[ Index ] |
PHP Cross Reference of phpwcms V1.5.0 _r431 (28.01.12) |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * FE User frontend render script 5 * Use this to customize your frontend user registration form 6 * 7 * Frontend User Registration key can be found in constant FEUSER_REGKEY. 8 * The default value of FEUSER_REGKEY is "FEUSER". It can be changed by 9 * setting $phpwcms['feuser_regkey'] in conf.inc.php 10 */ 11 12 $fe_defaults = array( 13 14 'field-open' => '<p>', 15 'field-close' => '</p>', 16 17 'label-class' => 'label', 18 19 ); 20 21 22 // first check what to do 23 if(_getFeUserLoginStatus() && strpos($content['all'], '{FE_USER_MANAGE}')) { 24 25 $fe_action = '{FE_USER_MANAGE}'; 26 27 if( $_SESSION[ $_loginData['session_key'].'_userdata']['source'] == 'BACKEND' ) { 28 29 $fe_action = false; 30 } 31 32 33 } elseif(strpos($content['all'], '{FE_USER_REGISTER}')) { 34 35 $fe_action = '{FE_USER_REGISTER}'; 36 37 } else { 38 39 $fe_action = false; 40 41 } 42 43 44 // fe user register 45 if($fe_action) { 46 47 /** 48 * Define fields to be used - fields are named like in phpwcms_userdetail 49 * 'fieldname' => 'TYPE' (can be STRING, TEXT, CHECKBOX, RADIO, INT, FLOAT, TEL, COUNTRY, EMAIL) 50 * or 51 * 'fieldname' => array('type'=>'TYPE', 'value'=>default value, 'required'=>true|false) 52 * use array for multiple selections 53 * Use 'FIELDSET-X' => 'label', '/FIELDSET-X' => '' to enable fieldsets 54 */ 55 $fe_fields = array( 56 57 'FIELDSET-1' => 'label-fieldset-1', 58 59 'detail_login' => 'STRING', 60 'detail_password' => 'STRING', 61 62 '/FIELDSET-1' => '', 63 'FIELDSET-2' => 'label-fieldset-2', 64 65 'detail_title' => 'STRING', 66 'detail_salutation' => array( 'type'=>'RADIO', 'value'=>array('@@Mr@@', '@@Ms@@') ), 67 'detail_firstname' => 'STRING', 68 'detail_lastname' => 'STRING', 69 'detail_company' => 'STRING', 70 'detail_street' => 'STRING', 71 'detail_add' => 'STRING', 72 'detail_city' => 'STRING', 73 'detail_zip' => 'STRING', 74 'detail_region' => 'STRING', 75 'detail_country' => 'COUNTRY', 76 'detail_fon' => 'STRING', 77 'detail_fax' => 'STRING', 78 'detail_mobile' => 'STRING', 79 'detail_signature' => 'TEXT', 80 'detail_prof' => 'STRING', 81 'detail_notes' => 'TEXT', 82 'detail_email' => 'EMAIL', 83 84 '/FIELDSET-2' => '', 85 'FIELDSET-3' => 'label-fieldset-3', 86 87 'detail_website' => 'STRING', 88 'detail_userimage' => 'STRING', 89 'detail_gender' => 'STRING', 90 'detail_birthday' => 'STRING', 91 92 '/FIELDSET-3' => '', 93 'FIELDSET-4' => 'label-fieldset-4', 94 95 'detail_varchar1' => 'STRING', 96 'detail_varchar2' => 'STRING', 97 'detail_varchar3' => 'STRING', 98 'detail_varchar4' => 'STRING', 99 'detail_varchar5' => 'STRING', 100 101 'detail_text1' => 'TEXT', 102 'detail_text2' => 'TEXT', 103 'detail_text3' => 'TEXT', 104 'detail_text4' => 'TEXT', 105 'detail_text5' => 'TEXT', 106 107 'detail_int1' => 'INT', 108 'detail_int2' => 'INT', 109 'detail_int3' => 'INT', 110 'detail_int4' => 'INT', 111 'detail_int5' => 'INT', 112 113 'detail_float1' => 