public function userCakeAddUser() { global $db, $emailActivation, $websiteUrl, $db_table_prefix; //Construct a secure hash for the plain text password $secure_pass = generateHash($this->clean_password); //Construct a unique activation token $this->activation_token = generateActivationToken(); //Do we need to send out an activation email? if ($emailActivation) { //User must activate their account first $this->user_active = 0; $mail = new userCakeMail(); //Build the activation message $activation_message = lang("ACTIVATION_MESSAGE", array($websiteUrl, $this->activation_token)); //Define more if you want to build larger structures $hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $this->activation_token, $this->unclean_username)); /* Build the template - Optional, you can just use the sendMail function Instead to pass a message. */ if (!$mail->newTemplateMsg("new-registration.txt", $hooks)) { $this->mail_failure = true; } else { //Send the mail. Specify users email here and subject. //SendMail can have a third parementer for message if you do not wish to build a template. if (!$mail->sendMail($this->clean_email, "Επιβεβαιώστε την εγγραφή σας στο Σύλλογο Αποφοίτων")) { $this->mail_failure = true; } } } else { //Instant account activation $this->user_active = 1; } //Insert the user into the database providing no errors have been found. $sql = "INSERT INTO `" . $db_table_prefix . "Users` (\n\t\t\t\t`Username`,\n\t\t\t\t`Username_Clean`,\n\t\t\t\t`Password`,\n\t\t\t\t`Email`,\n\t\t\t\t`ActivationToken`,\n\t\t\t\t`LastActivationRequest`,\n\t\t\t\t`LostPasswordRequest`, \n\t\t\t\t`Active`,\n\t\t\t\t`Group_ID`,\n\t\t\t\t`SignUpDate`,\n\t\t\t\t`LastSignIn`\n\t\t\t\t)\n\t\t \t\tVALUES (\n\t\t\t\t'" . $db->sql_escape($this->unclean_username) . "',\n\t\t\t\t'" . $db->sql_escape($this->clean_username) . "',\n\t\t\t\t'" . $secure_pass . "',\n\t\t\t\t'" . $db->sql_escape($this->clean_email) . "',\n\t\t\t\t'" . $this->activation_token . "',\n\t\t\t\t'" . time() . "',\n\t\t\t\t'0',\n\t\t\t\t'" . $this->user_active . "',\n\t\t\t\t'1',\n\t\t\t\t'" . time() . "',\n\t\t\t\t'0'\n\t\t\t\t)"; return $db->sql_query($sql); }
public function userCakeAddUser() { global $mysqli, $emailActivation, $websiteUrl, $db_table_prefix; //Prevent this function being called if there were construction errors if ($this->status) { //Construct a secure hash for the plain text password $secure_pass = generateHash($this->clean_password); //Construct a unique activation token $this->activation_token = generateActivationToken(); //Do we need to send out an activation email? if ($emailActivation == "true") { //User must activate their account first $this->user_active = 0; $mail = new userCakeMail(); //Build the activation message $activation_message = lang("ACCOUNT_ACTIVATION_MESSAGE", array($websiteUrl, $this->activation_token)); //Define more if you want to build larger structures $hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $this->activation_token, $this->displayname)); /* Build the template - Optional, you can just use the sendMail function Instead to pass a message. */ if (!$mail->newTemplateMsg("new-registration.txt", $hooks)) { $this->mail_failure = true; } else { //Send the mail. Specify users email here and subject. //SendMail can have a third parementer for message if you do not wish to build a template. if (!$mail->sendMail($this->clean_email, "New User")) { $this->mail_failure = true; } } $this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE2"); } else { //Instant account activation $this->user_active = 1; $this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE1"); } if (!$this->mail_failure) { //Insert the user into the database providing no errors have been found. $user = new UcUsers(); $user->setUserName($this->username); $user->setDisplayName($this->displayname); $user->setPassword($secure_pass); $user->setEmail($this->clean_email); $user->setActivationToken($this->activation_token); $user->setLastActivationRequest(time()); $user->setLostPasswordRequest(0); $user->setActive($this->user_active); $user->setTitle('New Member'); $user->setSignUpStamp(time()); $user->setLastSignInStamp(0); $user->save(); $inserted_id = $user->getId(); //Insert default permission into matches table $permission = new UcUserPermissionMatches(); $permission->setUserId($inserted_id); $permission->setPermissionId(1); $permission->save(); } } }
