public function displayLevels() { $stmt = parent::query('SELECT level_name, level_level FROM login_levels'); ?> <select class="form-control chzn-select" data-placeholder="<?php _e('Select your levels'); ?> " multiple="multiple" id="to-levels" name="to-levels[]"> <?php while ($level = $stmt->fetch()) { ?> <option value="<?php echo $level['level_level']; ?> "><?php echo $level['level_name']; ?> </option> <?php } ?> </select> <?php }
private function signedIn() { // Check if user needs activation $params = array(':username' => $this->user); $stmt = parent::query("SELECT * FROM `login_confirm` WHERE `username` = :username AND `type` = 'new_user';", $params); if ($stmt->rowCount() < 1) { unset($_SESSION['jigowatt']['activate']); $this->error = '<div class="alert alert-danger">' . _('Your account has already been activated.') . '</div> <h5>' . _('What to do now?') . '</h5> <p>' . sprintf(_('Go to the <a href="%s"> homepage</a>'), 'home.php') . '</p>'; } else { $this->error = '<div class="alert alert-danger">' . _('You have not activated your account yet.') . '</div> <h5>' . _('What to do now?') . '</h5>' . '<p>' . _('Please follow the link in your email to activate your account.') . '</p>' . '<p>' . sprintf(_('Would you like us to <a href="%s">resend</a> the link?'), 'activate.php?resend=1') . '</p>'; } }
private function process() { if (!empty($this->error)) { return false; } // Ticked the 'delete user' box? if (!empty($this->options['delete'])) { $params = array(':id' => $this->id); $sql = array(); $sql[] = "DELETE FROM login_users WHERE user_id = :id;"; $sql[] = "DELETE FROM login_integration WHERE user_id = :id;"; $sql[] = "DELETE FROM login_profiles WHERE user_id = :id;"; $sql[] = "DELETE FROM login_timestamps WHERE user_id = :id;"; foreach ($sql as $do) { parent::query($do, $params); } $result = sprintf("<div class='alert alert-success'>" . _('User removed from the database:') . " <b>%s</b> (%s).</div>", $this->options['name'], $this->options['username']); parent::displayMessage($result); } if (!empty($this->options['password'])) { $params = array(':restrict' => $this->options['restricted'], ':name' => $this->options['name'], ':email' => $this->options['email'], ':level' => $this->options['user_level'], ':password' => parent::hashPassword($this->options['password']), ':id' => $this->id); $sql = "UPDATE `login_users` SET `restricted` = :restrict, `name` = :name, `email` = :email, `user_level` = :level, `password` = :password WHERE `user_id` = :id;"; parent::query($sql, $params); $result = sprintf("<div class='alert alert-success'>" . _('User information (and password) updated for') . " <b>%s</b> (%s).</div>", $this->options['name'], $this->options['username']); } else { $params = array(':restrict' => $this->options['restricted'], ':name' => $this->options['name'], ':email' => $this->options['email'], ':level' => $this->options['user_level'], ':id' => $this->id); $format = array('%d', '%s', '%s', '%s', '%d'); $sql = "UPDATE `login_users` SET `restricted` = :restrict, `name` = :name, `email` = :email, `user_level` = :level WHERE `user_id` = :id;"; parent::query($sql, $params, $format); $result = sprintf("<div class='alert alert-success'>" . _('User information updated for') . " <b>%s</b> (%s).</div>", $this->options['name'], $this->options['username']); } // Checkbox handling $sql = "SELECT * FROM `login_profile_fields`;"; $stmt = parent::query($sql); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $name = 'p-' . $row['id']; if ($row['type'] == 'checkbox') { $this->options[$name] = !empty($this->options[$name]) ? 1 : 0; } } // Update profile fields foreach ($this->options as $field => $value) { if (strstr($field, 'p-')) { $field = str_replace('p-', '', $field); parent::updateOption($field, $value, true, $this->options['user_id']); } } /* Time to send our welcome email! */ if (!empty($this->sendWelcome)) { $msg = parent::getOption('email-welcome-msg'); $subj = parent::getOption('email-welcome-subj'); $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->options['name'], 'username' => $this->options['username'], 'email' => $this->options['email']); if (!parent::sendEmail($shortcodes['email'], $subj, $msg, $shortcodes)) { $this->error = _('ERROR. Mail not sent'); } } return $result; }
