/**
* Call this function only after we have successfully logged in.
* Updates user status etc.
*/
function handle_post_login()
{
global $messages;
if (!isset($messages)) {
// we might be in auto-login, create a temporary message field anyway
$messages = array();
}
$user = get_user(user_id());
// display warning if account was disabled
if ($user['is_disabled']) {
$messages[] = t("Your account was disabled :ago due to inactivity; your account is now re-enabled, and account data will be updated again soon.", array(':ago' => recent_format($user['disabled_at'])));
$q = db()->prepare("UPDATE user_properties SET is_disabled=0,logins_after_disabled=logins_after_disabled+1 WHERE id=?");
$q->execute(array($user['id']));
}
// keep track of users that logged in after receiving a warning
if ($user['is_disable_warned']) {
$q = db()->prepare("UPDATE user_properties SET is_disable_warned=0,logins_after_disable_warned=logins_after_disable_warned+1 WHERE id=?");
$q->execute(array($user['id']));
}
// update locale
if ($user['locale']) {
I18n::setLocale($user['locale']);
}
// update login time
$query = db()->prepare("UPDATE user_properties SET last_login=NOW(),is_disabled=0 WHERE id=?");
$query->execute(array($user["id"]));
// if we don't have an IP set, update it now
if (!$user["user_ip"]) {
$q = db()->prepare("UPDATE user_properties SET user_ip=? WHERE id=?");
$q->execute(array(user_ip(), $user['id']));
}
}
/**
* We're about to perform a computationally intense task that is visible
* or accessible to the public - this method will check the current user
* IP and make sure this IP isn't requesting too many things at once.
*
* If login does not work, make sure that you have set database_timezone
* correctly.
*/
function check_heavy_request()
{
if (get_site_config("heavy_requests_seconds") >= 0) {
$q = db()->prepare("SELECT * FROM heavy_requests WHERE user_ip=?");
$q->execute(array(user_ip()));
if ($heavy = $q->fetch()) {
// too many requests?
// assumes the database and server times are in sync
if (strtotime($heavy['last_request']) > strtotime("-" . get_site_config("heavy_requests_seconds") . " seconds")) {
throw new BlockedException(t("You are making too many requests at once: please wait at least :seconds.", array(':seconds' => plural("second", get_site_config("heavy_requests_seconds")))));
} else {
// update database
$q = db()->prepare("UPDATE heavy_requests SET last_request=NOW() WHERE user_ip=?");
$q->execute(array(user_ip()));
}
} else {
// insert into database
$q = db()->prepare("INSERT INTO heavy_requests SET last_request=NOW(), user_ip=?");
$q->execute(array(user_ip()));
}
}
}
$user = $response->getGraphUser();
if ($user['id'] >= 1) {
if (db_num_rows(db_query("SELECT user_fb FROM " . $pre . "user WHERE user_fb='" . db_real_escape_string($user['id']) . "'")) >= 1) {
} else {
$in = "INSERT INTO " . $pre . "user(`user_login`, `user_haslo`, `user_email`, `user_akt`, `user_data_r`, `user_kod`,`user_rip`,`user_fb`)VALUES('" . htmlspecialchars($user['name']) . "', '" . md5($user['email'] . $user['id'] . "asdf3f23") . "', '" . htmlspecialchars($user['email']) . "', '1', NOW(), '','" . user_ip() . "','" . $user['id'] . "')";
db_query($in);
$user_id = db_insert_id();
}
$Query = 'SELECT * FROM ' . $pre . 'user WHERE user_fb="' . db_real_escape_string($user['id']) . '"';
$result = db_query($Query) or die(db_error());
while ($row = db_fetch($result)) {
$id = $row['user_id'];
$_SESSION['user_nick'] = $row["user_login"];
$_SESSION['user_id'] = $row["user_id"];
$_SESSION['user_strona'] = $ust['adres'];
if ($row['user_t'] == "3") {
$_SESSION['logadm'] = "adm";
}
}
$up = "UPDATE " . $pre . "user SET user_data_o=NOW(),user_lip='" . user_ip() . "' WHERE user_id='" . $id . "'";
db_query($up);
}
$ad = $_SESSION['user_bc'];
$_SESSION['user_bc'] = "";
if ($ad != "") {
header("Location: " . $ad . "");
} else {
header("Location: " . $ust['adres'] . "");
}
}
}
// try email/password signup
$user = Users\UserPassword::trySignup(db(), $email, $password);
}
}
}
} catch (\Users\UserAlreadyExistsException $e) {
$errors[] = $e->getMessage() . " " . t("Did you mean to :login?", array(':login' => link_to(url_for('login', array('use_password' => true, 'email' => $email, 'openid' => $openid)), t("login instead"))));
} catch (\Users\UserSignupException $e) {
$errors[] = $e->getMessage();
} catch (\Users\UserAuthenticationException $e) {
$errors[] = $e->getMessage();
}
if ($user && !$errors) {
$user_instance = $user;
$q = db()->prepare("INSERT INTO user_properties SET\n id=:id,\n name=:name, country=:country, user_ip=:ip, referer=:referer, subscribe_announcements=:subscribe, created_at=NOW(), updated_at=NOW()");
$user = array("id" => $user->getId(), "name" => $name, "country" => $country, "ip" => user_ip(), "referer" => isset($_SESSION['referer']) ? substr($_SESSION['referer'], 0, 250) : NULL, "subscribe" => $subscribe ? 1 : 0);
$q->execute($user);
if ($subscribe) {
$q = db()->prepare("INSERT INTO pending_subscriptions SET user_id=?,created_at=NOW(),is_subscribe=1");
$q->execute(array($user['id']));
$messages[] = t("You will be added manually to the :mailing_list soon.", array(':mailing_list' => "<a href=\"http://groups.google.com/group/" . htmlspecialchars(get_site_config('google_groups_announce')) . "\" target=\"_blank\">" . t("Announcements Mailing List") . "</a>"));
}
// try sending email
if ($user_instance->getEmail()) {
$user['email'] = $user_instance->getEmail();
send_user_email($user, "signup", array("email" => $user['email'], "name" => $name ? $name : $user['email'], "announcements" => "http://groups.google.com/group/" . htmlspecialchars(get_site_config('google_groups_announce')), "url" => absolute_url(url_for("unsubscribe", array('email' => $user['email'], 'hash' => md5(get_site_config('unsubscribe_salt') . $user['email'])))), "wizard_currencies" => absolute_url(url_for("wizard_currencies")), "wizard_addresses" => absolute_url(url_for("wizard_accounts_addresses")), "wizard_accounts" => absolute_url(url_for("wizard_accounts")), "wizard_notifications" => absolute_url(url_for("wizard_notifications")), "reports" => absolute_url(url_for("profile")), "premium" => absolute_url(url_for("premium"))));
}
// create default summary pages and cryptocurrencies and graphs contents
reset_user_settings($user['id']);
// success!
// issue #62: rather than requiring another step to login, just log the user in now.
<?php
throw new Exception("This functionality is currently unavailable.");
$email = trim(require_post("email", require_get("email", false)));
$confirm = require_post("confirm", false);
$messages = array();
$errors = array();
if ($email && $confirm) {
$q = db()->prepare("SELECT * FROM user_properties WHERE email=? AND ISNULL(password_hash) = 0");
$q->execute(array($email));
if ($user = $q->fetch()) {
$q = db()->prepare("UPDATE user_properties SET last_password_reset=NOW() WHERE id=?");
$q->execute(array($user['id']));
$user = get_user($user['id']);
$hash = md5(get_site_config('password_reset_salt') . $email . ":" . strtotime($user['last_password_reset']));
send_user_email($user, "password_reset", array("email" => $email, "name" => $user['name'] ? $user['name'] : $email, "ip" => user_ip(), "url" => absolute_url(url_for("password_reset", array('email' => $email, 'hash' => $hash)))));
$messages[] = t("Further instructions to change your password have been sent to your e-mail address :email.", array(':email' => htmlspecialchars($email)));
} else {
$errors[] = t("No such user account exists.");
}
}
require __DIR__ . "/../layout/templates.php";
page_header(t("Reset Password"), "page_password", array('js' => 'auth'));
?>
<?php
require_template("password");
?>
<div class="authentication-form">
<h2><?php
