private function sendMail()
{
/* No user group selected on form. */
if (empty($_POST['to-levels'])) {
$this->message = '<div class="alert alert-danger">' . _('Please select a user group') . '</div>';
return false;
}
/* Variable to store all the email addresses of each chosen group. */
$emails = array();
foreach ($_POST['to-levels'] as $level_id) {
/* Grab all users within the user group. */
$params = array(':level_id' => '%:"' . $level_id . '";%');
$sql = "SELECT * FROM `login_users` WHERE `user_level` LIKE :level_id";
$stmt = parent::query($sql, $params);
/* Send email to each user in group. */
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$emails[] = $row['email'];
}
}
/* Remove duplicates for users with multiple user groups. */
$emails = array_unique($emails);
if (!parent::sendEmail($emails, $_POST['subject'], $_POST['message'], '', true)) {
$this->message = _('ERROR. Mail not sent');
}
$this->message = '<div class="alert alert-success">' . _('Email sent!') . '</div>';
}
private function resendKey()
{
$params = array(':username' => $this->user);
$stmt = parent::query("SELECT `login_confirm`.`email`, `login_confirm`.`username`, `login_confirm`.`key`, `login_users`.`name`\n\t\t\t\t\t\t\t\tFROM `login_confirm`, `login_users`\n\t\t\t\t\t\t\t\tWHERE `login_confirm`.`username` = :username\n\t\t\t\t\t\t\t\tAND `login_confirm`.`type` = 'new_user'\n\t\t\t\t\t\t\t\tAND `login_users`.`username` = :username;", $params);
$row = $stmt->fetch();
$key = $row['key'];
if (empty($key)) {
$this->error = '<div class="alert alert-danger">' . _('You do not have an activation key!') . '</div>
<p>' . _('Please contact an admin: ') . address . '</p>';
return false;
}
$shortcodes = array('site_address' => SITE_PATH, 'full_name' => $row['name'], 'username' => $this->user, 'activate' => SITE_PATH . "activate.php?key={$key}");
$subj = parent::getOption('email-activate-resend-subj');
$msg = parent::getOption('email-activate-resend-msg');
$to = $row['email'];
if (parent::sendEmail($to, $subj, $msg, $shortcodes)) {
$this->error = '<div class="alert alert-success">' . _('Activation link resent to email.') . '</div>
<h5>' . _('What to do now?') . '</h5>' . _('Click the link in your email to activate your account.');
} else {
$this->error = _('ERROR. Mail not sent');
}
}
private function process()
{
if (!empty($this->error)) {
return false;
}
// Ticked the 'delete user' box?
if (!empty($this->options['delete'])) {
$params = array(':id' => $this->id);
$sql = array();
$sql[] = "DELETE FROM login_users WHERE user_id = :id;";
$sql[] = "DELETE FROM login_integration WHERE user_id = :id;";
$sql[] = "DELETE FROM login_profiles WHERE user_id = :id;";
$sql[] = "DELETE FROM login_timestamps WHERE user_id = :id;";
foreach ($sql as $do) {
parent::query($do, $params);
}
$result = sprintf("<div class='alert alert-success'>" . _('User removed from the database:') . " <b>%s</b> (%s).</div>", $this->options['name'], $this->options['username']);
parent::displayMessage($result);
}
if (!empty($this->options['password'])) {
$params = array(':restrict' => $this->options['restricted'], ':name' => $this->options['name'], ':email' => $this->options['email'], ':level' => $this->options['user_level'], ':password' => parent::hashPassword($this->options['password']), ':id' => $this->id);
$sql = "UPDATE `login_users` SET `restricted` = :restrict, `name` = :name, `email` = :email, `user_level` = :level, `password` = :password WHERE `user_id` = :id;";
parent::query($sql, $params);
$result = sprintf("<div class='alert alert-success'>" . _('User information (and password) updated for') . " <b>%s</b> (%s).</div>", $this->options['name'], $this->options['username']);
} else {
$params = array(':restrict' => $this->options['restricted'], ':name' => $this->options['name'], ':email' => $this->options['email'], ':level' => $this->options['user_level'], ':id' => $this->id);
$format = array('%d', '%s', '%s', '%s', '%d');
$sql = "UPDATE `login_users` SET `restricted` = :restrict, `name` = :name, `email` = :email, `user_level` = :level WHERE `user_id` = :id;";
parent::query($sql, $params, $format);
$result = sprintf("<div class='alert alert-success'>" . _('User information updated for') . " <b>%s</b> (%s).</div>", $this->options['name'], $this->options['username']);
}
// Checkbox handling
$sql = "SELECT * FROM `login_profile_fields`;";
$stmt = parent::query($sql);
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$name = 'p-' . $row['id'];
if ($row['type'] == 'checkbox') {
$this->options[$name] = !empty($this->options[$name]) ? 1 : 0;
}
}
// Update profile fields
foreach ($this->options as $field => $value) {
if (strstr($field, 'p-')) {
$field = str_replace('p-', '', $field);
parent::updateOption($field, $value, true, $this->options['user_id']);
}
}
/* Time to send our welcome email! */
