function execute($requests)
{
$tail = $GLOBALS['KTAI_URL_TAIL'];
$u = $GLOBALS['KTAI_C_MEMBER_ID'];
// --- リクエスト変数
$ktai_address = $requests['ktai_address'];
// ----------
$ktai_address = str_replace('"', '', $ktai_address);
//--- 権限チェック
//必要なし?
//---
if (!db_common_is_mailaddress($ktai_address)) {
// メールアドレスを入力してください
$p = array('msg' => 12);
openpne_redirect('ktai', 'page_h_regist_address', $p);
}
if (!is_ktai_mail_address($ktai_address)) {
// 携帯メールアドレス以外は指定できません
$p = array('msg' => 16);
openpne_redirect('ktai', 'page_h_regist_address', $p);
}
if (db_member_is_sns_join4mail_address($ktai_address)) {
// このメールアドレスはすでに登録されています
$p = array('msg' => 17);
openpne_redirect('ktai', 'page_h_regist_address', $p);
}
db_member_delete_c_member_ktai_pre4id($ktai_address);
db_member_delete_c_ktai_address_pre4ktai_address($ktai_address);
$session = create_hash();
db_member_insert_c_ktai_address_pre($u, $session, $ktai_address);
//function cache削除
cache_drop_c_member_profile($u);
do_mail_sns_change_ktai_mail_send($u, $session, $ktai_address);
openpne_redirect('ktai', 'page_o_send_mail_end');
}
public function forget_password_attempt()
{
$email = $_POST['email'];
$this->load->model('user_model');
$user = $this->user_model->checkEmailFP($email);
if ($user) {
include OTHERS . "PasswordHash.php";
$new_password = $this->_get_random_string(10);
$salt = $this->_get_random_string(16);
$hashed_password = create_hash($new_password . $salt);
$update = array('password' => $hashed_password, 'salt' => $salt);
if ($this->user_model->updateUserFP($update, $user->id)) {
$this->load->model('email_model');
$this->email_model->forgetPasswordSendEmail($user, $new_password);
$this->session->set_flashdata("message", "<div class='alert alert-success'><i class='fa fa-check'></i> The new password is sent to your email!</div>");
header("Location: " . base_url() . 'pages/forget_password');
} else {
$this->session->set_flashdata("message", "<div class='alert alert-danger'><i class='fa fa-exclamation'></i> Generating new password failed, please try again later.</div>");
header("Location: " . base_url() . 'pages/forget_password');
}
} else {
$this->session->set_flashdata("message", "<div class='alert alert-danger'><i class='fa fa-exclamation'></i> The email you entered was not found.</div>");
header("Location: " . base_url() . 'pages/forget_password');
}
}
function database_add_user($username, $password, $picture, $phone)
{
global $mysqli;
// Sanitize the variables you passed in
$username = sanitize_input($username);
$password = sanitize_input($password);
// NOTE: Add another variable to be sanitized here:
$phone = sanitize_input($phone);
// Hash the password so that it is not stored in the database as plain text
$password = create_hash($password);
// Process the picture for putting it in the database
$picture = process_picture($picture);
// NOTE: modify this query to also include the newfield
// Insert the new user into the database
$q1 = "INSERT INTO users (username, password, picture, phone)";
$q2 = "VALUES ('{$username}','{$password}','{$picture}', '{$phone}')";
$q = $q1 . $q2;
$userID = 0;
if (isUsernameTaken($username) == false) {
// Add the user to the database
mysqli_query($mysqli, $q);
// Set this userID as logged in
$userID = mysqli_insert_id($mysqli);
set_user_logged_in($userID, $password);
}
return $userID;
}
public function create()
{
if ($_POST) {
$customer = Stripe_Customer::create(array('email' => $_POST['email']));
foreach ($_POST as $key => $value) {
