Hi guys and girls,
I have been editing the bridged registration for quite some time now to include some extra form fields for users to fill out and some extra validation taken from the SMF registration (Register.php). I have gone into this in some depth and I have a fair idea how the bridged registration works. Through careful comparison of the original SMF and Mambo registrations I have discovered there are a number of little pitfalls with the bridged registration;
- It check's to make sure Mambo registration is enabled but NOT SMF-doesnt make sense for a 'bridge'
- It does not check for banned email addresses added to SMF
- It does not have the flexibility of registering options into the themes table-i..e all registration fields must be existing in smf_members
- SMF has an extra 'admin' registration, I can't see how this ties in with the bridge
With my limited knowledge of SMF and Mambo Ive tried to ressurect a few of these issues, along with including some of the extra fields I would like in the registration. I haven't fully tested it, but I was wondering if someone could take a quick look at my mod's and tell me if im on the right track..
NB: ALL mod's/code added by me are b/w the '<----->' and denoted with "Added:" commentsCheers
<?php
//smf_registration.php
/**
* @version $Id: registration.php,v 1.19 2004/09/22 00:12:41 prazgod Exp $
* @package Mambo_4.5.1
* @copyright (C) 2000 - 2004 Miro International Pty Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
* Mambo is Free Software
*/
/** ensure this file is being included by a parent file */
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
$task = mosGetParam( $_REQUEST, 'task', "" );
require_once( $mainframe->getPath( 'front_html' ) );
global $mosConfig_absolute_path, $database;
global $mos_prefix,$smf_prefix;
if (!defined('SMF')){
global $mosConfig_absolute_path;
require ($mosConfig_absolute_path."/administrator/components/com_smf/config.smf.php");
require ($smf_path."/SSI.php");
}
switch( $task ) {
case "lostPassword":
lostPassForm( $option );
break;
case "sendNewPass":
sendNewPass( $option );
break;
case "register":
registerForm( $option, $mosConfig_useractivation );
break;
case "":
registerForm( $option, $mosConfig_useractivation );
break;
case "saveRegistration":
saveRegistration( $option );
break;
case "activate":
activate( $option );
break;
}
function lostPassForm( $option ) {
global $mainframe;
$mainframe->SetPageTitle(_PROMPT_PASSWORD);
HTML_smf_registration::lostPassForm($option);
}
function sendNewPass( $option ) {
global $database, $Itemid;
global $mosConfig_live_site, $mosConfig_sitename, $smf_prefix;
$_live_site = $mosConfig_live_site;
$_sitename = $mosConfig_sitename;
// ensure no malicous sql gets past
$checkusername = trim( mosGetParam( $_POST, 'checkusername', '') );
$checkusername = $database->getEscaped( $checkusername );
$confirmEmail = trim( mosGetParam( $_POST, 'confirmEmail', '') );
$confirmEmail = $database->getEscaped( $confirmEmail );
$database->setQuery( "SELECT id, username FROM #__users"
. "\nWHERE username='$checkusername' AND email='$confirmEmail'"
);
if (!($user_id = $database->loadResult()) || !$checkusername || !$confirmEmail) {
mosRedirect( "index.php?option=$option&task=lostPassword&mosmsg="._ERROR_PASS );
}
$database->setQuery( "SELECT name, email FROM #__users"
. "\n WHERE usertype='superadministrator'" );
$rows = $database->loadObjectList();
foreach ($rows AS $row) {
$adminName = $row->name;
$adminEmail = $row->email;
}
$newpass = mosMakePassword();
$message = _NEWPASS_MSG;
eval ("\$message = \"$message\";");
$subject = _NEWPASS_SUB;
eval ("\$subject = \"$subject\";");
mosMail($mosConfig_mailfrom, $mosConfig_fromname, $confirmEmail, $subject, $message);
$newpass = md5( $newpass );
$sql = "UPDATE #__users SET password='$newpass' WHERE id='$user_id'";
$database->setQuery( $sql );
if (!$database->query()) {
die("SQL error" . $database->stderr(true));
}
$sql = "UPDATE {$smf_prefix}members SET passwd='$newpass' WHERE memberName='$checkusername'";
$database->setQuery( $sql );
if (!$database->query()) {
die("SQL error" . $database->stderr(true));
}
mosRedirect( "index.php?Itemid=$Itemid&mosmsg="._NEWPASS_SENT );
}
function registerForm( $option, $useractivation ) {
global $mainframe, $database, $my, $acl, $boarddir;
if (!$mainframe->getCfg( 'allowUserRegistration' )) {
mosNotAuth();
return;
}
$mainframe->SetPageTitle(_REGISTER_TITLE);
HTML_smf_registration::registerForm($option, $useractivation, $context);
}
function saveRegistration( $option ) {
global $modSettings,$user_settings,$context, $database, $my, $acl, $db_name, $user_info;
global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;
global $mos_prefix,$smf_prefix;
//Added : make sure both Mambo & SMF have registration enabled, else return
if ($mosConfig_allowUserRegistration=="0" || (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3)) {
mosNotAuth();
return;
}
mysql_select_db($GLOBALS['mosConfig_db']);
$row = new mosUser( $database );
//??? Where's usertype coming from ? Can't see it being posted by smf_registration.html.php ?