'FLOAT', 114 'detail_float2' => 'FLOAT', 115 'detail_float3' => 'FLOAT', 116 'detail_float4' => 'FLOAT', 117 'detail_float5' => 'FLOAT', 118 119 '/FIELDSET-4' => '' 120 ); 121 122 // init error array and error status set to false 123 $fe_error = array('status' => false); 124 125 // init fe data array 126 $fe_data = array(); 127 128 foreach($fe_fields as $fe_field => $fe_field_value) { 129 130 if( substr(ltrim($fe_field , '/'), 0, 8) === 'FIELDSET' ) { 131 $fe_fields[ $fe_field ] = array('type' => 'FIELDSET', 'label' => $fe_field_value, 'value'=>substr($fe_field, 0, 1)); 132 continue; 133 } 134 135 $fe_error[ $fe_field ] = ''; 136 137 if( is_array($fe_field_value) && isset($fe_field_value['type']) ) { 138 $fe_field_type = $fe_field_value['type']; 139 if(!isset($fe_field_value['value'])) { 140 $fe_fields[ $fe_field ]['value'] = ''; 141 } 142 $fe_fields[ $fe_field ]['required'] = empty( $fe_field_value['required'] ) ? false : true; 143 } else { 144 $fe_field_type = is_string($fe_field_value) ? $fe_field_value : 'STRING'; 145 $fe_fields[ $fe_field ] = array('type' => $fe_field_type, 'value' => '', 'required' => false); 146 } 147 148 if( $fe_field_type == 'INT' || $fe_field_type == 'FLOAT' ) { 149 $fe_data[ $fe_field ] = 0; 150 } else { 151 $fe_data[ $fe_field ] = ''; 152 } 153 154 } 155 156 dumpVar($fe_fields); 157 158 if($content['cat_id'] == 0) { 159 if($aktion[1]) { 160 $_uri_alias = 'aid='.$aktion[1]; 161 } elseif($content['struct'][0]['acat_alias']) { 162 $_uri_alias = $content['struct'][0]['acat_alias']; 163 } else { 164 $_uri_alias = 'id='.$content['cat_id']; 165 } 166 } else { 167 $_uri_alias = ''; 168 } 169 170 switch($fe_action) { 171 172 case '{FE_USER_MANAGE}': $_uri = rel_url( array('profile_manage'=>'edit'), array('profile_register', 'profile_reminder'), $_uri_alias ); 173 174 // at the moment it is only possible to edit user data of "real" FRONTEND users 175 // all BACKEND users should login to backend and edit their data there 176 $result = _dbGet( 177 'phpwcms_userdetail', '*', 178 "detail_filter='" . aporeplace(FEUSER_REGKEY) . "' AND detail_id=" . intval($_SESSION[ $_loginData['session_key'].'_userdata' ]['id']), 179 '', '', '1' ); 180 if(isset($result[0])) { 181 $fe_data = $result[0]; 182 $fe_data['detail_password'] = ''; 183 } 184 185 break; 186 187 case '{FE_USER_REGISTER}': $_uri = rel_url( array('profile_register'=>'create'), array('profile_manage', 'profile_reminder'), $_uri_alias ); 188 189 break; 190 191 } 192 193 194 if(isset($_POST['detail_login'])) { 195 196 $udata['user_login'] = clean_slweg($_POST['user_login']); 197 $udata['user_password'] = slweg($_POST['user_password']); 198 $udata['user_password2'] = slweg($_POST['user_password2']); 199 200 $udata['user_company'] = clean_slweg($_POST['user_company']); 201 $udata['user_title'] = clean_slweg($_POST['user_title']); 202 $udata['user_name'] = clean_slweg($_POST['user_name']); 203 $udata['user_firstname'] = clean_slweg($_POST['user_firstname']); 204 $udata['user_street'] = clean_slweg($_POST['user_street']); 205 $udata['user_zip'] = clean_slweg($_POST['user_zip']); 206 $udata['user_city'] = clean_slweg($_POST['user_city']); 207 $udata['user_tel'] = preg_replace('/[^0-9\+\-\(\) ]/', '', clean_slweg($_POST['user_tel']) ); 208 $udata['user_email'] = clean_slweg($_POST['user_email']); 209 210 211 if($fe_action == '{FE_USER_REGISTER}') { 212 213 214 $sql = 'SELECT COUNT(*) FROM '.DB_PREPEND."phpwcms_userdetail WHERE "; 215 $sql .