Menu
▾
▴
xoops-svn
|
From: <rgr...@us...> - 2013-10-22 17:13:46
|
Revision: 12192
http://sourceforge.net/p/xoops/svn/12192
Author: rgriffith
Date: 2013-10-22 17:13:44 +0000 (Tue, 22 Oct 2013)
Log Message:
-----------
Patch for input validation bypass issue reported by Tatane.
There are steps which should be taken but this should solve the most important issues.
Modified Paths:
--------------
XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/include/forms.php
XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/register.php
Modified: XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/include/forms.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/include/forms.php 2013-10-21 09:25:26 UTC (rev 12191)
+++ XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/include/forms.php 2013-10-22 17:13:44 UTC (rev 12192)
@@ -279,6 +279,13 @@
*/
function profile_getRegisterForm(&$user, $profile, $step = null)
{
+ global $opkey; // should be set in register.php
+ if (empty($opkey)) {
+ $opkey='profile_opname';
+ }
+ $next_opname = 'op' . mt_rand(10000, 99999);
+ $_SESSION[$opkey] = $next_opname;
+
include_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
if (empty($GLOBALS['xoopsConfigUser'])) {
$config_handler =& xoops_gethandler('config');
@@ -358,6 +365,7 @@
$reg_form->addElement(new XoopsFormCaptcha(), true);
}
+ $reg_form->addElement(new XoopsFormHidden($next_opname, 'register'));
$reg_form->addElement(new XoopsFormHidden('uid', $user->getVar('uid')));
$reg_form->addElement(new XoopsFormHidden('step', $step_no) );
$reg_form->addElement(new XoopsFormButton('', 'submitButton', _SUBMIT, 'submit'));
Modified: XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/register.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/register.php 2013-10-21 09:25:26 UTC (rev 12191)
+++ XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/register.php 2013-10-22 17:13:44 UTC (rev 12192)
@@ -41,7 +41,19 @@
exit();
}
-$op = !isset($_POST['op']) ? 'register' : $_POST['op'];
+// get the key we need to access out 'op' in $_POST
+// if this key is not set, empty $_POST since this is a new registration and
+// no legitimate data would be there.
+$opkey = 'profile_opname';
+if (isset($_SESSION[$opkey])) {
+ $current_opname = $_SESSION[$opkey];
+ unset($_SESSION[$opkey]);
+} else {
+ $_POST=array();
+ $current_opname = 'op'; // does not matter, it isn't there
+}
+
+$op = !isset($_POST[$current_opname]) ? 'register' : $_POST[$current_opname];
$current_step = isset($_POST['step']) ? intval( $_POST['step'] ) : 0;
// The newly introduced variable $_SESSION['profile_post'] is contaminated by $_POST, thus we use an old vaiable to hold uid parameter
|
|
From: <be...@us...> - 2014-05-25 10:52:47
|
Revision: 12549
http://sourceforge.net/p/xoops/svn/12549
Author: beckmi
Date: 2014-05-25 10:52:42 +0000 (Sun, 25 May 2014)
Log Message:
-----------
- added routine to delete .html templates (slider84)
- added extra Captcha check for the first registration step (Roby73/mamba)
- added routine to delete /images and other folder when updating (cesag/mamba)
Modified Paths:
--------------
XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/admin/menu.php
XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/docs/changelog.txt
XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/include/forms.php
XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/include/update.php
XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/language/english/modinfo.php
XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/userinfo.php
XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/xoops_version.php
Modified: XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/admin/menu.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/admin/menu.php 2014-05-25 10:51:18 UTC (rev 12548)
+++ XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/admin/menu.php 2014-05-25 10:52:42 UTC (rev 12549)
@@ -42,27 +42,27 @@
$adminmenu[$i]['title'] = _PROFILE_MI_HOME;
$adminmenu[$i]['link'] = "admin/index.php";
$adminmenu[$i]['icon'] = $pathIcon32.'/home.png' ;
-$i++;
+++$i;
$adminmenu[$i]['title'] = _PROFILE_MI_USERS;
$adminmenu[$i]['link'] = "admin/user.php";
$adminmenu[$i]['icon'] = $pathIcon32.'/users.png' ;
-$i++;
+++$i;
$adminmenu[$i]['title'] = _PROFILE_MI_CATEGORIES;
$adminmenu[$i]['link'] = "admin/category.php";
$adminmenu[$i]['icon'] = $pathIcon32.'/category.png' ;
