function handleAccountRequest() {
global $username, $password, $referralcode, $accountCreated;
$message = null;
$emailValidation = isValidEmail( $_REQUEST['email'] );
if( ! $emailValidation->status ) {
return $emailValidation;
}
if( isValidUsername( $username )
&& isValidPassword( $password )
&& $username != $password )
{
$result = createAccount( $username, $password, $referralcode );
if( $result == "OK" ) {
$message = new statusMessage( true, "Account created." );
$accountCreated = true;
} else {
$message = new statusMessage( false, $result );
}
}
else {
$message = new statusMessage( false, "Invalid username or password. Passwords must be at least 5 characters long and may consist of letters, numbers, underscores, periods, and dashes. Passwords must not be the same as your username." );
}
return $message;
}
public function register($email, $uname, $password, $is_init = 0)
{
// 检查站点是否关闭注册
$register_option = model('Xdata')->get('register:register_type');
if (strtolower($register_option) == 'closed') {
$this->last_error = '网站关闭注册';
return false;
}
// 检查参数合法性
if (!isEmailAvailable($email)) {
$this->last_error = 'Email不合法或已存在';
return false;
}
if (!isUnameAvailable($uname)) {
$this->last_error = '昵称不合法或已存在';
return false;
}
if (!isValidPassword($password)) {
$this->last_error = '密码不合法';
return false;
}
// 参数合法. So, continue...
$uid = $this->_addUser($email, $uname, $password, $is_init);
if (!$uid) {
$this->last_error = 'Có lỗi phát sinh khi lưu';
return false;
}
$this->_addUserToMyopLog($uid);
$this->_syncUCenter($uid, $email, $uname, $password);
return $uid;
}
public function createAction()
{
// Creamos un nuevo cliente
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
extract($_POST);
$isValidUser = isset($username) && isset($nombre) && isset($apellidos) && isset($email) && isset($password) && isset($con_password) && isset($news) && !empty($username) && !empty($nombre) && !empty($apellidos) && !empty($email) && !empty($password) && !empty($con_password) && $password === $con_password && isValidPassword($password) && isValidEmail($email);
try {
if ($isValidUser) {
Log::write('Se esta intentando crear un usuario');
$hash = crypt($password, uniqid());
$this->client->save(array('username' => $username, 'nombre' => $nombre, 'apellidos' => $apellidos, 'email' => $email, 'password' => $hash, 'news' => $news, 'public' => !!$public ? 1 : 0));
$_SESSION['username'] = $username;
Log::write("El usuario {$username} se ha creado correctamente");
flash('msg', 'El usuario se creó correctamente', 'Reguistro');
return header('Location: /client');
}
Log::write('Los datos pasados por POST no son correctos');
return require VIEWS . 'error/400.php';
} catch (Exception $e) {
$error = $e->getMessage();
Log::write('Se ha producido una excepción al intentar crear el usuario');
return require VIEWS . 'error/500.php';
}
}
return require VIEWS . 'error/400.php';
}
function doCreateUser($email, $password)
{
if (isValidEmail($email)) {
if (isValidPassword($password)) {
$db = dbconnect();
$stmt = $db->prepare("INSERT INTO users SET email = :email, password = :password, created = now()");
$binds = array(":email" => $email, ":password" => sha1($password));
if ($stmt->execute($binds) && $stmt->rowCount() > 0) {
return true;
}
}
}
return false;
}
function createNewUser($email, $password)
{
if (isValidEmail($email)) {
if (isValidPassword($password)) {
$db = getDB();
$stmt = $db->prepare("INSERT INTO users SET email = :email, password = :password, created = now()");
$hashedPassword = hash('sha1', $password);
$binds = array(":email" => $email, ":password" => $hashedPassword);
