Beispiel #1
0
 public function setEmail($string)
 {
     $validator = new Validator();
     if ($validator->validateEmail($string)) {
     }
     $this->email = $string;
 }
Beispiel #2
0
 public function add()
 {
     $user = ModelFactory::createModel('User');
     $name = $this->request->params['passed']['username'];
     $email = $this->request->params['passed']['email'];
     $pw = $this->request->params['passed']['password'];
     $pwconfirm = $this->request->params['passed']['password_confirmed'];
     if (!empty($name) && Validator::validateEmail($email) && $user->isUniqueEmail($email) && !Validator::validatePW($pw) && Validator::confirmPW($pw, $pwconfirm)) {
         $user->setNickname($name);
         $user->setEmail($email);
         $user->setPassword($pw);
         $user->create();
         $_SESSION['user_id'] = $user->getId();
         $_SESSION['nickname'] = $user->getNickname();
         return $this->redirect(ROOT . '/blogs/index');
     }
     return $this->redirect(ROOT . '/login/index?flash=Please adjust the wrong input fields&title=Registration failed');
 }
Beispiel #3
0
 function actionLogin($params = '')
 {
     if (!empty($params['email']) && !empty($params['password'])) {
         if ($this->objAuthentication->login($params['email'], $params['password'])) {
             //no errors, continue to home
             /*$objDispatcher = new Dispatcher;
             		$objDispatcher->setController('Forum');
             		$objDispatcher->setAction('Index');
             		$objDispatcher->setParams($params);
             		$objDispatcher->dispatch();*/
             $this->actionIndex($params);
         } else {
             $this->view->assign('errorMsg', 'Unable to login, try again.');
             $this->view->assign('content', $this->view->fetch('tpl/community/login.tpl'));
             $this->finish();
         }
     } else {
         if (!empty($params['createAccount']) && $params['createAccount'] == 1) {
             $errorMessages = array();
             $objValidator = new Validator();
             $objValidator->reset();
             $objValidator->validateEmail($params['create_email']);
             $objValidator->validatePassword($params['create_password']);
             $objValidator->passwordsMatch($params['create_password'], $params['create_password2']);
             $objValidator->validateName($params['create_displayName']);
             if ($objValidator->hasError || empty($params['create_terms'])) {
                 $error = $objValidator->getError();
                 if (empty($params['create_terms'])) {
                     $error[] = 'You must agree to the Terms of Use to make an account';
                 }
                 $this->view->assign('errorMessages', $error);
                 $this->view->assign('created', false);
             } else {
                 $userData = array();
                 $userData['email'] = $params['create_email'];
                 $userData['password'] = $params['create_password'];
                 $userData['displayName'] = $params['create_displayName'];
                 $userModel = new UserModel();
                 $created = $userModel->createUser($userData);
                 if (!empty($created)) {
                     $this->view->assign('created', true);
                     $objEmail = new Emailer();
                     $objEmail->setFrom(CONTACT_EMAIL);
                     $objEmail->setSubject('Retail Roar Community account created');
                     $objEmail->addTO($userData['email']);
                     $objEmail->setBody($this->view->fetch('emails/communitysignup.tpl'), true);
                     $sent = $objEmail->sendMail();
                 } else {
                     $this->view->assign('created', false);
                     $this->view->assign('errorMessages', $userModel->errorMsg);
                 }
                 $this->view->assign('submitted', true);
             }
             $this->view->assign('content', $this->view->fetch('tpl/community/login.tpl'));
             $this->finish();
         } else {
             if ($this->objAuthentication->loggedIn()) {
                 $this->view->assign('content', 'Already logged in.');
                 $this->finish();
             } else {
                 $this->view->assign('content', $this->view->fetch('tpl/community/login.tpl'));
                 $this->finish();
             }
         }
     }
 }
Beispiel #4
0
     /* What the hell is this supposed to be doing??? */
     if ($check->foundErrors()) {
         $error1 .= $check->listErrors('x');
     }
     if (isset($error1) && $error1) {
         $err = explode('|', $error1);
         $error = $err[0];
     }
