/** * changes user settings (usernane, email, password) * * @param array @data user settings values * @param ing @user_id (default is the id stored in session) * * @return boolean */ public function changeSettings($data, $user_id = USER_ID) { $database = new Database(); if (!is_array($data)) { return false; } //print_r($data); exit; $id = $user_id; // check token validation if (!Token::validateToken($data['auth_token'])) { $this->error = true; $this->errors[] = "Token is not valid."; return false; } // check if old password is passed if (!isset($data['old_password'])) { $this->errors['old_password'] = "******"; $this->error = true; return false; } else { $pw = $data['old_password']; } // verify password if (!Auth::password_check($id, $pw)) { $this->errors['old_password'] = "******"; $this->error = true; return false; } // array of data to be updated $newData = []; // no need for this anymore unset($data['old_password']); $username = isset($data['username']) ? $data['username'] : false; $email = isset($data['email']) ? $data['email'] : false; $pw1 = isset($data['password']) ? $data['password'] : false; $pw2 = isset($data['repassword']) ? $data['repassword'] : false; // at least one field should be changed if (!$username && !$email && !$pw1) { $this->errors[] = "No data to be changed."; $this->error = true; return false; } // get user details by his id $user = Auth::getUserDetails($id); // if the given username is different than the one in the database // check if it exists in another row if ($username && $username !== $user->username) { if (!Auth::form_check("username", $username)) { $this->errors['username'] = "******"; $this->error = true; } // check unsername length if (strlen($username) > 15) { $this->error = true; $this->errors['username'] = "******"; } elseif (strlen($username) < 4) { $this->error = true; $this->errors['username'] = "******"; } // check username allowed characters if (preg_match('/[^a-z_\\-0-9]/i', $username)) { $this->error = true; $this->errors['username'] = "******"; } $newData['username'] = $username; } // the same for email if ($email && $email !== $user->email) { if (!Auth::form_check("email", $email)) { $this->errors['email'] = "email already exists."; $this->error = true; } // validate email if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $this->error = true; $this->errors['email'] = "email is not valid"; } $newData['email'] = $email; } // username and email are passed, check for password change if ($pw1 && $pw2) { // if password 1 doesn't match password 2 if ($pw1 !== $pw2) { $this->errors[] = "Passwords don't match."; $this->error = true; return false; } // check password length if (strlen($pw1) < 4) { $this->error = true; $this->errors['password'] = "******"; return false; } $pw = password_hash($pw1, PASSWORD_BCRYPT); $newData['password'] = $pw; } if ($this->error) { return false; } // no errors, we have the new data, update the table // get fields and values from the data array $fields = array_keys($newData); $values = array_values($newData); $update = $database->update_data(TABLE_INFO, $fields, $values, 'id', $id); if ($update !== true) { // if something went wrong while updating return $database->errors; } return true; }
header("location:index.html"); } require_once 'Auth.php'; $authObject = new Auth(); $email = $authObject->sanitizeString($_POST['usermail']); $password = sha1(md5($authObject->sanitizeString($_POST['password'])) . $authObject->salt); // echo $email." ".$password; // sleep(1000); $result = $authObject->checkPassword($email, $password); $rows = mysql_fetch_assoc($result); if ($rows['result'] == 1) { $seconds = 3600 + time(); $value = "profile"; setcookie(loggedin, $value, $seconds, "/"); $id = $rows['id']; $user_result = $authObject->getUserDetails($id); $userDetails = mysql_fetch_assoc($user_result); $user_type = $rows['user_type']; $user_family = $authObject->getFamily($id); $family = array(); //$userFamily = (mysql_fetch_assoc($user_family); while ($child = mysql_fetch_assoc($user_family)) { array_push($family, $child); } $_SESSION["user_id"] = $id; $_SESSION["first_name"] = $userDetails['first_name']; $_SESSION["last_name"] = $userDetails['last_name']; $_SESSION["city"] = $userDetails['city']; $_SESSION["state"] = $userDetails['state']; $_SESSION["country"] = $userDetails['country']; $_SESSION["children"] = json_encode($family);