require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\User;
use NERDZ\Core\Db;
$user = new User();
if (!NERDZ\Core\Security::refererControl()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': referer'));
}
if (!NERDZ\Core\Security::csrfControl(isset($_POST['tok']) ? $_POST['tok'] : 0, 'edit')) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': token'));
}
if (!$user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('REGISTER')));
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/validateuser.php';
//include $updatedPassword
$params = [':timezone' => $userData['timezone'], ':name' => $userData['name'], ':surname' => $userData['surname'], ':email' => $userData['email'], ':gender' => $userData['gender'], ':date' => $birth['date'], ':id' => $_SESSION['id']];
if ($updatedPassword) {
$params[':password'] = $userData['password'];
}
$ret = Db::query(['UPDATE users SET "timezone" = :timezone, "name" = :name,
"surname" = :surname,"email" = :email,"gender" = :gender, "birth_date" = :date
' . ($updatedPassword ? ', "password" = crypt(:password, gen_salt(\'bf\', 7))' : '') . ' WHERE counter = :id', $params], Db::FETCH_ERRSTR);
if ($ret != Db::NO_ERRSTR) {
die(NERDZ\Core\Utils::jsonDbResponse($ret));
}
if ($updatedPassword && ($cookie = isset($_COOKIE['nerdz_u']))) {
if (!$user->login(User::getUsername(), $userData['password'], $cookie, $_SESSION['mark_offline'])) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Login'));
}
}
die(NERDZ\Core\Utils::jsonResponse('error', 'OK'));
<?php
ob_start('ob_gzhandler');
require_once $_SERVER['DOCUMENT_ROOT'] . '/class/autoload.php';
use NERDZ\Core\Db;
use NERDZ\Core\User;
use NERDZ\Core\Captcha;
$user = new User();
$cptcka = new Captcha();
$captcha = isset($_POST['captcha']) ? $_POST['captcha'] : false;
if (!$captcha) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('MISSING') . ': ' . $user->lang('CAPTCHA')));
}
if (!$cptcka->check($captcha)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WRONG_CAPTCHA')));
}
if ($user->isLogged()) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ALREADY_LOGGED')));
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/pages/common/validateuser.php';
$ret = Db::query(['INSERT INTO users ("username","password","name","surname","email","gender","birth_date","lang","board_lang","timezone","remote_addr", "http_user_agent")
VALUES (:username, crypt(:password, gen_salt(\'bf\', 7)) , :name, :surname, :email, :gender, :date, :lang, :lang, :timezone, :remote_addr, :http_user_agent)', [':username' => $userData['username'], ':password' => $userData['password'], ':name' => $userData['name'], ':surname' => $userData['surname'], ':email' => $userData['email'], ':gender' => $userData['gender'], ':timezone' => $userData['timezone'], ':date' => $birth['date'], ':lang' => $user->getLanguage(), ':remote_addr' => $_SERVER['REMOTE_ADDR'], ':http_user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? htmlspecialchars($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, 'UTF-8') : '']], Db::FETCH_ERRSTR);
if ($ret != Db::NO_ERRSTR) {
die(NERDZ\Core\Utils::jsonDbResponse($ret));
}
if (!$user->login($userData['username'], $userData['password'], $setCookie = true)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Login'));
}
die(NERDZ\Core\Utils::jsonResponse('ok', $user->lang('LOGIN_OK')));
} catch (phpmailerException $e) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': ' . $e->errorMessage() . "\n contact support@nerdz.eu or retry"));
}
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': contact support@nerdz.eu or retry'));
} else {
if ($password !== false && $token !== false && $key !== false) {
//3rd step
switch (Security::passwordControl($password)) {
case 'PASSWORD_SHORT':
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PASSWORD_SHORT') . "\n" . $user->lang('MIN_LENGTH') . ': ' . Config\MIN_LENGTH_PASS));
case 'PASSWORD_LONG':
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('PASSWORD_LONG')));
}
if (!($obj = Db::query(['SELECT r.*, u.username FROM reset_requests r JOIN users u ON r.to = u.counter WHERE r.counter = :key', [':key' => $key]], Db::FETCH_OBJ))) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '(2): ' . $user->lang('TRY_LATER')));
}
if ($obj->token !== $token) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Token'));
}
if (Db::NO_ERRNO != Db::query(['DELETE FROM reset_requests WHERE "to" = :to AND counter <= :key', [':to' => $obj->to, ':key' => $key]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . '(3): ' . $user->lang('TRY_LATER')));
}
if (Db::NO_ERRNO != Db::query(['UPDATE "users" SET "password" = crypt(:pass, gen_salt(\'bf\', 7)) WHERE "counter" = :id', [':pass' => $password, ':id' => $obj->to]], Db::FETCH_ERRNO)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': retry'));
}
if (!$user->login($obj->username, $password, $setCookie = true)) {
die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Login'));
}
die(NERDZ\Core\Utils::jsonResponse('ok', 'OK'));
}
}
