This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /** |
||
4 | * Page containing an edit details form |
||
5 | * Uses Member::getMemberFormFields() to know what to make available for editing |
||
6 | */ |
||
7 | class RegisterAndEditDetailsPage extends Page |
||
0 ignored issues
–
show
|
|||
8 | { |
||
9 | private static $icon = "userpage/images/treeicons/RegisterAndEditDetailsPage"; |
||
10 | |||
11 | private static $can_be_root = false; |
||
12 | |||
13 | private static $db = array( |
||
14 | "ThankYouTitle" => "Varchar(255)", |
||
15 | "ThankYouContent" => "HTMLText", |
||
16 | "WelcomeTitle" => "Varchar(255)", |
||
17 | "WelcomeContent" => "HTMLText", |
||
18 | "TitleLoggedIn" => "Varchar(255)", |
||
19 | "MenuTitleLoggedIn" => "Varchar(255)", |
||
20 | "ContentLoggedIn" => "HTMLText", |
||
21 | "ErrorEmailAddressAlreadyExists" => "Varchar(255)", |
||
22 | "ErrorBadEmail" => "Varchar(255)", |
||
23 | "ErrorPasswordDoNotMatch" => "Varchar(255)", |
||
24 | "ErrorMustSupplyPassword" => "Varchar(255)" |
||
25 | ); |
||
26 | |||
27 | private static $register_group_title = "Registered users"; |
||
28 | |||
29 | private static $register_group_code = "registrations"; |
||
30 | |||
31 | private static $register_group_access_key = "REGISTRATIONS"; |
||
32 | |||
33 | protected function showLoggedInFields() |
||
34 | { |
||
35 | if (!$this->isCMSRead() && Member::currentUser()) { |
||
36 | return true; |
||
37 | } |
||
38 | } |
||
39 | |||
40 | protected function isCMSRead() |
||
41 | { |
||
42 | return $this->isCMS || Controller::curr()->getRequest()->param("URLSegment") == "admin"; |
||
43 | } |
||
44 | |||
45 | /** |
||
46 | * Returns a link to this page that will, on completion, |
||
47 | * redirect back to the another page |
||
48 | *@param String - $link |
||
49 | *@return String - $link |
||
50 | **/ |
||
51 | |||
52 | public function link_for_going_to_page_via_making_user($link) |
||
53 | { |
||
54 | $registerAndEditDetailsPage = RegisterAndEditDetailsPage::get()->first(); |
||
55 | if ($registerAndEditDetailsPage) { |
||
56 | return $registerAndEditDetailsPage->Link()."?BackURL=".urlencode($link); |
||
57 | } |
||
58 | } |
||
59 | |||
60 | public function getCMSFields() |
||
61 | { |
||
62 | $fields = parent::getCMSFields(); |
||
63 | $this->isCMS = true; |
||
64 | $fields->addFieldToTab('Root.LoggedIn', new TextField('TitleLoggedIn', 'Title when user is Logged In')); |
||
65 | $fields->addFieldToTab('Root.LoggedIn', new TextField('MenuTitleLoggedIn', 'Navigation Label when user is Logged In')); |
||
66 | $fields->addFieldToTab('Root.Welcome', new TextField('WelcomeTitle', 'Welcome Title (afer user creates an account)')); |
||
67 | $fields->addFieldToTab('Root.Welcome', new HtmlEditorField('WelcomeContent', 'Welcome message (afer user creates an account)')); |
||
68 | $fields->addFieldToTab('Root.UpdatingDetails', new TextField('ThankYouTitle', 'Thank you Title (afer user updates their details)')); |
||
69 | $fields->addFieldToTab('Root.UpdatingDetails', new HtmlEditorField('ThankYouContent', 'Thank you message (afer user updates their details)')); |
||
70 | $fields->addFieldToTab('Root.LoggedIn', new HtmlEditorField('ContentLoggedIn', 'Content when user is Logged In')); |
||
71 | $fields->addFieldToTab('Root.ErrorMessages', new TextField('ErrorEmailAddressAlreadyExists', 'Error shown when email address is already registered')); |
