
'title'
]
=
qa_lang_html
(
'users/login_title'
);
$qa_content
[
'title'
]
=
qa_lang_html
(
'users/login_title'
);
$qa_content
[
'error'
]
=
@
$pageerror
;
$qa_content
[
'error'
]
=
@
$pageerror
;
if
(
empty
(
$inemailhandle
)
||
isset
(
$errors
[
'emailhandle'
]))
if
(
empty
(
$inemailhandle
)
||
isset
(
$errors
[
'emailhandle'
]))
$forgotpath
=
qa_path
(
'forgot'
);
$forgotpath
=
qa_path
(
'forgot'
);
else
else
$forgotpath
=
qa_path
(
'forgot'
,
array
(
'e'
=>
$inemailhandle
));
$forgotpath
=
qa_path
(
'forgot'
,
array
(
'e'
=>
$inemailhandle
));
$forgothtml
=
'<a href="'
.
qa_html
(
$forgotpath
)
.
'">'
.
qa_lang_html
(
'users/forgot_link'
)
.
'</a>'
;
$forgothtml
=
'<a href="'
.
qa_html
(
$forgotpath
)
.
'">'
.
qa_lang_html
(
'users/forgot_link'
)
.
'</a>'
;
$qa_content
[
'form'
]
=
array
(
$qa_content
[
'form'
]
=
array
(
'tags'
=>
'method="post" action="'
.
qa_self_html
()
.
'"'
,
'tags'
=>
'method="post" action="'
.
qa_self_html
()
.
'"'
,
'style'
=>
'tall'
,
'style'
=>
'tall'
,
...
@@ -150,7 +154,7 @@
...
@@ -150,7 +154,7 @@
'label'
=>
qa_lang_html
(
'users/password_label'
),
'label'
=>
qa_lang_html
(
'users/password_label'
),
'tags'
=>
'name="password" id="password" dir="auto"'
,
'tags'
=>
'name="password" id="password" dir="auto"'
,
'value'
=>
qa_html
(
@
$inpassword
),
'value'
=>
qa_html
(
@
$inpassword
),
'error'
=>
empty
(
$errors
[
'password'
])
?
''
:
(
qa_html
(
@
$errors
[
'password'
])
.
' - '
.
$forgothtml
),
'error'
=>
empty
(
$errors
[
'password'
])
?
''
:
(
qa_html
(
@
$errors
[
'password'
])
.
' - '
.
$forgothtml
),
'note'
=>
$passwordsent
?
qa_lang_html
(
'users/password_sent'
)
:
$forgothtml
,
'note'
=>
$passwordsent
?
qa_lang_html
(
'users/password_sent'
)
:
$forgothtml
,
),
),
...
@@ -172,25 +176,20 @@
...
@@ -172,25 +176,20 @@
'dologin'
=>
'1'
,
'dologin'
=>
'1'
,
'code'
=>
qa_get_form_security_code
(
'login'
),
'code'
=>
qa_get_form_security_code
(
'login'
),
),
),
);
);
$loginmodules
=
qa_load_modules_with
(
'login'
,
'login_html'
);
$loginmodules
=
qa_load_modules_with
(
'login'
,
'login_html'
);
foreach
(
$loginmodules
as
$module
)
{
foreach
(
$loginmodules
as
$module
)
{
ob_start
();
ob_start
();
$module
->
login_html
(
qa_opt
(
'site_url'
)
.
qa_get
(
'to'
),
'login'
);
$module
->
login_html
(
qa_opt
(
'site_url'
)
.
qa_get
(
'to'
),
'login'
);
$html
=
ob_get_clean
();
$html
=
ob_get_clean
();
if
(
strlen
(
$html
))
if
(
strlen
(
$html
))
@
$qa_content
[
'custom'
]
.=
'<br>'
.
$html
.
'<br>'
;
@
$qa_content
[
'custom'
]
.=
'<br>'
.
$html
.
