public function testCreateUser()
{
$user = new User('Nathan', '*****@*****.**');
$user->password = '******';
$user->passwordConfirmation = 'azerty';
$key = $user->save();
$this->assertNotNull($key);
$nathan = User::getUserByName('Nathan');
$nathan2 = User::getUserByEmail('*****@*****.**');
$this->assertEquals('Nathan', $nathan2->username);
$this->assertTrue($nathan->isLocked());
$this->assertNotNull($nathan);
$this->assertTrue($nathan->checkPassword('azerty'));
$this->assertFalse($nathan->checkPassword('qwerty'));
$this->assertNull(User::getUserByName('nathan'));
$this->assertFalse($nathan->unlock('wrongkey'));
$this->assertTrue($nathan->isLocked());
$this->assertTrue($nathan->unlock($key));
$this->assertFalse($nathan->isLocked());
$nathan->save();
$nathan = User::getUserByName('Nathan');
$this->assertFalse($nathan->isLocked());
}
public function actionEdit()
{
$categories = Category::getCategoryList();
if (!$categories) {
$categories = array();
}
$email = User::isLogged();
$user = User::getUserByEmail($email);
$name = $user['name'];
$password = '';
$result = '';
if (isset($_POST['submit'])) {
$name = FunctionLibrary::clearStr($_POST['name']);
$password = FunctionLibrary::clearStr($_POST['password']);
$errors = array();
if (!User::checkName($name)) {
$errors[] = 'Имя должно быть больше 1 символа.';
}
if (!User::checkPassword($password)) {
$errors[] = 'Пароль должен быть больше 5 символов.';
}
if (empty($errors)) {
$result = User::edit($user['id'], $name, $password);
}
}
require_once ROOT . '/views/cabinet/edit.php';
return true;
}
public function getSessionInfoUser()
{
$email = $this->getSession("email");
include_once 'model/user.php';
$user = new User();
$datainfo = $user->getUserByEmail($email);
return $datainfo;
}
public function __construct()
{
$email = User::isLogged();
$user = User::getUserByEmail($email);
if ($user['role'] == 'super_admin' || $user['role'] == 'admin') {
return true;
}
die('Access denied.');
}
public static function attempt($email, $password)
{
$results = User::getUserByEmail($email);
$userId = $results['email'];
$passwordHash = $results['password'];
if (password_verify($password, $passwordHash)) {
$_SESSION['LOGGED_IN_USER'] = $email;
$_SESSION['email'] = $userId;
return true;
}
}
<?php
include "src/Koneksi.php";
include "src/User.php";
$user = new User($dbh);
if (isset($_POST["ForgotPassword"])) {
if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
$email = $_POST["email"];
} else {
echo "email is not valid";
exit;
}
$userExist = $user->getUserByEmail($_POST['email']);
if ($userExist["email"]) {
$salt = "498#2D83B631%3800EBD!801600D*7E3CC13";
$password = hash('sha512', $salt . $userExist["email"]);
//$pwrurl = "localhost/pangeran-shoop/reset_password.php?q=".$password;
echo "<a href='reset_password.php?q={$password}'>click link for reset your password</a>";
/*$mailbody = "Dear user,\n\nIf this e-mail does not apply to you please ignore it.
It appears that you have requested a password reset at our website
shoop.pangeranweb.com\n\nTo reset your password, please click the link below.
If you cannot click it, please paste it into your web browser's
address bar.\n\n" . $pwrurl . "\n\nThanks,\nThe Administration";
mail($userExist["email"], "shoop.pangeranweb.com - Password Reset", $mailbody);
echo "Your password recovery key has been sent to your e-mail address.";
*/
} else {
echo "No user with that e-mail address exists.";
}
$email = htmlspecialchars($_POST[$FIELD_EMAIL]);
$email = DB::escapeString($email);
$email = strtolower($email);
$pw = $_POST[$FIELD_PWD];
// check if login data is valid and correct
if (!Auth::checkLogin($email, $pw)) {
throw new Exception(I18n::t('login.err.notcorrect'));
}
} catch (Exception $e) {
$errorMessage = $e->getMessage();
}
// validation is successful
if (!isset($errorMessage)) {
$displayForm = false;
// perform the actual login
$user = User::getUserByEmail($email);
if (!$user || is_null($user)) {
$message = I18n::t('login.err.general');
} else {
// save user object to session
$_SESSION['user'] = $user;
// determine where to redirect user to
if (isset($_SESSION['REQUEST_URI']) && !empty($_SESSION['REQUEST_URI'])) {
$redirectTo = $_SESSION['REQUEST_URI'];
unset($_SESSION['REQUEST_URI']);
} else {
$redirectTo = 'index.php';
}
FileFunctions::log("redirecting to {$redirectTo} ..");
header("location:{$redirectTo}");
}
}
include "../../bossflex/DB/Models/User.php";
include "../../bossflex/DB/Models/Company.php";
include "../../bossflex/DB/Models/Employee.php";
include "../../bossflex/DB/Models/UserRole.php";
include "../../bossflex/DB/Models/DisableCode.php";
$newUser = true;
$User = null;
$Company = Company::getCompanyByID($_SESSION['hradmin']['CID']);
$Employee = null;
$AdminCname = $Company->getCname();
if (isset($_GET['Email']) || isset($_GET['id'])) {
/** @var User $User */
if (isset($_GET['Email'])) {
$Email = urldecode($_GET['Email']);
$User = User::getUserByEmail($Email);
} else {
$User = User::getUserByEmpInfo($_GET['id'], $_SESSION['hradmin']['CID']);
}
if (!$User) {
echo "<h3>User does not exist</h3>";
} else {
if ($User->getCID() != $_SESSION['hradmin']['CID'] && $_SESSION['hradmin']['CID'] != 1) {
include_once "../../bossflex/Helpers/ErrorReport.php";
$curUser = $_SESSION['hradmin']['UID'];
$error = "Attempt to access invalid data by UserID: " . $curUser;
ErrorReport::send($_SERVER["SCRIPT_NAME"], $error, $_SERVER['REMOTE_ADDR'], true);
//Act like an user doesn't exist in the system and turn into Add User page
echo "<h3>User does not exist</h3>";
} else {
/** @var Employee $Employee */
<?php
require_once 'lib/path.php';
if (isset($_POST['submit'])) {
header('Location: lostpass.php');
}
$user = User::getUserByEmail($_POST['email']);
if ($user) {
$pass = User::createPassword();
$user->changePassword($pass);
$to = $_POST['email'];
$subject = 'IRIN - Password Reset';
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1" . "\r\n";
$headers .= "From: IRIN <*****@*****.**>" . "\r\n";
$message = 'You have requested a new password.<br /><br /><b>Login ID:</b> ' . $user->getUsername() . '<br /><b>New Password:</b> ' . $pass;
//mail($to, $subject, $message, $headers);
$mail->setFrom('*****@*****.**', 'IRIN');
$mail->addAddress($to);
$mail->Subject = $subject;
$mail->Body = $message;
if (!$mail->send()) {
throw new MailException($mail->ErrorInfo);
}
echo 'true';
} else {
echo 'false';
}
// sanitize the userId
$userId = filter_input(INPUT_GET, "userId", FILTER_VALIDATE_INT);
// sanitize the email
$email = filter_input(INPUT_GET, "email", FILTER_SANITIZE_EMAIL);
// grab the mySQL connection
$pdo = connectToEncryptedMySql("/etc/apache2/ninja-mysql/appsbyninja.ini");
// handle all RESTful calls to User today
// get some or all Users
if ($method === "GET") {
// set an XSRF cookie on GET requests
setXsrfCookie("/");
if (empty($userId) === false) {
$reply->data = User::getUserByUserId($pdo, $userId);
} else {
if (empty($email) === false) {
$reply->data = User::getUserByEmail($pdo, $email);
} else {
$reply->data = User::getAllUsers($pdo);
}
}
// post to a new User
} else {
if ($method === "POST") {
// convert POSTed JSON to an object
verifyXsrf();
$requestContent = file_get_contents("php://input");
$requestObject = json_decode($requestContent);
if ($requestObject->password !== $requestObject->passwordConfirm) {
throw new InvalidArgumentException("passwords do not match", 400);
}
$salt = bin2hex(openssl_random_pseudo_bytes(32));
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
// prepare a default error message
$reply = new stdClass();
$reply->status = 401;
$reply->message = "Username/password incorrect";
try {
// grab the mySQL connection
$pdo = connectToEncryptedMySql("/etc/apache2/capstone-mysql/invtext.ini");
// convert POSTed JSON to an object
verifyXsrf();
$requestContent = file_get_contents("php://input");
$requestObject = json_decode($requestContent);
// sanitize the email & search by Email
$email = filter_var($requestObject->email, FILTER_SANITIZE_EMAIL);
$user = User::getUserByEmail($pdo, $email);
if ($user !== null) {
$hash = hash_pbkdf2("sha512", $requestObject->password, $user->getSalt(), 262144, 128);
if ($hash === $user->getHash()) {
$_SESSION["user"] = $user;
$reply->status = 200;
$reply->message = "User logged in";
}
}
// create an exception to pass back to the RESTful caller
} catch (Exception $exception) {
// ignore them - the default error message will take over
}
header("Content-type: application/json");
echo json_encode($reply);
<?php
require 'include/config.php';
if (!isset($_GET['email']) || !isset($_GET['product'])) {
die('Both email and product id are required!');
}
require 'include/class.product.php';
$p = new Product($db);
$product = $p->getProduct($_GET['product']);
if (!isset($product['id'])) {
die('Product does not exist!');
}
include "go_template.html";
require 'include/class.user.php';
$u = new User($db);
$user = $u->getUserByEmail($_GET['email']);
if (!isset($user['id'])) {
$u->Insert(array('name' => 'Unknown user', 'email' => $_GET['email'], 'source' => isset($_GET['source']) ? $_GET['source'] : ''));
$user = $u->getUserByEmail($_GET['email']);
}
require 'include/class.tracking.php';
$t = new Tracking($db);
$hash = $t->newSession(array('user_id' => $user['id'], 'product_id' => $product['id'], 'source' => 'forwarder', 'cid' => $_GET['cid']));
$link = $product['networkLink'];
if (strlen($product['parameter']) > 0) {
if (strpos($link, '?') !== false) {
$link .= "&" . $product['parameter'];
} else {
$link .= "?" . $product['parameter'];
}
}
<?php
include "src/Koneksi.php";
include "src/User.php";
$error = "";
$User = new User($dbh);
if (isset($_POST['submit'])) {
if (empty($_POST['email'])) {
$error .= "<p>Email harus diisi</p>";
}
if (empty($_POST['password'])) {
$error .= "<p>Password harus diisi</p>";
}
if (empty($error)) {
$data_user = $User->getUserByEmail($_POST['email']);
if (empty($data_user)) {
$error .= "Email dan Password tidak valid";
} else {
if ($data_user['password'] != md5($_POST['password'])) {
$error .= "Email dan Password tidak valid";
} else {
$_SESSION['user'] = $data_user;
echo "\n\t\t\t\t\t<script>\n\t\t\t\t\t\twindow.location = 'index.php';\n\t\t\t\t\t</script>\n\t\t\t\t";
}
}
}
}
include "view/login.php";
/**
* @post
*/
public function confirmreset($username, $email, $response,
$image = null, $audio = null, $refresh = null)
{
$newCaptcha = false;
if (!($image || $audio || $refresh))
{
$error = '';
if ($username != null)
{
$user = User::getUserByName($username);
if (! $user) $error = t('Username not found');
}
else if ($email != null)
{
$user = User::getUserByEmail($email);
if (! $user) $error = t('Email not found');
}
else
{
$error = t('You have to give your username or email');
}
if (! $error)
{
$captcha = MollomCaptcha::check($response);
if ($captcha)
{
$error = t('Resetting your password failed');
}
}
else
{
$captcha = MollomCaptcha::refresh();
}
}
else
{
$error = false;
if ($image)
{
$captcha = MollomCaptcha::refresh('image');
}
else if ($audio)
{
$captcha = MollomCaptcha::refresh('audio');
}
else
{
$captcha = MollomCaptcha::refresh();
}
$newCaptcha = true;
}
// Still all ok
if (!$newCaptcha && ! $error)
{
// prepare reset;
$mail = $this->mail();
$mail->username = $user->username;
$site = CoOrg::config()->get('site/title');
$key = $user->resetPassword();
$user->save();
$mail->site = $site;
$mail->renewURL = CoOrg::createFullURL(array('user/password/renew', $user->username, $key));
$mail->to($user->email)
->subject(t('%site: Your account information', array('site' => $site)))
->send('mails/passwordreset');
$this->notice(t('A mail has been sent to you. Please follow the directions to set a new password for your account.'));
$this->redirect('/');
}
else
{
$reset = new ResetPassword;
$reset->username = $username;
$reset->email = $email;
$this->resetPassword = $reset;
$this->resetCaptcha = $captcha;
if ($error)
{
$this->error($error);
}
$this->render('resetpassword');
}
}
function validateUniqueUser($value, $field, $idval = -1)
{
global $VALIDATE_TEXT;
$VALIDATE_TEXT = "";
// do the provider check
$checkItem = new User();
switch ($field) {
case "username":
$checkItem->getUserByUsername($value);
break;
case "email":
$checkItem->getUserByEmail($value);
break;
default:
echo "Invalid field type ({$field}) for validateUniqueUser";
return false;
}
if ($checkItem->pk == 0 || $checkItem->pk == $idval) {
// no item by this field or current item is using it which is ok
$VALIDATE_TEXT = "";
return true;
}
$VALIDATE_TEXT = "Item is not unique, enter another";
return false;
}
/**
* test grabbing a User by an email that does not exists
**/
public function testGetInvalidUserByEmail()
{
// grab an email that does not exist
$user = User::getUserByEmail($this->getPDO(), $this->INVALID_email);
$this->assertNull($user);
}
//for managing active links on multiple menus
// connect to database
require 'sql/mysqlconnect.php';
// check authentication
require 'include/check_authentic.php';
// get POST var
$email = mysql_real_escape_string($_POST['email']);
$errors = 0;
$Message = "Please enter your email address below then click on the <strong>Submit</strong> button.<br/> A new password will be emailed to you.<br/>";
if (!$email) {
$errors++;
}
// quick check to see if email exists
$thisUser = new User();
if ($errors == 0) {
$thisUser->getUserByEmail($email);
if ($thisUser->pk == 0) {
$Message = "<span class='error'>That email address does not exist in the system.</span><br />";
$errors++;
}
}
if ($errors == 0) {
$random_password = makeRandomPassword();
$thisUser->setPassword($random_password);
$thisUser->save();
writeLog($TOOL_SHORT, $_SERVER["REMOTE_ADDR"], "password reset: {$email}");
$subject = "Sakai Web Account- User Account password reset";
$mail_message = "Hi, we have reset your password.\r\n\r\nUsername: {$thisUser->username}\r\nNew Password: {$random_password}\r\n\r\nLogin using the URL below:\n" . $SERVER_NAME . $TOOL_PATH . "/login.php\r\n\r\nYou can change your password in My Account after you login.\r\n\r\nThanks!\r\n{$TOOL_NAME} automatic mailer\r\n\r\nThis is an automated response, please do not reply!";
ini_set(SMTP, $MAIL_SERVER);
$headers = 'From: ' . $HELP_EMAIL . "\n";
$headers .= 'Return-Path: ' . $HELP_EMAIL . "\n";
public function actionOrder()
{
$categories = Category::getCategoryList();
if (!$categories) {
$categories = array();
}
$name = '';
$phone = '';
$message = '';
$result = '';
if (isset($_POST['submit'])) {
$name = FunctionLibrary::clearStr($_POST['name']);
$phone = FunctionLibrary::clearStr($_POST['phone']);
$message = FunctionLibrary::clearStr($_POST['message']);
$errors = array();
if (!User::checkName($name)) {
$errors[] = 'Имя должно быть больше 1 символа.';
}
if (!User::checkPhone($phone)) {
$errors[] = 'Невалидный телефон.';
}
if (!User::checkName($message)) {
$errors[] = 'Сообщение не может быть пустым.';
}
$sessionProducts = Cart::returnSessionProducts();
if ($sessionProducts) {
$idsArray = array_keys($sessionProducts);
$products = Product::getProductsInCart($idsArray);
$totalPrice = Cart::getTotalPrice($products);
$totalCount = Cart::countProductsInCart();
if (User::isUser()) {
$email = User::isLogged();
$user = User::getUserByEmail($email);
$userName = $user['name'];
$userId = $user['id'];
} else {
$userName = '';
$userId = 0;
}
}
if (empty($errors)) {
$result = Order::save($name, $phone, $message, $userId, $sessionProducts);
if ($result) {
$adminEmail = '*****@*****.**';
$sub = "Новый заказ";
$mess = "{$message}";
mail($adminEmail, $sub, $mess);
$_SESSION['message'] = 'Заказ оформлен';
Cart::deleteProductsInCart();
FunctionLibrary::redirectTo('/cart');
}
}
} else {
/* Выясняем есть ли товары в корзине */
$sessionProducts = Cart::returnSessionProducts();
if (!$sessionProducts) {
FunctionLibrary::redirectTo('/');
} else {
$idsArray = array_keys($sessionProducts);
$products = Product::getProductsInCart($idsArray);
$totalPrice = Cart::getTotalPrice($products);
$totalCount = Cart::countProductsInCart();
}
/* Выясняем зарегистрирован ли покупатель */
if (User::isUser()) {
$email = User::isLogged();
$user = User::getUserByEmail($email);
$userName = $user['name'];
} else {
$userName = '';
}
}
require_once ROOT . '/views/cart/order.php';
return true;
}
<?php
session_start();
if (isset($_SESSION["bfUser"])) {
header("Location: Home.php");
/* Redirect browser */
exit;
} else {
if (isset($_POST["email_adr"]) && isset($_POST["user_password"])) {
include "../../bossflex/DB/Models/User.php";
include "../../bossflex/DB/Models/Auth.php";
$User = User::getUserByEmail($_POST["email_adr"]);
if ($User && $User->getCID() == 1) {
$auth = Auth::getAuth($User);
if ($auth->validLogin($_POST["user_password"])) {
$_SESSION['bfUser'] = $User->getProperties();
header("Location: Home.php");
/* Redirect browser */
}
}
echo "<h3>Sorry, the credentials entered are incorrect</h3>";
}
}
?>
<form action="Login.php" method="post">
Email<br>
<input type="email" name="email_adr" value=""><br><br>
Password<br>
<input type="password" name="user_password" value=""><br><br>
<input type="submit" value="Submit">
</form>
<tr>
<td colspan="2"><button id="create" name="create" class="btn btn-primary" type="button" onclick="createUser()">Create</button></td>
</tr>
</table>
</form>
<div id="error" class="alert alert-danger" role="alert" style="display: none">
</div>
<?php
} else {
if ($do == 'create') {
extract($_POST);
if (User::getUserByUsername($login)) {
echo 'Username already in use.';
} else {
if (User::getUserByEmail($email)) {
echo 'Email address already in use.';
} else {
$password = User::createPassword();
User::create($login, $email, $division, $clearance, $name, $rank, $password);
$to = $email;
$subject = 'IRIN - New Account';
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1" . "\r\n";
$headers .= "From: IRIN <*****@*****.**>" . "\r\n";
$message = 'A new account has been created with your email address.<br /><br /><b>Login ID:</b> ' . $login . '<br /><b>New Password:</b> ' . $password . '<br /><b>Name:</b> ' . $name;
//mail($to, $subject, $message, $headers);
$mail->setFrom('*****@*****.**', 'IRIN');
$mail->addAddress($to);
$mail->Subject = $subject;
$mail->Body = $message;
<?php
session_start();
include "../../bossflex/Helpers/Reject.php";
Reject::permission($_SESSION['hradmin']);
if (!isset($_GET['Email']) || !isset($_GET['Disable'])) {
header('Location:https://' . $_SESSION['redir'] . "?result=A server error occurred. Please try again.");
}
include "../../bossflex/DB/Models/User.php";
/** @var User $User */
$User = User::getUserByEmail($_GET['Email']);
if ($User->getCID() != $_SESSION['hradmin']['CID'] && $_SESSION['hradmin']['CID'] != 1 || !$User) {
header('Location:https://' . $_SESSION['redir'] . "?result=Error: Incorrect data received");
}
if ($_GET['Disable'] == 1) {
if ($_SESSION['hradmin']['CID'] == 1) {
User::disableUser($User->getUID(), 6);
} else {
User::disableUser($User->getUID(), 4);
}
header('Location:https://' . $_SESSION['redir'] . "?result=" . $User->getEmail() . " disabled");
} else {
User::enableUser($User->getUID());
header('Location:https://' . $_SESSION['redir'] . "?result=" . $User->getEmail() . " enabled");
}
public function actionOrder()
{
$categories = Category::getCategoriesList();
if (!$categories) {
$categories = array();
}
$name = '';
$phone = '';
$comment = '';
$userName = '';
$sessionProducts = Cart::getSessionProducts();
if ($sessionProducts) {
$productsIdsArray = array_keys($sessionProducts);
$products = Product::getProductsByIds($productsIdsArray);
$totalPrice = Cart::getTotalPrice($products);
$totalProductCount = Cart::countProductsInCart();
}
if (isset($_POST['submit'])) {
$name = FunctionLibrary::clearStr($_POST['name']);
$phone = FunctionLibrary::clearStr($_POST['phone']);
$comment = nl2br(FunctionLibrary::clearStr($_POST['comment']));
$errors = array();
if (!User::checkName($name)) {
$errors[] = 'Имя не может быть пустым.';
}
if (!User::checkPhone($phone)) {
$errors[] = 'Невалидный номер телефона.';
}
if (!User::checkName($comment)) {
$errors[] = 'Комментарий не может быть пустым.';
}
if (empty($errors)) {
if (User::isUser()) {
$email = User::isLogged();
$user = User::getUserByEmail($email);
$userId = htmlentities($user['id']);
} else {
$userId = false;
}
$result = Order::save($name, $phone, $comment, $userId, $sessionProducts);
if ($result) {
$_SESSION['message'] = 'Заказ оформлен!';
Cart::annul();
FunctionLibrary::redirectTo('/cart');
}
}
} else {
if (!$sessionProducts) {
FunctionLibrary::redirectTo('/');
}
if (User::isUser()) {
$email = User::isLogged();
$user = User::getUserByEmail($email);
$userName = htmlentities($user['name']);
}
}
require_once ROOT . '/views/cart/order.php';
return true;
}
