$res = Database::get()->query("INSERT INTO user_request SET\n\t\t\tgivenname = ?s, surname = ?s, username = ?s, email = ?s,\n\t\t\tam = ?s, faculty_id = ?d, phone = ?s,\n\t\t\tstate = 1, status = {$status},\n\t\t\tverified_mail = ?d, date_open = " . DBHelper::timeAfter() . ",\n\t\t\tcomment = ?s, lang = ?s, request_ip = ?s", $givenname, $surname, $username, $usermail, $am, $department, $userphone, $verified_mail, $usercomment, $language, $_SERVER['REMOTE_ADDR']); $request_id = $res->lastInsertID; // email does not need verification -> mail helpdesk if (!$email_verification_required) { //----------------------------- Email Request Message -------------------------- $dep_body = $tree->getFullPath($department); $subject = $prof ? $mailsubject : $mailsubject2; $MailMessage = $mailbody1 . $mailbody2 . "{$givenname} {$surname}\n\n" . $mailbody3 . $mailbody4 . $mailbody5 . ($prof ? $mailbody6 : $mailbody8) . "\n\n{$langFaculty}: {$dep_body}\n{$langComments}: {$usercomment}\n" . "{$langAm}: {$am}\n" . "{$langProfUname}: {$username}\n{$langProfEmail} : {$usermail}\n" . "{$contactphone}: {$userphone}\n\n\n{$logo}\n\n"; $emailAdministrator = get_config('email_sender'); if (!send_mail($siteName, $emailAdministrator, '', $emailhelpdesk, $subject, $MailMessage, $charset, "Reply-To: {$usermail}")) { $tool_content .= "<div class='alert alert-warning'>{$langMailErrorMessage} <a href='mailto:{$emailhelpdesk}' class='mainpage'>{$emailhelpdesk}</a>.</div>"; } // User Message $tool_content .= "<div class='alert alert-success'>" . ($prof ? $langDearProf : $langDearUser) . "!<br />{$success}</div><p>{$infoprof}<br /><br />{$click} <a href='{$urlServer}' class='mainpage'>{$langHere}</a> {$langBackPage}</p>"; } else { $hmac = token_generate($username . $usermail . $request_id); //----------------------------- Email Verification ----------------------- $subject = $langMailVerificationSubject; $MailMessage = sprintf($mailbody1 . $langMailVerificationBody1, $urlServer . 'modules/auth/mail_verify.php?h=' . $hmac . '&rid=' . $request_id); $emailhelpdesk = get_config('email_helpdesk'); $emailAdministrator = get_config('email_sender'); if (!send_mail($siteName, $emailAdministrator, '', $usermail, $subject, $MailMessage, $charset, "Reply-To: {$emailhelpdesk}")) { $mail_ver_error = sprintf("<div class='alert alert-warning'>" . $langMailVerificationError, $usermail, $urlServer . "modules/auth/registration.php", "<a href='mailto:{$emailhelpdesk}' class='mainpage'>{$emailhelpdesk}</a>.</div>"); $tool_content .= $mail_ver_error; draw($tool_content, 0); exit; } // User Message $tool_content .= "<div class='alert alert-success'>" . ($prof ? $langDearProf : $langDearUser) . "<br />{$langMailVerificationSuccess}\n\t\t\t{$langMailVerificationSuccess2}</div><br /><p>{$click} <a href='{$urlServer}' class='mainpage'>{$langHere}</a> {$langBackPage}</p>"; } draw($tool_content, 0);
} echo "<div class='row margin-right-thin margin-left-thin margin-top-thin'> <div class='col-xs-12'> <div class='alert $class text-center'> $str_1[0] </div> </div> </div>\n"; } else { $user_id = (int) trim($str_1[1]); $str_2 = explode(' - ', $str_1[0]); $datetime = $str_2[0]; $str_3 = explode(' : ', $str_2[1]); $username = $str_3[0]; $usertext = $str_3[1]; $token = token_generate($user_id, true); echo "<div class='row margin-right-thin margin-left-thin margin-top-thin'> <div class='col-xs-12'> <div class='media'> <a class='media-left' href='{$urlServer}main/profile/display_profile.php?id=$user_id&token=$token'> ". profile_image($user_id, IMAGESIZE_SMALL) ." </a> <div class='media-body bubble'> <div class='label label-success media-heading'>$datetime</div> <small>$langBlogPostUser ". display_user($user_id, false, false) ."</small> <div class='margin-top-thin'> " . $usertext . " </div> </div> </div> </div>
