function validateNewItem($newData)
{
$errors = array();
/*
*0 user_id
*1 address_group_id
*2 fullname
*3 email
*4 address
*5 phone
*6 website
*7 birthday - datetime
*8 image - filename
*/
if (!isValidName($newData[2])) {
$errors[] = 'Name is not valid, ensure name has no numbers or special characters.';
}
if (filter_var($newData[3], FILTER_VALIDATE_EMAIL) === false) {
$errors[] = 'Email address is not a valid email address';
}
if (!isValidPhone($newData[5])) {
$errors[] = "Phone number is not valid, please use format 999-999-9999";
}
if (filter_var($newData[6], FILTER_VALIDATE_URL) == false) {
$errors[] = "Website is not valid, please check the address and try again.";
}
return $errors;
}
function execChangeProfile($firstname, $lastname, $sex, $departmentID)
{
if (!isValidName($firstname) || !isValidName($lastname)) {
return "Please enter valid names!";
}
if (!isValidID($departmentID)) {
return "Invalid department id!";
}
$departDAO = new DepartmentDAO();
$depart = $departDAO->getDepartmentByID($departmentID);
if ($depart === null) {
return "Could not find the depart!";
}
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($_SESSION["userID"]);
$user->setDepartment($depart);
if ($user->getFirstName() != $firstname) {
$user->setFirstName($firstname);
}
if ($user->getLastName() != $lastname) {
$user->setLastName($lastname);
}
if ($user->getGender() != $sex) {
$user->setGender($sex);
}
if (isset($_FILES["uploadphoto"])) {
$ans = uploadPhoto($user, $_FILES["uploadphoto"]);
if ($ans !== true) {
return $ans;
}
}
$userDAO->updateUser($user);
return true;
}
function validation($newData)
{
$errors = array();
if (!isValidName($newData[2])) {
$errors[] = 'Name is not valid, please try again.';
}
if (filter_var($newData[3], FILTER_VALIDATE_EMAIL) === false) {
$errors[] = 'Email address is not valid, please try again.';
}
if (!isValidPhone($newData[5])) {
$errors[] = "Phone number is not valid, please try again.";
}
if (filter_var($newData[6], FILTER_VALIDATE_URL) == false) {
$errors[] = "Website is not valid, please try again.";
}
return $errors;
}
function execSignup($username, $password, $confirmpw, $firstname, $lastname, $gender)
{
if ($username == "" || !isValidUsername($username)) {
return "Username is empty or invalid!";
}
if ($password == "" || !isValidPassword($password)) {
return "Password is empty or invalid!";
}
if ($confirmpw == "" || !isValidPassword($confirmpw)) {
return "Confirm Password is empty or invalid!";
}
if ($firstname == "" || !isValidName($firstname)) {
return "First Name is empty or invalid!";
}
if ($lastname == "" || !isValidName($lastname)) {
return "Last Name is empty or invalid!";
}
if ($gender == "" || !isValidGender($gender)) {
return "Gender is empty or invalid!";
}
$userDAO = new UserDAO();
//verify username exist
$result = $userDAO->getUserByUsername($username);
if ($result !== null) {
return "Username exists, please change to another one!";
}
//verify $password == $confirmpw
if ($password != $confirmpw) {
return "Password and Confirm Password must be same!";
}
$roleDAO = new RoleDAO();
$role = $roleDAO->getRoleByID(3);
//normal user
$departmentDAO = new DepartmentDAO();
$depart = $departmentDAO->getDepartmentByID(1);
//root department
$encryptPW = encryptPassword($password);
$photoURL = "photo/default.png";
$user = new User($role, $depart, $username, $encryptPW, $firstname, $lastname, $gender, $photoURL);
if ($userDAO->insertUser($user) === true) {
return true;
} else {
return "Insert user into table error, please contact administrator!";
}
}
function validateUser($data)
{
$errorCodes = array();
if (!isValidName($data['name'])) {
$errorCodes[] = 'name';
}
if (!isValidEmail($data['email'])) {
$errorCodes[] = 'email';
}
if (!isValidCity($data['city'])) {
$errorCodes[] = 'city';
}
$valid = empty($errorCodes);
$result = array('valid' => $valid);
if (!$valid) {
$result['errorCodes'] = $errorCodes;
}
return $result;
}
<?php
if (isset($_POST['save'])) {
$_POST['overview'] = htmlspecialchars($_POST['overview']);
$_POST['location'] = htmlspecialchars($_POST['location']);
if (!isValidName($_POST['fname']) || trim($_POST['lname']) == "") {
$_SESSION['error'] = "New first name is invalid";
header("location: " . $_SERVER['REQUEST_URI']);
exit;
}
if (!isValidName($_POST['lname']) || trim($_POST['lname']) == "") {
$_SESSION['error'] = "New last name is invalid";
header("location: " . $_SERVER['REQUEST_URI']);
exit;
}
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$_SESSION['error'] = "New e-mail is invalid";
header("location: " . $_SERVER['REQUEST_URI']);
exit;
}
if (!isPhoneNumber($_POST['tel'])) {
$_SESSION['error'] = "New phone number is invalid";
header("location: " . $_SERVER['REQUEST_URI']);
exit;
}
if ($_POST['email'] != $me->email && User::checker($_POST['email'] !== 0)) {
$_SESSION['error'] = "The email you entered is already registered";
header("location: " . $_SERVER['REQUEST_URI']);
exit;
}
if (strlen($_POST['overview']) > 1000) {
function changeUserProfile($userID, $departmentID, $firstname, $lastname, $gender)
{
$userDAO = new UserDAO();
$departmentDAO = new DepartmentDAO();
$user = $userDAO->getUserByID($userID);
$department = $departmentDAO->getDepartmentByID($departmentID);
if (!isValidID($userID) || !isValidID($departmentID)) {
return "Invalid ID!";
}
if ($department === null) {
return "Department: " . $departmentID . " doesn't exist!";
}
$user->setDepartment($dept);
if (!isValidName($firstname)) {
return "Invalid first name!";
}
$user->setFirstName($firstname);
if (!isValidName($lastname)) {
return "Invalid last name!";
}
$user->setLastName($lastname);
if ($gender !== 0 && $gender !== 1) {
return "Please select Male or Female!";
}
$user->setGender($gender);
$userDAO->updateUser($user);
}
function checkContactUs($email, $name, $subject, $comments)
{
$email = fixEmail($email);
if (!isValidEmail($email)) {
return INVALID_EMAIL_ERR;
}
$name = fixName($name);
if (!isValidName($name)) {
return INVALID_NAME_ERR;
}
$subject = fixTitleCase($subject);
global $CONTACT_US_SUBJECTS;
if (!in_array($subject, $CONTACT_US_SUBJECTS)) {
return INVALID_CONTACT_US_SUBJECT;
}
$comments = trim($comments);
if ($comments === "") {
return INVALID_COMMENTS_ERR;
}
return sendContactUsEmail($email, $name, $subject, $comments);
}
/**
* Create a user with the specified fields.
* @param string $user_name the validated $_POST['user_name'] variable
* @param string $display_name the validated $_POST['display_name'] variable
* @param string $email the validated $_POST['email'] variable
* @param string $title the validated $_POST['title'] variable
* @param string $password the validated $_POST['password'] variable
* @param string $passwordc the validated $_POST['passwordc'] variable
* @param boolean $require_activation value of global $emailActivation when $admin is false
* @param boolean $admin True if admin is creating user, False if not admin creating user.
* @return int $inserted_id
*/
function createUser($user_name, $display_name, $email, $title, $password, $passwordc, $require_activation, $admin)
{
// if we're in admin mode, then the user must be logged in and have appropriate permissions
if ($admin == "true") {
// This block automatically checks this action against the permissions database before running.
if (!checkActionPermissionSelf(__FUNCTION__, func_get_args())) {
addAlert("danger", "Sorry, you do not have permission to access this resource.");
return false;
}
}
$error_count = 0;
// Check values
if (minMaxRange(1, 25, $user_name)) {
addAlert("danger", lang("ACCOUNT_USER_CHAR_LIMIT", array(1, 25)));
$error_count++;
}
if (!ctype_alnum($user_name)) {
addAlert("danger", lang("ACCOUNT_USER_INVALID_CHARACTERS"));
$error_count++;
}
if (minMaxRange(1, 50, $display_name)) {
addAlert("danger", lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(1, 50)));
$error_count++;
}
if (!isValidName($display_name)) {
addAlert("danger", lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS"));
$error_count++;
}
if (!isValidEmail($email)) {
addAlert("danger", lang("ACCOUNT_INVALID_EMAIL"));
$error_count++;
}
if (minMaxRange(1, 150, $title)) {
addAlert("danger", lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 150)));
$error_count++;
}
if (minMaxRange(8, 50, $password) && minMaxRange(8, 50, $passwordc)) {
addAlert("danger", lang("ACCOUNT_PASS_CHAR_LIMIT", array(8, 50)));
$error_count++;
} else {
if ($password != $passwordc) {
addAlert("danger", lang("ACCOUNT_PASS_MISMATCH"));
$error_count++;
}
}
if (usernameExists($user_name)) {
addAlert("danger", lang("ACCOUNT_USERNAME_IN_USE", array($user_name)));
$error_count++;
}
if (displayNameExists($display_name)) {
addAlert("danger", lang("ACCOUNT_DISPLAYNAME_IN_USE", array($display_name)));
$error_count++;
}
if (emailExists($email)) {
addAlert("danger", lang("ACCOUNT_EMAIL_IN_USE", array($email)));
$error_count++;
}
//Construct a secure hash for the plain text password
$password_hash = passwordHashUF($password);
if ($password_hash === null) {
addAlert("danger", lang("PASSWORD_HASH_FAILED"));
$error_count++;
}
// Exit on any invalid parameters
if ($error_count != 0) {
return false;
}
//Construct a unique activation token (even if activation is not required)
$activation_token = generateActivationToken();
$active = 1;
//Do we need to require that the user activate their account first?
if ($require_activation) {
//User must activate their account first
$active = 0;
$mailSender = new userCakeMail();
//Build the activation message
$activation_message = lang("ACCOUNT_ACTIVATION_MESSAGE", array(SITE_ROOT . "api/", $activation_token));
//Define more if you want to build larger structures
$hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $activation_token, $display_name));
/* Build the template - Optional, you can just use the sendMail function
Instead to pass a message. */
// If there is a mail failure, fatal error
if (!$mailSender->newTemplateMsg("new-registration.txt", $hooks)) {
addAlert("danger", lang("MAIL_ERROR"));
return false;
} else {
//Send the mail. Specify users email here and subject.
//SendMail can have a third paremeter for message if you do not wish to build a template.
if (!$mailSender->sendMail($email, "Please activate your account")) {
addAlert("danger", lang("MAIL_ERROR"));
return false;
}
}
}
// Insert the user into the database and return the new user's id
return addUser($user_name, $display_name, $title, $password_hash, $email, $active, $activation_token);
}
$absender_name = $config['sendername'];
// E-Mail Adresse vom Absender
$absender_email = $config['senderemail'];
$Betreff = "OOBD GPG Online Key Generator - Email Verification";
$email = $_REQUEST['email'];
$fullname = $_REQUEST['fullname'];
print "Hello {$fullname}, ";
//print "Your email address: $email<br>\n";
if (isValidEmail($email) && isValidName($fullname)) {
$id = md5($config['md5salt'] . $email . $fullname);
$link = $config['sideurl'] . "/gpg_step2.php?n=" . urlencode($fullname) . "&e=" . urlencode($email) . "&sid={$id}";
$content = "OOBD GPG Online Key Generator - Email Verification\n\nIf you don't requested a online key generation, that please delete this mail, no further action is needed.\n\n\nIn case you just in the process to generate your gpg key, than please use the link below to verify your email address:\n\n{$link}\n\n";
sendMail($absender_email, $absender_name, $email, $Betreff, $content);
print "the email to verify your email address is sent to {$email}. Please use the link inside that mail to proceed\n";
} else {
if (!isValidEmail($email)) {
print "Your email address is not a valid email address!<p>\n";
}
if (!isValidName($fullname)) {
print "Your name is not a valid name with first and last name!<p>\n";
}
print "Go back to the previous page and try again..\n";
}
function isValidEmail($email)
{
return preg_match("/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/i", $email) == 1;
}
function isValidName($name)
{
return preg_match("/\\w+\\s+\\w+/", $name) == 1;
}
<?php
require "../lib/php/fpdf/fpdf.php";
require "../lib/php/fpdi/fpdi.php";
require "./validate.php";
const ORIENTATION = "L";
const FONT_SIZE = 30;
const FONT = "Arial";
const TEMPLATE = "../assets/pdf/certificate_template._pdf";
const NAME_Y = 92;
const COURSE_NAME_Y = 122;
// Validate inputs
$name = urldecode($_GET['name']);
$courseName = urldecode($_GET['course']);
if (!isValidName($name) || !isValidCourse($courseName)) {
return;
}
// Load certificate template
$pdf =& new FPDI();
$pdf->AddPage(ORIENTATION);
$pagecount = $pdf->setSourceFile(TEMPLATE);
$template = $pdf->importPage(1);
$pdf->useTemplate($template, null, null, 0, 0, true);
// Set up font details
$pdf->SetFontSize(FONT_SIZE);
$pdf->SetFont(FONT);
// Centre the student name horizontally
$nameWidth = $pdf->GetStringWidth($name);
$nameX = ($pdf->w - $nameWidth) / 2;
$pdf->SetXY($nameX, NAME_Y);
$pdf->MultiCell(0, 4, $name);
$securitycode = $_POST['securitycode'];
if ($cache_settings['msgsecuritycode'] == '1' && strtolower(rSESSION('validationcode')) != strtolower($securitycode)) {
exit($_SLANG['all.secodeerr']);
}
$msg['posttime'] = time();
$msg['langid'] = $_SYS['langid'];
$msg['ip'] = getIP();
$db->row_insert("msgs", $msg);
succeedFlag();
} catch (Exception $e) {
echo $e;
}
break;
case "checkmemberValid":
$u = strFilter($_GET["u"]);
if (!isValidName($u)) {
exit($_SLANG['ajaxpublic.username.illegal']);
}
$row = $db->row_select_one("members", "membername='{$u}'");
if ($row != null) {
echo $_SLANG['ajaxpublic.username.used'];
} else {
succeedFlag();
}
break;
case "checkEmailValid":
$e = strFilter($_GET["e"]);
if (!isValidEmail($e)) {
echo $_SLANG['ajaxpublic.email.err'];
} else {
$row = $db->row_select_one("members", "email='{$e}'");
public function actionSignup()
{
if (isset($_POST['register'])) {
if (isValidName($_POST['fname']) != "ok") {
$_SESSION['err_code'] = 5;
$_SESSION['fname'] = $_POST['fname'];
$_SESSION['error'] = isValidName($_POST['fname']);
header("location: {$_SERVER['HTTP_REFERER']}");
exit;
}
if (isValidName($_POST['lname']) != "ok") {
$_SESSION['err_code'] = 6;
$_SESSION['lname'] = $_POST['lname'];
$_SESSION['error'] = isValidName($_POST['lname']);
//header("location: {$_SERVER['HTTP_REFERER']}");
exit;
}
if (trim($_POST['email']) == "" || filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) == false) {
$_SESSION['err_code'] = 7;
$_SESSION['email'] = $_POST['email'];
$_SESSION['error'] = "Invalid email provided";
header("location: {$_SERVER['HTTP_REFERER']}");
exit;
}
if (User::checker($_POST['email']) != 0) {
$_SESSION['error'] = "Sorry, a user already exists with the email you provided. Forgot your password? <a href='#'>Get a new one</a>";
header("location: {$_SERVER['HTTP_REFERER']}");
exit;
}
if (trim($_POST['password']) == "") {
$_SESSION['error'] = "Password field cannot be blank!";
header("location: {$_SERVER['HTTP_REFERER']}");
exit;
}
if ($_POST['location'] == "") {
$_SESSION['error'] = "Specify your location";
header("location: {$_SERVER['HTTP_REFERER']}");
exit;
}
if (isset($_POST['tel'])) {
if (trim($_POST['tel']) != "" && isPhoneNumber($_POST['tel'] != true)) {
$_SESSION['err_code'] = 8;
$_SESSION['tel'] = $_POST['tel'];
$_SESSION['error'] = isPhoneNumber($_POST['tel']);
header("location: {$_SERVER['HTTP_REFERER']}");
exit;
}
}
$x = new Student($_POST);
$x->utype = $this->user_type;
if ($x->create() !== true) {
$_SESSION['error'] = "Ooops! Something went wrong! Please try later";
} else {
UserController::redirectToLogin("Account has been created. Please signin to continue");
}
header("location: {$_SERVER['HTTP_REFERER']}");
exit;
}
$type = $this->user_type;
//passed to the view for toggling
include __VIEWPATH__ . "student/signup.php";
}
<?php
require_once './header.php';
if (isPostSetAndNotEmpty('txtFirstName') && isPostSetAndNotEmpty('txtLastName') && isPostSetAndNotEmpty('txtPassword') && isPostSetAndNotEmpty('txtEmail') && isPostSetAndNotEmpty('txtConfirmPassword') && isPostSetAndNotEmpty('txtCaptcha')) {
// validate inputs
$message = '';
if ($_POST['txtPassword'] != $_POST['txtConfirmPassword']) {
$message = 'password is not equal to confirmPassword!\\n';
}
if (!isValidEmail($_POST['txtEmail'])) {
$message .= 'incorrect email pattern!\\n';
}
if (!isValidName($_POST['txtFirstName'])) {
$message .= 'incorrect first name pattern!\\n';
}
if (!isValidName($_POST['txtLastName'])) {
$message .= 'incorrect last name pattern!\\n';
}
if (!isValidPassword($_POST['txtPassword'])) {
$message .= 'incorrect password pattern!\\n';
}
if ($_SESSION['captcha']['code'] != $_POST['txtCaptcha']) {
$message .= 'incorrect captcha!';
}
if ($message == '') {
$pdo = new PDO("mysql:host={$DB_HOST};dbname={$DB_DATABASE};charset=utf8", $DB_USER, $DB_PASSWORD);
// check duplicate email
$sql = "SELECT email FROM user WHERE email = :email";
$sth = $pdo->prepare($sql);
$sth->execute(array(':email' => $_POST['txtEmail']));
if ($sth->rowCount() > 0) {
<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST');
require 'connect.php';
require 'regex.php';
$username = addslashes(trim($_POST['username']));
$email = addslashes(trim($_POST['email']));
$password = addslashes($_POST['password']);
//$username = $_POST['username'];
//$email = $_POST['email'];
//$password = $_POST['password'];
//print_r($conn);
if (isValidName($username) == true && isValidEmail($email) == true && isValidPassword($password) == true) {
$query = "INSERT INTO `users`(`username`, `email`, `password`, `TIMESTAMP` ) VALUES ('{$username}','{$email}','{$password}', NOW())";
mysqli_query($conn, $query);
if (mysqli_affected_rows($conn) > 0) {
$output['success'] = true;
$newID = mysqli_insert_id($conn);
$output['newID'] = $newID;
print json_encode($output);
}
} else {
$output['success'] = false;
$output['errors'] = "Error";
print json_encode($output);
}
