public function action_do() { if (count($_POST) && isset($_POST['username']) && isset($_POST['password'])) { Session::instance(); $post = new Validation($_POST); $post->filter('trim'); $post->filter('strtolower', 'username'); // Usename should always be lower case $post_values = $post->as_array(); $user = new User(FALSE, $post_values['username'], $post_values['password']); if ($user->logged_in() && $user->get_user_data('role') && array_intersect($user->get_role(), User::get_roles())) { // The user logged in correctly, and got the role "admin". All good $this->redirect('/admin'); } elseif (!$user->logged_in()) { $_SESSION['modules']['pajas']['error'] = 'Wrong username or password'; } elseif (!$user->get_user_data('role') || !in_array('admin', $user->get_user_data('role'))) { $_SESSION['modules']['pajas']['error'] = 'You are not authorized'; } else { $_SESSION['modules']['pajas']['error'] = 'Unknown error'; } } $this->redirect(); }
} else { $logged_in_id = -1; } $user = new User(); try { $user->load((int) $uid); } catch (PAException $e) { $msg = "Error occured in retreiving user information\n"; $msg .= "<br><center><font color=\"red\">" . $e->message . "</font></center>"; $error = TRUE; } $accepted = Invitation::get_accepted_invitations($_SESSION['user']['id']); if (!empty($accepted)) { $i = 0; foreach ($accepted as $ac) { $user_info = User::get_user_data($ac['inv_user_email']); $accepted_invitation[$i]['user_name'] = $user_info['login_name']; $accepted_invitation[$i]['first_name'] = $user_info['first_name']; $accepted_invitation[$i]['last_name'] = $user_info['last_name']; $accepted_invitation[$i]['picture'] = $user_info['picture']; $accepted_invitation[$i]['user_id'] = $user_info['user_id']; $i++; } } $pending = Invitation::get_pending_invitations($_SESSION['user']['id']); if (!empty($pending)) { $i = 0; foreach ($pending as $pe) { $pending_invitation[$i]['user_email'] = $pe['inv_user_email']; $i++; }
require_once "api/CNRelation/CNRelation.php"; require_once "api/CNInvitation/CNInvitation.php"; require_once "web/includes/cnurls.php"; require_once "api/CNMessaging/CNMessageDispatcher.php"; // if user is logged in (and has entered their password recently) redirect to the User's page if (isset(PA::$login_uid) && isset($_SESSION['login_source']) && $_SESSION['login_source'] == 'password' && empty($_GET['action']) && empty($_GET['enable']) && empty($_GET['auth']) && empty($_GET['openid_mode']) && empty($_GET['GInvID'])) { $location = PA::$url . PA_ROUTE_USER_PRIVATE; header("Location: {$location}"); exit; } require_once "api/CNConfigurableText/CNConfigurableText.php"; // middle content if (isset($_POST['submit'])) { //this is code for forgot password $error = FALSE; $email_pass = User::get_user_data($_POST['email']); if ($email_pass['email_exist'] == TRUE) { User::send_email_to_change_password($_POST['email']); } else { $error = TRUE; } } if (!empty($_SESSION['user']['id']) && (isset($_GET['action']) && $_GET['action'] == 'accept') && !empty($_GET['token'])) { $token = NULL; if (!empty($_GET['token'])) { $token = $_GET['token']; try { $token_arr = authenticate_invitation_token($token); } catch (CNException $e) { $token_arr[1] = "{$e->message}"; }
public static function send_email_to_change_password($email) { Logger::log("Enter: function User::send_email"); // global var $_base_url has been removed - please, use PA::$url static variable $email_exist = User::get_user_data($email); if ($email_exist['email_exist'] == TRUE) { $first_name = $email_exist['first_name']; $last_name = $email_exist['last_name']; $user_name = $email_exist['login_name']; $password = $email_exist['password']; $user_id = $email_exist['user_id']; $status = 0; $forgot_password_id = md5(uniqid(rand())); // insert data into the database $sql = 'INSERT into {forgot_password} (user_id, forgot_password_id, status) values (?, ?, ?)'; $data = array($user_id, $forgot_password_id, $status); $res = Dal::query($sql, $data); $chng_psw_url = PA::$url . '/' . FILE_CHANGE_PASSWORD . '?log_nam=' . $user_name . '&uid=' . $user_id . '&forgot_password_id=' . $forgot_password_id; $change_password_url = "<a href=\"{$chng_psw_url}\">{$chng_psw_url}</a>"; $forg_user = new User(); $forg_user->load((int) $user_id); $check = PAMail::send('forgot_password', $forg_user, PA::$network_info, array('change_password_url' => $change_password_url)); if ($check == FALSE) { Logger::log("Throwing exception MAIL_FUNCTION_FAILED | Mail is not sent to friend ", LOGGER_ERROR); throw new PAException(MAIL_FUNCTION_FAILED, "Mail is not sent to friend"); } } Logger::log("Exit: function User::send_email"); }
public function action_user() { $formdata = array(); if (isset($_GET['id'])) { $user = new User($_GET['id'], FALSE, FALSE, 'default', FALSE); if (!$user->logged_in()) { $this->redirect(); } } $this->list_available_data_fields(); if (!empty($_POST) && isset($_POST['username']) && isset($_POST['password'])) { $post = new Validation($_POST); $post->filter('trim'); $post->filter('strtolower', 'username'); $post->rule('Valid::not_empty', 'username'); if (isset($user)) { if ($_POST['username'] != $user->get_username()) { $post->rule('User::username_available', 'username'); } } else { $post->rule('User::username_available', 'username'); } if (!isset($user)) { $post->rule('Valid::not_empty', 'password'); } if (isset($_POST['do_add_field'])) { // Add another user data field and save no data, but repopulate the form fields if (!isset($_SESSION['detail_fields'])) { $_SESSION['detail_fields'] = array(); } $_SESSION['detail_fields'][] = $_POST['add_field']; // Reconstruct the form data to repopulate the form $formdata = array(); $counter = 0; $post_values = $post->as_array(); foreach ($post_values as $field => $data) { if (substr($field, 0, 8) == 'fieldid_') { foreach ($data as $data_piece) { $counter++; $formdata['field_' . substr($field, 8) . '_' . $counter] = trim($data_piece); } } elseif ($field == 'username') { $formdata[$field] = $post_values[$field]; } } } else { // Check for form errors if ($post->validate()) { // No form errors, add the user! $post_values = $post->as_array(); // Erase the empty data fields foreach ($post_values as $key => $value) { if (substr($key, 0, 8) == 'fieldid_' && is_array($value)) { foreach ($value as $nr => $value_piece) { if ($value_piece == '') { unset($post_values[$key][$nr]); } } } } // Organize the field data and set the session fields $fields = $_SESSION['detail_fields'] = array(); foreach ($post_values as $key => $value) { if (substr($key, 0, 6) == 'field_') { list($foobar, $field_id, $field_nr) = explode('_', $key); $fields[User::get_data_field_name($field_id)][] = $value; } } if (!isset($_GET['id'])) { // Actually add the user User::new_user($post_values['username'], $post_values['password'], $fields); $this->add_message('User ' . $post_values['username'] . ' added'); } elseif (isset($user)) { $user->set_user_data(array_merge($fields, array('username' => $post_values['username'], 'password' => $post_values['password'])), TRUE); $this->add_message('User data saved'); } } else { // Form errors detected! $this->add_error('Fix errors and try again'); $this->add_form_errors($post->errors()); $formdata = array(); $counter = 0; $post_values = $post->as_array(); foreach ($post_values as $field => $data) { if (substr($field, 0, 8) == 'fieldid_') { foreach ($data as $data_piece) { $counter++; $formdata['field_' . substr($field, 8) . '_' . $counter] = trim($data_piece); } } elseif ($field == 'username') { $formdata[$field] = $post_values[$field]; } } } } } if (isset($user)) { $formdata = array('username' => $user->get_username()); $counter = 0; foreach ($user->get_user_data() as $field => $data) { foreach ($data as $data_piece) { $counter++; $formdata['field_' . User::get_data_field_id($field) . '_' . $counter] = $data_piece; } } } if (!empty($_SESSION['detail_fields'])) { foreach ($_SESSION['detail_fields'] as $field_id) { $counter = 1; while (isset($formdata['field_' . $field_id . '_' . $counter])) { $counter++; } $formdata['field_' . $field_id . '_' . $counter] = ''; } } $this->set_formdata($formdata); }
/** * Change user password * This function creates a new random 8 character password, * sets it in the database and emails it to the user * @return boolean true or false on success of function * @see make_seed() */ function changePassword() { global $conf; $adminemail = $conf['app']['adminEmail']; $title = $conf['app']['title']; $use_logon_name = (bool) $conf['app']['useLogonName']; // Check if user exists $email = stripslashes(trim($_POST['email_address'])); // Connect to database $AuthDB = new AuthDB(); $id = $AuthDB->userExists($email); if (empty($id)) { CmnFns::do_error_box(translate('Sorry, we could not find that user in the database.'), '', false); return false; } else { $user = new User($id); $result = $user->get_user_data(); } // Generate new 8 character password by choosing random // ASCII characters between 48 and 122 // (valid password characters) $pwd = ''; $num = 0; for ($i = 0; $i < 8; $i++) { // Seed random for older versions of PHP mt_srand(make_seed()); if ($i % 2 == 0) { $num = mt_rand(97, 122); } else { if ($i % 3 == 0) { $num = mt_rand(48, 58); } else { $num = mt_rand(63, 90); } } // Uppercase letters and '@ ?' // Put password together $pwd .= chr($num); } // Set password in database $user->set_password($pwd); // Send email to user $sub = translate('Your New Password', array($title)); $msg = translate_email('new_password', $result['fname'], $conf['app']['title'], $pwd, CmnFns::getScriptURL(), $adminemail); $msg .= $use_logon_name ? "\r\n" . translate('Your logon name is', array($result['logon_name'])) : ''; // Send email $mailer = new PHPMailer(); $mailer->AddAddress($result['email'], $result['fname']); $mailer->FromName = $conf['app']['title']; $mailer->From = $adminemail; $mailer->Subject = $sub; $mailer->Body = $msg; $mailer->Send(); return true; }
$auth->print_login_msg(true); $auth->clean(); // Clean out any lingering sessions } else { if (!$edit && !(bool) $conf['app']['allowSelfRegistration']) { $isAdmin = $curUser->is_group_admin(array($id)) || Auth::isAdmin(); if (!$isAdmin) { // Only the administrator can create users CmnFns::do_error_box(translate('This is only accessable to the administrator'), '', true); } } } // If we are editing and have not yet submitted an update if ($edit && !isset($_POST['update'])) { $user = new User($id); $data = $user->get_user_data(); $data['emailaddress'] = $data['email']; // Needed to be the same as the form } else { $data = CmnFns::cleanPostVals(); } if (isset($_POST['register'])) { // New registration $data['lang'] = determine_language(); $adminCreated = Auth::is_logged_in() && Auth::isAdmin(); $msg = $auth->do_register_user($data, $adminCreated); $show_form = false; } else { if (isset($_POST['update'])) { // Update registration $adminUpdate = $curUser->get_id() != $id && (Auth::isAdmin() || $curUser->is_group_admin(array($id)));
public static function send_email_to_change_password($email) { Logger::log("Enter: function User::send_email"); global $base_url; global $config_site_name; $email_exist = User::get_user_data($email); if ($email_exist['email_exist'] == TRUE) { $first_name = $email_exist['first_name']; $last_name = $email_exist['last_name']; $user_name = $email_exist['login_name']; $password = $email_exist['password']; $user_id = $email_exist['user_id']; $status = 0; $forgot_password_id = md5(uniqid(rand())); //print "FORGOT::".$forgot_password_id; exit; // insert data into the database $sql = 'INSERT into {forgot_password} (user_id, forgot_password_id, status) values (?, ?, ?)'; $data = array($user_id, $forgot_password_id, $status); $res = Dal::query($sql, $data); //print "FORGOT after::".$forgot_password_id; print_r($sql); exit; $change_password_url = PA::$url . '/' . FILE_CHANGE_PASSWORD . '?log_nam=' . $user_name . '&uid=' . $user_id . '&forgot_password_id=' . $forgot_password_id; $array_of_data = array('first_name' => $first_name, 'last_name' => $last_name, 'config_site_name' => $config_site_name, 'user_name' => $user_name, 'user_id' => $user_id, 'change_password_url' => $change_password_url); // calling common mailing method using flag (type=forgot_password) $check = pa_mail($email, 'forgot_password', $array_of_data); if ($check == FALSE) { Logger::log("Throwing exception MAIL_FUNCTION_FAILED | Mail is not sent to friend ", LOGGER_ERROR); throw new PAException(MAIL_FUNCTION_FAILED, "Mail is not sent to friend"); } } Logger::log("Exit: function User::send_email"); }