'<br>'
;
}
}
$qa_content
[
'focusid'
]
=
(
isset
(
$inemailhandle
)
&&
!
isset
(
$errors
[
'emailhandle'
]))
?
'password'
:
'emailhandle'
;
$qa_content
[
'focusid'
]
=
(
isset
(
$inemailhandle
)
&&
!
isset
(
$errors
[
'emailhandle'
]))
?
'password'
:
'emailhandle'
;
return
$qa_content
;
return
$qa_content
;
/*
Omit PHP closing tag to help avoid accidental output
*/
qa-include/pages/logout.php
View file @
e449b233
...
@@ -20,21 +20,16 @@
...
@@ -20,21 +20,16 @@
More about this license: http://www.question2answer.org/license.php
More about this license: http://www.question2answer.org/license.php
*/
*/
if
(
!
defined
(
'QA_VERSION'
))
{
// don't allow this page to be requested directly from browser
if
(
!
defined
(
'QA_VERSION'
))
{
// don't allow this page to be requested directly from browser
header
(
'Location: ../'
);
header
(
'Location: ../'
);
exit
;
exit
;
}
}
if
(
QA_FINAL_EXTERNAL_USERS
)
if
(
QA_FINAL_EXTERNAL_USERS
)
qa_fatal_error
(
'User logout is handled by external code'
);
qa_fatal_error
(
'User logout is handled by external code'
);
if
(
qa_is_logged_in
())
if
(
qa_is_logged_in
())
qa_set_logged_in_user
(
null
);
qa_set_logged_in_user
(
null
);
qa_redirect
(
''
);
// back to home page
qa_redirect
(
''
);
// back to home page
/*
Omit PHP closing tag to help avoid accidental output
*/
\ No newline at end of file
qa-include/pages/register.php
View file @
e449b233
...
@@ -20,74 +20,73 @@
...
@@ -20,74 +20,73 @@
More about this license: http://www.question2answer.org/license.php
More about this license: http://www.question2answer.org/license.php
*/
*/
if
(
!
defined
(
'QA_VERSION'
))
{
// don't allow this page to be requested directly from browser
if
(
!
defined
(
'QA_VERSION'
))
{
// don't allow this page to be requested directly from browser
header
(
'Location: ../'
);
header
(
'Location: ../'
);
exit
;
exit
;
}
}
require_once
QA_INCLUDE_DIR
.
'app/captcha.php'
;
require_once
QA_INCLUDE_DIR
.
'app/captcha.php'
;
require_once
QA_INCLUDE_DIR
.
'db/users.php'
;
require_once
QA_INCLUDE_DIR
.
'db/users.php'
;
// Check we're not using single-sign on integration, that we're not logged in, and we're not blocked
// Check we're not using single-sign on integration, that we're not logged in, and we're not blocked
if
(
QA_FINAL_EXTERNAL_USERS
)
if
(
QA_FINAL_EXTERNAL_USERS
)
qa_fatal_error
(
'User registration is handled by external code'
);
qa_fatal_error
(
'User registration is handled by external code'
);
if
(
qa_is_logged_in
())
if
(
qa_is_logged_in
())
qa_redirect
(
''
);
qa_redirect
(
''
);
// Get information about possible additional fields
// Get information about possible additional fields
$show_terms
=
qa_opt
(
'show_register_terms'
);
$show_terms
=
qa_opt
(
'show_register_terms'
);
$userfields
=
qa_db_select_with_pending
(
$userfields
=
qa_db_select_with_pending
(
qa_db_userfields_selectspec
()
qa_db_userfields_selectspec
()
);
);
foreach
(
$userfields
as
$index
=>
$userfield
)
{
foreach
(
$userfields
as
$index
=>
$userfield
)
{
if
(
!
(
$userfield
[
'flags'
]
&
QA_FIELD_FLAGS_ON_REGISTER
))
if
(
!
