private function resetpw()
 {
     // Further security
     if (empty($this->error) && isset($_POST['reset']) && isset($this->key)) {
         // Delete the recovery key so it can't be reused
         $params = array(':email' => $this->email);
         parent::query("DELETE FROM `login_confirm` WHERE `email` = :email AND `type` = 'forgot_pw'", $params);
         // Resets their password
         $params = array(':password' => parent::hashPassword($this->password), ':email' => $this->email);
         parent::query("UPDATE `login_users` SET `password` = :password WHERE `email` = :email;", $params);
         $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->name, 'username' => $this->user);
         $subj = parent::getOption('email-forgot-success-subj');
         $msg = parent::getOption('email-forgot-success-msg');
         // Send an email confirming their password reset
         if (!parent::sendEmail($this->email, $subj, $msg, $shortcodes)) {
             $this->error = "ERROR. Mail not sent";
         }
         echo "<div class='alert alert-success'>" . _('Successfully reset your password') . "</div>";
         echo "<h2>" . _('Account Recovery') . "</h2>";
         echo "<p>" . _('If you need any further assistance please contact the website administrator:') . " " . address . "</p>";
         include_once 'footer.php';
         exit;
     } else {
         echo $this->error;
     }
 }
 private function process()
 {
     if (!empty($this->error)) {
         return false;
     }
     // Ticked the 'delete user' box?
     if (!empty($this->options['delete'])) {
         $params = array(':id' => $this->id);
         $sql = array();
         $sql[] = "DELETE FROM login_users WHERE user_id = :id;";
         $sql[] = "DELETE FROM login_integration WHERE user_id = :id;";
         $sql[] = "DELETE FROM login_profiles WHERE user_id = :id;";
         $sql[] = "DELETE FROM login_timestamps WHERE user_id = :id;";
         foreach ($sql as $do) {
             parent::query($do, $params);
         }
         $result = sprintf("<div class='alert alert-success'>" . _('User removed from the database:') . " <b>%s</b> (%s).</div>", $this->options['name'], $this->options['username']);
         parent::displayMessage($result);
     }
     if (!empty($this->options['password'])) {
         $params = array(':restrict' => $this->options['restricted'], ':name' => $this->options['name'], ':email' => $this->options['email'], ':level' => $this->options['user_level'], ':password' => parent::hashPassword($this->options['password']), ':id' => $this->id);
         $sql = "UPDATE `login_users` SET `restricted` = :restrict, `name` = :name, `email` = :email, `user_level` = :level, `password` = :password WHERE `user_id` = :id;";
         parent::query($sql, $params);
         $result = sprintf("<div class='alert alert-success'>" . _('User information (and password) updated for') . " <b>%s</b> (%s).</div>", $this->options['name'], $this->options['username']);
     } else {
         $params = array(':restrict' => $this->options['restricted'], ':name' => $this->options['name'], ':email' => $this->options['email'], ':level' => $this->options['user_level'], ':id' => $this->id);
         $format = array('%d', '%s', '%s', '%s', '%d');
         $sql = "UPDATE `login_users` SET `restricted` = :restrict, `name` = :name, `email` = :email, `user_level` = :level WHERE `user_id` = :id;";
         parent::query($sql, $params, $format);
         $result = sprintf("<div class='alert alert-success'>" . _('User information updated for') . " <b>%s</b> (%s).</div>", $this->options['name'], $this->options['username']);
     }
     // Checkbox handling
     $sql = "SELECT * FROM `login_profile_fields`;";
     $stmt = parent::query($sql);
     while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
         $name = 'p-' . $row['id'];
         if ($row['type'] == 'checkbox') {
             $this->options[$name] = !empty($this->options[$name]) ? 1 : 0;
         }
     }
     // Update profile fields
     foreach ($this->options as $field => $value) {
         if (strstr($field, 'p-')) {
             $field = str_replace('p-', '', $field);
             parent::updateOption($field, $value, true, $this->options['user_id']);
         }
     }
     /* Time to send our welcome email! */
     if (!empty($this->sendWelcome)) {
         $msg = parent::getOption('email-welcome-msg');
         $subj = parent::getOption('email-welcome-subj');