private function addlevel() { if (isset($_POST['add_level']) && empty($this->error)) { $params = array(':authLevel' => $this->auth); $stmt = parent::query("SELECT * FROM `login_levels` WHERE `level_level` = :authLevel", $params); if ($stmt->rowCount() > 0) { $this->error = '<div class="alert alert-danger">' . _('Auth level') . ' <b>' . $this->auth . '</b> ' . _('already exists') . '</b>.</div>'; return false; } $params = array(':level_name' => $this->level, ':auth_level' => $this->auth); parent::query("INSERT INTO `login_levels` (`level_name`, `level_level`, `level_disabled`)\n\t\t\t\t\t\t VALUES (:level_name, :auth_level, '0')", $params); $this->error = "<div class='alert alert-success'>" . sprintf(_('Successfully added level <b>%s</b> to the database.'), $this->level) . "</div>"; $this->level = ''; $this->auth = ''; } echo $this->error; exit; }
private function register() { if (empty($this->error)) { /* See if the admin requires new users to activate */ $requireActivate = parent::getOption('user-activation-enable'); /* Log user in when they register */ $_SESSION['jigowatt']['username'] = $this->settings[$this->username_type]; /* Apply default user_level */ $_SESSION['jigowatt']['user_level'] = unserialize(parent::getOption('default-level')); if ($requireActivate) { $_SESSION['jigowatt']['activate'] = 1; } $_SESSION['jigowatt']['gravatar'] = parent::get_gravatar($this->settings['email'], true, 26); /* Create their account */ $sql = "INSERT INTO accounts (user_level, name, email, username, password)\n\t\t\t\t\t\tVALUES (:user_level, :name, :email, :{$this->username_type}, :password);"; $params = array(':user_level' => parent::getOption('default-level'), ':name' => $this->settings['name'], ':email' => $this->settings['email'], ':username' => $this->settings['username'], ':password' => parent::hashPassword($this->settings['password'])); if ($this->use_emails) { unset($params[':username']); } parent::query($sql, $params); $user_id = parent::$dbh->lastInsertId(); $_SESSION['jigowatt']['user_id'] = $user_id; /* Social integration. */ if (!empty($_SESSION['jigowatt']['facebookMisc'])) { $link = 'facebook'; $id = $_SESSION['jigowatt']['facebookMisc']['id']; } if (!empty($_SESSION['jigowatt']['openIDMisc'])) { $link = $_SESSION['jigowatt']['openIDMisc']['type']; $id = $_SESSION['jigowatt']['openIDMisc'][$link]; } if (!empty($_SESSION['jigowatt']['twitterMisc'])) { $link = 'twitter'; $id = $_SESSION['jigowatt']['twitterMisc']['id']; } if (!empty($link)) { $params = array(':user_id' => $user_id, ':id' => $id); parent::query("INSERT INTO `login_integration` (`user_id`, `{$link}`) VALUES (:user_id, :id);", $params); } // Update profile fields foreach ($this->settings as $field => $value) { if (strstr($field, 'p-')) { $field = str_replace('p-', '', $field); parent::updateOption($field, $value, true, $user_id); } } /* Create the activation key */ if ($requireActivate) { $key = md5(uniqid(mt_rand(), true)); $sql = sprintf("INSERT INTO `login_confirm` (`username`, `key`, `email`, `type`)\n\t\t\t\t\t\t\t\tVALUES ('%s', '%s', '%s', '%s');", $this->settings[$this->username_type], $key, $this->settings['email'], 'new_user'); parent::query($sql); } $disable_welcome_email = parent::getOption('email-welcome-disable'); if (!$disable_welcome_email) { /* Send welcome email to new user. */ $msg = parent::getOption('email-welcome-msg'); $subj = parent::getOption('email-welcome-subj'); $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->settings['name'], 'username' => $this->settings[$this->username_type], 'email' => $this->settings['email'], 'activate' => $requireActivate ? SITE_PATH . "activate.php?key={$key}" : ''); if (!parent::sendEmail($this->settings['email'], $subj, $msg, $shortcodes)) { $this->error = _('ERROR. Mail not sent'); } } /* Admin notification of new user. */ $notifyNewUsers = parent::getOption('notify-new-user-enable'); if (!empty($notifyNewUsers)) { $msg = parent::getOption('email-new-user-msg'); $subj = parent::getOption('email-new-user-subj'); unset($shortcodes['activate']); $userGroup = parent::getOption('notify-new-users'); if (!empty($userGroup)) { $userGroup = unserialize($userGroup); /* Variable to store all the email addresses of each chosen group. */ $emails = array(); foreach ($userGroup as $level_id) { /* Grab all users within the user group. */ $params = array(':level_id' => '%:"' . $level_id . '";%'); $sql = "SELECT * FROM `accounts` WHERE `user_level` LIKE :level_id"; $stmt = parent::query($sql, $params); /* Send email to each user in group. */ while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $emails[] = $row['email']; } } /* Remove duplicates for users with multiple user groups. */ $emails = array_unique($emails); if (!parent::sendEmail($emails, $subj, $msg, $shortcodes, true)) { $this->error = _('ERROR. Mail not sent'); } } } unset($_SESSION['jigowatt']['referer'], $_SESSION['jigowatt']['token'], $_SESSION['jigowatt']['facebookMisc'], $_SESSION['jigowatt']['twitterMisc'], $_SESSION['jigowatt']['openIDMisc']); /* After registering, redirect to the page the admin has set in Settings > General > Redirect Options. */ header('Location: ' . parent::getOption('new-user-redirect')); exit; } }
private function adduser() { if (!empty($this->error)) { return false; } $params = array(':user_level' => parent::getOption('default-level'), ':name' => $this->name, ':email' => $this->email, ':username' => $this->username, ':password' => parent::hashPassword($this->password)); parent::query("INSERT INTO `login_users` (`user_level`, `name`, `email`, `username`, `password`)\n\t\t\t\t\t\tVALUES (:user_level, :name, :email, :username, :password);", $params); $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->name, 'username' => $this->username, 'email' => $this->email, 'password' => $this->password); $subj = parent::getOption('email-add-user-subj'); $msg = parent::getOption('email-add-user-msg'); if (!parent::sendEmail($this->email, $subj, $msg, $shortcodes)) { $this->error = _('ERROR. Mail not sent'); } $this->result = "<div class='alert alert-success'>" . sprintf(_('Successfully added user <b>%s</b> to the database. Credentials sent to user.'), $this->username) . "</div>"; }
public function returnLevels($id = 'default-level') { $option = parent::getOption($id); $ids = !empty($option) ? unserialize($option) : array(''); $placeholder = array_fill(0, count($ids), '?'); $sql = "SELECT level_name, level_level FROM login_levels WHERE level_disabled != 1 AND level_level NOT IN (" . implode(',', $placeholder) . ")"; $stmt2 = parent::query($sql, $ids); $sql = "SELECT level_name, level_level FROM login_levels WHERE level_level IN (" . implode(',', $placeholder) . ")"; $stmt3 = parent::query($sql, $ids); ?> <select class="form-control chzn-select" data-placeholder="<?php _e('Select your levels'); ?> " multiple="multiple" id="<?php echo $id; ?> " name="<?php echo $id; ?> []"> <?php while ($level = $stmt3->fetch()) { ?> <?php echo $level['level_level']; ?> <option selected="selected" value="<?php echo $level['level_level']; ?> "><?php echo $level['level_name']; ?> </option> <?php } ?> <?php while ($level = $stmt2->fetch()) { ?> <option value="<?php echo $level['level_level']; ?> "><?php echo $level['level_name']; ?> </option> <?php } ?> </select> <?php }
public function countSocialUsers($type, $range = false) { if (empty($this->socialMethods[$type])) { return false; } if (!$range) { $sql = "SELECT * FROM `login_integration` WHERE `{$type}` IS NOT NULL AND trim(`{$type}`) <> '';"; } else { $sql = sprintf("SELECT * FROM `login_integration`\n\t\t\t\t\tWHERE `{$type}` IS NOT NULL\n\t\t\t\t\tAND trim(`{$type}`) <> ''\n\t\t\t\t\tAND date(`timestamp`) >= '%s'\n\t\t\t\t\tAND date(`timestamp`) <= '%s'\n\t\t\t\t\tORDER BY `timestamp` ASC;", date('Y-m-d', $this->start_date), date('Y-m-d', $this->end_date)); } $query = parent::query($sql); return $query->rowCount(); }
private function process() { $params = array(':name' => $this->settings['name'], ':username' => $this->username); parent::query("UPDATE `accounts` SET `name` = :name WHERE {$this->username_type} = :username", $params); $this->error = "<div class='alert alert-success'>" . _('User information updated for') . " <b>" . $this->settings['name'] . "</b> ({$this->username}).</div>"; $params = array(':username' => $this->username); $stmt = parent::query("SELECT `email` FROM `accounts` WHERE {$this->username_type} = :username;", $params); $email = $stmt->fetch(); $email = $email[0]; if (!empty($this->settings['password']) || $this->settings['email'] != $email) { $key = md5(uniqid(mt_rand(), true)); $params = array(':username' => $this->username, ':key' => $key, ':email' => $this->settings['email'], ':type' => 'update_emailPw', ':data' => empty($this->settings['password']) ? '' : parent::hashPassword($this->settings['password'])); $sql = "INSERT INTO `login_confirm` (`username`, `key`, `email`, `type`, `data`)\n\t\t\t\t\tVALUES (:username, :key, :email, :type, :data);"; parent::query($sql, $params); $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->settings['name'], 'username' => $this->username, 'confirm' => SITE_PATH . "profile.php?key={$key}"); $subj = parent::getOption('email-acct-update-subj'); $msg = parent::getOption('email-acct-update-msg'); // Send an email with key if (!parent::sendEmail($email, $subj, $msg, $shortcodes)) { $this->error = '<div class="alert alert-error">' . _('ERROR. Mail not sent') . '</div>'; } else { $this->error = "<div class='alert alert-warning'>" . _('Check your email to confirm this change.') . '</div>'; } } // Update profile fields foreach ($this->settings as $field => $value) { if (strstr($field, 'p-')) { $field = str_replace('p-', '', $field); parent::updateOption($field, $value, true, $this->settings['user_id']); } } }
/** * * @param unknown $provider * @return unknown */ private function unlink($provider) { if (!in_array($provider, self::$socialLogin)) { return false; } if (empty($this->result[$provider])) { parent::displayMessage(sprintf('<div class="alert alert-warning">' . _('You are not yet linked with %s') . '</div>', ucwords($provider)), false); return false; } $params = array(':user_id' => $_SESSION['jigowatt']['user_id']); $sql = "UPDATE `login_integration` SET {$provider} = null WHERE `user_id` = :user_id;"; parent::query($sql, $params); unset($_SESSION['jigowatt'][$provider]); parent::displayMessage(sprintf('<div class="alert alert-success">' . _('Successfully unlinked from %s') . '</div>', ucwords($provider)), false); }
public function modal_process() { if (isset($_POST['usernamemail'])) { $usernamemail = parent::secure($_POST['usernamemail']); // The input field wasn't filled out if (empty($usernamemail)) { $this->error = '<div class="alert alert-danger">' . _('Please enter your username or email address.') . '</div>'; } else { $params = array(':usernameEmail' => $usernamemail); $stmt = parent::query("SELECT * FROM `login_users` WHERE `username` = :usernameEmail OR `email` = :usernameEmail;", $params); if ($stmt->rowCount() > 0) { $row = $stmt->fetch(); // Reuse the email variable. $email = $row['email']; // Check that a recovery key doesn't already exist, if it does, remove it. $params = array(':email' => $email); $stmt = parent::query("SELECT * FROM `login_confirm` WHERE `email` = :email AND `type` = 'forgot_pw';", $params); if ($stmt->rowCount() > 0) { parent::query("DELETE FROM `login_confirm` WHERE email = :email AND `type` = 'forgot_pw';", $params); } // Generate a new recovery key $key = md5(uniqid(mt_rand(), true)); $params = array(':email' => $email, ':key' => $key); parent::query("INSERT INTO `login_confirm` (`email`, `key`, `type`) VALUES (:email, :key, 'forgot_pw');", $params); $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $row['name'], 'username' => $row['username'], 'reset' => SITE_PATH . "forgot.php?key={$key}"); $subj = parent::getOption('email-forgot-subj'); $msg = parent::getOption('email-forgot-msg'); // Send an email confirming their password reset if (!parent::sendEmail($email, $subj, $msg, $shortcodes)) { $this->error = '<div class="alert alert-danger">' . _('ERROR. Mail not sent') . '</div>'; } else { $this->error = "<div class='alert alert-success'>" . _('We\'ve emailed you password reset instructions. Check your email.') . "</div>"; } } else { $this->error = '<div class="alert alert-danger">' . _('This account does not exist.') . '</div>'; } } echo $this->error; } }
private function process($delete = false) { if (!empty($this->error)) { return false; } if ($delete) { $params = array(':level' => '%:"' . $this->options['level_id'] . '";%'); $stmt = parent::query("SELECT COUNT(user_level) FROM login_users WHERE user_level LIKE :level;", $params); $result = $stmt->fetch(); if ($result[0] > 0) { $this->error = _("This level still has users in it!"); return false; } $params = array(':level' => $this->options['level_id']); $stmt = parent::query("DELETE FROM `login_levels` WHERE `id` = :level;", $params); $this->result = sprintf(_('Level <b>%s</b> removed from database.'), $this->options['level_name']); } else { $params = array(':name' => $this->options['level_name'], ':level' => !$this->isAdmin ? $this->options['level_level'] : 1, ':welcome' => !empty($this->options['welcome_email']) ? 1 : 0, ':disabled' => !empty($this->options['level_disabled']) && !$this->isAdmin ? 1 : 0, ':redirect' => $this->options['redirect'], ':id' => $this->options['level_id']); $stmt = parent::query("UPDATE login_levels SET level_name = :name, level_level = :level, level_disabled = :disabled, redirect = :redirect, `welcome_email` = :welcome WHERE id = :id;", $params); $this->result = sprintf(_('Information updated for level <b>%s</b>.'), $this->options['level_name']); } }
private function upgrade_321() { // Change username column to 255 length to allow for emails $sql = "ALTER TABLE `login_users` CHANGE `username` `username` VARCHAR( 255 ) NOT NULL"; parent::query($sql); parent::updateOption('phplogin_db_version', 1212300); }