(
$userfield
[
'flags'
]
&
QA_FIELD_FLAGS_ON_REGISTER
))
unset
(
$userfields
[
$index
]);
unset
(
$userfields
[
$index
]);
}
}
// Check we haven't suspended registration, and this IP isn't blocked
// Check we haven't suspended registration, and this IP isn't blocked
if
(
qa_opt
(
'suspend_register_users'
))
{
if
(
qa_opt
(
'suspend_register_users'
))
{
$qa_content
=
qa_content_prepare
();
$qa_content
=
qa_content_prepare
();
$qa_content
[
'error'
]
=
qa_lang_html
(
'users/register_suspended'
);
$qa_content
[
'error'
]
=
qa_lang_html
(
'users/register_suspended'
);
return
$qa_content
;
return
$qa_content
;
}
}
if
(
qa_user_permit_error
())
{
if
(
qa_user_permit_error
())
{
$qa_content
=
qa_content_prepare
();
$qa_content
=
qa_content_prepare
();
$qa_content
[
'error'
]
=
qa_lang_html
(
'users/no_permission'
);
$qa_content
[
'error'
]
=
qa_lang_html
(
'users/no_permission'
);
return
$qa_content
;
return
$qa_content
;
}
}
// Process submitted form
// Process submitted form
if
(
qa_clicked
(
'doregister'
))
{
if
(
qa_clicked
(
'doregister'
))
{
require_once
QA_INCLUDE_DIR
.
'app/limits.php'
;
require_once
QA_INCLUDE_DIR
.
'app/limits.php'
;
if
(
qa_user_limits_remaining
(
QA_LIMIT_REGISTRATIONS
))
{
if
(
qa_user_limits_remaining
(
QA_LIMIT_REGISTRATIONS
))
{
require_once
QA_INCLUDE_DIR
.
'app/users-edit.php'
;
require_once
QA_INCLUDE_DIR
.
'app/users-edit.php'
;
$inemail
=
qa_post_text
(
'email'
);
$inemail
=
qa_post_text
(
'email'
);
$inpassword
=
qa_post_text
(
'password'
);
$inpassword
=
qa_post_text
(
'password'
);
$inhandle
=
qa_post_text
(
'handle'
);
$inhandle
=
qa_post_text
(
'handle'
);
$interms
=
(
int
)
qa_post_text
(
'terms'
);
$interms
=
(
int
)
qa_post_text
(
'terms'
);
$inprofile
=
array
();
$inprofile
=
array
();
foreach
(
$userfields
as
$userfield
)
foreach
(
$userfields
as
$userfield
)
$inprofile
[
$userfield
[
'fieldid'
]]
=
qa_post_text
(
'field_'
.
$userfield
[
'fieldid'
]);
$inprofile
[
$userfield
[
'fieldid'
]]
=
qa_post_text
(
'field_'
.
$userfield
[
'fieldid'
]);
if
(
!
qa_check_form_security_code
(
'register'
,
qa_post_text
(
'code'
)))
{
if
(
!
qa_check_form_security_code
(
'register'
,
qa_post_text
(
'code'
)))
{
$pageerror
=
qa_lang_html
(
'misc/form_security_again'
);
$pageerror
=
qa_lang_html
(
'misc/form_security_again'
);
}
}
else
{
else
{
// core validation
// core validation
$errors
=
array_merge
(
$errors
=
array_merge
(
qa_handle_email_filter
(
$inhandle
,
$inemail
),
qa_handle_email_filter
(
$inhandle
,
$inemail
),
...
@@ -122,28 +121,27 @@
...
@@ -122,28 +121,27 @@
$topath
=
qa_get
(
'to'
);
$topath
=
qa_get
(
'to'
);
if
(
isset
(
$topath
))
if
(
isset
(
$topath
))
qa_redirect_raw
(
qa_path_to_root
()
.
$topath
);
// path already provided as URL fragment
qa_redirect_raw
(
qa_path_to_root
()
.
