Example #1
1
 static function send_reset_password($email = null)
 {
     if (Adapter::row_count(Adapter::secure_query('SELECT mail FROM users WHERE mail = :mail', [':mail' => $email])) == 1) {
         $mail = new PHPMailer();
         $mail->IsSMTP();
         $system_settings = unserialize(SYSTEM_SETTINGS);
         $mail->Host = $system_settings['smtp_server'];
         $mail->From = '*****@*****.**';
         $mail->FromName = $system_settings['hotel_name'];
         $mail->AddAddress($email);
         $mail->IsHTML(true);
         $mail->Subject = 'Reset-Password Confirmation';
         $mail->Body = Page::include_content('reset_password', 'others/mail');
         $get_details = Adapter::fetch_object(Adapter::secure_query('SELECT id,username,mail FROM users WHERE mail = :mail', [':mail' => $email]));
         $mail->Body = str_replace('{{mail_username}}', $get_details->username, $mail->Body);
         $mail->Body = str_replace('{{mail_email}}', $get_details->mail, $mail->Body);
         $hash = md5($get_details->mail . '_' . $get_details->username . '_' . rand(0, 9));
         Adapter::secure_query('INSERT INTO cms_restore_password (user_id,user_hash) VALUES (:userid,:userhash)', [':userid' => $get_details->id, ':userhash' => $hash]);
         $mail->Body = str_replace('{{confirm_url}}', $system_settings['global_url'] . '/reset-password/' . $hash, $mail->Body);
         $mail->Body = str_replace('{{hotel_name}}', $system_settings['hotel_name'], $mail->Body);
         $mail->Send();
         $mail->ClearAllRecipients();
         $mail->ClearAttachments();
     }
 }
Example #2
0
 /**
  * function show
  * render and return content
  */
 function show()
 {
     header('Content-type: application/json');
     if (!isset($_SESSION['is_newbie'])) {
         return null;
     }
     $code = 'NAME_IN_USE';
     $validation_object = new stdClass();
     $validation_object->validationResult = null;
     $validation_object->suggestions = [];
     if (isset($_GET['aname'])) {
         $name = Misc::escape_text($_GET['aname']);
         $user_id = Data::$user_instance->user_id;
         if (strlen($name) >= 3 && strlen($name) <= 30 && preg_match('`[a-z]`', $name) && substr_count($name, ' ') == 0 && stripos($name, 'MOD_') === false) {
             if (Adapter::row_count(Adapter::secure_query("SELECT username FROM users WHERE username = :username LIMIT 1", [':username' => $name])) == 0 || $name == Data::$user_instance->user_name) {
                 if (Data::$user_instance->is_newbie == 1) {
                     Adapter::secure_query("UPDATE users SET username = :username WHERE id = :userid", [':username' => $name, ':userid' => $user_id]);
                     Adapter::secure_query("UPDATE users SET novato = '2' WHERE id = :userid", [':userid' => $user_id]);
                     Data::user_create_instance($user_id);
                     $code = 'OK';
                 }
             }
         } else {
             $validation_object->validationResult = new stdClass();
             $validation_object->validationResult->resultType = 'VALIDATION_ERROR_ILLEGAL_WORDS';
             $validation_object->validationResult->additionalInfo = 'MOD_';
             $validation_object->validationResult->valid = false;
         }
     }
     $validation_object->code = $code;
     return json_encode($validation_object);
 }
Example #3
0
 /**
  * function do_validate
  * check if user has permissions
  * @param int $rank
  * @return bool
  */
 static function do_validate($rank = 0)
 {
     @session_start();
     if (isset($_SESSION['hobbanet'])) {
         $arr = unserialize($_SESSION['hobbanet']);
         if (Adapter::row_count(Adapter::secure_query("SELECT * FROM cms_hk_users WHERE username = MD5(:username) AND hash = :hash", [':username' => $arr['username'], ':hash' => $arr['hash']])) == 1) {
             $hash = md5(rand(10, 30 . '-ase-' . rand(40, 60) . '-ase-' . rand(80, 90)));
             Adapter::secure_query("UPDATE cms_hk_users SET hash = :hash WHERE username = MD5(:username)", [':hash' => $hash, ':username' => $arr['username']]);
             $arr = ['username' => $arr['username'], 'hash' => $hash, 'rank' => $arr['rank']];
             $_SESSION['hobbanet'] = serialize($arr);
             if ($arr['rank'] >= $rank) {
                 return true;
             } else {
                 return false;
             }
         } else {
             header("Location: /theallseeingeye/web/login");
             return false;
         }
     } else {
         session_destroy();
         header("Location: /");
         return false;
     }
 }
Example #4
0
 /**
  * function show
  * render and return content
  */
 function show()
 {
     $data = json_decode(file_get_contents("php://input"), true);
     if (Adapter::row_count(Adapter::secure_query('SELECT * FROM cms_restore_password WHERE user_hash = :userhash LIMIT 1', [':userhash' => $data['token']])) == 1) {