public function userCakeAddUser() { global $mysqli, $emailActivation, $websiteUrl, $db_table_prefix; //Prevent this function being called if there were construction errors if ($this->status) { //- THE OLD SYSTEM IS BEING REMOVED - Construct a secure hash for the plain text password //$secure_pass = generateHash($this->clean_password); $secure_pass = password_hash($this->clean_password, PASSWORD_BCRYPT, array('cost' => 12)); //Construct a unique activation token $this->activation_token = generateActivationToken(); //Do we need to send out an activation email? if ($emailActivation == "true") { //User must activate their account first $this->user_active = 0; $mail = new userCakeMail(); //Build the activation message $activation_message = lang("ACCOUNT_ACTIVATION_MESSAGE", array($websiteUrl, $this->activation_token)); //Define more if you want to build larger structures $hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $this->activation_token, $this->displayname)); /* Build the template - Optional, you can just use the sendMail function Instead to pass a message. */ if (!$mail->newTemplateMsg("new-registration.txt", $hooks)) { $this->mail_failure = true; } else { //Send the mail. Specify users email here and subject. //SendMail can have a third parementer for message if you do not wish to build a template. if (!$mail->sendMail($this->clean_email, "New User")) { $this->mail_failure = true; } } $this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE2"); } else { //Instant account activation $this->user_active = 1; $this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE1"); } if (!$this->mail_failure) { //Insert the user into the database providing no errors have been found. $stmt = $mysqli->prepare("INSERT INTO " . $db_table_prefix . "users (\r\n\t\t\t\t\tuser_name,\r\n\t\t\t\t\tdisplay_name,\r\n\t\t\t\t\tpassword,\r\n\t\t\t\t\temail,\r\n\t\t\t\t\tactivation_token,\r\n\t\t\t\t\tlast_activation_request,\r\n\t\t\t\t\tlost_password_request,\r\n\t\t\t\t\tactive,\r\n\t\t\t\t\ttitle,\r\n\t\t\t\t\tsign_up_stamp,\r\n\t\t\t\t\tlast_sign_in_stamp\r\n\t\t\t\t\t)\r\n\t\t\t\t\tVALUES (\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t'" . time() . "',\r\n\t\t\t\t\t'0',\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t'New Member',\r\n\t\t\t\t\t'" . time() . "',\r\n\t\t\t\t\t'0'\r\n\t\t\t\t\t)"); $stmt->bind_param("sssssi", $this->username, $this->displayname, $secure_pass, $this->clean_email, $this->activation_token, $this->user_active); $stmt->execute(); $inserted_id = $mysqli->insert_id; $stmt->close(); //Insert default permission into matches table $stmt = $mysqli->prepare("INSERT INTO " . $db_table_prefix . "user_permission_matches (\r\n\t\t\t\t\tuser_id,\r\n\t\t\t\t\tpermission_id\r\n\t\t\t\t\t)\r\n\t\t\t\t\tVALUES (\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t'1'\r\n\t\t\t\t\t)"); $stmt->bind_param("s", $inserted_id); $stmt->execute(); $stmt->close(); } } }
public function userCakeAddUser() { global $db, $emailActivation, $websiteUrl, $db_table_prefix; //Prevent this function being called if there were construction errors if ($this->status) { //Construct a secure hash for the plain text password $secure_pass = generateHash($this->clean_password); //Do we need to send out an activation email? if ($emailActivation) { //Construct a unique activation token $this->activation_token = generateActivationToken(); //User must activate their account first $this->user_active = 0; $mail = new userCakeMail(); //Build the activation message $activation_message = "<p>You will need first activate your account before you can login, follow the below link to activate your account.</p>"; $activation_message .= "<p><a href='" . $websiteUrl . "activate-account.php?token=" . $this->activation_token . "'>Activate my account!</a></p>"; //Define more if you want to build larger structures $hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $this->activation_token, $this->unclean_username)); /* Build the template - Optional, you can just use the sendMail function Instead to pass a message. */ if (!$mail->newTemplateMsg("new-registration.txt", $hooks)) { $this->mail_failure = true; } else { //Send the mail. Specify users email here and subject. //SendMail can have a third parementer for message if you do not wish to build a template. if (!$mail->sendMail($this->clean_email, "New User")) { $this->mail_failure = true; } } } else { //Instant account activation $this->user_active = 1; } if (!