if ($stmt->execute($binds) && $stmt->rowCount() > 0) {
return true;
}
}
}
return false;
}
function execSignup($username, $password, $confirmpw, $firstname, $lastname, $gender)
{
if ($username == "" || !isValidUsername($username)) {
return "Username is empty or invalid!";
}
if ($password == "" || !isValidPassword($password)) {
return "Password is empty or invalid!";
}
if ($confirmpw == "" || !isValidPassword($confirmpw)) {
return "Confirm Password is empty or invalid!";
}
if ($firstname == "" || !isValidName($firstname)) {
return "First Name is empty or invalid!";
}
if ($lastname == "" || !isValidName($lastname)) {
return "Last Name is empty or invalid!";
}
if ($gender == "" || !isValidGender($gender)) {
return "Gender is empty or invalid!";
}
$userDAO = new UserDAO();
//verify username exist
$result = $userDAO->getUserByUsername($username);
if ($result !== null) {
return "Username exists, please change to another one!";
}
//verify $password == $confirmpw
if ($password != $confirmpw) {
return "Password and Confirm Password must be same!";
}
$roleDAO = new RoleDAO();
$role = $roleDAO->getRoleByID(3);
//normal user
$departmentDAO = new DepartmentDAO();
$depart = $departmentDAO->getDepartmentByID(1);
//root department
$encryptPW = encryptPassword($password);
$photoURL = "photo/default.png";
$user = new User($role, $depart, $username, $encryptPW, $firstname, $lastname, $gender, $photoURL);
if ($userDAO->insertUser($user) === true) {
return true;
} else {
return "Insert user into table error, please contact administrator!";
}
}
function validationHook()
{
global $db, $row, $result, $MAX_RESERVED_ID, $dtm;
$dtm = date('Y-m-d H:i:s');
if ($row->first_name == '' && $row->last_name == '') {
if (!isset($result->fieldErrors['first_name'])) {
$result->fieldErrors['first_name'] = "First Name or Last Name is required.\n";
}
}
$row->password_hash = '';
$password = isset($row->password) ? $row->password : '';
$reEnterPassword = isset($row->reEnterPassword) ? $row->reEnterPassword : '';
if ($password != '') {
if ($reEnterPassword != $password) {
if (!isset($result->fieldErrors['password'])) {
$result->fieldErrors['password'] = "******";
}
} else {
if (strlen($password) < getMinPasswordLength()) {
if (!isset($result->fieldErrors['password'])) {
$result->fieldErrors['password'] = sprintf("Password must be at least %d characters.\n", getMinPasswordLength());
}
} else {
if (!isValidPassword($password)) {
$result->fieldErrors['password'] = "******";
} else {
$saltchrs = '0123456789abcdefghijklmnopqrstuvwxyz';
$salt = '';
for ($i = 0; $i < 31; $i++) {
$salt .= $saltchrs[mt_rand(0, strlen($saltchrs) - 1)];
}
$row->password_hash = hash('sha512', $password . '{' . $salt . '}') . '{' . $salt . '}';
}
}
}
} else {
if ($row->id <= 0) {
$result->fieldErrors['password'] = "******";
}
}
}
function execChangePW($password, $newpassword, $confirmpw)
{
if ($password == "" || $newpassword == "" || $confirmpw == "") {
return "Please fill all the necessary information!";
}
if (!isValidPassword($password) || !isValidPassword($newpassword)) {
return "Please enter a valid password!";
}
if ($newpassword !== $confirmpw) {
return "The new password and the confirmed new password must be the same!";
}
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($_SESSION["userID"]);
if (!verifyPassword($password, $user->getPassword())) {
return "The old password you entered is not correct!";
}
$encryptPW = encryptPassword($newpassword);
$user->setPassword($encryptPW);
$userDAO->updateUser($user);
return true;
}
function execLogin($username, $password)
