private function sendMail() { /* No user group selected on form. */ if (empty($_POST['to-levels'])) { $this->message = '<div class="alert alert-danger">' . _('Please select a user group') . '</div>'; return false; } /* Variable to store all the email addresses of each chosen group. */ $emails = array(); foreach ($_POST['to-levels'] as $level_id) { /* Grab all users within the user group. */ $params = array(':level_id' => '%:"' . $level_id . '";%'); $sql = "SELECT * FROM `login_users` WHERE `user_level` LIKE :level_id"; $stmt = parent::query($sql, $params); /* Send email to each user in group. */ while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $emails[] = $row['email']; } } /* Remove duplicates for users with multiple user groups. */ $emails = array_unique($emails); if (!parent::sendEmail($emails, $_POST['subject'], $_POST['message'], '', true)) { $this->message = _('ERROR. Mail not sent'); } $this->message = '<div class="alert alert-success">' . _('Email sent!') . '</div>'; }
private function resendKey() { $params = array(':username' => $this->user); $stmt = parent::query("SELECT `login_confirm`.`email`, `login_confirm`.`username`, `login_confirm`.`key`, `login_users`.`name`\n\t\t\t\t\t\t\t\tFROM `login_confirm`, `login_users`\n\t\t\t\t\t\t\t\tWHERE `login_confirm`.`username` = :username\n\t\t\t\t\t\t\t\tAND `login_confirm`.`type` = 'new_user'\n\t\t\t\t\t\t\t\tAND `login_users`.`username` = :username;", $params); $row = $stmt->fetch(); $key = $row['key']; if (empty($key)) { $this->error = '<div class="alert alert-danger">' . _('You do not have an activation key!') . '</div> <p>' . _('Please contact an admin: ') . address . '</p>'; return false; } $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $row['name'], 'username' => $this->user, 'activate' => SITE_PATH . "activate.php?key={$key}"); $subj = parent::getOption('email-activate-resend-subj'); $msg = parent::getOption('email-activate-resend-msg'); $to = $row['email']; if (parent::sendEmail($to, $subj, $msg, $shortcodes)) { $this->error = '<div class="alert alert-success">' . _('Activation link resent to email.') . '</div> <h5>' . _('What to do now?') . '</h5>' . _('Click the link in your email to activate your account.'); } else { $this->error = _('ERROR. Mail not sent'); } }
private function process() { if (!empty($this->error)) { return false; } // Ticked the 'delete user' box? if (!empty($this->options['delete'])) { $params = array(':id' => $this->id); $sql = array(); $sql[] = "DELETE FROM login_users WHERE user_id = :id;"; $sql[] = "DELETE FROM login_integration WHERE user_id = :id;"; $sql[] = "DELETE FROM login_profiles WHERE user_id = :id;"; $sql[] = "DELETE FROM login_timestamps WHERE user_id = :id;"; foreach ($sql as $do) { parent::query($do, $params); } $result = sprintf("<div class='alert alert-success'>" . _('User removed from the database:') . " <b>%s</b> (%s).</div>", $this->options['name'], $this->options['username']); parent::displayMessage($result); } if (!empty($this->options['password'])) { $params = array(':restrict' => $this->options['restricted'], ':name' => $this->options['name'], ':email' => $this->options['email'], ':level' => $this->options['user_level'], ':password' => parent::hashPassword($this->options['password']), ':id' => $this->id); $sql = "UPDATE `login_users` SET `restricted` = :restrict, `name` = :name, `email` = :email, `user_level` = :level, `password` = :password WHERE `user_id` = :id;"; parent::query($sql, $params); $result = sprintf("<div class='alert alert-success'>" . _('User information (and password) updated for') . " <b>%s</b> (%s).</div>", $this->options['name'], $this->options['username']); } else { $params = array(':restrict' => $this->options['restricted'], ':name' => $this->options['name'], ':email' => $this->options['email'], ':level' => $this->options['user_level'], ':id' => $this->id); $format = array('%d', '%s', '%s', '%s', '%d'); $sql = "UPDATE `login_users` SET `restricted` = :restrict, `name` = :name, `email` = :email, `user_level` = :level WHERE `user_id` = :id;"; parent::query($sql, $params, $format); $result = sprintf("<div class='alert alert-success'>" . _('User information updated for') . " <b>%s</b> (%s).</div>", $this->options['name'], $this->options['username']); } // Checkbox handling $sql = "SELECT * FROM `login_profile_fields`;"; $stmt = parent::query($sql); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $name = 'p-' . $row['id']; if ($row['type'] == 'checkbox') { $this->options[$name] = !empty($this->options[$name]) ? 1 : 0; } } // Update profile fields foreach ($this->options as $field => $value) { if (strstr($field, 'p-')) { $field = str_replace('p-', '', $field); parent::updateOption($field, $value, true, $this->options['user_id']); } } /* Time to send our welcome email! */ if (!empty($this->sendWelcome)) { $msg = parent::getOption('email-welcome-msg'); $subj = parent::getOption('email-welcome-subj'); $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->options['name'], 'username' => $this->options['username'], 'email' => $this->options['email']); if (!parent::sendEmail($shortcodes['email'], $subj, $msg, $shortcodes)) { $this->error = _('ERROR. Mail not sent'); } } return $result; }
private function register() { if (empty($this->error)) { /* See if the admin requires new users to activate */ $requireActivate = parent::getOption('user-activation-enable'); /* Log user in when they register */ $_SESSION['jigowatt']['username'] = $this->settings[$this->username_type]; /* Apply default user_level */ $_SESSION['jigowatt']['user_level'] = unserialize(parent::getOption('default-level')); if ($requireActivate) { $_SESSION['jigowatt']['activate'] = 1; } $_SESSION['jigowatt']['gravatar'] = parent::get_gravatar($this->settings['email'], true, 26); /* Create their account */ $sql = "INSERT INTO accounts (user_level, name, email, username, password)\n\t\t\t\t\t\tVALUES (:user_level, :name, :email, :{$this->username_type}, :password);"; $params = array(':user_level' => parent::getOption('default-level'), ':name' => $this->settings['name'], ':email' => $this->settings['email'], ':username' => $this->settings['username'], ':password' => parent::hashPassword($this->settings['password'])); if ($this->use_emails) { unset($params[':username']); } parent::query($sql, $params); $user_id = parent::$dbh->lastInsertId(); $_SESSION['jigowatt']['user_id'] = $user_id; /* Social integration. */ if (!empty($_SESSION['jigowatt']['facebookMisc'])) { $link = 'facebook'; $id = $_SESSION['jigowatt']['facebookMisc']['id']; } if (!empty($_SESSION['jigowatt']['openIDMisc'])) { $link = $_SESSION['jigowatt']['openIDMisc']['type']; $id = $_SESSION['jigowatt']['openIDMisc'][$link]; } if (!empty($_SESSION['jigowatt']['twitterMisc'])) { $link = 'twitter'; $id = $_SESSION['jigowatt']['twitterMisc']['id']; } if (!empty($link)) { $params = array(':user_id' => $user_id, ':id' => $id); parent::query("INSERT INTO `login_integration` (`user_id`, `{$link}`) VALUES (:user_id, :id);", $params); } // Update profile fields foreach ($this->settings as $field => $value) { if (strstr($field, 'p-')) { $field = str_replace('p-', '', $field); parent::updateOption($field, $value, true, $user_id); } } /* Create the activation key */ if ($requireActivate) { $key = md5(uniqid(mt_rand(), true)); $sql = sprintf("INSERT INTO `login_confirm` (`username`, `key`, `email`, `type`)\n\t\t\t\t\t\t\t\tVALUES ('%s', '%s', '%s', '%s');", $this->settings[$this->username_type], $key, $this->settings['email'], 'new_user'); parent::query($sql); } $disable_welcome_email = parent::getOption('email-welcome-disable'); if (!$disable_welcome_email) { /* Send welcome email to new user. */ $msg = parent::getOption('email-welcome-msg'); $subj = parent::getOption('email-welcome-subj'); $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->settings['name'], 'username' => $this->settings[$this->username_type], 'email' => $this->settings['email'], 'activate' => $requireActivate ? SITE_PATH . "activate.php?key={$key}" : ''); if (!parent::sendEmail($this->settings['email'], $subj, $msg, $shortcodes)) { $this->error = _('ERROR. Mail not sent'); } } /* Admin notification of new user. */ $notifyNewUsers = parent::getOption('notify-new-user-enable'); if (!empty($notifyNewUsers)) { $msg = parent::getOption('email-new-user-msg'); $subj = parent::getOption('email-new-user-subj'); unset($shortcodes['activate']); $userGroup = parent::getOption('notify-new-users'); if (!empty($userGroup)) { $userGroup = unserialize($userGroup); /* Variable to store all the email addresses of each chosen group. */ $emails = array(); foreach ($userGroup as $level_id) { /* Grab all users within the user group. */ $params = array(':level_id' => '%:"' . $level_id . '";%'); $sql = "SELECT * FROM `accounts` WHERE `user_level` LIKE :level_id"; $stmt = parent::query($sql, $params); /* Send email to each user in group. */ while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $emails[] = $row['email']; } } /* Remove duplicates for users with multiple user groups. */ $emails = array_unique($emails); if (!parent::sendEmail($emails, $subj, $msg, $shortcodes, true)) { $this->error = _('ERROR. Mail not sent'); } } } unset($_SESSION['jigowatt']['referer'], $_SESSION['jigowatt']['token'], $_SESSION['jigowatt']['facebookMisc'], $_SESSION['jigowatt']['twitterMisc'], $_SESSION['jigowatt']['openIDMisc']); /* After registering, redirect to the page the admin has set in Settings > General > Redirect Options. */ header('Location: ' . parent::getOption('new-user-redirect')); exit; } }
private function adduser() { if (!empty($this->error)) { return false; } $params = array(':user_level' => parent::getOption('default-level'), ':name' => $this->name, ':email' => $this->email, ':username' => $this->username, ':password' => parent::hashPassword($this->password)); parent::query("INSERT INTO `login_users` (`user_level`, `name`, `email`, `username`, `password`)\n\t\t\t\t\t\tVALUES (:user_level, :name, :email, :username, :password);", $params); $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->name, 'username' => $this->username, 'email' => $this->email, 'password' => $this->password); $subj = parent::getOption('email-add-user-subj'); $msg = parent::getOption('email-add-user-msg'); if (!parent::sendEmail($this->email, $subj, $msg, $shortcodes)) { $this->error = _('ERROR. Mail not sent'); } $this->result = "<div class='alert alert-success'>" . sprintf(_('Successfully added user <b>%s</b> to the database. Credentials sent to user.'), $this->username) . "</div>"; }
private function process() { $params = array(':name' => $this->settings['name'], ':username' => $this->username); parent::query("UPDATE `accounts` SET `name` = :name WHERE {$this->username_type} = :username", $params); $this->error = "<div class='alert alert-success'>" . _('User information updated for') . " <b>" . $this->settings['name'] . "</b> ({$this->username}).</div>"; $params = array(':username' => $this->username); $stmt = parent::query("SELECT `email` FROM `accounts` WHERE {$this->username_type} = :username;", $params); $email = $stmt->fetch(); $email = $email[0]; if (!empty($this->settings['password']) || $this->settings['email'] != $email) { $key = md5(uniqid(mt_rand(), true)); $params = array(':username' => $this->username, ':key' => $key, ':email' => $this->settings['email'], ':type' => 'update_emailPw', ':data' => empty($this->settings['password']) ? '' : parent::hashPassword($this->settings['password'])); $sql = "INSERT INTO `login_confirm` (`username`, `key`, `email`, `type`, `data`)\n\t\t\t\t\tVALUES (:username, :key, :email, :type, :data);"; parent::query($sql, $params); $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->settings['name'], 'username' => $this->username, 'confirm' => SITE_PATH . "profile.php?key={$key}"); $subj = parent::getOption('email-acct-update-subj'); $msg = parent::getOption('email-acct-update-msg'); // Send an email with key if (!parent::sendEmail($email, $subj, $msg, $shortcodes)) { $this->error = '<div class="alert alert-error">' . _('ERROR. Mail not sent') . '</div>'; } else { $this->error = "<div class='alert alert-warning'>" . _('Check your email to confirm this change.') . '</div>'; } } // Update profile fields foreach ($this->settings as $field => $value) { if (strstr($field, 'p-')) { $field = str_replace('p-', '', $field); parent::updateOption($field, $value, true, $this->settings['user_id']); } } }
public function modal_process() { if (isset($_POST['usernamemail'])) { $usernamemail = parent::secure($_POST['usernamemail']); // The input field wasn't filled out if (empty($usernamemail)) { $this->error = '<div class="alert alert-danger">' . _('Please enter your username or email address.') . '</div>'; } else { $params = array(':usernameEmail' => $usernamemail); $stmt = parent::query("SELECT * FROM `login_users` WHERE `username` = :usernameEmail OR `email` = :usernameEmail;", $params); if ($stmt->rowCount() > 0) { $row = $stmt->fetch(); // Reuse the email variable. $email = $row['email']; // Check that a recovery key doesn't already exist, if it does, remove it. $params = array(':email' => $email); $stmt = parent::query("SELECT * FROM `login_confirm` WHERE `email` = :email AND `type` = 'forgot_pw';", $params); if ($stmt->rowCount() > 0) { parent::query("DELETE FROM `login_confirm` WHERE email = :email AND `type` = 'forgot_pw';", $params); } // Generate a new recovery key $key = md5(uniqid(mt_rand(), true)); $params = array(':email' => $email, ':key' => $key); parent::query("INSERT INTO `login_confirm` (`email`, `key`, `type`) VALUES (:email, :key, 'forgot_pw');", $params); $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $row['name'], 'username' => $row['username'], 'reset' => SITE_PATH . "forgot.php?key={$key}"); $subj = parent::getOption('email-forgot-subj'); $msg = parent::getOption('email-forgot-msg'); // Send an email confirming their password reset if (!parent::sendEmail($email, $subj, $msg, $shortcodes)) { $this->error = '<div class="alert alert-danger">' . _('ERROR. Mail not sent') . '</div>'; } else { $this->error = "<div class='alert alert-success'>" . _('We\'ve emailed you password reset instructions. Check your email.') . "</div>"; } } else { $this->error = '<div class="alert alert-danger">' . _('This account does not exist.') . '</div>'; } } echo $this->error; } }