$this->mail_failure) { //Insert the user into the database providing no errors have been found. $sql = "INSERT INTO `" . $db_table_prefix . "Users` (`Username`, `Username_Clean`, `Password`, `Email`, `ActivationToken`, `LastActivationRequest`, `LostPasswordRequest`, `Active`, `Group_ID`, `SignUpDate`, `LastSignIn`)\r\n\t\t\t\t\t VALUES ('" . $db->sql_escape($this->unclean_username) . "', '" . $db->sql_escape($this->clean_username) . "', '" . $secure_pass . "', '" . $db->sql_escape($this->clean_email) . "','" . $this->activation_token . "','" . time() . "', 0, '" . $this->user_active . "', '1', '" . time() . "', '0')"; $db->sql_query($sql); if ($db->sql_affectedrows() <= 0) { $this->sql_failure = true; } else { $this->sql_failure = false; } } } }
if ($resend_activation_threshold != 0 && $hours_diff <= $resend_activation_threshold) { $errors[] = lang("ACCOUNT_LINK_ALREADY_SENT", array($resend_activation_threshold)); } else { //For security create a new activation url; $new_activation_token = generateActivationToken(); if (!updateLastActivationRequest($new_activation_token, $username, $email)) { $errors[] = lang("SQL_ERROR"); } else { $mail = new userCakeMail(); $activation_url = SITE_ROOT . "api/activate_user.php?token=" . $new_activation_token; //Setup our custom hooks $hooks = array("searchStrs" => array("#ACTIVATION-URL", "#USERNAME#"), "subjectStrs" => array($activation_url, $userdetails["display_name"])); if (!$mail->newTemplateMsg("resend-activation.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Activate your " . $websiteName . " Account")) { $errors[] = lang("MAIL_ERROR"); } else { //Success, user details have been updated in the db now mail this information out. $successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT"); } } } } } } } } else { $errors[] = lang("NO_DATA"); } restore_error_handler();
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; $baseURL = getcwd(); require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Forms posted if (!empty($_POST) && $emailActivation) { $email = $_POST["email"]; $username = $_POST["username"]; //Perform some validation //Feel free to edit / change as required if (trim($email) == "") { $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); } else { if (!isValidEmail($email) || !emailExists($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } } if (trim($username) == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } else { if (!usernameExists($username)) { $errors[] = lang("ACCOUNT_INVALID_USERNAME"); } } if (count($errors) == 0) { //Check that the username / email are associated to the same account if (!emailUsernameLinked($email, $username)) { $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID"); } else { $userdetails = fetchUserDetails($username); //See if the user's account is activation if ($userdetails["active"] == 1) { $errors[] = lang("ACCOUNT_ALREADY_ACTIVE"); } else { if ($resend_activation_threshold == 0) { $hours_diff = 0; } else { $last_request = $userdetails["last_activation_request"]; $hours_diff = round((time() - $last_request) / (3600 * $resend_activation_threshold), 0); } if ($resend_activation_threshold != 0 && $hours_diff <= $resend_activation_threshold) { $errors[] = lang("ACCOUNT_LINK_ALREADY_SENT", array($resend_activation_threshold)); } else { //For security create a new activation url; $new_activation_token = generateActivationToken(); if (!updateLastActivationRequest($new_activation_token, $username, $email)) { $errors[] = lang("SQL_ERROR"); } else { $mail = new userCakeMail(); $activation_url = $websiteUrl . "activate-account.php?token=" . $new_activation_token; //Setup our custom hooks $hooks = array("searchStrs" => array("#ACTIVATION-URL", "#USERNAME#"), "subjectStrs" => array($activation_url, $userdetails["display_name"])); if (!$mail->newTemplateMsg("resend-activation.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Activate your " . $websiteName . " Account")) { $errors[] = lang("MAIL_ERROR"); } else { //Success, user details have been updated in the db now mail this information out. $successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT"); } } } } } } } } //Prevent the user visiting the logged in page if he/she is already logged in if (isUserLoggedIn()) { header("Location: " . str_replace('index.php/', '', site_url('account'))); die; } $this->load->view('resend_activation'); }