{
$username = (string) $username;
$password = (string) $password;
if ($username == "" || $password == "") {
return "Username or password can not be empty!";
}
if (!isValidUsername($username) || !isValidPassword($password)) {
return "Username or password is invalid!";
}
$userDAO = new UserDAO();
$user = $userDAO->getUserByUsername($username);
if ($user === null || !verifyPassword($password, $user->getPassword())) {
return "There is no user account matching the Username and Password provided.";
}
if ($user->getRole()->getRoleID() == "4") {
return "This user was forbidden to login!";
}
login($user->getUserID());
return true;
}
function validation($data, $files)
{
global $USER;
$errors = parent::validation($data, $files);
update_login_count();
// ignore submitted username
if (!($user = authenticate_user_login($USER->username, $data['password']))) {
$errors['password'] = get_string('invalidlogin');
return $errors;
}
reset_login_count();
if ($data['newpassword1'] != $data['newpassword2']) {
$errors['newpassword1'] = get_string('passwordsdiffer');
$errors['newpassword2'] = get_string('passwordsdiffer');
return $errors;
}
if ($data['password'] == $data['newpassword1']) {
$errors['newpassword1'] = get_string('mustchangepassword');
$errors['newpassword2'] = get_string('mustchangepassword');
return $errors;
}
$errmsg = '';
//prevents eclipse warnings
if (!check_password_policy($data['newpassword1'], $errmsg)) {
$errors['newpassword1'] = $errmsg;
$errors['newpassword2'] = $errmsg;
return $errors;
}
// Added by SMS 8/7/2011: To make sure the password does not include special
// characters that may result in issues when synching the password with vms
if (!isValidPassword($data['newpassword1'])) {
$errors['newpassword1'] .= 'Your password cannot contain the following characters: " / \\ [ ] : ; | = , + * ? < > @ & !';
$errors['newpassword2'] .= 'Your password cannot contain the following characters: " / \\ [ ] : ; | = , + * ? < > @ & !';
}
return $errors;
}
<?php
include_once "filefunctions.php";
include_once "validate.php";
$userId = "";
$password = "";
$url = "ecmain.php";
$useridError = "";
$passwordError = "";
// Validate userId and password
if (count($_POST) > 0) {
$userId = $_POST["userid"];
$password = $_POST["password"];
if (isValidUserid($userId, $useridError)) {
if (isValidPassword($password, $passwordError)) {
// If login credentials are correct proceed to event calendar page with userId saved in session.
if (isCorrectPassword($userId, $password)) {
// for now a hard coded userId will be used. Later it will be retrieved from the database
session_start();
$_SESSION["userId"] = 2;
header('Location:' . $url);
}
}
}
}
function validation($data, $files)
{
global $CFG;
$errors = parent::validation($data, $files);
$authplugin = get_auth_plugin($CFG->registerauth);
if (record_exists('user', 'username', $data['username'], 'mnethostid', $CFG->mnet_localhost_id)) {
$errors['username'] = get_string('usernameexists');
} else {
if (empty($CFG->extendedusernamechars)) {
$string = eregi_replace("[^(-\\.[:alnum:])]", '', $data['username']);
if (strcmp($data['username'], $string)) {
$errors['username'] = get_string('alphanumerical');
}
// Validates the username for Windows requirements - 22.05.2011 - jam
$oldusername = stripslashes($data['username']);
if (!isValidUsername($data['username']) || strcmp($data['username'], $oldusername)) {
$errors['username'] = '******';
}
}
}
//check if user exists in external db
//TODO: maybe we should check all enabled plugins instead
if ($authplugin->user_exists($data['username'])) {
$errors['username'] = get_string('usernameexists');
}
if (!validate_email($data['email'])) {
$errors['email'] = get_string('invalidemail');
} else {
if (record_exists('user', 'email', $data['email'])) {
$errors['email'] = get_string('emailexists') . ' <a href="forgot_password.php">' . get_string('newpassword') . '?</a>';
}
}
if (empty($data['email2'])) {
$errors['email2'] = get_string('missingemail');
} else {
if ($data['email2'] != $data['email']) {
$errors['email2'] = get_string('invalidemail');
}
}
if (!isset($errors['email'])) {
if ($err = email_is_not_allowed($data['email'])) {
$errors['email'] = $err;
}
}
$errmsg = '';
if (!check_password_policy($data['password'], $errmsg)) {
$errors['password'] = $errmsg;
}
// Added by SMS 8/7/2011: To make sure the password does not include special
// characters that may result in issues when synching the password with vms // <= 14 char
if (!isValidPassword($data['password'])) {
$errors['password'] .= 'Your password cannot contain the following characters: " / \\ [ ] : ; | = , + * ? < > @ & !';
//$errors['password'] .= ' and it must be less than or equal to 10 characters.';
}
if (strlen($data['password']) <= 0 || strlen($data['password']) > 10) {
$errors['password'] .= ' Your password must be less than or equal to 10 characters.';
}
if (signup_captcha_enabled()) {
$recaptcha_element = $this->_form->getElement('recaptcha_element');
if (!empty($this->_form->_submitValues['recaptcha_challenge_field'])) {
$challenge_field = $this->_form->_submitValues['recaptcha_challenge_field'];
$response_field = $this->_form->_submitValues['recaptcha_response_field'];
if (true !== ($result = $recaptcha_element->verify($challenge_field, $response_field))) {
$errors['recaptcha'] = $result;
}
} else {
$errors['recaptcha'] = get_string('missingrecaptchachallengefield');
}
}
return $errors;
}
function validation($usernew, $files)
{
global $CFG;
$usernew = (object) $usernew;
$usernew->username = trim($usernew->username);
$user = get_record('user', 'id', $usernew->id);
$err = array();
if (!empty($usernew->newpassword)) {
$errmsg = '';
//prevent eclipse warning
if (!check_password_policy($usernew->newpassword, $errmsg)) {
$err['newpassword'] = $errmsg;
}
}
// Added by SMS 8/7/2011: To make sure the password does not include special
// characters that may result in issues when synching the password with vms
if (!isValidPassword($usernew->newpassword)) {
$err['newpassword'] .= 'Your password cannot contain the following characters: " / \\ [ ] : ; | = , + * ? < > @ & !';
}
if (empty($usernew->username)) {
//might be only whitespace
$err['username'] = get_string('required');
} else {
if (!$user or $user->username !== $usernew->username) {
//check new username does not exist
if (record_exists('user', 'username', $usernew->username, 'mnethostid', $CFG->mnet_localhost_id)) {
$err['username'] = get_string('usernameexists');
}
//check allowed characters
if ($usernew->username !== moodle_strtolower($usernew->username)) {
$err['username'] = get_string('usernamelowercase');
} else {
if (empty($CFG->extendedusernamechars)) {
$string = eregi_replace("[^(-\\.[:alnum:])]", '', $usernew->username);
if ($usernew->username !== $string) {
$err['username'] = get_string('alphanumerical');
}
// Validates the username for Windows requirements - 22.05.2011 - jam
$oldusername = stripslashes($usernew->username);
if (!isValidUsername($usernew->username) || strcmp($usernew->username, $oldusername)) {
$err['username'] = '******';
}
}
}
}
}
if (!$user or $user->email !== stripslashes($usernew->email)) {
if (!validate_email($usernew->email)) {