||
72 | $fields->addFieldToTab('Root.ErrorMessages', new TextField('ErrorBadEmail', 'Bad email')); |
||
73 | $fields->addFieldToTab('Root.ErrorMessages', new TextField('ErrorPasswordDoNotMatch', 'Error shown when passwords do not match')); |
||
74 | $fields->addFieldToTab('Root.ErrorMessages', new TextField('ErrorMustSupplyPassword', 'Error shown when new user does not supply password')); |
||
75 | return $fields; |
||
76 | } |
||
77 | |||
78 | public function canCreate($member = null) |
||
79 | { |
||
80 | return RegisterAndEditDetailsPage::get()->count() ? false : true; |
||
81 | } |
||
82 | |||
83 | public function requireDefaultRecords() |
||
84 | { |
||
85 | parent::requireDefaultRecords(); |
||
86 | $bt = defined('DB::USE_ANSI_SQL') ? "\"" : "`"; |
||
87 | $update = array(); |
||
88 | $group = Group::get() |
||
89 | ->filter(array("Code" => self::$register_group_code))->first(); |
||
90 | if (!$group) { |
||
91 | $group = new Group(); |
||
92 | $group->Code = self::$register_group_code; |
||
93 | $group->Title = self::$register_group_title; |
||
94 | $group->write(); |
||
95 | Permission::grant($group->ID, self::$register_group_access_key); |
||
96 | DB::alteration_message("GROUP: ".self::$register_group_code.' ('.self::$register_group_title.')', "created"); |
||
97 | } elseif (DB::query("SELECT * FROM Permission WHERE {$bt}GroupID{$bt} = ".$group->ID." AND {$bt}Code{$bt} = '".self::$register_group_access_key."'")->numRecords() == 0) { |
||
98 | Permission::grant($group->ID, self::$register_group_access_key); |
||
99 | } |
||
100 | $page = RegisterAndEditDetailsPage::get()->first(); |
||
101 | if (!$page) { |
||
102 | $page = new RegisterAndEditDetailsPage(); |
||
103 | $page->Title = "Register"; |
||
104 | $page->URLSegment = "register"; |
||
105 | $page->MenuTitle = "Register"; |
||
106 | $update[] = "created RegisterAndEditDetailsPage"; |
||
107 | } |
||
108 | if ($page) { |
||
109 | |||
110 | //REGISTER |
||
111 | if (strlen($page->Content) < 17) { |
||
112 | $page->Content = "<p>Please log in or register here.</p>"; |
||
113 | $update[] = "updated Content"; |
||
114 | } |
||
115 | |||
116 | //WELCOME ! |
||
117 | if (!$page->WelcomeTitle) { |
||
118 | $page->WelcomeTitle = "Thank you for registering"; |
||
119 | $update[] = "updated WelcomeTitle"; |
||
120 | } |
||
121 | if (strlen($page->WelcomeContent) < 17) { |
||
122 | $page->WelcomeContent = "<p>Thank you for registration. Please make sure to remember your username and password.</p>"; |
||
123 | $update[] = "updated WelcomeContent"; |
||
124 | } |
||
125 | |||
126 | // WELCOME BACK |
||
127 | if (!$page->TitleLoggedIn) { |
||
128 | $page->TitleLoggedIn = "Welcome back"; |
||
129 | $update[] = "updated TitleLoggedIn"; |
||
130 | } |
||
131 | if (!$page->MenuTitleLoggedIn) { |
||
132 | $page->MenuTitleLoggedIn = "Welcome back"; |
||
133 | $update[] = "updated MenuTitleLoggedIn"; |
||
134 | } |
||
135 | if (strlen($page->ContentLoggedIn) < 17) { |
||
136 | $page->ContentLoggedIn = "<p>Welcome back - you can do the following ....</p>"; |
||
137 | $update[] = "updated ContentLoggedIn"; |
||
138 | } |
||
139 | |||
140 | //THANK YOU FOR UPDATING |
||
141 | if (!$page->ThankYouTitle) { |
||
142 | $page->ThankYouTitle = "Thank you for updating your details"; |
||