if (!$row->bind( $_POST, "usertype" )) {
echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n";
exit();
}
mosMakeHtmlSafe($row);
$row->id = 0;
$row->usertype = '';
$row->gid = $acl->get_group_id('Registered','ARO');
if ($mosConfig_useractivation=="1") {
$row->activation = md5( mosMakePassword() );
$row->block = "1";
}
//validate using check() of Mambo's mosUser class (see mambo.php)
if (!$row->check()) {
echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n";
exit();
}
$pwd = $row->password;
$row->password = md5( $row->password );
$row->registerDate = date("Y-m-d H:i:s");
//
if (!$row->store()) {
echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n";
exit();
}
mysql_select_db($db_name);
// Check if the email address and/or username is in use.
$request = mysql_query("
SELECT ID_MEMBER
FROM {$smf_prefix}members
WHERE emailAddress = '$email'
OR emailAddress = '$username'
OR memberName = '$username'
OR realName = '$name'
LIMIT 1");
if (mysql_num_rows($request) != 0)
fatal_error(sprintf($txt[730], htmlspecialchars($email)), false);
mysql_free_result($request);
//<------------------------------------------------------------------>
//Added: SMF's extra checks for reserverd usernames & banned email addresses
if (isReservedName($username, 0, false))
fatal_error('(' . htmlspecialchars($username)) .' '. $txt[473], false);
// Clear ban on email address, the user might come up with a better address.
if (!empty($_SESSION['ban']['cannot_register']['type']) && $_SESSION['ban']['cannot_register']['type'] == 'email_ban')
$_SESSION['ban']['cannot_register'] = array(
'is_banned' => false
);
if (!empty($_SESSION['ban']['full_ban']['type']) && $_SESSION['ban']['full_ban']['type'] == 'email_ban')
$_SESSION['ban']['full_ban'] = array(
'is_banned' => false
);
// Is this email address banned?
$request = db_query("
SELECT restriction_type, reason
FROM {$smf_prefix}banned
WHERE ban_type = 'email_ban'
AND '$email' LIKE email_address
AND (restriction_type = 'cannot_register' OR restriction_type = 'full_ban')", __FILE__, __LINE__);
if (mysql_num_rows($request) > 0)
while ($row = mysql_fetch_assoc($request))
{
$_SESSION['ban'][$row['restriction_type']] = array(
'is_banned' => true,
'reason' => empty($row['reason']) ? '' : '<br /><br /><b>' . $txt['ban_reason'] . ':</b> ' . $row['reason'],
'type' => 'email_ban'
);
}
mysql_free_result($request);
// This email address must be registered as banned.
if (isset($_SESSION['ban']) && ($_SESSION['ban']['full_ban']['is_banned'] || $_SESSION['ban']['cannot_register']['is_banned']))
{
// Log this ban for future reference.
db_query("
INSERT INTO {$smf_prefix}log_banned
(ID_MEMBER, ip, email, logTime)
VALUES (0, '$user_info[ip]', '$email', " . time() . ')', __FILE__, __LINE__);
// Full ban. Get the default ban error.
if ($_SESSION['ban']['full_ban']['is_banned'])
fatal_error(sprintf($txt[430], $txt[28]) . $_SESSION['ban']['full_ban']['reason']);
// 'Cannot register' ban.
