function requestRecommendation($user_id, $author, $email, $message)
{
if (!checkLock("peer")) {
return 6;
}
$config = $GLOBALS['config'];
$user_id = escape($user_id);
$author = escape($author);
$email = escape($email);
if (!validEmail($email)) {
return 1;
}
if (strlen($author) <= 3) {
return 2;
}
//make sure there aren't too many recommendations already
$result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}'");
$row = mysql_fetch_row($result);
if ($row[0] >= $config['max_recommend']) {
return 4;
//too many recommendations
}
//ensure this email hasn't been asked with this user already
$result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}' AND email = '{$email}'");
$row = mysql_fetch_row($result);
if ($row[0] > 0) {
return 5;
//email address already asked
}
lockAction("peer");
//first create an instance
$instance_id = customCreate(customGetCategory('recommend', true), $user_id);
//insert into recommendations table
$auth = escape(uid(64));
mysql_query("INSERT INTO recommendations (user_id, instance_id, author, email, auth, status, filename) VALUES ('{$user_id}', '{$instance_id}', '{$author}', '{$email}', '{$auth}', '0', '')");
$recommend_id = mysql_insert_id();
$userinfo = getUserInformation($user_id);
//array (username, email address, name)
//send email now
$content = page_db("request_recommendation");
$content = str_replace('$USERNAME$', $userinfo[0], $content);
$content = str_replace('$USEREMAIL$', $userinfo[1], $content);
$content = str_replace('$NAME$', $userinfo[2], $content);
$content = str_replace('$AUTHOR$', $author, $content);
$content = str_replace('$EMAIL$', $email, $content);
$content = str_replace('$MESSAGE$', page_convert($message), $content);
$content = str_replace('$AUTH$', $auth, $content);
$content = str_replace('$SUBMIT_ADDRESS$', $config['site_address'] . "/recommend.php?id={$recommend_id}&user_id={$user_id}&auth={$auth}", $content);
$result = one_mail("Recommendation request", $content, $email);
if ($result) {
return 0;
} else {
return 3;
}
}
function sendMessage($sender, $receiver, $subject, $body)
{
$config = $GLOBALS['config'];
$sender = escape($sender);
$receiver = escape($receiver);
$escsubject = escape(htmlentities($subject));
$escbody = escape(htmlentities($body));
$time = time();
//make sure receiver exists; at the same time, grab email address
$receiver_email = "";
$result = mysql_query("SELECT email FROM users WHERE id = '{$receiver}'");
if ($row = mysql_fetch_array($result)) {
$receiver_email = $row[0];
} else {
return 1;
}
//get sender information
$sender_name = "";
$sender_username = "";
$result = mysql_query("SELECT name, username FROM users WHERE id = '{$sender}'");
if ($row = mysql_fetch_array($result)) {
$sender_name = $row[0];
$sender_username = $row[1];
} else {
return 2;
}
//add message to database
mysql_query("INSERT INTO messages (sender_id, receiver_id, subject, body, time) VALUES ('{$sender}', '{$receiver}', '{$escsubject}', '{$escbody}', '{$time}')");
$message_id = mysql_insert_id();
//now send an email to receiver if notifications are enabled
// also check for inbox folder to use
$notify_email = false;
$inbox_folder = 0;
$result = mysql_query("SELECT notify_email, save_inbox FROM message_prefs WHERE user_id = '{$receiver}'");
if ($row = mysql_fetch_array($result)) {
$notify_email = $row[0] == 1;
$inbox_folder = $row[1];
}
if ($notify_email) {
$email_body = page_db("message_notifyemail");
$email_body = str_replace('$NAME$', $sender_name, $email_body);
$email_body = str_replace('$USERNAME$', $sender_username, $email_body);
$email_body = str_replace('$SUBJECT$', $subject, $email_body);
$email_body = str_replace('$BODY$', page_convert($body), $email_body);
$email_body = str_replace('$MESSAGE_URL$', $config['site_address'] . "/application/messaging.php?view=message&message_id={$message_id}&box_id={$inbox_folder}", $email_body);
one_mail("New private message", $receiver_email, $email_body);
}
//add message to inbox
if ($inbox_folder != 0) {
mysql_query("INSERT INTO message_boxes_contents (box_id, message_id) VALUES ('{$inbox_folder}', '{$message_id}')");
} else {
//target user does not have inbox (incoming messages disabled?)
//delete the message first
mysql_query("DELETE FROM messages WHERE id = '{$message_id}'");
return 3;
}
//find outbox settings and add if needed
$result = mysql_query("SELECT save_sent FROM message_prefs WHERE user_id = '{$sender}'");
if ($row = mysql_fetch_array($result)) {
$outbox_folder = $row[0];
if ($outbox_folder != 0) {
mysql_query("INSERT INTO message_boxes_contents (box_id, message_id) VALUES ('{$outbox_folder}', '{$message_id}')");
}
}
}
</div>
</div>
<div class="spacer"></div>
</div>
<div id="footer"><p><?php
echo page_db("footertext");
?>
</p></div>
</div>
</div>
</body>
function register($username, $name, $email, $profile, $captcha)
{
if (!checkLock("register")) {
return 7;
}
//verify that fields have been properly entered
if (strlen($username) == 0 || strlen($email) == 0) {
return 1;
}
//verify name
if (strlen($name) < 4) {
return 9;
}
//check if registration is enabled
$config = $GLOBALS['config'];
if (!$config['app_enabled']) {
return 8;
}
//make sure that there are not too many users
if (isset($config['limits']) && isset($config['limits']['users']) && $config['limits']['users'] > 0) {
$result = mysql_query("SELECT COUNT(*) FROM users");
$row = mysql_fetch_array($result);
if ($row[0] >= $config['limits']['users']) {
return 8;
}
}
$username = escape($username);
$name = escape($name);
$email = escape($email);
$gen_salt = secure_random_bytes(20);
$db_salt = escape(bin2hex($gen_salt));
$gen_password = uid(12);
$password = escape(chash2($gen_password, $gen_salt));
//validate email address (after MySQL escaping...)
