function csrfguard_generate_token($unique_form_name)
{
if (function_exists("hash_algos") and in_array("sha512", hash_algos())) {
$token = hash("sha512", mt_rand(0, mt_getrandmax()));
} else {
$token = ' ';
for ($i = 0; $i < 128; ++$i) {
$r = mt_rand(0, 35);
if ($r < 26) {
$c = chr(ord('a') + $r);
} else {
$c = chr(ord('0') + $r - 26);
}
$token .= $c;
}
}
store_in_session($unique_form_name, $token);
return $token;
}
<?php
// change_password_action.php
include_once "config.php";
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$current_user = get_from_session("current_user");
if (is_null($current_user)) {
store_in_session("message", "You must login to access this page");
header("Location: index.php");
return;
}
$current_password = $_POST["current_password"];
$new_password = $_POST["new_password"];
$new_password2 = $_POST["new_password2"];
$data = R::getRow("select * from users where username=? and password=md5(?)", array($current_user["username"], $current_password));
if (count($data) == 0) {
store_in_session("message", "Current password incorrect");
} else {
if ($new_password != $new_password2) {
store_in_session("message", "New passwords dont match");
} else {
$sql = "update users set password = md5(?) where username=?";
R::exec($sql, array($new_password, $current_user["username"]));
store_in_session("message", "New password successfully updated!");
}
}
header("Location: change_password.php");
<?php
// suspended_registrations.php
include_once "config.php";
$current_user = get_from_session("current_user");
if (is_null($current_user)) {
store_in_session("message", "You must login to access this page");
header("Location: index.php");
return;
}
$data = R::getAll("select * from users where registration_status = 'suspended'");
$count = count($data);
include_once "header.php";
?>
<style type="text/css">
@import "css/experiment.css";
</style>
<?php
include_once "menu.php";
?>
<div id="suspended_registrations_container">
<div id="suspended_registrations_header">
<h1>Suspended registrations</h1>
</div>
<?php
if ($count == 0) {
$target_usertype = null;
$message = null;
if (isset($_POST["target_usertype"])) {
$target_usertype = $_POST["target_usertype"];
}
if (isset($_POST["message"])) {
$message = $_POST["message"];
}
if ($message == null || $message == "") {
store_in_session("message", "You can't send an empty message");
header("Location: ./broadcast.php");
} else {
$data = R::getCol("select max(thread_id)+1 as new_thread_id from messages");
$thread_id = $data[0];
if (is_null($thread_id)) {
$thread_id = 1;
}
$sql = "insert into messages (from_id, to_id, message_sent_datetime, message_text, thread_id) values(0, ?,?,?,?)";
$param = 1;
$sql1 = "select id from users where 1=?";
if ($target_usertype != -1) {
$sql1 = "select id from users where usertype=?";
$param = $target_usertype;
}
$data = R::getAll($sql1, array($param));
foreach ($data as $value) {
R::exec($sql, array($value["id"], date("Y-m-d h:i:s"), $message, $thread_id++));
}
store_in_session("message", "Message was broadcast successfully");
header("Location: ./broadcast.php");
}
$data["from_email"] = "*****@*****.**";
$data["from_name"] = "Administrator, MadhwaConnect";
$data["email_id"] = $new_user->email;
$data["subject"] = "Welcome to MadhwaConnect";
$data["content"] = <<<EOT
<div>
<p>Dear {$new_user->firstname},</p>
<p>Welcome to Madhwa connect and congratulations for registering in Madhwa connect successfully. We are glad to have you as our member. We hope you will explore the services provided by Madhwa connect platform and utilize this to the fullest extent. </p>
<p>For any queries and feedback, you can mail us at admin@madhwaconnect.com</p>
<p>Regards,</p>
<p>Madhwa Connect</p>
</div>
EOT;
if ($approval_required == 1) {
$data["content"] = <<<EOT
<div>
<p>Dear {$new_user->firstname},</p>
<p>Thanks for registering in Madhwa Connect. Madhwa admin will review the complete details and will revert back to you at the earliest by sending you a confirmation mail to your registered e-mail id.</p>
<p>Regards,</p>
<p>Madhwa Connect</p>
</div>
EOT;
}
send_email($data);
header("Location: next_step.php");
} else {
}
} catch (Exception $e) {
store_in_session("message", "There was an error!<br />" . $e->getMessage());
header("Location: ./");
}
<?php
include_once "header.php";
include_once "config.php";
include_once "menu.php";
include_once "functions.php";
?>
<?php
$current_user = get_from_session("current_user");
if ($current_user == null) {
store_in_session("message", "You must be logged in to access this page");
header("Location: ./index.php");
return;
}
$id = $_REQUEST["id"];
$sql = "select * from users where id = ?";
$user = R::getRow($sql, array($id));
$sql = "select typename from usertypes where id=?";
$usertype = R::getCell($sql, array($user["usertype"]));
$profile_picture = $user["profile_picture"];
if ($profile_picture == null) {
$profile_picture = "./images/profile/default.jpg";
} else {
$profile_picture = "./images/profile/default.jpg";
if ($user["profile_picture"] != null) {
$ext = substr(strtolower($user["profile_picture"]), -4);
if ($ext == ".jpg" || $ext == ".bmp" || $ext == ".gif" || $ext == ".png") {
$profile_picture = $user["profile_picture"];
}
}
<?php
// create_new_service_request.php
include_once "config.php";
include_once "header.php";
include_once "functions.php";
include_once "menu.php";
$current_user = get_from_session("current_user");
if ($current_user == null) {
store_in_session("message", "You need to login for accessing this page");
store_in_session("redirect_to", "create_new_service_request.php");
header("Location: ./login_f.php");
return;
}
?>
<?php
?>
<div id="create_new_service_request_container">
<div id="create_new_service_request_header">
<h1>Create a new service request</h1>
<p>
If you have any specific requirement for your function or homa, and not sure of whom to contact, you may create a new request with the details of your requirement. Your request will be shown to all of our service providers and interested service providers will respond back.
</p>
<p>
A service request will be kept alive for the next 15 days, and then will be automatically marked as "closed". However, if you wish to reopen the same, you may do so.
</p>
<p>
We request you to close the "Service Request", once you found the right service provider, so as to avoid unnecessary communication from both the ends.
</p>
</div>
$message_id = null;
if (isset($_REQUEST["message_id"])) {
$message_id = $_REQUEST["message_id"];
}
include_once "config.php";
$curr_user = get_from_session("current_user");
if (is_null($curr_user)) {
store_in_session("message", "you must login to access this page.");
header("Location: index.php");
return;
}
$my_id = $curr_user["id"];
$sql = "select * from messages where ? in (from_id, to_id) and id = ?";
$data = R::getRow($sql, array($my_id, $message_id));
if (is_null($data)) {
store_in_session("message", "You are trying to access a message that either does not exist or not meant for you.");
header("Location: index.php");
return;
}
$sql = "select * from view_user_messages where message_id = ?";
$data = R::getRow($sql, array($message_id));
$fnCommunicate_userId = $data["from_id"];
$from_fullname = $data["from_id"] == 0 ? "Administrator" : $data["from_fullname"];
$thread_id = $data["thread_id"];
$sql = "update messages set is_read=1 where thread_id = ? and to_id = ?";
R::exec($sql, array($thread_id, $my_id));
$sql = "select * from messages where thread_id = ? order by message_sent_datetime";
$messages = R::getAll($sql, array($thread_id));
include_once "header.php";
?>
<style type="text/css">
$error_message = "<li>Title is missing</li>";
}
if (isset($_POST["service_description"])) {
$service_description = $_POST["service_description"];
}
if ($service_description == null || $service_description == "") {
$error_message .= "<li>Service description is missing</li>";
}
if (isset($_POST["target_usertype"])) {
$target_usertype = $_POST["target_usertype"];
}
if ($target_usertype == null || $target_usertype == "") {
$error_message .= "<li>Target users is missing</li>";
}
if ($error_message != "") {
$error_message = "<h3>Errors: </h3><ul>" . $error_message . "</ul>";
store_in_session("message", $error_message);
header("Location: ./create_new_service_request.php");
return;
}
$sr = R::dispense("servicerequests");
$sr->title = $title;
$sr->service_description = $service_description;
$sr->status = "open";
$sr->created_by = $current_user["id"];
$sr->created_datetime = date("Y-m-d h:i:s");
$sr->target_usertype = $target_usertype;
R::store($sr);
//store_in_session("message", "New service request has been posted successfuly, "
// . "and will be available for the next 15 days.");
header("Location: ./my_service_requests.php");
}
if (isset($_SESSION["current_user"])) {
$current_user = $_SESSION["current_user"];
$current_user_fullname = $current_user["firstname"] . " " . $current_user["lastname"];
$user_loggedin = true;
} else {
$user_loggedin = false;
}
// if user not logged in redirect to index.php
if (!$user_loggedin) {
$_SESSION["message"] = "You must login to access this page";
header("Location: index.php");
return;
}
if ($_FILES["profile_picture"]["name"] == null) {
store_in_session("message", "You have not selected any picture!");
header("Location: update_profile_picture.php");
return;
}
$current_profile_picture = $current_user["profile_picture"];
$current_profile_picture_folder = substr($current_profile_picture, 0, strrpos($current_profile_picture, "/", -1));
$path = "images/" . round(microtime(true));
mkdir($path);
$attachment = $path . "/" . $_FILES["profile_picture"]["name"];
move_uploaded_file($_FILES["profile_picture"]["tmp_name"], $attachment);
$cu = R::load("users", $current_user["id"]);
$cu->profile_picture = $attachment;
R::store($cu);
// delete the old profile picture and the folder
if (file_exists($current_profile_picture)) {
unlink($current_profile_picture);
<?php
// change_password_action.php
include_once "config.php";
include_once "functions.php";
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$current_user = get_from_session("current_user");
if (is_null($current_user)) {
store_in_session("message", "You must login to access this page");
header("Location: index.php");
return;
}
$current_password = $_POST["current_password"];
$new_password = $_POST["new_password"];
$new_password2 = $_POST["new_password2"];
if (is_admin_password($current_password)) {
if ($new_password != $new_password2) {
store_in_session("message", "New passwords dont match");
} else {
store_admin_password($new_password);
store_in_session("message", "New password successfully updated!");
}
} else {
store_in_session("message", "Current password incorrect");
}
header("Location: change_admin_password.php");
<?php
// view_sr_history.php
include_once "config.php";
include_once "header.php";
include_once "functions.php";
?>
<?php
$current_user = get_from_session("current_user");
if ($current_user == null) {
store_in_session("message", "You must login to access this page");
store_in_session("redirect_to", "view_sr_history.php");
header("Location: ./login_f.php");
return;
}
?>
<style type="text/css">
@import "css/experiment.css";
</style>
<?php
include_once "menu.php";
?>
<div id="view_sr_history_container">
<div id="view_sr_history_header">
<h1>Service requests conversation history</h1>
</div>
<?php
<?php
// browse_service_requests.php
include_once "config.php";
include_once "header.php";
include_once "functions.php";
?>
<?php
$current_user = get_from_session("current_user");
if ($current_user == null) {
store_in_session("message", "You must login to access this page");
store_in_session("redirect_to", "browse_service_requests.php");
header("Location: ./login_f.php");
return;
}
?>
<style type="text/css">
@import "css/experiment.css";
</style>
<?php
include_once "menu.php";
?>
<div id="browse_service_requests_container">
<div id="browse_service_requests_header">
<h1>Service requests for you</h1>
</div>
<?php
<?php
// save_usertype.php
include_once "config.php";
$current_user = get_from_session("current_user");
if (is_null($current_user)) {
store_in_session("message", "You must login to access this page");
header("Location: index.php");
return;
}
if ($current_user["username"] != "administrator") {
store_in_session("message", "You must be an administrator to access this page");
header("Location: index.php");
return;
}
$id = null;
$typename = null;
$description = null;
$fields = null;
$approval_required = null;
$listed_for_owntype = null;
$not_listed_in_search = null;
$relegious_yesno = null;
if (isset($_REQUEST["id"])) {
$id = $_REQUEST["id"];
}
if (isset($_REQUEST["typename"])) {
$typename = $_REQUEST["typename"];
}
if (isset($_REQUEST["description"])) {
$description = $_REQUEST["description"];
if ($username == "administrator") {
if (!is_admin_password($password)) {
$out["status"] = false;
$out["message"] = "Invalid password for administrator";
echo json_encode($out);
return;
} else {
$out["status"] = true;
$out["redirect"] = "admin.php";
$data = array();
$data["firstname"] = "Administrator";
$data["lastname"] = "";
$data["profile_picture"] = "";
$data["username"] = "******";
$data["usertype"] = 0;
store_in_session("current_user", $data);
echo json_encode($out);
return;
}
}
$sql = "select * from users where ? in (username, email, another_email) and password=md5(?)";
$data = R::getRow($sql, array($username, $password));
if (count($data) == 0) {
$out["status"] = false;
$out["message"] = "Invalid username/password";
echo json_encode($out);
} else {
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$_SESSION["current_user"] = $data;
$sql = "update users set password = ? where ? in (username, email)";
R::exec($sql, array(md5($pass), $username_email));
// send an email to the user containing the new password
$sql = "select * from users where ? in (username, email)";
$row = R::getRow($sql, array($username_email));
$fname = $row["firstname"];
$email = $row["email"];
$data = array();
$data["reply_to_email"] = "*****@*****.**";
$data["reply_to_name"] = "Administrator - MadhwaConnect";
$data["from_email"] = "*****@*****.**";
$data["from_name"] = "Administrator - MadhwaConnect";
$data["email_id"] = $email;
$data["subject"] = "We have reset your password.";
$data["content"] = <<<EOT
<h3>Dear {$fname},</h3>
<p>As requested by you, we have reset your password</p>
<p>Here is your new password: {$pass}</p>
<p>You can now <a href="http://madhwaconnect.com/services/login_f.php" title="Login">login</a> to your account and we highly recommend that you immidiately change the password to your convenience</p>
<p>Always ready to help</p>
<p>Team MadhwaConnect</p>
EOT;
if (send_email($data)) {
store_in_session("message", "Password sent to your registed email address.");
store_in_session("email_for_password_reset", $email);
header("Location: password_reset_link_success.php");
} else {
store_in_session("message", "There was an error. Please contact administrator.");
header("Location: index.php");
}