         $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->options['name'], 'username' => $this->options['username'], 'email' => $this->options['email']);
         if (!parent::sendEmail($shortcodes['email'], $subj, $msg, $shortcodes)) {
             $this->error = _('ERROR. Mail not sent');
         }
     }
     return $result;
 }
Example #3
0
 private function register()
 {
     if (empty($this->error)) {
         /* See if the admin requires new users to activate */
         $requireActivate = parent::getOption('user-activation-enable');
         /* Log user in when they register */
         $_SESSION['jigowatt']['username'] = $this->settings[$this->username_type];
         /* Apply default user_level */
         $_SESSION['jigowatt']['user_level'] = unserialize(parent::getOption('default-level'));
         if ($requireActivate) {
             $_SESSION['jigowatt']['activate'] = 1;
         }
         $_SESSION['jigowatt']['gravatar'] = parent::get_gravatar($this->settings['email'], true, 26);
         /* Create their account */
         $sql = "INSERT INTO accounts (user_level, name, email, username, password)\n\t\t\t\t\t\tVALUES (:user_level, :name, :email, :{$this->username_type}, :password);";
         $params = array(':user_level' => parent::getOption('default-level'), ':name' => $this->settings['name'], ':email' => $this->settings['email'], ':username' => $this->settings['username'], ':password' => parent::hashPassword($this->settings['password']));
         if ($this->use_emails) {
             unset($params[':username']);
         }
         parent::query($sql, $params);
         $user_id = parent::$dbh->lastInsertId();
         $_SESSION['jigowatt']['user_id'] = $user_id;
         /* Social integration. */
         if (!empty($_SESSION['jigowatt']['facebookMisc'])) {
             $link = 'facebook';
             $id = $_SESSION['jigowatt']['facebookMisc']['id'];
         }
         if (!empty($_SESSION['jigowatt']['openIDMisc'])) {
             $link = $_SESSION['jigowatt']['openIDMisc']['type'];
             $id = $_SESSION['jigowatt']['openIDMisc'][$link];
         }
         if (!empty($_SESSION['jigowatt']['twitterMisc'])) {
             $link = 'twitter';
             $id = $_SESSION['jigowatt']['twitterMisc']['id'];
         }
         if (!empty($link)) {
             $params = array(':user_id' => $user_id, ':id' => $id);
             parent::query("INSERT INTO `login_integration` (`user_id`, `{$link}`) VALUES (:user_id, :id);", $params);
         }
         // Update profile fields
         foreach ($this->settings as $field => $value) {
             if (strstr($field, 'p-')) {
                 $field = str_replace('p-', '', $field);
                 parent::updateOption($field, $value, true, $user_id);
             }
         }
         /* Create the activation key */
         if ($requireActivate) {
             $key = md5(uniqid(mt_rand(), true));
             $sql = sprintf("INSERT INTO `login_confirm` (`username`, `key`, `email`, `type`)\n\t\t\t\t\t\t\t\tVALUES ('%s', '%s', '%s', '%s');", $this->settings[$this->username_type], $key, $this->settings['email'], 'new_user');
             parent::query($sql);
         }
         $disable_welcome_email = parent::getOption('email-welcome-disable');
         if (!$disable_welcome_email) {
             /* Send welcome email to new user. */
             $msg = parent::getOption('email-welcome-msg');
             $subj = parent::getOption('email-welcome-subj');
             $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->settings['name'], 'username' => $this->settings[$this->username_type], 'email' => $this->settings['email'], 'activate' => $requireActivate ? SITE_PATH . "activate.php?key={$key}" : '');
             if (!parent::sendEmail($this->settings['email'], $subj, $msg, $shortcodes)) {
                 $this->error = _('ERROR. Mail not sent');
             }
         }
         /* Admin notification of new user. */
         $notifyNewUsers = parent::getOption('notify-new-user-enable');
         if (!empty($notifyNewUsers)) {
             $msg = parent::getOption('email-new-user-msg');
             $subj = parent::getOption('email-new-user-subj');
             unset($shortcodes['activate']);
             $userGroup = parent::getOption('notify-new-users');
             if (!empty($userGroup)) {
                 $userGroup = unserialize($userGroup);
                 /* Variable to store all the email addresses of each chosen group. */
                 $emails = array();
                 foreach ($userGroup as $level_id) {
                     /* Grab all users within the user group. */
                     $params = array(':level_id' => '%:"' . $level_id . '";%');
                     $sql = "SELECT * FROM `accounts` WHERE `user_level` LIKE :level_id";
                     $stmt = parent::query($sql, $params);
                     /* Send email to each user in group. */
                     while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
                         $emails[] = $row['email'];
                     }
                 }
                 /* Remove duplicates for users with multiple user groups. */
                 $emails = array_unique($emails);
                 if (!parent::sendEmail($emails, $subj, $msg, $shortcodes, true)) {
                     $this->error = _('ERROR. Mail not sent');
                 }
             }
         }
         unset($_SESSION['jigowatt']['referer'], $_SESSION['jigowatt']['token'], $_SESSION['jigowatt']['facebookMisc'], $_SESSION['jigowatt']['twitterMisc'], $_SESSION['jigowatt']['openIDMisc']);
         /* After registering, redirect to the page the admin has set in Settings > General > Redirect Options. */
         header('Location: ' . parent::getOption('new-user-redirect'));
         exit;
     }
 }
 private function adduser()
 {
     if (!empty($this->error)) {
         return false;
     }
     $params = array(':user_level' => parent::getOption('default-level'), ':name' => $this->name, ':email' => $this->email, ':username' => $this->username, ':password' => parent::hashPassword($this->password));
     parent::query("INSERT INTO `login_users` (`user_level`, `name`, `email`, `username`, `password`)\n\t\t\t\t\t\tVALUES (:user_level, :name, :email, :username, :password);", $params);
     $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->name, 'username' => $this->username, 'email' => $this->email, 'password' => $this->password);
     $subj = parent::getOption('email-add-user-subj');
     $msg = parent::getOption('email-add-user-msg');
     if (!parent::sendEmail($this->email, $subj, $msg, $shortcodes)) {
         $this->error = _('ERROR. Mail not sent');
     }
     $this->result = "<div class='alert alert-success'>" . sprintf(_('Successfully added user <b>%s</b> to the database. Credentials sent to user.'), $this->username) . "</div>";
 }
Example #5
0
 private function process()
 {
     $params = array(':name' => $this->settings['name'], ':username' => $this->username);
     parent::query("UPDATE `accounts` SET `name` = :name WHERE {$this->username_type} = :username", $params);
     $this->error = "<div class='alert alert-success'>" . _('User information updated for') . " <b>" . $this->settings['name'] . "</b> ({$this->username}).</div>";
     $params = array(':username' => $this->username);
     $stmt = parent::query("SELECT `email` FROM `accounts` WHERE {$this->username_type} = :username;", $params);
     $email = $stmt->fetch();
     $email = $email[0];
     if (!empty($this->settings['password']) || $this->settings['email'] != $email) {
         $key = md5(uniqid(mt_rand(), true));
         $params = array(':username' => $this->username, ':key' => $key, ':email' => $this->settings['email'], ':type' => 'update_emailPw', ':data' => empty($this->settings['password']) ? '' : parent::hashPassword($this->settings['password']));
         $sql = "INSERT INTO `login_confirm` (`username`, `key`, `email`, `type`, `data`)\n\t\t\t\t\tVALUES (:username, :key, :email, :type, :data);";
         parent::query($sql, $params);
         $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->settings['name'], 'username' => $this->username, 'confirm' => SITE_PATH . "profile.php?key={$key}");
         $subj = parent::getOption('email-acct-update-subj');
         $msg = parent::getOption('email-acct-update-msg');
         // Send an email with key
         if (!parent::sendEmail($email, $subj, $msg, $shortcodes)) {
             $this->error = '<div class="alert alert-error">' . _('ERROR. Mail not sent') . '</div>';
         } else {
             $this->error = "<div class='alert alert-warning'>" . _('Check your email to confirm this change.') . '</div>';
         }
     }
     // Update profile fields
     foreach ($this->settings as $field => $value) {
         if (strstr($field, 'p-')) {
             $field = str_replace('p-', '', $field);
             parent::updateOption($field, $value, true, $this->settings['user_id']);
         }
     }
 }