public function userCakeAddUser()
{
global $db, $emailActivation, $websiteUrl, $db_table_prefix;
//Construct a secure hash for the plain text password
$secure_pass = generateHash($this->clean_password);
//Construct a unique activation token
$this->activation_token = generateActivationToken();
//Do we need to send out an activation email?
if ($emailActivation) {
//User must activate their account first
$this->user_active = 0;
$mail = new userCakeMail();
//Build the activation message
$activation_message = lang("ACTIVATION_MESSAGE", array($websiteUrl, $this->activation_token));
//Define more if you want to build larger structures
$hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $this->activation_token, $this->unclean_username));
/* Build the template - Optional, you can just use the sendMail function
Instead to pass a message. */
if (!$mail->newTemplateMsg("new-registration.txt", $hooks)) {
$this->mail_failure = true;
} else {
//Send the mail. Specify users email here and subject.
//SendMail can have a third parementer for message if you do not wish to build a template.
if (!$mail->sendMail($this->clean_email, "Επιβεβαιώστε την εγγραφή σας στο Σύλλογο Αποφοίτων")) {
$this->mail_failure = true;
}
}
} else {
//Instant account activation
$this->user_active = 1;
}
//Insert the user into the database providing no errors have been found.
$sql = "INSERT INTO `" . $db_table_prefix . "Users` (\n\t\t\t\t`Username`,\n\t\t\t\t`Username_Clean`,\n\t\t\t\t`Password`,\n\t\t\t\t`Email`,\n\t\t\t\t`ActivationToken`,\n\t\t\t\t`LastActivationRequest`,\n\t\t\t\t`LostPasswordRequest`, \n\t\t\t\t`Active`,\n\t\t\t\t`Group_ID`,\n\t\t\t\t`SignUpDate`,\n\t\t\t\t`LastSignIn`\n\t\t\t\t)\n\t\t \t\tVALUES (\n\t\t\t\t'" . $db->sql_escape($this->unclean_username) . "',\n\t\t\t\t'" . $db->sql_escape($this->clean_username) . "',\n\t\t\t\t'" . $secure_pass . "',\n\t\t\t\t'" . $db->sql_escape($this->clean_email) . "',\n\t\t\t\t'" . $this->activation_token . "',\n\t\t\t\t'" . time() . "',\n\t\t\t\t'0',\n\t\t\t\t'" . $this->user_active . "',\n\t\t\t\t'1',\n\t\t\t\t'" . time() . "',\n\t\t\t\t'0'\n\t\t\t\t)";
return $db->sql_query($sql);
}
public function userCakeAddUser()
{
global $mysqli, $emailActivation, $websiteUrl, $db_table_prefix;
//Prevent this function being called if there were construction errors
if ($this->status) {
//Construct a secure hash for the plain text password
$secure_pass = generateHash($this->clean_password);
//Construct a unique activation token
$this->activation_token = generateActivationToken();
//Do we need to send out an activation email?
if ($emailActivation == "true") {
//User must activate their account first
$this->user_active = 0;
$mail = new userCakeMail();
//Build the activation message
$activation_message = lang("ACCOUNT_ACTIVATION_MESSAGE", array($websiteUrl, $this->activation_token));
//Define more if you want to build larger structures
$hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $this->activation_token, $this->displayname));
/* Build the template - Optional, you can just use the sendMail function
Instead to pass a message. */
if (!$mail->newTemplateMsg("new-registration.txt", $hooks)) {
$this->mail_failure = true;
} else {
//Send the mail. Specify users email here and subject.
//SendMail can have a third parementer for message if you do not wish to build a template.
if (!$mail->sendMail($this->clean_email, "New User")) {
$this->mail_failure = true;
}
}
$this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE2");
} else {
//Instant account activation
$this->user_active = 1;
$this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE1");
}
if (!$this->mail_failure) {
//Insert the user into the database providing no errors have been found.
