function submitUser($request, $method = 'reg')
{
$time = time();
global $path_site;
if ($method == 'login') {
// LOGIN USER
$un = $request['username'];
$unlower = strtolower($request['username']);
$unupper = strtoupper($request['username']);
$unucfirst = ucfirst($request['username']);
$unucwords = ucwords($request['username']);
$password = $request['password'];
$query = "select id,password,email,zip from user where (username = '******' or username = '******' or username = '******' or username = '******' or username = '******') and status='active'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_row($result);
if (pw_check($password, $row[1])) {
// START SESSION
set_session($row[0], $request['username'], stripslashes($row[2]), $row[3]);
//return
return TRUE;
} else {
return FALSE;
}
} else {
if ($method == 'forgot') {
// LOGIN USER
$email = strtolower($request['user_email']);
$tempPassword = uniqid(rand(0, 9999999));
$query = "update user set password='******' where email='" . $email . "' and status <> 'deleted'";
if ($result = mysql_query($query)) {
// SEND EMAIL, RETURN TRUE CHANGE IN PRODUCTION - THE HTTP HOST BELOW NEEDS TO BE UPDATED
$query = "select username from user where email='" . $email . "' and status <> 'deleted'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_row($result);
// SEND AN EMAIL TO USER
$to = stripslashes($row[0]) . '<' . $email . '>';
$from = EMAIL_FORGOT_FROM;
$subject = EMAIL_FORGOT_SUBJECT;
// CALL CONTENT AND REPLACE TAGS INSIDE
$template = $path_site . EMAIL_FORGOT_TEMPLATE;
$returnOutput = new main_output($template);
// replace tags from template
@$returnOutput->replace_tags(array('subject' => EMAIL_BUSINESS_REGISTER_SUBJECT, 'username' => stripslashes($row[0]), 'site_name' => SITE_NAME, 'site_title' => SITE_TITLE, 'temppassword' => $tempPassword, 'path_site' => SITE_BASEURL_SECURE));
// Call the output
$body = $returnOutput->output;
// CALL SEND EMAIL
// send_email($to,$subject,$body,$from);
send_email($email, $subject, $body);
//return
return TRUE;
} else {
//echo $query;
return FALSE;
}
} else {
if ($method == 'verify') {
// LOGIN USER
mysql_query("update user set status='active' where secToken='" . $request['verify'] . "'") or die(mysql_error());
$result = mysql_query("select id,username,email,zip from user where secToken='" . $request['verify'] . "'") or die(mysql_error());
$row = mysql_fetch_row($result);
set_session($row[0], stripslashes($row[1]), stripslashes($row[2]), $row[3]);
return TRUE;
} else {
if ($method == 'profile') {
$userid = $_SESSION['user']['id'];
$flag_nl = 0;
if (isset($request['newsletter']) and ($request['newsletter'] == 'on' or $request['newsletter'] == 1)) {
$flag_nl = 1;
}
// check if old password was selected.
$query_pw = NULL;
if (isset($request['user_pass2']) and !empty($request['user_pass2'])) {
$query_pw = "password = '******'user_pass2']) . "', ";
}
$query = "\n\t\t\t\tupdate user set\n\t\t\t\t\temail = '" . addslashes(strtolower($request['user_email'])) . "',\n\t\t\t\t\tusername = '******'user_name']) . "',\n\t\t\t\t\tfirstName = '" . addslashes($request['user_fname']) . "',\n\t\t\t\t\tmi = '" . addslashes($request['user_mi']) . "',\n\t\t\t\t\tlastName = '" . addslashes($request['user_lname']) . "',\n\t\t\t\t\taddr1 = '" . addslashes($request['user_addr1']) . "',\n\t\t\t\t\taddr2 = '" . addslashes($request['user_addr2']) . "',\n\t\t\t\t\tcity = '" . addslashes($request['user_city']) . "',\n\t\t\t\t\tstate = '" . addslashes($request['user_state']) . "',\n\t\t\t\t\tzip = '" . addslashes($request['user_zc1']) . addslashes($request['user_zc2']) . "',\n\t\t\t\t\tmainPhone = '" . addslashes($request['user_phone1'] . $request['user_phone2'] . $request['user_phone3']) . "',\n\t\t\t\t\taltPhone = '" . addslashes($request['user_phone4'] . $request['user_phone5'] . $request['user_phone6']) . "',\t\t\t\t\t\n\t\t\t\t\t" . $query_pw . "\n\t\t\t\t\tflag_nl = '" . $flag_nl . "' \n\t\t\t\tWHERE id = '" . $userid . "'\n\t\t\t";
mysql_query($query) or die(mysql_error());
return TRUE;
} else {
if ($method == 'reg') {
global $path_site;
$flag_agree = 0;
// get agree flag
if (isset($request['agree']) and ($request['agree'] == 'on' or $request['agree'] == '1')) {
$flag_agree = 1;
}
// INSERT VALUES
/*$query = "
insert into user set
username = '******'user_name']). "',
email = '" .addslashes(strtolower($request['user_email'])). "',
password = '******'user_pass']). "',
firstName = '" .addslashes($request['user_fname']). "',
mi = '" .addslashes($request['user_mi']). "',
lastName = '" .addslashes($request['user_lname']). "',
addr1 = '" .addslashes($request['user_addr1']). "',
addr2 = '" .addslashes($request['user_addr2']). "',
city = '" .addslashes($request['user_city']). "',
state = '" .addslashes($request['user_state']). "',
zip = '" .addslashes($request['user_zc1']).addslashes($request['user_zc2']). "',
mainPhone = '" .addslashes($request['user_phone1'].$request['user_phone2'].$request['user_phone3']). "',
altPhone = '" .addslashes($request['user_phone4'].$request['user_phone5'].$request['user_phone6']). "',
flag_nl = '" .$flag_nl. "' ,
flag_tosu = '" .$flag_agree. "',
dateReg = '" .$time. "'
";*/
$query = "\n\t\t\t\tinsert into user set\n\t\t\t\t\tusername = '******'user_name']) . "',\n\t\t\t\t\temail = '" . addslashes(strtolower($request['user_email'])) . "',\n\t\t\t\t\tpassword = '******'user_pass']) . "',\n\t\t\t\t\tfirstName = '" . addslashes($request['user_fname']) . "',\n\t\t\t\t\tlastName = '" . addslashes($request['user_lname']) . "',\n\t\t\t\t\tflag_tosu = '" . $flag_agree . "',\n\t\t\t\t\tdateReg = '" . $time . "'\n\t\t\t";
mysql_query($query) or die(mysql_error());
$userid = mysql_insert_id();
// Add a record into pubProfile
$query = "\n\t\t\t\tinsert into public_profile set\n\t\t\t\t\tname = '" . addslashes($request['user_fname']) . "',\n\t\t\t\t\tuserid='" . $userid . "'\n\t\t\t";
mysql_query($query) or die(mysql_error());
// INSERT INTO USERS PERMISSIONS
$query = "\n\t\t\t\tinsert into user_groups set\n\t\t\t\t\tuserid='" . $userid . "'\n\t\t\t";
mysql_query($query) or die(mysql_error());
//INSERT SECURITY TOKEN
$secToken = sha1(time() . rand(0, 9999999) . $userid);
mysql_query("update user set secToken = '" . $secToken . "' where id='" . $userid . "'") or die(mysql_error());
// NEW
// set_session($userid,$request['user_name'],strtolower($request['user_email']));
if (isset($_REQUEST['l']) and $_REQUEST['l'] = 'c') {
$_SESSION['user']['id'] = $userid;
}
//send verification email.
$to = $request['user_name'] . '<' . $request['user_email'] . '>';
$from = EMAIL_REGISTER_FROM;
$subject = EMAIL_REGISTER_SUBJECT;
// email for registration
// CALL CONTENT AND REPLACE TAGS INSIDE
$template = $path_site . EMAIL_REGISTER_TEMPLATE;
$returnOutput = new main_output($template);
// replace tags from template
@$returnOutput->replace_tags(array('subject' => EMAIL_REGISTER_SUBJECT, 'username' => $request['user_name'], 'site_name' => SITE_NAME, 'site_title' => SITE_TITLE, 'verifyURL' => EMAIL_REGISTER_VERIFYLINK . $secToken));
// Call the output
$body = $returnOutput->output;
// CALL SEND EMAIL
send_email($request['user_email'], $subject, $body);
return TRUE;
}
}
}
}
}
}
/**
* @Author Jonathon byrd
* @link http://www.5twentystudios.com
* @Package Five Twenty CMS
* @SubPackage PublicMarketSpace
* @Since 1.0.0
* @copyright Copyright (C) 2011 5Twenty Studios
*
*/
defined('ABSPATH') or die("Cannot access pages directly.");
global $cl;
require_once ABSPATH . 'inc' . DS . 'func_product_root.php';
// START META AND TITLE INFO FOR PAGE
$meta_desc = '<meta name="description" content="' . SITE_DESC . ' - ';
$meta_keywords = '<meta name="keywords" content="' . SITE_KEYWORDS . ' - ';
$title = '<title>';
$cl = new contentLogic();
$main = new main();
// SETUP TEMPLATE
$template = ABSPATH . 'inc/tpl/shell.inc';
$output = new main_output($template);
// CONTINUE META \\
$title .= ' - ' . SITE_TITLE . '</title>';
$meta_keywords .= '" />' . "\n";
$meta_desc .= '" />' . "\n";
$meta = $meta_desc . $meta_keywords . $title;
// STRIP THE TAGS
$output->replace_tags(array('header' => get_show_view('header'), 'footer' => get_show_view('footer'), 'shell_content' => $main->get_output()));
// OUTPUT TO SCREEN
$output->output_values();
