function clearUser()
{
if (isset($_POST['user']) && $_POST['user'] !== null && $_POST['user'] !== '') {
$username = $_POST['user'];
// lookup userid from db
//echo "received Username: "******"") {
// if user/password exists, check it, otherwise add new user
if (usernameExists($username)) {
$userId = getUserId($username);
$pass = getPass($userId);
// get pass from db
if ($_POST['pass'] === $pass) {
return "user cleared.";
} else {
return "invalid combination.";
}
} else {
if (addUser($username, $_POST['pass'])) {
return "user cleared.";
} else {
return "error creating new user.";
}
}
} else {
return "password cannot be empty.";
}
} else {
return "username cannot be empty.";
}
}
function __construct($user, $display, $pass, $email, $colist, $contact)
{
//Used for display only
$this->displayname = $display;
//Sanitize
$this->clean_email = sanitize($email);
$this->clean_password = trim($pass);
$this->username = sanitize($user);
$this->colist_agent = $colist;
$this->contact_person = $contact;
if (usernameExists($this->username)) {
$this->username_taken = true;
} else {
if (displayNameExists($this->displayname)) {
$this->displayname_taken = true;
} else {
if (emailExists($this->clean_email)) {
$this->email_taken = true;
} else {
//No problems have been found.
$this->status = true;
}
}
}
}
function login($username, $password, $ref)
{
//A function that attempts to login the user (set the session variables), and if it fails, it'll
//throw errors as an echo;
global $root;
$responseArray = array("ref" => $ref, "userErrorMsg" => "", "loginStatus" => false);
$userData = fetchJSON($root . "/users.json");
if (usernameExists($username)) {
for ($i = 0; $i < count($userData); $i++) {
if ($userData[$i]->username === $username && $userData[$i]->password === $password) {
$_SESSION["loggedIn"] = true;
$_SESSION["username"] = $username;
$_SESSION["userID"] = $userData[$i]->id;
$responseArray["loginStatus"] = true;
break;
}
if ($i === count($userData) - 1) {
$responseArray["userErrorMsg"] = "Incorrect password!";
$responseArray["loginStatus"] = false;
break;
}
}
} else {
$responseArray["userErrorMsg"] = "That username doesn't exist!";
$responseArray["loginStatus"] = false;
}
return $responseArray;
}
function __construct($user, $display, $pass, $email, $pin, $location, $about)
{
//Used for display only
$this->displayname = $display;
//Sanitize
$this->clean_email = sanitize($email);
$this->clean_password = trim($pass);
$this->username = sanitize($user);
$this->clean_pin = trim($pin);
$this->location = trim($location);
$this->about = trim($about);
if (usernameExists($this->username)) {
$this->username_taken = true;
} else {
if (displayNameExists($this->displayname)) {
$this->displayname_taken = true;
} else {
if (emailExists($this->clean_email)) {
$this->email_taken = true;
} else {
//No problems have been found.
$this->status = true;
}
}
}
}
function __construct($user, $display, $pass, $email, $country, $state, $city, $address, $zip, $phone)
{
//Used for display only
$this->displayname = $display;
//Sanitize
$this->clean_email = sanitize($email);
$this->clean_password = trim($pass);
$this->username = sanitize($user);
$this->user_country = sanitize($country);
$this->user_state = sanitize($state);
$this->user_city = sanitize($city);
$this->user_address = sanitize($address);
$this->user_zip = sanitize($zip);
$this->user_phone = sanitize($phone);
if (usernameExists($this->username)) {
$this->username_taken = true;
} else {
if (displayNameExists($this->displayname)) {
$this->displayname_taken = true;
} else {
if (emailExists($this->clean_email)) {
$this->email_taken = true;
} else {
//No problems have been found.