if ($_SESSION['ban']['cannot_register']['is_banned'])
fatal_error($txt['ban_register_prohibited'] . '!' . $_SESSION['ban']['cannot_register']['reason']);
}
//<--------------------------------------------------------------->
//OK then, let's get this user into Mambo
mysql_select_db($GLOBALS['mosConfig_db']);
$row->checkin();
$name = $row->name;
$email = $row->email;
$username = $row->username;
$mos_find_id = mysql_query( "SELECT id FROM {$mos_prefix}users WHERE name='".$name."' LIMIT 1");
$mos_id_array = mysql_fetch_array($mos_find_id);
$mos_id = $mos_id_array[0];
$mos_write = mysql_query( "INSERT INTO {$mos_prefix}core_acl_aro ( `aro_id` , `section_value` , `value` , `order_value` , `name` , `hidden` ) VALUES ('', 'users', '".$mos_id."', '0', '".$name."', '0');");
$mos_map_sql = mysql_query("SELECT `aro_id` FROM {$mos_prefix}core_acl_aro WHERE name='".$name."' LIMIT 1");
$mos_map_array = mysql_fetch_array($mos_map_sql);
$aro_id = $mos_map_array[0];
$mos_write = mysql_query ("INSERT INTO {$mos_prefix}core_acl_groups_aro_map ( `group_id` , `section_value` , `aro_id` ) VALUES ('18', '', '".$aro_id."');");
// register each user into SMF right away. This saves from having to confirm email address/password later
mysql_select_db($db_name);
// Some of these might be overwritten. (the lower ones that are in the arrays below.)
$register_vars = array(
'memberName' => "'$username'",
'emailAddress' => "'$email'",
'passwd' => '\'' . md5_hmac($pwd, strtolower($username)) . '\'',
'posts' => 0,
'dateRegistered' => time(),
'memberIP' => "'$user_info[ip]'",
'is_activated' => empty($modSettings['registration_method']) || (!isset($_POST['emailActivate']) && $user_info['is_admin']) ? 1 : 0,
'validation_code' => !empty($modSettings['registration_method']) && $modSettings['registration_method'] == 1 ? "'$pwd'" : "''",
'realName' => "'$name'",
'personalText' => '\'' . addslashes($modSettings['default_personalText']) . '\'',
'im_email_notify' => 1,
'ID_THEME' => 0,
'ID_POST_GROUP' => 4,
);
// Make sure the ID_GROUP will be valid, if this is an administator.
if ($user_info['is_admin'])
$register_vars['ID_GROUP'] = empty($_POST['group']) ? 0 : (int) $_POST['group'];
// !!! These need more validation and possibly permissions!!
// !!! Add birthdate parts?
$possible_strings = array(
'realName',
'lngfile',
'personalText', 'signature', 'avatar',
'location',
'websiteTitle', 'websiteUrl',
'gender',
'timeFormat',
'secretQuestion', 'secretAnswer',
'smileySet',
'birthdate',
);
$possible_ints = array(
'ICQ', 'AIM', 'YIM', 'MSN',
'ID_THEME',
);
$possible_floats = array(
'timeOffset',
);
$possible_bools = array(
'hideEmail', 'showOnline',
'im_email_notify',
'notifyAnnouncements', 'notifyOnce',
);
foreach ($possible_strings as $var)
if (isset($_POST[$var]))
$register_vars[$var] = '\'' . $_POST[$var] . '\'';
foreach ($possible_ints as $var)
if (isset($_POST[$var]))
$register_vars[$var] = (int) $_POST[$var];
foreach ($possible_floats as $var)
if (isset($_POST[$var]))
$register_vars[$var] = (float) $_POST[$var];
foreach ($possible_bools as $var)
if (isset($_POST[$var]))
$register_vars[$var] = empty($_POST[$var]) ? 0 : 1;
//<--------------------------------------------------------------------->
//Added: collect any option/default_option variables
// Register options are always default options...
if (isset($_POST['default_options']))
$_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
// Administrator? We'll need to fetch the default theme options for the guest, then.
if ($user_info['is_admin'])
{
$result = db_query("
SELECT variable, value
FROM {$db_prefix}themes
WHERE ID_MEMBER = -1
AND ID_THEME" . ($settings['theme_id'] == 1 ? ' = 1' : " IN ($settings[theme_id], 1)"), __FILE__, __LINE__);
$options2 = array();
while ($row = mysql_fetch_assoc($result))
{
if (!isset($options2[$row['variable']]) || $row['ID_THEME'] != '1')
$options2[$row['variable']] = $row['value'];
}
mysql_free_result($result);
$theme_vars = (isset($_POST['options']) && is_array($_POST['options']) ? $_POST['options'] : array()) + $options2;
}
// Set up the theme variables.... then add $options for the defaults.