143 | $update[] = "updated ThankYouTitle"; |
||
144 | } |
||
145 | if (strlen($page->ThankYouContent) < 17) { |
||
146 | $page->ThankYouContent = "<p>Thank you for updating your details. </p>"; |
||
147 | $update[] = "updated ThankYouContent"; |
||
148 | } |
||
149 | |||
150 | //ERRORS! |
||
151 | if (!$page->ErrorEmailAddressAlreadyExists) { |
||
152 | $page->ErrorEmailAddressAlreadyExists = "Sorry, that email address is already in use by someone else. You may have setup an account in the past or mistyped your email address."; |
||
153 | $update[] = "updated ErrorEmailAddressAlreadyExists"; |
||
154 | } |
||
155 | if (!$page->ErrorBadEmail) { |
||
156 | $page->ErrorBadEmail = "Sorry, that does not appear a valid email address."; |
||
157 | $update[] = "updated ErrorBadEmail"; |
||
158 | } |
||
159 | if (!$page->ErrorPasswordDoNotMatch) { |
||
160 | $page->ErrorPasswordDoNotMatch = "Your passwords do not match. Please try again."; |
||
161 | $update[] = "updated ErrorPasswordDoNotMatch"; |
||
162 | } |
||
163 | if (!$page->ErrorMustSupplyPassword) { |
||
164 | $page->ErrorMustSupplyPassword = "Your must supply a password."; |
||
165 | $update[] = "updated ErrorMustSupplyPassword"; |
||
166 | } |
||
167 | if (count($update)) { |
||
168 | $page->writeToStage('Stage'); |
||
169 | $page->publish('Stage', 'Live'); |
||
170 | DB::alteration_message($page->ClassName." created/updated: <ul><li>".implode("</li><li>", $update)."</li></ul>", 'created'); |
||
171 | } |
||
172 | } |
||
173 | } |
||
174 | } |
||
175 | |||
176 | class RegisterAndEditDetailsPage_Controller extends Page_Controller |
||
0 ignored issues
–
show
PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions.
You can fix this by adding a namespace to your class: namespace YourVendor;
class YourClass { }
When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries.
Loading history...
|
|||
177 | { |
||
178 | private static $fields_to_remove = array("Locale","DateFormat", "TimeFormat"); |
||
179 | |||
180 | |||
181 | private static $required_fields = array("FirstName","Email"); |
||
182 | |||
183 | |||
184 | private static $minutes_before_member_is_not_new_anymore = 30; |
||
185 | |||
186 | public function init() |
||
187 | { |
||
188 | parent::init(); |
||
189 | if ($this->showLoggedInFields()) { |
||
190 | $field = "TitleLoggedIn"; |
||
191 | } else { |
||
192 | $field = "Title"; |
||
193 | } |
||
194 | $this->Title = $this->getField($field); |
||
195 | if ($this->showLoggedInFields()) { |
||
196 | $field = "MenuTitleLoggedIn"; |
||
197 | } else { |
||
198 | $field = "MenuTitle"; |
||
199 | } |
||
200 | $this->MenuTitle = $this->getField($field); |
||
201 | if ($this->showLoggedInFields()) { |
||
202 | $field = "ContentLoggedIn"; |
||
203 | } else { |
||
204 | $field = "Content"; |
||
205 | } |
||
206 | $this->Content = $this->getField($field); |
||
207 | } |
||
208 | |||
209 | public function index() |
||
210 | { |
||
211 | if (Director::is_ajax()) { |
||
212 | return $this->renderWith(array("RegisterAndEditDetailsPageAjax", "RegisterAndEditDetailsPage")); |
||
213 | } |
||
214 | return array(); |
||
215 | } |
||
216 | |||
217 | public function Form() |
||
218 | { |
||
219 | if (isset($_REQUEST["BackURL"])) { |
||
220 | Session::set('BackURL', $_REQUEST["BackURL"]); |
||
221 | } |
||
222 | $member = Member::currentUser(); |
