Beispiel #1
0
 public function processChangepassword($password)
 {
     if (!isset($GLOBALS['loggedin']) || !$GLOBALS['loggedin']) {
         // only logged in users
         NavigationUtility::redirect();
     }
     if (!is_null($password)) {
         $password = hash('sha512', $password);
         $changepasswordResult = $this->changePassword($password, $this->mysqli);
         if ($changepasswordResult) {
             $this->logger->log("User changed password sucessfully ", Logger::INFO);
             MessageQueue::pushPersistent($_SESSION['user_id'], 'mes_passwordchange_success');
             NavigationUtility::redirect();
         } else {
             $this->logger->log("Something went wrong when user tried to change password ", Logger::WARNING);
             MessageQueue::pushPersistent($_SESSION['user_id'], 'err_db_query_failed');
             NavigationUtility::redirectToErrorPage();
         }
     }
 }
Beispiel #2
0
<script language="JavaScript"><!--
javascript:window.history.forward(1);
//--></script>
<div class="jumbotron">
	<?php 
use quizzenger\utilities\NavigationUtility;
if (is_null($this->_['quizinfo']['quizid'])) {
    NavigationUtility::redirect();
}
?>
	<h1>Willkommen bei Quizzenger</h1>
	<p>
		Du wurdest eingeladen am Quiz "<?php 
echo htmlspecialchars($this->_['quizinfo']['quizname']);
?>
" teilzunehmen.
	</p>
  	<p>
  		<a href="<?php 
echo $this->_['quizinfo']['firstUrl'];
?>
" class="btn btn-primary btn-lg" role="button">
	  		Quiz starten!
		</a>
	</p>
</div>
Beispiel #3
0
 public function processRegistration($username, $email, $password)
 {
     $error_msg = "";
     if (is_null($username) || is_null($email) || is_null($password)) {
         $this->logger->log("Error trying to register : Missing fields", Logger::ERROR);
         MessageQueue::pushPersistent($_SESSION['user_id'], 'err_missing_input');
         NavigationUtility::redirect('./index.php?view=error');
     } else {
         // sanitize and validate the data passed in
         if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
             $error_msg = "err_register_invalid_mail";
         }
         $password = hash('sha512', $password);
         // Username validity isn't checked, only sanitized
         $prep_stmt = "SELECT id FROM user WHERE email = ? LIMIT 1";
         $stmt = $this->mysqli->prepare($prep_stmt);
         // check if mail is already registered
         if ($stmt) {
             $stmt->bind_param('s', $email);
             $stmt->execute();
             $stmt->store_result();
             if ($stmt->num_rows == 1) {
                 $error_msg = "err_register_existing_info";
             }
         } else {
             $error_msg = "err_register_check";
         }
         $stmt->close();
         // check if username is already registered
         $prep_stmt = "SELECT id FROM user WHERE username = ? LIMIT 1";
         $stmt = $this->mysqli->prepare($prep_stmt);
         if ($stmt) {
             $stmt->bind_param('s', $username);
             $stmt->execute();
             $stmt->store_result();
             if ($stmt->num_rows == 1) {
                 $error_msg = "err_register_existing_info";
             }
         } else {
             $error_msg = "err_register_check";
         }
         $stmt->close();
         if (empty($error_msg)) {
             // We don't need to set seed since PHP 5.2.1
             // Uniqid for more entropy due to mt_rand not being 100% top notch
             $random_salt = hash('sha512', uniqid(mt_rand(), true));
             $password = hash('sha512', $password . $random_salt);
             if ($insert_stmt = $this->mysqli->prepare("INSERT INTO user (username, email, password, salt) VALUES (?, ?, ?, ?)")) {
                 $insert_stmt->bind_param('ssss', $username, $email, $password, $random_salt);
                 if (!$insert_stmt->execute()) {
                     $this->logger->log("Error trying to register (insert). SQL Error: " . $this->mysqli->error(), Logger::ERROR);
                     MessageQueue::pushPersistent($_SESSION['user_id'], 'err_register_insert');
                     NavigationUtility::redirect('./index.php?view=error');
                 }
             }
             $this->logger->log("User registered sucessfully", Logger::INFO);
             MessageQueue::pushPersistent($_SESSION['user_id'], 'mes_register_success');
             NavigationUtility::redirect('./index.php');
         } else {
             $this->logger->log("Error trying to register :" . $error_msg, Logger::ERROR);
             MessageQueue::pushPersistent($_SESSION['user_id'], $error_msg);
             NavigationUtility::redirect('./index.php?view=error');
         }
     }
 }
Beispiel #4
0
 public function logout()
 {
     //Clean up properly in orde to destroy session for good
     $_SESSION = array();
     // Unset all session values
     $params = session_get_cookie_params();
     // get session parameters so we an delete the cookie
     // Renders it invalid / deleted
     setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
     // Bye!
     session_destroy();
     MessageQueue::pushPersistent($_SESSION['user_id'], 'mes_logout_success');
     NavigationUtility::redirect();
 }