function __construct($user, $display, $pass, $email, $country, $state, $city, $address, $zip, $phone)
{
//Used for display only
$this->displayname = $display;
//Sanitize
$this->clean_email = sanitize($email);
$this->clean_password = trim($pass);
$this->username = sanitize($user);
$this->user_country = sanitize($country);
$this->user_state = sanitize($state);
$this->user_city = sanitize($city);
$this->user_address = sanitize($address);
$this->user_zip = sanitize($zip);
$this->user_phone = sanitize($phone);
if (usernameExists($this->username)) {
$this->username_taken = true;
} else {
if (displayNameExists($this->displayname)) {
$this->displayname_taken = true;
} else {
if (emailExists($this->clean_email)) {
$this->email_taken = true;
} else {
//No problems have been found.
$this->status = true;
}
}
}
}
function __construct($user, $display, $pass, $email, $pin, $location, $about)
{
//Used for display only
$this->displayname = $display;
//Sanitize
$this->clean_email = sanitize($email);
$this->clean_password = trim($pass);
$this->username = sanitize($user);
$this->clean_pin = trim($pin);
$this->location = trim($location);
$this->about = trim($about);
if (usernameExists($this->username)) {
$this->username_taken = true;
} else {
if (displayNameExists($this->displayname)) {
$this->displayname_taken = true;
} else {
if (emailExists($this->clean_email)) {
$this->email_taken = true;
} else {
//No problems have been found.
$this->status = true;
}
}
}
}
function __construct($user, $display, $pass, $email, $colist, $contact)
{
//Used for display only
$this->displayname = $display;
//Sanitize
$this->clean_email = sanitize($email);
$this->clean_password = trim($pass);
$this->username = sanitize($user);
$this->colist_agent = $colist;
$this->contact_person = $contact;
if (usernameExists($this->username)) {
$this->username_taken = true;
} else {
if (displayNameExists($this->displayname)) {
$this->displayname_taken = true;
} else {
if (emailExists($this->clean_email)) {
$this->email_taken = true;
} else {
//No problems have been found.
$this->status = true;
}
}
}
}
function __construct($user, $pass, $email, $group_id = 2)
{
//Used for display only
$this->unclean_username = $user;
//Sanitize
$this->clean_email = sanitize($email);
$this->clean_password = trim($pass);
$this->group_id = trim($group_id);
$this->clean_username = sanitize($user);
if (usernameExists($this->clean_username)) {
$this->username_taken = true;
} elseif (emailExists($this->clean_email)) {
$this->email_taken = true;
} else {
//No problems have been found.
$this->status = true;
}
}
function sendNewPassw($email_address)
{
//if email exists find user and make new pass. send new pass through email
$userid = emailExists($email_address);
if ($userid == 0) {
return false;
} else {
$newpass = resetPassword($userid);
$subject = MSG00165 . ' ' . szName();
$message = MSG00167 . ' ' . szName() . "\r\n" . MSG00168 . ' ' . szUrl() . "\r\n" . MSG00166 . ': ' . $newpass;
$headers = 'From: ' . szEmail() . "\r\n" . 'Bcc: ' . szCronEmail() . "\r\n";
if (sendEmail($email_address, $subject, $message, $headers)) {
return true;
} else {
return false;
}
}
}
<body>
<a href="admin.php" class="uppercase admin-button">Admin</a>
<?php
if (count($_POST) > 0) {
// 1.Honeypot
if ($_POST['name'] != '') {
die('Spammeur !');
}
// 2.Nettoyage
$email = trim(strip_tags($_POST['email']));
// 3.Validation
$errors = array();
if (!is_valid_email($email)) {
$errors['email'] = 'Vous devez entrer une adresse email valide.';
} else {
if (emailExists($connexion, $email)) {
$errors['email'] = 'Cette adresse email est déjà dans notre base de données.';
}
}
if (count($errors) < 1) {
$uniqid = uniqid();
include 'mail.inc.php';
$sql = 'INSERT INTO users(user_id, email, date, state) VALUES(:user_id, :email, now(), :state)';
$preparedStatement = $connexion->prepare($sql);
$preparedStatement->bindValue('user_id', $uniqid);
$preparedStatement->bindValue('email', $email);
$preparedStatement->bindValue('state', 'off');
$preparedStatement->execute();
}
}
?>
public function validate_email($value)
{
if (filter_var($value, FILTER_VALIDATE_REGEXP, array('options' => array('regexp' => '/^[a-z0-9._%+-]+@(?:[a-z0-9-]+\\.)+([a-z]{2}|com|net|org|edu|gov|mil|tel|biz|info|name|mobi|asia)$/'))) === false) {
$this->set_specific_error('password', lang("ACCOUNT_INVALID_EMAIL"));
} else {
if (emailExists($value)) {
$this->set_specific_error('email', lang("ACCOUNT_EMAIL_IN_USE", array($value)));
}
}
}
$errors[] = lang("SQL_ERROR");
} else {
$successes[] = lang("FORGOTPASS_REQUEST_CANNED");
}
}
}
//Forms posted
if (!empty($_POST)) {
$email = $_POST["email"];
$username = sanitize($_POST["username"]);
//Perform some validation
//Feel free to edit / change as required
if (trim($email) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
