function update_user($user_id) { global $CONFIG; global $lang_usermgr_php, $lang_register_php, $icon_array; $superCage = Inspekt::makeSuperCage(); $user_name = $superCage->post->getEscaped('user_name'); $user_password = $superCage->post->getEscaped('user_password'); $user_email = $superCage->post->getEscaped('user_email'); $profile1 = $superCage->post->getEscaped('user_profile1'); $profile2 = $superCage->post->getEscaped('user_profile2'); $profile3 = $superCage->post->getEscaped('user_profile3'); $profile4 = $superCage->post->getEscaped('user_profile4'); $profile5 = $superCage->post->getEscaped('user_profile5'); $profile6 = $superCage->post->getEscaped('user_profile6'); $user_active = $superCage->post->getAlpha('user_active'); $user_group = $superCage->post->getInt('user_group'); $group_list = $superCage->post->keyExists('group_list') ? $superCage->post->getInt('group_list') : ''; if ($user_id == 'new_user') { cpg_db_query("INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_profile6) VALUES (NOW(), '')"); $user_id = mysql_insert_id(); log_write('New user "' . $user_name . '" created', CPG_ACCESS_LOG); // Create a personal album if corresponding option is enabled if ($CONFIG['personal_album_on_registration'] == 1) { $catid = $user_id + FIRST_USER_CAT; cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})"); } } $sql = "SELECT user_id FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}' AND user_id != {$user_id}"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { cpg_die(ERROR, $lang_register_php['err_user_exists'], __FILE__, __LINE__); return false; } mysql_free_result($result); if (utf_strlen($user_name) < 2) { cpg_die(ERROR, $lang_register_php['username_warning2'], __FILE__, __LINE__); } if ($user_password && utf_strlen($user_password) < 2) { cpg_die(ERROR, $lang_register_php['password_warning1'], __FILE__, __LINE__); } // Save old user data (we need it later to determine if we need to send the activation confirmation email) $user_data = mysql_fetch_assoc(cpg_db_query("SELECT user_name, user_active, user_email, user_actkey FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '{$user_id}'")); if (is_array($group_list)) { $user_group_list = ''; foreach ($group_list as $group) { $user_group_list .= $group != $user_group ? $group . ',' : ''; } $user_group_list = substr($user_group_list, 0, -1); } else { $user_group_list = ''; } $sql_update = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_name = '{$user_name}', " . "user_email = '{$user_email}', " . "user_active = '{$user_active}', " . "user_group = '{$user_group}', " . "user_profile1 = '{$profile1}', " . "user_profile2 = '{$profile2}', " . "user_profile3 = '{$profile3}', " . "user_profile4 = '{$profile4}', " . "user_profile5 = '{$profile5}', " . "user_profile6 = '{$profile6}', " . "user_group_list = '{$user_group_list}'"; if (!empty($user_password)) { require 'include/passwordhash.inc.php'; $sql_update .= ', ' . cpg_password_create_update_string($user_password); } if ($user_active == 'YES') { $sql_update .= ", user_actkey = ''"; } $sql_update .= " WHERE user_id = '{$user_id}'"; cpg_db_query($sql_update); // Update comments' author name cpg_db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_author = '{$user_name}' WHERE author_id = {$user_id}"); // If send login data checkbox is checked then send the username and password to the user in an email if ($superCage->post->keyExists('send_login_data') && trim($user_email)) { require 'include/mailer.inc.php'; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => trim($user_name), '{USER_PASS}' => trim($user_password)); if (!cpg_mail(trim($user_email), $lang_usermgr_php['send_login_email_subject'], nl2br(strtr($lang_usermgr_php['send_login_data_email'], $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_usermgr_php['failed_sending_email'], __FILE__, __LINE__); } } elseif ($user_data['user_actkey'] && $user_data['user_active'] == 'NO' && $user_active == 'YES') { // send activation confirmation email (only once) require 'include/mailer.inc.php'; $template_vars = array('{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => $user_data['user_name'], '{SITE_NAME}' => $CONFIG['gallery_name']); cpg_mail($user_data['user_email'], sprintf($lang_register_php['notify_user_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['activated_email'], $template_vars))); } }
public function login($username = null, $password = null, $remember = false) { global $CONFIG; // Create the session_id from concat(cookievalue,client_id) $session_id = $this->session_id . $this->client_id; // Check the login method (username, email address or both) switch ($CONFIG['login_method']) { case 'both': $sql_user_email = "(user_name = '{$username}' OR user_email = '{$username}')"; break; case 'email': $sql_user_email = "user_email = '{$username}'"; break; case 'username': default: $sql_user_email = "user_name = '{$username}'"; break; } $sql = "SELECT user_password, user_password_salt, user_password_hash_algorithm, user_password_iterations FROM {$this->usertable} WHERE {$sql_user_email} AND user_active = 'YES' LIMIT 1"; $result = $this->query($sql); if (!$result->numRows()) { return false; } require 'include/passwordhash.inc.php'; $password_params = $result->fetchAssoc(true); // Check for user in users table $sql = "SELECT user_id, user_name, user_password FROM {$this->usertable} WHERE {$sql_user_email} "; if (!$password_params['user_password_salt']) { $sql .= "AND BINARY user_password = '******'"; } elseif (!cpg_password_validate($password, $password_params)) { return false; } $sql .= " AND user_active = 'YES' LIMIT 1"; $result = $this->query($sql); if (!$result->numRows()) { return false; } $USER_DATA = $result->fetchAssoc(true); // Update lastvisit value and salt password if needed $salt_password = !$password_params['user_password_salt'] ? ', ' . cpg_password_create_update_string($password) : ''; $sql = "UPDATE {$this->usertable} SET user_lastvisit = NOW() {$salt_password} WHERE user_id = {$USER_DATA['user_id']}"; $this->query($sql); // If this is a 'remember me' login set the remember field to true if ($remember) { $remember_sql = ",remember = '1' "; // Change cookie life time to 2 weeks if (CPG_COOKIES_ALLOWED) { setcookie($this->client_id, $this->session_id, time() + CPG_WEEK * 2, $CONFIG['cookie_path']); } } else { $remember_sql = ''; // Kill the cookie when closing the browser if (CPG_COOKIES_ALLOWED) { setcookie($this->client_id, $this->session_id, 0, $CONFIG['cookie_path']); } } // Update guest session with user's information $sql = "UPDATE {$this->sessionstable} SET "; $sql .= "user_id = {$USER_DATA['user_id']} "; $sql .= $remember_sql; $sql .= "WHERE session_id = '" . md5($session_id) . "'"; $this->query($sql); return $USER_DATA; }
$sql = "SELECT null FROM {$cpg_udb->sessionstable} WHERE session_id = '" . md5($CLEAN['key'] . $CLEAN['id']) . "'"; $result = cpg_db_query($sql); if (!$result->numRows()) { cpg_die($lang_forgot_passwd_php['forgot_passwd'], $lang_forgot_passwd_php['illegal_session']); } $result->free(); $sql = "SELECT {$cpg_udb->field['username']}, {$cpg_udb->field['email']} FROM {$cpg_udb->usertable} WHERE {$cpg_udb->field['user_id']} = {$CLEAN['id']}"; $result = cpg_db_query($sql); if (!$result->numRows()) { cpg_die($lang_forgot_passwd_php['forgot_passwd'], $lang_forgot_passwd_php['err_unk_user']); } $row = $result->fetchAssoc(true); // Reset Password $new_password = $cpg_udb->make_password(); require 'include/passwordhash.inc.php'; $sql = "UPDATE {$cpg_udb->usertable} SET " . cpg_password_create_update_string($new_password) . " WHERE {$cpg_udb->field['email']} = '{$row['user_email']}'"; cpg_db_query($sql); $template_vars = array('{USER_NAME}' => $row['user_name'], '{PASSWORD}' => $new_password, '{SITE_LINK}' => $CONFIG['ecards_more_pic_target'] . (substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') . 'login.php', '{SITE_NAME}' => $CONFIG['gallery_name']); // send the password if (!cpg_mail($row['user_email'], sprintf($lang_forgot_passwd_php['passwd_reset_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_forgot_passwd_php['reset_email'], $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_forgot_passwd_php['failed_sending_email'], __FILE__, __LINE__); } $sql = "DELETE FROM {$cpg_udb->sessionstable} WHERE session_id = '" . md5($CLEAN['key'] . $CLEAN['id']) . "'"; cpg_db_query($sql); // output the message pageheader($lang_forgot_passwd_php['forgot_passwd'], "<META http-equiv=\"refresh\" content=\"3;url=login.php\">"); $referer = 'login.php'; msg_box($lang_forgot_passwd_php['forgot_passwd'], sprintf($lang_forgot_passwd_php['email_sent'], $row['user_email']), $lang_common['continue'], $referer); $USER_DATA['user_password'] = '******'; pagefooter(); exit;
} $current_pass = get_post_var('current_pass'); $new_pass = get_post_var('new_pass'); $new_pass_again = get_post_var('new_pass_again'); if (utf_strlen($new_pass) < 2) { cpg_die(ERROR, $lang_register_php['password_warning1'], __FILE__, __LINE__); } if ($new_pass != $new_pass_again) { cpg_die(ERROR, $lang_register_php['password_verification_warning1'], __FILE__, __LINE__); } require 'include/passwordhash.inc.php'; $sql = "SELECT user_password, user_password_salt, user_password_hash_algorithm, user_password_iterations FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '" . USER_ID . "' LIMIT 1"; $result = cpg_db_query($sql); $password_params = mysql_fetch_assoc($result); mysql_free_result($result); $sql = "UPDATE {$CONFIG['TABLE_USERS']} SET " . cpg_password_create_update_string($new_pass) . " WHERE user_id = '" . USER_ID . "' "; if (!$password_params['user_password_salt']) { $sql .= "AND BINARY user_password = '******'"; } elseif (!cpg_password_validate($current_pass, $password_params)) { cpg_die(ERROR, $lang_register_php['pass_chg_error'], __FILE__, __LINE__); } $result = cpg_db_query($sql); if (!mysql_affected_rows($CONFIG['LINK_ID'])) { cpg_die(ERROR, $lang_register_php['pass_chg_error'], __FILE__, __LINE__); } $title = sprintf($lang_register_php['x_s_profile'], stripslashes(USER_NAME)); $redirect = $CPG_PHP_SELF . "?op=edit_profile"; cpgRedirectPage($redirect, $title, $lang_register_php['pass_chg_success'], 3, 'success'); exit; } switch ($op) {