function registra_usuario($username, $password, $email)
{
global $db;
if (user_exists($username)) {
$mensaje_de_error = "El usuario " . $username . " ya existe";
} else {
if (check_email($email) == 0) {
$mensaje_de_error = "El mail no es válido";
} else {
if (email_exists($email)) {
$mensaje_de_error = "El mail " . $email . " ya existe";
} else {
$SELECT = "INSERT INTO usuarios ( usuario_login, usuario_password, usuario_email, usuario_nombre )";
$SELECT .= " VALUES ( '" . $username . "', '" . md5($password) . "', '" . $email . "', '" . $username . "' )";
$result = $db->get_results($SELECT);
logea("registro " . $username, "", $_SESSION["usuario"]);
//Creamos el ranking con un día atrás para que no obtenga beneficios de 60000 al actualizar el ranking hoy
$SELECT = "INSERT INTO ranking ( ranking_usuario, ranking_saldo, ranking_invertido, ranking_total, ranking_beneficio_hoy, ranking_fecha ) ";
$SELECT .= " VALUES ( '" . $username . "', '60000', '0', '60000', '0', CURDATE()-INTERVAL 1 DAY )";
$result = $db->get_results($SELECT);
}
}
}
return $mensaje_de_error;
}
/**
* Get username, realname and email from for a given user id
* @param integer $p_user_id A valid user identifier.
* @return array
*/
function mci_account_get_array_by_id($p_user_id)
{
$t_result = array();
$t_result['id'] = $p_user_id;
if (user_exists($p_user_id)) {
$t_current_user_id = auth_get_current_user_id();
$t_access_level = user_get_field($t_current_user_id, 'access_level');
$t_can_manage = access_has_global_level(config_get('manage_user_threshold')) && access_has_global_level($t_access_level);
# this deviates from the behaviour of view_user_page.php, but it is more intuitive
$t_is_same_user = $t_current_user_id === $p_user_id;
$t_can_see_realname = access_has_project_level(config_get('show_user_realname_threshold'));
$t_can_see_email = access_has_project_level(config_get('show_user_email_threshold'));
$t_result['name'] = user_get_field($p_user_id, 'username');
if ($t_is_same_user || $t_can_manage || $t_can_see_realname) {
$t_realname = user_get_realname($p_user_id);
if (!empty($t_realname)) {
$t_result['real_name'] = $t_realname;
}
}
if ($t_is_same_user || $t_can_manage || $t_can_see_email) {
$t_email = user_get_email($p_user_id);
if (!empty($t_email)) {
$t_result['email'] = $t_email;
}
}
}
return $t_result;
}
function checkLogin($u, $p)
{
global $seed;
// global because $seed is declared in the header.php file
if (!valid_username($u) || !valid_password($p) || !user_exists($u)) {
return false;
// the name was not valid, or the password, or the username did not exist
}
//Now let us look for the user in the database.
$query = sprintf("\n\t\tSELECT loginid \n\t\tFROM login \n\t\tWHERE \n\t\tusername = '******' AND password = '******' \n\t\tAND disabled = 0 AND activated = 1 \n\t\tLIMIT 1;", mysql_real_escape_string($u), mysql_real_escape_string(sha1($p . $seed)));
$result = mysql_query($query);
// If the database returns a 0 as result we know the login information is incorrect.
// If the database returns a 1 as result we know the login was correct and we proceed.
// If the database returns a result > 1 there are multple users
// with the same username and password, so the login will fail.
if (mysql_num_rows($result) != 1) {
return false;
} else {
// Login was successfull
$row = mysql_fetch_array($result);
// Save the user ID for use later
$_SESSION['loginid'] = $row['loginid'];
// Save the username for use later
$_SESSION['username'] = $u;
// Now we show the userbox
return true;
}
return false;
}
/**
* prepares the name of the user given the id. also makes it an email link.
* @param int $p_user_id
* @return string
*/
function prepare_user_name($p_user_id)
{
# Catch a user_id of NO_USER (like when a handler hasn't been assigned)
if (NO_USER == $p_user_id) {
return '';
}
$t_username = user_get_name($p_user_id);
if (user_exists($p_user_id) && user_get_field($p_user_id, 'enabled')) {
$t_username = string_display_line($t_username);
// WK/BFE: Original-Zeile auskommentiert: , LB/BFE 2015
// return '<a href="' . string_sanitize_url( 'view_user_page.php?id=' . $p_user_id, true ) . '">' . $t_username . '</a>';
// ersetzt durch: (Link auf view_user_page nur wenn globale Rolle mindestens $g_manage_user_threshold
if (user_is_administrator(auth_get_current_user_id())) {
return '<a href="' . string_sanitize_url('view_user_page.php?id=' . $p_user_id, true) . '">' . $t_username . '</a>';
} else {
return $t_username;
}
// WK/BFE: Ende der Modifikation
} else {
$t_result = '<font STYLE="text-decoration: line-through">';
$t_result .= string_display_line($t_username);
$t_result .= '</font>';
return $t_result;
}
}
/**
* @param $in
* @return array
*
* @code
* $ php index.php "route=user.Controller.register&username=abc&password=1234&email=abc@def.com"
* @endcode
*
*/
public function register($in)
{
if (!isset($in['username'])) {
sys()->log("Username is empty.");
return ERROR(-111, "Username is empty.");
}
if (!isset($in['password'])) {
return ERROR(-1121, "Password is empty.");
}
if (!isset($in['email'])) {
return ERROR(-113, "Email is empty.");
}
if (user_exists($in['username'])) {
return ERROR(-121, "User: {$in['username']} exists.");
}
if (user_email_exists($in['email'])) {
return ERROR(-121, "User email: {$in['email']} exists.");
}
$sets = array();
$sets['username'] = $in['username'];
$sets['password'] = password_encrypt($in['password']);
$sets['email'] = $in['email'];
$sets['first_name'] = hi('first_name', '');
$sets['middle_name'] = hi('middle_name', '');
$sets['last_name'] = hi('last_name');
$sets['mobile'] = hi('mobile', '');
$sets['landline'] = hi('landline', '');
$sets['address'] = hi('address');
$re = user()->create()->sets($sets)->save();
if ($re) {
return SUCCESS();
} else {
return ERROR(-4, 'Failed on saving user information.');
}
}
function getData()
{
parent::getData();
$this->wop = value_from_POST_GET(FMWK_PARAM_OP, 'sign');
if (empty($this->asked_app)) {
$this->asked_app = value_from_POST('asked_app', Null);
}
$op = $this->wop;
$siteuser = $this->site->username();
$this->user_signed = isset($siteuser);
if ($this->user_signed) {
$this->wusername = $siteuser;
} else {
$this->wusername = value_from_POST('username', Null);
$this->wpassword = value_from_POST('password', Null);
}
switch ($op) {
case 'logout':
$auth = $this->site->auth;
$auth->logoutUser($this->wusername);
$this->site->redirectToApp($this->asked_app);
exit;
break;
case 'login':
if ($this->user_signed) {
$this->message .= "Already authentificated in";
$this->wop = 'info';
} else {
$is_ok = FALSE;
if (!empty($this->wusername)) {
$auth = $this->site->auth;
if (isset($auth)) {
$is_ok = $auth->loginUser($this->wusername, $this->wpassword);
}
}
if ($is_ok) {
require_once INC_DIR . "users.inc";
if (user_exists($auth->signed_username)) {
$this->message .= "Welcome";
$this->wop = 'login';
$this->site->redirectToApp($this->asked_app);
} else {
$this->message .= "Sorry your account is not configured yet.<br/>";
$auth->logoutUser();
$this->wop = 'sign';
}
} else {
$this->message .= "Invalid login or password";
$this->wop = 'sign';
}
}
break;
default:
$this->wop = 'info';
break;
}
}
function adduser($username, $password, $level, $email = "", $realname = "", $can_modify_passwd = '1', $description = "")
{
if (!user_exists($username)) {
$encrypted = crypt($password, '$1$' . generateSalt(8) . '$');
return dbInsert(array('username' => $username, 'password' => $encrypted, 'level' => $level, 'email' => $email, 'realname' => $realname, 'can_modify_passwd' => $can_modify_passwd, 'descr' => $description), 'users');