$user = new UcUsers();
$user->setUserName($this->username);
$user->setDisplayName($this->displayname);
$user->setPassword($secure_pass);
$user->setEmail($this->clean_email);
$user->setActivationToken($this->activation_token);
$user->setLastActivationRequest(time());
$user->setLostPasswordRequest(0);
$user->setActive($this->user_active);
$user->setTitle('New Member');
$user->setSignUpStamp(time());
$user->setLastSignInStamp(0);
$user->save();
$inserted_id = $user->getId();
//Insert default permission into matches table
$permission = new UcUserPermissionMatches();
$permission->setUserId($inserted_id);
$permission->setPermissionId(1);
$permission->save();
}
}
}
public function userCakeAddUser()
{
global $mysqli, $emailActivation, $websiteUrl, $db_table_prefix;
//Prevent this function being called if there were construction errors
if ($this->status) {
//- THE OLD SYSTEM IS BEING REMOVED - Construct a secure hash for the plain text password
//$secure_pass = generateHash($this->clean_password);
$secure_pass = password_hash($this->clean_password, PASSWORD_BCRYPT, array('cost' => 12));
//Construct a unique activation token
$this->activation_token = generateActivationToken();
//Do we need to send out an activation email?
if ($emailActivation == "true") {
//User must activate their account first
$this->user_active = 0;
$mail = new userCakeMail();
//Build the activation message
$activation_message = lang("ACCOUNT_ACTIVATION_MESSAGE", array($websiteUrl, $this->activation_token));
//Define more if you want to build larger structures
$hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $this->activation_token, $this->displayname));
/* Build the template - Optional, you can just use the sendMail function
Instead to pass a message. */
if (!$mail->newTemplateMsg("new-registration.txt", $hooks)) {
$this->mail_failure = true;
} else {
//Send the mail. Specify users email here and subject.
//SendMail can have a third parementer for message if you do not wish to build a template.
if (!$mail->sendMail($this->clean_email, "New User")) {
$this->mail_failure = true;
}
}
$this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE2");
} else {
//Instant account activation
$this->user_active = 1;
$this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE1");
}
if (!$this->mail_failure) {
//Insert the user into the database providing no errors have been found.
$stmt = $mysqli->prepare("INSERT INTO " . $db_table_prefix . "users (\r\n\t\t\t\t\tuser_name,\r\n\t\t\t\t\tdisplay_name,\r\n\t\t\t\t\tpassword,\r\n\t\t\t\t\temail,\r\n\t\t\t\t\tactivation_token,\r\n\t\t\t\t\tlast_activation_request,\r\n\t\t\t\t\tlost_password_request,\r\n\t\t\t\t\tactive,\r\n\t\t\t\t\ttitle,\r\n\t\t\t\t\tsign_up_stamp,\r\n\t\t\t\t\tlast_sign_in_stamp\r\n\t\t\t\t\t)\r\n\t\t\t\t\tVALUES (\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t'" . time() . "',\r\n\t\t\t\t\t'0',\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t'New Member',\r\n\t\t\t\t\t'" . time() . "',\r\n\t\t\t\t\t'0'\r\n\t\t\t\t\t)");
$stmt->bind_param("sssssi", $this->username, $this->displayname, $secure_pass, $this->clean_email, $this->activation_token, $this->user_active);
$stmt->execute();
$inserted_id = $mysqli->insert_id;
$stmt->close();
//Insert default permission into matches table
$stmt = $mysqli->prepare("INSERT INTO " . $db_table_prefix . "user_permission_matches (\r\n\t\t\t\t\tuser_id,\r\n\t\t\t\t\tpermission_id\r\n\t\t\t\t\t)\r\n\t\t\t\t\tVALUES (\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t'1'\r\n\t\t\t\t\t)");
$stmt->bind_param("s", $inserted_id);
$stmt->execute();
$stmt->close();
}
}
}
public function userCakeAddUser()
{
global $db, $emailActivation, $websiteUrl, $db_table_prefix;
//Prevent this function being called if there were construction errors
if ($this->status) {
//Construct a secure hash for the plain text password
$secure_pass = generateHash($this->clean_password);
//Do we need to send out an activation email?
