function submitUser($request, $method = 'reg') { $time = time(); global $path_site; if ($method == 'login') { // LOGIN USER $un = $request['username']; $unlower = strtolower($request['username']); $unupper = strtoupper($request['username']); $unucfirst = ucfirst($request['username']); $unucwords = ucwords($request['username']); $password = $request['password']; $query = "select id,password,email,zip from user where (username = '******' or username = '******' or username = '******' or username = '******' or username = '******') and status='active'"; $result = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_row($result); if (pw_check($password, $row[1])) { // START SESSION set_session($row[0], $request['username'], stripslashes($row[2]), $row[3]); //return return TRUE; } else { return FALSE; } } else { if ($method == 'forgot') { // LOGIN USER $email = strtolower($request['user_email']); $tempPassword = uniqid(rand(0, 9999999)); $query = "update user set password='******' where email='" . $email . "' and status <> 'deleted'"; if ($result = mysql_query($query)) { // SEND EMAIL, RETURN TRUE CHANGE IN PRODUCTION - THE HTTP HOST BELOW NEEDS TO BE UPDATED $query = "select username from user where email='" . $email . "' and status <> 'deleted'"; $result = mysql_query($query) or die(mysql_error()); $row = mysql_fetch_row($result); // SEND AN EMAIL TO USER $to = stripslashes($row[0]) . '<' . $email . '>'; $from = EMAIL_FORGOT_FROM; $subject = EMAIL_FORGOT_SUBJECT; // CALL CONTENT AND REPLACE TAGS INSIDE $template = $path_site . EMAIL_FORGOT_TEMPLATE; $returnOutput = new main_output($template); // replace tags from template @$returnOutput->replace_tags(array('subject' => EMAIL_BUSINESS_REGISTER_SUBJECT, 'username' => stripslashes($row[0]), 'site_name' => SITE_NAME, 'site_title' => SITE_TITLE, 'temppassword' => $tempPassword, 'path_site' => SITE_BASEURL_SECURE)); // Call the output $body = $returnOutput->output; // CALL SEND EMAIL // send_email($to,$subject,$body,$from); send_email($email, $subject, $body); //return return TRUE; } else { //echo $query; return FALSE; } } else { if ($method == 'verify') { // LOGIN USER mysql_query("update user set status='active' where secToken='" . $request['verify'] . "'") or die(mysql_error()); $result = mysql_query("select id,username,email,zip from user where secToken='" . $request['verify'] . "'") or die(mysql_error()); $row = mysql_fetch_row($result); set_session($row[0], stripslashes($row[1]), stripslashes($row[2]), $row[3]); return TRUE; } else { if ($method == 'profile') { $userid = $_SESSION['user']['id']; $flag_nl = 0; if (isset($request['newsletter']) and ($request['newsletter'] == 'on' or $request['newsletter'] == 1)) { $flag_nl = 1; } // check if old password was selected. $query_pw = NULL; if (isset($request['user_pass2']) and !empty($request['user_pass2'])) { $query_pw = "password = '******'user_pass2']) . "', "; } $query = "\n\t\t\t\tupdate user set\n\t\t\t\t\temail = '" . addslashes(strtolower($request['user_email'])) . "',\n\t\t\t\t\tusername = '******'user_name']) . "',\n\t\t\t\t\tfirstName = '" . addslashes($request['user_fname']) . "',\n\t\t\t\t\tmi = '" . addslashes($request['user_mi']) . "',\n\t\t\t\t\tlastName = '" . addslashes($request['user_lname']) . "',\n\t\t\t\t\taddr1 = '" . addslashes($request['user_addr1']) . "',\n\t\t\t\t\taddr2 = '" . addslashes($request['user_addr2']) . "',\n\t\t\t\t\tcity = '" . addslashes($request['user_city']) . "',\n\t\t\t\t\tstate = '" . addslashes($request['user_state']) . "',\n\t\t\t\t\tzip = '" . addslashes($request['user_zc1']) . addslashes($request['user_zc2']) . "',\n\t\t\t\t\tmainPhone = '" . addslashes($request['user_phone1'] . $request['user_phone2'] . $request['user_phone3']) . "',\n\t\t\t\t\taltPhone = '" . addslashes($request['user_phone4'] . $request['user_phone5'] . $request['user_phone6']) . "',\t\t\t\t\t\n\t\t\t\t\t" . $query_pw . "\n\t\t\t\t\tflag_nl = '" . $flag_nl . "' \n\t\t\t\tWHERE id = '" . $userid . "'\n\t\t\t"; mysql_query($query) or die(mysql_error()); return TRUE; } else { if ($method == 'reg') { global $path_site; $flag_agree = 0; // get agree flag if (isset($request['agree']) and ($request['agree'] == 'on' or $request['agree'] == '1')) { $flag_agree = 1; } // INSERT VALUES /*$query = " insert into user set username = '******'user_name']). "', email = '" .addslashes(strtolower($request['user_email'])). "', password = '******'user_pass']). "', firstName = '" .addslashes($request['user_fname']). "', mi = '" .addslashes($request['user_mi']). "', lastName = '" .addslashes($request['user_lname']). "', addr1 = '" .addslashes($request['user_addr1']). "', addr2 = '" .addslashes($request['user_addr2']). "', city = '" .addslashes($request['user_city']). "', state = '" .addslashes($request['user_state']). "', zip = '" .addslashes($request['user_zc1']).addslashes($request['user_zc2']). "', mainPhone = '" .addslashes($request['user_phone1'].$request['user_phone2'].$request['user_phone3']). "', altPhone = '" .addslashes($request['user_phone4'].$request['user_phone5'].$request['user_phone6']). "', flag_nl = '" .$flag_nl. "' , flag_tosu = '" .$flag_agree. "', dateReg = '" .$time. "' ";*/ $query = "\n\t\t\t\tinsert into user set\n\t\t\t\t\tusername = '******'user_name']) . "',\n\t\t\t\t\temail = '" . addslashes(strtolower($request['user_email'])) . "',\n\t\t\t\t\tpassword = '******'user_pass']) . "',\n\t\t\t\t\tfirstName = '" . addslashes($request['user_fname']) . "',\n\t\t\t\t\tlastName = '" . addslashes($request['user_lname']) . "',\n\t\t\t\t\tflag_tosu = '" . $flag_agree . "',\n\t\t\t\t\tdateReg = '" . $time . "'\n\t\t\t"; mysql_query($query) or die(mysql_error()); $userid = mysql_insert_id(); // Add a record into pubProfile $query = "\n\t\t\t\tinsert into public_profile set\n\t\t\t\t\tname = '" . addslashes($request['user_fname']) . "',\n\t\t\t\t\tuserid='" . $userid . "'\n\t\t\t"; mysql_query($query) or die(mysql_error()); // INSERT INTO USERS PERMISSIONS $query = "\n\t\t\t\tinsert into user_groups set\n\t\t\t\t\tuserid='" . $userid . "'\n\t\t\t"; mysql_query($query) or die(mysql_error()); //INSERT SECURITY TOKEN $secToken = sha1(time() . rand(0, 9999999) . $userid); mysql_query("update user set secToken = '" . $secToken . "' where id='" . $userid . "'") or die(mysql_error()); // NEW // set_session($userid,$request['user_name'],strtolower($request['user_email'])); if (isset($_REQUEST['l']) and $_REQUEST['l'] = 'c') { $_SESSION['user']['id'] = $userid; } //send verification email. $to = $request['user_name'] . '<' . $request['user_email'] . '>'; $from = EMAIL_REGISTER_FROM; $subject = EMAIL_REGISTER_SUBJECT; // email for registration // CALL CONTENT AND REPLACE TAGS INSIDE $template = $path_site . EMAIL_REGISTER_TEMPLATE; $returnOutput = new main_output($template); // replace tags from template @$returnOutput->replace_tags(array('subject' => EMAIL_REGISTER_SUBJECT, 'username' => $request['user_name'], 'site_name' => SITE_NAME, 'site_title' => SITE_TITLE, 'verifyURL' => EMAIL_REGISTER_VERIFYLINK . $secToken)); // Call the output $body = $returnOutput->output; // CALL SEND EMAIL send_email($request['user_email'], $subject, $body); return TRUE; } } } } } }
/** * @Author Jonathon byrd * @link http://www.5twentystudios.com * @Package Five Twenty CMS * @SubPackage PublicMarketSpace * @Since 1.0.0 * @copyright Copyright (C) 2011 5Twenty Studios * */ defined('ABSPATH') or die("Cannot access pages directly."); global $cl; require_once ABSPATH . 'inc' . DS . 'func_product_root.php'; // START META AND TITLE INFO FOR PAGE $meta_desc = '<meta name="description" content="' . SITE_DESC . ' - '; $meta_keywords = '<meta name="keywords" content="' . SITE_KEYWORDS . ' - '; $title = '<title>'; $cl = new contentLogic(); $main = new main(); // SETUP TEMPLATE $template = ABSPATH . 'inc/tpl/shell.inc'; $output = new main_output($template); // CONTINUE META \\ $title .= ' - ' . SITE_TITLE . '</title>'; $meta_keywords .= '" />' . "\n"; $meta_desc .= '" />' . "\n"; $meta = $meta_desc . $meta_keywords . $title; // STRIP THE TAGS $output->replace_tags(array('header' => get_show_view('header'), 'footer' => get_show_view('footer'), 'shell_content' => $main->get_output())); // OUTPUT TO SCREEN $output->output_values();