$err['email'] = get_string('invalidemail');
} else {
if (record_exists('user', 'email', $usernew->email, 'mnethostid', $CFG->mnet_localhost_id)) {
$err['email'] = get_string('emailexists');
}
}
}
/// Next the customisable profile fields
$err += profile_validation($usernew, $files);
if (count($err) == 0) {
return true;
} else {
return $err;
}
}
<center>
<?php
if (isPostRequest()) {
//pull from the entered email and password
$email = filter_input(INPUT_POST, 'email');
$password = filter_input(INPUT_POST, 'password');
if (isValidPassword($password)) {
//checks if the password is 4 or more character, then creates the user
createUser($email, $password);
if (createUser($email, $password)) {
?>
<h3>User Created</h3><br/>
<button class="btn btn-default" onClick="location.href = 'index.php'">Sign In</button>
<?php
}
} else {
echo "Password must be 4 or more";
}
}
?>
<div class="text-success">
<h2>Create New User</h2></div><br />
<form method="post" action="#">
<input type="email" name="email" placeholder="Email" value="" required/>
<br /><br />
<input type="password" name="password" placeholder="Password" value="" required/>
<br /><br />
<input class="btn btn-success" type="submit" value="Create Account" />
</form><br /><br />
<button class="btn btn-sm" onClick="location.href = 'index.php'">Back</button>
</center>
if (isPostSetAndNotEmpty('txtFirstName') && isPostSetAndNotEmpty('txtLastName') && isPostSetAndNotEmpty('txtPassword') && isPostSetAndNotEmpty('txtEmail') && isPostSetAndNotEmpty('txtConfirmPassword') && isPostSetAndNotEmpty('txtCaptcha')) {
// validate inputs
$message = '';
if ($_POST['txtPassword'] != $_POST['txtConfirmPassword']) {
$message = 'password is not equal to confirmPassword!\\n';
}
if (!isValidEmail($_POST['txtEmail'])) {
$message .= 'incorrect email pattern!\\n';
}
if (!isValidName($_POST['txtFirstName'])) {
$message .= 'incorrect first name pattern!\\n';
}
if (!isValidName($_POST['txtLastName'])) {
$message .= 'incorrect last name pattern!\\n';
}
if (!isValidPassword($_POST['txtPassword'])) {
$message .= 'incorrect password pattern!\\n';
}
if ($_SESSION['captcha']['code'] != $_POST['txtCaptcha']) {
$message .= 'incorrect captcha!';
}
if ($message == '') {
$pdo = new PDO("mysql:host={$DB_HOST};dbname={$DB_DATABASE};charset=utf8", $DB_USER, $DB_PASSWORD);
// check duplicate email
$sql = "SELECT email FROM user WHERE email = :email";
$sth = $pdo->prepare($sql);
$sth->execute(array(':email' => $_POST['txtEmail']));
if ($sth->rowCount() > 0) {
$message = 'duplicate email with the existing user!';
} else {
// insert to user table
function getNextPassword($password)
{
while (!\isValidPassword(++$password)) {
}
return $password;
}
// disallow new account creation for users who are already logged in
requireNotLoggedIn();
$session = Session::start();
$warnings = array();
if (isset($_POST['submit'])) {
if (!verifyReCaptcha(CAPTCHA_SECRET_KEY, @$_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR'])) {
$warnings[] = "Failed CAPTCHA";
} elseif (isset($_POST['passwd']) && isset($_POST['passwd2']) && isset($_POST['username'])) {
$passwd = $_POST['passwd'];
$passwd2 = $_POST['passwd2'];
$username = $_POST['username'];
// validate password and username
if ($passwd != $passwd2) {
$warnings[] = "Passwords don't match";
}
if (!isValidPassword($passwd)) {
$warnings[] = "Not a valid password (longer than " . MIN_PASSWORD_LENGTH . " characters required)";
}
if (!isValidUsername($username)) {
$warnings[] = "Not a valid username (longer than " . MIN_USERNAME_LENGTH . " characters required)";
}
// No warnings means everything is in order, and we can create the user
if (count($warnings) == 0) {
$dao = new UserDAO();
if ($dao->userExists($username)) {
$warnings[] = "Username already taken";
} else {
$passwd = pw_encode($passwd);
if (!$dao->createUser($username, $passwd)) {
$warnings[] = "Failed to insert to database";
} else {
function validate(&$key, &$value, $error_array = array(), $index = 0, $array_key = NULL)
{
// echo "Switch Test \$key: " . $key . " \$value: " . $value . " <br>\n" ;
switch ($key) {
case "numauthors":
case "numpages":
// echo "Switch Number \$key: " . $key . " \$value: " . $value . " <br>\n" ;
isIntegerMoreThanZero($value, &$error_array, &$index);
break;
case "email":
case "emailHome":
case "ConferenceContact":
// echo "Switch Email \$key: " . $key . " \$value: " . $value . " <br>\n" ;
valid_email($value, &$error_array, &$index);
break;
case "faxno":
case "phoneno":
// echo "Switch Phone \$key: " . $key . " \$value: " . $value . " <br>\n" ;
isValidPhoneNumber($value, &$error_array, &$index);
break;
case "phonenoHome":
// echo "Switch Phone \$key: " . $key . " \$value: " . $value . " <br>\n" ;
isValidPhoneNumber($value, &$error_array, &$index);
break;
case "userfile":
case "state":
case "commentfile":
// echo "Switch File \$key: " . $key . " \$value: " . $value . " <br>\n" ;
isValidFile($value, &$error_array, &$index, &$array_key);
break;
case "logofile":
isValidLogoFile($value, &$error_array, &$index, &$array_key);
break;
case "country":
isValidCountryCode($value, &$error_array, &$index);
break;
case "password":
case "newpwd":
isValidPassword($value, &$error_array, &$index);
break;
case "date":
case "ConferenceStartDate":
case "ConferenceEndDate":
case "arrStartDate":
case "arrEndDate":
if (isValidDate($value, &$error_array, &$index)) {
//is_date_expired( $value , date ( "j/m/Y" , time() ) , &$error_array , &$index ) ;
is_date_expired($value, date("Y-m-d", time()), &$error_array, &$index);
}
break;
default:
// echo "Default \$key: " . $key . " \$value: " . $value . " <br>\n" ;
break;
}
}
function CreateEmployee($employeeName, $emailAddress, $password, $dateJoinedTheCompany, $annualLeaveEntitlement, $mainVacationRequestID, $companyRoleID, $isAdministrator = 0, $isManager = 0)
{
$statusMessage = "";
$employee = NULL;
//--------------------------------------------------------------------------
// Validate Input parameters
//--------------------------------------------------------------------------
$inputIsValid = TRUE;
if (isNullOrEmptyString($employeeName)) {
$statusMessage .= "Employee Name can not be blank.<br/>";
error_log("Invalid employeeName passed to CreateEmployee.");
$inputIsValid = FALSE;
}
if (!filter_var($emailAddress, FILTER_VALIDATE_EMAIL)) {
$statusMessage .= "Email address given is not a valid email format.<br/>";
error_log("Invalid email address passed to CreateEmployee.");
$inputIsValid = FALSE;
}
$errorArray = isValidPassword($password);
if (count($errorArray) != 0) {
foreach ($errorArray as $key => $value) {
$statusMessage .= $value . "<br/>";
error_log($value);
}
$inputIsValid = FALSE;
}
if (!isValidDate($dateJoinedTheCompany)) {
$statusMessage .= "Value given for Date joined the company is not a " . "valid date.<br/>";
error_log("Invalid dateJoinedTheCompany passed to CreateEmployee.");
$inputIsValid = FALSE;
}
//------------------------------------------------------------------------
// Need to check for extreme values for 'date joined the company'
// Don't allow records to be created if date joined is more than a month
// in the future, or more than 50 years in the past.
//------------------------------------------------------------------------
if (isValidDate($dateJoinedTheCompany)) {
$now = time();
$input_date = strtotime($dateJoinedTheCompany);
$diff_date = $now - $input_date;
$daysSinceJoiningCompany = floor($diff_date / (60 * 60 * 24));
if ($daysSinceJoiningCompany > 365 * 50) {
$statusMessage .= "Value given for Date joined the company can not be " . "more than 50 years in the past.<br/>";
error_log("Invalid dateJoinedTheCompany passed to CreateEmployee.");
$inputIsValid = FALSE;
}
if ($daysSinceJoiningCompany < -30) {
$statusMessage .= "Value given for Date joined the company can not " . "be more than 30 days in the future.<br/>";
error_log("Invalid dateJoinedTheCompany passed to CreateEmployee.");
$inputIsValid = FALSE;
}
}
if (!is_numeric($annualLeaveEntitlement)) {
$statusMessage .= "Please enter a valid value for annual leave " . "entitlement.<br/>";
error_log("Invalid annualLeaveEntitlement passed to CreateEmployee.");
$inputIsValid = FALSE;
}
if ($mainVacationRequestID != NULL) {
$record = RetrieveMainVacationRequestByID($mainVacationRequestID);
if ($record == NULL) {
$statusMessage .= "Main Vacation Request ID does not exist in the " . "database.<br/>";
error_log("Invalid mainVacationRequestID passed to CreateEmployee.");
$inputIsValid = FALSE;
}
}
$record = RetrieveCompanyRoleByID($companyRoleID);
if ($record == NULL) {
$statusMessage .= "Company Role ID does not exist in the database.<br/>";
error_log("Invalid companyRoleID passed to CreateEmployee.");
$inputIsValid = FALSE;
}
//Ensure email address doesn't already exist in the database.
$filter[EMP_EMAIL] = $emailAddress;
$result = RetrieveEmployees($filter);
if ($result != NULL) {
$statusMessage .= "Unable to create record as a user with email address " . "{$emailAddress} already exists.<br/>";
error_log("Unable to create record as a user with email address " . "{$emailAddress} already exists");
$inputIsValid = FALSE;
}
//--------------------------------------------------------------------------
// Only attempt to insert a record in the database if the input parameters
// are ok.
//--------------------------------------------------------------------------
if ($inputIsValid) {
// Create an array with each field required in the record.
$employee[EMP_ID] = NULL;
$employee[EMP_NAME] = $employeeName;
$employee[EMP_EMAIL] = $emailAddress;
$encryptedPassword = md5(md5($emailAddress) . $password);
$employee[EMP_PASSWORD] = $encryptedPassword;
$employee[EMP_DATEJOINED] = $dateJoinedTheCompany;
$employee[EMP_LEAVE_ENTITLEMENT] = $annualLeaveEntitlement;
$employee[EMP_MAIN_VACATION_REQ_ID] = $mainVacationRequestID;
$employee[EMP_COMPANY_ROLE] = $companyRoleID;
$employee[EMP_ADMIN_PERM] = $isAdministrator;
$employee[EMP_MANAGER_PERM] = $isManager;
$success = sqlInsertEmployee($employee);
if (!$success) {
$statusMessage .= "Unexpected error when inserting the record to " . "the database.<br/>";
error_log("Failed to create Employee. " . print_r($employee));
$employee = NULL;
$inputIsValid = false;
} else {
$statusMessage = "Record Created Successfully.";
}
}
GenerateStatus($inputIsValid, $statusMessage);
return $employee;
}
<?
set_include_path("..");
require_once( 'offensive/assets/header.inc' );
require_once( 'admin/mysqlConnectionInfo.inc' );
if(!isset($link) || !$link) $link = openDbConnection();
require_once( 'offensive/assets/activationFunctions.inc' );
require_once( "offensive/assets/validationFunctions.inc" );
require_once( 'offensive/assets/functions.inc' );
if( isset($_REQUEST['x2']) ) {
$code = $_REQUEST['x2'];
$pw = $_REQUEST['password'];
if( ($row = userRowFromCode( $_REQUEST['x2'] )) && isValidPassword( $pw ) && $pw == $_REQUEST['password2'] ) {
$uid = $row['userid'];
$encrypted_pw = sha1( $pw );
$sql = "UPDATE users SET timestamp = timestamp, password='******' WHERE userid = $uid LIMIT 1";
tmbo_query( $sql );
header( "Location: ./logn.php" );
}
else {
echo "There was a problem with your request. (Possibly unacceptable password or the entries didn't match.)";
}
}
function sendResetEmail( $username ) {
function checkPasswords($password, $confirm_password)
{
$password = trim($password);
if (!isValidPassword($password)) {
return INVALID_PASSWORD_ERR;
}
$confirm_password = trim($confirm_password);
if ($confirm_password !== $password) {
return INVALID_CONFIRM_PASS_ERR;
}
return true;
}
function validPasswords($password, $confirm_password)
{
return isValidPassword($password) && isValidPassword($confirm_password);
}
function changeUserPassword($userID, $password)
{
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($userID);
if (!isValidPassword($password)) {
return "Invalid password!";
}
if ($user->getRole()->getRoleID() == 0) {
return "You do not have right to change it!";
}
$user->setPassword($password);
$userDAO = new UserDAO();
$userDAO->updateUser($user);
echo "<br>You have successfully changed " . $user->getUsername() . "\\'s password!";
}
}
}
function hasStraight($string)
{
global $possibleStraights;
foreach ($possibleStraights as $possibleStraight) {
if (strpos($string, $possibleStraight) !== false) {
return true;
}
}
return false;
}
function isValidPassword($password)
{
if (strpos($password, 'i') !== false || strpos($password, 'o') !== false || strpos($password, 'l') !== false) {
return false;
} elseif (twoInARowSets($password) < 2) {
return false;
} elseif (!hasStraight($password)) {
return false;
}
return true;
}
do {
$newPassword = nextPassword(isset($newPassword) ? $newPassword : $currentPassword);
} while (!isValidPassword($newPassword));
echo 'Found new password: '******'Found next new password: ' . $newPassword . PHP_EOL;
} else {
// User does NOT need to wait
// User has waited 5 minutes...
// User is not blocked
$remaining_minutes = 0;
// Reset log in attempt
$loginAttempt = 0;
}
} else {
// User does not need to wait... user can try login
$remaining_minutes = 0;
}
if ($remaining_minutes > 0) {
$error[] = "You are blocked for login! <br> You need to wait for " . ceil($remaining_minutes) . " minutes.";
} else {
if (isValidPassword($psword, $dbRow['psword'])) {
// Log in was sucessful
updateSuccessfulLogin($uname);
// start session varibale
session_start();
// set session var
$_SESSION['userid'] = $userid;
$_SESSION['uname'] = $uname;
$_SESSION['fname'] = $fname;
$_SESSION['lname'] = $lname;
$_SESSION['userdp'] = $userdp;
$_SESSION['role'] = $role;
// redriect to the home page
//header("Location: home.php");
if ($role == 'admin') {
header("Location: admin/index.php");
<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST');
require 'connect.php';
require 'regex.php';
$username = addslashes(trim($_POST['username']));
$email = addslashes(trim($_POST['email']));
$password = addslashes($_POST['password']);
//$username = $_POST['username'];
//$email = $_POST['email'];
//$password = $_POST['password'];
//print_r($conn);
if (isValidName($username) == true && isValidEmail($email) == true && isValidPassword($password) == true) {
$query = "INSERT INTO `users`(`username`, `email`, `password`, `TIMESTAMP` ) VALUES ('{$username}','{$email}','{$password}', NOW())";
mysqli_query($conn, $query);
if (mysqli_affected_rows($conn) > 0) {
$output['success'] = true;
$newID = mysqli_insert_id($conn);
$output['newID'] = $newID;
print json_encode($output);
}
} else {
$output['success'] = false;
$output['errors'] = "Error";
print json_encode($output);
}