if ($resend_activation_threshold != 0 && $hours_diff <= $resend_activation_threshold) { $errors[] = lang("ACCOUNT_LINK_ALREADY_SENT", array($resend_activation_threshold)); } else { //For security create a new activation url; $new_activation_token = generateActivationToken(); if (!updateLastActivationRequest($new_activation_token, $username, $email)) { $errors[] = lang("SQL_ERROR"); } else { $mail = new userCakeMail(); $activation_url = $websiteUrl . "activate-account.php?token=" . $new_activation_token; //Setup our custom hooks $hooks = array("searchStrs" => array("#ACTIVATION-URL", "#USERNAME#"), "subjectStrs" => array($activation_url, $userdetails["Username"])); if (!$mail->newTemplateMsg("resend-activation.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["Email"], "Activate your UserCake Account")) { $errors[] = lang("MAIL_ERROR"); } else { //Success, user details have been updated in the db now mail this information out. $success_message = lang("ACCOUNT_NEW_ACTIVATION_SENT"); } } } } } } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
if ($resend_activation_threshold != 0 && $hours_diff <= $resend_activation_threshold) { $errors[] = lang("ACCOUNT_LINK_ALREADY_SENT", array($resend_activation_threshold)); } else { //For security create a new activation url; $new_activation_token = generateActivationToken(); if (!updateLastActivationRequest($new_activation_token, $username, $email)) { $errors[] = lang("SQL_ERROR"); } else { $mail = new userCakeMail(); $activation_url = $websiteUrl . "partials/user/activate-account.php?token=" . $new_activation_token; //Setup our custom hooks $hooks = array("searchStrs" => array("#ACTIVATION-URL", "#USERNAME#"), "subjectStrs" => array($activation_url, $userdetails["display_name"])); if (!$mail->newTemplateMsg("resend-activation.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Aktiver din " . $websiteName . " bruker")) { $errors[] = lang("MAIL_ERROR"); } else { //Success, user details have been updated in the db now mail this information out. $successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT"); } } } } } } } } //Prevent the user visiting the logged in page if he/she is already logged in if (isUserLoggedIn()) { header("Location: ../../");
$errors[] = lang("FORGOTPASS_REQUEST_EXISTS"); } else { $token = $userdetails["activation_token"]; $rand_pass = getUniqueCode(15); //Get unique code $secure_pass = generateHash($rand_pass); //Generate random hash $userdetails = fetchUserDetails(NULL, $token); //Fetchs user details $mail = new userCakeMail(); //Setup our custom hooks $hooks = array("searchStrs" => array("#GENERATED-PASS#", "#USERNAME#"), "subjectStrs" => array($rand_pass, $userdetails["display_name"])); if (!$mail->newTemplateMsg("your-lost-password.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Your new password")) { $errors[] = lang("MAIL_ERROR"); } else { if (!updatePasswordFromToken($secure_pass, $token)) { $errors[] = lang("SQL_ERROR"); } else { if (!flagLostPasswordRequest($userdetails["user_name"], 0)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_NEW_PASS_EMAIL"); } } } } } }
$userdetails = fetchUserDetails($username); if ($userdetails["LostPasswordRequest"] == 1) { $errors[] = lang("FORGOTPASS_REQUEST_EXISTS"); } else { //Email the user asking to confirm this change password request //We can use the template builder here //We use the activation token again for the url key it gets regenerated everytime it's used. $mail = new userCakeMail(); $confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot-password.php?confirm=" . $userdetails["ActivationToken"]; $deny_url = "DENY" . "\n" . $websiteUrl . "forgot-password.php?deny=" . $userdetails["ActivationToken"]; //Setup our custom hooks $hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["Username"])); if (!$mail->newTemplateMsg("lost-password-request.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["Email"], "Ζητήσατε υπενθύμιση του κωδικού σας")) { $errors[] = lang("MAIL_ERROR"); } else { //Update the DB to show this account has an outstanding request flagLostPasswordRequest($username, 1); $success_message = lang("FORGOTPASS_REQUEST_SUCCESS"); } } } } } } //---------------------------------------------------------------------------------------------- ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">