if ($emailActivation) {
//Construct a unique activation token
$this->activation_token = generateActivationToken();
//User must activate their account first
$this->user_active = 0;
$mail = new userCakeMail();
//Build the activation message
$activation_message = "<p>You will need first activate your account before you can login, follow the below link to activate your account.</p>";
$activation_message .= "<p><a href='" . $websiteUrl . "activate-account.php?token=" . $this->activation_token . "'>Activate my account!</a></p>";
//Define more if you want to build larger structures
$hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $this->activation_token, $this->unclean_username));
/* Build the template - Optional, you can just use the sendMail function
Instead to pass a message. */
if (!$mail->newTemplateMsg("new-registration.txt", $hooks)) {
$this->mail_failure = true;
} else {
//Send the mail. Specify users email here and subject.
//SendMail can have a third parementer for message if you do not wish to build a template.
if (!$mail->sendMail($this->clean_email, "New User")) {
$this->mail_failure = true;
}
}
} else {
//Instant account activation
$this->user_active = 1;
}
if (!$this->mail_failure) {
//Insert the user into the database providing no errors have been found.
$sql = "INSERT INTO `" . $db_table_prefix . "Users` (`Username`, `Username_Clean`, `Password`, `Email`, `ActivationToken`, `LastActivationRequest`, `LostPasswordRequest`, `Active`, `Group_ID`, `SignUpDate`, `LastSignIn`)\r\n\t\t\t\t\t VALUES ('" . $db->sql_escape($this->unclean_username) . "', '" . $db->sql_escape($this->clean_username) . "', '" . $secure_pass . "', '" . $db->sql_escape($this->clean_email) . "','" . $this->activation_token . "','" . time() . "', 0, '" . $this->user_active . "', '1', '" . time() . "', '0')";
$db->sql_query($sql);
if ($db->sql_affectedrows() <= 0) {
$this->sql_failure = true;
} else {
$this->sql_failure = false;
}
}
}
}
}
}
if (count($errors) == 0) {
//Check that the username / email are associated to the same account
if (!emailUsernameLinked($email, $username)) {
$errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");
} else {
//Check if the user has any outstanding lost password requests
$userdetails = fetchUserDetails($username);
if ($userdetails["lost_password_request"] == 1) {
$errors[] = lang("FORGOTPASS_REQUEST_EXISTS");
} else {
//Email the user asking to confirm this change password request
//We can use the template builder here
//We use the activation token again for the url key it gets regenerated everytime it's used.
$mail = new userCakeMail();
$confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot-password.php?confirm=" . $userdetails["activation_token"];
$deny_url = lang("DENY") . "\n" . $websiteUrl . "forgot-password.php?deny=" . $userdetails["activation_token"];
//Setup our custom hooks
$hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["user_name"]));
if (!$mail->newTemplateMsg("lost-password-request.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["email"], "Lost password request")) {
$errors[] = lang("MAIL_ERROR");
} else {
//Update the DB to show this account has an outstanding request
if (!flagLostPasswordRequest($userdetails["user_name"], 1)) {
$errors[] = lang("SQL_ERROR");
} else {
$successes[] = lang("FORGOTPASS_REQUEST_SUCCESS");
} else {
if ($resend_activation_threshold == 0) {
$hours_diff = 0;
} else {
$last_request = $userdetails["last_activation_request"];
$hours_diff = round((time() - $last_request) / (3600 * $resend_activation_threshold), 0);
}
if ($resend_activation_threshold != 0 && $hours_diff <= $resend_activation_threshold) {
$errors[] = lang("ACCOUNT_LINK_ALREADY_SENT", array($resend_activation_threshold));
} else {
//For security create a new activation url;
$new_activation_token = generateActivationToken();
if (!updateLastActivationRequest($new_activation_token, $username, $email)) {
$errors[] = lang("SQL_ERROR");
} else {
$mail = new userCakeMail();
$activation_url = SITE_ROOT . "api/activate_user.php?token=" . $new_activation_token;
//Setup our custom hooks
$hooks = array("searchStrs" => array("#ACTIVATION-URL", "#USERNAME#"), "subjectStrs" => array($activation_url, $userdetails["display_name"]));
if (!$mail->newTemplateMsg("resend-activation.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["email"], "Activate your " . $websiteName . " Account")) {
$errors[] = lang("MAIL_ERROR");
} else {
//Success, user details have been updated in the db now mail this information out.
$successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT");
}
}
}
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
$baseURL = getcwd();
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Forms posted
if (!empty($_POST) && $emailActivation) {
$email = $_POST["email"];
$username = $_POST["username"];
//Perform some validation
//Feel free to edit / change as required
if (trim($email) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
} else {
if (!isValidEmail($email) || !emailExists($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
}
}
if (trim($username) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
} else {
if (!usernameExists($username)) {
$errors[] = lang("ACCOUNT_INVALID_USERNAME");
}
}
if (count($errors) == 0) {
//Check that the username / email are associated to the same account
if (!emailUsernameLinked($email, $username)) {
$errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");
} else {
$userdetails = fetchUserDetails($username);
//See if the user's account is activation
if ($userdetails["active"] == 1) {
$errors[] = lang("ACCOUNT_ALREADY_ACTIVE");
} else {
if ($resend_activation_threshold == 0) {
$hours_diff = 0;
} else {
$last_request = $userdetails["last_activation_request"];
$hours_diff = round((time() - $last_request) / (3600 * $resend_activation_threshold), 0);
}
if ($resend_activation_threshold != 0 && $hours_diff <= $resend_activation_threshold) {
$errors[] = lang("ACCOUNT_LINK_ALREADY_SENT", array($resend_activation_threshold));
} else {
//For security create a new activation url;
$new_activation_token = generateActivationToken();
if (!updateLastActivationRequest($new_activation_token, $username, $email)) {
$errors[] = lang("SQL_ERROR");
} else {
$mail = new userCakeMail();
$activation_url = $websiteUrl . "activate-account.php?token=" . $new_activation_token;
//Setup our custom hooks
$hooks = array("searchStrs" => array("#ACTIVATION-URL", "#USERNAME#"), "subjectStrs" => array($activation_url, $userdetails["display_name"]));
if (!$mail->newTemplateMsg("resend-activation.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["email"], "Activate your " . $websiteName . " Account")) {
$errors[] = lang("MAIL_ERROR");
} else {
//Success, user details have been updated in the db now mail this information out.
$successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT");
}
}
}
}
}
}
}
}
//Prevent the user visiting the logged in page if he/she is already logged in
if (isUserLoggedIn()) {
header("Location: " . str_replace('index.php/', '', site_url('account')));
die;
}
$this->load->view('resend_activation');
}
} else {
$userdetails = fetchUserDetails($username);
//See if the user's account is activation
if ($userdetails["Active"] == 1) {
$errors[] = lang("ACCOUNT_ALREADY_ACTIVE");
} else {
$hours_diff = round((time() - $userdetails["LastActivationRequest"]) / (3600 * $resend_activation_threshold), 0);
if ($resend_activation_threshold != 0 && $hours_diff <= $resend_activation_threshold) {
$errors[] = lang("ACCOUNT_LINK_ALREADY_SENT", array($resend_activation_threshold));
} else {
//For security create a new activation url;
$new_activation_token = generateActivationToken();
if (!updateLastActivationRequest($new_activation_token, $username, $email)) {
$errors[] = lang("SQL_ERROR");
} else {
$mail = new userCakeMail();
$activation_url = $websiteUrl . "activate-account.php?token=" . $new_activation_token;
//Setup our custom hooks
$hooks = array("searchStrs" => array("#ACTIVATION-URL", "#USERNAME#"), "subjectStrs" => array($activation_url, $userdetails["Username"]));
if (!$mail->newTemplateMsg("resend-activation.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["Email"], "Activate your UserCake Account")) {
$errors[] = lang("MAIL_ERROR");
} else {
//Success, user details have been updated in the db now mail this information out.