         $get = Adapter::fetch_object(Adapter::secure_query('SELECT * FROM cms_restore_password WHERE user_hash = :userhash LIMIT 1', [':userhash' => $data['token']]));
         $row = Adapter::fetch_object(Adapter::secure_query('SELECT * FROM users WHERE id = :userid LIMIT 1', [':userid' => $get->user_id]));
         $check_object = new stdClass();
         $check_object->email = $row->mail;
         $check_object->name = $row->username;
         return json_encode($check_object);
     }
     header('HTTP/1.1 404 Not Found');
     return null;
 }
 /**
  * function show
  * render and return content
  */
 function show()
 {
     $data = json_decode(file_get_contents("php://input"), true);
     if (Adapter::row_count(Adapter::secure_query('SELECT * FROM cms_restore_password WHERE user_hash = :userhash LIMIT 1', [':userhash' => $data['token']])) == 1) {
         $get = Adapter::fetch_object(Adapter::secure_query('SELECT * FROM cms_restore_password WHERE user_hash = :userhash LIMIT 1', [':userhash' => $data['token']]));
         $row = Adapter::fetch_object(Adapter::secure_query('SELECT * FROM users WHERE id = :userid LIMIT 1', [':userid' => $get->user_id]));
         $data['currentPassword'] = '';
         User::change_password($data, $row->id, false);
         Adapter::secure_query('DELETE FROM cms_restore_password WHERE user_hash = :userhash', [':userhash' => $data['token']]);
         return null;
     }
     header('HTTP/1.1 404 Not Found');
     return null;
 }
Example #6
0
 /**
  * function show
  * render and return content
  * @param string $user_name
  * @return mixed|void
  */
 function show($user_name = '')
 {
     header('Content-type: application/json');
     $is_available = false;
     if (isset($user_name)) {
         $name = Misc::escape_text($user_name);
         if (strlen($name) >= 3 && strlen($name) <= 30 && preg_match('`[a-z]`', $name) && substr_count($name, ' ') == 0 && stripos($name, 'MOD_') === false) {
             if (Adapter::row_count(Adapter::secure_query("SELECT username FROM users WHERE username = :username LIMIT 1", [':username' => $name])) == 0 || $name == Data::$user_instance->user_name) {
                 $is_available = true;
             }
         }
     }
     $available_object = new stdClass();
     $available_object->isAvailable = $is_available;
     return json_encode($available_object);
 }
Example #7
0
 /**
  * function show
  * render and return content
  */
 function show()
 {
     @session_start();
     $username = Misc::escape_text($_POST['username']);
     $password = Misc::escape_text($_POST['password']);
     if (Adapter::row_count(Adapter::secure_query("SELECT * FROM cms_hk_users WHERE username = MD5(:username) AND password = MD5(:password)", [':username' => $username, ':password' => $password])) == 1) {
         $hash = md5(rand(10, 30 . '-ase-' . rand(40, 60) . '-ase-' . rand(80, 90)));
         Adapter::secure_query("UPDATE cms_hk_users SET hash = :hash WHERE username = MD5(:username)", [':hash' => $hash, ':username' => $username]);
         $row = Adapter::fetch_array(Adapter::secure_query("SELECT rank FROM cms_hk_users WHERE username = MD5(:username)", [':username' => $username]));
         $arr = ['username' => $username, 'hash' => $hash, 'rank' => $row['rank']];
         $_SESSION['hobbanet'] = serialize($arr);
         header("Location: /theallseeingeye/web/index");
         return;
     } else {
         session_destroy();
         header("Location: /theallseeingeye/web/?fail");
         return;
     }
 }
Example #8
0
 /**
  * function show
  * render and return content
  */
 function show()
 {
     $data = json_decode(file_get_contents("php://input"), true);
     $query = Adapter::secure_query('SELECT * FROM cms_users_verification WHERE user_hash = :userhash', [':userhash' => $data['token']]);
     if (Adapter::row_count($query) == 1) {
         $fetch = Adapter::fetch_object($query);
         Adapter::secure_query('UPDATE cms_users_verification SET verified = :verified WHERE user_hash = :userhash', [':verified' => 'true', ':userhash' => $data['token']]);
         Data::user_create_instance($fetch->user_id);
         $row = Adapter::fetch_object(Adapter::secure_query('SELECT mail FROM users WHERE id = :userid', [':userid' => $fetch->user_id]));
         $activate_object = new stdClass();
         $activate_object->email = $row->mail;
         $activate_object->emailVerified = true;
         $activate_object->identityVerified = true;
         return json_encode($activate_object);
     }
     header('HTTP/1.1 404 Not Found');
     $error_object = new stdClass();
     $error_object->error = 'activation.invalid_token';
     return json_encode($error_object);
 }
Example #9
0
 /**
  * function show
  * render and return content
  */
 function show()
 {
     $data = json_decode(file_get_contents("php://input"), true);
     $data['currentPassword'] = $data['password'];
     header('Content-type: application/json');
     if (User::change_password($data, Data::$user_instance->user_id, true, false) == true) {
         $query = Adapter::fetch_object(Adapter::secure_query('SELECT trade_lock FROM users WHERE id = :userid', [':userid' => Data::$user_instance->user_id]));
         if ($query->trade_lock == 0) {
             Adapter::secure_query('UPDATE users SET trade_lock = :statusl WHERE id = :userid', [':statusl' => '1', ':userid' => Data::$user_instance->user_id]);
         }
         if (Adapter::row_count(Adapter::secure_query('SELECT * FROM cms_security_questions WHERE user_id = :userid', [':userid' => Data::$user_instance->user_id])) == 0) {
             Adapter::secure_query('INSERT INTO cms_security_questions (user_id,question_one,question_two) VALUES (:userid,:questionone,:questiontwo)', [':questionone' => $data['answer1'], ':questiontwo' => $data['answer2'], ':userid' => Data::$user_instance->user_id]);
         }
         Adapter::secure_query('UPDATE cms_security_questions SET question_one = :questionone, question_two = :questiontwo WHERE user_id = :userid', [':questionone' => $data['answer1'], ':questiontwo' => $data['answer2'], ':userid' => Data::$user_instance->user_id]);
         return null;
     }
     header('HTTP/1.1 400 Bad Request');
     $error_object = new stdClass();
     $error_object->error = 'invalid_password';
     return json_encode($error_object);
 }
Example #10
0
 /**
  * function change mail
  * chgange the email
  * @param array $data
  * @param int $user_id
  * @return bool
  */
 static function change_email($data = [], $user_id = 0)
 {
     if (self::change_password($data, $user_id, true, false) == true) {
         $query_two = Adapter::secure_query("SELECT * FROM users WHERE `mail` = :mail LIMIT 1", [':mail' => Misc::escape_text($data['newEmail'])]);
         if (Adapter::row_count($query_two) == 0) {
             $row_two = Adapter::fetch_array(Adapter::secure_query('SELECT * FROM users WHERE id = :userid', [':userid' => $user_id]));
             Mailer::send_change_email($row_two['mail'], $data['newEmail']);
             Adapter::secure_query("UPDATE cms_azure_id SET `mail` = :newmail WHERE `mail` = :oldmail", [':newmail' => Misc::escape_text($data['newEmail']), ':oldmail' => $row_two['mail']]);
             Adapter::secure_query("UPDATE users SET `mail` = :newmail WHERE `mail` = :oldmail", [':newmail' => Misc::escape_text($data['newEmail']), ':oldmail' => $row_two['mail']]);
             header('HTTP/1.1 204 No Content');
             echo '{"email":"' . Misc::escape_text($data['newEmail']) . '"}';
             return true;
         }
     }
     header('HTTP/1.1 400 Bad Request');
     echo '{"error":"registration_email"}';
     return false;
 }
Example #11
0
 /**
  * function compose_news
  * get articles ;)
  * @param bool $return
  * @param bool $article_id
  * @return null|string
  */
 static function compose_news($return = false, $article_id = false)
 {
     if (!$article_id) {
         $count = 0;
         $code = [];
         foreach (Adapter::query('SELECT * FROM cms_articles WHERE type = "article" ORDER BY id ASC') as $row) {
             $code[$count] = new stdClass();
             $code[$count]->title = $row['title'];
             $code[$count]->body = html_entity_decode(strip_tags(substr(str_replace(['\\r', '\\n', '\\'], '', $row['text']), 0, 200)));
             $code[$count]->articleIndex = 0;
             $code[$count]->linkUrl = $row['external_link'] != 'default' ? $row['external_link'] : "/news/{$row['internal_link']}";
             $code[$count]->linkLabel = $row['link_text'];
             $code[$count]->imageUrl = $row['image'];
             $code[$count]->start = null;
             $count++;
         }
         return $return ? json_encode($code) : null;
     } else {
         $article_id = str_replace('_', '-', $article_id);
         if (Adapter::row_count(Adapter::secure_query("SELECT * FROM cms_articles WHERE internal_link = :article_url", [':article_url' => $article_id])) == 1) {
             $row = Adapter::fetch_object(Adapter::secure_query("SELECT * FROM cms_articles WHERE internal_link = :article_url", [':article_url' => $article_id]));
         } else {
             $row = Adapter::fetch_object(Adapter::query("SELECT * FROM cms_articles WHERE `type` = 'article' ORDER BY id ASC LIMIT 1"));
         }
         if ($row->type == 'article') {
             $text = str_replace(['\\r', '\\n', '\\'], '', $row->text);
             $code = "<h1>{$row->title}</h1>";
             $code = $code . "<p>{$text}</p>";
             $code = $code . '<blockquote><p>See more news on the <a href="/">Home page</a>!</p></blockquote>';
         } else {
             $code = $row->text;
         }
         return $return ? $code : null;
     }
 }