if (!validEmail($email)) {
return 3;
}
//verify that email and username are not in use
// we check each one separately to respond with different error codes
$result = mysql_query("SELECT id FROM users WHERE email='" . $email . "'");
if (mysql_num_rows($result) > 0) {
return 3;
}
$result = mysql_query("SELECT id FROM users WHERE username='******'");
if (mysql_num_rows($result) > 0) {
return 5;
}
//verify the captcha
if ($config['captcha_enabled']) {
include_once basePath() . '/securimage/securimage.php';
$securimage = new Securimage();
if ($securimage->check($captcha) == false) {
// the code was incorrect
return 2;
}
}
$registerTime = time();
//delete old accounts
// these are accounts that have not been accessed (accessed=0 in oneapp.users) with register_time < time() - config[activation_time]
$activeTime = $registerTime - $config['activation_time'];
mysql_query("DELETE FROM users WHERE accessed = '0' AND register_time < '{$activeTime}'");
lockAction("register");
$result = mysql_query("INSERT INTO users (username, name, password, salt, email, register_time, accessed) VALUES ('{$username}', '{$name}', '{$password}', '{$db_salt}', '{$email}', '{$registerTime}', '0')");
if ($result !== FALSE) {
$user_id = mysql_insert_id();
foreach ($profile as $var_id => $item) {
$val = escape($item[1]);
mysql_query("INSERT INTO profiles (user_id, var_id, val) VALUES ('{$user_id}', '{$var_id}', '{$val}')");
}
//initiate messaging default preferences
initMessaging($user_id);
//send email
$content = page_db("registration");
$content = str_replace('$USERNAME$', $username, $content);
$content = str_replace('$NAME$', $name, $content);
$content = str_replace('$PASSWORD$', $gen_password, $content);
$content = str_replace('$EMAIL$', $email, $content);
$content = str_replace('$LOGIN_ADDRESS$', $config['site_address'] . "/login.php", $content);
$result = one_mail($config['site_name'] . " Registration", $content, $email);
if ($result) {
return 0;
} else {
return 6;
}
} else {
return 4;
}
}
<?php
echo page_db("a_index");
function resetRequest($username, $email, $reset_password = true)
{
if (!lockAction('reset')) {
return 3;
}
$config = $GLOBALS['config'];
$username = escape($username);
$email = escape($email);
//find user id
if ($reset_password) {
$result = mysql_query("SELECT id FROM users WHERE username='******' AND email='{$email}'");
} else {
$result = mysql_query("SELECT id, username FROM users WHERE email = '{$email}'");
}
if ($row = mysql_fetch_array($result)) {
$user_id = escape($row[0]);
if (!$reset_password) {
$username = $row[1];
}
} else {
return 1;
}
//make sure they haven't tried resetting their password recently
$result = mysql_query("SELECT time FROM reset WHERE user_id = '{$user_id}'");
if ($row = mysql_fetch_array($result)) {
if (time() - $row[0] > $config['reset_time']) {
//previous reset has expired, so it's okay
mysql_query("DELETE FROM reset WHERE user_id = '{$user_id}'");
} else {
return 2;
}
}
//add to database
if ($reset_password) {
$auth = uid(64);
} else {
$auth = '';
}
$time = time();
mysql_query("INSERT INTO reset (user_id, time, auth) VALUES ('{$user_id}', '{$time}', '{$auth}')");
//email the user
if ($reset_password) {
$content = page_db("reset");
$content = str_replace('$USERNAME$', $username, $content);
$content = str_replace('$EMAIL$', $email, $content);
$content = str_replace('$USERID$', $user_id, $content);
$content = str_replace('$AUTH$', $auth, $content);
$content = str_replace('$RESET_ADDRESS$', $config['site_address'] . "/reset.php?username={$username}&email={$email}&user_id={$user_id}&auth={$auth}", $content);
$emailResult = one_mail("Password reset", $content, $email);
} else {
$content = page_db("forgotusername");
$content = str_replace('$USERNAME$', $username, $content);
$content = str_replace('$EMAIL$', $email, $content);
$content = str_replace('$USERID$', $user_id, $content);
$emailResult = one_mail("Your application system username", $content, $email);
}
if ($emailResult) {
return 0;
} else {
return 3;
}
}
<?php
echo page_db("index");
<h2 class="separate">About us</h2> <div class="div_col2-4"> <div class="col2-4" style="margin-right:30px""> <h3><?php echo $config['organization_name']; ?> </h3> <?php echo page_db($dbpage); ?> </div> <div class="col2-4"> <h3>OneApp</h3> <p>OneApp, initially designed in 2011, began as an online-application system with the intent to curb skewed executive selection processes. Whereas a standard application pool would have cronyism play a role in selection, a blind selection process with only qualifying traits displayed would act in benefit of the club. Additionally, an automated online system would be able to standardize the process from year-to-year and additionally save resources from avoiding excess printing. After receiving positive feedback from our school, we redesigned the application for a more general audience, leading to the OneApp.</p> </div> </div>