/**
* function to create a 3mik user. we populate following tables
* sc_login
* sc_user
* sc_denorm_user (via a trigger)
*
*/
static function create($provider, $userName, $firstName, $lastName, $email, $password, $remoteIp)
{
$dbh = NULL;
try {
//canonical form of email
$email = strtolower(trim($email));
$password = trim($password);
$sql1 = "insert into sc_login (provider,name,ip_address,created_on) ";
$sql1 .= " values(:provider,:name, :ip_address,now()) ";
$dbh = PDOWrapper::getHandle();
//Tx start
$dbh->beginTransaction();
$stmt = $dbh->prepare($sql1);
$stmt->bindParam(":name", $userName);
$stmt->bindParam(":provider", $provider);
$stmt->bindParam(":ip_address", $remoteIp);
$stmt->execute();
$stmt = NULL;
$loginId = $dbh->lastInsertId();
settype($loginId, "integer");
//@throws DBException
\com\indigloo\auth\User::create('sc_user', $firstName, $lastName, $userName, $email, $password, $loginId, $remoteIp);
//Tx end
$dbh->commit();
$dbh = null;
} catch (\PDOException $e) {
$dbh->rollBack();
$dbh = null;
throw new DBException($e->getMessage(), $e->getCode());
} catch (\Exception $ex) {
$dbh->rollBack();
$dbh = null;
$message = $ex->getMessage();
throw new DBException($message);
}
}
$fhandler->addError($message);
$error = "Possible spam bot submission from IP :: " . $_SERVER["REMOTE_ADDR"];
Logger::getInstance()->info($error);
}
if ($fhandler->hasErrors()) {
throw new UIException($fhandler->getErrors());
}
//create a new login + user
$loginDao = new \com\indigloo\sc\dao\Login();
$loginDao->create($fvalues['first_name'], $fvalues['last_name'], $fvalues['email'], $fvalues['password']);
//canonical email - all lower case
$email = strtolower(trim($fvalues['email']));
$password = trim($fvalues['password']);
$loginId = NULL;
try {
$loginId = \com\indigloo\auth\User::login('sc_user', $email, $password);
} catch (\Exception $ex) {
$code = $ex->getCode();
switch ($code) {
case 401:
$message = "Wrong login or password. Please try again!";
throw new UIException(array($message));
break;
default:
$message = "Error during login. Please try after some time!";
throw new UIException(array($message));
}
}
//success - update login record
// start 3mik session
$remoteIp = \com\indigloo\Url::getRemoteIp();
<?php
include 'sc-app.inc';
include APP_CLASS_LOADER;
use com\indigloo\sc\util\PseudoId;
if ($argc < 3) {
printf("Usage : {$php} change.php <pseudo_id> <password> \n");
exit;
}
$pseudoId = $argv[1];
$pseudoId = trim($pseudoId);
$password = $argv[2];
$loginId = PseudoId::decode($pseudoId);
//get email lookup on loginId
$userDao = new \com\indigloo\sc\dao\User();
$row = $userDao->getOnLoginId($loginId);
$email = $row["email"];
printf("change for login_id = %s, email = %s \n ", $loginId, $email);
$data = \com\indigloo\auth\User::changePassword("sc_user", $loginId, $email, $password);
$qUrl = base64_decode($fvalues['qUrl']);
if ($fhandler->hasErrors()) {
throw new UIException($fhandler->getErrors());
}
//form token
$session_token = $gWeb->find("change.password.token", true);
if ($fvalues['ftoken'] != $session_token) {
$message = "form token does not match the value stored in session";
throw new UIException(array($message));
}
//decrypt email
$email = $gWeb->find("change.password.email", true);
$email = Util::decrypt($email);
$userDao = new \com\indigloo\sc\dao\User();
//@test with email that can cause issues with encoding!
$userDBRow = $userDao->getOnEmail($email);
//send raw password
$email = strtolower(trim($email));
$password = trim($_POST['password']);
WebglooUser::changePassword('sc_user', $userDBRow['login_id'], $email, $password);
//success
$gWeb->store(Constants::FORM_MESSAGES, array("password changed successfully!"));
header("Location: " . $qUrl);
exit(1);
} catch (UIException $ex) {
$gWeb->store(Constants::STICKY_MAP, $fvalues);
$gWeb->store(Constants::FORM_ERRORS, $ex->getMessages());
header("Location: " . $fUrl);
exit(1);
}
}