$topath
);
// path already provided as URL fragment
else
else
qa_redirect
(
''
);
qa_redirect
(
''
);
}
}
}
}
}
}
else
else
$pageerror
=
qa_lang
(
'users/register_limit'
);
$pageerror
=
qa_lang
(
'users/register_limit'
);
}
}
// Prepare content for theme
// Prepare content for theme
$qa_content
=
qa_content_prepare
();
$qa_content
=
qa_content_prepare
();
$qa_content
[
'title'
]
=
qa_lang_html
(
'users/register_title'
);
$qa_content
[
'title'
]
=
qa_lang_html
(
'users/register_title'
);
$qa_content
[
'error'
]
=
@
$pageerror
;
$qa_content
[
'error'
]
=
@
$pageerror
;
$qa_content
[
'form'
]
=
array
(
$qa_content
[
'form'
]
=
array
(
'tags'
=>
'method="post" action="'
.
qa_self_html
()
.
'"'
,
'tags'
=>
'method="post" action="'
.
qa_self_html
()
.
'"'
,
'style'
=>
'tall'
,
'style'
=>
'tall'
,
...
@@ -183,18 +181,18 @@
...
@@ -183,18 +181,18 @@
'doregister'
=>
'1'
,
'doregister'
=>
'1'
,
'code'
=>
qa_get_form_security_code
(
'register'
),
'code'
=>
qa_get_form_security_code
(
'register'
),
),
),
);
);
// prepend custom message
// prepend custom message
$custom
=
qa_opt
(
'show_custom_register'
)
?
trim
(
qa_opt
(
'custom_register'
))
:
''
;
$custom
=
qa_opt
(
'show_custom_register'
)
?
trim
(
qa_opt
(
'custom_register'
))
:
''
;
if
(
strlen
(
$custom
))
{
if
(
strlen
(
$custom
))
{
array_unshift
(
$qa_content
[
'form'
][
'fields'
],
array
(
array_unshift
(
$qa_content
[
'form'
][
'fields'
],
array
(
'type'
=>
'custom'
,
'type'
=>
'custom'
,
'note'
=>
$custom
,
'note'
=>
$custom
,
));
));
}
}
foreach
(
$userfields
as
$userfield
)
{
foreach
(
$userfields
as
$userfield
)
{
$value
=
@
$inprofile
[
$userfield
[
'fieldid'
]];
$value
=
@
$inprofile
[
$userfield
[
'fieldid'
]];
$label
=
trim
(
qa_user_userfield_label
(
$userfield
),
':'
);
$label
=
trim
(
qa_user_userfield_label
(
$userfield
),
':'
);
...
@@ -203,18 +201,18 @@
...
@@ -203,18 +201,18 @@
$qa_content
[
'form'
][
'fields'
][
$userfield
[
'title'
]]
=
array
(
$qa_content
[
'form'
][
'fields'
][
$userfield
[
'title'
]]
=
array
(
'label'
=>
qa_html
(
$label
),
'label'
=>
qa_html
(
$label
),
'tags'
=>
'name="field_'
.
$userfield
[
'fieldid'
]
.
'"'
,
'tags'
=>
'name="field_'
.
$userfield
[
'fieldid'
]
.
'"'
,
'value'
=>
qa_html
(
$value
),
'value'
=>
qa_html
(
$value
),
'error'
=>
qa_html
(
@
$errors
[
$userfield
[
'fieldid'
]]),
'error'
=>
qa_html
(
@
$errors
[
$userfield
[
'fieldid'
]]),
'rows'
=>
(
$userfield
[
'flags'
]
&
QA_FIELD_FLAGS_MULTI_LINE
)
?
8
:
null
,
'rows'
=>
(
$userfield
[
'flags'
]
&
QA_FIELD_FLAGS_MULTI_LINE
)
?