-$i++;
+++$i;
$adminmenu[$i]['title'] = _PROFILE_MI_FIELDS;
$adminmenu[$i]['link'] = "admin/field.php";
$adminmenu[$i]['icon'] = $pathIcon32.'/index.png' ;
-$i++;
+++$i;
$adminmenu[$i]['title'] = _PROFILE_MI_STEPS;
$adminmenu[$i]['link'] = "admin/step.php";
$adminmenu[$i]['icon'] = $pathIcon32.'/stats.png' ;
-$i++;
+++$i;
$adminmenu[$i]['title'] = _PROFILE_MI_PERMISSIONS;
$adminmenu[$i]['link'] = "admin/permissions.php";
$adminmenu[$i]['icon'] = $pathIcon32.'/permissions.png' ;
-$i++;
+++$i;
$adminmenu[$i]['title'] = _PROFILE_MI_ABOUT;
$adminmenu[$i]['link'] = 'admin/about.php';
$adminmenu[$i]['icon'] = $pathIcon32.'/about.png';
Modified: XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/docs/changelog.txt
===================================================================
--- XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/docs/changelog.txt 2014-05-25 10:51:18 UTC (rev 12548)
+++ XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/docs/changelog.txt 2014-05-25 10:52:42 UTC (rev 12549)
@@ -4,6 +4,8 @@
- renamed .html Smarty templates to .tpl (mamba)
- fixed missing .tpl (cesag/slider84)
- added routine to delete .html templates (slider84)
+- added extra Captcha check for the first registration step (Roby73/mamba)
+- added routine to delete /images and other folder when updating (cesag/mamba)
1.64 Final
--------------------------------------
Modified: XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/include/forms.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/include/forms.php 2014-05-25 10:51:18 UTC (rev 12548)
+++ XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/include/forms.php 2014-05-25 10:52:42 UTC (rev 12549)
@@ -23,8 +23,8 @@
/**
* Get {@link XoopsThemeForm} for adding/editing fields
*
- * @param object $field {@link ProfileField} object to get edit form for
- * @param mixed $action URL to submit to - or false for $_SERVER['REQUEST_URI']
+ * @param object $field {@link ProfileField} object to get edit form for
+ * @param mixed $action URL to submit to - or false for $_SERVER['REQUEST_URI']
*
* @return object
*/
@@ -47,7 +47,7 @@
$fieldcat_id = 0;
}
$category_handler =& xoops_getmodulehandler('category');
- $cat_select = new XoopsFormSelect(_PROFILE_AM_CATEGORY, 'field_category', $fieldcat_id);
+ $cat_select = new XoopsFormSelect(_PROFILE_AM_CATEGORY, 'field_category', $fieldcat_id);
$cat_select->addOption(0, _PROFILE_AM_DEFAULT);
$cat_select->addOptionArray($category_handler->getList());
$form->addElement($cat_select);
@@ -62,21 +62,22 @@
//autotext and theme left out of this one as fields of that type should never be changed (valid assumption, I think)
$fieldtypes = array(
- 'checkbox' => _PROFILE_AM_CHECKBOX,
- 'date' => _PROFILE_AM_DATE,
- 'datetime' => _PROFILE_AM_DATETIME,
- 'longdate' => _PROFILE_AM_LONGDATE,
- 'group' => _PROFILE_AM_GROUP,
- 'group_multi' => _PROFILE_AM_GROUPMULTI,
- 'language' => _PROFILE_AM_LANGUAGE,
- 'radio' => _PROFILE_AM_RADIO,
- 'select' => _PROFILE_AM_SELECT,
+ 'checkbox' => _PROFILE_AM_CHECKBOX,
+ 'date' => _PROFILE_AM_DATE,
+ 'datetime' => _PROFILE_AM_DATETIME,
+ 'longdate' => _PROFILE_AM_LONGDATE,
+ 'group' => _PROFILE_AM_GROUP,
+ 'group_multi' => _PROFILE_AM_GROUPMULTI,
+ 'language' => _PROFILE_AM_LANGUAGE,
+ 'radio' => _PROFILE_AM_RADIO,
+ 'select' => _PROFILE_AM_SELECT,
'select_multi' => _PROFILE_AM_SELECTMULTI,
- 'textarea' => _PROFILE_AM_TEXTAREA,
- 'dhtml' => _PROFILE_AM_DHTMLTEXTAREA,
- 'textbox' => _PROFILE_AM_TEXTBOX,
- 'timezone' => _PROFILE_AM_TIMEZONE,
- 'yesno' => _PROFILE_AM_YESNO);
+ 'textarea' => _PROFILE_AM_TEXTAREA,
+ 'dhtml' => _PROFILE_AM_DHTMLTEXTAREA,
+ 'textbox' => _PROFILE_AM_TEXTBOX,
+ 'timezone' => _PROFILE_AM_TIMEZONE,
+ 'yesno' => _PROFILE_AM_YESNO
+ );
$element_select = new XoopsFormSelect(_PROFILE_AM_TYPE, 'field_type', $field->getVar('field_type', 'e'));
$element_select->addOptionArray($fieldtypes);
@@ -86,20 +87,21 @@
switch ($field->getVar('field_type')) {
case "textbox":
$valuetypes = array(
- XOBJ_DTYPE_ARRAY => _PROFILE_AM_ARRAY,
- XOBJ_DTYPE_EMAIL => _PROFILE_AM_EMAIL,
- XOBJ_DTYPE_INT => _PROFILE_AM_INT,
- XOBJ_DTYPE_FLOAT => _PROFILE_AM_FLOAT,
- XOBJ_DTYPE_DECIMAL => _PROFILE_AM_DECIMAL,
- XOBJ_DTYPE_TXTAREA => _PROFILE_AM_TXTAREA,
- XOBJ_DTYPE_TXTBOX => _PROFILE_AM_TXTBOX,
- XOBJ_DTYPE_URL => _PROFILE_AM_URL,
- XOBJ_DTYPE_OTHER => _PROFILE_AM_OTHER,