if (!empty($this->sendWelcome)) {
$msg = parent::getOption('email-welcome-msg');
$subj = parent::getOption('email-welcome-subj');
$shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->options['name'], 'username' => $this->options['username'], 'email' => $this->options['email']);
if (!parent::sendEmail($shortcodes['email'], $subj, $msg, $shortcodes)) {
$this->error = _('ERROR. Mail not sent');
}
}
return $result;
}
private function register()
{
if (empty($this->error)) {
/* See if the admin requires new users to activate */
$requireActivate = parent::getOption('user-activation-enable');
/* Log user in when they register */
$_SESSION['jigowatt']['username'] = $this->settings[$this->username_type];
/* Apply default user_level */
$_SESSION['jigowatt']['user_level'] = unserialize(parent::getOption('default-level'));
if ($requireActivate) {
$_SESSION['jigowatt']['activate'] = 1;
}
$_SESSION['jigowatt']['gravatar'] = parent::get_gravatar($this->settings['email'], true, 26);
/* Create their account */
$sql = "INSERT INTO accounts (user_level, name, email, username, password)\n\t\t\t\t\t\tVALUES (:user_level, :name, :email, :{$this->username_type}, :password);";
$params = array(':user_level' => parent::getOption('default-level'), ':name' => $this->settings['name'], ':email' => $this->settings['email'], ':username' => $this->settings['username'], ':password' => parent::hashPassword($this->settings['password']));
if ($this->use_emails) {
unset($params[':username']);
}
parent::query($sql, $params);
$user_id = parent::$dbh->lastInsertId();
$_SESSION['jigowatt']['user_id'] = $user_id;
/* Social integration. */
if (!empty($_SESSION['jigowatt']['facebookMisc'])) {
$link = 'facebook';
$id = $_SESSION['jigowatt']['facebookMisc']['id'];
}
if (!empty($_SESSION['jigowatt']['openIDMisc'])) {
$link = $_SESSION['jigowatt']['openIDMisc']['type'];
$id = $_SESSION['jigowatt']['openIDMisc'][$link];
}
if (!empty($_SESSION['jigowatt']['twitterMisc'])) {
$link = 'twitter';
$id = $_SESSION['jigowatt']['twitterMisc']['id'];
}
if (!empty($link)) {
$params = array(':user_id' => $user_id, ':id' => $id);
parent::query("INSERT INTO `login_integration` (`user_id`, `{$link}`) VALUES (:user_id, :id);", $params);
}
// Update profile fields
foreach ($this->settings as $field => $value) {
if (strstr($field, 'p-')) {
$field = str_replace('p-', '', $field);
parent::updateOption($field, $value, true, $user_id);
}
}
/* Create the activation key */
if ($requireActivate) {
$key = md5(uniqid(mt_rand(), true));
$sql = sprintf("INSERT INTO `login_confirm` (`username`, `key`, `email`, `type`)\n\t\t\t\t\t\t\t\tVALUES ('%s', '%s', '%s', '%s');", $this->settings[$this->username_type], $key, $this->settings['email'], 'new_user');
parent::query($sql);
}
$disable_welcome_email = parent::getOption('email-welcome-disable');
if (!$disable_welcome_email) {
/* Send welcome email to new user. */
$msg = parent::getOption('email-welcome-msg');
$subj = parent::getOption('email-welcome-subj');
$shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->settings['name'], 'username' => $this->settings[$this->username_type], 'email' => $this->settings['email'], 'activate' => $requireActivate ? SITE_PATH . "activate.php?key={$key}" : '');
if (!parent::sendEmail($this->settings['email'], $subj, $msg, $shortcodes)) {
$this->error = _('ERROR. Mail not sent');
}
}
/* Admin notification of new user. */
$notifyNewUsers = parent::getOption('notify-new-user-enable');
if (!empty($notifyNewUsers)) {
$msg = parent::getOption('email-new-user-msg');
$subj = parent::getOption('email-new-user-subj');
unset($shortcodes['activate']);
$userGroup = parent::getOption('notify-new-users');
if (!empty($userGroup)) {
$userGroup = unserialize($userGroup);
/* Variable to store all the email addresses of each chosen group. */
$emails = array();
foreach ($userGroup as $level_id) {
/* Grab all users within the user group. */
$params = array(':level_id' => '%:"' . $level_id . '";%');
$sql = "SELECT * FROM `accounts` WHERE `user_level` LIKE :level_id";
$stmt = parent::query($sql, $params);
/* Send email to each user in group. */
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$emails[] = $row['email'];
}
}
/* Remove duplicates for users with multiple user groups. */
$emails = array_unique($emails);
if (!parent::sendEmail($emails, $subj, $msg, $shortcodes, true)) {
$this->error = _('ERROR. Mail not sent');
}
}
}
unset($_SESSION['jigowatt']['referer'], $_SESSION['jigowatt']['token'], $_SESSION['jigowatt']['facebookMisc'], $_SESSION['jigowatt']['twitterMisc'], $_SESSION['jigowatt']['openIDMisc']);
/* After registering, redirect to the page the admin has set in Settings > General > Redirect Options. */
header('Location: ' . parent::getOption('new-user-redirect'));
exit;
}
}
private function adduser()
{
if (!empty($this->error)) {
return false;
}
$params = array(':user_level' => parent::getOption('default-level'), ':name' => $this->name, ':email' => $this->email, ':username' => $this->username, ':password' => parent::hashPassword($this->password));
parent::query("INSERT INTO `login_users` (`user_level`, `name`, `email`, `username`, `password`)\n\t\t\t\t\t\tVALUES (:user_level, :name, :email, :username, :password);", $params);
$shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->name, 'username' => $this->username, 'email' => $this->email, 'password' => $this->password);
$subj = parent::getOption('email-add-user-subj');
$msg = parent::getOption('email-add-user-msg');
if (!parent::sendEmail($this->email, $subj, $msg, $shortcodes)) {
$this->error = _('ERROR. Mail not sent');
}
$this->result = "<div class='alert alert-success'>" . sprintf(_('Successfully added user <b>%s</b> to the database. Credentials sent to user.'), $this->username) . "</div>";
}
private function process()
{
$params = array(':name' => $this->settings['name'], ':username' => $this->username);
parent::query("UPDATE `accounts` SET `name` = :name WHERE {$this->username_type} = :username", $params);
$this->error = "<div class='alert alert-success'>" . _('User information updated for') . " <b>" . $this->settings['name'] . "</b> ({$this->username}).</div>";
$params = array(':username' => $this->username);
$stmt = parent::query("SELECT `email` FROM `accounts` WHERE {$this->username_type} = :username;", $params);
$email = $stmt->fetch();
$email = $email[0];
if (!empty($this->settings['password']) || $this->settings['email'] != $email) {
$key = md5(uniqid(mt_rand(), true));
$params = array(':username' => $this->username, ':key' => $key, ':email' => $this->settings['email'], ':type' => 'update_emailPw', ':data' => empty($this->settings['password']) ? '' : parent::hashPassword($this->settings['password']));
$sql = "INSERT INTO `login_confirm` (`username`, `key`, `email`, `type`, `data`)\n\t\t\t\t\tVALUES (:username, :key, :email, :type, :data);";
parent::query($sql, $params);
$shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->settings['name'], 'username' => $this->username, 'confirm' => SITE_PATH . "profile.php?key={$key}");
$subj = parent::getOption('email-acct-update-subj');
$msg = parent::getOption('email-acct-update-msg');
// Send an email with key
if (!parent::sendEmail($email, $subj, $msg, $shortcodes)) {
$this->error = '<div class="alert alert-error">' . _('ERROR. Mail not sent') . '</div>';
} else {
$this->error = "<div class='alert alert-warning'>" . _('Check your email to confirm this change.') . '</div>';
}
}
// Update profile fields
foreach ($this->settings as $field => $value) {
if (strstr($field, 'p-')) {
$field = str_replace('p-', '', $field);
parent::updateOption($field, $value, true, $this->settings['user_id']);
}
}
}
public function modal_process()
{
if (isset($_POST['usernamemail'])) {
$usernamemail = parent::secure($_POST['usernamemail']);
// The input field wasn't filled out
if (empty($usernamemail)) {
$this->error = '<div class="alert alert-danger">' . _('Please enter your username or email address.') . '</div>';
} else {
$params = array(':usernameEmail' => $usernamemail);
$stmt = parent::query("SELECT * FROM `login_users` WHERE `username` = :usernameEmail OR `email` = :usernameEmail;", $params);
if ($stmt->rowCount() > 0) {
$row = $stmt->fetch();
// Reuse the email variable.
$email = $row['email'];
// Check that a recovery key doesn't already exist, if it does, remove it.
$params = array(':email' => $email);
$stmt = parent::query("SELECT * FROM `login_confirm` WHERE `email` = :email AND `type` = 'forgot_pw';", $params);
if ($stmt->rowCount() > 0) {
parent::query("DELETE FROM `login_confirm` WHERE email = :email AND `type` = 'forgot_pw';", $params);
}
// Generate a new recovery key
$key = md5(uniqid(mt_rand(), true));
$params = array(':email' => $email, ':key' => $key);
parent::query("INSERT INTO `login_confirm` (`email`, `key`, `type`) VALUES (:email, :key, 'forgot_pw');", $params);
$shortcodes = array('site_address' => SITE_PATH, 'full_name' => $row['name'], 'username' => $row['username'], 'reset' => SITE_PATH . "forgot.php?key={$key}");
$subj = parent::getOption('email-forgot-subj');
$msg = parent::getOption('email-forgot-msg');
// Send an email confirming their password reset
if (!parent::sendEmail($email, $subj, $msg, $shortcodes)) {
$this->error = '<div class="alert alert-danger">' . _('ERROR. Mail not sent') . '</div>';
} else {
$this->error = "<div class='alert alert-success'>" . _('We\'ve emailed you password reset instructions. Check your email.') . "</div>";
}
} else {
$this->error = '<div class="alert alert-danger">' . _('This account does not exist.') . '</div>';
}
}
echo $this->error;
}
}
