/**
* createAdmin function is used to create Admin user id for MIS system.
*
* @return 0,1
* @param str $name, str $username, str $password, str $privilege, int $mobile
* @author Harsh Vardhan Ladha
*/
public function createAdmin($name, $username, $password, $mobile)
{
if (1) {
$this->_connect();
$name = $this->_db->real_escape_string(escape($name));
$username = $this->_db->real_escape_string(escape($username));
$mobile = $this->_db->real_escape_string(escape($mobile));
$password = $this->_db->real_escape_string($password);
$salt = Hash::salt(24);
$hash = Hash::make($password, $salt);
$query = "INSERT INTO admin (name,username,password,salt,privilege,mobile) VALUES ('" . $name . "','" . $username . "','" . $hash . "','" . $salt . "','admin','" . $mobile . "')";
$result = $this->_db->query($query);
if ($this->_db->affected_rows) {
if ($this->_db->error == '') {
return 1;
} else {
die($this->_db->error);
}
} else {
return 0;
}
} else {
return 0;
}
}
public static function Create($Company = 1, $State = 1, $CustomRef = false)
{
$referenceKey = $CustomRef != false ? $CustomRef : \Hash::salt(6);
if (count(\DB::getInstance()->table("keys")->where("key", $referenceKey)) == 0) {
$key = \DB::getInstance()->table("keys")->insert(array("key" => $referenceKey, "companyID" => $Company, "state" => $State, "timeSent" => \Time::get()));
return $referenceKey;
}
return -1;
}
public function process()
{
$user = new Users();
$salt = Hash::salt(32);
//generate some tandom salt
try {
$user->create(array('userid' => Input::get('res-id'), 'password' => Hash::make(Input::get('res-pass'), $salt), 'salt' => $salt, 'joined' => date('Y-m-d H:i:s')));
return 1;
} catch (Exception $e) {
return 0;
}
}
public function recovery($type, $email)
{
$type != 'username' ? $typeMessage = 'password' : ($typeMessage = 'username');
if ($typeMessage == 'password') {
$salt = Hash::salt(32);
$hash = Hash::unique();
$password = substr($hash, 1, 8);
$password_db = Hash::make($password, $salt);
Mail::email($email, 'Hello' . $this->data()->username . '!', '<br>
Here is your forgotten ' . $typeMessage . ': ' . $password);
$this->update(array('password' => $password_db, 'salt' => $salt, 'password_recover' => 1), $this->data()->id);
} else {
if ($typeMessage == 'username') {
Mail::email($email, 'Hello' . Input::get('username') . '!', '<br>
Here is your forgotten ' . $typeMessage . ': ' . $this->data()->username);
}
}
}
public function validateInput($Input = array())
{
$validater = new \Validation();
if (\Token::check($Input["token"])) {
$valid = $validater->Validate($_POST, array('Username' => array('required' => true, 'min' => 3, 'max' => 35, 'unique' => 'Users'), 'Password' => array('required' => true, 'min' => 5, 'differs' => 'Username'), 'Password2' => array('required' => true, 'matches' => 'Password')));
if ($valid === true) {
//Register the User
$salt = \Hash::salt();
$hashed = \Hash::make($Input["Password"], $salt);
$this->User = new \User();
try {
$newUser = $this->User->Create(array('Username' => escape($Input["Username"]), 'Password' => $hashed, 'Salt' => $salt));
$this->Registered = $newUser;
} catch (\Exception $e) {
$this->Errors = array($e->getMessage());
}
} else {
$this->Errors = $valid;
}
}
}
public function index()
{
$user1 = new User();
if ($user1->isLoggedIn()) {
//would you like to register a new user
} else {
if (Input::exists()) {
if (Token::check(Input::get('token'))) {
$validate = new Validation();
$validate->check($_POST, array('username' => array('min' => 2, 'max' => 20, 'required' => true, 'unique' => true), 'name' => array('min' => 2, 'max' => 50, 'required' => true), 'sirname' => array('min' => 2, 'max' => 50, 'required' => true), 'email' => array('min' => 5, 'max' => 64, 'email' => true, 'required' => true, 'unique' => true), 'date_of_birth' => array('min' => 6, 'max' => 10, 'date' => true, 'required' => true), 'password' => array('min' => 6, 'required' => true), 'password_again' => array('min' => 6, 'matches' => 'password', 'required' => true)));