} } elseif (isset($_POST['send_link'])) { $email = isset($_POST['email']) ? mb_strtolower(trim($_POST['email'])) : ''; $userName = isset($_POST['userName']) ? canonicalize_whitespace($_POST['userName']) : ''; /* * *** If valid e-mail address was entered, find user and send email **** */ $res = Database::get()->querySingle("SELECT u.id, u.surname, u.givenname, u.username, u.password, u.status FROM user u\n\t LEFT JOIN admin a ON (a.user_id = u.id)\n\t WHERE u.email = ?s AND\n\t BINARY u.username = ?s AND \n\t a.user_id IS NULL AND \n\t (u.last_passreminder IS NULL OR DATE_SUB(CURRENT_TIMESTAMP, INTERVAL 1 HOUR) >= u.last_passreminder)", $email, $userName); //exclude admins and currently pending requests $found_editable_password = false; if ($res) { $text = $langPassResetIntro . $emailhelpdesk; $text .= $langHowToResetTitle; if (password_is_editable($res->password)) { $found_editable_password = true; //prepare instruction for password reset $text .= $langPassResetGoHere; $text .= $urlServer . "modules/auth/lostpass.php?u={$res->id}&h=" . token_generate('password' . $res->id, true); // store the timestamp of this action (password reminding and token generation) Database::get()->query("UPDATE user SET last_passreminder = CURRENT_TIMESTAMP WHERE id = ?d", $res->id); } else { //other type of auth... $auth = array_search($res->password, $auth_ids) or 1; $tool_content = "<div class='alert alert-danger'>\n <p><strong>{$langPassCannotChange1}</strong></p>\n <p>{$langPassCannotChange2} " . get_auth_info($auth) . ". {$langPassCannotChange3} <a href='mailto:{$emailhelpdesk}'>{$emailhelpdesk}</a> {$langPassCannotChange4}</p>\n {$homelink}</div>"; } /* * *** Account details found, now send e-mail **** */ if ($found_editable_password) { $emailsubject = $lang_remind_pass; if (!send_mail('', '', '', $email, $emailsubject, $text, $charset)) { $tool_content = "<div class='alert alert-danger'>\n <p><strong>{$langAccountEmailError1}</strong></p>\n <p>{$langAccountEmailError2} {$email}.</p>\n <p>{$langAccountEmailError3} <a href='mailto:{$emailhelpdesk}'>{$emailhelpdesk}</a>.</p></div>\n {$homelink}"; } elseif (!isset($auth)) { $tool_content .= "<div class='alert alert-success'>{$lang_pass_email_ok} <strong>" . q($email) . "</strong></div>{$homelink}"; }
$q1 = Database::get()->query("INSERT INTO user_request SET\n givenname = ?s, surname = ?s, username = ?s, password = '******',\n email = ?s, faculty_id = ?d, phone = ?s,\n am = ?s, state = 1, status = ?d, verified_mail = ?d,\n date_open = " . DBHelper::timeAfter() . ", comment = ?s, lang = ?s,\n request_ip = ?s", $givenname_form, $surname_form, $uname, $email, $depid, $userphone, $am, $status, $verified_mail, $usercomment, $language, $_SERVER['REMOTE_ADDR']); $request_id = $q1->lastInsertID; // email does not need verification -> mail helpdesk if (!$email_verification_required) { $emailAdministrator = get_config('email_sender'); // send email $MailMessage = $mailbody1 . $mailbody2 . "{$givenname_form} {$surname_form}\n\n" . $mailbody3 . $mailbody4 . $mailbody5 . "{$mailbody6}\n\n" . "{$langFaculty}: " . $tree->getFullPath($depid) . "\n \n{$langComments}: {$usercomment}\n" . "{$langProfUname} : {$uname}\n{$langProfEmail} : {$email}\n" . "{$contactphone} : {$userphone}\n\n\n{$logo}\n\n"; if (!send_mail($siteName, $emailAdministrator, $gunet, $emailhelpdesk, $mailsubject, $MailMessage, $charset, "Reply-To: {$email}")) { $tool_content .= "<div class='alert alert-warning'>{$langMailErrorMessage} <a href='mailto:{$emailhelpdesk}'>{$emailhelpdesk}</a></div>"; draw($tool_content, 0); exit; } $tool_content .= "<div class='alert alert-success'>{$greeting},<br />{$success}<br /></div><p>{$infoprof}</p><br />\n <p>« <a href='{$urlServer}'>{$langBack}</a></p>"; } else { // email needs verification -> mail user $hmac = token_generate($uname . $email . $request_id); $emailhelpdesk = get_config('email_helpdesk'); $emailAdministrator = get_config('email_sender'); $subject = $langMailVerificationSubject; $MailMessage = sprintf($mailbody1 . $langMailVerificationBody1, $urlServer . 'modules/auth/mail_verify.php?ver=' . $hmac . '&rid=' . $request_id); if (!send_mail($siteName, $emailAdministrator, '', $email, $subject, $MailMessage, $charset, "Reply-To: {$emailhelpdesk}")) { $mail_ver_error = sprintf("<div class='alert alert-warning'>" . $langMailVerificationError, $email, $urlServer . "modules/auth/registration.php", "<a href='mailto:{$emailhelpdesk}' class='mainpage'>{$emailhelpdesk}</a>.