public function testUserDoesntExists()
{
// If we get no data about the user, assume it doesn't exist
$username = '******';
$this->db->expects($this->once())->method('get')->with($username)->willReturn(null);
$this->assertFalse(UserExists($this->db, $username));
}
function ChangePassword($db, $username, $password)
{
if (strlen($password) < 6) {
throw new \Exception("Password Less then 6 char");
}
if (UserExists($db, $username)) {
$db->update($username, md5($password));
}
}
/**
* Change user password
* @param $db
* @param $username
* @param $password
* @return bool
*/
function ChangePassword($db, $username, $password)
{
// Validate password length
if (!validatePasswordLength($password)) {
return false;
}
// Check if the user exists first
$user = UserExists($db, $username);
if ($user) {
$db->update($username, $password);
}
}
// Let's search if the user has already been created
// We stablish what attributes are going to be retrieved from each entry
$search_limit = array("uid");
// The filter string to search through LDAP
$search_string = "(uid=" . $uid . ")";
// The attribute the array of entries is going to be sorted by
$sort_string = 'uid';
// Searching ...
$search_entries = AssistedLDAPSearch($ldapc, $ldap_base, $search_string, $search_limit, $sort_string);
// How much did we get?
$result_count = $search_entries['count'];
// If we get one result, then the user was created
// probably the user made multiple new user petitions, created the
// user and then forgot and clicked the confirmation email again
if ($result_count == 1) {
UserExists();
// If we get more than one result, then uid is repeated on the
// database, which is fatal
} elseif ($result_count > 1) {
MultipleResults();
// If there's no results, we are ready to go!
} elseif ($result_count == 0) {
// Let's find out what was the last uidNumber created
// We stablish what attributes are going to be retrieved from each entry
$search_limit = array("uidNumber");
// The filter string to search through LDAP
$search_string = "(uid=maxUID)";
// The attribute the array of entries is going to be sorted by
$sort_string = 'uidNumber';
// Searching ...
$search_entries = AssistedLDAPSearch($ldapc, $ldap_base, $search_string, $search_limit, $sort_string);
private function EditUserStep1()
{
// Show the form to edit a news
$userId = (int) $_GET['userId'];
$arrData = array();
$arrPerms = array();
if (UserExists($userId)) {
$this->_GetUserData($userId, $arrData);
$this->_GetPermissionData($userId, $arrPerms);
// Does this user have permission to edit this user?
if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->GetVendorId() && $arrData['uservendorid'] != $GLOBALS['ISC_CLASS_ADMIN_AUTH']->GetVendorId()) {
FlashMessage(GetLang('Unauthorized'), MSG_ERROR, 'index.php?ToDo=viewUsers');
}
$GLOBALS['Username'] = isc_html_escape($arrData['username']);
$GLOBALS['UserEmail'] = isc_html_escape($arrData['useremail']);
$GLOBALS['UserFirstName'] = isc_html_escape($arrData['userfirstname']);
$GLOBALS['UserLastName'] = isc_html_escape($arrData['userlastname']);
$GLOBALS['XMLPath'] = sprintf("%s/xml.php", $GLOBALS['ShopPath']);
$GLOBALS['XMLToken'] = isc_html_escape($arrData['usertoken']);
if (!gzte11(ISC_HUGEPRINT)) {
$GLOBALS['HideVendorOptions'] = 'display: none';
} else {
if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->GetVendorId()) {
$vendorDetails = $GLOBALS['ISC_CLASS_ADMIN_AUTH']->GetVendor();
$GLOBALS['HideVendorSelect'] = 'display: none';
$GLOBALS['Vendor'] = $vendorDetails['vendorname'];
$GLOBALS['HideAdminoptions'] = 'display: none';
} else {
$GLOBALS['VendorList'] = $this->GetVendorList($arrData['uservendorid']);
$GLOBALS['HideVendorLabel'] = 'display: none';
}
}
if ($arrData['userapi'] == "1") {
$GLOBALS['IsXMLAPI'] = 'checked="checked"';
}
if ($arrData['userstatus'] == 0) {
$GLOBALS['Active0'] = 'selected="selected"';
} else {
$GLOBALS['Active1'] = 'selected="selected"';
}
// Setup the permission check boxes
foreach ($arrPerms as $k => $v) {
$GLOBALS["Selected_" . $v] = "selected='selected'";