$_POST[$key] = urldecode($value);
}
include OTHERS . "PasswordHash.php";
$new_password = $_POST['password'];
$salt = $this->_get_random_string(16);
$hashed_password = create_hash($new_password . $salt);
$stateSplit = explode(' - ', $_POST['state']);
$key = $this->_get_random_string(50);
$user = array('firstname' => $_POST['firstname'], 'lastname' => $_POST['lastname'], 'password' => $hashed_password, 'salt' => $salt, 'phone' => $_POST['phone'], 'email' => $_POST['email'], 'country' => $_POST['country'], 'state' => $stateSplit[1], 'state_abbr' => $stateSplit[0], 'confirmation_key' => $key, 'stripe_customer_id' => $customer->id);
if (isset($_POST['reg_plan_id'])) {
$user['stripe_reg_plan_id'] = $_POST['reg_plan_id'];
} else {
$this->load->model('settings_model');
$general = transformArrayToKeyValue($this->settings_model->get(array('category' => 'general')));
$this->load->model('package_model');
$package = $this->package_model->getPackage($general['trial_period_package']->v);
$user['stripe_reg_plan_id'] = $package->stripe_plan_id;
}
if ($this->user_model->add($user)) {
echo "OK";
}
} else {
$this->index();
}
}
function execute($requests)
{
//<PCKTAI
if (OPENPNE_AUTH_MODE == 'slavepne' || !(OPENPNE_REGIST_FROM & OPENPNE_REGIST_FROM_PC)) {
client_redirect_login();
}
//>
$sid = $requests['sid'];
$ktai_address = $requests['ktai_address'];
$ktai_address = str_replace('"', '', $ktai_address);
if (!db_member_is_active_sid($sid)) {
$p = array('msg_code' => 'invalid_url');
openpne_redirect('pc', 'page_o_tologin', $p);
}
//携帯メールアドレスチェック
if (!db_common_is_mailaddress($ktai_address)) {
$msg = "メールアドレスを正しく入力してください";
} elseif (db_member_is_sns_join4mail_address($ktai_address)) {
$msg = "そのメールアドレスは既に登録済みです";
} elseif (!is_ktai_mail_address($ktai_address)) {
$msg = "携帯メールアドレスを入力してください";
}
if (!empty($msg)) {
$p = array('msg' => $msg, 'sid' => $sid, 'ktai_address' => $ktai_address);
openpne_redirect('pc', 'page_o_regist_ktai_address', $p);
}
$pre = db_member_c_member_pre4sid($sid);
$ktai_session = create_hash();
// c_member_pre にデータ挿入
$c_member_pre_secure = array('ktai_session' => $ktai_session, 'ktai_address' => $ktai_address);
db_member_update_c_member_pre_secure($pre['c_member_pre_id'], array_merge($pre, $c_member_pre_secure), true);
do_mail_sns_regist_ktai_id_mail_send_pre($ktai_session, $ktai_address);
openpne_redirect('pc', 'page_o_regist_ktai_address_end', array('c_member_pre_id' => $pre['c_member_pre_id']));
}
public function submit()
{
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// TODO validate data
if ($_POST['password'] !== $_POST['passwordrepeat']) {
Flash::set('error_message', 'Your passwords did not match!');
} elseif (!preg_match("#[0-9]+#", $_POST['password'])) {
// should contain at least 1 number
Flash::set('error_message', 'Your password should contain at least 1 number');
} elseif (!preg_match("#[A-Z]+#", $_POST['password'])) {
// should contain at least 1 capital letter
Flash::set('error_message', 'Your password should contain at least an uppercase letter');
} elseif (!preg_match("#[a-z]+#", $_POST['password'])) {
// should contain at least 1 lowercase letter
Flash::set('error_message', 'Your password should contain at least a lowercase letter');
} else {
// TODO submit data
Real_Estate::create(['name' => $_POST['name'], 'password' => create_hash($_POST['password']), 'address' => $_POST['address'], 'email' => $_POST['email'], 'phone' => $_POST['phone'], 'photo' => null]);
Flash::set('success_message', 'Your company account has been created!');