</div>"); $tool_content .= $mail_ver_error; draw($tool_content, 0); exit; } // User Message $tool_content .= "<div class='alert alert-success'>" . ($prof ? $langDearProf : $langDearUser) . "!<br />{$langMailVerificationSuccess}: <strong>{$email}</strong></div>\n <p>{$langMailVerificationSuccess4}.<br /><br />{$click} <a href='{$urlServer}'\n class='mainpage'>{$langHere}</a> {$langBackPage}</p>"; } } elseif (!empty($_SESSION['uname_app_exists'])) { $tool_content .= "<div class='alert alert-danger'>{$langUserFree3}<br><br>{$click} <a href='{$urlServer}' class='mainpage'>{$langHere}</a> {$langBackPage}</div>";
$ebook_url_base = "{$urlServer}modules/ebook/show.php/$course_code/$ebook_id/"; if ($show_orphan_file and $file_path) { if (!preg_match('/\.html?$/i', $file_path)) { if (!$is_in_playmode) send_file_by_url_file_path($file_path); else { require_once 'include/lib/multimediahelper.class.php'; $path_components = explode('/', str_replace('//', chr(1), $file_path)); $file_info = public_path_to_disk_path($path_components, ''); $mediaPath = file_url($file_info->path, $file_info->filename); $mediaURL = $urlServer . 'modules/ebook/document.php?course=' . $course_code . '&ebook_id=' . $ebook_id . '&download=' . $file_info->path; $token = token_generate($file_info->path, true); $mediaAccess = $mediaPath . '?token=' . $token; echo MultimediaHelper::mediaHtmlObjectRaw($mediaAccess, $mediaURL, $mediaPath); exit(); } } } $pageName = $langEBook; if ($unit !== false) { $exit_fullscreen_link = $urlAppend . "modules/units/index.php?course=$course_code&id=$unit"; $unit_parameter = 'unit=' . $unit; } else { $exit_fullscreen_link = $urlAppend . "modules/ebook/index.php?course_code=$course_code"; $unit_parameter = '';
if (isset($_SESSION['mail_verification_required'])) { unset($_SESSION['mail_verification_required']); } header("Location:" . $urlServer); exit; } if (!empty($_POST['submit'])) { if (!empty($_POST['email']) && email_seems_valid($_POST['email'])) { $email = $_POST['email']; // user put a new email address update db and session if ($email != $_SESSION['email']) { $_SESSION['email'] = $email; Database::get()->query("UPDATE user SET email = ?s WHERE id = ?d", $email, $uid); } //send new code $hmac = token_generate($_SESSION['uname'] . $email . $uid); $subject = $langMailChangeVerificationSubject; $MailMessage = sprintf($mailbody1 . $langMailVerificationChangeBody, $urlServer . 'modules/auth/mail_verify.php?h=' . $hmac . '&id=' . $uid); $emailhelpdesk = get_config('email_helpdesk'); $emailAdministrator = get_config('email_sender'); if (!send_mail($siteName, $emailAdministrator, '', $email, $subject, $MailMessage, $charset, "Reply-To: {$emailhelpdesk}")) { $mail_ver_error = sprintf("<div class='alert alert-warning'>" . $langMailVerificationError, $email, $urlServer . "auth/registration.php", "<a href='mailto:" . q($emailhelpdesk) . "' class='mainpage'>" . q($emailhelpdesk) . "</a>.</div>"); $tool_content .= $mail_ver_error; } else { $tool_content .= "<div class='alert alert-success'>{$langMailVerificationSuccess4}</div> "; } } else { $tool_content .= "<div class='alert alert-danger'>{$langMailVerificationWrong}</div> "; } } elseif (!empty($_SESSION['mail_verification_required']) && $_SESSION['mail_verification_required'] === 1) { $tool_content .= "<div class='alert alert-info'>{$langMailVerificationReq}</div> ";
function process_login() { global $warning, $surname, $givenname, $email, $status, $is_admin, $language, $langInvalidId, $langAccountInactive1, $langAccountInactive2, $langNoCookies, $langEnterPlatform, $urlServer, $langHere, $auth_ids, $inactive_uid, $langTooManyFails; if (isset($_POST['uname'])) { $posted_uname = canonicalize_whitespace($_POST['uname']); } else { $posted_uname = ''; } $pass = isset($_POST['pass']) ? $_POST['pass'] : ''; $auth = get_auth_active_methods(); $is_eclass_unique = is_eclass_unique(); if (isset($_POST['submit'])) { unset($_SESSION['uid']); $auth_allow = 0; if (get_config('login_fail_check')) { $r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' \n AND COUNT > " . intval(get_config('login_fail_threshold')) . " \n AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail"); } if (get_config('login_fail_check') && $r) { $auth_allow = 8; } else { $sqlLogin = "******"; if (get_config('case_insensitive_usernames')) { $sqlLogin = "******"; } else { $sqlLogin = "******"; } $myrow = Database::get()->querySingle("SELECT id, surname, givenname, password, username, status, email, lang, verified_mail\n FROM user WHERE username {$sqlLogin}", $posted_uname); //print_r($result); // cas might have alternative authentication defined $exists = 0; if (!isset($_COOKIE) or count($_COOKIE) == 0) { // Disallow login when cookies are disabled $auth_allow = 5; } elseif ($pass === '') { // Disallow login with empty password $auth_allow = 4; } else { if ($myrow) { $exists = 1; if (!empty($auth)) { if (in_array($myrow->password, $auth_ids)) { // alternate methods login $auth_allow = alt_login($myrow, $posted_uname, $pass); } else { // eclass login $auth_allow = login($myrow, $posted_uname, $pass); } } else { $tool_content .= "<br>{$langInvalidAuth}<br>"; } } } if (!$exists and !$auth_allow) { Log::record(0, 0, LOG_LOGIN_FAILURE, array('uname' => $posted_uname, 'pass' => $pass)); $auth_allow = 4; } } if (!isset($_SESSION['uid'])) { switch ($auth_allow) { case 1: $warning .= ""; session_regenerate_id(); break; case 2: $warning .= "<div class='alert alert-warning'>{$langInvalidId}</div>"; break; case 3: $warning .= "<div class='alert alert-warning'>{$langAccountInactive1} " . "<a href='modules/auth/contactadmin.php?userid={$inactive_uid}&h=" . token_generate("userid={$inactive_uid}") . "'>{$langAccountInactive2}</a></div>"; break; case 4: $warning .= "<div class='alert alert-warning'>{$langInvalidId}</div>"; increaseLoginFailure(); break; case 5: $warning .= "<div class='alert alert-warning'>{$langNoCookies}</div>"; break; case 6: $warning .= "<div class='alert alert-warning'>{$langEnterPlatform} <a href='{$urlServer}secure/index.php'>{$langHere}</a></div>"; break; case 7: $warning .= "<div class='alert alert-warning'>{$langEnterPlatform} <a href='{$urlServer}secure/cas.php'>{$langHere}</a></div>"; break; case 8: $warning .= "<div class='alert alert-warning'>{$langTooManyFails}</div>"; break; default: break; } } else { Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) " . "VALUES ({$_SESSION['uid']}, '{$_SERVER['REMOTE_ADDR']}', NOW(), 'LOGIN')"); if (get_config('email_verification_required') and get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) { $_SESSION['mail_verification_required'] = 1; $next = "modules/auth/mail_verify_change.php"; } elseif (isset($_POST['next'])) { $next = $_POST['next']; } else { $next = ''; } resetLoginFailure(); redirect_to_home_page($next); } } // end of user authentication }
function hybridauth_login() { //this is needed so as to include the HybridAuth error codes global $language, $language_codes, $siteName, $Institution, $InstitutionUrl; if (isset($language)) { // include_messages include "lang/$language/common.inc.php"; $extra_messages = "config/{$language_codes[$language]}.inc.php"; if (file_exists($extra_messages)) { include $extra_messages; } else { $extra_messages = false; } include "lang/$language/messages.inc.php"; if ($extra_messages) { include $extra_messages; } } // end HybridAuth messages inclusion global $warning; // include HubridAuth libraries require_once 'modules/auth/methods/hybridauth/config.php'; require_once 'modules/auth/methods/hybridauth/Hybrid/Auth.php'; $config = get_hybridauth_config(); // check for errors and whatnot $warning = ''; if (isset($_GET['error'])) { Session::Messages(q(trim(strip_tags($_GET['error'])))); } // if user select a provider to login with // then inlcude hybridauth config and main class // then try to authenticate te current user // finally redirect him to his profile page if (isset($_GET['provider'])) { try { // create an instance for Hybridauth with the configuration file path as parameter $hybridauth = new Hybrid_Auth($config); // set selected provider name $provider = @trim(strip_tags($_GET["provider"])); // try to authenticate the selected $provider $adapter = $hybridauth->authenticate( $provider ); // grab the user profile $user_data = $adapter->getUserProfile(); //user profile debug print //echo $user_data->displayName; //echo $user_data->email; //echo $user_data->photoURL; //echo $user_data->identifier; } catch (Exception $e) { // In case we have errors 6 or 7, then we have to use Hybrid_Provider_Adapter::logout() to // let hybridauth forget all about the user so we can try to authenticate again. // Display the recived error, // to know more please refer to Exceptions handling section on the userguide switch($e->getCode()) { case 0: Session::Messages($GLOBALS['langProviderError1']); break; case 1: Session::Messages($GLOBALS['langProviderError2']); break; case 2: Session::Messages($GLOBALS['langProviderError3']); break; case 3: Session::Messages($GLOBALS['langProviderError4']); break; case 4: Session::Messages($GLOBALS['langProviderError5']); break; case 5: Session::Messages($GLOBALS['langProviderError6']); break; case 6: Session::Messages($GLOBALS['langProviderError7']); $adapter->logout(); break; case 7: Session::Messages($GLOBALS['langProviderError8']); $adapter->logout(); break; } // debug messages for hybridauth errors //$warning .= "<br /><br /><b>Original error message:</b> " . $e->getMessage(); //$warning .= "<hr /><pre>Trace:<br />" . $e->getTraceAsString() . "</pre>"; return false; } } //endif( isset( $_GET["provider"] ) && $_GET["provider"] ) // ***************************** // from here on runs an alternative version of proccess_login() where // instead of a password, the provider user id is used and matched against // the corresponding field in the db table. global $surname, $givenname, $email, $status, $is_admin, $language, $langInvalidId, $langAccountInactive1, $langAccountInactive2, $langNoCookies, $langEnterPlatform, $urlServer, $langHere, $auth_ids, $inactive_uid, $langTooManyFails; $pass = $user_data->identifier; //password = provider user id $auth = get_auth_active_methods(); //$is_eclass_unique = is_eclass_unique(); unset($_SESSION['uid']); $auth_allow = 0; if (get_config('login_fail_check')) { $r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' AND COUNT > " . intval(get_config('login_fail_threshold')) . " AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail"); } if (get_config('login_fail_check') && $r) { $auth_allow = 8; } else { $auth_id = array_search(strtolower($provider), $auth_ids); $myrow = Database::get()->querySingle("SELECT user.id, surname, givenname, password, username, status, email, lang, verified_mail, uid FROM user, user_ext_uid WHERE user.id = user_ext_uid.user_id AND user_ext_uid.auth_id = ?d AND user_ext_uid.uid = ?s", $auth_id, $user_data->identifier); $exists = 0; if (!isset($_COOKIE) or count($_COOKIE) == 0) { // Disallow login when cookies are disabled $auth_allow = 5; } elseif ($myrow) { $exists = 1; if (!empty($auth)) { if (in_array($myrow->password, $auth_ids)) { // alternate methods login //$auth_allow = alt_login($myrow, $provider, $pass); //this should NOT be called during HybridAuth! } else { // eclass login $auth_allow = login($myrow, $provider, $pass, $provider); } } else { $tool_content .= "<br>$langInvalidAuth<br>"; } } if (!$exists and !$auth_allow) { // Since HybridAuth was used and there is not user id matched in the db, send the user to the registration form. header('Location: ' . $urlServer . 'modules/auth/registration.php?provider=' . $provider); // from this point and on, the code does not need to run since the user is redirected to the registration page $auth_allow = 4; } } if (!isset($_SESSION['uid'])) { switch ($auth_allow) { case 1: session_regenerate_id(); break; case 2: $warning .= "<p class='alert alert-warning'>$langInvalidId</p>"; break; case 3: $warning .= "<p class='alert alert-warning'>$langAccountInactive1 " . "<a href='modules/auth/contactadmin.php?userid=$inactive_uid&h=" . token_generate("userid=$inactive_uid") . "'>$langAccountInactive2</a></p>"; break; case 4: $warning .= "<p class='alert alert-warning'>$langInvalidId</p>"; increaseLoginFailure(); break; case 5: $warning .= "<p class='alert alert-warning'>$langNoCookies</p>"; break; case 6: $warning .= "<p class='alert alert-info'>$langEnterPlatform <a href='{$urlServer}secure/index.php'>$langHere</a></p>"; break; case 7: $warning .= "<p class='alert alert-info'>$langEnterPlatform <a href='{$urlServer}modules/auth/cas.php'>$langHere</a></p>"; break; case 8: $warning .= "<p class='alert alert-danger''>$langTooManyFails</p>"; break; } } else { Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) " . "VALUES ($_SESSION[uid], '$_SERVER[REMOTE_ADDR]', NOW(), 'LOGIN')"); if (get_config('email_verification_required') and get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) { $_SESSION['mail_verification_required'] = 1; $next = "modules/auth/mail_verify_change.php"; } elseif (isset($_POST['next'])) { $next = $_POST['next']; } else { $next = ''; } resetLoginFailure(); redirect_to_home_page($next); } }
function register() { $param = json_decode(file_get_contents('php://input'), true); //用户名 $username = $param['username']; if (empty($username)) { err_ret(-205, 'lack of param', '缺少参数'); } //密码 $password = $param['password']; if (empty($password)) { err_ret(-205, 'lack of param', '缺少参数'); } //昵称 $nicker = $param['nicker']; if (empty($nicker)) { err_ret(-205, 'lack of param', '缺少参数'); } $gender = $param['gender']; if ($gender != 0 && $gender != 1) { $gender = 0; //默认 男 } //头像 $header = $param['header']; if (empty($header)) { $header = ''; } //短信验证码 $verifycode = $param['verifycode']; if (empty($verifycode)) { err_ret(-306, 'lack of param verfiy', '验证码不能为空'); } //注册时间 $regtime = time(); $model = new Model('user_info'); //判断手机号是否注册过 $data['username'] = $username; $result = $model->where($data)->select(); if (count($result) > 0) { err_ret(-305, 'phone number is registered', '手机号已经注册过'); } //数据库插入一条记录,生成新用户 $data['username'] = $username; $data['password'] = $password; $data['nicker'] = $nicker; $data['header'] = $header; $data['regtime'] = $regtime; $data['gender'] = $gender; $lastId = $model->add($data); if (!$lastId) { err_ret(-311, 'register add new user failed', '注册添加新用户时失败'); } //删除此用户临时短信验证码 $delete_model = new Model('verify_tmp'); $condition['phone'] = $username; $condition['verifycode'] = $verifycode; $delete_model->where($condition)->delete(); // 删除id为最大的用户的短信验证码 //生成用户token并保存 $token = token_generate($lastId); $where['id'] = $lastId; $save['xtoken'] = $token; $count = $model->where($where)->save($save); if ($count == 0) { err_ret(-501, 'save token failed', '保存token失败'); } //注册环信 Vendor('EasemobApi.EasemobApi'); $ease = new \Easemob(); $result_arr = $ease->registerUser($username, $password, $nicker); if (isset($result_arr['error'])) { $delete_data['username'] = $username; $model->where($delete_data)->delete(); err_ret(-205, 'failed registered', '注册失败'); } $info['errno'] = 0; $info['xtoken'] = $token; $info['data']['nicker'] = $nicker; $info['data']['header'] = $header; $info['data']['uid'] = $lastId; echo json_encode($info); }
function display_user($user, $print_email = false, $icon = true, $class = "") { global $langAnonymous, $urlAppend; if (count($user) == 0) { return '-'; } elseif (is_array($user)) { $begin = true; $html = ''; foreach ($user as $user_data) { if (!isset($user->user_id)) { if ($begin) { $begin = false; } else { $html .= '<br>'; } $html .= display_user($user_data->user_id, $print_email); } } return $html; } elseif (!is_array($user)) { $r = Database::get()->querySingle("SELECT id, surname, givenname, email, has_icon FROM user WHERE id = ?d", $user); if ($r) { $user = $r; } else { if ($icon) { return profile_image(0, IMAGESIZE_SMALL) . ' ' . $langAnonymous; } else { return $langAnonymous; } } } if ($print_email) { $email = trim($user->email); $print_email = $print_email && !empty($email); } if ($icon) { $icon = profile_image($user->id, IMAGESIZE_SMALL, true) . ' '; } if (!empty($class)) { $class_str = "class='{$class}'"; } else { $class_str = ""; } $token = token_generate($user->id, true); return "{$icon}<a {$class_str} href='{$urlAppend}main/profile/display_profile.php?id={$user->id}&token={$token}'>" . q($user->givenname) . " " . q($user->surname) . "</a>" . ($print_email ? ' (' . mailto(trim($user->email), 'e-mail address hidden') . ')' : ''); }
LEFT JOIN admin a ON (a.user_id = u.id) WHERE u.email = ?s AND BINARY u.username = ?s AND a.user_id IS NULL AND (u.last_passreminder IS NULL OR DATE_SUB(CURRENT_TIMESTAMP, INTERVAL 1 HOUR) >= u.last_passreminder)", $email, $userName); //exclude admins and currently pending requests $found_editable_password = false; if ($res) { $text = $langPassResetIntro . $emailhelpdesk; $text .= $langHowToResetTitle; if (password_is_editable($res->password)) { $found_editable_password = true; //prepare instruction for password reset $text .= $langPassResetGoHere; $text .= $urlServer . "modules/auth/lostpass.php?u=$res->id&h=" . token_generate('password' . $res->id, true); // store the timestamp of this action (password reminding and token generation) Database::get()->query("UPDATE user SET last_passreminder = CURRENT_TIMESTAMP WHERE id = ?d" , $res->id); } else { //other type of auth... $auth = array_search($res->password, $auth_ids) or 1; $tool_content = "<div class='alert alert-danger'> <p><strong>$langPassCannotChange1</strong></p> <p>$langPassCannotChange2 " . get_auth_info($auth) . ". $langPassCannotChange3 <a href='mailto:$emailhelpdesk'>$emailhelpdesk</a> $langPassCannotChange4</p> $homelink</div>"; } /* * *** Account details found, now send e-mail **** */ if ($found_editable_password) { $emailsubject = $lang_remind_pass; if (!send_mail('', '', '', $email, $emailsubject, $text, $charset)) {
* Contact address: GUnet Asynchronous eLearning Group, * Network Operations Center, University of Athens, * Panepistimiopolis Ilissia, 15784, Athens, Greece * e-mail: info@openeclass.org * ======================================================================== */ $require_current_course = true; $guest_allowed = true; require_once '../../include/baseTheme.php'; require_once 'include/lib/multimediahelper.class.php'; require_once 'include/lib/mediaresource.factory.php'; require_once 'include/action.php'; $action = new action(); $action->record(MODULE_ID_VIDEO); // ---------------------- // play video // ---------------------- $row = Database::get()->querySingle("SELECT * FROM video WHERE course_id = ?d AND id = ?d", $course_id, $_GET['id']); if ($row) { $vObj = MediaResourceFactory::initFromVideo($row); $token = token_generate($row->path, true); // generate new token $vObj->setAccessURL($vObj->getAccessURL() . '&token=' . $token); // append token to accessurl echo MultimediaHelper::mediaHtmlObject($vObj); } else { header("Location: ${urlServer}modules/video/index.php?course=$course_code"); }
/** * Function used to print a honeypot * * This implements multiple mechanism to prevent bots on forms. * hp field will be hidden via JavaScript - only bots will fill it out. * hpr field will be removed via JavaScript - only bots will leave it in. * hp_token will contain a session token bound to this session user + form * hp_timestamp the current time. */ function getHoneypot() { if ($this->form['honeypot']) { token_generate(); // Generate a new session token $honeypot = array('<input class="hp" type="text" name="' . token_hash('hp_empty') . '" />', '<input class="hpr" type="text" name="' . token_hash('hp_removed') . '" />', '<input type="hidden" name="' . token_hash('hp_token') . '" value="' . session('token') . '" />', '<input type="hidden" name="' . token_hash('hp_timestamp') . '" value="' . time() . '" />'); if (shuffle($honeypot)) { foreach ($honeypot as $field) { echo $field; } // Output the honeypot fields } } }
/** * Provide replacement values for placeholder tokens. * * This hook is invoked when someone calls token_replace(). That function first * scans the text for [type:token] patterns, and splits the needed tokens into * groups by type. Then hook_tokens() is invoked on each token-type group, * allowing your module to respond by providing replacement text for any of * the tokens in the group that your module knows how to process. * * A module implementing this hook should also implement hook_token_info() in * order to list its available tokens on editing screens. * * @param $type * The machine-readable name of the