- XOBJ_DTYPE_UNICODE_ARRAY => _PROFILE_AM_UNICODE_ARRAY,
- XOBJ_DTYPE_UNICODE_TXTBOX => _PROFILE_AM_UNICODE_TXTBOX,
- XOBJ_DTYPE_UNICODE_TXTAREA => _PROFILE_AM_UNICODE_TXTAREA,
- XOBJ_DTYPE_UNICODE_EMAIL => _PROFILE_AM_UNICODE_EMAIL,
- XOBJ_DTYPE_UNICODE_URL => _PROFILE_AM_UNICODE_URL);
+ XOBJ_DTYPE_ARRAY => _PROFILE_AM_ARRAY,
+ XOBJ_DTYPE_EMAIL => _PROFILE_AM_EMAIL,
+ XOBJ_DTYPE_INT => _PROFILE_AM_INT,
+ XOBJ_DTYPE_FLOAT => _PROFILE_AM_FLOAT,
+ XOBJ_DTYPE_DECIMAL => _PROFILE_AM_DECIMAL,
+ XOBJ_DTYPE_TXTAREA => _PROFILE_AM_TXTAREA,
+ XOBJ_DTYPE_TXTBOX => _PROFILE_AM_TXTBOX,
+ XOBJ_DTYPE_URL => _PROFILE_AM_URL,
+ XOBJ_DTYPE_OTHER => _PROFILE_AM_OTHER,
+ XOBJ_DTYPE_UNICODE_ARRAY => _PROFILE_AM_UNICODE_ARRAY,
+ XOBJ_DTYPE_UNICODE_TXTBOX => _PROFILE_AM_UNICODE_TXTBOX,
+ XOBJ_DTYPE_UNICODE_TXTAREA => _PROFILE_AM_UNICODE_TXTAREA,
+ XOBJ_DTYPE_UNICODE_EMAIL => _PROFILE_AM_UNICODE_EMAIL,
+ XOBJ_DTYPE_UNICODE_URL => _PROFILE_AM_UNICODE_URL
+ );
$type_select = new XoopsFormSelect(_PROFILE_AM_VALUETYPE, 'field_valuetype', $field->getVar('field_valuetype', 'e'));
$type_select->addOptionArray($valuetypes);
@@ -109,20 +111,21 @@
case "select":
case "radio":
$valuetypes = array(
- XOBJ_DTYPE_ARRAY => _PROFILE_AM_ARRAY,
- XOBJ_DTYPE_EMAIL => _PROFILE_AM_EMAIL,
- XOBJ_DTYPE_INT => _PROFILE_AM_INT,
- XOBJ_DTYPE_FLOAT => _PROFILE_AM_FLOAT,
- XOBJ_DTYPE_DECIMAL => _PROFILE_AM_DECIMAL,
- XOBJ_DTYPE_TXTAREA => _PROFILE_AM_TXTAREA,
- XOBJ_DTYPE_TXTBOX => _PROFILE_AM_TXTBOX,
- XOBJ_DTYPE_URL => _PROFILE_AM_URL,
- XOBJ_DTYPE_OTHER => _PROFILE_AM_OTHER,
- XOBJ_DTYPE_UNICODE_ARRAY => _PROFILE_AM_UNICODE_ARRAY,
- XOBJ_DTYPE_UNICODE_TXTBOX => _PROFILE_AM_UNICODE_TXTBOX,
- XOBJ_DTYPE_UNICODE_TXTAREA => _PROFILE_AM_UNICODE_TXTAREA,
- XOBJ_DTYPE_UNICODE_EMAIL => _PROFILE_AM_UNICODE_EMAIL,
- XOBJ_DTYPE_UNICODE_URL => _PROFILE_AM_UNICODE_URL);
+ XOBJ_DTYPE_ARRAY => _PROFILE_AM_ARRAY,
+ XOBJ_DTYPE_EMAIL => _PROFILE_AM_EMAIL,
+ XOBJ_DTYPE_INT => _PROFILE_AM_INT,
+ XOBJ_DTYPE_FLOAT => _PROFILE_AM_FLOAT,
+ XOBJ_DTYPE_DECIMAL => _PROFILE_AM_DECIMAL,
+ XOBJ_DTYPE_TXTAREA => _PROFILE_AM_TXTAREA,
+ XOBJ_DTYPE_TXTBOX => _PROFILE_AM_TXTBOX,
+ XOBJ_DTYPE_URL => _PROFILE_AM_URL,
+ XOBJ_DTYPE_OTHER => _PROFILE_AM_OTHER,
+ XOBJ_DTYPE_UNICODE_ARRAY => _PROFILE_AM_UNICODE_ARRAY,
+ XOBJ_DTYPE_UNICODE_TXTBOX => _PROFILE_AM_UNICODE_TXTBOX,
+ XOBJ_DTYPE_UNICODE_TXTAREA => _PROFILE_AM_UNICODE_TXTAREA,
+ XOBJ_DTYPE_UNICODE_EMAIL => _PROFILE_AM_UNICODE_EMAIL,
+ XOBJ_DTYPE_UNICODE_URL => _PROFILE_AM_UNICODE_URL
+ );
$type_select = new XoopsFormSelect(_PROFILE_AM_VALUETYPE, 'field_valuetype', $field->getVar('field_valuetype', 'e'));
$type_select->addOptionArray($valuetypes);
@@ -135,7 +138,7 @@
if ($field->getVar('field_type') == "select" || $field->getVar('field_type') == "select_multi" || $field->getVar('field_type') == "radio" || $field->getVar('field_type') == "checkbox") {
$options = $field->getVar('field_options');
if (count($options) > 0) {
- $remove_options = new XoopsFormCheckBox(_PROFILE_AM_REMOVEOPTIONS, 'removeOptions');
+ $remove_options = new XoopsFormCheckBox(_PROFILE_AM_REMOVEOPTIONS, 'removeOptions');
$remove_options->columns = 3;
asort($options);
foreach (array_keys($options) as $key) {
@@ -146,12 +149,12 @@
}
$option_text = "<table cellspacing='1'><tr><td class='width20'>" . _PROFILE_AM_KEY . "</td><td>" . _PROFILE_AM_VALUE . "</td></tr>";
- for ($i = 0; $i < 3; $i++) {
+ for ($i = 0; $i < 3; ++$i) {
$option_text .= "<tr><td><input type='text' name='addOption[{$i}][key]' id='addOption[{$i}][key]' size='15' /></td><td><input type='text' name='addOption[{$i}][value]' id='addOption[{$i}][value]' size='35' /></td></tr>";
$option_text .= "<tr height='3px'><td colspan='2'> </td></tr>";
}
$option_text .= "</table>";
- $form->addElement(new XoopsFormLabel(_PROFILE_AM_ADDOPTION, $option_text) );
+ $form->addElement(new XoopsFormLabel(_PROFILE_AM_ADDOPTION, $option_text));
}
}
@@ -167,8 +170,8 @@
case "checkbox":
case "select_multi":
$def_value = $field->getVar('field_default', 'e') != null ? unserialize($field->getVar('field_default', 'n')) : null;
- $element = new XoopsFormSelect(_PROFILE_AM_DEFAULT, 'field_default', $def_value, 8, true);
- $options = $field->getVar('field_options');
+ $element = new XoopsFormSelect(_PROFILE_AM_DEFAULT, 'field_default', $def_value, 8, true);
+ $options = $field->getVar('field_options');
asort($options);