$this->redirect('/');
return;
}
$this->redirect('/realest/signup');
} else {
$this->send404();
}
}
/**
* add a password to protect the view
* @param string $url
* @param string $password
* @return boolean true, if password was added
* @return error message if exception catched during PDO
*/
function protectView($url, $password, $pdo)
{
require 'password_hash.php';
$hash = create_hash($password);
if (!isSaved($url)) {
try {
$stmt = $pdo->prepare("INSERT INTO note(id,content,pwdView,pwdEdit) VALUES(:url,:content,:pwdView,:pwdEdit)");
$stmt->bindValue(':url', $url, PDO::PARAM_STR);
$stmt->bindValue(':content', null);
$stmt->bindValue(':pwdView', $hash, PDO::PARAM_STR);
$stmt->bindValue(':pwdEdit', null);
$stmt->execute();
return True;
} catch (PDOException $e) {
throw $e;
}
} else {
try {
$stmt = $pdo->prepare("UPDATE note SET pwdView = :pwdView WHERE id = :url");
$stmt->bindValue(':url', $url, PDO::PARAM_STR);
$stmt->bindValue(':pwdView', $hash, PDO::PARAM_STR);
$stmt->execute();
return True;
} catch (PDOException $e) {
throw $e;
}
}
}
/**
* 新增用户
* @author JunhaoHo
*/
public function addUser()
{
if (IS_POST) {
//防止#jQuery.load()的AJAX误判,不要用IS_AJAX判断
$username = I('username', null);
//用户名
$email = I('email', null);
//邮件地址
$gender = I('gender', null);
//性别
$groupid = I('groupid', null);
//用户组id
$password = "******";
//默认密码
$salted_hash = create_hash($password);
$regtime = time();
$avatar = $gender . '_default.png';
$data = array('username' => $username, 'email' => $email, 'gender' => $gender, 'groupid' => $groupid, 'salted_hash' => $salted_hash, 'regtime' => $regtime, 'avatar' => $avatar);
$uid = D('Member')->addUser($data);
if ($uid) {
$result['code'] = self::ADD_USER_SUCCESS_CODE;
} else {
$result['code'] = self::ADD_USER_FAILED_CODE;
$error = D('Member')->getDbError();
$str = "Duplicate entry '{$username}' for key 'username'";
$error = substr($error, 0, strpos($error, "[ SQL语句 ]"));
$error = strpos($error, $str) ? '已存在相同用户名!' : $error;
$result['error'] = $error;
}
$this->ajaxReturn($result);
}
$this->display();
}
function execute($requests)
{
//<PCKTAI
if (!OPENPNE_ENABLE_KTAI) {
openpne_redirect('pc', 'page_h_home');
}
//>
$u = $GLOBALS['AUTH']->uid();
// --- リクエスト変数
$ktai_address = $requests['ktai_address'];
// ----------
$ktai_address = str_replace('"', '', $ktai_address);
if (!is_ktai_mail_address($ktai_address)) {
$msg = "携帯メールアドレスを記入してください";
$p = array('msg' => $msg);
openpne_redirect('pc', 'page_h_config_ktai', $p);
}
// 登録済みメールアドレスかどうかチェックする
if (($c_member_id = db_member_c_member_id4ktai_address2($ktai_address)) && $c_member_id != $u) {
$msg = "入力されたメールアドレスは既に登録されています";
$p = array('msg' => $msg);
openpne_redirect('pc', 'page_h_config_ktai', $p);
}
db_member_delete_c_member_ktai_pre4ktai_address($ktai_address);
db_member_delete_c_ktai_address_pre4ktai_address($ktai_address);
$session = create_hash();
db_member_insert_c_ktai_address_pre($u, $session, $ktai_address);
do_mail_sns_change_ktai_mail_send($u, $session, $ktai_address);
openpne_redirect('pc', 'page_h_config_ktai_end');
}
public static function createUserAndGetPassword($ps_username, $ps_password)
{
// We don't create users in external databases, we assume they're already there
// We will create a password hash that is compatible with the CaUsers authentication adapter though
// That way users could, in theory, turn off external db authentication later. The hash will not be used
// for authentication in this adapter though.
