checkPassword($password)) { Log::addAuthenticationLog('Login failed (incorrect password): ' . $username); throw new Exception(WT_I18N::translate('The username or password is incorrect.')); } if (!$user->getPreference('verified')) { Log::addAuthenticationLog('Login failed (not verified by user): ' . $username); throw new Exception(WT_I18N::translate('This account has not been verified. Please check your email for a verification message.')); } if (!$user->getPreference('verified_by_admin')) { Log::addAuthenticationLog('Login failed (not approved by admin): ' . $username); throw new Exception(WT_I18N::translate('This account has not been approved. Please wait for an administrator to approve it.')); } Auth::login($user); Log::addAuthenticationLog('Login: ' . Auth::user()->getUserName() . '/' . Auth::user()->getRealName()); $WT_SESSION->timediff = $timediff; $WT_SESSION->locale = Auth::user()->getPreference('language'); $WT_SESSION->theme_dir = Auth::user()->getPreference('theme'); // If we’ve clicked login from the login page, we don’t want to go back there. if (strpos($url, WT_SCRIPT_NAME) === 0) { $url = ''; } // We're logging in as an administrator if (Auth::isAdmin()) { // Check for updates $latest_version_txt = fetch_latest_version(); if (preg_match('/^[0-9.]+\|[0-9.]+\|/', $latest_version_txt)) { list($latest_version, $earliest_version, $download_url) = explode('|', $latest_version_txt); if (version_compare(WT_VERSION, $latest_version)<0) { // An upgrade is available. Let the admin know, by redirecting to the upgrade wizard $url = 'admin_site_upgrade.php'; } } else { // Cannot determine the latest version } } // Redirect to the target URL header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH . $url); // Explicitly write the session data before we exit, // as it doesn’t always happen when using APC. Zend_Session::writeClose(); exit; } catch (Exception $ex) { $message = $ex->getMessage(); } // No break; default: $controller ->setPageTitle(WT_I18N::translate('Login')) ->pageHeader() ->addInlineJavascript(' jQuery("#new_passwd_form").hide(); jQuery("#passwd_click").click(function() { jQuery("#new_passwd_form").slideToggle(100, function() { jQuery("#new_passwd_username").focus() }); return false; }); '); echo '
'; echo '
'; switch (WT_Site::getPreference('WELCOME_TEXT_AUTH_MODE')) { case 1: echo WT_I18N::translate('
Welcome to this genealogy website

Access to this site is permitted to every visitor who has a user account.

If you have a user account, you can login on this page. If you don’t have a user account, you can apply for one by clicking on the appropriate link below.

After verifying your application, the site administrator will activate your account. You will receive an email when your application has been approved.'); break; case 2: echo WT_I18N::translate('
Welcome to this genealogy website

Access to this site is permitted to authorized users only.

If you have a user account you can login on this page. If you don’t have a user account, you can apply for one by clicking on the appropriate link below.

After verifying your information, the administrator will either approve or decline your account application. You will receive an email message when your application has been approved.'); break; case 3: echo WT_I18N::translate('
Welcome to this genealogy website

Access to this site is permitted to family members only.

If you have a user account you can login on this page. If you don’t have a user account, you can apply for one by clicking on the appropriate link below.

After verifying the information you provide, the administrator will either approve or decline your request for an account. You will receive an email when your request is approved.'); break; case 4: echo '

', WT_Site::getPreference('WELCOME_TEXT_AUTH_MODE_'.WT_LOCALE), '

'; break; } echo '
'; echo '
'; if ($message) { echo '

', $message, '

'; } echo '
'; // Emails are sent from a TREE, not from a SITE. Therefore if there is no // tree available (initial setup or all trees private), then we can't send email. if ($WT_TREE) { echo '
', WT_I18N::translate('Request new password'), '
'; if (WT_Site::getPreference('USE_REGISTRATION_MODULE')) { echo '
', WT_I18N::translate('Request new user account'), '
'; } } echo '
'; // hidden New Password block echo '

', WT_I18N::translate('Lost password request'), '

'; echo '
'; echo '
'; break; case 'requestpw': $controller ->setPageTitle(WT_I18N::translate('Lost password request')) ->pageHeader(); echo '
'; $user_name = WT_Filter::post('new_passwd_username', WT_REGEX_USERNAME); $user = User::findByIdentifier($user_name); if ($user) { $passchars = 'abcdefghijklmnopqrstuvqxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; $user_new_pw = ''; $max = strlen($passchars)-1; for ($i=0; $i<8; $i++) { $index = rand(0,$max); $user_new_pw .= $passchars{$index}; } $user->setPassword($user_new_pw); Log::addAuthenticationLog('Password request was sent to user: ' . $user->getUserName()); WT_Mail::systemMessage( $WT_TREE, $user, WT_I18N::translate('Lost password request'), WT_I18N::translate('Hello %s…', $user->getRealName()) . WT_Mail::EOL . WT_Mail::EOL . WT_I18N::translate('A new password was requested for your user name.') . WT_Mail::EOL . WT_Mail::EOL . WT_I18N::translate('Username') . ": " . $user->getUserName() . WT_Mail::EOL . WT_I18N::translate('Password') . ": " . $user_new_pw . WT_Mail::EOL . WT_Mail::EOL . WT_I18N::translate('After you have logged in, select the “My account” link under the “My page” menu and fill in the password fields to change your password.') . WT_Mail::EOL . WT_Mail::EOL . '' . WT_SERVER_NAME . WT_SCRIPT_PATH . 'login.php?ged=' . WT_GEDURL . '' ); } // Show a success message, even if the user account does not exist. // Otherwise this page can be used to guess/test usernames. // A genuine user will hopefully always know their own email address. echo '

', /* I18N: %s is a username */ WT_I18N::translate('A new password has been created and emailed to %s. You can change this password after you login.', $user_name), '

'; echo '
'; break; case 'register': if (!WT_Site::getPreference('USE_REGISTRATION_MODULE')) { header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH); exit; } $controller->setPageTitle(WT_I18N::translate('Request new user account')); // The form parameters are mandatory, and the validation errors are shown in the client. if ($WT_SESSION->good_to_send && $user_name && $user_password01 && $user_password01==$user_password02 && $user_realname && $user_email && $user_comments) { // These validation errors cannot be shown in the client. if (User::findByIdentifier($user_name)) { WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.')); } elseif (User::findByIdentifier($user_email)) { WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate email address. A user with that email already exists.')); } elseif (preg_match('/(?!'.preg_quote(WT_SERVER_NAME, '/').')(((?:ftp|http|https):\/\/)[a-zA-Z0-9.-]+)/', $user_comments, $match)) { WT_FlashMessages::addMessage( WT_I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . WT_I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]) ); Log::addAuthenticationLog('Possible spam registration from "' . $user_name . '"/"' . $user_email . '" comments="' . $user_comments . '"'); } else { // Everything looks good - create the user $controller->pageHeader(); Log::addAuthenticationLog('User registration requested for: ' . $user_name); $user = User::create($user_name, $user_realname, $user_email, $user_password01); $user ->setPreference('language', WT_LOCALE) ->setPreference('verified', 0) ->setPreference('verified_by_admin', !$REQUIRE_ADMIN_AUTH_REGISTRATION) ->setPreference('reg_timestamp', date('U')) ->setPreference('reg_hashcode', md5(Uuid::uuid4())) ->setPreference('contactmethod', 'messaging2') ->setPreference('comment', $user_comments) ->setPreference('visibleonline', 1) ->setPreference('editaccount', 1) ->setPreference('auto_accept', 0) ->setPreference('canadmin', 0) ->setPreference('sessiontime', 0); // Generate an email in the admin’s language $webmaster = User::find($WT_TREE->getPreference('WEBMASTER_USER_ID')); WT_I18N::init($webmaster->getPreference('language')); $mail1_body = WT_I18N::translate('Hello administrator…') . WT_Mail::EOL . WT_Mail::EOL . /* I18N: %s is a server name/URL */ WT_I18N::translate('A prospective user has registered with webtrees at %s.', WT_SERVER_NAME . WT_SCRIPT_PATH . ' ' . $WT_TREE->tree_title_html) . WT_Mail::EOL . WT_Mail::EOL . WT_I18N::translate('Username') . ' ' . $user->getUserName() . WT_Mail::EOL . WT_I18N::translate('Real name') . ' ' . $user->getRealName() . WT_Mail::EOL . WT_I18N::translate('Email address:') . ' ' . $user->getEmail() . WT_Mail::EOL . WT_I18N::translate('Comments') . ' ' . $user_comments . WT_Mail::EOL . WT_Mail::EOL . WT_I18N::translate('The user has been sent an e-mail with the information necessary to confirm the access request') . WT_Mail::EOL . WT_Mail::EOL; if ($REQUIRE_ADMIN_AUTH_REGISTRATION) { $mail1_body .= WT_I18N::translate('You will be informed by e-mail when this prospective user has confirmed the request. You can then complete the process by activating the user name. The new user will not be able to login until you activate the account.'); } else { $mail1_body .= WT_I18N::translate('You will be informed by e-mail when this prospective user has confirmed the request. After this, the user will be able to login without any action on your part.'); } $mail1_body .= WT_Mail::auditFooter(); $mail1_subject = /* I18N: %s is a server name/URL */ WT_I18N::translate('New registration at %s', WT_SERVER_NAME . WT_SCRIPT_PATH . ' ' . $WT_TREE->tree_title); WT_I18N::init(WT_LOCALE); echo '
'; // Generate an email in the user’s language $mail2_body= WT_I18N::translate('Hello %s…', $user->getRealName()) . WT_Mail::EOL . WT_Mail::EOL . /* I18N: %1$s is the site URL and %2$s is an email address */ WT_I18N::translate('You (or someone claiming to be you) has requested an account at %1$s using the email address %2$s.', WT_SERVER_NAME . WT_SCRIPT_PATH . ' ' . $WT_TREE->tree_title_html, $user->getEmail()) . ' '. WT_I18N::translate('Information about the request is shown under the link below.') . WT_Mail::EOL . WT_I18N::translate('Please click on the following link and fill in the requested data to confirm your request and email address.') . WT_Mail::EOL . WT_Mail::EOL . '' . WT_LOGIN_URL . "?user_name=".urlencode($user->getUserName())."&user_hashcode=".urlencode($user->getPreference('reg_hashcode'))."&action=userverify" . '' . WT_Mail::EOL . WT_Mail::EOL . WT_I18N::translate('Username') . " " . $user->getUserName() . WT_Mail::EOL . WT_I18N::translate('Verification code:') . " " . $user->getPreference('reg_hashcode') . WT_Mail::EOL . WT_I18N::translate('Comments').": " . $user->getPreference('comment') . WT_Mail::EOL . WT_I18N::translate('If you didn’t request an account, you can just delete this message.') . WT_Mail::EOL; $mail2_subject = /* I18N: %s is a server name/URL */ WT_I18N::translate('Your registration at %s', WT_SERVER_NAME.WT_SCRIPT_PATH); $mail2_to = $user->getEmail(); $mail2_from = $WEBTREES_EMAIL; // Send user message by email only WT_Mail::send( // From: $WT_TREE, // To: $mail2_to, $mail2_to, // Reply-To: $mail2_from, $mail2_from, // Message $mail2_subject, $mail2_body ); // Send admin message by email and/or internal messaging WT_Mail::send( // From: $WT_TREE, // To: $webmaster->getEmail(), $webmaster->getRealName(), // Reply-To: $WEBTREES_EMAIL, $WEBTREES_EMAIL, // Message $mail1_subject, $mail1_body ); $mail1_method = $webmaster->getPreference('contact_method'); if ($mail1_method!='messaging3' && $mail1_method!='mailto' && $mail1_method!='none') { WT_DB::prepare("INSERT INTO `##message` (sender, ip_address, user_id, subject, body) VALUES (? ,? ,? ,? ,?)") ->execute(array($user->getEmail(), $WT_REQUEST->getClientIp(), $webmaster->getUserId(), $mail1_subject, WT_Filter::unescapeHtml($mail1_body))); } echo '

', WT_I18N::translate('Hello %s…
Thank you for your registration.', $user->getRealName()), '

'; if ($REQUIRE_ADMIN_AUTH_REGISTRATION) { echo WT_I18N::translate('We will now send a confirmation email to the address %s. You must verify your account request by following instructions in the confirmation email. If you do not confirm your account request within seven days, your application will be rejected automatically. You will have to apply again.

After you have followed the instructions in the confirmation email, the administrator still has to approve your request before your account can be used.

To login to this site, you will need to know your user name and password.', $user->getEmail()); } else { echo WT_I18N::translate('We will now send a confirmation email to the address %s. You must verify your account request by following instructions in the confirmation email. If you do not confirm your account request within seven days, your application will be rejected automatically. You will have to apply again.

After you have followed the instructions in the confirmation email, you can login. To login to this site, you will need to know your user name and password.', $user->getEmail()); } echo '

'; echo '
'; exit; } } $WT_SESSION->good_to_send = true; $controller ->pageHeader() ->addInlineJavascript('function regex_quote(str) {return str.replace(/[\\\\.?+*()[\](){}|]/g, "\\\\$&");}'); echo '

', $controller->getPageTitle(), '

'; if (WT_Site::getPreference('SHOW_REGISTER_CAUTION')) { echo '
'; echo WT_I18N::translate('
Notice:
By completing and submitting this form, you agree:
  • to protect the privacy of living individuals listed on our site;
  • and in the text box below, to explain to whom you are related, or to provide us with information on someone who should be listed on our site.
'); echo '
'; } echo '

', WT_I18N::translate('All fields must be completed.'), '



'; break; case 'userverify': if (!WT_Site::getPreference('USE_REGISTRATION_MODULE')) { header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH); exit; } // Change to the new user’s language $user = User::findByIdentifier($user_name); WT_I18N::init($user->getPreference('language')); $controller->setPageTitle(WT_I18N::translate('User verification')); $controller->pageHeader(); echo '

', WT_I18N::translate('User verification'), '

'; break; case 'verify_hash': if (!WT_Site::getPreference('USE_REGISTRATION_MODULE')) { header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH); exit; } // switch language to webmaster settings $webmaster = User::find($WT_TREE->getPreference('WEBMASTER_USER_ID')); WT_I18N::init($webmaster->getPreference('language')); $user = User::findByIdentifier($user_name); $mail1_body = WT_I18N::translate('Hello administrator…') . WT_Mail::EOL . WT_Mail::EOL . /* I18N: %1$s is a real-name, %2$s is a username, %3$s is an email address */ WT_I18N::translate( 'A new user (%1$s) has requested an account (%2$s) and verified an email address (%3$s).', $user->getRealName(), $user->getUserName(), $user->getEmail() ) . WT_Mail::EOL . WT_Mail::EOL; if ($REQUIRE_ADMIN_AUTH_REGISTRATION && !$user->getPreference('verified_by_admin')) { $mail1_body .= WT_I18N::translate('You now need to review the account details, and set the “approved” status to “yes”.'); } else { $mail1_body .= WT_I18N::translate('You do not have to take any action; the user can now login.'); } $mail1_body .= WT_Mail::EOL . '' . WT_SERVER_NAME.WT_SCRIPT_PATH."admin_users.php?filter=" . rawurlencode($user->getUserName()) . '' . WT_Mail::auditFooter(); $mail1_subject = /* I18N: %s is a server name/URL */ WT_I18N::translate('New user at %s', WT_SERVER_NAME . WT_SCRIPT_PATH . ' ' . $WT_TREE->tree_title); // Change to the new user’s language WT_I18N::init($user->getPreference('language')); $controller->setPageTitle(WT_I18N::translate('User verification')); $controller->pageHeader(); echo '
'; echo '

'.WT_I18N::translate('User verification').'

'; echo '
'; echo WT_I18N::translate('The data for the user %s was checked.', $user_name); if ($user) { if ($user->checkPassword($user_password) && $user->getPreference('reg_hashcode') == $user_hashcode) { WT_Mail::send( // From: $WT_TREE, // To: $webmaster->getEmail(), $webmaster->getRealName(), // Reply-To: $WEBTREES_EMAIL, $WEBTREES_EMAIL, // Message $mail1_subject, $mail1_body ); $mail1_method = $webmaster->getPreference('CONTACT_METHOD'); if ($mail1_method!='messaging3' && $mail1_method!='mailto' && $mail1_method!='none') { WT_DB::prepare("INSERT INTO `##message` (sender, ip_address, user_id, subject, body) VALUES (? ,? ,? ,? ,?)") ->execute(array($user_name, $WT_REQUEST->getClientIp(), $webmaster->getUserId(), $mail1_subject, WT_Filter::unescapeHtml($mail1_body))); } $user ->setPreference('verified', 1) ->setPreference('reg_timestamp', date("U")) ->setPreference('reg_hashcode', null); if (!$REQUIRE_ADMIN_AUTH_REGISTRATION) { set_user_setting($user_id, 'verified_by_admin', 1); } Log::addAuthenticationLog('User ' . $user_name . ' verified their email address'); echo '

'.WT_I18N::translate('You have confirmed your request to become a registered user.').'

'; if ($REQUIRE_ADMIN_AUTH_REGISTRATION && !$user->getPreference('verified_by_admin')) { echo WT_I18N::translate('The administrator has been informed. As soon as he gives you permission to login, you can login with your user name and password.'); } else { echo WT_I18N::translate('You can now login with your user name and password.'); } echo '

'; } else { Log::addAuthenticationLog('User ' . $user_name . ' failed to verify their email address'); echo '

'; echo ''; echo WT_I18N::translate('Data was not correct, please try again'); echo '

'; } } else { echo '

'; echo ''; echo WT_I18N::translate('Could not verify the information you entered. Please try again or contact the site administrator for more information.'); echo ''; } echo '
'; echo '
'; break; }