if ($validate->passed()) {
$user = new User();
$salt = Hash::salt(32);
$date_of_birth = new Date(Input::get('date_of_birth'));
try {
$user->create(array('username' => Input::get('username'), 'name' => Input::get('name'), 'sirname' => Input::get('sirname'), 'email' => Input::get('email'), 'dateofbirth' => $date_of_birth->format('Y-m-d H:i:s'), 'password' => Hash::make(Input::get('password'), $salt), 'salt' => $salt, 'joined' => date('Y-m-d H:i:s'), 'group' => 1));
Session::flash('success', 'You have been registered');
Redirect::to('home');
} catch (Exception $e) {
die($e->getMessage());
}
} else {
$error_string = '';
//there were errors
//Create a file that prints errors
foreach ($validate->errors() as $error) {
$error_string .= $error . '<br>';
}
$this->view('register/failed', ['loggedIn' => 0, 'page_name' => 'Login Failed', 'errors' => $error_string]);
}
}
} else {
//display form page
$this->view('register/register', ['register' => true, 'page_name' => 'Register', 'loggedIn' => 0]);
}
}
}
if ($type == 'log') {
$info = array('passed' => false, 'content' => '');
$validation = $validate->check($_POST, array('email' => array('required' => true), 'password' => array('required' => true)));
if ($validation->passed()) {
if ($validation->login_correct()) {
$info['passed'] = true;
//$info ['content']=Alert::correct_signup();
} else {
$info['content'] = Alert::return_error_div($validation->returnErrors());
}
} else {
$info['content'] = Alert::return_error_div($validation->returnErrors());
}
echo $info['content'];
// echo php_encode($info);
} else {
if ($type == 'sign') {
$validation = $validate->check($_POST, array('first_name' => array('required' => true), 'last_name' => array('required' => true), 'email' => array('required' => true, 'unique' => 'email', 'format' => 'email'), 'password' => array('required' => true, 'min' => 6)));
//connect to database if there are no errors
if ($validation->passed()) {
$instance = DB::getInstance();
$salt = Hash::salt(10);
$hashed_password = Hash::make($_POST['password'], $salt);
$instance->query('INSERT INTO user (email , password , salt , first_name , last_name ) VALUES (? , ? , ? , ? , ? )', array($_POST['email'], $hashed_password, $salt, $_POST['first_name'], $_POST['last_name']));
Alert::correct('You have successfully entered the data. Please check your e-mail to complete the sign-up.');
//send email functionality will come here
} else {
Alert::return_error_div($validation->returnErrors());
}
}
}
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
header("Location:" . RESOURCE_PATH_DIY . "login?error=Invalid email.");
}
$_POST['contact_no'] = $_POST['country_code'] . $_POST['contact_no'];
unset($_POST['country_code']);
$_POST['dob'] = date("Y-m-d H:i:s", strtotime($_POST['dob']));
$client = new Client();
try {
$data = $client->register($_POST);
} catch (Exception $e) {
/*return with exception */
header("Location:" . RESOURCE_PATH_DIY . "login?error=" . $e->getMessage());
exit;
}
$_SESSION['client'] = $data;
$access_token = Hash::get($_SESSION['client']['client_id'], Hash::salt(10) . time());
Logger::logPlobizUser($data['client_id'], $access_token, 'N/A', uniqid(), 'WEB', 1);
$_SESSION['client']['access_token'] = $access_token;
/*generate verification link
* 26-03-15 :: time() added to make unique everytime
* */
$verify = Hash::get($data['email'], 'verify_email' . time());
$crud = CRUD::getInstance();
$crud->insert("client_reset_tokens", array('client_id' => $data['client_id'], 'type' => 'email', 'hash' => $verify));
$mail = new Mail();
$vlink = RESOURCE_PATH . "handlers/verify-client.php?verify=" . $verify;
/*email verification link */
$mail->emailVerificationMail(array(array('name' => $data['name'], 'email' => $data['email'])), $vlink);
// 03-07-15 : redirect to pending redirectto url
$redirectto = isset($_SESSION['redirectto']) && $_SESSION['redirectto'] != '' ? $_SESSION['redirectto'] : RESOURCE_PATH_DIY . "dashboard";
$_SESSION['redirectto'] = '';
*/
require_once 'core/init.php';
$user = new User();
if (!$user->isLoggedIn()) {
Redirect::to('index.php');
}
if (Input::exists()) {
if (Token::check(Input::get('token'))) {
$validate = new Validate();
$validation = $validate->check($_POST, array('current_password' => array('required' => true, 'min' => 6), 'new_password' => array('required' => true, 'min' => 6), 'new_password_again' => array('required' => true, 'min' => 6, 'matches' => 'new_password')));
if ($validate->passed()) {
if (Hash::make(Input::get('current_password'), $user->data()->salt) !== $user->data()->password) {
Session::flash('error', 'Your current password is incorrect.');
Redirect::to('changepassword.php');
} else {
$salt = Hash::salt(32);
$user->update(array('password' => Hash::make(Input::get('new_password'), $salt), 'salt' => $salt));
Session::flash('success', 'Your password has been changed!');
Redirect::to('index.php');
}
} else {
foreach ($validate->errors() as $error) {
echo $error, '<br>';
}
}
}
}
?>
<!DOCTYPE html>
<html>
<?php
require_once 'core/init.php';
error_reporting(E_ALL & ~E_NOTICE);
if (Input::exists() && Input::get('submit') === "register") {
if (Token::check(Input::get('token'))) {
$val = new Validation();
$directives = array("username" => array("rules" => "required|max_length-20|min_length-5|unique-users.username", "placeholder" => "Username"), "name" => array("rules" => "required|max_length-15|min_length-5", "placeholder" => "Your name"), "password" => array("rules" => "required|max_length-20|min_length-5", "placeholder" => "Password"), "password_2" => array("rules" => "required|match-password", "placeholder" => "Repeating password", "custom_msg" => "Password don't match in two fields"));
if ($val->validate($_POST, $directives)) {
$user = new User();
$salt = Hash::salt('32');
try {
$user->create(array('username' => Input::get('username'), 'password' => Hash::make(Input::get('password'), $salt), 'salt' => $salt, 'name' => Input::get('name'), 'joined' => date('Y-m-d H:i:s'), 'user_group' => 1));
Session::flash('success', 'you have registered successfully!');
Redirect::to('index.php');
} catch (Exception $e) {
die($e->getMessage());
}
} else {
echo $val->errors_html;
}
} else {
echo "cross site request forgery failed";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Register</title>
</head>
<?php
require_once 'core/init.php';
$offset = 0;
$name = "";
$surname = "";
$phone = "";
$mail = "";
$password = "";
$passwordAgain = "";
if (Input::exists()) {
$salt = Hash::salt(20);
if (!empty(Input::get('name'))) {
$name = Input::get('name');
}
if (!empty(Input::get('surname'))) {
$surname = Input::get('surname');
}
if (!empty(Input::get('mail'))) {
$mail = Input::get('mail');
}
if (!empty(Input::get('password'))) {
$password = Input::get('password');
}
if (!empty(Input::get('password_again'))) {
$passwordAgain = Input::get('password_again');
}
if (!empty(Input::get('phone'))) {
$phone = Input::get('phone');
}
$remember = Input::get('remember') === 'on' ? true : false;
<?php
require_once 'core/init.php';
if (Input::exists()) {
if (Token::check(Input::get('token'))) {
$validate = new Validate();
$validation = $validate->check($_POST, array('username' => array('required' => TRUE, 'min' => 2, 'max' => 20, 'unique' => 'users'), 'password' => array('required' => TRUE, 'min' => 6), 'password_again' => array('required' => TRUE, 'matches' => 'password'), 'name' => array('required' => TRUE, 'min' => 2, 'max' => 50)));
if ($validation->passed()) {
//Register User
$user = new User();
$salt = Hash::salt(30);
try {
$user->create(array('username' => Input::get('username'), 'password' => Hash::make(Input::get('password'), $salt), 'salt' => $salt, 'name' => Input::get('name'), 'joined' => date('Y-m-d H:i:s'), 'group' => 1));
Session::flash('home', 'You have been registered and can now log in.');
Redirect::to(404);
} catch (Exception $exc) {
// catch exception
die($exc->getMessage());
}
} else {
// Output Errors
foreach ($validation->errors() as $error) {
echo $error . "<br/>";
}
}
}
}
?>
<form action="" method="POST" autocomplete="off">
<div class="field">
public function change_password()
{
$user = new User();
if (!$user->isLoggedIn()) {
Redirect::to('home');
}
if (Input::exists()) {
if (Token::check(Input::get('token'))) {
$validate = new Validation();
$validation = $validate->check($_POST, array('password_current' => array('required' => true, 'min' => 6), 'password_new' => array('required' => true, 'min' => 6), 'password_new_again' => array('required' => true, 'min' => 6, 'matches' => 'password_new')));
if ($validation->passed()) {
if (Hash::make(Input::get('password_current'), $user->data()->salt) !== $user->data()->password) {
//view page error for incorrect password
} else {
$salt = Hash::salt(32);
$user->update(array('password' => Hash::make(Input::get('password_new'), $salt), 'salt' => $salt));
Session::flash('account', 'Your password has been changed');
Redirect::to('account');
}
} else {
$error_string = '';
foreach ($validation->errors() as $error) {
$error_string .= $error . '<br>';
}
$this->view('account/change_password', ['register' => true, 'loggedIn' => 1, ['errors' => $error_string], 'name' => $user->data()->name, 'page_name' => 'Change user password', 'flash' => Session::flash('account')]);
}
}
} else {
$this->view('account/change_password', ['register' => true, 'loggedIn' => 1, 'name' => $user->data()->name, 'page_name' => 'Change user password', 'flash' => Session::flash('account')]);
}
}
public function Change_Password($password)
{
$user_id = $this->data()->ID;
$salt = Hash::salt(32);
if (!$this->_db->update('users', $user_id, array('Password' => Hash::make($password, $salt), 'salt' => $salt), 'ID')) {
throw new Exception("Couldn't update password");
}
return true;
}
<?php
require_once 'core/init.php';
$user = new User();
if (!$user->isLoggedIn()) {
Session::flash('home', "danger # Неоторизиран достъп, моля влезте в системата.");
Redirect::to('login.php');
}
if (Input::exists()) {
if (Token::check(Input::get('token'))) {
$length = strlen(escape(Input::get('password_new')));
if ($length >= 6) {
if (Input::get('password_new') === Input::get('password_new_again')) {
if (Hash::make(Input::get('password_current'), $user->data()->salt) !== $user->data()->password) {
Session::flash('home', 'danger # Въвели сте грешна текуща парола.');
} else {
$salt = Hash::salt(Input::get('password_new'));
$user->update(array('password' => Hash::make(Input::get('password_new'), $salt), 'salt' => $salt));
Session::flash('home', 'success # Успешно променихте данните си.');
Redirect::to('profile.php');
}
} else {
Session::flash('home', 'danger # Новата парола и нейното повторение не съвпадат.');
}
} else {
Session::flash('home', 'danger # Новата парола трябва да е с дължина поне 6 символа.');
}
}
}
?>
<div class="container">
<div class="page-header">
$response['status'] = 0;
$response['message'] = "No record found for this email.";
}
print_r(json_encode($response));
}
// VISHWAS : 4 Dec 2015 :: Commenting following line as this file is already included at top.
//require_once '../core/config.php';
if (isset($_POST['reset']) && $_POST['reset'] != "") {
$crud = CRUD::getInstance();
$find = $crud->select("client_reset_tokens", "client_id", "where hash='{$_POST['reset']}'");
if ($find) {
$client_id = $crud->getFirst()['client_id'];
$client = new Client();
$data = $client->get($client_id);
if (Hash::get($data['email'], 'reset_password') == $_POST['reset']) {
$salt = Hash::salt(6);
$password = Hash::get($_POST['new_password'], $salt);
$update = $client->edit(array('password' => $password, 'salt' => $salt), $client_id);
//var_dump($update); Vishwas : 4 Dec 2015 : Removing previous code.
if ($update) {
$crud->delete("client_reset_tokens", "where hash='{$_POST['reset']}'");
// Vishwas : 4 Dec 2015 :: Commenting following code as Shrikant have added different code for it.
// echo 'Your password has been reset.<br/><a href="' . RESOURCE_PATH_DIY . 'login">Go To Login Page</a>';
// @shrikant:Correct reset password thank you page design
echo '<div class="container"><header style="background-color:#fff; height:70px;width:100%;"><img src="http://plobalapps.com/images/plobal_apps_logo.png" height="35" style="margin:10px;"></header><div class="min-container" style="width:1000px; box-shadow: 0 0 3px -1px rgba(0, 0, 0, 0.42); border-radius: 4px; padding: 59px 0; margin:25px auto; text-align:center; background-color:#f1f1ff1; font-family:arial;"><h3 style="font-size:25px; line-height:40px;margin:0px;">Thank You</h3><p style="font-size:16px;padding:8px 0;">Your password has been reset.</p><a style="background-color:#2075f2;border-radius: 4px;color: #fff;padding: 10px 15px;text-decoration: none;" href="' . RESOURCE_PATH_DIY . 'login">Go To Login Page</a></div></div>';
}
//VISHWAS : 4 Dec 2015 :: Added missing '}'. This was causing fatal error and resulting into Failure in sending "Reset Password' Mail.
} else {
// VISHWAS : 4 Dec 2015 :: Matching style with success message.
echo '<div class="container"><header style="background-color:#fff; height:70px;width:100%;"><img src="http://plobalapps.com/images/plobal_apps_logo.png" height="35" style="margin:10px;"></header><div class="min-container" style="width:1000px; box-shadow: 0 0 3px -1px rgba(0, 0, 0, 0.42); border-radius: 4px; padding: 59px 0; margin:25px auto; text-align:center; background-color:#f1f1ff1; font-family:arial;"><p style="font-size:16px;padding:8px 0;">Invalid verification code.</p><a style="background-color:#2075f2;border-radius: 4px;color: #fff;padding: 10px 15px;text-decoration: none;" href="' . RESOURCE_PATH_DIY . 'login">Go To Login Page</a></div></div>';
//echo "Invalid verification code";
public function autoRegisterClient($fields = array())
{
if ($fields['email']) {
$check = $this->get($fields['email']);
if (!$check) {
$field['email'] = $fields['email'];
$field['name'] = $fields['name'];
$field['salt'] = Hash::salt(10);
$field['password'] = Hash::get($fields['email'], $fields['salt']);
$field['status'] = 'Active';
$field['contact_no'] = $fields['phone'];
$field['type'] = 'DS';
$field['is_verified'] = 1;
unset($fields);
$register = $this->_db->insert("client", $field);
$registerid = $this->_db->getInsertId();
if ($register) {
$Mail = new Mail();
// 4Nov15 :: Sankalp : Getting user information and password reset link
$userinfo = $this->resetClientPassword($field);
// 4Nov15 :: Sankalp : Sending password reset link and other user details to autoRegisterMail function of mail class to send a mail
$mailSend = $Mail->autoRegisterMail(array(array('name' => $field['name'], 'email' => $field['email'])), $userinfo['rlink']);
// 4Nov15 :: Sankalp : Storing user info to client and returing the value
$client = $userinfo['info'];
if ($client) {
unset($client['password']);
unset($client['salt']);
return $client;
} else {
throw new Exception("Record Not Found.");
}
} else {
throw new Exception("Unable to create account.");
}
}
}
}
/**
* Register a dietician and store their details in the database.
*/
function registerDietician($dataDecoded)
{
$user = new User();
$salt = Hash::salt(32);
$regStatus = array("success" => false);
try {
//Create the user in the database
$user->create(array('nhsnumber' => $dataDecoded['nhsnumber'], 'password' => Hash::make($dataDecoded['password'], $salt), 'salt' => $salt, 'registrationtimestamp' => date('Y-m-d H:i:s'), 'group' => $dataDecoded['group'], 'dateofbirth' => null, 'gender' => null, 'activitylevel' => null));
//Now that a user has been created, log them in.
$login = $user->login($dataDecoded['nhsnumber'], $dataDecoded['password'], true);
//If an exception is not thrown by this point, then the registration was successful.
$regStatus['success'] = true;
} catch (Exception $e) {
echo $e->getMessage();
} finally {
echo json_encode($regStatus);
}
}