= "detail_login LIKE '" . aporeplace($udata['user_login'])."'"; 216 217 if( empty($udata['user_login']) ) { 218 $uerror['user_login'] = '@@Login is required@@'; 219 } elseif( strlen($udata['user_login']) < 4 ) { 220 $uerror['user_login'] = '@@Login is too short (more than 3 chars)@@'; 221 } elseif( _dbCount( $sql ) ) { 222 $uerror['user_login'] = '@@Login not allowed@@'; 223 } 224 225 if( empty($udata['user_password']) ) { 226 $uerror['user_password'] = '@@Password is required@@'; 227 } elseif( strlen($udata['user_password']) < 4 ) { 228 $uerror['user_password'] = '@@Password is too short (more than 3 chars)@@'; 229 } elseif( $udata['user_password'] !== $udata['user_password2'] ) { 230 $uerror['user_password'] = '@@Password and repeat password are not equal@@'; 231 } 232 233 234 235 } else { 236 237 $udata['user_login'] = $_SESSION[ $_loginData['session_key'].'_userdata']['login']; 238 239 if( !empty($udata['user_password']) && strlen($udata['user_password']) < 4 ) { 240 $uerror['user_password'] = '@@Password is too short (more than 3 chars)@@'; 241 } elseif( $udata['user_password'] !== $udata['user_password2'] ) { 242 $uerror['user_password'] = '@@Password and repeat password are not equal@@'; 243 } 244 245 } 246 247 $sql = 'SELECT COUNT(*) FROM '.DB_PREPEND."phpwcms_userdetail WHERE "; 248 $sql .= "detail_login != '" . aporeplace($udata['user_login']) . "' AND "; 249 $sql .= "detail_email = '" . aporeplace(strtolower($udata['user_email']))."'"; 250 251 if( empty($udata['user_email']) ) { 252 $uerror['user_email'] = 'E-Mail muss ausgefüllt werden'; 253 } elseif( !is_valid_email($udata['user_email']) ) { 254 $uerror['user_email'] = 'E-Mail muss valide sein'; 255 } elseif( _dbCount( $sql ) ) { 256 $uerror['user_email'] = 'E-Mail bereits registriert'; 257 } 258 259 if( empty($udata['user_tel']) ) { 260 $uerror['user_tel'] = '@@Phone is required@@'; 261 } elseif( preg_match('/[^0-9\+\-\(\) ]/', $udata['user_tel']) ) { 262 $uerror['user_tel'] = '@@Only integers, spaces, parentheses, + or - are allowed@@'; 263 } 264 265 if( empty($udata['user_name']) ) { 266 $uerror['user_name'] = '@@Name is required@@'; 267 } 268 if( empty($udata['user_firstname']) ) { 269 $uerror['user_firstname'] = '@@First name is required@@'; 270 } 271 if( empty($udata['user_street']) ) { 272 $uerror['user_street'] = '@@Street is required@@'; 273 } 274 if( empty($udata['user_zip']) || empty($udata['user_city']) ) { 275 $uerror['user_zip'] = '@@Post code and city are required@@'; 276 } 277 278 279 } 280 281 $fe_reg = array(); 282 283 if($fe_action == '{FE_USER_REGISTER}') { 284 285 $fe_reg[] = '<p>Register Text</p>'; 286 287 } else { 288 289 $fe_reg[] = '<p>Edit Text</p>'; 290 291 } 292 293 $fe_reg[] = '<form action="' .