$this->status = true;
}
}
}
}
public function validate_username($value)
{
if (minMaxRange(4, 16, $value)) {
$this->set_specific_error('username', lang("ACCOUNT_USER_CHAR_LIMIT", array(4, 16)));
} else {
if (usernameExists($value)) {
$this->set_specific_error('username', lang("ACCOUNT_USERNAME_IN_USE", array($value)));
}
}
}
function validateUserName($username, $conn)
{
$erroList = [];
if (usernameExists($username, $conn)) {
array_push($erroList, "Username already exists");
}
if (strlen($username) == 0) {
array_push($erroList, "Please supply username");
}
return $erroList;
}
function __construct($user, $pass, $email, $group_id = 2)
{
//Used for display only
$this->unclean_username = $user;
//Sanitize
$this->clean_email = sanitize($email);
$this->clean_password = trim($pass);
$this->group_id = trim($group_id);
$this->clean_username = sanitize($user);
if (usernameExists($this->clean_username)) {
$this->username_taken = true;
} elseif (emailExists($this->clean_email)) {
$this->email_taken = true;
} else {
//No problems have been found.
$this->status = true;
}
}
function CorrectUserInputs($userDetails)
{
$nameRegex = '/^[a-z]+[a-z ]*$/i';
$usernameRegex = '/^[A-Z0-9_]+$/i';
$passwordRegex = '/^[^ ]*$/';
if (usernameExists($userDetails['username'])) {
return false;
}
if (!preg_match($nameRegex, $userDetails['firstname']) || !preg_match($nameRegex, $userDetails['lastname']) || !preg_match($usernameRegex, $userDetails['username']) || !preg_match($passwordRegex, $userDetails['password'])) {
return false;
}
if (!($userDetails['gender'] == 'Female' && in_array($userDetails['salutation'], ['Miss', 'Ms', 'Mrs', 'Madame', 'Majesty', 'Seniora'])) && !($userDetails['gender'] == 'Male' && in_array($userDetails['salutation'], ['Mr', 'Sir', 'Senior', 'Count']))) {
return false;
}
if (strtotime($userDetails['birthdate']) > strtotime('-18 years')) {
return false;
}
return true;
}
/**
* Ban user
* @param $input
*/
function shoutboxBanUser($input)
{
global $lang, $db, $mybb, $cache;
$lang->load('dvz_reports');
//Validate XSRF token
if (verify_post_check($input['my_post_key'])) {
//Validate if weve got a username
if (!$input['username']) {
redirect('modcp.php?action=shoutbox_ban', $lang->invalid_username);
}
//Validate existance
if (!($uid = (int) usernameExists($input['username']))) {
redirect('modcp.php?action=shoutbox_ban', $lang->invalid_username);
}
//User already banned
if (isBanned($uid)) {
redirect('modcp.php?action=shoutbox_ban', $lang->already_banned);
}
if ($input['reason'] == 'different') {
if (!$input['reason_input']) {
redirect('modcp.php?action=shoutbox_ban', $lang->no_reason);
} else {
$reason = $input['reason_input'];
}
} else {
$reason = $input['reason'];
}
$data = array('uid' => $db->escape_string($uid), 'reason' => $db->escape_string($reason), 'unbantime' => getUnban($input['length']), 'banned_by' => $db->escape_string($mybb->user['uid']));
//Insert new ban
$db->insert_query('dvz_reports_banned', $data);
//Log action
$logdata = array('uid' => $uid, 'username' => $mybb->input['username']);
log_moderator_action($logdata, $lang->banned_user);
//Redirect
redirect('modcp.php?action=shoutbox_ban', $lang->ban_succesfull);
}
}
if (!empty($_POST)) {
$email = $_POST["email"];
$username = sanitize($_POST["username"]);
//Perform some validation
//Feel free to edit / change as required
if (trim($email) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
} else {
if (!isValidEmail($email) || !emailExists($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
}
}
if (trim($username) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
} else {
if (!usernameExists($username)) {
$errors[] = lang("ACCOUNT_INVALID_USERNAME");
}
}
if (count($errors) == 0) {
//Check that the username / email are associated to the same account
if (!emailUsernameLinked($email, $username)) {
$errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");
} else {
//Check if the user has any outstanding lost password requests
$userdetails = fetchUserDetails($username);
if ($userdetails["lost_password_request"] == 1) {
$errors[] = lang("FORGOTPASS_REQUEST_EXISTS");
} else {
//Email the user asking to confirm this change password request
//We can use the template builder here
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
$baseURL = getcwd();
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Forms posted
if (!empty($_POST) && $emailActivation) {
$email = $_POST["email"];
$username = $_POST["username"];
//Perform some validation
//Feel free to edit / change as required
if (trim($email) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
} else {
if (!isValidEmail($email) || !emailExists($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
}
}
if (trim($username) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
} else {
if (!usernameExists($username)) {
$errors[] = lang("ACCOUNT_INVALID_USERNAME");
}
}
if (count($errors) == 0) {
//Check that the username / email are associated to the same account
if (!emailUsernameLinked($email, $username)) {
$errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");
} else {
$userdetails = fetchUserDetails($username);
//See if the user's account is activation
if ($userdetails["active"] == 1) {
$errors[] = lang("ACCOUNT_ALREADY_ACTIVE");
} else {
if ($resend_activation_threshold == 0) {
$hours_diff = 0;
} else {
$last_request = $userdetails["last_activation_request"];
$hours_diff = round((time() - $last_request) / (3600 * $resend_activation_threshold), 0);
}
if ($resend_activation_threshold != 0 && $hours_diff <= $resend_activation_threshold) {
$errors[] = lang("ACCOUNT_LINK_ALREADY_SENT", array($resend_activation_threshold));
} else {
//For security create a new activation url;
$new_activation_token = generateActivationToken();
if (!updateLastActivationRequest($new_activation_token, $username, $email)) {
$errors[] = lang("SQL_ERROR");
} else {
$mail = new userCakeMail();
$activation_url = $websiteUrl . "activate-account.php?token=" . $new_activation_token;
//Setup our custom hooks
$hooks = array("searchStrs" => array("#ACTIVATION-URL", "#USERNAME#"), "subjectStrs" => array($activation_url, $userdetails["display_name"]));
if (!$mail->newTemplateMsg("resend-activation.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["email"], "Activate your " . $websiteName . " Account")) {
$errors[] = lang("MAIL_ERROR");
} else {
//Success, user details have been updated in the db now mail this information out.
$successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT");
}
}
}
}
}
}
}
}
//Prevent the user visiting the logged in page if he/she is already logged in
if (isUserLoggedIn()) {
header("Location: " . str_replace('index.php/', '', site_url('account')));
die;
}
$this->load->view('resend_activation');
}
ini_set('display_errors', 1);
error_reporting(E_ALL | E_STRICT);
include '/home/jayme/firephp-core/lib/FirePHPCore/fb.php';
require 'scripts/dbConnect.php';
require 'scripts/selectQueries.php';
include 'scripts/sessions.php';
// Validate the fields upon submission.
if ($_POST) {
$loginUsername = trim($_POST["loginUsername"], " \t\n\r\v");
// Remove trailing whitespace from the field.
$loginPassword = $_POST["loginPassword"];
$errorMsg = "";
// OPENING DATABASE CONNECTION.
$dbConn = dbConnect();
// Check that the username exists in the database.
$userFound = usernameExists($dbConn, strtolower($loginUsername));
FB::log('User found status: ' . ($userFound ? 'True' : 'False'));
if ($userFound) {
// Check that the password is correct for the user.
$isValid = passwordExists($dbConn, $loginUsername, $loginPassword);
FB::log('Login valid? ' . ($isValid ? 'True' : 'False'));
if ($isValid) {
//TODO Creating PHP sessions for managing user login.
FB::log('Login success! Setting session variables...');
$_SESSION['LoggedIn'] = true;
$_SESSION['Username'] = $loginUsername;
$_SESSION['UserId'] = getUserId($dbConn, $loginUsername);
FB::info('LoggedIn: ' . $_SESSION['LoggedIn'] . ', Username: '******'Username'] . ', UserId: ' . $_SESSION['UserId']);
} else {
$errorMsg = "<b>Your password is incorrect. Please try again.</b>";
}
function flagLostPasswordRequest($user_name, $value)
{
if (!usernameExists($user_name)) {
addAlert("danger", "Invalid username specified.");
return false;
}
try {
global $db_table_prefix;
$db = pdoConnect();
$sqlVars = array();
$query = "UPDATE " . $db_table_prefix . "users\n\t\tSET lost_password_request = :value\n\t\tWHERE\n\t\tuser_name = :user_name\n\t\tLIMIT 1";
$stmt = $db->prepare($query);
$sqlVars['value'] = $value;
$sqlVars['user_name'] = $user_name;
if (!$stmt->execute($sqlVars)) {
// Error: column does not exist
return false;
}
return true;
} catch (PDOException $e) {
addAlert("danger", "Oops, looks like our database encountered an error.");
error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
return false;
} catch (ErrorException $e) {
addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs.");
return false;
} catch (RuntimeException $e) {
addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs.");
error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
return false;
}
}
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
}
} else {
if ($username == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
}
}
if ($password == "") {
$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
}
if (count($errors) == 0) {
//A security note here, never tell the user which credential was incorrect
if ($email == 1) {
$existsVar = !emailExists($email_address);
} else {
$existsVar = !usernameExists($username);
}
if ($existsVar) {
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
} else {
if ($email == 1) {
$userdetails = fetchUserAuthByEmail($email_address);
} elseif ($email == 0) {
$userdetails = fetchUserAuthByUserName($username);
}
//See if the user's account is activated
if ($userdetails["active"] == 0) {
$errors[] = lang("ACCOUNT_INACTIVE");
} else {
if ($userdetails["enabled"] == 0) {
$errors[] = lang("ACCOUNT_DISABLED");
/**
* Create a user with the specified fields.