} else {
if (!isValidEmail($email) || !emailExists($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
}
}
if (trim($username) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
} else {
if (!usernameExists($username)) {
$errors[] = lang("ACCOUNT_INVALID_USERNAME");
}
}
if (count($errors) == 0) {
//Check that the username / email are associated to the same account
if (!emailUsernameLinked($email, $username)) {
$errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");
} else {
function method_sign_in()
{
global $db_prefix, $context, $user_profile, $modSettings, $register, $sourcedir, $user_info, $boardurl, $txt;
require_once $sourcedir . '/Register.php';
require_once $sourcedir . '/Subs-Members.php';
require_once $sourcedir . '/Subs-Auth.php';
$token = $context['mob_request']['params'][0][0];
$code = $context['mob_request']['params'][1][0];
$email = isset($context['mob_request']['params'][2][0]) ? base64_decode($context['mob_request']['params'][2][0]) : '';
$username = isset($context['mob_request']['params'][3][0]) ? base64_decode($context['mob_request']['params'][3][0]) : '';
$password = isset($context['mob_request']['params'][4][0]) ? base64_decode($context['mob_request']['params'][4][0]) : '';
// verify tapatalk token and code first
$ttid = TapatalkSsoVerification($token, $code);
if (empty($ttid)) {
get_error('Tapatalk authorization verify failed, please login with your username and password.');
}
$tapatalk_id_email = $ttid->email;
$result_status = true;
$register = false;
$result_text = '';
if (!$ttid->result || empty($tapatalk_id_email)) {
get_error($ttid->result_text ? $ttid->result_text : 'Tapatalk authorization verify failed, please login with your username and password');
}
// sign in with email or register an account
$login_id = emailExists($tapatalk_id_email);
if (empty($login_id)) {
if (empty($username)) {
get_error('Invalid Parameters', 2);
} else {
if (isReservedName($username, 0, true, false)) {
get_error($txt[473], 1);
} else {
if (empty($password)) {
$password = tt_generatePassword();
}
$_POST['user'] = $username;
$_POST['email'] = $tapatalk_id_email;
$_POST['passwrd1'] = $password;
$_POST['passwrd2'] = $password;
$_POST['regagree'] = 'on';
$_POST['regSubmit'] = 'Register';
$_POST['skip_coppa'] = 1;
$_SESSION['old_url'] = $boardurl;
$modSettings['disable_visual_verification'] = 1;
$modSettings['recaptcha_enabled'] = 0;
$modSettings['recaptcha_enable'] = 0;
$modSettings['captchaenable'] = 0;
// compatibility with old CAPTCHA Mod
$modSettings['anti_spam_ver_enable'] = false;
if ($modSettings['registration_method'] == 1) {
$modSettings['registration_method'] = 0;
}
$login_id = Register2();
$register = true;
$result_status = $modSettings['registration_method'] == 2 ? false : true;
$result_text = $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : '';
if (empty($login_id)) {
get_error('Register failed');
}
}
}
}
// do login
if ($login_id) {
$request = db_query("\n SELECT passwd, ID_MEMBER AS id_member, is_activated, ID_GROUP AS id_group, emailAddress AS email_address, additionalGroups AS additional_groups, memberName AS member_name,\n passwordSalt AS password_salt, ID_POST_GROUP\n FROM {$db_prefix}members\n WHERE ID_MEMBER = '{$login_id}'\n ", __FILE__, __LINE__);
$user = mysql_fetch_assoc($request);
if ($user['is_activated'] == 3 && !$register) {
fatal_lang_error('still_awaiting_approval');
}
// Set the login cookie
setLoginCookie(60 * $modSettings['cookieTime'], $login_id, sha1($user['passwd'] . $user['password_salt']));
loadMemberData($user['id_member'], false, 'profile');
$user_info = $user_profile[$user['id_member']];
$user_info['is_guest'] = false;
$user_info['is_admin'] = $user['id_group'] == 1 || in_array(1, explode(',', $user['additional_groups']));
$user_info['id'] = $user['id_member'];
if (empty($user_info['additionalGroups'])) {
$user_info['groups'] = array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']);
} else {
$user_info['groups'] = array_merge(array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']), explode(',', $user_info['additionalGroups']));
}
$user_info['groups'] = array_unique(array_map('intval', $user_info['groups']));
// Banned?
is_not_banned(true);
// Don't stick the language or theme after this point.
unset($_SESSION['language']);
unset($_SESSION['ID_THEME']);
// You've logged in, haven't you?
updateMemberData($user_info['id'], array('lastLogin' => time(), 'memberIP' => '\'' . $user_info['ip'] . '\'', 'memberIP2' => '\'' . $_SERVER['BAN_CHECK_IP'] . '\''));
// Get rid of the online entry for that old guest....
db_query("\n DELETE FROM {$db_prefix}log_online\n WHERE session = 'ip{$user_info['ip']}'\n LIMIT 1", __FILE__, __LINE__);
$_SESSION['log_time'] = 0;
loadPermissions();
update_push();
// We got this far? return a positive response....