}
if ($arrData['userrole'] && $arrData['userrole'] != 'custom') {
$GLOBALS['HidePermissionSelects'] = 'display: none';
}
// If the user is the super admin we need to disable some fields
if ($userId == 1 || $arrData['username'] == "admin") {
$GLOBALS['DisableUser'] = "******";
$GLOBALS['DisableStatus'] = "DISABLED";
$GLOBALS['DisableUserType'] = "DISABLED";
$GLOBALS['DisablePermissions'] = "DISABLED";
$GLOBALS['HideVendorOptions'] = 'display: none';
}
$GLOBALS['UserRoleOptions'] = $this->GetUserRoleOptions($arrData['userrole'], $arrData['uservendorid']);
$GLOBALS['UserId'] = (int) $userId;
$GLOBALS['FormAction'] = "editUser2";
$GLOBALS['Title'] = GetLang('EditUser1');
$GLOBALS['PassReq'] = " ";
/* Added below condition for applying store credit permission - vikas */
$loggeduser = $GLOBALS['ISC_CLASS_ADMIN_AUTH']->GetUser();
if ((int) $arrData['userstorecreditperm'] == 0) {
$GLOBALS['StoreCreditActive0'] = 'selected="selected"';
} else {
$GLOBALS['StoreCreditActive1'] = 'selected="selected"';
}
if ($userId == 1 || $loggeduser['pk_userid'] != 1) {
$GLOBALS['StoreCreditDisable'] = " disabled=\"\" ";
}
$GLOBALS['StoreCreditPermission'] = $GLOBALS['ISC_CLASS_TEMPLATE']->GetSnippet("StoreCreditPerm");
$GLOBALS['ISC_CLASS_TEMPLATE']->SetTemplate("user.form");
$GLOBALS['ISC_CLASS_TEMPLATE']->ParseTemplate();
} else {
// The news post doesn't exist
if ($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Manage_Users)) {
$this->ManageUsers(GetLang('UserDoesntExist'), MSG_ERROR);
} else {
$GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
}
}
}
$nu_email = PrepDBData(trim($_POST['nu_email']));
$nu_desc = PrepDBData(trim($_POST['nu_desc']));
$nu_faction = intval($_POST['nu_faction']);
if (empty($nu_handle)) {
print '<div style="color: #CC0000;">You must specify a handle name</div>';
$nu_err = true;
}
if (empty($nu_email)) {
print '<div style="color: #CC0000;">You must specify an e-mail address</div>';
$nu_err = true;
}
if (empty($_POST['nu_antispam_q']) || empty($_POST['nu_antispam_a']) || empty($GLOBALS['anti-spam-questions-sha1'][$_POST['nu_antispam_q']]) || $GLOBALS['anti-spam-questions-sha1'][$_POST['nu_antispam_q']] !== $_POST['nu_antispam_a']) {
print '<div style="color: #CC0000;">Your anti-spam answer was wrong.</div>';
$nu_err = true;
}
if (UserExists($chatpath, $nu_handle) != 0) {
print '<div style="color: #CC0000;">A user already exists with the chosen handle</div>';
$nu_err = true;
}
if (!$nu_err) {
$query = sprintf("INSERT INTO uo_chat_regapps SET chat='%s', username='******', email='%s', description='%s', faction=%d, rtime=%d, appstat=%d", $chatpath, $nu_handle, $nu_email, $nu_desc, $nu_faction, time(), 0);
count_mysql_query($query, $handler);
$emails = array();
$query = "SELECT DISTINCT email\r\n\t\t\t\t\tFROM uo_chat_database\r\n\t\t\t\t\tWHERE chat='" . $chatpath . "'\r\n\t\t\t\t\tAND email IS NOT NULL AND email != ''\r\n\t\t\t\t\tAND (flags LIKE BINARY '%m%' OR flags LIKE BINARY '%A%' OR flags LIKE BINARY '%X%' OR flags LIKE BINARY '%Z%')\r\n\t\t\t\t\t";
$rez = count_mysql_query($query, $handler);
while ($row = mysql_fetch_assoc($rez)) {
$row['email'] = mb_strtolower($row['email']);
if (preg_match('/^[-@.+_\\pL\\pN\\pM]+$/u', $row['email'])) {
$emails[] = $row['email'];
}
}
$user_login = userExists($condition);
$_SESSION['message']['user_login'] = "******";
$_SESSION['db_session_id'] = $user_login['id'];
//lastVisit($user_login['id']);
echo "success";
}
}
/*fb login*/
if (isset($_POST['action']) && $_POST['action'] == "fblogin") {
$data = json_decode($_POST['response'], true);
print_r($data);
$location = $pieces = explode(",", $data['location']['name']);
$login_type = "facebook";
$profile_pic = "http://graph.facebook.com/" . $data['id'] . "/picture?type=large";
$condition = " email = '" . $data['email'] . "' ";
$checkUserExists = UserExists($condition);
if ($checkUserExists['count'] == 0) {
$fb_login = "******" . mysql_real_escape_string(strip_tags(trim($login_type))) . "',profile_image_url='" . trim($profile_pic) . "' ,";