8
:
null
,
);
);
}
}
if
(
qa_opt
(
'captcha_on_register'
))
if
(
qa_opt
(
'captcha_on_register'
))
qa_set_up_captcha_field
(
$qa_content
,
$qa_content
[
'form'
][
'fields'
],
@
$errors
);
qa_set_up_captcha_field
(
$qa_content
,
$qa_content
[
'form'
][
'fields'
],
@
$errors
);
// show T&Cs checkbox
// show T&Cs checkbox
if
(
$show_terms
)
{
if
(
$show_terms
)
{
$qa_content
[
'form'
][
'fields'
][
'terms'
]
=
array
(
$qa_content
[
'form'
][
'fields'
][
'terms'
]
=
array
(
'type'
=>
'checkbox'
,
'type'
=>
'checkbox'
,
'label'
=>
trim
(
qa_opt
(
'register_terms'
)),
'label'
=>
trim
(
qa_opt
(
'register_terms'
)),
...
@@ -222,28 +220,23 @@
...
@@ -222,28 +220,23 @@
'value'
=>
qa_html
(
@
$interms
),
'value'
=>
qa_html
(
@
$interms
),
'error'
=>
qa_html
(
@
$errors
[
'terms'
]),
'error'
=>
qa_html
(
@
$errors
[
'terms'
]),
);
);
}
}
$loginmodules
=
qa_load_modules_with
(
'login'
,
'login_html'
);
$loginmodules
=
qa_load_modules_with
(
'login'
,
'login_html'
);
foreach
(
$loginmodules
as
$module
)
{
foreach
(
$loginmodules
as
$module
)
{
ob_start
();
ob_start
();
$module
->
login_html
(
qa_opt
(
'site_url'
)
.
qa_get
(
'to'
),
'register'
);
$module
->
login_html
(
qa_opt
(
'site_url'
)
.
qa_get
(
'to'
),
'register'
);
$html
=
ob_get_clean
();
$html
=
ob_get_clean
();
if
(
strlen
(
$html
))
if
(
strlen
(
$html
))
@
$qa_content
[
'custom'
]
.=
'<br>'
.
$html
.
'<br>'
;
@
$qa_content
[
'custom'
]
.=
'<br>'
.
$html
.
'<br>'
;
}
}
// prioritize 'handle' for keyboard focus
// prioritize 'handle' for keyboard focus
$qa_content
[
'focusid'
]
=
isset
(
$errors
[
'handle'
])
?
'handle'
$qa_content
[
'focusid'
]
=
isset
(
$errors
[
'handle'
])
?
'handle'
:
(
isset
(
$errors
[
'password'
])
?
'password'
:
(
isset
(
$errors
[
'password'
])
?
'password'
:
(
isset
(
$errors
[
'email'
])
?
'email'
:
'handle'
));
:
(
isset
(
$errors
[
'email'
])
?
'email'
:
'handle'
));
return
$qa_content
;
return
$qa_content
;
/*
Omit PHP closing tag to help avoid accidental output
*/
\ No newline at end of file
qa-include/pages/reset.php
View file @
e449b233
...
@@ -20,79 +20,80 @@
...
@@ -20,79 +20,80 @@
More about this license: http://www.question2answer.org/license.php
More about this license: http://www.question2answer.org/license.php
*/
*/
if
(
!
defined
(
'QA_VERSION'
))
{
// don't allow this page to be requested directly from browser
if
(
!
defined
(
'QA_VERSION'
))
{
// don't allow this page to be requested directly from browser
header
(
'Location: ../'
);
header
(
'Location: ../'
);
exit
;
exit
;
}
}
// Check we're not using single-sign on integration and that we're not logged in
// Check we're not using single-sign on integration and that we're not logged in
if
(
QA_FINAL_EXTERNAL_USERS
)
if
(
QA_FINAL_EXTERNAL_USERS
)
qa_fatal_error
(
'User login is handled by external code'
);
qa_fatal_error
(
'User login is handled by external code'
);
if
(
qa_is_logged_in
())
if
(
qa_is_logged_in
())
qa_redirect
(
''
);
qa_redirect
(
''
);
// Process incoming form
// Process incoming form
if
(
qa_clicked
(
'doreset'
))
{
if
(
qa_clicked
(
'doreset'
))
{
require_once
QA_INCLUDE_DIR
.