else
$theme_vars = (isset($_POST['options']) && is_array($_POST['options']) ? $_POST['options'] : array()) + $options;
//<---------------------------------------------------------------------->
// Register them into the database.
mysql_query("
INSERT INTO {$smf_prefix}members
(" . implode(', ', array_keys($register_vars)) . ")
VALUES (" . implode(', ', $register_vars) . ')');
$memberID = db_insert_id();
updateStats('member');
mysql_select_db($GLOBALS['mosConfig_db']);
//<------------------------------------------------------------------>
//Added: registering of theme variables
// Theme variables too?
if (!empty($theme_vars))
{
$setString = '';
foreach ($theme_vars as $var => $val)
$setString .= "
($memberID, '$var', '$val'),";
db_query("
INSERT INTO {$db_prefix}themes
(ID_MEMBER, variable, value)
VALUES " . substr($setString, 0, -1), __FILE__, __LINE__);
}
//<--------------------------------------------------------->
$subject = sprintf (_SEND_SUB, $name, $mosConfig_sitename);
$subject = html_entity_decode($subject, ENT_QUOTES);
if ($mosConfig_useractivation=="1"){
$message = sprintf (_USEND_MSG_ACTIVATE, $name, $mosConfig_sitename, $mosConfig_live_site."/index.php?option=com_smf_registration&task=activate&activation=".$row->activation, $mosConfig_live_site, $username, $pwd);
} else {
$message = sprintf (_USEND_MSG, $name, $mosConfig_sitename, $mosConfig_live_site);
}
$message = html_entity_decode($message, ENT_QUOTES);
// Send email to user
if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
$adminName2 = $mosConfig_fromname;
$adminEmail2 = $mosConfig_mailfrom;
} else {
$database->setQuery( "SELECT name, email FROM #__users"
."\n WHERE usertype='superadministrator'" );
$rows = $database->loadObjectList();
$row2 = $rows[0];
$adminName2 = $row2->name;
$adminEmail2 = $row2->email;
}
mosMail($adminEmail2, $adminName2, $email, $subject, $message);
// Send notification to all administrators
$subject2 = sprintf (_SEND_SUB, $name, $mosConfig_sitename);
$message2 = sprintf (_ASEND_MSG, $adminName2, $mosConfig_sitename, $row->name, $email, $username);
$subject2 = html_entity_decode($subject2, ENT_QUOTES);
$message2 = html_entity_decode($message2, ENT_QUOTES);
// get superadministrators id
$admins = $acl->get_group_objects( 25, 'ARO' );
foreach ( $admins['users'] AS $id ) {
$database->setQuery( "SELECT email, sendEmail FROM #__users"
."\n WHERE id='$id'" );
$rows = $database->loadObjectList();
$row = $rows[0];
if ($row->sendEmail) {
mosMail($adminEmail2, $adminName2, $row->email, $subject2, $message2);
}
}
if ( $mosConfig_useractivation == "1" ){
echo _REG_COMPLETE_ACTIVATE;
} else {
echo _REG_COMPLETE;
}
}
function activate( $option ) {
global $database, $smf_prefix, $mos_prefix;
$activation = trim( mosGetParam( $_REQUEST, 'activation', '') );
$request = mysql_query( "SELECT id,username FROM {$mos_prefix}users WHERE activation='$activation' AND block='1'" );
$result = mysql_fetch_array($request);
if ($result[0]) {
$database->setQuery( "UPDATE #__users SET block='0', activation='' WHERE activation='$activation' AND block='1'" );
if (!$database->query()) {
echo "SQL error" . $database->stderr(true);
}
mysql_select_db ($db_name);
mysql_query("UPDATE {$smf_prefix}members SET is_activated='1' , validation_code='' WHERE memberName = '$result[1]' LIMIT 1");
mysql_select_db ($mosConfig_db);
echo _REG_ACTIVATE_COMPLETE;
} else {
echo _REG_ACTIVATE_NOT_FOUND;
}
}
function is_email($email){
$rBool=false;
if(preg_match("/[\w\.\-]+@\w+[\w\.\-]*?\.\w{1,4}/", $email)){
$rBool=true;
}
return $rBool;
}
/* This function will login the user to both Mambo and SMF */
function smf_login( $username = null,$passwd = null ) {
mosRedirect( "index.php?option=login&username=" . $username . "&passwd=" . $passwd );
}
mysql_select_db($GLOBALS['mosConfig_db']);
?>