public function register()
{
$resp = verifyRecaptcha($this->captcha);
if ($resp->success == false) {
$gcotd_msg .= "" . "The reCAPTCHA wasn't entered correctly. " . "Go back and try it again.";
$this->setOutput(self::$FAIL, $gcotd_msg);
} else {
if ($resp->success == true) {
$plainTxtPassword = getNewPassword();
$memip = $_SERVER['REMOTE_ADDR'];
$date = date("Y-m-d H:i:s");
if ($this->email == NULL or $this->firstname == NULL or $this->lastname == NULL) {
$gcotd_msg .= "Please complete the form.";
$this->setOutput(self::$FAIL, $gcotd_msg);
} else {
if (!preg_match('/^[a-z\\d_]{1,30}$/i', $this->firstname)) {
$gcotd_msg .= "Your first name must be " . "between 1 and 30 characters cannot contain spaces or " . "special characters.";
$this->setOutput(self::$FAIL, $gcotd_msg);
} else {
if (!preg_match('/^[a-z\\d_]{1,30}$/i', $this->lastname)) {
$gcotd_msg .= "Your last name must be " . "between 1 and 30 characters cannot contain spaces or " . "special characters.";
$this->setOutput(self::$FAIL, $gcotd_msg);
} else {
if ($this->firstname === $this->lastname) {
$gcotd_msg .= "Your first name cannot " . "equal your last name.";
$this->setOutput(self::$FAIL, $gcotd_msg);
} else {
if (!preg_match("/^[_a-z0-9-]+(\\.[_a-z0-9+-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,})\$/i", $this->email)) {
$gcotd_msg .= "" . $this->email . " is " . "not a valid email address.";
$this->setOutput(self::$FAIL, $gcotd_msg);
} else {
$check_user_stmt = $this->getDb()->prepare("SELECT * FROM users WHERE email = :email");
$check_user_stmt->bindValue(':email', $this->email, PDO::PARAM_STR);
$check_user_stmt->execute();
if ($check_user_stmt->rowCount() > 0) {
$gcotd_msg .= "Someone with " . "this email has already registered.";
$this->setOutput(self::$FAIL, $gcotd_msg);
} else {
$password = password_hash($plainTxtPassword, PASSWORD_DEFAULT);
return $this->registerUser($this->firstname, $this->lastname, $this->email, $memip, $date, $password, $plainTxtPassword, null);
}
}
}
}
}
}
} else {
$gcotd_msg .= "Failed to verify captcha.";
$this->setOutput(self::$FAIL, $gcotd_msg);
}
}
}
public function resetPassword($user_id)
{
$plainTxtPassword = getNewPassword();
$password = getPassword($plainTxtPassword);
$stmt = $this->getDb()->prepare("update users set password=:password WHERE id=:user_id");
$stmt->bindValue(':password', $password, PDO::PARAM_STR);
$stmt->bindValue(':user_id', intval($user_id), PDO::PARAM_INT);
$stmt->execute();
if ($stmt->rowCount() > 0) {
return $plainTxtPassword;
} else {
return false;
}
}
require_once 'Auth.php';
require_once 'Utils.php';
require_once 'password.php';
$auth = new Auth();
try {
$auth->authenticate();
$utils = new Utils($auth);
$id = $_GET["id"];
$path = $utils->get_media_path() . "/" . $auth->user_data["name"] . "/" . $id;
if (isset($_FILES['upl']) && $_FILES['upl']['error'] == 0) {
$extension = pathinfo($_FILES['upl']['name'], PATHINFO_EXTENSION);
$newFile = $utils->fixFileName($_FILES['upl']['name']);
if (($utils->isImage($newFile) || $utils->isVideo($newFile)) && ($_FILES['upl']['size'] < 128000000 && $_FILES['upl']['size'] > 0)) {
$newinfo = pathinfo($newFile);
$newfile_name = basename($newFile, '.' . $newinfo['extension']);
$newFile = $newfile_name . '_' . getNewPassword() . '.' . $newinfo['extension'];
if (!@opendir($path)) {
mkdir($path, 0777, true);
}
if (move_uploaded_file($_FILES['upl']['tmp_name'], $path . '/' . $newFile)) {
echo '{"status":"success"}';
if ($utils->isImage($newFile)) {
$newId = $utils->processImage($path, $newFile, $id);
if ($newId) {
$utils->setMainImage($newFile, $id, false);
}
} else {
if ($utils->isVideo($newFile)) {
$newId = $utils->processVideo($path, $newFile, $id);
if ($newId) {
$utils->setMainImage($newFile, $id, false);
public function rotateMedia($path, $trueFile, $contentId, $orientation)
{
$newFile = $trueFile;
if (file_exists($path . "/src/" . $newFile)) {
$newinfo = pathinfo($newFile);
$newfile_name = basename($newFile, '.' . $newinfo['extension']);
$newFile = $newfile_name . '_' . getNewPassword() . '.' . $newinfo['extension'];
}
if ($this->isImage($newFile)) {
$cmd = $this->get_imagemagick() . " -rotate 90 " . $path . "/src/" . $trueFile . " " . $path . "/" . $newFile;
exec($cmd);
$newId = $this->processImage($path, $newFile, $contentId);
$newRotatedFile = "img_thumb_" . $mediaFile . ".jpeg";
} else {
if ($this->isVideo($newFile)) {
$rotate_cmd = $this->get_rotate_video_cmd($path . '/src/' . $trueFile, $path . '/' . $newFile);
exec('echo "' . $rotate_cmd . '" >> ' . $path . '/src/rotate_' . $newFile . '.log');
exec($rotate_cmd . ' >> ' . $path . '/src/rotate_' . $newFile . '.log 2>&1');
$newId = $this->processVideo($path, $newFile, $contentId);
$newRotatedFile = 'proxy_mp4_' . $newFile . '.mp4';
}
}
if (file_exists($path . '/' . $newRotatedFile)) {
$this->deleteMedia($path, $trueFile, $contentId);
}
$this->setOutput(self::$SUCCESS, $newId);
}
public function login()
{
if ($this->postUsername == NULL or $this->postPassword == NULL) {
$gcotd_msg = "Please complete all the fields.";
$this->setOutput(self::$FAIL, $gcotd_msg);
}
$captchaVerified = true;
/*
$captchaVerified = false;
if($this->fbid == null AND $this->fbfirstname == null AND $this->fblastname == null){
$resp = verifyRecaptcha($this->captcha);
if ($resp->success == false)
{
$gcotd_msg = "".
"The reCAPTCHA wasn't entered correctly. ".
"Go back and try it again.";
$this->setOutput(self::$FAIL, $gcotd_msg);
}
else{
$captchaVerified = true;
}
}
*/
if ($captchaVerified == true and $this->postUsername != NULL and $this->postPassword != NULL) {
$check_user_stmt = $this->getDb()->prepare("SELECT * FROM users \n\t\t\t\tWHERE (name = :username OR email = :username2)");
$check_user_stmt->bindValue(':username', $this->postUsername, PDO::PARAM_STR);
$check_user_stmt->bindValue(':username2', $this->postUsername, PDO::PARAM_STR);
$check_user_stmt->execute();
if ($check_user_stmt->rowCount() == 0) {
if ($this->fbid == null and $this->fbfirstname == null and $this->fblastname == null) {
$gcotd_msg .= "This username does not exist.";
$this->setOutput(self::$FAIL, $gcotd_msg);
} else {
$plainTxtPassword = getNewPassword();
$memip = $_SERVER['REMOTE_ADDR'];
$date = date("Y-m-d H:i:s");
$password = password_hash($plainTxtPassword, PASSWORD_DEFAULT);
$register = Register();
return $register->registerUser($this->fbfirstname, $this->fblastname, $this->postUsername, $memip, $date, $password, $plainTxtPassword, $fbid);
}
} else {
$user_data = $check_user_stmt->fetch(PDO::FETCH_ASSOC);
if (isset($fbid)) {
$password = $user_data['password'];
}
if ($user_data['password'] == getPassword($this->postPassword)) {
//old insecure password
$user_data['password'] = password_hash($this->postPassword, PASSWORD_DEFAULT);
$update_password_stmt = $this->getDb()->prepare("update users \n\t\t\t\t\t\tset password = :hashedPassword WHERE id = :user_id");
$update_password_stmt->bindValue(':hashedPassword', $user_data['password'], PDO::PARAM_STR);
$update_password_stmt->bindValue(':user_id', $user_data['id'], PDO::PARAM_STR);
$update_password_stmt->execute();
}
if (password_verify($this->postPassword, $user_data['password'])) {
if (getPassword($user_data['email']) == $password) {
$gcotd_msg .= "You are being \n\t\t\t\t\t\t\tredirected to change your password, \n\t\t\t\t\t\t\tplease wait a few moments.";
$this->setOutput("CHANGE_PASSWORD", $gcotd_msg);
} else {
// set cookie that expires in 6 months
setcookie("gcotd", $user_data['id'] . "." . $user_data['password'], time() + 60 * 60 * 24 * 184, "/", $this->get_domain(), $this->get_secure(), 1);
$success = true;
$gcotd_msg .= "You are being logged in, \n\t\t\t\t\t\t\tplease wait a few moments.";
$this->setOutput(self::$SUCCESS, $gcotd_msg);
}
} else {
$gcotd_msg .= "Your login credentials are incorrect, \n\t\t\t\t\t\tplease try again.";
$this->setOutput(self::$FAIL, $gcotd_msg);
}
}
}
}
function createPasswordKey($email)
{
$member = get_member(null, addslashes($email));
if ($member == null) {
return false;
}
$password = getNewPassword(42);
$password = str_replace('\'', '', $password);
// we don't want to inject ' in our sql query!
$sql = 'UPDATE member SET password_retreive=\'' . $password . '\' WHERE id=' . $member['id'];
if (member_query($sql)) {
// send mail
$subject = config('name') . ' - Changement de mot de passe membre';
$msg = "Une personne a demandé de modifier votre mot de passe membre sur le site " . config('base_url') . "/membre/. \nSi vous n'avez pas demandé ce changement ou si vous ne voulez pas changer votre mot de passe, ne cliquez pas sur ce lien.\n\n";
$msg .= 'Vous pouvez changer votre mot de passe en vous connectant sur la page ' . "\n";
$msg .= config('base_url') . '/membre/?m=' . $member['id'] . '&key=' . $password . "\n";
send_mail($member, $subject, $msg);
//echo $msg;
return true;
}
return false;
}
