Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/sessions.php
changeset 359 e0787bb6285b
parent 345 4ccdfeee9a11
child 370 b251818286b1
equal deleted inserted replaced
358:b25d34fbc7ab 359:e0787bb6285b 
    12  * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
 
    12  * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
 
    13  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
 
    13  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
 
    14  */
 
    14  */
 
    15  
    15  
    16 // Prepare a string for insertion into a MySQL database
 
    16 // Prepare a string for insertion into a MySQL database
 
    17 function filter($str) { return $db->escape($str); }
 
    17 function filter($str) { global $db; return $db->escape($str); }
 
    18 
    18 
    19 /**
 
    19 /**
 
    20  * Anything and everything related to security and user management. This includes AES encryption, which is illegal in some countries.
 
    20  * Anything and everything related to security and user management. This includes AES encryption, which is illegal in some countries.
 
    21  * Documenting the API was not easy - I hope you folks enjoy it.
 
    21  * Documenting the API was not easy - I hope you folks enjoy it.
 
    22  * @package Enano
 
    22  * @package Enano
 
  1690     global $db, $session, $paths, $template, $plugins; // Common objects
 
  1690     global $db, $session, $paths, $template, $plugins; // Common objects
 
  1691     
  1691     
  1692     // Initialize AES
 
  1692     // Initialize AES
 
  1693     $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
 
  1693     $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
 
  1694     
  1694     
  1695     if(!preg_match('#^'.$this->valid_username.'$#', $username)) return 'The username you chose contains invalid characters.';
 
  1695     // Since we're recording IP addresses, make sure the user's IP is safe.
 
       
  1696     $ip =& $_SERVER['REMOTE_ADDR'];
 
       
  1697     if ( !is_valid_ip($ip) )
 
       
  1698       return 'Invalid IP';
 
       
  1699     
       
  1700     if ( !preg_match('#^'.$this->valid_username.'$#', $username) )
 
       
  1701       return 'The username you chose contains invalid characters.';
 
       
  1702     
  1696     $username = str_replace('_', ' ', $username);
 
  1703     $username = str_replace('_', ' ', $username);
 
  1697     $user_orig = $username;
 
  1704     $user_orig = $username;
 
  1698     $username = $this->prepare_text($username);
 
  1705     $username = $this->prepare_text($username);
 
  1699     $email = $this->prepare_text($email);
 
  1706     $email = $this->prepare_text($email);
 
  1700     $real_name = $this->prepare_text($real_name);
 
  1707     $real_name = $this->prepare_text($real_name);
 
  1764     
  1771     
  1765     // Generate a totally random activation key
 
  1772     // Generate a totally random activation key
 
  1766     $actkey = sha1 ( microtime() . mt_rand() );
 
  1773     $actkey = sha1 ( microtime() . mt_rand() );
 
  1767 
  1774 
  1768     // We good, create the user
 
  1775     // We good, create the user
 
  1769     $this->sql('INSERT INTO '.table_prefix.'users ( username, password, email, real_name, theme, style, reg_time, account_active, activation_key, user_level, user_coppa ) VALUES ( \''.$username.'\', \''.$password.'\', \''.$email.'\', \''.$real_name.'\', \''.$template->default_theme.'\', \''.$template->default_style.'\', '.time().', '.$active.', \''.$actkey.'\', '.USER_LEVEL_CHPREF.', ' . $coppa_col . ' );');
 
  1776     $this->sql('INSERT INTO '.table_prefix.'users ( username, password, email, real_name, theme, style, reg_time, account_active, activation_key, user_level, user_coppa, user_registration_ip ) VALUES ( \''.$username.'\', \''.$password.'\', \''.$email.'\', \''.$real_name.'\', \''.$template->default_theme.'\', \''.$template->default_style.'\', '.time().', '.$active.', \''.$actkey.'\', '.USER_LEVEL_CHPREF.', ' . $coppa_col . ', \'' . $ip . '\' );');
 
  1770     
  1777     
  1771     // Get user ID and create users_extra entry
 
  1778     // Get user ID and create users_extra entry
 
  1772     $q = $this->sql('SELECT user_id FROM '.table_prefix."users WHERE username='$username';");
 
  1779     $q = $this->sql('SELECT user_id FROM '.table_prefix."users WHERE username='$username';");
 
  1773     if ( $db->numrows() > 0 )
 
  1780     if ( $db->numrows() > 0 )
 
  1774     {
 
  1781     {
 
  1775       $row = $db->fetchrow();
 
  1782       list($user_id) = $db->fetchrow_num();
 
  1776       $db->free_result();
 
  1783       $db->free_result();
 
  1777       
  1784       
  1778       $user_id =& $row['user_id'];
 
  1785       $user_id =& $row['user_id'];
 
  1779       $this->sql('INSERT INTO '.table_prefix.'users_extra(user_id) VALUES(' . $user_id . ');');
 
  1786       $this->sql('INSERT INTO '.table_prefix.'users_extra(user_id) VALUES(' . $user_id . ');');
 
  1780     }
 
  1787     }
Enano CMS (1.1.x)