type (group) of token being replaced, such * as 'node', 'user', or another type defined by a hook_token_info() * implementation. * @param $tokens * An array of tokens to be replaced. The keys are the machine-readable token * names, and the values are the raw [type:token] strings that appeared in the * original text. * @param $data * (optional) An associative array of data objects to be used when generating * replacement values, as supplied in the $data parameter to token_replace(). * @param $options * (optional) An associative array of options for token replacement; see * token_replace() for possible values. * * @return * An associative array of replacement values, keyed by the raw [type:token] * strings from the original text. * * @see hook_token_info() * @see hook_tokens_alter() */ function hook_tokens($type, $tokens, array $data = array(), array $options = array()) { $url_options = array('absolute' => TRUE); if (isset($options['language'])) { $url_options['language'] = $options['language']; $language_code = $options['language']->language; } else { $language_code = NULL; } $sanitize = !empty($options['sanitize']); $replacements = array(); if ($type == 'node' && !empty($data['node'])) { $node = $data['node']; foreach ($tokens as $name => $original) { switch ($name) { // Simple key values on the node. case 'nid': $replacements[$original] = $node->nid; break; case 'title': $replacements[$original] = $sanitize ? check_plain($node->title) : $node->title; break; case 'edit-url': $replacements[$original] = url('node/' . $node->nid . '/edit', $url_options); break; // Default values for the chained tokens handled below. // Default values for the chained tokens handled below. case 'author': $name = $node->uid == 0 ? variable_get('anonymous', t('Anonymous')) : $node->name; $replacements[$original] = $sanitize ? filter_xss($name) : $name; break; case 'created': $replacements[$original] = format_date($node->created, 'medium', '', NULL, $language_code); break; } } if ($author_tokens = token_find_with_prefix($tokens, 'author')) { $author = user_load($node->uid); $replacements += token_generate('user', $author_tokens, array('user' => $author), $options); } if ($created_tokens = token_find_with_prefix($tokens, 'created')) { $replacements += token_generate('date', $created_tokens, array('date' => $node->created), $options); } } return $replacements; }
/** * @brief Define the RSS constant, used by the template system, to the module's RSS link */ function define_rss_link() { global $uid, $course_code, $course_id, $module_id, $modules; $module_name = $modules[$module_id]['link']; $link = 'modules/' . $module_name . '/rss.php?c=' . $course_code; $course_status = course_status($course_id); if ($course_status == COURSE_INACTIVE) { return; } elseif ($course_status != COURSE_OPEN or $_SESSION['courses'][$course_code]) { $link .= '&uid=' . $uid . '&token=' . token_generate($module_name . $uid . $course_code); } define('RSS', $link); }
if ($q1) { Database::get()->query('INSERT INTO user_ext_uid SET user_id = ?d, auth_id = ?d, uid = ?s', $q1->lastInsertID, $auth, $user_data->identifier); } } $last_id = $q1->lastInsertID; $userObj->refresh($last_id, $departments); user_hook($last_id); //fill custom profile fields process_profile_fields_data(array('uid' => $last_id, 'origin' => 'student_register')); if ($vmail) { $hmac = token_generate($uname . $email . $last_id); } $emailsubject = "$langYourReg $siteName"; $telephone = get_config('phone'); $administratorName = get_config('admin_name'); $emailhelpdesk = get_config('email_helpdesk'); $emailbody = "$langDestination $givenname_form $surname_form\n" . "$langYouAreReg $siteName $langSettings $uname\n" . "$langPass: $password\n$langAddress $siteName: " . "$urlServer\n" . ($vmail ? "\n$langMailVerificationSuccess.\n$langMailVerificationClick\n$urlServer" . "modules/auth/mail_verify.php?h=" . $hmac . "&id=" . $last_id . "\n" : "") . "$langProblem\n$langFormula\n" . "$administratorName\n" . "$langManager $siteName \n$langTel $telephone\n" . "$langEmail: $emailhelpdesk";
private function __construct() { $this->token = token_generate(); }