* @param string $user_name the validated $_POST['user_name'] variable
* @param string $display_name the validated $_POST['display_name'] variable
* @param string $email the validated $_POST['email'] variable
* @param string $title the validated $_POST['title'] variable
* @param string $password the validated $_POST['password'] variable
* @param string $passwordc the validated $_POST['passwordc'] variable
* @param boolean $require_activation value of global $emailActivation when $admin is false
* @param boolean $admin True if admin is creating user, False if not admin creating user.
* @return int $inserted_id
*/
function createUser($user_name, $display_name, $email, $title, $password, $passwordc, $require_activation, $admin)
{
// if we're in admin mode, then the user must be logged in and have appropriate permissions
if ($admin == "true") {
// This block automatically checks this action against the permissions database before running.
if (!checkActionPermissionSelf(__FUNCTION__, func_get_args())) {
addAlert("danger", "Sorry, you do not have permission to access this resource.");
return false;
}
}
$error_count = 0;
// Check values
if (minMaxRange(1, 25, $user_name)) {
addAlert("danger", lang("ACCOUNT_USER_CHAR_LIMIT", array(1, 25)));
$error_count++;
}
if (!ctype_alnum($user_name)) {
addAlert("danger", lang("ACCOUNT_USER_INVALID_CHARACTERS"));
$error_count++;
}
if (minMaxRange(1, 50, $display_name)) {
addAlert("danger", lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(1, 50)));
$error_count++;
}
if (!isValidName($display_name)) {
addAlert("danger", lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS"));
$error_count++;
}
if (!isValidEmail($email)) {
addAlert("danger", lang("ACCOUNT_INVALID_EMAIL"));
$error_count++;
}
if (minMaxRange(1, 150, $title)) {
addAlert("danger", lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 150)));
$error_count++;
}
if (minMaxRange(8, 50, $password) && minMaxRange(8, 50, $passwordc)) {
addAlert("danger", lang("ACCOUNT_PASS_CHAR_LIMIT", array(8, 50)));
$error_count++;
} else {
if ($password != $passwordc) {
addAlert("danger", lang("ACCOUNT_PASS_MISMATCH"));
$error_count++;
}
}
if (usernameExists($user_name)) {
addAlert("danger", lang("ACCOUNT_USERNAME_IN_USE", array($user_name)));
$error_count++;
}
if (displayNameExists($display_name)) {
addAlert("danger", lang("ACCOUNT_DISPLAYNAME_IN_USE", array($display_name)));
$error_count++;
}
if (emailExists($email)) {
addAlert("danger", lang("ACCOUNT_EMAIL_IN_USE", array($email)));
$error_count++;
}
//Construct a secure hash for the plain text password
$password_hash = passwordHashUF($password);
if ($password_hash === null) {
addAlert("danger", lang("PASSWORD_HASH_FAILED"));
$error_count++;
}
// Exit on any invalid parameters
if ($error_count != 0) {
return false;
}
//Construct a unique activation token (even if activation is not required)
$activation_token = generateActivationToken();
$active = 1;
//Do we need to require that the user activate their account first?
if ($require_activation) {
//User must activate their account first
$active = 0;
$mailSender = new userCakeMail();
//Build the activation message
$activation_message = lang("ACCOUNT_ACTIVATION_MESSAGE", array(SITE_ROOT . "api/", $activation_token));
//Define more if you want to build larger structures
$hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $activation_token, $display_name));
/* Build the template - Optional, you can just use the sendMail function
Instead to pass a message. */
// If there is a mail failure, fatal error
if (!$mailSender->newTemplateMsg("new-registration.txt", $hooks)) {
addAlert("danger", lang("MAIL_ERROR"));
return false;
} else {
//Send the mail. Specify users email here and subject.
//SendMail can have a third paremeter for message if you do not wish to build a template.
if (!$mailSender->sendMail($email, "Please activate your account")) {
addAlert("danger", lang("MAIL_ERROR"));
return false;
}
}
}
// Insert the user into the database and return the new user's id
return addUser($user_name, $display_name, $title, $password_hash, $email, $active, $activation_token);
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
$baseURL = getcwd();
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//User has confirmed they want their password changed
if (!empty($_GET["confirm"])) {
$token = trim($_GET["confirm"]);
if ($token == "" || !validateActivationToken($token, TRUE)) {
$errors[] = lang("FORGOTPASS_INVALID_TOKEN");
} else {
$rand_pass = getUniqueCode(15);
//Get unique code
$secure_pass = generateHash($rand_pass);
//Generate random hash
$userdetails = fetchUserDetails(NULL, $token);
//Fetchs user details
$mail = new userCakeMail();
//Setup our custom hooks
$hooks = array("searchStrs" => array("#GENERATED-PASS#", "#USERNAME#"), "subjectStrs" => array($rand_pass, $userdetails["display_name"]));
if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/your-lost-password.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["email"], "Your new password")) {
$errors[] = lang("MAIL_ERROR");
} else {
if (!updatePasswordFromToken($secure_pass, $token)) {
$errors[] = lang("SQL_ERROR");
} else {
if (!flagLostPasswordRequest($userdetails["user_name"], 0)) {
$errors[] = lang("SQL_ERROR");
} else {
$successes[] = lang("FORGOTPASS_NEW_PASS_EMAIL");
}
}
}
}
}
}
//User has denied this request
if (!empty($_GET["deny"])) {
$token = trim($_GET["deny"]);
if ($token == "" || !validateActivationToken($token, TRUE)) {
$errors[] = lang("FORGOTPASS_INVALID_TOKEN");
} else {
$userdetails = fetchUserDetails(NULL, $token);
if (!flagLostPasswordRequest($userdetails["user_name"], 0)) {
$errors[] = lang("SQL_ERROR");
} else {
$successes[] = lang("FORGOTPASS_REQUEST_CANNED");
}
}
}
//Forms posted
if (!empty($_POST)) {
$email = $_POST["email"];
$username = sanitize($_POST["username"]);
//Perform some validation
//Feel free to edit / change as required
if (trim($email) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
} else {
if (!isValidEmail($email) || !emailExists($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
}
}
if (trim($username) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
} else {
if (!usernameExists($username)) {
$errors[] = lang("ACCOUNT_INVALID_USERNAME");
}
}
if (count($errors) == 0) {
//Check that the username / email are associated to the same account
if (!emailUsernameLinked($email, $username)) {
$errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");
} else {
//Check if the user has any outstanding lost password requests
$userdetails = fetchUserDetails($username);
if ($userdetails["lost_password_request"] == 1) {
$errors[] = lang("FORGOTPASS_REQUEST_EXISTS");
} else {
//Email the user asking to confirm this change password request
//We can use the template builder here
//We use the activation token again for the url key it gets regenerated everytime it's used.
$mail = new userCakeMail();
$confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot-password.php?confirm=" . $userdetails["activation_token"];
$deny_url = lang("DENY") . "\n" . $websiteUrl . "forgot-password.php?deny=" . $userdetails["activation_token"];
//Setup our custom hooks
$hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["user_name"]));
if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/lost-password-request.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["email"], "Lost password request")) {
$errors[] = lang("MAIL_ERROR");
} else {
//Update the DB to show this account has an outstanding request
if (!flagLostPasswordRequest($userdetails["user_name"], 1)) {
$errors[] = lang("SQL_ERROR");
} else {
$successes[] = lang("FORGOTPASS_REQUEST_SUCCESS");
}
}
}
}
}
}
}
$this->load->view('forgot_password');
}
$display_type = 'SignIn';
// If anyone of them is missing, then redisplay the StartPage with the 'SignIn' form having error messages.
include 'views/StartPage.php';
// ViewStart
}
exit;
// exit
// exit
case 'Join':
$display_type = 'Join';
// Get username
if (empty($_POST['username'])) {
// If username is empty
$error_msg_username = '******';
} else {
if (usernameExists($_POST['username'])) {
$error_msg_username = '******';
} else {
// username
$username = $_POST['username'];
// in order to redisplay
}
}
//get name
if (empty($_POST['name'])) {
// If username is empty
$error_msg_name = '*required';
} else {
// username
$name = $_POST['name'];
}
$deleteID = "delete" . $row['User_ID'];
$delete = $_POST[$deleteID] ? "Yes" : "No";
$usernameID = "username" . $row['User_ID'];
$newusername = $_POST[$usernameID];
$emailID = "email" . $row['User_ID'];
$newemail = $_POST[$emailID];
$groupID = "group_id" . $row['User_ID'];
$newgroup = $_POST[$groupID];
if ($delete == "Yes") {
$sql = "DELETE from " . $db_table_prefix . "Users WHERE User_ID = '" . $row['User_ID'] . "'";
$db->sql_query($sql);
} else {
if ($newusername != $row['Username']) {
if (minMaxRange(5, 25, $newusername)) {
$errors[] = "Unable to update " . $row['Username'] . "'s username because selected name is not between 5 and 25 characters.";
} elseif (usernameExists($newusername)) {
$errors[] = "Unable to change " . $row['Username'] . "'s name because selected username is already in use.";
} else {
$sql = "UPDATE " . $db_table_prefix . "Users SET Username = '******', Username_clean = '" . sanitize($newusername) . "' WHERE User_ID='" . $row['User_ID'] . "'";
$db->sql_query($sql);
}
}
if ($row['Email'] != $newemail) {
if (trim($newemail) == "") {
$errors[] = "Unable to update " . $row['Username'] . "'s email because no address was entered.";
} else {
if (!isValidEmail($newemail)) {
$errors[] = "Unable to update " . $row['Username'] . "'s email because address is invalid.";
} else {
if (emailExists($newemail)) {
$errors[] = "Unable to update " . $row['Username'] . "'s email because address is already in use.";
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Prevent the user visiting the logged in page if he/she is already logged in
if (isUserLoggedIn()) {
header("Location: " . str_replace('index.php/', '', site_url('account')));
die;
}
//Forms posted
if (!empty($_POST)) {
global $errors;
$errors = array();
$username = sanitize(trim($_POST["username"]));
$password = trim($_POST["password"]);
//Perform some validation
//Feel free to edit / change as required
if ($username == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
}
if ($password == "") {
$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
}
if (count($errors) == 0) {
//A security note here, never tell the user which credential was incorrect
if (!usernameExists($username)) {
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
} else {
$userdetails = fetchUserDetails($username);
//See if the user's account is activated
if ($userdetails["active"] == 0) {
$errors[] = lang("ACCOUNT_INACTIVE");
} else {
//Hash the password and use the salt from the database to compare the password.
$entered_pass = generateHash($password, $userdetails["password"]);
if ($entered_pass != $userdetails["password"]) {
//Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
} else {
//Passwords match! we're good to go'
//Construct a new logged in user object
//Transfer some db data to the session object
$loggedInUser = new loggedInUser();
$loggedInUser->email = $userdetails["email"];
$loggedInUser->user_id = $userdetails["id"];
$loggedInUser->hash_pw = $userdetails["password"];
$loggedInUser->title = $userdetails["title"];
$loggedInUser->displayname = $userdetails["display_name"];
$loggedInUser->username = $userdetails["user_name"];
//Update last sign in
$loggedInUser->updateLastSignIn();
$this->session->set_userdata('userCakeUser', $loggedInUser);
// $_SESSION["userCakeUser"] = $loggedInUser;
//Redirect to user account page
header("Location: " . str_replace('index.php/', '', site_url('account')));
die;
}
}
}
}
}
$this->load->view('login');
}