} else { $fileCount = count($_FILES["myfile"]["name"]); for ($i = 0; $i < $fileCount; $i++) { $fileName = $prefix . "_" . $_FILES["myfile"]["name"][$i]; move_uploaded_file($_FILES["myfile"]["tmp_name"][$i], $output_dir . $fileName); $ret[] = $fileName; } } $mail = new userCakeMail(); if ($type == "timesheet") { $link = "http://project/admin/timesheets/" . $fileName; $message = "Candidate Name: " . $candidatename . "<br>"; $message .= "Client Name: " . $companyname . "<br>"; $message .= "PO ID: " . $poid . "<br>"; $message .= "Timesheet: <a target='_blank' href='" . $link . "'>" . $link . "</a><br>"; $mail->sendMail("*****@*****.**", "Timesheet Uploaded " . $candidatename, $message); } if ($_POST['type'] == "projectfile") { $link = "http://project/admin/projectfiles/" . $fileName; $message .= "Client Name: " . $companyname . "<br>"; $message = "Candidate Name: " . $candidatename . "<br>"; $message .= "File: <a target='_blank' href='" . $link . "'>" . $link . "</a><br>"; $mail->sendMail("*****@*****.**", "Project File Uploaded " . $companyname, $message); } if ($_POST['type'] == "originalresume") { $link = "http://uploads/" . $fileName; $message .= "Resume is uploaded through candidate portal.<br>"; $message .= "File: <a target='_blank' href='" . $link . "'>" . $link . "</a><br>"; $mail->sendMail("*****@*****.**", "Candidate Resume Uploaded ", $message); $mail->sendMail("*****@*****.**", "Candidate Resume Uploaded ", $message); $ok = $DB->Execute("update candidate c set c.originalresume = '{$link}' where c.candidateid = {$candidateid}");
if (empty($type)) { $errors[] = "Feedback type error"; } if (empty($user)) { $errors[] = "User not identified"; } if (empty($errors)) { //form filled out correctly //send email to trello board $mail = new userCakeMail(); //Setup our custom hooks $hooks = array("searchStrs" => array("#USER#", "#DESCRIPTION#"), "subjectStrs" => array($user, $description)); if (!$mail->newTemplateMsg("bug-report.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail("*****@*****.**", $summary . " #red")) { $errors[] = lang("MAIL_ERROR"); } else { $successes[] = "Thank you for your feedback!"; } } //end else } //end if no errors } //end submitted ?> <!DOCTYPE html> <html lang="en">
$userdetails = fetchUserDetails($username); if ($userdetails["lost_password_request"] == 1) { $errors[] = lang("FORGOTPASS_REQUEST_EXISTS"); } else { //Email the user asking to confirm this change password request //We can use the template builder here //We use the activation token again for the url key it gets regenerated everytime it's used. $mail = new userCakeMail(); $confirm_url = $websiteUrl . "partials/user/forgot-password.php?confirm=" . $userdetails["activation_token"]; $deny_url = lang("DENY") . "\n" . $websiteUrl . "partials/user/forgot-password.php?deny=" . $userdetails["activation_token"]; //Setup our custom hooks $hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["display_name"])); if (!$mail->newTemplateMsg("lost-password-request.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Glemt passord")) { $errors[] = lang("MAIL_ERROR"); } else { //Update the DB to show this account has an outstanding request if (!flagLostPasswordRequest($userdetails["user_name"], 1)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_REQUEST_SUCCESS"); } } } } } } } include "header.php";
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; $baseURL = getcwd(); require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //User has confirmed they want their password changed if (!empty($_GET["confirm"])) { $token = trim($_GET["confirm"]); if ($token == "" || !validateActivationToken($token, TRUE)) { $errors[] = lang("FORGOTPASS_INVALID_TOKEN"); } else { $rand_pass = getUniqueCode(15); //Get unique code $secure_pass = generateHash($rand_pass); //Generate random hash $userdetails = fetchUserDetails(NULL, $token); //Fetchs user details $mail = new userCakeMail(); //Setup our custom hooks $hooks = array("searchStrs" => array("#GENERATED-PASS#", "#USERNAME#"), "subjectStrs" => array($rand_pass, $userdetails["display_name"])); if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/your-lost-password.