$_uri. '" method="post">'; 294 295 foreach($fe_fields as $fe_field) { 296 297 switch($fe_field['type']) { 298 299 case 'TEXT': 300 break; 301 302 case 'EMAIL': 303 break; 304 305 case 'INT': 306 break; 307 308 case 'FLOAT': 309 break; 310 311 case 'RADIO': 312 break; 313 314 case 'CHECKBOX': 315 break; 316 317 case 'FIELDSET': 318 break; 319 320 case 'STRING': 321 default: 322 323 } 324 325 } 326 327 /* 328 $fe_reg[] = '<fieldset>'; 329 $fe_reg[] = '<legend> @@Login Data@@ </legend>'; 330 331 $fe_reg[] = is_fe_error('detail_login'); 332 $fe_reg[] = '<p>'; 333 $fe_reg[] = '<label class="labelpos" for="user_login">@@Login@@</label>'; 334 if($fe_action == '{FE_USER_REGISTER}') { 335 $fe_reg[] = '<input type="text" name="user_login" id="user_login" value="' .html_specialchars($udata['user_login']). '" class="textfield" maxlength="200" size="30" />'; 336 } else { 337 $fe_reg[] = '<strong>' .html_specialchars($udata['user_login']). '</strong>'; 338 $fe_reg[] = '<input type="hidden" name="user_login" value="' .html_specialchars($udata['user_login']). '" />'; 339 } 340 $fe_reg[] = '</p>'; 341 */ 342 343 344 345 // Submit Button Line 346 $fe_reg[] = '<p>'; 347 $fe_reg[] = ' <input type="submit" value="@@Submit@@" class="button" />'; 348 $fe_reg[] = '</p>'; 349 350 351 $fe_reg[] = '</form>'; 352 353 $fe_reg = implode(LF, $fe_reg); 354 355 356 if(isset($_POST['user_login']) && $fe_action == '{FE_USER_REGISTER}') { 357 if($uerror['status']) { 358 359 $fe_reg = '<p class="error">Es sind Fehler bei der Verarbeitung des Formulars aufgetreten. Bitte prüfen Sie Ihre Angaben.</p>' . LF . $fe_reg; 360 361 } else { 362 363 $profile_data = $udata; 364 unset($profile_data['user_password'], $profile_data['user_password2']); 365 366 $sql = 'INSERT INTO '.DB_PREPEND.'phpwcms_userdetail ('; 367 $sql .= 'detail_title, detail_firstname, detail_lastname, detail_company, detail_street, detail_city, detail_zip, '; 368 $sql .= 'detail_fon, detail_notes, detail_aktiv, detail_newsletter, detail_varchar1, detail_email, detail_login, detail_password) VALUES ('; 369 $sql .= "'" . aporeplace($udata['user_title']) . "', "; 370 $sql .= "'" . aporeplace($udata['user_firstname']) . "', "; 371 $sql .= "'" . aporeplace($udata['user_name']) . "', "; 372 $sql .= "'" . aporeplace($udata['user_company']) . "', "; 373 $sql .= "'" . aporeplace($udata['user_street']) . "', "; 374 $sql .= "'" . aporeplace($udata['user_city']) . "', "; 375 $sql .= "'" . aporeplace($udata['user_zip']) . "', "; 376 $sql .= "'" . aporeplace($udata['user_tel']) . "', "; 377 $sql .= "'" . aporeplace(serialize($profile_data)) . "', "; 378 $sql .= "'0', "; 379 $sql .= "'" . ( empty($udata['user_profile_7'][3]) ? '' : 1 ) . "', "; 380 $sql .= "'fereg', "; 381 $sql .= "'" . aporeplace(strtolower($udata['user_email'])) . "', "; 382 $sql .= "'" . aporeplace($udata['user_login']) . "', "; 383 $sql .= "'" .