} else {
return FALSE;
}
}
function __construct($Username, $key)
{
if (!user_exists($Username)) {
return false;
}
$this->username = $Username;
$this->rehash();
$_SESSION['user'] =& $this;
$this->decryptionKey = $key;
}
function adduser($username, $password, $level, $email = '', $realname = '', $can_modify_passwd = '1')
{
if (!user_exists($username)) {
$hasher = new PasswordHash(8, false);
$encrypted = $hasher->HashPassword($password);
return dbInsert(array('username' => $username, 'password' => $encrypted, 'level' => $level, 'email' => $email, 'realname' => $realname), 'users');
} else {
return false;
}
}
function adduser($username, $password, $level, $email = "", $realname = "", $can_modify_passwd = 1, $description = "", $twofactor = 0)
{
if (!user_exists($username)) {
$hasher = new PasswordHash(8, FALSE);
$encrypted = $hasher->HashPassword($password);
return dbInsert(array('username' => $username, 'password' => $encrypted, 'level' => $level, 'email' => $email, 'realname' => $realname, 'can_modify_passwd' => $can_modify_passwd, 'descr' => $description, 'twofactor' => $twofactor), 'users');
} else {
return FALSE;
}
}
function pass_check($user, $pass)
{
if (user_exists($user)) {
$hpass = sha1(sha1($pass));
$q = "SELECT COUNT(*) FROM users WHERE user='******' AND pass='******'";
$res = db_fetch_array(db_query($q), SQLITE_NUM);
return $res['0']['0'];
} else {
return FALSE;
}
}
private function update_user()
{
$fb_response = $this->facebook->api('/me');
$this->display_name = $fb_response['name'];
global $db;
if (user_exists($this)) {
$this->updated = time();
$db->query('UPDATE users SET display_name = "' . $this->display_name . '", updated = ' . $this->updated . ' WHERE uid = ' . $this->uid);
} else {
create_user($this);
}
}
function authenticate($username, $password)
{
global $config;
if (isset($_SERVER['REMOTE_USER'])) {
$_SESSION['username'] = mres($_SERVER['REMOTE_USER']);
if (user_exists($_SESSION['username'])) {
return 1;
}
$_SESSION['username'] = $config['http_auth_guest'];
return 1;
}
return 0;
}
function verify_password($pseudo, $password)
{
$error = false;
//Pseudo pas existant
if (!user_exists(array('pseudo' => $pseudo, 'password' => sha1(md5($password))))) {
$_SESSION['connexion_error'][] = 'Le mot de passe entré n\'est pas le bon.';
$error = true;
}
if (!$error) {
return true;
}
return false;
}
function generate_request($email, &$db)
{
//echo "generate request function called. <br><br>";
$user_confirmed = user_exists($email, $db);
if ($user_confirmed[0]) {
$requestkey = mt_rand(10000000, mt_getrandmax());
$time = time();
//echo "user confirmed to exist; request key generated: $requestkey <br><br>";
try {
$sql = 'INSERT INTO password_reset_requests
(email, requestkey, time)
VALUES (:email, :requestkey, :time)';
$stmt = $db->prepare($sql);
$stmt->bindValue(':email', $email);
$stmt->bindValue(':requestkey', $requestkey);
$stmt->bindValue(':time', $time);
$stmt->execute();
$errorInfo = $stmt->errorInfo();
if (isset($errorInfo[2])) {
$error = $errorInfo[2];
}
} catch (Exception $e) {
$error = $e->getMessage();
}
if (isset($error)) {
//echo "database error in request insertion: $error <br><br>";
return [false, $error];
}
$requestid = $db->lastInsertId();
if (!isset($requestid)) {
//echo "error: no request id returned by db. <br><br>";
return [false, 'Error: Could not add request to database.'];
} else {
//echo "made it! have a request id: $requestid <br><br>";
$key = $requestid . '-' . $requestkey;
//echo "about to generate an email with address $email and key $key <br><br>";
if (generate_email($email, $key)) {
//echo "email sent. <br><br>";
return [true];
} else {
//echo "email not sent. <br><br>";
return [false, "Error: email could not be sent."];
}
}
} else {
//echo "user does not exist. <br><br>";
return $user_confirmed;
// already in the form [false, error]
}
}
/**
* prepares the name of the user given the id. also makes it an email link.
* @param int $p_user_id
* @return string
*/
function prepare_user_name( $p_user_id ) {
# Catch a user_id of NO_USER (like when a handler hasn't been assigned)
if( NO_USER == $p_user_id ) {
return '';
}
$t_username = user_get_name( $p_user_id );
$t_username = string_display_line( $t_username );
if( user_exists( $p_user_id ) && user_get_field( $p_user_id, 'enabled' ) ) {
return '<a class="user" href="' . string_sanitize_url( 'view_user_page.php?id=' . $p_user_id, true ) . '">' . $t_username . '</a>';
} else {
return '<del class="user">' . $t_username . '</del>';
}
}
function create_user($dbc, $username, $password, $password2, $firstname, $lastname)
{
if ($password != $password2) {
return false;
}
if (user_exists($dbc, $username)) {
return false;
}
$create_user = "******";
$stmt = mysqli_prepare($dbc, $create_user);
$password_hash = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "ssss", $username, $password_hash, $firstname, $lastname);
mysqli_stmt_execute($stmt);
$affected_rows = mysqli_stmt_affected_rows($stmt);
return $affected_rows == 1;
}
/**
* Gets the avatar information for the user. The avatars are provided by
* plugins that can integrate with a variety of services like gravatar.com,
* LDAP, Social Identities, etc.
*
* If logged in user doesn't have access to view avatars or not avatar is found,
* then a default avatar will be used.
*
* Note that the provided user id may no longer has a corresponding user in the
* system, if the user was deleted.
*
* @param integer $p_user_id The user id.
* @param integer $p_size The desired width/height of the avatar.
*
* @return array The array with avatar information.
*/
public static function get($p_user_id, $p_size = 80)
{
$t_enabled = config_get('show_avatar') !== OFF;
$t_avatar = null;
if ($t_enabled) {
$t_user_exists = user_exists($p_user_id);
if ($t_user_exists && access_has_project_level(config_get('show_avatar_threshold'), null, $p_user_id)) {
$t_avatar = event_signal('EVENT_USER_AVATAR', array($p_user_id, $p_size));
}
if ($t_avatar === null) {
$t_avatar = new Avatar();
}
$t_avatar->normalize($p_user_id, $t_user_exists);
}
return $t_avatar;
}
/**
* Get username, realname and email from for a given user id
* @param integer $p_user_id A valid user identifier.
* @return array
*/
function mci_account_get_array_by_id($p_user_id)
{
$t_result = array();
$t_result['id'] = $p_user_id;
if (user_exists($p_user_id)) {
$t_result['name'] = user_get_field($p_user_id, 'username');
$t_dummy = user_get_field($p_user_id, 'realname');
if (!empty($t_dummy)) {
$t_result['real_name'] = $t_dummy;
}
$t_dummy = user_get_field($p_user_id, 'email');
if (!empty($t_dummy)) {
$t_result['email'] = $t_dummy;
}
}
return $t_result;
}
/**
* prepares the name of the user given the id. also makes it an email link.
* @param int $p_user_id
* @return string
*/
function prepare_user_name($p_user_id)
{
# Catch a user_id of NO_USER (like when a handler hasn't been assigned)
if (NO_USER == $p_user_id) {
return '';
}
$t_username = user_get_name($p_user_id);
if (user_exists($p_user_id) && user_get_field($p_user_id, 'enabled')) {
$t_username = string_display_line($t_username);
return '<a href="' . string_sanitize_url('view_user_page.php?id=' . $p_user_id, true) . '">' . $t_username . '</a>';
} else {
$t_result = '<font STYLE="text-decoration: line-through">';
$t_result .= string_display_line($t_username);
$t_result .= '</font>';
return $t_result;
}
}
function adduser($username, $password, $level, $email = '', $realname = '', $can_modify_passwd = 1, $description = '', $twofactor = 0)
{
if (!user_exists($username)) {
$hasher = new PasswordHash(8, false);
$encrypted = $hasher->HashPassword($password);
$userid = dbInsert(array('username' => $username, 'password' => $encrypted, 'level' => $level, 'email' => $email, 'realname' => $realname, 'can_modify_passwd' => $can_modify_passwd, 'descr' => $description, 'twofactor' => $twofactor), 'users');
if ($userid == false) {
return false;
} else {
foreach (dbFetchRows('select notifications.* from notifications where not exists( select 1 from notifications_attribs where notifications.notifications_id = notifications_attribs.notifications_id and notifications_attribs.user_id = ?) order by notifications.notifications_id desc', array($userid)) as $notif) {
dbInsert(array('notifications_id' => $notif['notifications_id'], 'user_id' => $userid, 'key' => 'read', 'value' => 1), 'notifications_attribs');
}
}
return $userid;
} else {
return false;
}
}
function new_user()
{
$exists = true;
$user = "";
// inialize vars
while ($exists) {
$num = rand(2, 3);
//Why between 2 and 3?
$bytes = openssl_random_pseudo_bytes($num);
$user = bin2hex($bytes);
$exists = user_exists($user);
}
// FOR WELLESLELY STUDENTS ONLY
//$user = "******" + $user;
echo "user created was:";
echo user;
return $user;
}
function store_user()
{
global $db, $globals;
// syslog(LOG_INFO, "store_user: "******" COOKIE: ".$_COOKIE['return']);
$user = $this->user;
if (!$this->secret) {
$this->secret = $this->service . "-" . $globals['now'];
}
if (user_exists($this->username)) {
$i = 1;
while (user_exists($this->username . "_{$i}")) {
$i++;
}
$user->username = $this->username . "_{$i}";
} else {
$user->username = $this->username;
}
if (!$user->pass || preg_match('/$\\$/', $user->pass)) {
$user->pass = "******";
}
if (!$user->names && $this->names) {
$user->names = $this->names;
}
if (!$user->url && $this->url) {
$user->url = $this->url;
}
if ($user->id == 0) {
$user->date = $globals['now'];
$user->ip = $globals['user_ip'];
$user->email = $this->username . '@' . $this->service;
$user->email_register = $this->username . '@' . $this->service;
$user->username_register = $user->username;
}
syslog(LOG_NOTICE, "Meneame new user from {$this->service}: {$user->username}, {$user->names}");
$user->store();
Log::insert('user_new', $user->id, $user->id);
$db->query("update users set user_validated_date = now() where user_id = {$user->id} and user_validated_date is null");
if ($this->avatar) {
require_once mnminclude . 'avatars.php';
avatars_get_from_url($user->id, $this->avatar);
}
}
function verify_receiver($receiver)
{
global $PSEUDO_MIN_LENGTH, $PSEUDO_MAX_LENGTH;
$error = false;
include_once 'model/user/user_exists.php';
//Receveur = soi-même
if ($receiver == $_SESSION['pseudo']) {
$_SESSION['sending_errors'][] = 'Vous ne pouvez pas envoyer de message à vous-même.';
$error = true;
} else {
//Pseudo innexistant
if (!user_exists(array('pseudo' => $receiver))) {
$_SESSION['sending_errors'][] = 'Le pseudo entré n\'existe pas.';
$error = true;
}
}
if (!$error) {
return true;
}
return false;
}
function prepare_user_name($p_user_id)
{
# Catch a user_id of NO_USER (like when a handler hasn't been assigned)
if (NO_USER == $p_user_id) {
return '';
}
$t_username = user_get_name($p_user_id);
if (user_exists($p_user_id) && user_get_field($p_user_id, 'enabled')) {
$t_email = user_get_email($p_user_id);
if (!is_blank($t_email)) {
return prepare_email_link($t_email, $t_username);
} else {
return string_display($t_username);
}
} else {
$t_result = '<font STYLE="text-decoration: line-through">';
$t_result .= string_display($t_username);
$t_result .= '</font>';
return $t_result;
}
}
function lostPassword($username, $email)
{
global $seed;
if (!valid_username($username) || !user_exists($username) || !valid_email($email)) {
return false;
}
$query = sprintf("select loginid from login where username = '******' and email = '%s' limit 1", $username, $email);
$result = mysql_query($query);
if (mysql_num_rows($result) != 1) {
return false;
}
$newpass = generate_code(8);
$query = sprintf("update login set password = '******' where username = '******'", mysql_real_escape_string(sha1($newpass . $seed)), mysql_real_escape_string($username));
if (mysql_query($query)) {
if (sendLostPasswordEmail($username, $email, $newpass)) {
return true;
} else {
return false;
}
} else {
return false;
}
return false;
}
<?php
include 'core/init.php';
$error = null;
// Ako e pristapeno so post metod, proverka na greski za username i password
if (!empty($_POST)) {
$username = $_POST['user'];
$password = $_POST['pass'];
if (empty($username) || empty($password)) {
$error = 'Потребно е да внесите корисничко име и лозинка';
} else {
if (!user_exists($username)) {
$error = 'Корисничкото име што го внесивте не постои';
} else {
if (!user_active($username)) {
$error = 'Потрено е да ја активирате вашата корисничка сметка';
} else {
$login = login($username, $password);
if (!$login) {
$error = 'Корисничкото име или лозинката се погрешни';
}
}
}
}
}
// Ako error e null togas znaci deka ili korisnikot ne pristapil so post metod i ke bidi vraten na prethodnata strana,
// ili deka korisnikot se logiral uspesno i ke bidi startuvana sesija
if (!is_null($error)) {
$_SESSION['error'] = $error;
$_SESSION['user_value'] = $username;
// Ako ima greska da se zapamti to so go zapisal userot za da ne go pisi pak
</div>
<div class="col-md-3">
</div>
</div>
<?php
} elseif ($stage == "4") {
$proceed = 1;
?>
<div class="row">
<div class="col-md-3">
</div>
<div class="col-md-6">
<?php
require 'includes/authenticate.inc.php';
if (auth_usermanagement()) {
if (!user_exists($add_user)) {
if (adduser($add_user, $add_pass, '10', $add_email)) {
echo "<div class='alert alert-success'>User has been added successfully</div>";
$proceed = 0;
} else {
echo "<div class='alert alert-danger'>User hasn't been added, please try again</div>";
}
} else {
echo "<div class='alert alert-danger'>User {$add_user} already exists!</div>";
}
} else {
echo "<div class='alert alert-danger'>Auth module isn't loaded</div>";
}
?>
<form class="form-horizontal" role="form" method="post">
<input type="hidden" name="stage" value="5">
function print_user_with_subject($p_user_id, $p_bug_id)
{
$c_user_id = db_prepare_int($p_user_id);
if (NO_USER == $p_user_id) {
return;
}
$t_username = user_get_name($p_user_id);
if (user_exists($p_user_id) && user_get_field($p_user_id, 'enabled')) {
$t_email = user_get_email($p_user_id);
print_email_link_with_subject($t_email, $t_username, $p_bug_id);
} else {
echo '<span style="text-decoration: line-through">';
echo $t_username;
echo '</span>';
}
}
function do_register2() {
global $db, $current_user, $globals;
if ( !ts_is_human()) {
register_error(_('El código de seguridad no es correcto.'));
return;
}
$username=preg_replace('/ /', '_', trim($_POST['username'])); // sanity check
$password=md5(trim($_POST['password']));
$email=preg_replace('/ /', '_', trim($_POST['email'])); // sanity check
$user_ip = $globals['user_ip'];
if (!user_exists($username)) {
if ($db->query("INSERT INTO users (user_login, user_email, user_pass, user_date, user_ip) VALUES ('$username', '$email', '$password', now(), '$user_ip')")) {
//register_error(_("Usuario creado").'.<a href="login.php">'._(Login).'</a>');
/***
if($current_user->Authenticate($username, $password, false) == false) {
register_error(_("Error insertando usuario en la base de datos"));
} else {
****/
echo '<fieldset>'."\n";
echo '<legend><span class="sign">'._("registro de usuario").'</span></legend>'."\n";
require_once(mnminclude.'user.php');
$user=new User();
$user->username=$username;
if(!$user->read()) {
register_error(_('Error insertando usuario en la base de datos'));
} else {
require_once(mnminclude.'mail.php');
$sent = send_recover_mail($user);
}
//header('Location: ./user.php?login='******'</fieldset>'."\n";
} else {
register_error(_("Error insertando usuario en la base de datos"));
}
} else {
register_error(_("El usuario ya existe"));
}
}