// If options do not include an empty element, then add a blank option to prevent any default selection
if (!in_array('', array_keys($options))) {
@@ -181,8 +184,8 @@
case "select":
case "radio":
$def_value = $field->getVar('field_default', 'e') != null ? $field->getVar('field_default') : null;
- $element = new XoopsFormSelect(_PROFILE_AM_DEFAULT, 'field_default', $def_value);
- $options = $field->getVar('field_options');
+ $element = new XoopsFormSelect(_PROFILE_AM_DEFAULT, 'field_default', $def_value);
+ $options = $field->getVar('field_options');
asort($options);
// If options do not include an empty element, then add a blank option to prevent any default selection
if (!in_array('', array_keys($options))) {
@@ -235,7 +238,7 @@
}
$groupperm_handler =& xoops_gethandler('groupperm');
- $searchable_types = array(
+ $searchable_types = array(
'textbox',
'select',
'radio',
@@ -243,10 +246,11 @@
'date',
'datetime',
'timezone',
- 'language');
+ 'language'
+ );
if (in_array($field->getVar('field_type'), $searchable_types)) {
$search_groups = $groupperm_handler->getGroupIds('profile_search', $field->getVar('field_id'), $GLOBALS['xoopsModule']->getVar('mid'));
- $form->addElement(new XoopsFormSelectGroup(_PROFILE_AM_PROF_SEARCH, 'profile_search', true, $search_groups, 5, true) );
+ $form->addElement(new XoopsFormSelectGroup(_PROFILE_AM_PROF_SEARCH, 'profile_search', true, $search_groups, 5, true));
}
if ($field->getVar('field_edit') || $field->isNew()) {
if (!$field->isNew()) {
@@ -263,7 +267,7 @@
$regstep_select->addOptionArray($regstep_handler->getList());
$form->addElement($regstep_select);
}
- $form->addElement(new XoopsFormHidden('op', 'save') );
+ $form->addElement(new XoopsFormHidden('op', 'save'));
$form->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
return $form;
@@ -275,30 +279,30 @@
* @param object $user
* @param $profile
* @param object $user {@link XoopsUser} to register
- * @param int $step Which step we are at
+ * @param int $step Which step we are at
*
* @internal param \profileRegstep $next_step
- *
* @return object
*/
function profile_getRegisterForm(&$user, $profile, $step = null)
{
global $opkey; // should be set in register.php
if (empty($opkey)) {
- $opkey='profile_opname';
+ $opkey = 'profile_opname';
}
- $next_opname = 'op' . mt_rand(10000, 99999);
+ $next_opname = 'op' . mt_rand(10000, 99999);
$_SESSION[$opkey] = $next_opname;
+
include_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
if (empty($GLOBALS['xoopsConfigUser'])) {
- $config_handler =& xoops_gethandler('config');
+ $config_handler =& xoops_gethandler('config');
$GLOBALS['xoopsConfigUser'] = $config_handler->getConfigsByCat(XOOPS_CONF_USER);
}
- $action = $_SERVER['REQUEST_URI'];
- $step_no = $step['step_no'];
+ $action = $_SERVER['REQUEST_URI'];
+ $step_no = $step['step_no'];
$use_token = $step['step_no'] > 0 ? true : false;
- $reg_form = new XoopsThemeForm($step['step_name'], 'regform', $action, 'post', $use_token);
+ $reg_form = new XoopsThemeForm($step['step_name'], 'regform', $action, 'post', $use_token);
if ($step['step_desc']) {
$reg_form->addElement(new XoopsFormLabel('', $step['step_desc']));
@@ -308,21 +312,21 @@
//$uname_size = $GLOBALS['xoopsConfigUser']['maxuname'] < 35 ? $GLOBALS['xoopsConfigUser']['maxuname'] : 35;
$elements[0][] = array('element' => new XoopsFormText(_US_NICKNAME, 'uname', 35, $GLOBALS['xoopsConfigUser']['maxuname'], $user->getVar('uname', 'e')), 'required' => true);
- $weights[0][] = 0;
+ $weights[0][] = 0;
- $elements[0][] = array('element' => new XoopsFormText(_US_EMAIL, 'email', 35, 255, $user->getVar('email', 'e') ), 'required' => true);
- $weights[0][] = 0;
+ $elements[0][] = array('element' => new XoopsFormText(_US_EMAIL, 'email', 35, 255, $user->getVar('email', 'e')), 'required' => true);
+ $weights[0][] = 0;
$elements[0][] = array('element' => new XoopsFormPassword(_US_PASSWORD, 'pass', 35, 32, ''), 'required' => true);
- $weights[0][] = 0;
+ $weights[0][] = 0;
$elements[0][] = array('element' => new XoopsFormPassword(_US_VERIFYPASS, 'vpass', 35, 32, ''), 'required' => true);
- $weights[0][] = 0;
+ $weights[0][] = 0;
}
// Dynamic fields
- $profile_handler =& xoops_getmodulehandler('profile');
- $fields = $profile_handler->loadFields();
+ $profile_handler =& xoops_getmodulehandler('profile');
+ $fields = $profile_handler->loadFields();
$_SESSION['profile_required'] = array();
foreach (array_keys($fields) as $i) {