outputRPCLogin($result_status, $result_text);
} else {
get_error('Sign In Failed');
}
}
// CSRF対策
setToken();
} else {
$_POST = arrayString($_POST);
checkToken();
$emailre = '/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD';
$passre = '/^[0-9a-zA-Z]{6,20}$/';
$birthre = '/\\d{4}\\-\\d{2}\\-\\d{2}/';
$error = [];
if (1 > strlen($_POST['name']) || strlen($_POST['name']) > 20) {
$error[] = '名前は1文字以上20文字以内';
}
if (!preg_match($emailre, $_POST['email'])) {
$error[] = '不正なメールアドレス';
} else {
if (emailExists($_POST['email']) != 0) {
$error[] = 'このメールアドレスは既に登録されています';
}
}
if (!preg_match($passre, $_POST['password'])) {
$error[] = 'パスワードは英数字6文字以上20文字以内';
} else {
if ($_POST['password'] != $_POST['repassword']) {
$error[] = '二つのパスワードが異なっています';
} else {
if (!preg_match($birthre, $_POST['birthyear'] . '-' . $_POST['birthmonth'] . '-' . $_POST['birthday'])) {
$error[] = '誕生日の入力が不正です';
} else {
if ($_POST['gender'] != '0' && $_POST['gender'] != '1') {
$error[] = '性別の入力が不正です';
}
}
//Activate account
if (isset($_POST['activate']) && $_POST['activate'] == "activate") {
if (setUserActive($userdetails['activation_token'])) {
$successes[] = lang("ACCOUNT_MANUALLY_ACTIVATED", array($displayname));
} else {
$errors[] = lang("SQL_ERROR");
}
}
//Update email
if ($userdetails['email'] != $_POST['email']) {
$email = trim($_POST["email"]);
//Validate email
if (!isValidEmail($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
} elseif (emailExists($email)) {
$errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email));
} else {
if (updateEmail($userId, $email)) {
$successes[] = lang("ACCOUNT_EMAIL_UPDATED");
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
//Update title
if ($userdetails['title'] != $_POST['title']) {
$title = trim($_POST['title']);
//Validate title
if (minMaxRange(1, 50, $title)) {
$errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 50));
$errors[] = "Unable to update " . $row['Username'] . "'s username because selected name is not between 5 and 25 characters.";
} elseif (usernameExists($newusername)) {
$errors[] = "Unable to change " . $row['Username'] . "'s name because selected username is already in use.";
} else {
$sql = "UPDATE " . $db_table_prefix . "Users SET Username = '******', Username_clean = '" . sanitize($newusername) . "' WHERE User_ID='" . $row['User_ID'] . "'";
$db->sql_query($sql);
}
}
if ($row['Email'] != $newemail) {
if (trim($newemail) == "") {
$errors[] = "Unable to update " . $row['Username'] . "'s email because no address was entered.";
} else {
if (!isValidEmail($newemail)) {
$errors[] = "Unable to update " . $row['Username'] . "'s email because address is invalid.";
} else {
if (emailExists($newemail)) {
$errors[] = "Unable to update " . $row['Username'] . "'s email because address is already in use.";
} else {
$sql = "UPDATE " . $db_table_prefix . "Users SET Email = '" . $newemail . "' WHERE User_ID='" . $row['User_ID'] . "'";
$db->sql_query($sql);
}
}
}
}
if ($newgroup != $row['Group_ID']) {
$sql = "UPDATE " . $db_table_prefix . "Users SET Group_ID = '" . $newgroup . "' WHERE User_ID='" . $row['User_ID'] . "'";
$db->sql_query($sql);
}
}
}
}
function updateLastActivationRequest($new_activation_token, $user_name, $email)
{
// Check that email, user_name exist and are linked
if (!(emailExists($email) && usernameExists($user_name) && emailUsernameLinked($email, $user_name))) {
addAlert("danger", "Invalid email/username specified.");
return false;
}
try {
global $db_table_prefix;
$db = pdoConnect();
$sqlVars = array();
$query = "UPDATE " . $db_table_prefix . "users\n SET activation_token = :token,\n last_activation_request = :time,\n lost_password_timestamp = :time_password\n WHERE email = :email\n AND\n user_name = :user_name";
$stmt = $db->prepare($query);
$sqlVars['token'] = $new_activation_token;
$sqlVars['time'] = time();
$sqlVars['time_password'] = time();
$sqlVars['email'] = $email;
$sqlVars['user_name'] = $user_name;
if (!$stmt->execute($sqlVars)) {
// Error: column does not exist
return false;
}
return true;
} catch (PDOException $e) {
addAlert("danger", "Oops, looks like our database encountered an error.");
error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
return false;
} catch (ErrorException $e) {
addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs.");
return false;
} catch (RuntimeException $e) {
addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs.");
error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
return false;
}
}
$user_name = $_POST['user_name'];
$email = $_POST['email'];
$password = $_POST['password'];
$db = connectDb();
//ユーザの文字数チェック
if (mb_strlen($user_name) < 3 || mb_strlen($user_name) > 15) {
$error['user_name'] = '3文字以上15文字以下にしてください';
}
//メールアドレスが入力されているかのチェック
if ($email === '') {
$error['email'] = 'メールアドレスを入力してください';
//メールアドレスの形式が正しいかどうかチェック
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error['email'] = 'メールアドレスの形式が正しくないです';
//メールアドレスが既に登録されているかどうかチェック
} elseif (emailExists($email, $db)) {
$error['email'] = 'このメールアドレスは既に登録されています';
}
//パスワードが英数字であることかつ文字数チェック
if (!preg_match('/^[a-zA-Z0-9]{4,8}$/', $password)) {
$error['password'] = '******';
}
if (empty($error)) {
# code...
$hash = password_hash($password, PASSWORD_DEFAULT);
$sql = 'INSERT INTO users (user_name, email, password) VALUES (:user_name, :email, :password)';
$statement = $db->prepare($sql);
$statement->bindValue(':user_name', $user_name, PDO::PARAM_STR);
$statement->bindValue(':email', $email, PDO::PARAM_STR);
$statement->bindValue(':password', $hash, PDO::PARAM_STR);
if ($statement->execute()) {
function mob_update_password($rpcmsg)
{
global $txt, $modSettings;
global $cookiename, $context;
global $sourcedir, $scripturl, $db_prefix;
global $ID_MEMBER, $user_info;
global $newpassemail, $user_profile, $validationCode;
loadLanguage('Profile');
// Start with no updates and no errors.
