/** * Call this function only after we have successfully logged in. * Updates user status etc. */ function handle_post_login() { global $messages; if (!isset($messages)) { // we might be in auto-login, create a temporary message field anyway $messages = array(); } $user = get_user(user_id()); // display warning if account was disabled if ($user['is_disabled']) { $messages[] = t("Your account was disabled :ago due to inactivity; your account is now re-enabled, and account data will be updated again soon.", array(':ago' => recent_format($user['disabled_at']))); $q = db()->prepare("UPDATE user_properties SET is_disabled=0,logins_after_disabled=logins_after_disabled+1 WHERE id=?"); $q->execute(array($user['id'])); } // keep track of users that logged in after receiving a warning if ($user['is_disable_warned']) { $q = db()->prepare("UPDATE user_properties SET is_disable_warned=0,logins_after_disable_warned=logins_after_disable_warned+1 WHERE id=?"); $q->execute(array($user['id'])); } // update locale if ($user['locale']) { I18n::setLocale($user['locale']); } // update login time $query = db()->prepare("UPDATE user_properties SET last_login=NOW(),is_disabled=0 WHERE id=?"); $query->execute(array($user["id"])); // if we don't have an IP set, update it now if (!$user["user_ip"]) { $q = db()->prepare("UPDATE user_properties SET user_ip=? WHERE id=?"); $q->execute(array(user_ip(), $user['id'])); } }
/** * We're about to perform a computationally intense task that is visible * or accessible to the public - this method will check the current user * IP and make sure this IP isn't requesting too many things at once. * * If login does not work, make sure that you have set database_timezone * correctly. */ function check_heavy_request() { if (get_site_config("heavy_requests_seconds") >= 0) { $q = db()->prepare("SELECT * FROM heavy_requests WHERE user_ip=?"); $q->execute(array(user_ip())); if ($heavy = $q->fetch()) { // too many requests? // assumes the database and server times are in sync if (strtotime($heavy['last_request']) > strtotime("-" . get_site_config("heavy_requests_seconds") . " seconds")) { throw new BlockedException(t("You are making too many requests at once: please wait at least :seconds.", array(':seconds' => plural("second", get_site_config("heavy_requests_seconds"))))); } else { // update database $q = db()->prepare("UPDATE heavy_requests SET last_request=NOW() WHERE user_ip=?"); $q->execute(array(user_ip())); } } else { // insert into database $q = db()->prepare("INSERT INTO heavy_requests SET last_request=NOW(), user_ip=?"); $q->execute(array(user_ip())); } } }
$user = $response->getGraphUser(); if ($user['id'] >= 1) { if (db_num_rows(db_query("SELECT user_fb FROM " . $pre . "user WHERE user_fb='" . db_real_escape_string($user['id']) . "'")) >= 1) { } else { $in = "INSERT INTO " . $pre . "user(`user_login`, `user_haslo`, `user_email`, `user_akt`, `user_data_r`, `user_kod`,`user_rip`,`user_fb`)VALUES('" . htmlspecialchars($user['name']) . "', '" . md5($user['email'] . $user['id'] . "asdf3f23") . "', '" . htmlspecialchars($user['email']) . "', '1', NOW(), '','" . user_ip() . "','" . $user['id'] . "')"; db_query($in); $user_id = db_insert_id(); } $Query = 'SELECT * FROM ' . $pre . 'user WHERE user_fb="' . db_real_escape_string($user['id']) . '"'; $result = db_query($Query) or die(db_error()); while ($row = db_fetch($result)) { $id = $row['user_id']; $_SESSION['user_nick'] = $row["user_login"]; $_SESSION['user_id'] = $row["user_id"]; $_SESSION['user_strona'] = $ust['adres']; if ($row['user_t'] == "3") { $_SESSION['logadm'] = "adm"; } } $up = "UPDATE " . $pre . "user SET user_data_o=NOW(),user_lip='" . user_ip() . "' WHERE user_id='" . $id . "'"; db_query($up); } $ad = $_SESSION['user_bc']; $_SESSION['user_bc'] = ""; if ($ad != "") { header("Location: " . $ad . ""); } else { header("Location: " . $ust['adres'] . ""); } } }
// try email/password signup $user = Users\UserPassword::trySignup(db(), $email, $password); } } } } catch (\Users\UserAlreadyExistsException $e) { $errors[] = $e->getMessage() . " " . t("Did you mean to :login?", array(':login' => link_to(url_for('login', array('use_password' => true, 'email' => $email, 'openid' => $openid)), t("login instead")))); } catch (\Users\UserSignupException $e) { $errors[] = $e->getMessage(); } catch (\Users\UserAuthenticationException $e) { $errors[] = $e->getMessage(); } if ($user && !$errors) { $user_instance = $user; $q = db()->prepare("INSERT INTO user_properties SET\n id=:id,\n name=:name, country=:country, user_ip=:ip, referer=:referer, subscribe_announcements=:subscribe, created_at=NOW(), updated_at=NOW()"); $user = array("id" => $user->getId(), "name" => $name, "country" => $country, "ip" => user_ip(), "referer" => isset($_SESSION['referer']) ? substr($_SESSION['referer'], 0, 250) : NULL, "subscribe" => $subscribe ? 1 : 0); $q->execute($user); if ($subscribe) { $q = db()->prepare("INSERT INTO pending_subscriptions SET user_id=?,created_at=NOW(),is_subscribe=1"); $q->execute(array($user['id'])); $messages[] = t("You will be added manually to the :mailing_list soon.", array(':mailing_list' => "<a href=\"http://groups.google.com/group/" . htmlspecialchars(get_site_config('google_groups_announce')) . "\" target=\"_blank\">" . t("Announcements Mailing List") . "</a>")); } // try sending email if ($user_instance->getEmail()) { $user['email'] = $user_instance->getEmail(); send_user_email($user, "signup", array("email" => $user['email'], "name" => $name ? $name : $user['email'], "announcements" => "http://groups.google.com/group/" . htmlspecialchars(get_site_config('google_groups_announce')), "url" => absolute_url(url_for("unsubscribe", array('email' => $user['email'], 'hash' => md5(get_site_config('unsubscribe_salt') . $user['email'])))), "wizard_currencies" => absolute_url(url_for("wizard_currencies")), "wizard_addresses" => absolute_url(url_for("wizard_accounts_addresses")), "wizard_accounts" => absolute_url(url_for("wizard_accounts")), "wizard_notifications" => absolute_url(url_for("wizard_notifications")), "reports" => absolute_url(url_for("profile")), "premium" => absolute_url(url_for("premium")))); } // create default summary pages and cryptocurrencies and graphs contents reset_user_settings($user['id']); // success! // issue #62: rather than requiring another step to login, just log the user in now.
<?php throw new Exception("This functionality is currently unavailable."); $email = trim(require_post("email", require_get("email", false))); $confirm = require_post("confirm", false); $messages = array(); $errors = array(); if ($email && $confirm) { $q = db()->prepare("SELECT * FROM user_properties WHERE email=? AND ISNULL(password_hash) = 0"); $q->execute(array($email)); if ($user = $q->fetch()) { $q = db()->prepare("UPDATE user_properties SET last_password_reset=NOW() WHERE id=?"); $q->execute(array($user['id'])); $user = get_user($user['id']); $hash = md5(get_site_config('password_reset_salt') . $email . ":" . strtotime($user['last_password_reset'])); send_user_email($user, "password_reset", array("email" => $email, "name" => $user['name'] ? $user['name'] : $email, "ip" => user_ip(), "url" => absolute_url(url_for("password_reset", array('email' => $email, 'hash' => $hash))))); $messages[] = t("Further instructions to change your password have been sent to your e-mail address :email.", array(':email' => htmlspecialchars($email))); } else { $errors[] = t("No such user account exists."); } } require __DIR__ . "/../layout/templates.php"; page_header(t("Reset Password"), "page_password", array('js' => 'auth')); ?> <?php require_template("password"); ?> <div class="authentication-form"> <h2><?php