public function addUser() { $success = false; $username = Helper::trimString($this->username); $email = Helper::trimString($this->email); $password = Helper::createPassHash($this->pass); $phone = filter_var(Helper::filterPhone($this->phone)); $sex = $this->sex; $city = intval($this->city); $about = filter_var($this->about); $user_id = substr(sha1(date('ymdGisa') . rand(30, 6000)) . range('a', 'z')[array_rand(range('a', 'z'))], 0, 34); $key = Numbers::_randKey(); $sql = 'INSERT INTO users (user_id, alias, email, password, phone, sex, city, about, active, date_joined) VALUES (:user_id, :alias, :email, :password, :phone, :sex, :city, :about, FALSE , NOW())'; $add_key = 'INSERT INTO confirmation (user_id, user_key, expires) VALUES (:user_id, :user_key, DATE_ADD(NOW(), INTERVAL 6 MONTH))'; try { $dbh = Database::connect(); $dbh->beginTransaction(); $stmt = $dbh->prepare($sql); $stmt->bindParam(':user_id', $user_id); $stmt->bindParam(':alias', $username); $stmt->bindParam(':email', $email); $stmt->bindParam(':password', $password); $stmt->bindParam(':phone', $phone); $stmt->bindParam(':about', $about); $stmt->bindParam(':sex', $sex); $stmt->bindParam(':city', $city); $stmt->execute(); $success = $stmt->rowCount() > 0; if ($success === true) { $st = $dbh->prepare($add_key); $st->bindParam(':user_id', $user_id, PDO::PARAM_STR); $st->bindParam(':user_key', $key, PDO::PARAM_STR); $st->execute(); if ($st->rowCount() > 0) { $dbh->commit(); $success = true; } else { $dbh->rollBack(); $success = false; User::addError('global', '<strong>Error: </strong> Please try again later'); } } else { echo "<h1>Key added</h1>"; User::addError('global', '<strong>Error: </strong> Please try again later'); } } catch (PDOException $e) { echo $e->getMessage(); } catch (Exception $ex) { echo $ex->getMessage(); } if ($success === true) { P_Mail::sendConfirmation($user_id, $key, $this->username, $this->email); } return $success; }
if (isset($_SESSION['uid'])) { $debug['COOKIE_OK_l'] = true; } header('Location: panel.php'); } } $auth = null; $error = ''; $user = null; //Post data if (isset($_POST['email']) && isset($_POST['password'])) { $email = isset($_POST['email']) ? trim($_POST['email']) : ''; $pass = isset($_POST['password']) ? trim($_POST['password']) : ''; $auth = new Auth($email, $pass); if ($auth->check() === false) { $error = $auth->getError(); } else { if (!empty($_POST['keep_session'])) { if ($_POST['keep_session'] == 'keep_session') { $user = DBWorker::getRow('SELECT user_id FROM users WHERE email = :email AND active = 1', ':email', $email); Session::alter(Numbers::_randKey(), $user_agent_string, 'save', $user['user_id']); $debug['SaveSession'] = true; } } $debug['login'] = true; header('Location: panel.php'); } } /*var_dump($debug); var_dump($_SESSION); var_dump($_COOKIE);*/
$resend = false; } else { $error = 'Invalid activation key please enter your email to get your key'; } } } if (isset($_POST['email'])) { $email = trim($_POST['email']); if (strlen($email) < 6 || strlen($email) > 32 || preg_match('/[^a-zA-Z0-9_@\\.]/', $email)) { $error = 'Invalid email'; } else { $user = DBWorker::getRow('SELECT * FROM users WHERE email = :email AND active = 0', ':email', Helper::filterEmail($email)); if ($user !== false) { $uid = filter_var($user['user_id'], FILTER_SANITIZE_STRING); $key = DBWorker::getRow('SELECT * FROM confirmation WHERE user_id = :uid', ':uid', $uid); if ($key !== false) { $token = $key['user_key']; $user_id = $key['user_id']; P_MAIL::sendConfirmation($user_id, $key['user_key'], $user['alias'], $user['email']); } else { //the key is unavailable DBWorker::insert('INSERT INTO confirmation (user_id, user_key, expires) VALUES (:uid, ' . filter_var(Numbers::_randKey(), FILTER_SANITIZE_NUMBER_INT) . ', DATE_ADD(NOW(), INTERVAL 6 MONTH ))', ':uid', $user['user_id']); //resend key to user's mail box P_MAIL::sendConfirmation($user['user_id'], Numbers::_randKey(), $user['alias'], $user['email']); } } elseif (DBWorker::getRow('SELECT * FROM users WHERE email = :email AND active = 1', ':email', Helper::filterEmail($_POST['email']))) { $error = 'Account already activated. Please <a href="../user/login.php?' . $append . '">login</a> to access your panel'; $resend = false; } } }