$fb_login .= "social_id='" . mysql_real_escape_string(strip_tags(trim($data['id']))) . "' ,username='******'first_name']))) . "' ,";
$fb_login .= "fname='" . mysql_real_escape_string(strip_tags(trim($data['first_name']))) . "',lname='" . mysql_real_escape_string(strip_tags(trim($data['last_name']))) . "' ,";
$fb_login .= "email='" . mysql_real_escape_string(strip_tags(trim($data['email']))) . "' ,birth_date='" . mysql_real_escape_string(strip_tags(trim($data['birthday']))) . "',";
$fb_login .= "gender='" . mysql_real_escape_string(strip_tags(trim($data['gender']))) . "' ,city='" . mysql_real_escape_string(strip_tags(trim($location[0]))) . "',";
echo $fb_login .= "last_login=now() ";
die;
$mysql = mysql_query($fb_login) or die(mysql_error());
if ($mysql) {
$id = mysql_insert_id();
$_SESSION['message']['user_login'] = "******";
$_SESSION['LoginUserId'] = $id;
echo "success";
} else {
<?php
include 'models/expire.php';
include 'models/users.php';
include 'models/database.php';
include 'models/datetime.php';
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['e-mail'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['e-mail'];
$now = datetime();
$exists = UserExists($username);
if (!$exists) {
$userid = CreateUser($username, $password, $email, $now);
setcookie('username', $username, $expire);
setcookie('userid', $userid, $expire);
header('Location: index.php');
} else {
header('Location: register.php?exists=true');
}
} else {
header('Location: register.php?missing=true');
}
<?php
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
require "analyze.php";
$results = array();
//check if user id is valid
$userid = $_GET['user'];
$exists = UserExists($userid);
if ($exists == "no user") {
//if the user id is invalid return a message
header('Content-Type: application/json; charset=utf-8');
echo json_encode("Invalid user ID");
} else {
Analyze($userid, $results);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($results, true);
}
}
function UserExists($userid)
{
//connect to the database
$con = mysqli_connect("eu-cdbr-azure-west-a.cloudapp.net", "b8592f1b44ff9a", "fecb2128", "TeamProject");
$query = "SELECT ID FROM UserP WHERE ID=" . $userid;
$result = mysqli_query($con, $query);
if (mysqli_num_rows($result) > 0) {
$result = "exists";
} else {
$result = "no user";
}
mysqli_close($con);
return $result;
function IsUser($Name)
{
return UserExists($Name);
}
} else {
if (isset($_GET["no"]) && $_GET["no"] == "2") {
//this is the function to load the data from the database and show it to the Front end.
LoadData($_GET["email"], $_GET["id"]);
} else {
if (isset($_GET["no"]) && $_GET["no"] == "3") {
//for saving/updating the interests thing.
SaveUpdateInterests($_GET["id"], $_GET["email"], $_GET["i1"], $_GET["i2"], $_GET["i3"], $_GET["i4"], $_GET["i5"], $_GET["i6"], $_GET["i7"]);
} else {
if (isset($_GET["no"]) && $_GET["no"] == "4") {
//for getting all the users from the database
GetAllUsers($_GET["email"]);
} else {
if (isset($_GET["no"]) && $_GET["no"] == "5") {
//for getting all the users from the database
UserExists($_GET["email"], $_GET["id"]);
} else {
if (isset($_GET["no"]) && $_GET["no"] == "6") {
//for getting all the users from the database
SetCookieID($_GET["email"]);
} else {
if (isset($_GET["no"]) && $_GET["no"] == "7") {
//for getting all the users from the database
GetSearchList($_GET["searchKey"]);
} else {
if (isset($_GET["no"]) && $_GET["no"] == "8") {
//for getting all the users from the database
GetSearchByExpertise($_GET["i1"], $_GET["i2"], $_GET["i5"], $_GET["i6"], $_GET["i7"]);
} else {
if (isset($_GET["no"]) && $_GET["no"] == "9") {
SendConnectionRequestToAdmin($_GET["requestFrom"], $_GET["requestForEmail"], $_GET["requestForId"], $_GET["requestText"]);
private function EditUserStep1()
{
// Show the form to edit a news
$userId = (int)$_GET['userId'];
$arrData = array();
if(UserExists($userId)) {
$this->_GetUserData($userId, $arrData);
$arrPerms = $this->_GetPermissionData($userId);
// Does this user have permission to edit this user?