$success_message = lang("ACCOUNT_NEW_ACTIVATION_SENT");
}
}
}
}
} else {
if ($resend_activation_threshold == 0) {
$hours_diff = 0;
} else {
$last_request = $userdetails["last_activation_request"];
$hours_diff = round((time() - $last_request) / (3600 * $resend_activation_threshold), 0);
}
if ($resend_activation_threshold != 0 && $hours_diff <= $resend_activation_threshold) {
$errors[] = lang("ACCOUNT_LINK_ALREADY_SENT", array($resend_activation_threshold));
} else {
//For security create a new activation url;
$new_activation_token = generateActivationToken();
if (!updateLastActivationRequest($new_activation_token, $username, $email)) {
$errors[] = lang("SQL_ERROR");
} else {
$mail = new userCakeMail();
$activation_url = $websiteUrl . "partials/user/activate-account.php?token=" . $new_activation_token;
//Setup our custom hooks
$hooks = array("searchStrs" => array("#ACTIVATION-URL", "#USERNAME#"), "subjectStrs" => array($activation_url, $userdetails["display_name"]));
if (!$mail->newTemplateMsg("resend-activation.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["email"], "Aktiver din " . $websiteName . " bruker")) {
$errors[] = lang("MAIL_ERROR");
} else {
//Success, user details have been updated in the db now mail this information out.
$successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT");
}
}
}
}
if (!emailUsernameLinked($email, $username)) {
$errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");
} else {
//Check if the user has any outstanding lost password requests
$userdetails = fetchUserDetails($username);
if ($userdetails["lost_password_request"] == 1) {
$errors[] = lang("FORGOTPASS_REQUEST_EXISTS");
} else {
$token = $userdetails["activation_token"];
$rand_pass = getUniqueCode(15);
//Get unique code
$secure_pass = generateHash($rand_pass);
//Generate random hash
$userdetails = fetchUserDetails(NULL, $token);
//Fetchs user details
$mail = new userCakeMail();
//Setup our custom hooks
$hooks = array("searchStrs" => array("#GENERATED-PASS#", "#USERNAME#"), "subjectStrs" => array($rand_pass, $userdetails["display_name"]));
if (!$mail->newTemplateMsg("your-lost-password.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["email"], "Your new password")) {
$errors[] = lang("MAIL_ERROR");
} else {
if (!updatePasswordFromToken($secure_pass, $token)) {
$errors[] = lang("SQL_ERROR");
} else {
if (!flagLostPasswordRequest($userdetails["user_name"], 0)) {
$errors[] = lang("SQL_ERROR");
} else {
$successes[] = lang("FORGOTPASS_NEW_PASS_EMAIL");
/**
* Create a user with the specified fields.
* @param string $user_name the validated $_POST['user_name'] variable
* @param string $display_name the validated $_POST['display_name'] variable
* @param string $email the validated $_POST['email'] variable
* @param string $title the validated $_POST['title'] variable
* @param string $password the validated $_POST['password'] variable
* @param string $passwordc the validated $_POST['passwordc'] variable
* @param boolean $require_activation value of global $emailActivation when $admin is false
* @param boolean $admin True if admin is creating user, False if not admin creating user.