$profile_vars = array();
$post_errors = array();
$good_password = false;
// reset directly with tapatalk id credential
if ($rpcmsg->getParam(2)) {
$_POST['passwrd1'] = $rpcmsg->getParam(0) ? $rpcmsg->getScalarValParam(0) : '';
$_POST['passwrd1'] = utf8ToAscii($_POST['passwrd1']);
$token = $rpcmsg->getParam(1) ? $rpcmsg->getScalarValParam(1) : '';
$code = $rpcmsg->getParam(2) ? $rpcmsg->getScalarValParam(2) : '';
// verify Tapatalk Authorization
if ($token && $code) {
$ttid = TapatalkSsoVerification($token, $code);
if ($ttid && $ttid->result) {
$tapatalk_id_email = $ttid->email;
if (empty($ID_MEMBER) && ($ID_MEMBER = emailExists($tapatalk_id_email))) {
loadMemberData($ID_MEMBER, false, 'profile');
$user_info = $user_profile[$ID_MEMBER];
$user_info['is_guest'] = false;
$user_info['is_admin'] = $user_info['id_group'] == 1 || in_array(1, explode(',', $user_info['additionalGroups']));
$user_info['id'] = $ID_MEMBER;
if (empty($user_info['additionalGroups'])) {
$user_info['groups'] = array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']);
} else {
$user_info['groups'] = array_merge(array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']), explode(',', $user_info['additionalGroups']));
}
$user_info['groups'] = array_unique(array_map('intval', $user_info['groups']));
loadPermissions();
}
if (strtolower($user_info['emailAddress']) == strtolower($tapatalk_id_email) && $user_info['ID_GROUP'] != 1) {
$good_password = true;
}
}
}
if (!$good_password) {
get_error('Failed to update password');
}
} else {
$_POST['oldpasswrd'] = $rpcmsg->getParam(0) ? $rpcmsg->getScalarValParam(0) : '';
$_POST['passwrd1'] = $rpcmsg->getParam(1) ? $rpcmsg->getScalarValParam(1) : '';
$_POST['passwrd1'] = utf8ToAscii($_POST['passwrd1']);
}
// Clean up the POST variables.
$_POST = htmltrim__recursive($_POST);
$_POST = stripslashes__recursive($_POST);
$_POST = htmlspecialchars__recursive($_POST);
$_POST = addslashes__recursive($_POST);
$memberResult = loadMemberData($ID_MEMBER, false, 'profile');
if (!is_array($memberResult)) {
fatal_lang_error(453, false);
}
$memID = $ID_MEMBER;
$context['user']['is_owner'] = true;
isAllowedTo(array('manage_membergroups', 'profile_identity_any', 'profile_identity_own'));
// You didn't even enter a password!
if (trim($_POST['oldpasswrd']) == '' && !$good_password) {
fatal_error($txt['profile_error_no_password']);
}
// Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password
$_POST['oldpasswrd'] = addslashes(un_htmlspecialchars(stripslashes($_POST['oldpasswrd'])));
// Does the integration want to check passwords?
if (isset($modSettings['integrate_verify_password']) && function_exists($modSettings['integrate_verify_password'])) {
if (call_user_func($modSettings['integrate_verify_password'], $user_profile[$memID]['memberName'], $_POST['oldpasswrd'], false) === true) {
$good_password = true;
}
}
// Bad password!!!
if (!$good_password && $user_info['passwd'] != sha1(strtolower($user_profile[$memID]['memberName']) . $_POST['oldpasswrd'])) {
fatal_error($txt['profile_error_bad_password']);
}
// Let's get the validation function into play...
require_once $sourcedir . '/Subs-Auth.php';
$passwordErrors = validatePassword($_POST['passwrd1'], $user_info['username'], array($user_info['name'], $user_info['email']));
// Were there errors?
if ($passwordErrors != null) {
fatal_error($txt['profile_error_password_' . $passwordErrors]);
}
// Set up the new password variable... ready for storage.
$profile_vars['passwd'] = '\'' . sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . '\'';
// If we've changed the password, notify any integration that may be listening in.
if (isset($modSettings['integrate_reset_pass']) && function_exists($modSettings['integrate_reset_pass'])) {
call_user_func($modSettings['integrate_reset_pass'], $user_profile[$memID]['memberName'], $user_profile[$memID]['memberName'], $_POST['passwrd1']);
}
updateMemberData($memID, $profile_vars);
require_once $sourcedir . '/Subs-Auth.php';
setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . $user_profile[$memID]['passwordSalt']));
$response = array('result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64'));
return new xmlrpcresp(new xmlrpcval($response, 'struct'));
}
<?php
require_once __DIR__ . '/db.php';
//response for json
$response = array();
if (isset($_POST['FirstName']) && isset($_POST['LastName']) && isset($_POST['Username']) && isset($_POST['Password']) && isset($_POST['Email'])) {
$fname = $_POST['FirstName'];
$lname = $_POST['LastName'];
$username = $_POST['Username'];
$password = $_POST['Password'];
$email = $_POST['Email'];
require_once __DIR__ . '/ifExists.php';
if (!usernameExists($username)) {
if (!emailExists($email)) {
$db = new DB();
$db->bind('FirstName', $fname);
$db->bind('LastName', $lname);
$db->bind('Username', $username);
$db->bind('Password', $password);
$db->bind('Email', $email);
$result = $db->query("INSERT INTO `users`(FirstName, LastName, Username, Password, Email) " . "VALUES (:FirstName, :LastName, :Username, :Password, :Email)");
if ($result) {
//successful
$response["success"] = 1;
$response["message"] = "User successfully registered.";
echo json_encode($response);
} else {
$response["success"] = 0;
$response["message"] = 'An error occurred.';
echo json_encode($response);
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
$baseURL = getcwd();
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//User has confirmed they want their password changed
if (!empty($_GET["confirm"])) {
$token = trim($_GET["confirm"]);
if ($token == "" || !validateActivationToken($token, TRUE)) {
$errors[] = lang("FORGOTPASS_INVALID_TOKEN");
} else {
$rand_pass = getUniqueCode(15);
//Get unique code
$secure_pass = generateHash($rand_pass);
//Generate random hash
$userdetails = fetchUserDetails(NULL, $token);
//Fetchs user details
$mail = new userCakeMail();
//Setup our custom hooks
$hooks = array("searchStrs" => array("#GENERATED-PASS#", "#USERNAME#"), "subjectStrs" => array($rand_pass, $userdetails["display_name"]));
if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/your-lost-password.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["email"], "Your new password")) {
$errors[] = lang("MAIL_ERROR");
} else {
if (!updatePasswordFromToken($secure_pass, $token)) {
$errors[] = lang("SQL_ERROR");
} else {
if (!flagLostPasswordRequest($userdetails["user_name"], 0)) {
$errors[] = lang("SQL_ERROR");
} else {
$successes[] = lang("FORGOTPASS_NEW_PASS_EMAIL");
}
}
}
}
}
}
//User has denied this request
if (!empty($_GET["deny"])) {
$token = trim($_GET["deny"]);
if ($token == "" || !validateActivationToken($token, TRUE)) {
$errors[] = lang("FORGOTPASS_INVALID_TOKEN");
} else {
$userdetails = fetchUserDetails(NULL, $token);
if (!flagLostPasswordRequest($userdetails["user_name"], 0)) {
$errors[] = lang("SQL_ERROR");
} else {
$successes[] = lang("FORGOTPASS_REQUEST_CANNED");
}
}
}
//Forms posted
if (!empty($_POST)) {
$email = $_POST["email"];
$username = sanitize($_POST["username"]);
//Perform some validation
//Feel free to edit / change as required
if (trim($email) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
} else {
if (!isValidEmail($email) || !emailExists($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
}
}
if (trim($username) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
} else {
if (!usernameExists($username)) {
$errors[] = lang("ACCOUNT_INVALID_USERNAME");
}
}
if (count($errors) == 0) {
//Check that the username / email are associated to the same account
if (!emailUsernameLinked($email, $username)) {
$errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");
} else {
//Check if the user has any outstanding lost password requests
$userdetails = fetchUserDetails($username);
if ($userdetails["lost_password_request"] == 1) {
$errors[] = lang("FORGOTPASS_REQUEST_EXISTS");
} else {
//Email the user asking to confirm this change password request
//We can use the template builder here
//We use the activation token again for the url key it gets regenerated everytime it's used.
