function login()
{
// Check Token so Login comming from https://127.0.0.1/index.php
$token = $_POST['token'];
if ($token == $_COOKIE['session_id']) {
if (empty($_POST['username'])) {
return false;
}
if (empty($_POST['password'])) {
return false;
}
$username = $_POST['username'];
$password = $_POST['password'];
$incheck = new InputChecker();
// Validate input ...
$validPass = $incheck->isValidPassword($password);
$validUserName = $incheck->isValidUsername($username);
echo 'Attempted login: '******'isLoggedIn'] = 1;
redirect("https://127.0.0.1/searchView.php");
} else {
redirect("https://127.0.0.1/");
}
}
function preview($key = null, $urlVar = null)
{
$model = $this->getModel();
$table = $model->getTable();
$id = JRequest::getInt('id', 0);
$to_yourself = JRequest::getString('to_yourself', 'off');
$yourself = strtolower($to_yourself) == 'on';
$to_addresses = JRequest::getString('to_addresses', '');
$to_addresses = str_replace(' ', '', $to_addresses);
jincimport('utility.inputchecker');
$addresses = explode(',', $to_addresses);
foreach (array_reverse($addresses, true) as $key => $email) {
if (!InputChecker::checkMail($email)) {
unset($addresses[$key]);
}
}
if (empty($key)) {
$key = $table->getKeyName();
}
if (empty($urlVar)) {
$urlVar = $key;
}
$result = $model->preview($id, $yourself, $addresses);
if ($result === false) {
$this->setError(JText::sprintf('COM_JINC_ERR001', JText::_($model->getError())));
$this->setMessage($this->getError(), 'error');
$this->setRedirect('index.php?option=com_jinc&view=message&layout=preview&tmpl=component&id=' . $id, $msg);
return false;
}
$tostring = count($result) > 0 ? implode(',', $result) : JText::_('COM_JINC_ANYONE');
$msg = JText::sprintf('COM_JINC_INF002', $tostring);
$this->setRedirect('index.php?option=com_jinc&view=message&layout=preview&id=' . $id, $msg);
return true;
}
/**
* Method to subscribe a user to the newsletter. Implements the parent
* abstract method.
*
* Hint: $subscriber_info array description:
*
* $subscriber_info[email] - Email of the user to subscribe.
* $subscriber_info[noptin] - If true the optin won't be sent and the user
* will be directly subscribed to the newsletter.
*
* @access public
* @param array $subscriber_info Subscriber info based on newsletter type.
* @param array $attributes Array of addictional attributes for subscription
* @return true if successfully subscribed. false if something wrong.
* @since 0.6
*/
function subscribe($subscriber_info, $attributes = null)
{
if (is_null($attributes) || !is_array($attributes)) {
$attributes = array();
}
jincimport('utility.randomizer');
jincimport('utility.inputchecker');
jincimport('utility.servicelocator');
$servicelocator = ServiceLocator::getInstance();
$logger = $servicelocator->getLogger();
if (!isset($subscriber_info['email'])) {
$this->setError('COM_JINC_ERR008');
return false;
}
$email = $subscriber_info['email'];
if (!InputChecker::checkMail($email)) {
$this->setError('COM_JINC_ERR012');
return false;
}
if (!$this->checkMandatoryAttributes($attributes)) {
$this->setError('COM_JINC_ERR048');
return false;
}
if (!$this->isSubscribed($subscriber_info)) {
$email = $subscriber_info['email'];
$news_id = $this->get('id');
if (isset($subscriber_info['noptin']) && $subscriber_info['noptin']) {
$datasub = 'now()';
$random = '';
} else {
jincimport('utility.randomizer');
$datasub = 'NULL';
$random = Randomizer::getRandomString();
}
jincimport('utility.jinchelper');
$ip = JINCHelper::getRealIpAddr();
$dbo =& JFactory::getDBO();
$query = 'INSERT IGNORE INTO #__jinc_subscriber ' . '(news_id , email, datasub, random, ipaddr) ' . 'VALUES (' . (int) $news_id . ', ' . $dbo->quote($email) . ', ' . $datasub . ', ' . $dbo->quote($random) . ', ' . 'INET_ATON(\'' . $ip . '\'))';
$logger->debug('PublicNewsletter: Executing query: ' . $query);
$dbo->setQuery($query);
if (!$dbo->query()) {
$this->setError('COM_JINC_ERR009');
return false;
}
$sub_id = $dbo->insertid();
$logger->finer('PublicNewsletter: Inserting attribute addictional info: ' . $sub_id);
$this->insertAttributeOnSubscription($sub_id, $attributes);
if (strlen($random) > 0) {
$query = 'DELETE FROM #__jinc_subscriber ' . 'WHERE news_id = ' . (int) $news_id . ' ' . 'AND email = ' . $dbo->quote($email) . ' ' . 'AND random != ' . $dbo->quote($random) . ' ' . 'AND random != \'\'';
$logger->debug('PublicNewsletter: executing query: ' . $query);
$logger->finer('PublicNewsletter: other subscription requests.');
$dbo->setQuery($query);
if (!$dbo->query()) {
$logger->info('PublicNewsletter: error removing other subscription requests.');
$this->setError('COM_JINC_ERR009');
return false;
}
// Setting opt-in message
$root_uri = JURI::root();
$conf_url = $root_uri . 'index.php?option=com_jinc&task=newsletter.confirm&';
$conf_url .= 'id=' . $news_id . '&';
$conf_url .= 'random=' . urldecode($random) . '&';
$conf_url .= 'user_mail=' . urldecode($email);
$msg = $this->get('optin');
$msg = preg_replace('/\\[SENDER\\]/s', $this->get('sendername'), $msg);
$msg = preg_replace('/\\[SENDERMAIL\\]/s', $this->get('senderaddr'), $msg);
$msg = preg_replace('/\\[NEWSLETTER\\]/s', $this->get('name'), $msg);
$msg = preg_replace('/\\[EMAIL\\]/s', $email, $msg);
$msg = preg_replace('/\\[OPTIN_URL\\]/s', $conf_url, $msg);
foreach ($attributes as $attr_name => $attr_value) {
$msg = preg_replace('/\\[ATTR_' . strtoupper($attr_name) . '\\]/s', $attr_value, $msg);
}
$msg = preg_replace('#src[ ]*=[ ]*\\"(?!https?://)(?:\\.\\./|\\./|/)?#', 'src="' . $root_uri, $msg);
$msg = preg_replace('#href[ ]*=[ ]*\\"(?!https?://)(?!mailto?:)(?!tel?:)(?:\\.\\./|\\./|/)?#', 'href="' . $root_uri, $msg);
$msg = preg_replace('#url[ ]*\\(\'(?!https?://)(?:\\.\\./|\\./|/)?#', 'url(\'' . $root_uri, $msg);
// Message composition
$message =& JFactory::getMailer();
$message->ContentType = "text/html";
$message->setSubject($this->get('optin_subject'));
$message->setBody($msg);
if (strlen($this->get('senderaddr')) > 0) {
$message->setSender(array($this->get('senderaddr'), $this->get('sendername')));
}
if (strlen($this->get('replyto_addr')) > 0) {
$message->addReplyTo(array($this->get('replyto_addr'), $this->get('replyto_name')));
}
$message->addRecipient($email);
$logger->finer('PublicNewsletter: Sending message to ' . $email . ' with body: ' . $msg);
$result = $message->send();
if (!$result) {
$this->setError(JText::_('COM_JINC_ERR001'));
return false;
}
}
} else {
$this->setError('COM_JINC_ERR015');
return false;
}
if (isset($subscriber_info['noptin']) && $subscriber_info['noptin']) {
$dispatcher =& JDispatcher::getInstance();
$params = array('news_id' => $this->get('id'), 'news_name' => $this->get('name'), 'subs_name' => $subscriber_info['email'], 'news_notify' => $this->get('notify'));
$result = $dispatcher->trigger('jinc_subscribe', $params);
}
return true;
}
$salt = $crypto->generateSalt(10);
$hash = $crypto->generateHash($pwd, $salt);
if ($stmt->bind_param('sss', $email, $hash, $salt)) {
if ($stmt->execute()) {
echo "executed";
$_SESSION['isLoggedIn'] = 1;
$_SESSION['username'] = $email;
redirect("https://127.0.0.1/searchView.php");
$stmt->free_result();
}
}
}
$token = $_POST['token'];
if ($token == session_id()) {
$email = $_POST['username'];
$pwd = $_POST['password'];
$db = new Database();
$mysqli = $db->openConnection();
$incheck = new InputChecker();
$validPass = $incheck->isValidPassword($pwd);
$validUserName = $incheck->isValidUsername($email);
$usernameAvailable = isUsernameFree($mysqli, $email);
if ($validPass && $validUserName && $usernameAvailable) {
addUser($mysqli, $email, $pwd);
} else {
redirect("https://127.0.0.1/registerView.php");
}
$db->closeConnection($mysqli);
} else {
redirect("https://127.0.0.1/index.php");
}