* @return int $inserted_id
*/
function createUser($user_name, $display_name, $email, $title, $password, $passwordc, $require_activation, $admin)
{
// if we're in admin mode, then the user must be logged in and have appropriate permissions
if ($admin == "true") {
// This block automatically checks this action against the permissions database before running.
if (!checkActionPermissionSelf(__FUNCTION__, func_get_args())) {
addAlert("danger", "Sorry, you do not have permission to access this resource.");
return false;
}
}
$error_count = 0;
// Check values
if (minMaxRange(1, 25, $user_name)) {
addAlert("danger", lang("ACCOUNT_USER_CHAR_LIMIT", array(1, 25)));
$error_count++;
}
if (!ctype_alnum($user_name)) {
addAlert("danger", lang("ACCOUNT_USER_INVALID_CHARACTERS"));
$error_count++;
}
if (minMaxRange(1, 50, $display_name)) {
addAlert("danger", lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(1, 50)));
$error_count++;
}
if (!isValidName($display_name)) {
addAlert("danger", lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS"));
$error_count++;
}
if (!isValidEmail($email)) {
addAlert("danger", lang("ACCOUNT_INVALID_EMAIL"));
$error_count++;
}
if (minMaxRange(1, 150, $title)) {
addAlert("danger", lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 150)));
$error_count++;
}
if (minMaxRange(8, 50, $password) && minMaxRange(8, 50, $passwordc)) {
addAlert("danger", lang("ACCOUNT_PASS_CHAR_LIMIT", array(8, 50)));
$error_count++;
} else {
if ($password != $passwordc) {
addAlert("danger", lang("ACCOUNT_PASS_MISMATCH"));
$error_count++;
}
}
if (usernameExists($user_name)) {
addAlert("danger", lang("ACCOUNT_USERNAME_IN_USE", array($user_name)));
$error_count++;
}
if (displayNameExists($display_name)) {
addAlert("danger", lang("ACCOUNT_DISPLAYNAME_IN_USE", array($display_name)));
$error_count++;
}
if (emailExists($email)) {
addAlert("danger", lang("ACCOUNT_EMAIL_IN_USE", array($email)));
$error_count++;
}
//Construct a secure hash for the plain text password
$password_hash = passwordHashUF($password);
if ($password_hash === null) {
addAlert("danger", lang("PASSWORD_HASH_FAILED"));
$error_count++;
}
// Exit on any invalid parameters
if ($error_count != 0) {
return false;
}
//Construct a unique activation token (even if activation is not required)
$activation_token = generateActivationToken();
$active = 1;
//Do we need to require that the user activate their account first?
if ($require_activation) {
//User must activate their account first
$active = 0;
$mailSender = new userCakeMail();
//Build the activation message
$activation_message = lang("ACCOUNT_ACTIVATION_MESSAGE", array(SITE_ROOT . "api/", $activation_token));
//Define more if you want to build larger structures
$hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $activation_token, $display_name));
/* Build the template - Optional, you can just use the sendMail function
Instead to pass a message. */
// If there is a mail failure, fatal error
if (!$mailSender->newTemplateMsg("new-registration.txt", $hooks)) {
addAlert("danger", lang("MAIL_ERROR"));
return false;
} else {
//Send the mail. Specify users email here and subject.
//SendMail can have a third paremeter for message if you do not wish to build a template.
if (!$mailSender->sendMail($email, "Please activate your account")) {
addAlert("danger", lang("MAIL_ERROR"));
return false;
}
}
}
// Insert the user into the database and return the new user's id
return addUser($user_name, $display_name, $title, $password_hash, $email, $active, $activation_token);
}
}
//You need to handle both cases
//If Any browser does not support serializing of multiple files using FormData()
if (!is_array($_FILES["myfile"]["name"])) {
$fileName = $prefix . "_" . $_FILES["myfile"]["name"];
move_uploaded_file($_FILES["myfile"]["tmp_name"], $output_dir . $fileName);
$ret[] = $fileName;
} else {
$fileCount = count($_FILES["myfile"]["name"]);
for ($i = 0; $i < $fileCount; $i++) {
$fileName = $prefix . "_" . $_FILES["myfile"]["name"][$i];
move_uploaded_file($_FILES["myfile"]["tmp_name"][$i], $output_dir . $fileName);
$ret[] = $fileName;
}
}
$mail = new userCakeMail();
if ($type == "timesheet") {
$link = "http://project/admin/timesheets/" . $fileName;
$message = "Candidate Name: " . $candidatename . "<br>";
$message .= "Client Name: " . $companyname . "<br>";
$message .= "PO ID: " . $poid . "<br>";
$message .= "Timesheet: <a target='_blank' href='" . $link . "'>" . $link . "</a><br>";
$mail->sendMail("*****@*****.**", "Timesheet Uploaded " . $candidatename, $message);
}
if ($_POST['type'] == "projectfile") {
$link = "http://project/admin/projectfiles/" . $fileName;
$message .= "Client Name: " . $companyname . "<br>";
$message = "Candidate Name: " . $candidatename . "<br>";
$message .= "File: <a target='_blank' href='" . $link . "'>" . $link . "</a><br>";
$mail->sendMail("*****@*****.**", "Project File Uploaded " . $companyname, $message);
}
if (empty($summary)) {
$errors[] = "You must enter a witty one-liner (it makes my life easy)";
}
if (empty($description)) {
$errors[] = "You must enter a description";
}
if (empty($type)) {
$errors[] = "Feedback type error";
}
if (empty($user)) {
$errors[] = "User not identified";
}
if (empty($errors)) {
//form filled out correctly
//send email to trello board
$mail = new userCakeMail();
//Setup our custom hooks
$hooks = array("searchStrs" => array("#USER#", "#DESCRIPTION#"), "subjectStrs" => array($user, $description));
if (!$mail->newTemplateMsg("bug-report.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail("*****@*****.**", $summary . " #red")) {
$errors[] = lang("MAIL_ERROR");
} else {
$successes[] = "Thank you for your feedback!";
}
}
//end else
}
//end if no errors
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
$baseURL = getcwd();
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//User has confirmed they want their password changed
if (!empty($_GET["confirm"])) {
$token = trim($_GET["confirm"]);
if ($token == "" || !validateActivationToken($token, TRUE)) {
$errors[] = lang("FORGOTPASS_INVALID_TOKEN");
} else {
$rand_pass = getUniqueCode(15);
//Get unique code
$secure_pass = generateHash($rand_pass);
//Generate random hash
$userdetails = fetchUserDetails(NULL, $token);
//Fetchs user details
$mail = new userCakeMail();
//Setup our custom hooks
$hooks = array("searchStrs" => array("#GENERATED-PASS#", "#USERNAME#"), "subjectStrs" => array($rand_pass, $userdetails["display_name"]));
if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/your-lost-password.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["email"], "Your new password")) {
$errors[] = lang("MAIL_ERROR");
} else {
if (!updatePasswordFromToken($secure_pass, $token)) {
$errors[] = lang("SQL_ERROR");
} else {
if (!flagLostPasswordRequest($userdetails["user_name"], 0)) {
$errors[] = lang("SQL_ERROR");
} else {
$successes[] = lang("FORGOTPASS_NEW_PASS_EMAIL");
}
}
}
}
}
}
//User has denied this request
if (!empty($_GET["deny"])) {
$token = trim($_GET["deny"]);
if ($token == "" || !validateActivationToken($token, TRUE)) {
$errors[] = lang("FORGOTPASS_INVALID_TOKEN");
} else {
$userdetails = fetchUserDetails(NULL, $token);
if (!flagLostPasswordRequest($userdetails["user_name"], 0)) {
$errors[] = lang("SQL_ERROR");
} else {
$successes[] = lang("FORGOTPASS_REQUEST_CANNED");
}
}
}
//Forms posted
if (!empty($_POST)) {
$email = $_POST["email"];
$username = sanitize($_POST["username"]);
//Perform some validation
//Feel free to edit / change as required
if (trim($email) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
} else {
if (!isValidEmail($email) || !emailExists($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
}
}
if (trim($username) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
} else {
if (!usernameExists($username)) {
$errors[] = lang("ACCOUNT_INVALID_USERNAME");
}
}
if (count($errors) == 0) {
//Check that the username / email are associated to the same account
if (!emailUsernameLinked($email, $username)) {
$errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");
} else {
//Check if the user has any outstanding lost password requests
$userdetails = fetchUserDetails($username);
if ($userdetails["lost_password_request"] == 1) {
$errors[] = lang("FORGOTPASS_REQUEST_EXISTS");
} else {
//Email the user asking to confirm this change password request
//We can use the template builder here
//We use the activation token again for the url key it gets regenerated everytime it's used.
$mail = new userCakeMail();
$confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot-password.php?confirm=" . $userdetails["activation_token"];
$deny_url = lang("DENY") . "\n" . $websiteUrl . "forgot-password.php?deny=" . $userdetails["activation_token"];
//Setup our custom hooks
$hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["user_name"]));
if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/lost-password-request.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["email"], "Lost password request")) {
$errors[] = lang("MAIL_ERROR");
} else {
//Update the DB to show this account has an outstanding request
if (!flagLostPasswordRequest($userdetails["user_name"], 1)) {
$errors[] = lang("SQL_ERROR");
} else {
$successes[] = lang("FORGOTPASS_REQUEST_SUCCESS");
}
}
}
}
}
}
}
$this->load->view('forgot_password');
}
}
}
if (count($errors) == 0) {
//Check that the username / email are associated to the same account
if (!emailUsernameLinked($email, $username)) {
$errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");
} else {
//Check if the user has any outstanding lost password requests
$userdetails = fetchUserDetails($username);
if ($userdetails["LostPasswordRequest"] == 1) {
$errors[] = lang("FORGOTPASS_REQUEST_EXISTS");
} else {
//Email the user asking to confirm this change password request
//We can use the template builder here
//We use the activation token again for the url key it gets regenerated everytime it's used.
$mail = new userCakeMail();
$confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot-password.php?confirm=" . $userdetails["ActivationToken"];
$deny_url = "DENY" . "\n" . $websiteUrl . "forgot-password.php?deny=" . $userdetails["ActivationToken"];
//Setup our custom hooks
$hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["Username"]));
if (!$mail->newTemplateMsg("lost-password-request.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["Email"], "Ζητήσατε υπενθύμιση του κωδικού σας")) {
$errors[] = lang("MAIL_ERROR");
} else {
//Update the DB to show this account has an outstanding request
flagLostPasswordRequest($username, 1);
$success_message = lang("FORGOTPASS_REQUEST_SUCCESS");
}
}
$userdetails = fetchUserDetails($username);
//See if the user's account is activation
if ($userdetails["Active"] == 1) {
$errors[] = lang("ACCOUNT_ALREADY_ACTIVE");
} else {
// TODO: Potential division by zero
$hours_diff = round((time() - $userdetails["LastActivationRequest"]) / (3600 * $resend_activation_threshold), 0);
if ($resend_activation_threshold != 0 && $hours_diff <= $resend_activation_threshold) {
$errors[] = lang("ACCOUNT_LINK_ALREADY_SENT", array($resend_activation_threshold));
} else {
//For security create a new activation url;
$new_activation_token = generateActivationToken();
if (!updateLastActivationRequest($new_activation_token, $username, $email)) {
$errors[] = lang("SQL_ERROR");
} else {
$mail = new userCakeMail();
$activation_url = $websiteUrl . "activate-account.php?token=" . $new_activation_token;
//Setup our custom hooks
$hooks = array("searchStrs" => array("#ACTIVATION-URL", "#USERNAME#"), "subjectStrs" => array($activation_url, $userdetails["Username"]));
if (!$mail->newTemplateMsg("resend-activation.txt", $hooks)) {
$errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");
} else {
if (!$mail->sendMail($userdetails["Email"], "Ενεργοποιήστε το λογαριασμό σας")) {
$errors[] = lang("MAIL_ERROR");
} else {
//Success, user details have been updated in the db now mail this information out.
$success_message = lang("ACCOUNT_NEW_ACTIVATION_SENT");
}
}
}
}