return create_hash($ps_password);
}
function execute($requests)
{
//外部認証の場合はリダイレクト
check_action4pne_slave(false);
// --- リクエスト変数
$pc_address = $requests['pc_address'];
$q_id = $requests['c_password_query_id'];
$q_answer = $requests['c_password_query_answer'];
// ----------
if (OPENPNE_USE_CAPTCHA) {
@session_start();
if (empty($_SESSION['captcha_keystring']) || $_SESSION['captcha_keystring'] !== $requests['captcha']) {
unset($_SESSION['captcha_keystring']);
$p = array('msg' => "確認キーワードが誤っています");
openpne_redirect('pc', 'page_o_password_query', $p);
}
unset($_SESSION['captcha_keystring']);
}
if (!$pc_address) {
$p = array('msg' => 'メールアドレスを入力してください');
openpne_redirect('pc', 'page_o_password_query', $p);
}
if (!db_common_is_mailaddress($pc_address)) {
$p = array('msg' => 'メールアドレスの形式が正しくありません');
openpne_redirect('pc', 'page_o_password_query', $p);
}
if (IS_PASSWORD_QUERY_ANSWER) {
if (!$q_id) {
$p = array('msg' => '秘密の質問を選択してください');
openpne_redirect('pc', 'page_o_password_query', $p);
}
if (!$q_answer) {
$p = array('msg' => '秘密の質問の答えを入力してください');
openpne_redirect('pc', 'page_o_password_query', $p);
}
}
//--- 権限チェック
if (IS_PASSWORD_QUERY_ANSWER) {
$c_member_id = db_member_is_password_query_complete($pc_address, $q_id, $q_answer);
$msg = '正しい値を入力してください';
if (!$c_member_id) {
$p = array('msg' => $msg);
openpne_redirect('pc', 'page_o_password_query', $p);
}
} else {
$c_member_id = db_member_c_member_id4pc_address($pc_address);
if (!$c_member_id) {
openpne_redirect('pc', 'page_o_password_query_end');
}
}
//---
// パスワード再発行用のハッシュをDBに登録し再設定用のメールを送信
$session = create_hash();
db_member_update_c_member_config($c_member_id, 'password_reset_sid', $session);
db_member_update_c_member_config($c_member_id, 'password_reset_sid_time', time());
do_password_reset_query_mail_send($c_member_id, $pc_address, $session);
openpne_redirect('pc', 'page_o_password_query_end');
}
function check_hash($pre_shared_key, $password) {
$str1 = $_GET["HashDigest"];
$hashcode = create_hash($pre_shared_key, $password);
if ($hashcode == $str1) {
return "HASH PASSED";
} else {
return "HASH FAILED";
}
}
public function registerAccount($username, $password, $email)
{
$hash = create_hash($password);
$stmt = $this->dbh->prepare('INSERT INTO accounts (username, password, email) VALUES(?, ?, ?)');
$stmt->bindParam(1, $username);
$stmt->bindParam(2, $hash);
$stmt->bindParam(3, $email);
$stmt->execute();
}
public function changePassword()
{
include OTHERS . "PasswordHash.php";
$new_password = $_POST['newPassword'];
$this->load->library('custom_library');
$salt = $this->custom_library->get_random_string(16);
$hashed_password = create_hash($new_password . $salt);
$update = array('password' => $hashed_password, 'salt' => $salt);
$this->load->model('user_model');
echo $this->user_model->update($update, $_POST['id']);
}
function db_api_update_token($c_member_id)
{
$token = create_hash();
$data = array('token' => $token);
$where = array('c_member_id' => intval($c_member_id));
db_update('c_api_member', $data, $where);
if (!db_affected_rows()) {
db_api_insert_token($c_member_id, $token);
}
return $token;
}
function CreateAccount($username, $password, $charsallowed, $expansion, $email)
{
$passhash = create_hash($password);
$connection = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die("Connection failed");
mysql_select_db(DB_DATABASE, $connection);
$query = mysql_query("INSERT INTO login (CreationDate, Email, Username, Password, Allowed_Characters, Flags, Accountflags, Expansions, GM) VALUES (NOW(), '{$email}', '{$username}', '{$passhash}', {$charsallowed}, 0,0, {$expansion}, 0)");
if ($query === false) {
return false;
}
return true;
}
public function tambah_pengguna($post)
{
$username = $post['username'];
$password = create_hash($post['password']);
$query = "INSERT INTO `pengguna` \n\t\t(\n\t\t\t`username`, \n\t\t\t`password`)\n\t\tVALUES \n\t\t(\n\t\t\t:username, \n\t\t\t:password\n\t\t);";
$this->obj->query($query);
$this->obj->bind(':username', $username);
$this->obj->bind(':password', $password);
$this->obj->execute();
header("Location: {$this->site_url()}login");
}
public function index()
{
$this->load->helper('pbkdf2_helper');
$pass = create_hash('usr#6379');
echo $pass;
echo "<p>" . strlen($pass) . "</p>";
echo "<p>result:</p>";
if (validate_password('usr#6379', $pass) == true) {
echo "validation passed";
} else {
echo "didn't pass!";
}
}
function execute($requests)
{
//外部認証の場合はリダイレクト
check_action4pne_slave(true);
// --- リクエスト変数
$ktai_address = $requests['ktai_address'];
$q_id = $requests['c_password_query_id'];
$q_answer = $requests['password_query_answer'];
// ----------
if (!$ktai_address) {
$p = array('msg' => 25);
openpne_redirect('ktai', 'page_o_password_query', $p);
}
if (!is_ktai_mail_address($ktai_address)) {
$p = array('msg' => 31);
openpne_redirect('ktai', 'page_o_password_query', $p);
}
if (IS_PASSWORD_QUERY_ANSWER) {
if (!$q_id) {
$p = array('msg' => 22);
openpne_redirect('ktai', 'page_o_password_query', $p);
}
if (is_null($q_answer) || $q_answer === '') {
$p = array('msg' => 23);
openpne_redirect('ktai', 'page_o_password_query', $p);
}
}
//--- 権限チェック
if (IS_PASSWORD_QUERY_ANSWER) {
$c_member_id = db_member_is_password_query_complete2($ktai_address, $q_id, $q_answer);
if (!$c_member_id) {
$p = array('msg' => 25);
openpne_redirect('ktai', 'page_o_password_query', $p);
}
} else {
$c_member_id = db_member_c_member_id4ktai_address($ktai_address);
// メールアドレスが一致しない場合でも正常に完了した時と同じ画面にする
if (!$c_member_id) {
$p = array('msg' => 26);
openpne_redirect('ktai', 'page_o_login', $p);
}
}
//---
// パスワード再発行
$session = create_hash();
db_member_update_c_member_config($c_member_id, 'password_reset_sid', $session);
db_member_update_c_member_config($c_member_id, 'password_reset_sid_time', time());
db_mail_send_m_ktai_password_reset_query($c_member_id, $session);
$p = array('msg' => 26);
openpne_redirect('ktai', 'page_o_login', $p);
}
/**
*
* Function dbInsertAdmin
*
* @param type $username username utente
* @param type $password password utente
* @param type $signature firma utente
* Permette l'inserimento di nuovi utenti in Sbot
*
* @return int ritorna 1 su errore, altrimenti inserimento correto
*/
function dbInsertAdmin($username, $password, $signature)
{
try {
$conn = getDbConnection();
$sql = "insert admins set username=:username, password=:password, signature=:signature, active='1'";
$stmt = $conn->prepare($sql);
$stmt->bindValue(':username', $username, PDO::PARAM_STR);
$stmt->bindValue(':signature', $signature, PDO::PARAM_STR);
$stmt->bindValue(':password', create_hash($password), PDO::PARAM_STR);
$stmt->execute();
} catch (Exception $ex) {
return '1';
}
}
public static function createUser($user)
{
$db = new MongoDAO('users');
$db = $db->c;
$user = array();
// This will come from a form , but here I used just for test
$user['username'] = "******";
$user['password'] = "******";
$hash = create_hash($user['username']);
$user['password'] = md5(sha1($user['password']));
$user['token'] = $hash['hash'];
$user['salt'] = $hash['salt'];
$res = $db->insert($user);
pre($user);
}
function installAdmin($host, $user, $pass = '', $db, $username, $password, $email)
{
require_once APPPATH . 'libraries/hash/pbkdf2.php';
$passdb = create_hash($password);
$nama = ucfirst($username);
$sql1 = "insert into userlogin (user_id,username,password,nama,email,status) values ('3','{$username}','{$passdb}','{$nama}','{$email}','active'); insert into usertaxonomy values(user_id,taxo_key,taxo_val) values ('3','role_user','1');";
$mysqli = new mysqli($host, $user, $pass, $db);
// Check for errors
if (mysqli_connect_errno()) {
return false;
}
// Execute a multi query
$mysqli->multi_query($sql1);
// Close the connection
$mysqli->close();
return true;
}
function get_time_n_query($line)
{
include 'config.php';
$pos_log = strpos($line, $delimiter_for_query);
$pos_log = $pos_log + strlen($delimiter_for_query);
$trimmed_line = substr($line, $pos_log);
$time = substr($trimmed_line, 0, strpos($trimmed_line, ' '));
//first occurence of select
$query = substr($trimmed_line, strpos($trimmed_line, 'SELECT'));
$query = substr($query, 0, $max_query_len);
$sql_token = tokenize_query($query);
$where_tokens = count_where_str_token($sql_token['where']);
$assigned_grp = get_group_name($where_tokens);
$hash = create_hash($sql_token['select'] . $sql_token['table'] . $assigned_grp);
$response = array('group' => $assigned_grp, 'time' => $time, 'hash' => $hash, 'query' => $query, 'token' => $sql_token, 'where_tokens' => $where_tokens);
return $response;
}
function share_picker_data()
{
global $_G;
require_once libfile('function/misc');
$client_info = get_client_info();
if (!$client_info) {
return milu_lang('share_no_allow');
}
$pid = intval($_GET['pid']);
if (!$pid) {
exit('error');
}
$picker_data = get_pick_info($pid);
if (!$picker_data['picker_hash']) {
$setarr['pick_hash'] = $picker_data['picker_hash'] = create_hash();
DB::update('strayer_picker', $picker_data, array('pid' => $picker_data['pid']));
}
$picker_data['picker_desc'] = format_url($_GET['picker_desc']);
$picker_data['name'] = format_url($_GET['pick_name']);
if (!$picker_data) {
exit('error');
}
if ($picker_data['rules_hash']) {
pload('F:rules');
$data['rules'] = get_rules_info($picker_data['rules_hash']);
$data['rules']['domain'] = $domain;
}
$data['pick'] = $picker_data;
$rpcClient = rpcClient();
unset($picker_data['pid'], $data['rules']['login_cookie'], $data['pick']['login_cookie']);
$re = $rpcClient->upload_data('pick', $data, $client_info);
if (is_object($re) || $data->Number == 0) {
if ($re->Message) {
return milu_lang('phprpc_error', array('msg' => $re->Message));
}
$re = (array) $re;
}
$re = is_array($re) ? $re[0] : $re;
if ($re < 0) {
return $re;
} else {
return 'ok';
}
}
/**
* Prepare regiter and redirect to register page.
* This method is called if OPENPNE_SHIB_AUTO_REGIST is true.
*
* @access protected
*/
protected function register_user($address)
{
$c_member_id_invite = OPENPNE_SHIB_INVITE_ID;
// Do $address register?
if (!db_member_is_limit_domain4mail_address($address)) {
$msg = "{$address} is unregistrable address.";
$p = array('msg' => $msg);
openpne_redirect('pc', 'page_o_public_invite', $p);
}
$session = create_hash();
// Do $address exist prepare register?
if (db_member_c_member_pre4pc_address($address)) {
db_member_update_c_invite($c_member_id_invite, $address, '', $session);
} else {
db_member_insert_c_invite($c_member_id_invite, $address, '', $session);
}
setcookie(session_name(), '', time() - 3600, ini_get('session.cookie_path'));
openpne_redirect('pc', 'page_o_ri', array('sid' => $session));
}
function checkTableReqs($table, &$JSON)
{
global $routes;
switch ($table) {
case "users":
if (isset($JSON['password'])) {
$JSON['password'] = create_hash($JSON['password']);
//rest_error("Mal-Formed JSON please read Documentation, missing 'password' property",400);
//return false;
}
//echo json_encode($JSON);
break;
}
foreach ($routes[$table]['identifiers'] as $val) {
if (!isset($JSON[$val])) {
rest_error("Mal-Formed JSON please read Documentation, missing '" . $val . "' property", 400);
return false;
}
}
return true;
}
function parameterFehlerhaft($datenbank)
{
global $name;
global $passwort;
try {
TUser::validiereName($_POST["bcUsername"]);
$name = $_POST["bcUsername"];
} catch (Exception $e) {
return 1;
}
try {
TUser::validierePasswort($_POST["bcPassword"]);
$passwort = create_hash($_POST["bcPassword"]);
} catch (Exception $e) {
return 2;
}
if ($_POST["bcPassword"] != $_POST["bcPassword2"]) {
return 3;
}
return benutzerExistiert($datenbank);
}
function db_check_credential($username, $password)
{
// $q = Doctrine_Query::create()
// ->from('Account a')
// ->where('a.login = ? and crypted_password = ? and enabled = 1', array($username, sha1($password)));
//// printf("%s\n", $q->getSqlQuery());
// return ($q->execute()->count() == 1);
$account = db_get_account($username);
if ($account && $account['enabled']) {
if (strstr($account['crypted_password'], ':') !== false) {
return validate_password($password, $account['crypted_password']);
} else {
// check and migrate sha1 password to pbkdf2
if (sha1($password) == $account['crypted_password']) {
$values = array('crypted_password' => create_hash($password));
db_save_account($username, $values);
return true;
}
}
}
return false;
}
public function create_customer()
{
// get user details from stripe
$input = @file_get_contents("php://input");
$event_json = json_decode($input);
$user = $event_json->data->object;
$card = isset($event_json->data->object->cards->data[0]) ? $event_json->data->object->cards->data[0] : null;
// mail("*****@*****.**", "Attempted to create a user.", $input);
$this->load->model('user_model');
// check if the email exists
if (!$this->user_model->checkEmailFP($user->email)) {
// return null if email already exists
// create needed fields and save to users
$this->load->library('custom_library');
$random_password = $this->custom_library->get_random_string(10);
$salt = $this->custom_library->get_random_string(16);
include_once OTHERS . "PasswordHash.php";
$hashed_password = create_hash($random_password . $salt);
$key = $this->custom_library->get_random_string(16);
$new_user = array('email' => $user->email, 'password' => $hashed_password, 'salt' => $salt, 'confirmation_key' => $key, 'stripe_customer_id' => $user->id);
if ($card) {
$new_user['firstname'] = $card->name;
$new_user['country'] = $card->address_country;
}
$result = $this->user_model->add($new_user);
if ($result) {
// add subscription
// send confirmation email
$this->load->model('email_model');
$this->email_model->sendConfirmationEmail($user->email, $key, $random_password);
http_response_code(200);
}
} else {
//add subscription to the user
mail("*****@*****.**", "LGT.net - User Duplication", "There was attempt to create an existing user with an email of: " . $user->email);
http_response_code(200);
}
}
public function up()
{
$this->load->model('document_types_statuses_model');
$this->load->model('status_model');
$this->load->helper('secure_hash');
$this->db->query("DELETE FROM statuses WHERE 1");
$this->document_types_statuses_model->add(array('status_id' => $this->status_model->add(array('name' => 'OPEN', 'description' => 'The [[document]] is now open')), 'document_type' => 'job_site', 'sortorder' => 1));
$this->document_types_statuses_model->add(array('status_id' => $this->status_model->add(array('name' => 'COMPLETED', 'description' => 'Work on this [[document]] is now completed')), 'document_type' => 'job_site', 'sortorder' => 2));
$this->document_types_statuses_model->add(array('status_id' => $this->status_model->add(array('name' => 'ARCHIVED', 'description' => 'This [[document]] is archived')), 'document_type' => 'job_site', 'sortorder' => 3));
$this->document_types_statuses_model->add(array('status_id' => $this->status_model->add(array('name' => 'CANCELLED', 'description' => 'The [[document]] has been cancelled')), 'document_type' => 'job_site', 'sortorder' => 4));
$this->db->query("SET FOREIGN_KEY_CHECKS=0;");
$this->db->query("DROP TABLE IF EXISTS building_bookings;");
$this->db->query("CREATE TABLE IF NOT EXISTS building_bookings (\nid int(10) unsigned NOT NULL,\n job_site_id int(10) unsigned NOT NULL,\n booking_date int(10) unsigned NOT NULL,\n message text COLLATE utf8_unicode_ci NOT NULL,\n creation_date int(10) unsigned DEFAULT NULL,\n revision_date int(10) unsigned DEFAULT NULL,\n `status` enum('Active','Suspended') COLLATE utf8_unicode_ci NOT NULL DEFAULT 'Active',\n confirmed int(11) DEFAULT '0'\n) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=15 ;");
$this->db->query("DROP TABLE IF EXISTS building_booking_recipients;");
$this->db->query("CREATE TABLE IF NOT EXISTS building_booking_recipients (\nid int(10) unsigned NOT NULL,\n booking_id int(11) DEFAULT NULL,\n user_id int(10) unsigned NOT NULL,\n creation_date int(10) unsigned DEFAULT NULL,\n revision_date int(10) unsigned DEFAULT NULL,\n `status` enum('Active','Suspended') COLLATE utf8_unicode_ci NOT NULL DEFAULT 'Active'\n) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=30 ;");
$this->db->query("DROP TABLE IF EXISTS building_job_sites;");
$this->db->query("CREATE TABLE IF NOT EXISTS building_job_sites (\nid int(10) unsigned NOT NULL,\n unit varchar(16) COLLATE utf8_unicode_ci DEFAULT NULL,\n number varchar(32) COLLATE utf8_unicode_ci NOT NULL,\n street varchar(255) COLLATE utf8_unicode_ci NOT NULL,\n street_type varchar(255) COLLATE utf8_unicode_ci NOT NULL,\n city varchar(255) COLLATE utf8_unicode_ci NOT NULL,\n state varchar(64) COLLATE utf8_unicode_ci NOT NULL DEFAULT 'WA',\n postcode int(5) unsigned NOT NULL,\n creation_date int(10) unsigned DEFAULT NULL,\n revision_date int(10) unsigned DEFAULT NULL,\n `status` enum('Active','Suspended') COLLATE utf8_unicode_ci NOT NULL DEFAULT 'Active'\n) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=2 ;");
$this->db->query("DROP TABLE IF EXISTS building_migrations;");
$this->db->query("CREATE TABLE IF NOT EXISTS building_migrations (\n module varchar(20) NOT NULL,\n version bigint(20) NOT NULL\n) ENGINE=InnoDB DEFAULT CHARSET=utf8;");
$this->db->query("ALTER TABLE building_bookings\n ADD PRIMARY KEY (id), ADD KEY job_site_id (job_site_id);");
$this->db->query("ALTER TABLE building_booking_recipients\n ADD PRIMARY KEY (id), ADD KEY booking_request_id (booking_id);");
$this->db->query("ALTER TABLE building_job_sites\n ADD PRIMARY KEY (id);");
$this->db->query("ALTER TABLE building_bookings\nMODIFY id int(10) unsigned NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=15;");
$this->db->query("ALTER TABLE building_booking_recipients\nMODIFY id int(10) unsigned NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=30;");
$this->db->query("ALTER TABLE building_job_sites\nMODIFY id int(10) unsigned NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=2;");
$this->db->query("SET FOREIGN_KEY_CHECKS=1;");
$this->db->query("DELETE FROM capabilities WHERE name LIKE 'building:%';");
$role_id = $this->role_model->add(array('name' => 'Manager', 'description' => 'Manager', 'parent_id' => 1));
$cap1_id = $this->capability_model->add(array('name' => 'building:editstatuses', 'description' => 'Edit the statuses of building sites', 'type' => 'write', 'dependson' => 1));
$cap2_id = $this->capability_model->add(array('name' => 'building:editjobsites', 'description' => 'Edit job sites', 'type' => 'write', 'dependson' => $cap1_id));
$cap3_id = $this->capability_model->add(array('name' => 'building:writejobsites', 'description' => 'Create job sites', 'type' => 'write', 'dependson' => $cap2_id));
$cap4_id = $this->capability_model->add(array('name' => 'building:viewjobsites', 'description' => 'View job sites', 'type' => 'read', 'dependson' => $cap3_id));
$cap5_id = $this->capability_model->add(array('name' => 'building:deletejobsites', 'description' => 'Delete job sites', 'type' => 'write', 'dependson' => $cap2_id));
$this->db->query("INSERT INTO roles_capabilities (role_id, capability_id) VALUES ({$role_id}, {$cap1_id})");
$user1_id = $this->user_model->add(array('first_name' => 'Demo 1', 'last_name' => 'User', 'username' => 'demo', 'password' => create_hash('password'), 'type' => 'staff'));
$user2_id = $this->user_model->add(array('first_name' => 'Demo 2', 'last_name' => 'User', 'username' => 'demo2', 'password' => create_hash('password'), 'type' => 'staff'));
$this->db->query("INSERT INTO users_roles (role_id, user_id) VALUES ({$role_id}, {$user1_id}), ({$role_id}, {$user2_id})");
}