if ($fields[$i]->getVar('step_id') == $step['step_id']) {
@@ -332,16 +336,16 @@
$_SESSION['profile_required'][$fields[$i]->getVar('field_name')] = $fields[$i]->getVar('field_title');
}
- $key = $fields[$i]->getVar('cat_id');
+ $key = $fields[$i]->getVar('cat_id');
$elements[$key][] = $fieldinfo;
- $weights[$key][] = $fields[$i]->getVar('field_weight');
+ $weights[$key][] = $fields[$i]->getVar('field_weight');
}
}
ksort($elements);
// Get categories
$cat_handler =& xoops_getmodulehandler('category');
- $categories = $cat_handler->getObjects(null, true, false);
+ $categories = $cat_handler->getObjects(null, true, false);
foreach (array_keys($elements) as $k) {
array_multisort($weights[$k], SORT_ASC, array_keys($elements[$k]), SORT_ASC, $elements[$k]);
@@ -364,26 +368,28 @@
$disc_tray->addElement($agree_chk);
$reg_form->addElement($disc_tray);
}
+ global $xoopsModuleConfig;
+ $useCaptchaAfterStep2 = $xoopsModuleConfig['profileCaptchaAfterStep1'] + 1;
- if ($step_no == 1) {
+ if ($step_no <= $useCaptchaAfterStep2) {
$reg_form->addElement(new XoopsFormCaptcha(), true);
}
$reg_form->addElement(new XoopsFormHidden($next_opname, 'register'));
$reg_form->addElement(new XoopsFormHidden('uid', $user->getVar('uid')));
- $reg_form->addElement(new XoopsFormHidden('step', $step_no) );
+ $reg_form->addElement(new XoopsFormHidden('step', $step_no));
$reg_form->addElement(new XoopsFormButton('', 'submitButton', _SUBMIT, 'submit'));
-
return $reg_form;
}
+
/**
* Get {@link XoopsThemeForm} for editing a user
*
* @param object $user {@link XoopsUser} to edit
- *
* @param null $profile
* @param bool $action
+ *
* @return object
*/
function profile_getUserForm(&$user, $profile = null, $action = false)
@@ -392,7 +398,7 @@
$action = $_SERVER['REQUEST_URI'];
}
if (empty($GLOBALS['xoopsConfigUser'])) {
- $config_handler =& xoops_gethandler('config');
+ $config_handler =& xoops_gethandler('config');
$GLOBALS['xoopsConfigUser'] = $config_handler->getConfigsByCat(XOOPS_CONF_USER);
}
@@ -406,57 +412,60 @@
// Dynamic fields
if (!$profile) {
$profile_handler =& xoops_getmodulehandler('profile', 'profile');
- $profile = $profile_handler->get($user->getVar('uid') );
+ $profile = $profile_handler->get($user->getVar('uid'));
}
// Get fields
$fields = $profile_handler->loadFields();
// Get ids of fields that can be edited
- $gperm_handler =& xoops_gethandler('groupperm');
- $editable_fields = $gperm_handler->getItemIds('profile_edit', $GLOBALS['xoopsUser']->getGroups(), $GLOBALS['xoopsModule']->getVar('mid') );
+ $gperm_handler =& xoops_gethandler('groupperm');
+ $editable_fields = $gperm_handler->getItemIds('profile_edit', $GLOBALS['xoopsUser']->getGroups(), $GLOBALS['xoopsModule']->getVar('mid'));
if ($user->isNew() || $GLOBALS['xoopsUser']->isAdmin()) {
- $elements[0][] = array('element' => new XoopsFormText(_US_NICKNAME, 'uname', 25, $GLOBALS['xoopsUser']->isAdmin() ? 60 : $GLOBALS['xoopsConfigUser']['maxuname'], $user->getVar('uname', 'e') ), 'required' => 1);
- $email_text = new XoopsFormText('', 'email', 30, 60, $user->getVar('email'));
+ $elements[0][] = array(
+ 'element' => new XoopsFormText(_US_NICKNAME, 'uname', 25, $GLOBALS['xoopsUser']->isAdmin() ? 60 : $GLOBALS['xoopsConfigUser']['maxuname'], $user->getVar('uname', 'e')),
+ 'required' => 1
+ );
+ $email_text = new XoopsFormText('', 'email', 30, 60, $user->getVar('email'));
} else {
- $elements[0][] = array('element' => new XoopsFormLabel(_US_NICKNAME, $user->getVar('uname') ), 'required' => 0);
- $email_text = new XoopsFormLabel('', $user->getVar('email') );
+ $elements[0][] = array('element' => new XoopsFormLabel(_US_NICKNAME, $user->getVar('uname')), 'required' => 0);
+ $email_text = new XoopsFormLabel('', $user->getVar('email'));
}
$email_tray = new XoopsFormElementTray(_US_EMAIL, '<br />');
- $email_tray->addElement($email_text, ($user->isNew() || $GLOBALS['xoopsUser']->isAdmin() ) ? 1 : 0);
- $weights[0][] = 0;
+ $email_tray->addElement($email_text, ($user->isNew() || $GLOBALS['xoopsUser']->isAdmin()) ? 1 : 0);
+ $weights[0][] = 0;
$elements[0][] = array('element' => $email_tray, 'required' => 0);
- $weights[0][] = 0;
+ $weights[0][] = 0;
if ($GLOBALS['xoopsUser']->isAdmin() && $user->getVar('uid') != $GLOBALS['xoopsUser']->getVar('uid')) {
//If the user is an admin and is editing someone else
- $pwd_text = new XoopsFormPassword('', 'password', 10, 32);
+ $pwd_text = new XoopsFormPassword('', 'password', 10, 32);
$pwd_text2 = new XoopsFormPassword('', 'vpass', 10, 32);
- $pwd_tray = new XoopsFormElementTray(_US_PASSWORD . '<br />' . _US_TYPEPASSTWICE);
+ $pwd_tray = new XoopsFormElementTray(_US_PASSWORD . '<br />' . _US_TYPEPASSTWICE);
$pwd_tray->addElement($pwd_text);
$pwd_tray->addElement($pwd_text2);
$elements[0][] = array('element' => $pwd_tray, 'required' => 0); //cannot set an element tray required
- $weights[0][] = 0;
+ $weights[0][] = 0;
$level_radio = new XoopsFormRadio(_PROFILE_MA_USERLEVEL, 'level', $user->getVar('level'));
$level_radio->addOption(1, _PROFILE_MA_ACTIVE);
$level_radio->addOption(0, _PROFILE_MA_INACTIVE);
//$level_radio->addOption(-1, _PROFILE_MA_DISABLED);
$elements[0][] = array('element' => $level_radio, 'required' => 0);
- $weights[0][] = 0;
+ $weights[0][] = 0;
}
- $elements[0][] = array('element' => new XoopsFormHidden('uid', $user->getVar('uid') ), 'required' => 0);
- $weights[0][] = 0;
+ $elements[0][] = array('element' => new XoopsFormHidden('uid', $user->getVar('uid')), 'required' => 0);
+ $weights[0][] = 0;
$elements[0][] = array('element' => new XoopsFormHidden('op', 'save'), 'required' => 0);
- $weights[0][] = 0;
+ $weights[0][] = 0;
- $cat_handler = xoops_getmodulehandler('category');
- $categories = array();
+ $cat_handler = xoops_getmodulehandler('category');
+ $categories = array();
$all_categories = $cat_handler->getObjects(null, true, false);
- $count_fields = count($fields);
+ $count_fields = count($fields);
- foreach (array_keys($fields) as $i ) {
- if ( in_array($fields[$i]->getVar('field_id'), $editable_fields) ) {
+ foreach (array_keys($fields) as $i) {
+ if (in_array($fields[$i]->getVar('field_id'), $editable_fields)) {
// Set default value for user fields if available
if ($user->isNew()) {
$default = $fields[$i]->getVar('field_default');
@@ -470,12 +479,12 @@
$profile->setVar($fields[$i]->getVar('field_name'), $default);
}
- $fieldinfo['element'] = $fields[$i]->getEditElement($user, $profile);
+ $fieldinfo['element'] = $fields[$i]->getEditElement($user, $profile);
$fieldinfo['required'] = $fields[$i]->getVar('field_required');
- $key = @$all_categories[$fields[$i]->getVar('cat_id')]['cat_weight'] * $count_fields + $fields[$i]->getVar('cat_id');
+ $key = @$all_categories[$fields[$i]->getVar('cat_id')]['cat_weight'] * $count_fields + $fields[$i]->getVar('cat_id');
$elements[$key][] = $fieldinfo;
- $weights[$key][] = $fields[$i]->getVar('field_weight');
+ $weights[$key][] = $fields[$i]->getVar('field_weight');
$categories[$key] = @$all_categories[$fields[$i]->getVar('cat_id')];
}
}
@@ -487,10 +496,10 @@
include_once $GLOBALS['xoops']->path('modules/system/constants.php');
if ($gperm_handler->checkRight('system_admin', XOOPS_SYSTEM_GROUP, $GLOBALS['xoopsUser']->getGroups(), 1)) {
//add group selection
- $group_select = new XoopsFormSelectGroup(_US_GROUPS, 'groups', false, $user->getGroups(), 5, true);
+ $group_select = new XoopsFormSelectGroup(_US_GROUPS, 'groups', false, $user->getGroups(), 5, true);
$elements[0][] = array('element' => $group_select, 'required' => 0);
//set as latest;
- $weights[0][] = $count_fields +1;
+ $weights[0][] = $count_fields + 1;
}
}
@@ -498,16 +507,15 @@
foreach (array_keys($elements) as $k) {
array_multisort($weights[$k], SORT_ASC, array_keys($elements[$k]), SORT_ASC, $elements[$k]);
$title = isset($categories[$k]) ? $categories[$k]['cat_title'] : _PROFILE_MA_DEFAULT;
- $desc = isset($categories[$k]) ? $categories[$k]['cat_description'] : "";
+ $desc = isset($categories[$k]) ? $categories[$k]['cat_description'] : "";
$form->addElement(new XoopsFormLabel("<h3>{$title}</h3>", $desc), false);
foreach (array_keys($elements[$k]) as $i) {
$form->addElement($elements[$k][$i]['element'], $elements[$k][$i]['required']);
}
}
- $form->addElement(new XoopsFormHidden('uid', $user->getVar('uid') ));
+ $form->addElement(new XoopsFormHidden('uid', $user->getVar('uid')));
$form->addElement(new XoopsFormButton('', 'submit', _US_SAVECHANGES, 'submit'));
-
return $form;
}
@@ -515,8 +523,8 @@
* Get {@link XoopsThemeForm} for editing a step
*
* @param object $step {@link ProfileRegstep} to edit
+ * @param bool $action
*
- * @param bool $action
* @return object
*/
function profile_getStepForm($step = null, $action = false)
@@ -525,7 +533,7 @@
$action = $_SERVER['REQUEST_URI'];
}
if (empty($GLOBALS['xoopsConfigUser'])) {
- $config_handler =& xoops_gethandler('config');
+ $config_handler =& xoops_gethandler('config');
$GLOBALS['xoopsConfigUser'] = $config_handler->getConfigsByCat(XOOPS_CONF_USER);
}
include_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
@@ -533,9 +541,9 @@
$form = new XoopsThemeForm(_PROFILE_AM_STEP, 'stepform', 'step.php', 'post', true);
if (!$step->isNew()) {
- $form->addElement(new XoopsFormHidden('id', $step->getVar('step_id') ));
+ $form->addElement(new XoopsFormHidden('id', $step->getVar('step_id')));
}
- $form->addElement(new XoopsFormHidden('op', 'save') );
+ $form->addElement(new XoopsFormHidden('op', 'save'));
$form->addElement(new XoopsFormText(_PROFILE_AM_STEPNAME, 'step_name', 25, 255, $step->getVar('step_name', 'e')));
$form->addElement(new XoopsFormText(_PROFILE_AM_STEPINTRO, 'step_desc', 25, 255, $step->getVar('step_desc', 'e')));
$form->addElement(new XoopsFormText(_PROFILE_AM_STEPORDER, 'step_order', 10, 10, $step->getVar('step_order', 'e')));
Modified: XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/include/update.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/include/update.php 2014-05-25 10:51:18 UTC (rev 12548)
+++ XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/include/update.php 2014-05-25 10:52:42 UTC (rev 12549)
@@ -17,13 +17,16 @@
* @version $Id$
*/
+$path = dirname(dirname(dirname(dirname(__FILE__))));
+require_once $path . DIRECTORY_SEPARATOR . 'include' . DIRECTORY_SEPARATOR . 'cp_header.php';
+
function xoops_module_update_profile(&$module, $oldversion = null)
{
- if ( $oldversion < 162 ) {
+ if ($oldversion < 162) {
$GLOBALS['xoopsDB']->queryF("UPDATE `" . $GLOBALS['xoopsDB']->prefix("profile_field") . " SET field_valuetype=2 WHERE field_name=umode");
}
- if ( $oldversion < 100 ) {
+ if (...
[truncated message content] |
|
From: <be...@us...> - 2014-05-25 11:48:49
|
Revision: 12550
http://sourceforge.net/p/xoops/svn/12550
Author: beckmi
Date: 2014-05-25 11:48:46 +0000 (Sun, 25 May 2014)
Log Message:
-----------
Updating documentation
Modified Paths:
--------------
XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/docs/lang_diff.txt
XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/docs/readme.txt
XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/language/english/help/help.html
Modified: XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/docs/lang_diff.txt
===================================================================
--- XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/docs/lang_diff.txt 2014-05-25 10:52:42 UTC (rev 12549)
+++ XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/docs/lang_diff.txt 2014-05-25 11:48:46 UTC (rev 12550)
@@ -28,3 +28,12 @@
define("_PROFILE_MI_ABOUT", "About");
define("_PROFILE_MI_HOME", "Home");
+
+
+Release 1.86
+=================
+
+modinfo.php
+------------
+define('_PROFILE_MI_PROFILE_CAPTCHA_STEP1',"Use Captcha after the second Registration step?");
+define('_PROFILE_MI_PROFILE_CAPTCHA_STEP1_DESC',"Select 'Yes' to add extra measure against Spam registration by bots" );
Modified: XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/docs/readme.txt
===================================================================
--- XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/docs/readme.txt 2014-05-25 10:52:42 UTC (rev 12549)
+++ XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/docs/readme.txt 2014-05-25 11:48:46 UTC (rev 12550)
@@ -7,28 +7,56 @@
Requirements
_____________________________________________________________________
-
-- PHP version >= 5.2.0
-- XOOPS 2.5.3+
+- PHP version >= 5.3.7
+- XOOPS 2.5.7+
+
Install/uninstall
------------------
-No special measures necessary, follow the standard installation process \x96 extract the xoopspartners folder into the ../modules directory. Install the module through Admin -> System Module -> Modules.
+No special measures necessary, follow the standard installation process, extract the module folder into the ../modules directory. Install the module through Admin -> System Module -> Modules.
Detailed instructions on installing modules are available in the XOOPS Operations Manual (http://goo.gl/adT2i)
Operating instructions
------------------------
-To set up this module you need to:
+- Configure your preferences for the module (see ‘Preferences’) and optionally the Profile block if you intend to use it (see ‘Blocks’).
+- Edit existing Categories or add new ones.
+- Edit existing Fields or add new ones. Here you can specify which fields will be visible in which category, and if they will be visible during user registration.
+- Define the order of Registration steps.
+- And finally, you can set permissions for individual fields - which ones are editable, which ones are searchable.
-i) Enter your partner\x92s details \x96 including a URL for their website and (optionally) logo plus a short description (see \x91Adding a partner\x92)
+Detailed instructions on configuring the access rights for user groups are available in the XOOPS Operations Manual (http://goo.gl/adT2i)
-ii) Configure your preferences for the module (see \x91Preferences\x92) and optionally the Partners block if you intend to use it (see \x91Blocks\x92)
+Anti-Spam measures
+---------------------
+To minimize spam registrations, do the following:
-iii) Check that you have given your user groups the necessary module and block access rights to use this module. Group permissions are set through the Administration Menu -> System -> Groups.
+a) go to the Protector module in Admin, go to Preferences, and then at the bottom, at this option:
-Detailed instructions on configuring the access rights for user groups are available in the XOOPS Operations Manual (http://goo.gl/adT2i)
+"Stop Forum Spam"
+Checks POST data against spammers registered on www.stopforumspam.com database. Requires php CURL lib
+set it to "Ban the IP (no limit)"
+
+b) in /class/captcha/config.php, make sure that the mode is set as "text":
+
+return $config = array(
+'disabled' => false, // Disable CAPTCHA
+'mode' => 'text', // default mode, you can choose 'text', 'image', 'recaptcha'(requires api key)
+'name' => 'xoopscaptcha', // captcha name
+'skipmember' => true, // Skip CAPTCHA check for members
+'maxattempts' => 10, // Maximum attempts for each session
+);
+
+c) In the Profile module, go to Admin and in the Basic step located at:
+
+/modules/profile/admin/step.php?id=1
+
+ set the "Save after stop" to "No"
+
+d) In Profile Preferences, set the "Use Captcha after the second Registration step" Option to "Yes" (it is the default)
+
+
Tutorial
-----------
-Tutorial coming soon.
\ No newline at end of file
+None available at the moment.
Modified: XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/language/english/help/help.html
===================================================================
--- XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/language/english/help/help.html 2014-05-25 10:52:42 UTC (rev 12549)
+++ XoopsCore/branches/2.5.x/2.5.7/htdocs/modules/profile/language/english/help/help.html 2014-05-25 11:48:46 UTC (rev 12550)
@@ -5,7 +5,7 @@
<p class="even">The Profile module is for managing custom user profile fields.</p>
<h4 class="odd">Install/uninstall</h4>
<p>No special measures necessary, follow the standard installation process – extract the /profile folder into the ../modules directory. Install the module through Admin -> System Module -> Modules.</p>
- <p>Detailed instructions on installing modules are available in the <a href="http://goo.gl/adT2i" title="XOOPS Operations Manual">XOOPS Operations Manual</a> </p>
+ <p>Detailed instructions on installing modules are available in the <a href="http://goo.gl/adT2i" title="XOOPS Operations Manual">XOOPS Operations Manual</a> <br /><br /></p>
<h4 class="odd">Operating instructions</h4>
<p class="even">To set up this module you need to:</p>
<ul>
@@ -13,9 +13,38 @@
<li>Edit existing Categories or add new ones.</li>
<li>Edit existing Fields or add new ones. Here you can specify which fields will be visible in which category, and if they will be visible during user registration.</li>
<li>Define the order of Registration steps.</li>
- <li>And finally, you can set permissions for individual fields - which ones are editable, which ones are searchable.</li>
+ <li>And finally, you can set permissions for individual fields - which ones are editable, which ones are searchable.<br /><br /></li>
</ul>
+ <h4 class="odd">Anti-Spam measures</h4>
+ <p class="even">To minimize spam registrations, do the following:</p>
+
+ <ul>
+ <li> go to the Protector module in Admin, go to Preferences, and then at the bottom, at this option:
+
+ "Stop Forum Spam"
+ Checks POST data against spammers registered on www.stopforumspam.com database. <br />
+ Set it to "Ban the IP (no limit)"</li><br />
+
+ <li> in /class/captcha/config.php, make sure that the mode is set as "text":<br /><br />
+
+ <span style="font-style: italic;"> return $config = array(<br />
+ 'disabled' => false, // Disable CAPTCHA<br />
+ 'mode' => 'text', // default mode, you can choose 'text', 'image', 'recaptcha'(requires api key)<br />
+ 'name' => 'xoopscaptcha', // captcha name<br />
+ 'skipmember' => true, // Skip CAPTCHA check for members<br />
+ 'maxattempts' => 10, // Maximum attempts for each session<br />
+ );</span></li><br />
+
+ <li> In the Profile module, go to Admin and in the Basic step located at:<br />
+
+ /modules/profile/admin/step.php?id=1<br />
+
+ set the "Save after stop" to "No"</li><br /><br />
+
+ <li> In Profile Preferences, set the "Use Captcha after the second Registration step" Option to "Yes" (it is the default)</li><br />
+ <ul>
+
<h4 class="odd">Tutorial</h4>
- <p class="even">Tutorial coming soon.</p>
+ <p class="even">Tutorial coming soon.<br /></p>
<!-- -----Help Content ---------- -->
-</div>
\ No newline at end of file
+</div>
|
Thanks for helping keep SourceForge clean.
X