$mail = new userCakeMail();
$confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot-password.php?confirm=" . $userdetails["activation_token"];
$deny_url = lang("DENY") . "\n" . $websiteUrl . "forgot-password.php?deny=" . $userdetails["activation_token"];
//Setup our custom hooks
$hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["user_name"]));
if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/lost-password-request.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["email"], "Lost password request")) {
$errors[] = lang("MAIL_ERROR");
} else {
//Update the DB to show this account has an outstanding request
if (!flagLostPasswordRequest($userdetails["user_name"], 1)) {
$errors[] = lang("SQL_ERROR");
} else {
$successes[] = lang("FORGOTPASS_REQUEST_SUCCESS");
}
}
}
}
}
}
}
$this->load->view('forgot_password');
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
$userId = $_GET['id'];
//Check if selected user exists
if (!userIdExists($userId)) {
header("Location: " . str_replace('index.php/', '', site_url('admin_users')));
die;
}
$userdetails = fetchUserDetails(NULL, NULL, $userId);
//Fetch user details
//Forms posted
if (!empty($_POST)) {
//Delete selected account
if (!empty($_POST['delete'])) {
$deletions = $_POST['delete'];
if ($deletion_count = deleteUsers($deletions)) {
$successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
} else {
//Update display name
if ($userdetails['display_name'] != $_POST['display']) {
$displayname = trim($_POST['display']);
//Validate display name
if (displayNameExists($displayname)) {
$errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE", array($displayname));
} elseif (minMaxRange(5, 25, $displayname)) {
$errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(5, 25));
} elseif (!ctype_alnum($displayname)) {
$errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");
} else {
if (updateDisplayName($userId, $displayname)) {
$successes[] = lang("ACCOUNT_DISPLAYNAME_UPDATED", array($displayname));
} else {
$errors[] = lang("SQL_ERROR");
}
}
} else {
$displayname = $userdetails['display_name'];
}
//Activate account
if (isset($_POST['activate']) && $_POST['activate'] == "activate") {
if (setUserActive($userdetails['activation_token'])) {
$successes[] = lang("ACCOUNT_MANUALLY_ACTIVATED", array($displayname));
} else {
$errors[] = lang("SQL_ERROR");
}
}
//Update email
if ($userdetails['email'] != $_POST['email']) {
$email = trim($_POST["email"]);
//Validate email
if (!isValidEmail($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
} elseif (emailExists($email)) {
$errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email));
} else {
if (updateEmail($userId, $email)) {
$successes[] = lang("ACCOUNT_EMAIL_UPDATED");
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
//Update title
if ($userdetails['title'] != $_POST['title']) {
$title = trim($_POST['title']);
//Validate title
if (minMaxRange(1, 50, $title)) {
$errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 50));
} else {
if (updateTitle($userId, $title)) {
$successes[] = lang("ACCOUNT_TITLE_UPDATED", array($displayname, $title));
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
//Remove permission level
if (!empty($_POST['removePermission'])) {
$remove = $_POST['removePermission'];
if ($deletion_count = removePermission($remove, $userId)) {
$successes[] = lang("ACCOUNT_PERMISSION_REMOVED", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
if (!empty($_POST['addPermission'])) {
$add = $_POST['addPermission'];
if ($addition_count = addPermission($add, $userId)) {
$successes[] = lang("ACCOUNT_PERMISSION_ADDED", array($addition_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
$userdetails = fetchUserDetails(NULL, NULL, $userId);
}
}
$userPermission = fetchUserPermissions($userId);
$permissionData = fetchAllPermissions();
require_once "{$baseURL}/application/third_party/user_cake/models/header.php";
echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin User</h2>\r\n<div id='left-nav'>";
include "{$baseURL}/application/third_party/user_cake/left-nav.php";
echo "\r\n</div>\r\n<div id='main'>";
echo resultBlock($errors, $successes);
echo "\r\n<form name='adminUser' action='" . $_SERVER['PHP_SELF'] . "?id=" . $userId . "' method='post'>\r\n<table class='admin'><tr><td>\r\n<h3>User Information</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>ID:</label>\r\n" . $userdetails['id'] . "\r\n</p>\r\n<p>\r\n<label>Username:</label>\r\n" . $userdetails['user_name'] . "\r\n</p>\r\n<p>\r\n<label>Display Name:</label>\r\n<input type='text' name='display' value='" . $userdetails['display_name'] . "' />\r\n</p>\r\n<p>\r\n<label>Email:</label>\r\n<input type='text' name='email' value='" . $userdetails['email'] . "' />\r\n</p>\r\n<p>\r\n<label>Active:</label>";
//Display activation link, if account inactive
if ($userdetails['active'] == '1') {
echo "Yes";
} else {
echo "No\r\n\t</p>\r\n\t<p>\r\n\t<label>Activate:</label>\r\n\t<input type='checkbox' name='activate' id='activate' value='activate'>\r\n\t";
}
echo "\r\n</p>\r\n<p>\r\n<label>Title:</label>\r\n<input type='text' name='title' value='" . $userdetails['title'] . "' />\r\n</p>\r\n<p>\r\n<label>Sign Up:</label>\r\n" . date("j M, Y", $userdetails['sign_up_stamp']) . "\r\n</p>\r\n<p>\r\n<label>Last Sign In:</label>";
//Last sign in, interpretation
if ($userdetails['last_sign_in_stamp'] == '0') {
echo "Never";
} else {
echo date("j M, Y", $userdetails['last_sign_in_stamp']);
}
echo "\r\n</p>\r\n<p>\r\n<label>Delete:</label>\r\n<input type='checkbox' name='delete[" . $userdetails['id'] . "]' id='delete[" . $userdetails['id'] . "]' value='" . $userdetails['id'] . "'>\r\n</p>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Update' class='submit' />\r\n</p>\r\n</div>\r\n</td>\r\n<td>\r\n<h3>Permission Membership</h3>\r\n<div id='regbox'>\r\n<p>Remove Permission:";
//List of permission levels user is apart of
foreach ($permissionData as $v1) {
if (isset($userPermission[$v1['id']])) {
echo "<br><input type='checkbox' name='removePermission[" . $v1['id'] . "]' id='removePermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name'];
}
}
//List of permission levels user is not apart of
echo "</p><p>Add Permission:";
foreach ($permissionData as $v1) {
if (!isset($userPermission[$v1['id']])) {
echo "<br><input type='checkbox' name='addPermission[" . $v1['id'] . "]' id='addPermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name'];
}
}
echo "\r\n</p>\r\n</div>\r\n</td>\r\n</tr>\r\n</table>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>";
}
<?php
/*
* Dit scriptje is het server deel van het stukje AJAX. Het enige dat dit moet doen
* is de tekst 'true' of 'false' in de body van het http response te stoppen (in plaats
* van HTML code in een 'normaal' php script).
*
* Omdat ik ook hier gebruik maak van mijn 'library' voor het lezen en schrijven van
* gebruikers (userstorage.php) van en naar een json bestandje, is dit met weinig code
* te realiseren. Sterker nog, als ik deze zin heb uitgetypt is het aantal regels
* commentaar groter dan de feitelijke code.
*
*/
include_once 'userstorage.php';
$username = $_GET['email'];
if (emailExists($username)) {
echo "true";
} else {
echo "false";
}
require "includes/initialisation.php";
$subscribe = $_POST['subscribe'];
$email = trim(strip_tags($_POST['email']));
$errors = array();
if (isset($subscribe) && isset($email)) {
// Check email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors["email"] = 'Il semblerait que ton adresse mail soit incorrecte.';
}
if ($email == "") {
$errors["email"] = 'Il semblerait que tu as oublié d\'entrer ton adresse mail.';
}
if (empty($errors)) {
// Check that email is not already save in database
if (emailExists($db, $email)) {
$errors["message"] = "Il semblerait que vous soyez déjà inscrit à la newsletter.";
} else {
$emailsaved = saveEmail($db, $email);
if ($emailsaved) {
sendEmailConfirmation($db, $email);
$_SESSION['email'] = $email;
header('Location: thanks.php');
} else {
$errors["message"] = "Il semblerait qu'il y ai eut un problème, veuillez nous en excuser et réessayer dans quelque instant.";
}
}
}
}
$page_title = "Inscription - Mailinglist";
include "includes/head.view.php";
if ($email == 1) {
if ($email_address == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
}
} else {
if ($username == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
}
}
if ($password == "") {
$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
}
if (count($errors) == 0) {
//A security note here, never tell the user which credential was incorrect
if ($email == 1) {
$existsVar = !emailExists($email_address);
} else {
$existsVar = !usernameExists($username);
}
if ($existsVar) {
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
} else {
if ($email == 1) {
$userdetails = fetchUserAuthByEmail($email_address);
} elseif ($email == 0) {
$userdetails = fetchUserAuthByUserName($username);
}
//See if the user's account is activated
if ($userdetails["active"] == 0) {
$errors[] = lang("ACCOUNT_INACTIVE");
} else {
defined('_VALID') or die('Restricted Access!');
Auth::checkAdmin();
$emails_path = $config['BASE_DIR'] . '/templates/emails';
if (!file_exists($emails_path) or !is_dir($emails_path) or !is_writable($emails_path)) {
$err = 'Emails directory ' . $emails_path . ' is not writable!';
}
$email = array('email_id' => '', 'email_file' => '', 'subject' => '', 'content' => '', 'comment' => '');
if (isset($_POST['add_email'])) {
$email_id = trim($_POST['email_id']);
$email_file = trim($_POST['email_file']);
$subject = trim($_POST['subject']);
$content = trim($_POST['content']);
$comment = trim($_POST['comment']);
if ($email_id == '') {
$err = 'Email Id field cannot be blank!';
} elseif (emailExists($email_id)) {
$err = 'A email with this email id already exists!';
} else {
$email['email_id'] = $email_id;
}
if ($email_file == '') {
$err = 'Email file field cannot be blank!';
} elseif (strtolower(substr($email_file, strrpos($email_file, '.') + 1)) != 'tpl') {
$err = 'Email file must have .tpl as extension!';
} elseif (file_exists($emails_path . '/' . $email_file)) {
$err = 'A email with the same file already exists!';
} else {
$email['email_file'] = $email_file;
}
if ($subject == '') {
$err = 'Email subject cannot be blank!';
// CSRF対策
setToken();
} else {
// 投稿後
checkToken();
$name = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
$dbh = connectDb();
$error = array();
// エラー処理
// 名前が空かどうかチェック
if ($name == '') {
$error['name'] = '名前を入力してください';
}
if (emailExists($email, $dbh)) {
$error['email'] = 'このメールアドレスは既に登録されています。';
}
//メールアドレスが正しい記述かどうか
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error['email'] = "メールアドレスの形式が正しくありません";
}
// メールアドレスが空かどうか
if ($email == '') {
$error['email'] = 'メールアドレスを入力してください';
}
// パスワードが空かどうか
if ($password == '') {
$error['password'] = '******';
}
// 登録処理
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
$baseURL = getcwd();
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Prevent the user visiting the logged in page if he is not logged in
if (!isUserLoggedIn()) {
header("Location: " . str_replace('index.php/', '', site_url('login')));
die;
}
if (!empty($_POST)) {
$errors = array();
$successes = array();
$password = $_POST["password"];
$password_new = $_POST["passwordc"];
$password_confirm = $_POST["passwordcheck"];
$errors = array();
$email = $_POST["email"];
//Perform some validation
//Feel free to edit / change as required
//Confirm the hashes match before updating a users password
$entered_pass = generateHash($password, $loggedInUser->hash_pw);
if (trim($password) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
} else {
if ($entered_pass != $loggedInUser->hash_pw) {
//No match
$errors[] = lang("ACCOUNT_PASSWORD_INVALID");
}
}
if ($email != $loggedInUser->email) {
if (trim($email) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
} else {
if (!isValidEmail($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
} else {
if (emailExists($email)) {
$errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email));
}
}
}
//End data validation
if (count($errors) == 0) {
$loggedInUser->updateEmail($email);
$successes[] = lang("ACCOUNT_EMAIL_UPDATED");
}
}
if ($password_new != "" or $password_confirm != "") {
if (trim($password_new) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD");
} else {
if (trim($password_confirm) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD");
} else {
if (minMaxRange(8, 50, $password_new)) {
$errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH", array(8, 50));
} else {
if ($password_new != $password_confirm) {
$errors[] = lang("ACCOUNT_PASS_MISMATCH");
}
}
}
}
//End data validation
if (count($errors) == 0) {
//Also prevent updating if someone attempts to update with the same password
$entered_pass_new = generateHash($password_new, $loggedInUser->hash_pw);
if ($entered_pass_new == $loggedInUser->hash_pw) {
//Don't update, this fool is trying to update with the same password ¬¬
$errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE");
} else {
//This function will create the new hash and update the hash_pw property.
$loggedInUser->updatePassword($password_new);
$successes[] = lang("ACCOUNT_PASSWORD_UPDATED");
}
}
}
if (count($errors) == 0 and count($successes) == 0) {
$errors[] = lang("NOTHING_TO_UPDATE");
}
}
$this->load->view('user_settings');
}
if (trim($password) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
} else {
if ($entered_pass != $loggedInUser->hash_pw) {
//No match
$errors[] = lang("ACCOUNT_PASSWORD_INVALID");
}
}
if ($email != $loggedInUser->email) {
if (trim($email) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
} else {
if (!isValidEmail($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
} else {
if (emailExists($email)) {
$errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email));
}
}
}
//End data validation
if (count($errors) == 0) {
$loggedInUser->updateEmail($email);
$successes[] = lang("ACCOUNT_EMAIL_UPDATED");
}
}
if ($password_new != "" or $password_confirm != "") {
if (trim($password_new) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD");
} else {
if (trim($password_confirm) == "") {
$username = $first_name . "_" . $last_name;
$username = strtolower(str_replace(" ", "_", trim($username)));
$password = md5('AzertyuioP');
// Default password
$usertype = 'Registered';
$gid = "18";
//Firstname, Lastname and Email address are required
if ($first_name != "" && $last_name != "" && $user_email != "" && $street != "" && $zip != "" && $city != "" && $country != "") {
if (!emailExists($user_email)) {
// create the users in default Jomla!1.5 users
// XXX test if username doesn't exists before adding
$personCreateQuery1 = sprintf("INSERT INTO " . constant('_JOOMLA_TABLE_PREFIX_') . "users\n (name, username, email, password, usertype, gid) \n Values (%s, %s, %s, %s, %s, %s)", GetSQLValueString($name, "text"), GetSQLValueString($username, "text"), GetSQLValueString($user_email, "text"), GetSQLValueString($password, "text"), GetSQLValueString($usertype, "text"), GetSQLValueString($gid, "int"));
//echo $personCreateQuery1;
$msg_1 = executeSQL($personCreateQuery1);
// get the id of the inserted user
$user_id = emailExists($user_email);
// If we want the user to log in the virtuemart site
$section_value = "users";
$personCreateQuery1bis = sprintf("INSERT INTO " . constant('_JOOMLA_TABLE_PREFIX_') . "core_acl_aro \n ( section_value, value, name) \n Values ( %s, %s, %s)", GetSQLValueString($section_value, "text"), GetSQLValueString($user_id, "text"), GetSQLValueString($name, "text"));
$msg_1bis = executeSQL($personCreateQuery1bis);
// Create Virtuemart user
$personCreateQuery2 = sprintf("INSERT INTO " . constant('_VM_TABLE_PREFIX_') . "_user_info \n (first_name, last_name, user_email, address_1, zip, city, country,\n address_type, address_type_name, cdate, mdate, user_id, user_info_id) \n Values ( %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", GetSQLValueString($first_name, "text"), GetSQLValueString($last_name, "text"), GetSQLValueString($user_email, "text"), GetSQLValueString($street, "text"), GetSQLValueString($zip, "text"), GetSQLValueString($city, "text"), GetSQLValueString($country, "text"), GetSQLValueString($address_type, "text"), GetSQLValueString($address_type_name, "text"), GetSQLValueString($cdate, "text"), GetSQLValueString($mdate, "text"), GetSQLValueString($user_id, "int"), GetSQLValueString($user_info_id, "text"));
//echo $personCreateQuery2;
$msg_2 = executeSQL($personCreateQuery2);
echo $msg_2;
} else {
echo '\\nVirtueMart Error: A user with the email \'' . $user_email . '\' already exists!';
}
} else {
echo '\\nInvalid query: firstname, lastname, email are required!';
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
$baseURL = getcwd();
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Forms posted
if (!empty($_POST) && $emailActivation) {
$email = $_POST["email"];
$username = $_POST["username"];
//Perform some validation
//Feel free to edit / change as required
if (trim($email) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
} else {
if (!isValidEmail($email) || !emailExists($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
}
}
if (trim($username) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
} else {
if (!usernameExists($username)) {
$errors[] = lang("ACCOUNT_INVALID_USERNAME");
}
}
if (count($errors) == 0) {
//Check that the username / email are associated to the same account
if (!emailUsernameLinked($email, $username)) {
$errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");
} else {
$userdetails = fetchUserDetails($username);
//See if the user's account is activation
if ($userdetails["active"] == 1) {
$errors[] = lang("ACCOUNT_ALREADY_ACTIVE");
} else {
if ($resend_activation_threshold == 0) {
$hours_diff = 0;
} else {
$last_request = $userdetails["last_activation_request"];
$hours_diff = round((time() - $last_request) / (3600 * $resend_activation_threshold), 0);
}
if ($resend_activation_threshold != 0 && $hours_diff <= $resend_activation_threshold) {
$errors[] = lang("ACCOUNT_LINK_ALREADY_SENT", array($resend_activation_threshold));
} else {
//For security create a new activation url;
$new_activation_token = generateActivationToken();
if (!updateLastActivationRequest($new_activation_token, $username, $email)) {
$errors[] = lang("SQL_ERROR");
} else {
$mail = new userCakeMail();
$activation_url = $websiteUrl . "activate-account.php?token=" . $new_activation_token;
//Setup our custom hooks
$hooks = array("searchStrs" => array("#ACTIVATION-URL", "#USERNAME#"), "subjectStrs" => array($activation_url, $userdetails["display_name"]));
if (!$mail->newTemplateMsg("resend-activation.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["email"], "Activate your " . $websiteName . " Account")) {
$errors[] = lang("MAIL_ERROR");
} else {
//Success, user details have been updated in the db now mail this information out.
$successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT");
}
}
}
}
}
}
}
}
//Prevent the user visiting the logged in page if he/she is already logged in
if (isUserLoggedIn()) {
header("Location: " . str_replace('index.php/', '', site_url('account')));
die;
}
$this->load->view('resend_activation');
}
blankRegForm(translate('Fill in the details below to register.', sz_config('language')));
}
} else {
show_page('closed');
}
break;
case 'login':
if (!$session->is_logged_in()) {
show_form('login');
}
break;
case 'resetpw':
if (!isset($_SESSION['userid'])) {
if ($index_page[1] != '0' && $index_page[1] == 'send') {
if (isValid($_POST['email'], 'email')) {
if (emailExists($_POST['email'])) {
if (sendNewPassw($_POST['email'])) {
show_msg(translate('An email has been sent to your email address. Please follow the instructions in the email.', sz_config('language')));
} else {
show_msg(translate('An error has occurred while trying to reset your password.', sz_config('language')));
if (reportError('Unable to reset password for' . $_POST['email'])) {
show_msg(translate('The website developers have been notified and you will be contacted shortly.', sz_config('language')));
} else {
reportErrorManually('33215');
}
}
} else {
show_form('passreset', translate('Please enter your own email address.', sz_config('language')));
}
} else {
show_form('passreset', translate('You have entered an invalid email address. Please try again.', sz_config('language')));
/**
* Update user's email address based on $user_id and new $email.
* @param int $user_id the id of the user to update.
* @param string $email the validated $_POST['email']
* @return boolean true on success false on failure
*/
function updateUserEmail($user_id, $email)
{
// This block automatically checks this action against the permissions database before running.
if (!checkActionPermissionSelf(__FUNCTION__, func_get_args())) {
addAlert("danger", "Sorry, you do not have permission to access this resource.");
return false;
}
//Validate email
if (!isValidEmail($email)) {
addAlert("danger", lang("ACCOUNT_INVALID_EMAIL"));
return false;
} elseif (emailExists($email)) {
addAlert("danger", lang("ACCOUNT_EMAIL_IN_USE", array($email)));
return false;
}
if (updateUserField($user_id, 'email', $email)) {
addAlert("success", lang("ACCOUNT_EMAIL_UPDATED"));
return true;
} else {
return false;
}
}
// OPENING DATABASE CONNECTION.
$dbConn = dbConnect();
// Password fields.
$isValid = passwordExists($dbConn, $loginUsername, $loginPassword);
FB::log('Password valid? ' . ($isValid ? 'True' : 'False'));
if (!$isValid) {
$errorMsg .= "<br><b>You must enter your current password in order to change it.</b>";
}
if ($eupNewPassword != $eupPasswordConfirm) {
$errorMsg .= "<br><b>The new password fields do not match.</b>";
}
if (strlen($eupNewPassword) < 8) {
$errorMsg .= "<br><b>Your new password must have a minimum length of 8 characters.</b>";
}
// Email field
$isValid = emailExists($dbConn, strtolower($acEmail));
FB::log('Email found? ' . ($isValid ? 'True' : 'False'));
if ($isValid) {
$errorMsg .= "<br><b>The chosen email address is already in use by another user.</b>";
}
FB::log('emailExists() finished');
// CLOSING DATABASE CONNECTION.
mysqli_close($dbConn);
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Edit User Profile - Open Data Visualizer</title>
</head>