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Your new password")) { $errors[] = lang("MAIL_ERROR"); } else { if (!updatePasswordFromToken($secure_pass, $token)) { $errors[] = lang("SQL_ERROR"); } else { if (!flagLostPasswordRequest($userdetails["user_name"], 0)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_NEW_PASS_EMAIL"); } } } } } } //User has denied this request if (!empty($_GET["deny"])) { $token = trim($_GET["deny"]); if ($token == "" || !validateActivationToken($token, TRUE)) { $errors[] = lang("FORGOTPASS_INVALID_TOKEN"); } else { $userdetails = fetchUserDetails(NULL, $token); if (!flagLostPasswordRequest($userdetails["user_name"], 0)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_REQUEST_CANNED"); } } } //Forms posted if (!empty($_POST)) { $email = $_POST["email"]; $username = sanitize($_POST["username"]); //Perform some validation //Feel free to edit / change as required if (trim($email) == "") { $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); } else { if (!isValidEmail($email) || !emailExists($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } } if (trim($username) == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } else { if (!usernameExists($username)) { $errors[] = lang("ACCOUNT_INVALID_USERNAME"); } } if (count($errors) == 0) { //Check that the username / email are associated to the same account if (!emailUsernameLinked($email, $username)) { $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID"); } else { //Check if the user has any outstanding lost password requests $userdetails = fetchUserDetails($username); if ($userdetails["lost_password_request"] == 1) { $errors[] = lang("FORGOTPASS_REQUEST_EXISTS"); } else { //Email the user asking to confirm this change password request //We can use the template builder here //We use the activation token again for the url key it gets regenerated everytime it's used. $mail = new userCakeMail(); $confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot-password.php?confirm=" . $userdetails["activation_token"]; $deny_url = lang("DENY") . "\n" . $websiteUrl . "forgot-password.php?deny=" . $userdetails["activation_token"]; //Setup our custom hooks $hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["user_name"])); if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/lost-password-request.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Lost password request")) { $errors[] = lang("MAIL_ERROR"); } else { //Update the DB to show this account has an outstanding request if (!flagLostPasswordRequest($userdetails["user_name"], 1)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_REQUEST_SUCCESS"); } } } } } } } $this->load->view('forgot_password'); }
/** * Create a user with the specified fields. * @param string $user_name the validated $_POST['user_name'] variable * @param string $display_name the validated $_POST['display_name'] variable * @param string $email the validated $_POST['email'] variable * @param string $title the validated $_POST['title'] variable * @param string $password the validated $_POST['password'] variable * @param string $passwordc the validated $_POST['passwordc'] variable * @param boolean $require_activation value of global $emailActivation when $admin is false * @param boolean $admin True if admin is creating user, False if not admin creating user. * @return int $inserted_id */ function createUser($user_name, $display_name, $email, $title, $password, $passwordc, $require_activation, $admin) { // if we're in admin mode, then the user must be logged in and have appropriate permissions if ($admin == "true") { // This block automatically checks this action against the permissions database before running. if (!checkActionPermissionSelf(__FUNCTION__, func_get_args())) { addAlert("danger", "Sorry, you do not have permission to access this resource."); return false; } } $error_count = 0; // Check values if (minMaxRange(1, 25, $user_name)) { addAlert("danger", lang("ACCOUNT_USER_CHAR_LIMIT", array(1, 25))); $error_count++; } if (!ctype_alnum($user_name)) { addAlert("danger", lang("ACCOUNT_USER_INVALID_CHARACTERS")); $error_count++; } if (minMaxRange(1, 50, $display_name)) { addAlert("danger", lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(1, 50))); $error_count++; } if (!isValidName($display_name)) { addAlert("danger", lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS")); $error_count++; } if (!isValidEmail($email)) { addAlert("danger", lang("ACCOUNT_INVALID_EMAIL")); $error_count++; } if (minMaxRange(1, 150, $title)) { addAlert("danger", lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 150))); $error_count++; } if (minMaxRange(8, 50, $password) && minMaxRange(8, 50, $passwordc)) { addAlert("danger", lang("ACCOUNT_PASS_CHAR_LIMIT", array(8, 50))); $error_count++; } else { if ($password != $passwordc) { addAlert("danger", lang("ACCOUNT_PASS_MISMATCH")); $error_count++; } } if (usernameExists($user_name)) { addAlert("danger", lang("ACCOUNT_USERNAME_IN_USE", array($user_name))); $error_count++; } if (displayNameExists($display_name)) { addAlert("danger", lang("ACCOUNT_DISPLAYNAME_IN_USE", array($display_name))); $error_count++; } if (emailExists($email)) { addAlert("danger", lang("ACCOUNT_EMAIL_IN_USE", array($email))); $error_count++; } //Construct a secure hash for the plain text password $password_hash = passwordHashUF($password); if ($password_hash === null) { addAlert("danger", lang("PASSWORD_HASH_FAILED")); $error_count++; } // Exit on any invalid parameters if ($error_count != 0) { return false; } //Construct a unique activation token (even if activation is not required) $activation_token = generateActivationToken(); $active = 1; //Do we need to require that the user activate their account first? if ($require_activation) { //User must activate their account first $active = 0; $mailSender = new userCakeMail(); //Build the activation message $activation_message = lang("ACCOUNT_ACTIVATION_MESSAGE", array(SITE_ROOT . "api/", $activation_token)); //Define more if you want to build larger structures $hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $activation_token, $display_name)); /* Build the template - Optional, you can just use the sendMail function Instead to pass a message. */ // If there is a mail failure, fatal error if (!$mailSender->newTemplateMsg("new-registration.txt", $hooks)) { addAlert("danger", lang("MAIL_ERROR")); return false; } else { //Send the mail. Specify users email here and subject. //SendMail can have a third paremeter for message if you do not wish to build a template. if (!$mailSender->sendMail($email, "Please activate your account")) { addAlert("danger", lang("MAIL_ERROR")); return false; } } } // Insert the user into the database and return the new user's id return addUser($user_name, $display_name, $title, $password_hash, $email, $active, $activation_token); }
$userdetails = fetchUserDetails($username); if ($userdetails["lost_password_request"] == 1) { $errors[] = lang("FORGOTPASS_REQUEST_EXISTS"); } else { //Email the user asking to confirm this change password request //We can use the template builder here //We use the activation token again for the url key it gets regenerated everytime it's used. $mail = new userCakeMail(); $confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot-password.php?confirm=" . $userdetails["activation_token"]; $deny_url = lang("DENY") . "\n" . $websiteUrl . "forgot-password.php?deny=" . $userdetails["activation_token"]; //Setup our custom hooks $hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["user_name"])); if (!$mail->newTemplateMsg("lost-password-request.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Lost password request")) { $errors[] = lang("MAIL_ERROR"); } else { //Update the DB to show this account has an outstanding request if (!flagLostPasswordRequest($userdetails["user_name"], 1)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_REQUEST_SUCCESS"); } } } } } } } require_once "models/admin_head.php";
if ($resend_activation_threshold != 0 && $hours_diff <= $resend_activation_threshold) { $errors[] = lang("ACCOUNT_LINK_ALREADY_SENT", array($resend_activation_threshold)); } else { //For security create a new activation url; $new_activation_token = generateActivationToken(); if (!updateLastActivationRequest($new_activation_token, $username, $email)) { $errors[] = lang("SQL_ERROR"); } else { $mail = new userCakeMail(); $activation_url = $websiteUrl . "activate-account.php?token=" . $new_activation_token; //Setup our custom hooks $hooks = array("searchStrs" => array("#ACTIVATION-URL", "#USERNAME#"), "subjectStrs" => array($activation_url, $userdetails["Username"])); if (!$mail->newTemplateMsg("resend-activation.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["Email"], "Ενεργοποιήστε το λογαριασμό σας")) { $errors[] = lang("MAIL_ERROR"); } else { //Success, user details have been updated in the db now mail this information out. $success_message = lang("ACCOUNT_NEW_ACTIVATION_SENT"); } } } } } } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml">