function onboard_user($message_body)
{
logToFile("onboard user", $message_body);
session_start();
if (!strlen($_SESSION['lastTextTime'])) {
// onboarding step 1
$text = "BLUPAY :: Welcome New User! Reply with your first name to get started";
$_SESSION['lastTextTime'] = time();
$_SESSION['lastAction'] = "waitingForName";
} else {
if (strlen($_SESSION['lastTextTime']) && $_SESSION['lastTextTime'] - time() < 120) {
// onboarding step 2
insertNewUser($GLOBALS['user_phone_num'], $message_body);
$text = "BLUPAY :: Welcome {$message_body}! Your balance is \$1000. Reply with SEND, REQUEST, BALANCE or '?'";
}
}
send_text(0, $text);
}
$first = $_POST['first'];
$last = $_POST['last'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$email2 = $_POST['email2'];
$userName = $_POST['userName'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
$permission = 'user';
//make sure email 1 and 2 are the same
if ($email == $email2) {
$compare = compareEmail($email);
if ($compare == true) {
if ($userName != "" && $first != "") {
if ($password === $password2) {
insertNewUser($first, $last, $phone, $email);
insertNewCred($userName, $password, $email, $permission);
$confirm = "Thank You for regestering!";
Header('Refresh:2 ; URL=login.php');
} else {
$error = "passwords do not match, please try again";
}
} else {
$error = "Please make sure all fields are filled";
}
} else {
$error = "This email already exists, please try again.";
}
} else {
$error = "emails do not match, please re-type.";
}
} else {
$errors[] = 'The password field cannot be empty.';
}
if (!empty($errors)) {
echo 'Uh-oh.. a couple of fields are not filled in correctly..';
echo '<ul>';
foreach ($errors as $key => $value) {
echo '<li>' . $value . '</li>';
/* this generates a nice error list */
}
echo '</ul>';
} else {
//the form has been posted without errors, so save it
require_once 'db_query.php';
connectToDB();
$result = insertNewUser($_POST['user_name'], $_POST['user_pass'], $_POST['user_email']);
if (!$result) {
//something went wrong, display the error
echo 'Something went wrong while registering. Please try again later.';
//echo mysql_error(); //debugging purposes, uncomment when needed
} else {
//the query was successfully executed
$user_id = mysql_insert_id();
setcookie('user_id', $user_id, time() + 86400, "/");
// 86400 = 1 day
setcookie('user_name', $_POST['user_name'], time() + 86400, "/");
// 86400 = 1 day
$user_name = $_POST['user_name'];
echo 'Hello ' . $user_name . ', thank you for joining us!';
}
closeDB();
setAlertMsg("Passwords don't match!");
header("Location:../register.php?username={$usr}");
exit;
}
//check username input validation:
if (!lib_name_validate($usr)) {
setAlertMsg("Username can only contain letters, numbers and underscore, and the first character must be a letter!");
header("Location:../register.php?username={$usr}");
exit;
}
//check password input validation:
if (!lib_psw_validate($psw)) {
setAlertMsg("Password can only contain letters and numbers!");
header("Location:../register.php?username={$usr}");
exit;
}
//check if name is avalable:
if (isUserExist($usr, $psw)) {
setAlertMsg("This username has been taken!");
header("Location:../register.php?username={$usr}");
exit;
}
//proceed registeration:
insertNewUser($usr, $psw);
$_SESSION["username"] = $usr;
$_SESSION["password"] = $psw;
$_SESSION["admin"] = 0;
$_SESSION["id"] = getUserID($usr, $psw);
setAlertMsg("Thank you, {$usr}! Your registeration has been completed!");
header("Location:../index.php");
exit;
function createNewUser($email_id, $password, $first_name, $middle_name, $last_name, $organization_id, $authtype_id, $securityquestion_id, $securityquestion_ans, $phone = "", $country_name = "", $country_code = "", $uses_sr = 0)
{
$sql_conn = mysqli_connection();
$salt = Util::genRandText(10);
$hashpassword = Util::hash_pbkdf2($password, $salt);
$user = new User();
$user->_id = strtolower($first_name) . "-" . Util::genRandText(10);
$user->email_id = $email_id;
$user->password = $hashpassword;
$user->salt = $salt;
$user->first_name = $first_name;
$user->middle_name = $middle_name;
$user->last_name = $last_name;
$user->organization_id = $organization_id;
$user->authtype_id = $authtype_id;
$user->securityquestion_id = $securityquestion_id;
$user->securityquestion_ans = strtolower($securityquestion_ans);
$user->phone = $phone;
$user->country_name = $country_name;
$user->country_code = strtoupper($country_code);
$user->uses_sr = $uses_sr;
$user = Util::escapeObject($user);
$response = insertNewUser($user);
$ret['response'] = is_bool($response) && $response;
$ret['message'] = $response;
if (strpos($response, 'Duplicate') !== false) {
$ret['message'] = "Duplicate User";
} else {
if (strpos($response, ')') !== false) {
$response = split(")", $response);
$ret['message'] = $response[1];
}
}
return json_encode($ret);
}
<?php
error_reporting(-1);
session_start();
require_once "databaseconnection.php";
function insertNewUser()
{
global $test;
$user = filter_input(INPUT_POST, "user", FILTER_SANITIZE_STRING);
$password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING);
// Begin a new Transaction -->
$test->beginTransaction();
$query = "INSERT into user_name (user_name, password) VALUES(:user, AES_ENCRYPT(:password, 'test'))";
$statement = $test->prepare($query);
$statement->bindValue(":user", $user);
$statement->bindValue(":password", $password);
$statement->execute();
$statement->closeCursor();
// Store the ID of the recently inserted scripture -->
//$user_id = $test->lastInsertId();
// End and send the Transaction to the database -->
$test->commit();
echo "user has been created";
}
insertNewUser();
header('Location: login.php');
define('DELETED', 'deleted');
try {
/*** Getting data ***/
$json = file_get_contents("php://input");
/*** Decoding json ***/
$data = json_decode($json, TRUE);
$user = json_decode($data[USER]);
/*** Checking the type of request ***/
if (isset($data[REQUEST_TYPE])) {
if ($data[REQUEST_TYPE] == LOGIN) {
/*** If it is a login request ***/
print json_encode(toUserArray(getUserInformation_credentials($user->{ATTR_USERNAME}, $user->{ATTR_PASSWORD})));
} else {
if ($data[REQUEST_TYPE] == SIGNUP) {
/*** If it is a signup request ***/
print json_encode(insertNewUser($user));
} else {
if ($data[REQUEST_TYPE] == USER_UPDATE_REQUEST) {
/*** If it is an update request ***/
print json_encode(updateUser($user));
} else {
if ($data[REQUEST_TYPE] == USER_DELETE_REQUEST) {
if (deleteUser($user)) {
json_encode($response[RESPONSE] = DELETED);
}
} else {
return null;
}
}
}
}
//check password input validation:
if (!lib_psw_validate($psw)) {
die("<h3>Error page!</h3>");
}
if (!lib_email_validate($E_mail)) {
die("<h3>Error page!</h3>");
}
//check if name is avalable:
if (isUserExist($usr, $psw)) {
die("<h3>Error page!</h3>");
}
if (!lib_parseInteger($code)) {
die("<h3>Error page!</h3>");
}
if (!lib_vertifyCode_validate($code)) {
echo $_COOKIE['verification_string'];
die("<h3>Error page!</h3>");
}
//register user on the system
$vcode = "bz" . rand() . "cmcbk" . rand() . "str" . rand() . "fk" . rand() . "vc" . rand();
insertNewUser($usr, $psw, $E_mail, $vcode);
//email register for the vertify purpose
$to = $E_mail;
$subject = "BZ漫畫屋驗證 ";
$body = "你好,感謝您註冊帳號, {$usr} !\n\n\t\t請點擊以下連接去激活你的帳號:\n\n\t\t{$glob_domain}/process/prcs.email_vertification.php?fh4h34fstjzh={$vcode}";
if (mail($to, $subject, $body)) {
header("Location:../signup2.php");
exit;
} else {
die("<h2>Failed to send mail!</h2>");
}
// // if you want to show one by one information then try showInfo() function
// get browser
$name = $obj->showInfo('browser');
// get browser version
$version = $obj->showInfo('version');
// get Operating system
$so = $obj->showInfo('os');
$ip = getIP();
$sql = "INSERT INTO user (browser_name, browser_version, operating_system, ip) VALUES ('{$name}', '{$version}', '{$so}', '{$ip}');";
$db->query($sql);
$sql = "SELECT count(*) as last_id FROM user;";
$res = $db->query($sql);
$row = $res->fetch_assoc();
return $row['last_id'];
}
$USER_ID;
if (session_status() == PHP_SESSION_NONE) {
ini_set('session.cookie_lifetime', 60 * 60 * 24 * 100);
ini_set('session.gc_maxlifetime', 60 * 60 * 24 * 100);
session_start();
session_regenerate_id();
if (!isset($_SESSION['USER'])) {
$db = DbConfig::getConnection();
$USER_ID = insertNewUser($db);
$_SESSION['USER'] = $USER_ID;
$db->close();
} else {
$USER_ID = $_SESSION['USER'];
}
}
session_write_close();
/* TODO - add code to determine if the retrieval failed due to error or because the userid or username not defined. For now assume error */
if (!rc) {
// Server error
mydie("Error connecting to Database");
}
$userID = $userSettings->getuserID();
setcookie('userid', $userID);
setcookie('username', $userSettings->getUserName());
header("Location: " . Config::getRootDomain());
} else {
if ($operation == "register") {
// make sure we have the minimum necessary populated fields
if (empty($newUserName) || empty($newPassword)) {
}
/* first take care of inserting new user into go_user table */
$rc = insertNewUser($params);
if (!$rc) {
header("Location:" . $_SERVER['PHP_SELF'] . "?errormessage=" . urlencode("User name {$userName} not available"));
exit;
}
// if
//the insert succeeded and the return is the newUserID
$newUserID = $rc;
if ($network != 'none') {
registerWithSocialNetwork($network);
}
/* Temporary here */
setcookie('userid', $newUserID);
setcookie('username', $newUserName);
header("Location: " . Config::getRootDomain());
exit;
require_once "../includes/functions.php";
if (isset($_POST['submit'])) {
//grabing the values
$username = mysqlPrep($_POST['username']);
$password = mysqlPrep($_POST['password']);
$email = mysqlPrep($_POST['mailid']);
// Registering new Users
if ($username != null && $password != null && $email != null) {
//check for unique usernames here
$useravailable = findUserAvailabilty($username);
if ($useravailable) {
//set a global and print it or use validations
echo "<p style=\"color:seashell;background:#f04848;padding:10px;font- size:20px;font-family:Ubuntu\">Username is in use !\n please choose another username</p>";
} else {
//do the insert of new users
insertNewUser($username, $password, $email);
echo "<p style=\"color:seashell;background:#f04848;padding:10px;font- size:20px;font-family:Ubuntu\">Successfully registered ! Login to continue .</p>";
}
}
// Logging users
if ($username != null && $password != null && $email == null) {
if (verifyUser($username, $password)) {
//set the session and then redirect
$_SESSION["loggeduser"] = $username;
redirectTo("admin.php");
} else {
$_SESSION["loggeduser"] = null;
echo "<p style=\"color:seashell;background:#f04848;padding:10px;font- size:20px;font-family:Ubuntu\">Wrong Username or Password !</p>";
}
}
}
}
//Implement transactional semantics - the insert into go_user and go_userSettings need to be atomic
//Perhaps a stored procedure is the best way to implement
/*echo '<?xml version="1.0" encoding="UTF-8"?>';
*/
$link = mysqli_connect(Config::getDatabaseServer(), Config::getDatabaseUser(), Config::getDatabasePassword(), Config::getDatabase());
if (!$link) {
// Server error
mydie("Error connecting to Database");
}
//check if the userName is available
if (!userNameAvailable($newUserName, $link)) {
mydie("UserName {$newUserName} not available", 410);
}
//if
$userID = insertNewUser($newUserName, $password, $firstName, $lastName, $email, $primaryNetworkID, $primaryNetworkName, $link);
//define and insert the go_userSettings record
$sql = sprintf("insert into go_userSettings (userID,facebookID,twitterID,foursquareID,facebookOAuthToken,twitterOAuthToken,foursquareOAuthToken,twitterOAuthTokenSecret,foursquareOAuthTokenSecret,facebookImageUrl,twitterImageUrl,foursquareImageUrl) values ('%u','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')", mysqli_real_escape_string($link, $userID), mysqli_real_escape_string($link, $facebookID), mysqli_real_escape_string($link, $twitterID), mysqli_real_escape_string($link, $foursquareID), mysqli_real_escape_string($link, $facebookOAuthToken), mysqli_real_escape_string($link, $twitterOAuthToken), mysqli_real_escape_string($link, $foursquareOAuthToken), mysqli_real_escape_string($link, $twitterOAuthTokenSecret), mysqli_real_escape_string($link, $foursquareOAuthTokenSecret), mysqli_real_escape_string($link, $facebookImageUrl), mysqli_real_escape_string($link, $twitterImageUrl), mysqli_real_escape_string($link, $foursquareImageUrl));
if (Config::getDebug()) {
$LOG->log("{$sql}", PEAR_LOG_INFO);
}
$rc = mysqli_query($link, $sql);
if (!$rc) {
// Server error
mydie(mysqli_error($link));
}
header('HTTP/1.1 200 OK');
$link->close();
/* Close Database */
//return xml
Utility::emitXML("", "insert_user", 0);
/**
* Enregistre en base un nouvel enregistrement
* @param $db
*/
public function save($db)
{
$this->usridusr = insertNewUser($db, $this->usrlbnom, $this->usrlblgn, $this->usrlbpwd);
}
