From 7dae1fe48c9d62643c88bf9ae251787be024afbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rub=C3=A9n=20Calvo?= Date: Fri, 29 Jun 2018 01:34:02 +0200 Subject: [ticket/15714] Auto login after registration PHPBB3-15714 --- phpBB/includes/ucp/ucp_register.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'phpBB/includes/ucp') diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 0e673cb692..fc74f48025 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -451,6 +451,9 @@ class ucp_register { $message = $user->lang['ACCOUNT_ADDED']; $email_template = 'user_welcome'; + + // Autologin after registration + $user->session_create($user_id, 0, false, 1); } if ($config['email_enable']) -- cgit v1.2.1 From 3914515199ba9f3c2ce84e28b0a9a2c4e3dfb270 Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Thu, 26 Jul 2018 16:34:11 +0200 Subject: [ticket/11838] OAuth registration from ucp_register PHPBB3-11838 --- phpBB/includes/ucp/ucp_register.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'phpBB/includes/ucp') diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index fc74f48025..0e3ff50268 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -602,6 +602,31 @@ class ucp_register break; } + /* @var $provider_collection \phpbb\auth\provider_collection */ + $provider_collection = $phpbb_container->get('auth.provider_collection'); + $auth_provider = $provider_collection->get_provider(); + + $auth_provider_data = $auth_provider->get_login_data(); + if ($auth_provider_data) + { + if (isset($auth_provider_data['VARS'])) + { + $template->assign_vars($auth_provider_data['VARS']); + } + + if (isset($auth_provider_data['BLOCK_VAR_NAME'])) + { + foreach ($auth_provider_data['BLOCK_VARS'] as $block_vars) + { + $template->assign_block_vars($auth_provider_data['BLOCK_VAR_NAME'], $block_vars); + } + } + + $template->assign_vars(array( + 'PROVIDER_TEMPLATE_FILE' => $auth_provider_data['TEMPLATE_FILE'], + )); + } + // Assign template vars for timezone select phpbb_timezone_select($template, $user, $data['tz'], true); -- cgit v1.2.1 From 3f852a3233b2ee51c3fab7dc6d077778fd35e0fd Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 8 Aug 2019 22:01:51 +0200 Subject: [ticket/11327] Move UCP remind functionality to a controller for password reset PHPBB3-11327 --- phpBB/includes/ucp/ucp_remind.php | 174 -------------------------------------- 1 file changed, 174 deletions(-) delete mode 100644 phpBB/includes/ucp/ucp_remind.php (limited to 'phpBB/includes/ucp') diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php deleted file mode 100644 index e50428bfea..0000000000 --- a/phpBB/includes/ucp/ucp_remind.php +++ /dev/null @@ -1,174 +0,0 @@ - -* @license GNU General Public License, version 2 (GPL-2.0) -* -* For full copyright and license information, please see -* the docs/CREDITS.txt file. -* -*/ - -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - -/** -* ucp_remind -* Sending password reminders -*/ -class ucp_remind -{ - var $u_action; - - function main($id, $mode) - { - global $config, $phpbb_root_path, $phpEx, $request; - global $db, $user, $template, $phpbb_container, $phpbb_dispatcher; - - if (!$config['allow_password_reset']) - { - trigger_error($user->lang('UCP_PASSWORD_RESET_DISABLED', '', '')); - } - - $username = $request->variable('username', '', true); - $email = strtolower($request->variable('email', '')); - $submit = (isset($_POST['submit'])) ? true : false; - - add_form_key('ucp_remind'); - - if ($submit) - { - if (!check_form_key('ucp_remind')) - { - trigger_error('FORM_INVALID'); - } - - if (empty($email)) - { - trigger_error('NO_EMAIL_USER'); - } - - $sql_array = array( - 'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason', - 'FROM' => array(USERS_TABLE => 'u'), - 'WHERE' => "user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'" . - (!empty($username) ? " AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" : ''), - ); - - /** - * Change SQL query for fetching user data - * - * @event core.ucp_remind_modify_select_sql - * @var string email User's email from the form - * @var string username User's username from the form - * @var array sql_array Fully assembled SQL query with keys SELECT, FROM, WHERE - * @since 3.1.11-RC1 - */ - $vars = array( - 'email', - 'username', - 'sql_array', - ); - extract($phpbb_dispatcher->trigger_event('core.ucp_remind_modify_select_sql', compact($vars))); - - $sql = $db->sql_build_query('SELECT', $sql_array); - $result = $db->sql_query_limit($sql, 2); // don't waste resources on more rows than we need - $rowset = $db->sql_fetchrowset($result); - - if (count($rowset) > 1) - { - $db->sql_freeresult($result); - - $template->assign_vars(array( - 'USERNAME_REQUIRED' => true, - 'EMAIL' => $email, - )); - } - else - { - $message = $user->lang['PASSWORD_UPDATED_IF_EXISTED'] . '

' . sprintf($user->lang['RETURN_INDEX'], '', ''); - - if (empty($rowset)) - { - trigger_error($message); - } - - $user_row = $rowset[0]; - $db->sql_freeresult($result); - - if (!$user_row) - { - trigger_error($message); - } - - if ($user_row['user_type'] == USER_IGNORE || $user_row['user_type'] == USER_INACTIVE) - { - trigger_error($message); - } - - // Check users permissions - $auth2 = new \phpbb\auth\auth(); - $auth2->acl($user_row); - - if (!$auth2->acl_get('u_chgpasswd')) - { - trigger_error($message); - } - - $server_url = generate_board_url(); - - // Make password at least 8 characters long, make it longer if admin wants to. - // gen_rand_string() however has a limit of 12 or 13. - $user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars']))); - - // For the activation key a random length between 6 and 10 will do. - $user_actkey = gen_rand_string(mt_rand(6, 10)); - - // Instantiate passwords manager - /* @var $manager \phpbb\passwords\manager */ - $passwords_manager = $phpbb_container->get('passwords.manager'); - - $sql = 'UPDATE ' . USERS_TABLE . " - SET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "' - WHERE user_id = " . $user_row['user_id']; - $db->sql_query($sql); - - include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); - - $messenger = new messenger(false); - - $messenger->template('user_activate_passwd', $user_row['user_lang']); - - $messenger->set_addresses($user_row); - - $messenger->anti_abuse_headers($config, $user); - - $messenger->assign_vars(array( - 'USERNAME' => htmlspecialchars_decode($user_row['username']), - 'PASSWORD' => htmlspecialchars_decode($user_password), - 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey") - ); - - $messenger->send($user_row['user_notify_type']); - - trigger_error($message); - } - } - - $template->assign_vars(array( - 'USERNAME' => $username, - 'EMAIL' => $email, - 'S_PROFILE_ACTION' => append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=sendpassword')) - ); - - $this->tpl_name = 'ucp_remind'; - $this->page_title = 'UCP_REMIND'; - } -} -- cgit v1.2.1 From 60bc949ba1d5a6851e525868f69e997d4c8a2075 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 3 Oct 2019 23:05:02 +0200 Subject: [ticket/14465] Remove setting for maximum password length PHPBB3-14465 --- phpBB/includes/ucp/ucp_profile.php | 6 +++--- phpBB/includes/ucp/ucp_register.php | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'phpBB/includes/ucp') diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 36ab3d0463..6d98362e08 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -70,9 +70,9 @@ class ucp_profile // Do not check cur_password, it is the old one. $check_ary = array( 'new_password' => array( - array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), + array('string', true, $config['min_pass_chars'], 0), array('password')), - 'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), + 'password_confirm' => array('string', true, $config['min_pass_chars'], 0), 'email' => array( array('string', false, 6, 60), array('user_email')), @@ -267,7 +267,7 @@ class ucp_profile 'CUR_PASSWORD' => '', 'L_USERNAME_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])), - 'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])), + 'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])), 'S_FORCE_PASSWORD' => ($auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) ? true : false, 'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false, diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 0e3ff50268..97d2631224 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -275,9 +275,9 @@ class ucp_register array('string', false, $config['min_name_chars'], $config['max_name_chars']), array('username', '')), 'new_password' => array( - array('string', false, $config['min_pass_chars'], $config['max_pass_chars']), + array('string', false, $config['min_pass_chars'], 0), array('password')), - 'password_confirm' => array('string', false, $config['min_pass_chars'], $config['max_pass_chars']), + 'password_confirm' => array('string', false, $config['min_pass_chars'], 0), 'email' => array( array('string', false, 6, 60), array('user_email')), @@ -638,7 +638,7 @@ class ucp_register 'L_REG_COND' => $l_reg_cond, 'L_USERNAME_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])), - 'L_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])), + 'L_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])), 'S_LANG_OPTIONS' => language_select($data['lang']), 'S_TZ_PRESELECT' => !$submit, -- cgit v1.2.1 From 9872316cac4df4987fdabc9512ca6ebeb7e5e04f Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 18 Nov 2019 21:06:00 +0100 Subject: [ticket/16167] Remove uses of user_email_hash PHPBB3-16167 --- phpBB/includes/ucp/ucp_profile.php | 1 - phpBB/includes/ucp/ucp_resend.php | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'phpBB/includes/ucp') diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 6d98362e08..dca7e7eeb7 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -131,7 +131,6 @@ class ucp_profile 'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'], 'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'], 'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'], - 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'], 'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'], ); diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index 44c54100cd..55923668d4 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -47,7 +47,7 @@ class ucp_resend $sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_inactive_reason FROM ' . USERS_TABLE . " - WHERE user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "' + WHERE user_email = '" . $db->sql_escape($email) . "' AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); -- cgit v1.2.1 From 80de9f6a68d7b50eb5387cdc2b99624484e75201 Mon Sep 17 00:00:00 2001 From: rxu Date: Sun, 29 Dec 2019 18:56:36 +0700 Subject: [ticket/16277] Move from each() function PHPBB3-16277 --- phpBB/includes/ucp/ucp_groups.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'phpBB/includes/ucp') diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 2423af86be..d574549093 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -136,7 +136,7 @@ class ucp_groups { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } - list(, $row) = each($row); + $row = current($row); $sql = 'SELECT group_type FROM ' . GROUPS_TABLE . ' @@ -240,7 +240,7 @@ class ucp_groups { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } - list(, $row) = each($row); + $row = current($row); if (!$row['group_leader']) { @@ -460,7 +460,7 @@ class ucp_groups { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } - list(, $row) = each($row); + $row = current($row); if (!$row['group_leader']) { @@ -754,7 +754,7 @@ class ucp_groups { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } - list(, $row) = each($row); + $row = current($row); if (!$row['group_leader']) { @@ -879,7 +879,7 @@ class ucp_groups { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } - list(, $row) = each($row); + $row = current($row); if (!$row['group_leader']) { @@ -906,7 +906,7 @@ class ucp_groups { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } - list(, $row) = each($row); + $row = current($row); if (!$row['group_leader']) { @@ -985,7 +985,7 @@ class ucp_groups { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } - list(, $row) = each($row); + $row = current($row); if (!$row['group_leader']) { @@ -1046,7 +1046,7 @@ class ucp_groups { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } - list(, $row) = each($row); + $row = current($row); if (!$row['group_leader']) { -- cgit v1.2.1