||
223 | $fields = new FieldList(); |
||
224 | |||
225 | $passwordField = null; |
||
226 | if ($member) { |
||
227 | $name = $member->getName(); |
||
228 | //if($member && $member->Password != '') {$passwordField->setCanBeEmpty(true);} |
||
229 | $action = new FormAction("submit", "Update your details"); |
||
230 | $action->addExtraClass("updateButton"); |
||
231 | $actions = new FieldList($action); |
||
232 | } else { |
||
233 | $passwordField = new ConfirmedPasswordField("Password", "Password"); |
||
234 | $action = new FormAction("submit", "Register"); |
||
235 | $action->addExtraClass("registerButton"); |
||
236 | $actions = new FieldList($action); |
||
237 | $member = new Member(); |
||
238 | } |
||
239 | $memberFormFields = $member->getMemberFormFields(); |
||
240 | |||
241 | if ($memberFormFields) { |
||
242 | if (is_array(self::$fields_to_remove) && count(self::$fields_to_remove)) { |
||
243 | foreach (self::$fields_to_remove as $fieldName) { |
||
244 | $memberFormFields->removeByName($fieldName); |
||
245 | } |
||
246 | } |
||
247 | $fields->merge($memberFormFields); |
||
248 | } |
||
249 | if ($passwordField) { |
||
250 | $fields->push($passwordField); |
||
251 | } |
||
252 | foreach (self::$required_fields as $fieldName) { |
||
253 | $fields->fieldByName($fieldName)->addExtraClass("RequiredField"); |
||
254 | } |
||
255 | $requiredFields = new RequiredFields(self::$required_fields); |
||
256 | $form = new Form($this, "Form", $fields, $actions, $requiredFields); |
||
257 | // Load any data avaliable into the form. |
||
258 | if ($member) { |
||
259 | $member->Password = null; |
||
260 | $form->loadDataFrom($member); |
||
261 | } |
||
262 | $data = Session::get("FormInfo.Form_Form.data"); |
||
263 | if (is_array($data)) { |
||
264 | $form->loadDataFrom($data); |
||
265 | } |
||
266 | |||
267 | // Optional spam protection |
||
268 | if (class_exists('SpamProtectorManager')) { |
||
269 | SpamProtectorManager::update_form($form); |
||
270 | } |
||
271 | if (!isset($_REQUEST["Password"])) { |
||
272 | $form->fields()->fieldByName("Password")->SetValue(""); |
||
273 | } |
||
274 | return $form; |
||
275 | } |
||
276 | |||
277 | |||
278 | /** |
||
279 | * Save the changes to the form |
||
280 | */ |
||
281 | public function submit($data, $form) |
||
282 | { |
||
283 | $bt = defined('DB::USE_ANSI_SQL') ? "\"" : "`"; |
||
284 | $member = Member::currentUser(); |
||
285 | $newMember = false; |
||
286 | Session::set("FormInfo.Form_Form.data", $data); |
||
287 | $emailField = new EmailField("Email"); |
||
288 | $emailField->setValue($data["Email"]); |
||
289 | if ($emailField) { |
||
290 | if (!$emailField->validate($form->validator)) { |
||
291 | $form->addErrorMessage("Blurb", $this->ErrorBadEmail, "bad"); |
||
292 | $this->redirectBack(); |
||
293 | return; |
||
294 | } |
||
295 | } |
||
296 | if (!$member) { |
||
297 | $newMember = true; |
||
298 | $member = Object::create('Member'); |
||
299 | $form->sessionMessage($this->WelcomeTitle, 'good'); |
||
300 | $id = 0; |
||
301 | } else { |
||
302 | $form->sessionMessage($this->ThankYouTitle, 'good'); |
||
303 | $id = $member->ID; |
||
304 | } |
||
305 | |||
306 | //validation |
||
307 | if ($existingMember = Member::get()->filter(array("Email" => Convert::raw2sql($data['Email'])))->exclude(array("ID" => $id))->first()) { |
||
308 | $form->addErrorMessage("Blurb", $this->ErrorEmailAddressAlreadyExists, "bad"); |
||
309 | return $this->redirectBack(); |
||
310 | } |
||
311 | // check password fields are the same before saving |
||
312 | if ($data["Password"]["_Password"] != $data["Password"]["_ConfirmPassword"]) { |
||
313 | $form->addErrorMessage("Password", $this->ErrorPasswordDoNotMatch, "bad"); |
||
314 | return $this->redirectBack(); |
||
315 | } |
||
316 | |||
317 | if (!$id && !$data["Password"]["_Password"]) { |
||
318 | $form->addErrorMessage("Password", $this->ErrorMustSupplyPassword, "bad"); |
||
319 | return $this->redirectBack(); |
||
320 | } |
||
321 | $password = $member->Password; |
||
322 | if (isset($data["Password"]["Password"]) && strlen($data["Password"]["Password"]) > 3) { |
||
323 | $password = $data["Password"]["Password"]; |
||
324 | } |
||
325 | $form->saveInto($member); |
||
326 | $member->changePassword($password); |
||
327 | $member->write(); |
||
328 | if ($newMember) { |
||
329 | $form->saveInto($member); |
||
330 | $member->write(); |
||
331 | } |
||
332 | //adding to group |
||
333 | $group = Group::get() |
||
334 | ->filter(array("Code" => self::$register_group_code)) |
||
335 | ->first(); |
||
336 | if ($group) { |
||
337 | $member->Groups()->add($group); |
||
338 | } |
||
339 | if ($newMember) { |
||
340 | $member->logIn(); |
||
341 | $link = ContentController::join_links($this->Link(), 'welcome'); |
||
342 | } else { |
||
343 | $link = ContentController::join_links($this->Link(), 'thanks'); |
||
344 | } |
||
345 | View Code Duplication | if (!isset($_REQUEST["BackURL"]) && Session::get('BackURL')) { |
|
346 | $_REQUEST["BackURL"] = Session::get('BackURL'); |
||
347 | } |
||
348 | View Code Duplication | if (isset($_REQUEST["BackURL"])) { |
|
349 | $link = urldecode($_REQUEST["BackURL"]); |
||
350 | Session::set('BackURL', ''); |
||
351 | } |
||
352 | if ($link) { |
||
353 | return $this->redirect($link); |
||
354 | } |
||
355 | return array(); |
||
356 | } |
||
357 | |||
358 | public function thanks() |
||
359 | { |
||
360 | $member = Member::currentUser(); |
||
361 | if (!$member) { |
||
362 | return $this->redirect($this->Link()); |
||
363 | } |
||
364 | if ($this->numberOfMinutesMemberIsListed($member) < self::get_minutes_before_member_is_not_new_anymore()) { |
||
365 | $this->Title = $this->WelcomeTitle; |
||
366 | $this->Content = $this->WelcomeContent; |
||
367 | } else { |
||
368 | $this->Title = $this->ThankYouTitle; |
||
369 | $this->Content = $this->ThankYouContent; |
||
370 | } |
||
371 | return array(); |
||
372 | } |
||
373 | |||
374 | public function welcome() |
||
375 | { |
||
376 | if (!Member::currentUser()) { |
||
377 | return $this->redirect($this->Link()); |
||
378 | } |
||
379 | $this->Title = $this->WelcomeTitle; |
||
380 | $this->Content = $this->WelcomeContent; |
||
381 | return array(); |
||
382 | } |
||
383 | |||
384 | public function numberOfMinutesMemberIsListed($member) |
||
385 | { |
||
386 | if ($member) { |
||
387 | $timestamp = strtotime(strval($member->Created)); |
||
388 | $nowTimestamp = time(); |
||
389 | return ($nowTimestamp - $timestamp) / 60; |
||
390 | } |
||
391 | return 0; |
||
392 | } |
||
393 | } |
||
394 |
You can fix this by adding a namespace to your class:
When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries.