Cimy User Extra Fields - Version 2.5.5

Version Description

Release Info

Developer	Cimmo
Plugin	Cimy User Extra Fields
Version	2.5.5
Comparing to
See all releases

Code changes from version 2.5.4 to 2.5.5

Files changed (9) hide show

README_OFFICIAL.txt +4 -0
cimy_uef_admin.php +12 -12
cimy_uef_db.php +7 -7
cimy_uef_email_handler.php +2 -2
cimy_uef_functions.php +12 -6
cimy_uef_profile.php +4 -4
cimy_uef_register.php +5 -9
cimy_user_extra_fields.php +2 -2
readme.txt +1 -1

README_OFFICIAL.txt CHANGED Viewed

	@@ -627,6 +627,10 @@ A lot of times I cannot reproduce the problem and I need more details, so if you
627
628
629	CHANGELOG:




630	v2.5.4 - 11/07/2013
631	- Fixed extra fields were not shown on certain themes, like: 'Modular' theme and 'Emporium' theme for WooCommerce (thanks to eArtboard, detoner and Rinaldo Pavanello)
632	- Fixed default directory's permissions on Unix servers was set to 0777, now is handled by WordPress if FS_CHMOD_DIR is not set (thanks to KZeni)


627
628
629	CHANGELOG:
630	+ v2.5.5 - 29/07/2013
631	+ - Fixed mb_strlen is not available by default on PHP, better to use it only if available (regressed on v2.5.2) (thanks to jrmihalick)
632	+ - Fixed wpdb::escape warnings when using WordPress 3.6
633	+
634	v2.5.4 - 11/07/2013
635	- Fixed extra fields were not shown on certain themes, like: 'Modular' theme and 'Emporium' theme for WooCommerce (thanks to eArtboard, detoner and Rinaldo Pavanello)
636	- Fixed default directory's permissions on Unix servers was set to 0777, now is handled by WordPress if FS_CHMOD_DIR is not set (thanks to KZeni)

cimy_uef_admin.php CHANGED Viewed

	@@ -366,7 +366,7 @@ function cimy_admin_define_extra_fields() {
366	$exist = array();
367
368	if ($type != "radio") {
369	- $sql1 = "SELECT id FROM ".$fields_table." WHERE name='"~~.$wpdb->escape~~($name)."' LIMIT 1";
370	$exist = $wpdb->get_row($sql1);
371	}
372
	@@ -741,8 +741,8 @@ function cimy_admin_show_extra_fields($allFields, $submit_msgs, $wp_fields, $err
741	$delSel_caption = $submit_msgs['delSel_caption'];
742	$order_caption = $submit_msgs['order_caption'];
743
744	- $invert_selection_label = ~~$wpdb->escape~~(__("Invert selection", $cimy_uef_domain));
745	- $delete_fields_label = ~~$wpdb->escape~~(__("Are you sure you want to delete field(s) and all data inserted into by users?", $cimy_uef_domain));
746
747	?>
748	<div class="wrap" id="<?php echo $div_id; ?>">
	@@ -1838,18 +1838,18 @@ function cimy_save_field($action, $table, $data) {
1838	$fieldset_sql = ", fieldset=".$fieldset;
1839	}
1840
1841	- $name = ~~$wpdb->escape~~($data['name']);
1842	- $value = ~~$wpdb->escape~~($data['value']);
1843	- $desc = ~~$wpdb->escape~~($data['desc']);
1844
1845	if ($wp_fields)
1846	- $label = ~~$wpdb->escape~~(__($data['label']));
1847	else
1848	- $label = ~~$wpdb->escape~~($data['label']);
1849
1850	- $type = ~~$wpdb->escape~~($data['type']);
1851	- $store_rule = ~~$wpdb->escape~~(serialize($data['store_rule']));
1852	- $num_fields = ~~$wpdb->escape~~($data['num_fields']);
1853
1854	if ($action == "add")
1855	$sql = "INSERT INTO ".$table." ";
	@@ -1861,7 +1861,7 @@ function cimy_save_field($action, $table, $data) {
1861	if ($action == "add")
1862	$sql.= ", F_ORDER=".($num_fields + 1);
1863	else if ($action == "edit") {
1864	- $field_order = ~~$wpdb->escape~~($data['field_order']);
1865	$sql.= " WHERE F_ORDER=".$field_order;
1866	}
1867


366	$exist = array();
367
368	if ($type != "radio") {
369	+ $sql1 = "SELECT id FROM ".$fields_table." WHERE name='".esc_sql($name)."' LIMIT 1";
370	$exist = $wpdb->get_row($sql1);
371	}
372

741	$delSel_caption = $submit_msgs['delSel_caption'];
742	$order_caption = $submit_msgs['order_caption'];
743
744	+ $invert_selection_label = esc_sql(__("Invert selection", $cimy_uef_domain));
745	+ $delete_fields_label = esc_sql(__("Are you sure you want to delete field(s) and all data inserted into by users?", $cimy_uef_domain));
746
747	?>
748	<div class="wrap" id="<?php echo $div_id; ?>">

1838	$fieldset_sql = ", fieldset=".$fieldset;
1839	}
1840
1841	+ $name = esc_sql($data['name']);
1842	+ $value = esc_sql($data['value']);
1843	+ $desc = esc_sql($data['desc']);
1844
1845	if ($wp_fields)
1846	+ $label = esc_sql(__($data['label']));
1847	else
1848	+ $label = esc_sql($data['label']);
1849
1850	+ $type = esc_sql($data['type']);
1851	+ $store_rule = esc_sql(serialize($data['store_rule']));
1852	+ $num_fields = esc_sql($data['num_fields']);
1853
1854	if ($action == "add")
1855	$sql = "INSERT INTO ".$table." ";

1861	if ($action == "add")
1862	$sql.= ", F_ORDER=".($num_fields + 1);
1863	else if ($action == "edit") {
1864	+ $field_order = esc_sql($data['field_order']);
1865	$sql.= " WHERE F_ORDER=".$field_order;
1866	}
1867

cimy_uef_db.php CHANGED Viewed

	@@ -45,14 +45,14 @@ function cimy_plugin_install () {
45
46	foreach ($fields as $field) {
47	$id = $field['ID'];
48	- $name = ~~$wpdb->escape~~(html_entity_decode($field['NAME'], ENT_QUOTES, "UTF-8"));
49	- $label = ~~$wpdb->escape~~(html_entity_decode($field['LABEL'], ENT_QUOTES, "UTF-8"));
50	- $desc = ~~$wpdb->escape~~(html_entity_decode($field['DESCRIPTION'], ENT_QUOTES, "UTF-8"));
51	- $value = ~~$wpdb->escape~~(html_entity_decode($field['VALUE'], ENT_QUOTES, "UTF-8"));
52
53	$rules = unserialize($field['RULES']);
54	$rules['equal_to'] = html_entity_decode($rules['equal_to'], ENT_QUOTES, "UTF-8");
55	- $rules = ~~$wpdb->escape~~(serialize($rules));
56
57	$sql = "UPDATE ".$wpdb_fields_table." SET name='".$name."', value='".$value."', description='".$desc."', label='".$label."', rules='".$rules."' WHERE ID=".$id;
58
	@@ -161,7 +161,7 @@ function cimy_plugin_install () {
161	if (!isset($rule_to_be_updated["show_in_search"]))
162	$rule_to_be_updated["show_in_search"] = true;
163
164	- $sql = "UPDATE ".$the_table." SET RULES='"~~.$wpdb->escape~~(serialize($rule_to_be_updated))."' WHERE ID=".$rule_id;
165	$wpdb->query($sql);
166	}
167	}
	@@ -193,7 +193,7 @@ function cimy_plugin_install () {
193	if (empty($rule_to_be_updated["edit"]))
194	$rule_to_be_updated["edit"] = "ok_edit";
195
196	- $sql = "UPDATE ".$the_table." SET RULES='"~~.$wpdb->escape~~(serialize($rule_to_be_updated))."' WHERE ID=".$rule_id;
197	$wpdb->query($sql);
198	}
199	}


45
46	foreach ($fields as $field) {
47	$id = $field['ID'];
48	+ $name = esc_sql(html_entity_decode($field['NAME'], ENT_QUOTES, "UTF-8"));
49	+ $label = esc_sql(html_entity_decode($field['LABEL'], ENT_QUOTES, "UTF-8"));
50	+ $desc = esc_sql(html_entity_decode($field['DESCRIPTION'], ENT_QUOTES, "UTF-8"));
51	+ $value = esc_sql(html_entity_decode($field['VALUE'], ENT_QUOTES, "UTF-8"));
52
53	$rules = unserialize($field['RULES']);
54	$rules['equal_to'] = html_entity_decode($rules['equal_to'], ENT_QUOTES, "UTF-8");
55	+ $rules = esc_sql(serialize($rules));
56
57	$sql = "UPDATE ".$wpdb_fields_table." SET name='".$name."', value='".$value."', description='".$desc."', label='".$label."', rules='".$rules."' WHERE ID=".$id;
58

161	if (!isset($rule_to_be_updated["show_in_search"]))
162	$rule_to_be_updated["show_in_search"] = true;
163
164	+ $sql = "UPDATE ".$the_table." SET RULES='".esc_sql(serialize($rule_to_be_updated))."' WHERE ID=".$rule_id;
165	$wpdb->query($sql);
166	}
167	}

193	if (empty($rule_to_be_updated["edit"]))
194	$rule_to_be_updated["edit"] = "ok_edit";
195
196	+ $sql = "UPDATE ".$the_table." SET RULES='".esc_sql(serialize($rule_to_be_updated))."' WHERE ID=".$rule_id;
197	$wpdb->query($sql);
198	}
199	}

cimy_uef_email_handler.php CHANGED Viewed

	@@ -260,8 +260,8 @@ function cimy_uef_activate_signup($key) {
260	return new WP_Error('already_active', __('The site is already active.', $cimy_uef_domain), $signup);
261
262	$meta = unserialize($signup->meta);
263	- $user_login = ~~$wpdb->escape~~($signup->user_login);
264	- $user_email = ~~$wpdb->escape~~($signup->user_email);
265
266	if (!empty($meta["cimy_uef_wp_PASSWORD"]))
267	$password = $meta["cimy_uef_wp_PASSWORD"];


260	return new WP_Error('already_active', __('The site is already active.', $cimy_uef_domain), $signup);
261
262	$meta = unserialize($signup->meta);
263	+ $user_login = esc_sql($signup->user_login);
264	+ $user_email = esc_sql($signup->user_email);
265
266	if (!empty($meta["cimy_uef_wp_PASSWORD"]))
267	$password = $meta["cimy_uef_wp_PASSWORD"];

cimy_uef_functions.php CHANGED Viewed

	@@ -45,7 +45,7 @@ function set_cimyFieldValue($user_id, $field_name, $field_value) {
45	if (empty($field_name))
46	return $results;
47
48	- $field_name = ~~$wpdb->escape~~(strtoupper($field_name));
49
50	$sql = "SELECT ID, TYPE, LABEL FROM $wpdb_fields_table WHERE NAME='$field_name'";
51	$efields = $wpdb->get_results($sql, ARRAY_A);
	@@ -94,7 +94,7 @@ function set_cimyFieldValue($user_id, $field_name, $field_value) {
94	if (empty($users))
95	$users[]["ID"] = $user_id;
96
97	- $field_value = ~~$wpdb->escape~~($field_value);
98
99	foreach ($users as $user) {
100	if (!current_user_can('edit_user', $user["ID"]))
	@@ -137,13 +137,13 @@ function get_cimyFieldValue($user_id, $field_name, $field_value=false) {
137
138	if ($field_name) {
139	$field_name = strtoupper($field_name);
140	- $field_name = ~~$wpdb->escape~~($field_name);
141	}
142
143	if ($field_value) {
144	if (is_array($field_value)) {
145	if (isset($field_value['value'])) {
146	- $sql_field_value = ~~$wpdb->escape~~($field_value['value']);
147
148	if ($field_value['like'])
149	$sql_field_value = " AND data.VALUE LIKE '%".$sql_field_value."%'";
	@@ -152,7 +152,7 @@ function get_cimyFieldValue($user_id, $field_name, $field_value=false) {
152	}
153	} else {
154
155	- $field_value = ~~$wpdb->escape~~($field_value);
156	$sql_field_value = " AND data.VALUE='".$field_value."'";
157	}
158	}
	@@ -700,7 +700,7 @@ function cimy_uef_avatar_filter($avatar, $id_or_email, $size, $default, $alt="")
700	// ...or we may have the email
701	$email = $id_or_email;
702
703	- $sql = sprintf("SELECT ID, user_login FROM %s WHERE user_email='%s' LIMIT 1", $wpdb->users, ~~$wpdb->escape~~($email));
704	$res = $wpdb->get_results($sql);
705
706	// something went wrong, aborting and returning normal avatar
	@@ -997,3 +997,9 @@ function cimy_uef_is_multisite_per_blog_installation() {
997	global $cimy_uef_plugins_dir;
998	return is_multisite() && $cimy_uef_plugins_dir != "mu-plugins";
999	}


45	if (empty($field_name))
46	return $results;
47
48	+ $field_name = esc_sql(strtoupper($field_name));
49
50	$sql = "SELECT ID, TYPE, LABEL FROM $wpdb_fields_table WHERE NAME='$field_name'";
51	$efields = $wpdb->get_results($sql, ARRAY_A);

94	if (empty($users))
95	$users[]["ID"] = $user_id;
96
97	+ $field_value = esc_sql($field_value);
98
99	foreach ($users as $user) {
100	if (!current_user_can('edit_user', $user["ID"]))

137
138	if ($field_name) {
139	$field_name = strtoupper($field_name);
140	+ $field_name = esc_sql($field_name);
141	}
142
143	if ($field_value) {
144	if (is_array($field_value)) {
145	if (isset($field_value['value'])) {
146	+ $sql_field_value = esc_sql($field_value['value']);
147
148	if ($field_value['like'])
149	$sql_field_value = " AND data.VALUE LIKE '%".$sql_field_value."%'";

152	}
153	} else {
154
155	+ $field_value = esc_sql($field_value);
156	$sql_field_value = " AND data.VALUE='".$field_value."'";
157	}
158	}

700	// ...or we may have the email
701	$email = $id_or_email;
702
703	+ $sql = sprintf("SELECT ID, user_login FROM %s WHERE user_email='%s' LIMIT 1", $wpdb->users, esc_sql($email));
704	$res = $wpdb->get_results($sql);
705
706	// something went wrong, aborting and returning normal avatar

997	global $cimy_uef_plugins_dir;
998	return is_multisite() && $cimy_uef_plugins_dir != "mu-plugins";
999	}
1000	+
1001	+ function cimy_strlen($str) {
1002	+ if (function_exists("mb_strlen"))
1003	+ return mb_strlen($str);
1004	+ return strlen($str);
1005	+ }

cimy_uef_profile.php CHANGED Viewed

	@@ -303,13 +303,13 @@ function cimy_extract_ExtraFields() {
303
304	if ($type == "file") {
305	// if we do not escape then some translations can break
306	- $warning_msg = ~~$wpdb->escape~~(__("Please upload a file with one of the following extensions", $cimy_uef_domain));
307
308	$obj_style = ' onchange="uploadFile(\'your-profile\', \''.$unique_id.'\', \''.$warning_msg.'\', Array('.$allowed_exts.'));"';
309	}
310	else {
311	// if we do not escape then some translations can break
312	- $warning_msg = ~~$wpdb->escape~~(__("Please upload an image with one of the following extensions", $cimy_uef_domain));
313	$allowed_exts = "'".implode("','", cimy_uef_get_allowed_image_extensions())."'";
314	$obj_style = ' onchange="uploadFile(\'your-profile\', \''.$unique_id.'\', \''.$warning_msg.'\', Array('.$allowed_exts.'));"';
315	}
	@@ -579,7 +579,7 @@ function cimy_update_ExtraFields() {
579	continue;
580	}
581
582	- $prev_value = ~~$wpdb->escape~~(stripslashes($_POST[$input_name."_".$field_id."_prev_value"]));
583	if (cimy_uef_is_field_disabled($type, $rules['edit'], $prev_value))
584	continue;
585
	@@ -597,7 +597,7 @@ function cimy_update_ExtraFields() {
597	else
598	$field_value = substr($field_value, 0, $max_length_value);
599
600	- $field_value = ~~$wpdb->escape~~($field_value);
601
602	if ($i > 0)
603	$field_ids.= ", ";


303
304	if ($type == "file") {
305	// if we do not escape then some translations can break
306	+ $warning_msg = esc_js(__("Please upload a file with one of the following extensions", $cimy_uef_domain));
307
308	$obj_style = ' onchange="uploadFile(\'your-profile\', \''.$unique_id.'\', \''.$warning_msg.'\', Array('.$allowed_exts.'));"';
309	}
310	else {
311	// if we do not escape then some translations can break
312	+ $warning_msg = esc_js(__("Please upload an image with one of the following extensions", $cimy_uef_domain));
313	$allowed_exts = "'".implode("','", cimy_uef_get_allowed_image_extensions())."'";
314	$obj_style = ' onchange="uploadFile(\'your-profile\', \''.$unique_id.'\', \''.$warning_msg.'\', Array('.$allowed_exts.'));"';
315	}

579	continue;
580	}
581
582	+ $prev_value = esc_sql(stripslashes($_POST[$input_name."_".$field_id."_prev_value"]));
583	if (cimy_uef_is_field_disabled($type, $rules['edit'], $prev_value))
584	continue;
585

597	else
598	$field_value = substr($field_value, 0, $max_length_value);
599
600	+ $field_value = esc_sql($field_value);
601
602	if ($i > 0)
603	$field_ids.= ", ";

cimy_uef_register.php CHANGED Viewed

	@@ -56,7 +56,7 @@ function cimy_register_overwrite_password($password) {
56
57	if (!empty($key)) {
58	// seems useless since this code cannot be reached with a bad key anyway you never know
59	- $key = ~~$wpdb->escape~~($key);
60
61	$sql = "SELECT active, meta FROM ".$wpdb->signups." WHERE activation_key='".$key."'";
62	$data = $wpdb->get_results($sql);
	@@ -215,7 +215,7 @@ function cimy_register_user_extra_fields($user_id, $password="", $meta=array())
215	$data = substr($data, 0, $max_length_value);
216	}
217
218	- $data = ~~$wpdb->escape~~($data);
219
220	if ($user_signups)
221	$meta[$input_name] = $data;
	@@ -559,13 +559,11 @@ function cimy_registration_check($user_login, $user_email, $errors) {
559
560	if (in_array($type, $cimy_uef_file_types)) {
561	if ($file_size < $minlen) {
562	-
563	$errors->add($unique_id, '<strong>'.__("ERROR", $cimy_uef_domain).'</strong>: '.$label.' '.__('couldn’t have size less than', $cimy_uef_domain).' '.$minlen.' KB.');
564	}
565	}
566	else {
567	- if (~~mb_strlen~~($value) < $minlen) {
568	-
569	$errors->add($unique_id, '<strong>'.__("ERROR", $cimy_uef_domain).'</strong>: '.$label.' '.__('couldn’t have length less than', $cimy_uef_domain).' '.$minlen.'.');
570	}
571	}
	@@ -577,13 +575,11 @@ function cimy_registration_check($user_login, $user_email, $errors) {
577
578	if (in_array($type, $cimy_uef_file_types)) {
579	if ($file_size != $exactlen) {
580	-
581	$errors->add($unique_id, '<strong>'.__("ERROR", $cimy_uef_domain).'</strong>: '.$label.' '.__('couldn’t have size different than', $cimy_uef_domain).' '.$exactlen.' KB.');
582	}
583	}
584	else {
585	- if (~~mb_strlen~~($value) != $exactlen) {
586	-
587	$errors->add($unique_id, '<strong>'.__("ERROR", $cimy_uef_domain).'</strong>: '.$label.' '.__('couldn’t have length different than', $cimy_uef_domain).' '.$exactlen.'.');
588	}
589	}
	@@ -599,7 +595,7 @@ function cimy_registration_check($user_login, $user_email, $errors) {
599	}
600	}
601	else {
602	- if (~~mb_strlen~~($value) > $maxlen) {
603	$errors->add($unique_id, '<strong>'.__("ERROR", $cimy_uef_domain).'</strong>: '.$label.' '.__('couldn’t have length more than', $cimy_uef_domain).' '.$maxlen.'.');
604	}
605	}


56
57	if (!empty($key)) {
58	// seems useless since this code cannot be reached with a bad key anyway you never know
59	+ $key = esc_sql($key);
60
61	$sql = "SELECT active, meta FROM ".$wpdb->signups." WHERE activation_key='".$key."'";
62	$data = $wpdb->get_results($sql);

215	$data = substr($data, 0, $max_length_value);
216	}
217
218	+ $data = esc_sql($data);
219
220	if ($user_signups)
221	$meta[$input_name] = $data;

559
560	if (in_array($type, $cimy_uef_file_types)) {
561	if ($file_size < $minlen) {

562	$errors->add($unique_id, '<strong>'.__("ERROR", $cimy_uef_domain).'</strong>: '.$label.' '.__('couldn’t have size less than', $cimy_uef_domain).' '.$minlen.' KB.');
563	}
564	}
565	else {
566	+ if (cimy_strlen($value) < $minlen) {

567	$errors->add($unique_id, '<strong>'.__("ERROR", $cimy_uef_domain).'</strong>: '.$label.' '.__('couldn’t have length less than', $cimy_uef_domain).' '.$minlen.'.');
568	}
569	}

575
576	if (in_array($type, $cimy_uef_file_types)) {
577	if ($file_size != $exactlen) {

578	$errors->add($unique_id, '<strong>'.__("ERROR", $cimy_uef_domain).'</strong>: '.$label.' '.__('couldn’t have size different than', $cimy_uef_domain).' '.$exactlen.' KB.');
579	}
580	}
581	else {
582	+ if (cimy_strlen($value) != $exactlen) {

583	$errors->add($unique_id, '<strong>'.__("ERROR", $cimy_uef_domain).'</strong>: '.$label.' '.__('couldn’t have length different than', $cimy_uef_domain).' '.$exactlen.'.');
584	}
585	}

595	}
596	}
597	else {
598	+ if (cimy_strlen($value) > $maxlen) {
599	$errors->add($unique_id, '<strong>'.__("ERROR", $cimy_uef_domain).'</strong>: '.$label.' '.__('couldn’t have length more than', $cimy_uef_domain).' '.$maxlen.'.');
600	}
601	}

cimy_user_extra_fields.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Cimy User Extra Fields
4	Plugin URI: http://www.marcocimmino.net/cimy-wordpress-plugins/cimy-user-extra-fields/
5	Description: Add some useful fields to registration and user's info
6	- Version: 2.5.4
7	Author: Marco Cimmino
8	Author URI: mailto:cimmino.marco@gmail.com
9	License: GPL2
	@@ -161,7 +161,7 @@ add_action('admin_init', 'cimy_uef_admin_init');
161	add_action('init', 'cimy_uef_init');
162
163	$cimy_uef_name = "Cimy User Extra Fields";
164	- $cimy_uef_version = "2.5.4";
165	$cimy_uef_url = "http://www.marcocimmino.net/cimy-wordpress-plugins/cimy-user-extra-fields/";
166	$cimy_project_url = "http://www.marcocimmino.net/cimy-wordpress-plugins/support-the-cimy-project-paypal/";
167


3	Plugin Name: Cimy User Extra Fields
4	Plugin URI: http://www.marcocimmino.net/cimy-wordpress-plugins/cimy-user-extra-fields/
5	Description: Add some useful fields to registration and user's info
6	+ Version: 2.5.5
7	Author: Marco Cimmino
8	Author URI: mailto:cimmino.marco@gmail.com
9	License: GPL2

161	add_action('init', 'cimy_uef_init');
162
163	$cimy_uef_name = "Cimy User Extra Fields";
164	+ $cimy_uef_version = "2.5.5";
165	$cimy_uef_url = "http://www.marcocimmino.net/cimy-wordpress-plugins/cimy-user-extra-fields/";
166	$cimy_project_url = "http://www.marcocimmino.net/cimy-wordpress-plugins/support-the-cimy-project-paypal/";
167

readme.txt CHANGED Viewed

	@@ -5,7 +5,7 @@ Website link: http://www.marcocimmino.net/cimy-wordpress-plugins/cimy-user-extra
5	Tags: cimy, admin, registration, profile, extra fields, avatar, gravatar, recaptcha, captcha
6	Requires at least: 3.1
7	Tested up to: 3.6
8	- Stable tag: 2.5.4
9
10	Add some useful fields to registration and user's info
11


5	Tags: cimy, admin, registration, profile, extra fields, avatar, gravatar, recaptcha, captcha
6	Requires at least: 3.1
7	Tested up to: 3.6
8	+ Stable tag: 2.5.5
9
10	Add some useful fields to registration and user's info
11