'app/users-edit.php'
;
require_once
QA_INCLUDE_DIR
.
'app/users-edit.php'
;
require_once
QA_INCLUDE_DIR
.
'db/users.php'
;
require_once
QA_INCLUDE_DIR
.
'db/users.php'
;
$inemailhandle
=
qa_post_text
(
'emailhandle'
);
$inemailhandle
=
qa_post_text
(
'emailhandle'
);
$incode
=
trim
(
qa_post_text
(
'code'
));
// trim to prevent passing in blank values to match uninitiated DB rows
$incode
=
trim
(
qa_post_text
(
'code'
));
// trim to prevent passing in blank values to match uninitiated DB rows
$errors
=
array
();
$errors
=
array
();
if
(
!
qa_check_form_security_code
(
'reset'
,
qa_post_text
(
'formcode'
)))
if
(
!
qa_check_form_security_code
(
'reset'
,
qa_post_text
(
'formcode'
)))
$errors
[
'page'
]
=
qa_lang_html
(
'misc/form_security_again'
);
$errors
[
'page'
]
=
qa_lang_html
(
'misc/form_security_again'
);
else
{
else
{
if
(
qa_opt
(
'allow_login_email_only'
)
||
(
strpos
(
$inemailhandle
,
'@'
)
!==
false
))
// handles can't contain @ symbols
if
(
qa_opt
(
'allow_login_email_only'
)
||
(
strpos
(
$inemailhandle
,
'@'
)
!==
false
))
// handles can't contain @ symbols
$matchusers
=
qa_db_user_find_by_email
(
$inemailhandle
);
$matchusers
=
qa_db_user_find_by_email
(
$inemailhandle
);
else
else
$matchusers
=
qa_db_user_find_by_handle
(
$inemailhandle
);
$matchusers
=
qa_db_user_find_by_handle
(
$inemailhandle
);
if
(
count
(
$matchusers
)
==
1
)
{
// if match more than one (should be impossible), consider it a non-match
if
(
count
(
$matchusers
)
==
1
)
{
// if match more than one (should be impossible), consider it a non-match
require_once
QA_INCLUDE_DIR
.
'db/selects.php'
;
require_once
QA_INCLUDE_DIR
.
'db/selects.php'
;
$inuserid
=
$matchusers
[
0
];
$inuserid
=
$matchusers
[
0
];
$userinfo
=
qa_db_select_with_pending
(
qa_db_user_account_selectspec
(
$inuserid
,
true
));
$userinfo
=
qa_db_select_with_pending
(
qa_db_user_account_selectspec
(
$inuserid
,
true
));
// strlen() check is vital otherwise we can reset code for most users by entering the empty string
// strlen() check is vital otherwise we can reset code for most users by entering the empty string
if
(
strlen
(
$incode
)
&&
(
strtolower
(
trim
(
$userinfo
[
'emailcode'
]))
==
strtolower
(
$incode
)
))
{
if
(
strlen
(
$incode
)
&&
strtolower
(
trim
(
$userinfo
[
'emailcode'
]))
==
strtolower
(
$incode
))
{
qa_complete_reset_user
(
$inuserid
);
qa_complete_reset_user
(
$inuserid
);
qa_redirect
(
'login'
,
array
(
'e'
=>
$inemailhandle
,
'ps'
=>
'1'
));
// redirect to login page
qa_redirect
(
'login'
,
array
(
'e'
=>
$inemailhandle
,
'ps'
=>
'1'
));
// redirect to login page
}
else
{
}
else
$errors
[
'code'
]
=
qa_lang
(
'users/reset_code_wrong'
);
$errors
[
'code'
]
=
qa_lang
(
'users/reset_code_wrong'
);
}
else
$errors
[
'emailhandle'
]
=
qa_lang
(
'users/user_not_found'
);
}
}
}
else
{
}
else
{
$inemailhandle
=
qa_get
(
'e
'
);
$errors
[
'emailhandle'
]
=
qa_lang
(
'users/user_not_found
'
);
$incode
=
qa_get
(
'c'
);
}
}
}
}
else
{
$inemailhandle
=
qa_get
(
'e'
);
$incode
=
qa_get
(
'c'
);
}
// Prepare content for theme
// Prepare content for theme
$qa_content
=
qa_content_prepare
();
$qa_content
=
qa_content_prepare
();
$qa_content
[
'title'
]
=
qa_lang_html
(
'users/reset_title'
);
$qa_content
[
'title'
]
=
qa_lang_html
(
'users/reset_title'
);
$qa_content
[
'error'
]
=
@
$errors
[
'page'
];
$qa_content
[
'error'
]
=
@
$errors
[
'page'
];
if
(
empty
(
$inemailhandle
)
||
isset
(
$errors
[
'emailhandle'
]))
if
(
empty
(
$inemailhandle
)
||
isset
(
$errors
[
'emailhandle'
]))
$forgotpath
=
qa_path
(
'forgot'
);
$forgotpath
=
qa_path
(
'forgot'
);
else
else
$forgotpath
=
qa_path
(
'forgot'
,
array
(
'e'
=>
$inemailhandle
));
$forgotpath
=
qa_path
(
'forgot'
,
array
(
'e'
=>
$inemailhandle
));
$qa_content
[
'form'
]
=
array
(
$qa_content
[
'form'
]
=
array
(
'tags'
=>
'method="post" action="'
.
qa_self_html
()
.
'"'
,
'tags'
=>
'method="post" action="'
.
qa_self_html
()
.
'"'
,
'style'
=>
'tall'
,
'style'
=>
'tall'
,
...
@@ -111,8 +112,8 @@
...
@@ -111,8 +112,8 @@
'tags'
=>
'name="code" id="code"'
,
'tags'
=>
'name="code" id="code"'
,
'value'
=>
qa_html
(
@
$incode
),
'value'
=>
qa_html
(
@
$incode
),
'error'
=>
qa_html
(
@
$errors
[
'code'
]),
'error'
=>
qa_html
(
@
$errors
[
'code'
]),
'note'
=>
qa_lang_html
(
'users/reset_code_emailed'
)
.
' - '
.
'note'
=>
qa_lang_html
(
'users/reset_code_emailed'
)
.
' - '
.
'<a href="'
.
qa_html
(
$forgotpath
)
.
'">'
.
qa_lang_html
(
'users/reset_code_another'
)
.
'</a>'
,
'<a href="'
.
qa_html
(
$forgotpath
)
.
'">'
.
qa_lang_html
(
'users/reset_code_another'
)
.
'</a>'
,
),
),
),
),
...
@@ -126,14 +127,9 @@
...
@@ -126,14 +127,9 @@
'doreset'
=>
'1'
,
'doreset'
=>
'1'
,
'formcode'
=>
qa_get_form_security_code
(
'reset'
),
'formcode'
=>
qa_get_form_security_code
(
'reset'
),
),
),
);
);
$qa_content
[
'focusid'
]
=
(
isset
(
$errors
[
'emailhandle'
])
||
!
strlen
(
@
$inemailhandle
))
?
'emailhandle'
:
'code'
;
return
$qa_content
;
$qa_content
[
'focusid'
]
=
(
isset
(
$errors
[
'emailhandle'
])
||
!
strlen
(
@
$inemailhandle
))
?
'emailhandle'
:
'code'
;
/*
return
$qa_content
;
Omit PHP closing tag to help avoid accidental output
*/
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment