public function setEmail($string)
{
$validator = new Validator();
if ($validator->validateEmail($string)) {
}
$this->email = $string;
}
public function add()
{
$user = ModelFactory::createModel('User');
$name = $this->request->params['passed']['username'];
$email = $this->request->params['passed']['email'];
$pw = $this->request->params['passed']['password'];
$pwconfirm = $this->request->params['passed']['password_confirmed'];
if (!empty($name) && Validator::validateEmail($email) && $user->isUniqueEmail($email) && !Validator::validatePW($pw) && Validator::confirmPW($pw, $pwconfirm)) {
$user->setNickname($name);
$user->setEmail($email);
$user->setPassword($pw);
$user->create();
$_SESSION['user_id'] = $user->getId();
$_SESSION['nickname'] = $user->getNickname();
return $this->redirect(ROOT . '/blogs/index');
}
return $this->redirect(ROOT . '/login/index?flash=Please adjust the wrong input fields&title=Registration failed');
}
function actionLogin($params = '')
{
if (!empty($params['email']) && !empty($params['password'])) {
if ($this->objAuthentication->login($params['email'], $params['password'])) {
//no errors, continue to home
/*$objDispatcher = new Dispatcher;
$objDispatcher->setController('Forum');
$objDispatcher->setAction('Index');
$objDispatcher->setParams($params);
$objDispatcher->dispatch();*/
$this->actionIndex($params);
} else {
$this->view->assign('errorMsg', 'Unable to login, try again.');
$this->view->assign('content', $this->view->fetch('tpl/community/login.tpl'));
$this->finish();
}
} else {
if (!empty($params['createAccount']) && $params['createAccount'] == 1) {
$errorMessages = array();
$objValidator = new Validator();
$objValidator->reset();
$objValidator->validateEmail($params['create_email']);
$objValidator->validatePassword($params['create_password']);
$objValidator->passwordsMatch($params['create_password'], $params['create_password2']);
$objValidator->validateName($params['create_displayName']);
if ($objValidator->hasError || empty($params['create_terms'])) {
$error = $objValidator->getError();
if (empty($params['create_terms'])) {
$error[] = 'You must agree to the Terms of Use to make an account';
}
$this->view->assign('errorMessages', $error);
$this->view->assign('created', false);
} else {
$userData = array();
$userData['email'] = $params['create_email'];
$userData['password'] = $params['create_password'];
$userData['displayName'] = $params['create_displayName'];
$userModel = new UserModel();
$created = $userModel->createUser($userData);
if (!empty($created)) {
$this->view->assign('created', true);
$objEmail = new Emailer();
$objEmail->setFrom(CONTACT_EMAIL);
$objEmail->setSubject('Retail Roar Community account created');
$objEmail->addTO($userData['email']);
$objEmail->setBody($this->view->fetch('emails/communitysignup.tpl'), true);
$sent = $objEmail->sendMail();
} else {
$this->view->assign('created', false);
$this->view->assign('errorMessages', $userModel->errorMsg);
}
$this->view->assign('submitted', true);
}
$this->view->assign('content', $this->view->fetch('tpl/community/login.tpl'));
$this->finish();
} else {
if ($this->objAuthentication->loggedIn()) {
$this->view->assign('content', 'Already logged in.');
$this->finish();
} else {
$this->view->assign('content', $this->view->fetch('tpl/community/login.tpl'));
$this->finish();
}
}
}
}
/* What the hell is this supposed to be doing??? */
if ($check->foundErrors()) {
$error1 .= $check->listErrors('x');
}
if (isset($error1) && $error1) {
$err = explode('|', $error1);
$error = $err[0];
}
} else {
$pixie_login_username = str_replace(" ", "", preg_replace('/\\s\\s+/', ' ', trim($pixie_login_username)));
/* This ensures no spaces in the username */
}
if (!isset($error) && !$error) {
$check_result_number = $check_result_number + 1;
}
if (!$pixie_email && !$check->validateEmail($pixie_email, $lang['user_email_error'] . ' ')) {
$scream[] = 'email';
if ($pixie_email === NULL) {
$error1 .= $lang['user_email_error'] . ' ';
$scream[] = 'email';
if ($check->foundErrors()) {
$error1 .= $check->listErrors('x');
}
if (isset($error1) && $error1) {
$err = explode('|', $error1);
$error = $err[0];
}
}
}
if (!isset($error) && !$error) {
$check_result_number = $check_result_number + 1;
}
$scream = array();
if (!$name) {
if (isset($error)) {
} else {
$error = NULL;
}
$error .= $lang['comment_name_error'] . ' ';
$scream[] = 'name';
}
if (!$comment) {
$error .= $lang['comment_comment_error'] . ' ';
$scream[] = 'comment';
}
$check = new Validator();
if (!$check->validateEmail($email, $lang['comment_email_error'] . ' ')) {
$scream[] = 'email';
}
if (!preg_match('/localhost/', $prefs['site_url']) && !preg_match('/127.0.0./', $prefs['site_url'])) {
if ($web && !$check->validateURL($web, $lang['comment_web_error'] . ' ')) {
$scream[] = 'web';
}
}
if ($comment !== NULL) {
$duplicate = 0;
$last_comment_last_number = getThing($query = 'SELECT * FROM pixie_module_comments ORDER BY comments_id DESC');
$last_comment = getThing($query = "SELECT comment FROM pixie_module_comments WHERE comments_id='{$last_comment_last_number}'");
if (strcasecmp($comment, $last_comment) === 0) {
$duplicate = 1;
}
}
protected function testEmail($eid_or_elem)
{
return Validator::validateEmail($this->getFirstElementValue($eid_or_elem));
}
$res["reason"] = "用户信息更新失败!";
}
} else {
$res["reason"] = "输入不合法!";
}
} else {
$res["reason"] = "两次密码不同!";
}
} else {
$res["reason"] = "新旧密码不能一样!";
}
} else {
$res["reason"] = "密码错误!";
}
} else {
if (Validator::validateUserName($username) && Validator::validateEmail($email)) {
$user->username = $username;
$user->email = $email;
if ($user->updateUser($id)) {
$_SESSION['user_info']['username'] = $username;
$_SESSION['user_info']['email'] = $email;
$res["result"] = true;
$res["reason"] = "用户信息更新成功!";
} else {
$res["reason"] = "用户信息更新失败!";
}
} else {
$res["reason"] = "输入不合法!";
}
}
}
}
if (isset($user_new) && $user_new) {
$table_name = 'pixie_users';
$check = new Validator();
if (!isset($uname) or $uname == "") {
$error .= $lang['user_name_missing'] . ' ';
$scream[] = 'uname';
}
if (isset($uname)) {
$uname = str_replace(" ", "", preg_replace('/\\s\\s+/', ' ', trim($uname)));
}
if (!isset($realname) or $realname == "") {
$error .= $lang['user_realname_missing'] . ' ';
$scream[] = 'realname';
}
if (!isset($email) or !$check->validateEmail($email, $lang['user_email_error'] . ' ')) {
$scream[] = 'email';
}
if ($check->foundErrors()) {
$error .= $check->listErrors('x');
}
if (!isset($error)) {
$password = generate_password(6);
$nonce = md5(uniqid(rand(), TRUE));
$sql = "user_name = '{$uname}', realname = '{$realname}', email = '{$email}', pass = password(lower('{$password}')), nonce = '{$nonce}', privs = '{$privilege}', link_1 = 'http://www.toggle.uk.com', link_2 = 'http://www.getpixie.co.uk', link_3 = 'http://www.iwouldlikeawebsite.com', biography=''";
if (isset($table_name)) {
$ok = safe_insert($table_name, $sql);
}
if (!$ok) {
$message = $lang['user_duplicate'];
$do = 'newuser';
public static function create($username, $password, $repeat, $email)
{
/* We load the $dbConn variable as global to use it inside the function. */
global $dbConn;
/*
* We first need to sanitize the variables we got in order to avoid
* SQL injection attacks from malicious users.
*/
$username = $dbConn->real_escape_string($username);
$password = $dbConn->real_escape_string($password);
$repeat = $dbConn->real_escape_string($repeat);
$email = $dbConn->real_escape_string($email);
/* We check if the two passwords match each other. */
if ($password == $repeat) {
/* Check if username is empty. */
if (Validator::isEmpty($username)) {
new Message(3);
return;
}
/* We check if the user has supplied a valid email address. */
if (Validator::validateEmail($email) == false) {
new Message(6);
return;
}
/* We check for duplicate usernames. */
if (Validator::userExists($username)) {
new Message(8);
return;
}
/* We check for duplicate email address. */
if (Validator::emailExists($email)) {
new Message(9);
return;
}
/*
* Check password for security.
* Password security policy rules:
* ---------------------------------
* 1. It must contain both numbers/letters.
* 2. It must be longer than 8 characters.
*/
if (Validator::isValidPassword($password) == false) {
new Message(10);
return;
}
/* We generate a new unique salt for the user. */
$salt = Salt::getHash();
/*
* We now need to store the password as a hash and for that reason
* we will use the hash function sha-256 which generates a 64 character
* hash (256 bits long and uses 4 bits per character = 64 characters).
* We also mix the salt with the hash so that it is harder for an
* attacker to bruteforce the hash and find the correct password.
*/
$hashedPassword = hash("sha256", $salt . $password . $salt);
/* We build our query and execute it. */
$result = $dbConn->query("INSERT INTO `accounts` VALUES ('', '{$username}', '{$hashedPassword}', '{$email}', '{$salt}', NULL, NULL);");
/* Supposing the query ran then */
if ($result) {
//The account was created successfully.
new Message(7, "success");
}
} else {
/* The two passwords don't match each other. */
new Message(5);
}
}
protected function validate_email()
{
if ($this->testRequiredNonDefault('email')) {
return Validator::validateEmail($this->getFirstElementValue('email')) ? self::STR_OK : self::STR_INVALID;
} else {
return self::STR_MISSING;
}
}
}
}
}
if ($at[$j] == 'longtext') {
// remove para from <!--more-->
if (isset($m) && $m == 'dynamic') {
// hacky to try and clean the more
$value = str_replace('<p><!--more--></p>', '<!--more-->', $value);
$value = str_replace('<p> <!--more--></p>', '<!--more-->', $value);
$value = str_replace('<!--more--></p>', '</p><!--more-->', $value);
$value = str_replace('<p><!--more-->', '<!--more--><p>', $value);
}
}
if ($an[$j] == 'email') {
if ($nullf[0] == 'not_null') {
$check->validateEmail($value, $lang['email_error'] . ' ');
} else {
if ($value != "") {
$check->validateEmail($value, $lang['email_error'] . ' ');
}
}
}
if ($nullf[0] == 'not_null' && $value == "") {
$error .= ucwords($an[$j]) . " " . $lang['is_required'] . ' ';
}
// if empty int set to 0
if ($at[$j] == 'int') {
$value = $value ? $value : 0;
}
if (isset($sql)) {
} else {
function saveUser($data)
{
// dont trust posted user_id
if (!empty($data['user_id'])) {
if ($data['user_id'] != $this->objAuthentication->user_id) {
// editing someone elses profile
$this->errorMsg = 'Unauthorized';
return false;
}
}
$user_id = false;
$this->errorMsg = null;
$saveData = array();
$saveData['id'] = !empty($data['user_id']) ? intval($data['user_id']) : false;
$saveData['email'] = !empty($data['user_email']) ? $data['user_email'] : false;
$saveData['company'] = !empty($data['user_company']) ? $data['user_company'] : false;
$saveData['title'] = !empty($data['user_title']) ? $data['user_title'] : false;
$saveData['fName'] = !empty($data['user_fName']) ? $data['user_fName'] : false;
$saveData['lName'] = !empty($data['user_lName']) ? $data['user_lName'] : false;
$saveData['phone'] = !empty($data['user_phone']) ? $data['user_phone'] : false;
$saveData['address'] = !empty($data['user_address']) ? $data['user_address'] : false;
$saveData['address2'] = !empty($data['user_address2']) ? $data['user_address2'] : false;
$saveData['city'] = !empty($data['user_city']) ? $data['user_city'] : false;
$saveData['province'] = !empty($data['user_province']) ? $data['user_province'] : false;
$saveData['country'] = !empty($data['user_country']) ? $data['user_country'] : false;
$saveData['zip'] = !empty($data['user_zip']) ? $data['user_zip'] : false;
if (!empty($data['user_password'])) {
$saveData['password'] = !empty($data['user_password']) ? $data['user_password'] : false;
}
if (isset($data['active'])) {
$saveData['active'] = intval($data['active']);
}
if (!empty($data['activateString'])) {
$saveData['activateString'] = $data['activateString'];
}
// validate it all
$objValidator = new Validator();
$objValidator->validateEmail($saveData['email']);
$objValidator->validateName($saveData['fName']);
$objValidator->validateName($saveData['lName']);
$objValidator->validatePhone($saveData['phone']);
$objValidator->validateNotEmpty($saveData['title'], 'title');
$objValidator->validateNotEmpty($saveData['company'], 'company');
$objValidator->validateNotEmpty($saveData['address'], 'address');
$objValidator->validateNotEmpty($saveData['city'], 'city');
$objValidator->validateNotEmpty($saveData['province'], 'province');
$objValidator->validateNotEmpty($saveData['country'], 'country');
$objValidator->validateNotEmpty($saveData['zip'], 'zip');
if (!empty($data['password'])) {
$objValidator->validatePassword($saveData['password']);
@$objValidator->passwordsMatch($saveData['password'], $data['password2']);
}
if ($objValidator->hasError) {
$this->errorMsg = $objValidator->getError();
} else {
$objUser = new UserModel();
$user_id = $objUser->saveUser($saveData);
}
return $user_id;
}
$password_2 = $_POST["password_2"];
$invitation_code = $_POST["invitation_code"];
$captcha = $_POST["captcha"];
$username = $username ? htmlspecialchars($username, ENT_QUOTES) : "";
$email = $email ? htmlspecialchars($email, ENT_QUOTES) : "";
$password_1 = $password_1 ? $password_1 : "";
$password_2 = $password_2 ? $password_2 : "";
$invitation_code = $invitation_code ? $invitation_code : "";
$captcha = $captcha ? $captcha : "";
$res = array("result" => false, "reason" => "");
if ($password_1 != $password_2) {
$res["reason"] = "两次密码输入不同!";
die(json_encode($res));
}
//string format validate
if (!(Validator::validateUserName($username) && Validator::validateEmail($email) && Validator::validatePassword($password_1) && Validator::validateCaptcha($captcha))) {
$res["reason"] = "输入不合法!";
die(json_encode($res));
}
//Captcha Validate
require_once PHP_BASE_DIR . "/securimage/securimage.php";
$img = new Securimage();
if ($img->check($captcha) == false) {
$res['reason'] = '验证码错误!';
die(json_encode($res));
}
$db = new MySQL($log);
if ($mysqli = $db->openDB()) {
$user = new User($mysqli, $log);
$invitation = new Invitation($mysqli, $log);
if ($user->getUserByName($username)) {