if($GLOBALS['ISC_CLASS_ADMIN_AUTH']->GetVendorId() && $arrData['uservendorid'] != $GLOBALS['ISC_CLASS_ADMIN_AUTH']->GetVendorId()) {
FlashMessage(GetLang('Unauthorized'), MSG_ERROR, 'index.php?ToDo=viewUsers');
}
$GLOBALS['Username'] = isc_html_escape($arrData['username']);
$GLOBALS['UserEmail'] = isc_html_escape($arrData['useremail']);
$GLOBALS['UserFirstName'] = isc_html_escape($arrData['userfirstname']);
$GLOBALS['UserLastName'] = isc_html_escape($arrData['userlastname']);
$GLOBALS['XMLPath'] = sprintf("%s/xml.php", $GLOBALS['ShopPath']);
$GLOBALS['XMLToken'] = isc_html_escape($arrData['usertoken']);
if(!gzte11(ISC_HUGEPRINT)) {
$GLOBALS['HideVendorOptions'] = 'display: none';
}
else {
if($GLOBALS['ISC_CLASS_ADMIN_AUTH']->GetVendorId()) {
$vendorDetails = $GLOBALS['ISC_CLASS_ADMIN_AUTH']->GetVendor();
$GLOBALS['HideVendorSelect'] = 'display: none';
$GLOBALS['Vendor'] = $vendorDetails['vendorname'];
$GLOBALS['HideAdminoptions'] = 'display: none';
}
else {
$GLOBALS['VendorList'] = $this->GetVendorList($arrData['uservendorid']);
$GLOBALS['HideVendorLabel'] = 'display: none';
}
}
if($arrData['userapi'] == "1") {
$GLOBALS['IsXMLAPI'] = 'checked="checked"';
}
if($arrData['userstatus'] == 0) {
$GLOBALS['Active0'] = 'selected="selected"';
} else {
$GLOBALS['Active1'] = 'selected="selected"';
}
if($arrData['userrole'] && $arrData['userrole'] != 'custom') {
$GLOBALS['HidePermissionSelects'] = 'display: none';
}
// If the user is the super admin we need to disable some fields
if($userId == 1 || $arrData['username'] == "admin") {
$GLOBALS['DisableUser'] = "******";
$GLOBALS['DisableStatus'] = "DISABLED";
$GLOBALS['DisableUserType'] = "DISABLED";
$GLOBALS['DisablePermissions'] = "DISABLED";
$GLOBALS['HideVendorOptions'] = 'display: none';
}
$GLOBALS['PermissionSelects'] = $this->GeneratePermissionRows($arrData, $arrPerms);
$GLOBALS['UserRoleOptions'] = $this->GetUserRoleOptions($arrData['userrole'], $arrData['uservendorid']);
$GLOBALS['UserId'] = (int) $userId;
$GLOBALS['FormAction'] = "editUser2";
$GLOBALS['Title'] = GetLang('EditUser1');
$GLOBALS['PassReq'] = " ";
$this->template->assign('FlashMessages', GetFlashMessageBoxes());
$this->template->assign('PCIPasswordMinLen', GetConfig('PCIPasswordMinLen'));
$this->template->display('user.form.tpl');
}
else {
// The news post doesn't exist
if($GLOBALS['ISC_CLASS_ADMIN_AUTH']->HasPermission(AUTH_Manage_Users)) {
$this->ManageUsers(GetLang('UserDoesntExist'), MSG_ERROR);
} else {
$GLOBALS['ISC_CLASS_ADMIN_ENGINE']->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
}
}
}
