public function processChangepassword($password) { if (!isset($GLOBALS['loggedin']) || !$GLOBALS['loggedin']) { // only logged in users NavigationUtility::redirect(); } if (!is_null($password)) { $password = hash('sha512', $password); $changepasswordResult = $this->changePassword($password, $this->mysqli); if ($changepasswordResult) { $this->logger->log("User changed password sucessfully ", Logger::INFO); MessageQueue::pushPersistent($_SESSION['user_id'], 'mes_passwordchange_success'); NavigationUtility::redirect(); } else { $this->logger->log("Something went wrong when user tried to change password ", Logger::WARNING); MessageQueue::pushPersistent($_SESSION['user_id'], 'err_db_query_failed'); NavigationUtility::redirectToErrorPage(); } } }
<script language="JavaScript"><!-- javascript:window.history.forward(1); //--></script> <div class="jumbotron"> <?php use quizzenger\utilities\NavigationUtility; if (is_null($this->_['quizinfo']['quizid'])) { NavigationUtility::redirect(); } ?> <h1>Willkommen bei Quizzenger</h1> <p> Du wurdest eingeladen am Quiz "<?php echo htmlspecialchars($this->_['quizinfo']['quizname']); ?> " teilzunehmen. </p> <p> <a href="<?php echo $this->_['quizinfo']['firstUrl']; ?> " class="btn btn-primary btn-lg" role="button"> Quiz starten! </a> </p> </div>
public function processRegistration($username, $email, $password) { $error_msg = ""; if (is_null($username) || is_null($email) || is_null($password)) { $this->logger->log("Error trying to register : Missing fields", Logger::ERROR); MessageQueue::pushPersistent($_SESSION['user_id'], 'err_missing_input'); NavigationUtility::redirect('./index.php?view=error'); } else { // sanitize and validate the data passed in if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $error_msg = "err_register_invalid_mail"; } $password = hash('sha512', $password); // Username validity isn't checked, only sanitized $prep_stmt = "SELECT id FROM user WHERE email = ? LIMIT 1"; $stmt = $this->mysqli->prepare($prep_stmt); // check if mail is already registered if ($stmt) { $stmt->bind_param('s', $email); $stmt->execute(); $stmt->store_result(); if ($stmt->num_rows == 1) { $error_msg = "err_register_existing_info"; } } else { $error_msg = "err_register_check"; } $stmt->close(); // check if username is already registered $prep_stmt = "SELECT id FROM user WHERE username = ? LIMIT 1"; $stmt = $this->mysqli->prepare($prep_stmt); if ($stmt) { $stmt->bind_param('s', $username); $stmt->execute(); $stmt->store_result(); if ($stmt->num_rows == 1) { $error_msg = "err_register_existing_info"; } } else { $error_msg = "err_register_check"; } $stmt->close(); if (empty($error_msg)) { // We don't need to set seed since PHP 5.2.1 // Uniqid for more entropy due to mt_rand not being 100% top notch $random_salt = hash('sha512', uniqid(mt_rand(), true)); $password = hash('sha512', $password . $random_salt); if ($insert_stmt = $this->mysqli->prepare("INSERT INTO user (username, email, password, salt) VALUES (?, ?, ?, ?)")) { $insert_stmt->bind_param('ssss', $username, $email, $password, $random_salt); if (!$insert_stmt->execute()) { $this->logger->log("Error trying to register (insert). SQL Error: " . $this->mysqli->error(), Logger::ERROR); MessageQueue::pushPersistent($_SESSION['user_id'], 'err_register_insert'); NavigationUtility::redirect('./index.php?view=error'); } } $this->logger->log("User registered sucessfully", Logger::INFO); MessageQueue::pushPersistent($_SESSION['user_id'], 'mes_register_success'); NavigationUtility::redirect('./index.php'); } else { $this->logger->log("Error trying to register :" . $error_msg, Logger::ERROR); MessageQueue::pushPersistent($_SESSION['user_id'], $error_msg); NavigationUtility::redirect('./index.php?view=error'); } } }
public function logout() { //Clean up properly in orde to destroy session for good $_SESSION = array(); // Unset all session values $params = session_get_cookie_params(); // get session parameters so we an delete the cookie // Renders it invalid / deleted setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]); // Bye! session_destroy(); MessageQueue::pushPersistent($_SESSION['user_id'], 'mes_logout_success'); NavigationUtility::redirect(); }