 } else {
     $pixie_login_username = str_replace(" ", "", preg_replace('/\\s\\s+/', ' ', trim($pixie_login_username)));
     /* This ensures no spaces in the username */
 }
 if (!isset($error) && !$error) {
     $check_result_number = $check_result_number + 1;
 }
 if (!$pixie_email && !$check->validateEmail($pixie_email, $lang['user_email_error'] . ' ')) {
     $scream[] = 'email';
     if ($pixie_email === NULL) {
         $error1 .= $lang['user_email_error'] . ' ';
         $scream[] = 'email';
         if ($check->foundErrors()) {
             $error1 .= $check->listErrors('x');
         }
         if (isset($error1) && $error1) {
             $err = explode('|', $error1);
             $error = $err[0];
         }
     }
 }
 if (!isset($error) && !$error) {
     $check_result_number = $check_result_number + 1;
Beispiel #5
0
 }
 $scream = array();
 if (!$name) {
     if (isset($error)) {
     } else {
         $error = NULL;
     }
     $error .= $lang['comment_name_error'] . ' ';
     $scream[] = 'name';
 }
 if (!$comment) {
     $error .= $lang['comment_comment_error'] . ' ';
     $scream[] = 'comment';
 }
 $check = new Validator();
 if (!$check->validateEmail($email, $lang['comment_email_error'] . ' ')) {
     $scream[] = 'email';
 }
 if (!preg_match('/localhost/', $prefs['site_url']) && !preg_match('/127.0.0./', $prefs['site_url'])) {
     if ($web && !$check->validateURL($web, $lang['comment_web_error'] . ' ')) {
         $scream[] = 'web';
     }
 }
 if ($comment !== NULL) {
     $duplicate = 0;
     $last_comment_last_number = getThing($query = 'SELECT * FROM pixie_module_comments ORDER BY comments_id DESC');
     $last_comment = getThing($query = "SELECT comment FROM pixie_module_comments WHERE comments_id='{$last_comment_last_number}'");
     if (strcasecmp($comment, $last_comment) === 0) {
         $duplicate = 1;
     }
 }
 protected function testEmail($eid_or_elem)
 {
     return Validator::validateEmail($this->getFirstElementValue($eid_or_elem));
 }
Beispiel #7
0
                            $res["reason"] = "用户信息更新失败!";
                        }
                    } else {
                        $res["reason"] = "输入不合法!";
                    }
                } else {
                    $res["reason"] = "两次密码不同!";
                }
            } else {
                $res["reason"] = "新旧密码不能一样!";
            }
        } else {
            $res["reason"] = "密码错误!";
        }
    } else {
        if (Validator::validateUserName($username) && Validator::validateEmail($email)) {
            $user->username = $username;
            $user->email = $email;
            if ($user->updateUser($id)) {
                $_SESSION['user_info']['username'] = $username;
                $_SESSION['user_info']['email'] = $email;
                $res["result"] = true;
                $res["reason"] = "用户信息更新成功!";
            } else {
                $res["reason"] = "用户信息更新失败!";
            }
        } else {
            $res["reason"] = "输入不合法!";
        }
    }
}
Beispiel #8
0
 }
 if (isset($user_new) && $user_new) {
     $table_name = 'pixie_users';
     $check = new Validator();
     if (!isset($uname) or $uname == "") {
         $error .= $lang['user_name_missing'] . ' ';
         $scream[] = 'uname';
     }
     if (isset($uname)) {
         $uname = str_replace(" ", "", preg_replace('/\\s\\s+/', ' ', trim($uname)));
     }
     if (!isset($realname) or $realname == "") {
         $error .= $lang['user_realname_missing'] . ' ';
         $scream[] = 'realname';
     }
     if (!isset($email) or !$check->validateEmail($email, $lang['user_email_error'] . ' ')) {
         $scream[] = 'email';
     }
     if ($check->foundErrors()) {
         $error .= $check->listErrors('x');
     }
     if (!isset($error)) {
         $password = generate_password(6);
         $nonce = md5(uniqid(rand(), TRUE));
         $sql = "user_name = '{$uname}', realname = '{$realname}', email = '{$email}', pass = password(lower('{$password}')), nonce = '{$nonce}', privs = '{$privilege}', link_1 = 'http://www.toggle.uk.com', link_2 = 'http://www.getpixie.co.uk', link_3 = 'http://www.iwouldlikeawebsite.com', biography=''";
         if (isset($table_name)) {
             $ok = safe_insert($table_name, $sql);
         }
         if (!$ok) {
             $message = $lang['user_duplicate'];
             $do = 'newuser';
Beispiel #9
0
 public static function create($username, $password, $repeat, $email)
 {
     /* We load the $dbConn variable as global to use it inside the function. */
     global $dbConn;
     /* 
      * We first need to sanitize the variables we got in order to avoid
      * SQL injection attacks from malicious users.
      */
     $username = $dbConn->real_escape_string($username);
     $password = $dbConn->real_escape_string($password);
     $repeat = $dbConn->real_escape_string($repeat);
     $email = $dbConn->real_escape_string($email);
     /* We check if the two passwords match each other. */
     if ($password == $repeat) {
         /* Check if username is empty. */
         if (Validator::isEmpty($username)) {
             new Message(3);
             return;
         }
         /* We check if the user has supplied a valid email address. */
         if (Validator::validateEmail($email) == false) {
             new Message(6);
             return;
         }
         /* We check for duplicate usernames. */
         if (Validator::userExists($username)) {
             new Message(8);
             return;
         }
         /* We check for duplicate email address. */
         if (Validator::emailExists($email)) {
             new Message(9);
             return;
         }
         /* 
          * Check password for security. 
          * Password security policy rules:
          * ---------------------------------
          * 1. It must contain both numbers/letters.
          * 2. It must be longer than 8 characters.
          */
         if (Validator::isValidPassword($password) == false) {
             new Message(10);
             return;
         }
         /* We generate a new unique salt for the user. */
         $salt = Salt::getHash();
         /* 
          * We now need to store the password as a hash and for that reason
          * we will use the hash function sha-256 which generates a 64 character
          * hash (256 bits long and uses 4 bits per character = 64 characters).
          * We also mix the salt with the hash so that it is harder for an
          * attacker to bruteforce the hash and find the correct password.
          */
         $hashedPassword = hash("sha256", $salt . $password . $salt);
         /* We build our query and execute it. */
         $result = $dbConn->query("INSERT INTO `accounts` VALUES ('', '{$username}', '{$hashedPassword}', '{$email}', '{$salt}', NULL, NULL);");
         /* Supposing the query ran then */
         if ($result) {
             //The account was created successfully.
             new Message(7, "success");
         }
     } else {
         /* The two passwords don't match each other. */
         new Message(5);
     }
 }
 protected function validate_email()
 {
     if ($this->testRequiredNonDefault('email')) {
         return Validator::validateEmail($this->getFirstElementValue('email')) ? self::STR_OK : self::STR_INVALID;
     } else {
         return self::STR_MISSING;
     }
 }
Beispiel #11
0
         }
     }
 }
 if ($at[$j] == 'longtext') {
     // remove para from <!--more-->
     if (isset($m) && $m == 'dynamic') {
         // hacky to try and clean the more
         $value = str_replace('<p><!--more--></p>', '<!--more-->', $value);
         $value = str_replace('<p> <!--more--></p>', '<!--more-->', $value);
         $value = str_replace('<!--more--></p>', '</p><!--more-->', $value);
         $value = str_replace('<p><!--more-->', '<!--more--><p>', $value);
     }
 }
 if ($an[$j] == 'email') {
     if ($nullf[0] == 'not_null') {
         $check->validateEmail($value, $lang['email_error'] . ' ');
     } else {
         if ($value != "") {
             $check->validateEmail($value, $lang['email_error'] . ' ');
         }
     }
 }
 if ($nullf[0] == 'not_null' && $value == "") {
     $error .= ucwords($an[$j]) . " " . $lang['is_required'] . ' ';
 }
 // if empty int set to 0
 if ($at[$j] == 'int') {
     $value = $value ? $value : 0;
 }
 if (isset($sql)) {
 } else {
Beispiel #12
0
 function saveUser($data)
 {
     // dont trust posted user_id
     if (!empty($data['user_id'])) {
         if ($data['user_id'] != $this->objAuthentication->user_id) {
             // editing someone elses profile
             $this->errorMsg = 'Unauthorized';
             return false;
         }
     }
     $user_id = false;
     $this->errorMsg = null;
     $saveData = array();
     $saveData['id'] = !empty($data['user_id']) ? intval($data['user_id']) : false;
     $saveData['email'] = !empty($data['user_email']) ? $data['user_email'] : false;
     $saveData['company'] = !empty($data['user_company']) ? $data['user_company'] : false;
     $saveData['title'] = !empty($data['user_title']) ? $data['user_title'] : false;
     $saveData['fName'] = !empty($data['user_fName']) ? $data['user_fName'] : false;
     $saveData['lName'] = !empty($data['user_lName']) ? $data['user_lName'] : false;
     $saveData['phone'] = !empty($data['user_phone']) ? $data['user_phone'] : false;
     $saveData['address'] = !empty($data['user_address']) ? $data['user_address'] : false;
     $saveData['address2'] = !empty($data['user_address2']) ? $data['user_address2'] : false;
     $saveData['city'] = !empty($data['user_city']) ? $data['user_city'] : false;
     $saveData['province'] = !empty($data['user_province']) ? $data['user_province'] : false;
     $saveData['country'] = !empty($data['user_country']) ? $data['user_country'] : false;
     $saveData['zip'] = !empty($data['user_zip']) ? $data['user_zip'] : false;
     if (!empty($data['user_password'])) {
         $saveData['password'] = !empty($data['user_password']) ? $data['user_password'] : false;
     }
     if (isset($data['active'])) {
         $saveData['active'] = intval($data['active']);
     }
     if (!empty($data['activateString'])) {
         $saveData['activateString'] = $data['activateString'];
     }
     // validate it all
     $objValidator = new Validator();
     $objValidator->validateEmail($saveData['email']);
     $objValidator->validateName($saveData['fName']);
     $objValidator->validateName($saveData['lName']);
     $objValidator->validatePhone($saveData['phone']);
     $objValidator->validateNotEmpty($saveData['title'], 'title');
     $objValidator->validateNotEmpty($saveData['company'], 'company');
     $objValidator->validateNotEmpty($saveData['address'], 'address');
     $objValidator->validateNotEmpty($saveData['city'], 'city');
     $objValidator->validateNotEmpty($saveData['province'], 'province');
     $objValidator->validateNotEmpty($saveData['country'], 'country');
     $objValidator->validateNotEmpty($saveData['zip'], 'zip');
     if (!empty($data['password'])) {
         $objValidator->validatePassword($saveData['password']);
         @$objValidator->passwordsMatch($saveData['password'], $data['password2']);
     }
     if ($objValidator->hasError) {
         $this->errorMsg = $objValidator->getError();
     } else {
         $objUser = new UserModel();
         $user_id = $objUser->saveUser($saveData);
     }
     return $user_id;
 }
Beispiel #13
0
$password_2 = $_POST["password_2"];
$invitation_code = $_POST["invitation_code"];
$captcha = $_POST["captcha"];
$username = $username ? htmlspecialchars($username, ENT_QUOTES) : "";
$email = $email ? htmlspecialchars($email, ENT_QUOTES) : "";
$password_1 = $password_1 ? $password_1 : "";
$password_2 = $password_2 ? $password_2 : "";
$invitation_code = $invitation_code ? $invitation_code : "";
$captcha = $captcha ? $captcha : "";
$res = array("result" => false, "reason" => "");
if ($password_1 != $password_2) {
    $res["reason"] = "两次密码输入不同!";
    die(json_encode($res));
}
//string format validate
if (!(Validator::validateUserName($username) && Validator::validateEmail($email) && Validator::validatePassword($password_1) && Validator::validateCaptcha($captcha))) {
    $res["reason"] = "输入不合法!";
    die(json_encode($res));
}
//Captcha Validate
require_once PHP_BASE_DIR . "/securimage/securimage.php";
$img = new Securimage();
if ($img->check($captcha) == false) {
    $res['reason'] = '验证码错误!';
    die(json_encode($res));
}
$db = new MySQL($log);
if ($mysqli = $db->openDB()) {
    $user = new User($mysqli, $log);
    $invitation = new Invitation($mysqli, $log);
    if ($user->getUserByName($username)) {