/** * Renders html for editing all tblSettings field for current user * * @return nothing */ function editUserdataSettings($_userid = '') { global $h; if (empty($_userid)) { $_userid = $h->session->id; } $list = readAllUserdata($_userid); if (!$list) { return; } echo '<div class="settings">'; echo xhtmlForm('edit_settings_frm', '', 'post', 'multipart/form-data'); echo xhtmlHidden('edit_settings_check', 1); echo '<table>'; foreach ($list as $row) { if (!empty($_POST['edit_settings_check'])) { switch ($row['fieldType']) { case USERDATA_TYPE_IMAGE: if (!empty($_POST['userdata_' . $row['fieldId'] . '_remove'])) { $h->files->deleteFile($row['settingValue']); $row['settingValue'] = 0; } else { if (isset($_FILES['userdata_' . $row['fieldId']])) { // FIXME: Gör så att handleUpload klarar av att ta userId som parameter $row['settingValue'] = $h->files->handleUpload($_FILES['userdata_' . $row['fieldId']], FILETYPE_USERDATA, $row['fieldId']); } } break; case USERDATA_TYPE_EMAIL: if (empty($_POST['userdata_' . $row['fieldId']])) { break; } if (!is_email($_POST['userdata_' . $row['fieldId']])) { echo '<div class="critical">' . t('The email entered is not valid!') . '</div>'; } else { $chk = findUserByEmail($_POST['userdata_' . $row['fieldId']]); if ($chk && $chk != $_userid) { echo '<div class="critical">' . t('The email entered already taken!') . '</div>'; } else { $row['settingValue'] = $_POST['userdata_' . $row['fieldId']]; } } break; case USERDATA_TYPE_BIRTHDATE: if (empty($_POST['userdata_' . $row['fieldId'] . '_year'])) { break; } $born = mktime(0, 0, 0, $_POST['userdata_' . $row['fieldId'] . '_month'], $_POST['userdata_' . $row['fieldId'] . '_day'], $_POST['userdata_' . $row['fieldId'] . '_year']); $row['settingValue'] = sql_datetime($born); break; case USERDATA_TYPE_BIRTHDATE_SWE: if (empty($_POST['userdata_' . $row['fieldId'] . '_year'])) { break; } $born = mktime(0, 0, 0, $_POST['userdata_' . $row['fieldId'] . '_month'], $_POST['userdata_' . $row['fieldId'] . '_day'], $_POST['userdata_' . $row['fieldId'] . '_year']); if ($check = SsnValidateSwedishNum($_POST['userdata_' . $row['fieldId'] . '_year'], $_POST['userdata_' . $row['fieldId'] . '_month'], $_POST['userdata_' . $row['fieldId'] . '_day'], $_POST['userdata_' . $row['fieldId'] . '_chk']) === true) { $row['settingValue'] = sql_datetime($born); } else { echo '<div class="critical">' . t('The Swedish SSN you entered is not valid!') . '</div>'; } break; case USERDATA_TYPE_LOCATION_SWE: if (empty($_POST['userdata_' . $row['fieldId']])) { break; } if (!ZipLocation::isValid($_POST['userdata_' . $row['fieldId']])) { echo '<div class="critical">' . t('The Swedish zipcode you entered is not valid!') . '</div>'; $h->session->log('User entered invalid swedish zipcode: ' . $_POST['userdata_' . $row['fieldId']], LOGLEVEL_WARNING); } else { saveSetting(SETTING_USERDATA, 0, $_userid, 'city', ZipLocation::cityId($_POST['userdata_' . $row['fieldId']])); saveSetting(SETTING_USERDATA, 0, $_userid, 'region', ZipLocation::regionId($_POST['userdata_' . $row['fieldId']])); $row['settingValue'] = $_POST['userdata_' . $row['fieldId']]; } break; default: if (!empty($_POST['userdata_' . $row['fieldId']])) { $row['settingValue'] = $_POST['userdata_' . $row['fieldId']]; } else { $row['settingValue'] = ''; } break; } //Stores the setting saveSetting(SETTING_USERDATA, 0, $_userid, $row['fieldId'], $row['settingValue']); } echo '<tr>' . getUserdataInput($row) . '</tr>'; } echo '</table>'; echo xhtmlSubmit('Save'); echo xhtmlFormClose(); echo '</div>'; }
$sql = 'SELECT id, name, email, hashed_password FROM users WHERE email = ? LIMIT 1'; $statement = mysqli_prepare($connection, $sql); mysqli_stmt_bind_param($statement, 's', $email); mysqli_stmt_execute($statement); mysqli_stmt_bind_result($statement, $id, $name, $email, $hp); mysqli_stmt_fetch($statement); mysqli_stmt_close($statement); if (isset($id, $name, $email, $hp)) { return ['id' => $id, 'name' => $name, 'email' => $email, 'hashed_password' => $hp]; } return null; } return function (array $request) { if (currentUser()) { return createRedirectResponse('/index.php/'); } $form = createCreateForm(); formHandleRequest($form, $request); if (formIsValid($form)) { $auth = extractValues($form); $user = findUserByEmail(mappedConnection('users'), $auth['email']); if ($user && password_verify($auth['password'], $user['hashed_password'])) { authorize($user); return createRedirectResponse('/'); } else { $form['valid'] = false; $form['fields']['password']['errors'][] = 'Неверный Пароль'; } } return createResponse(render('session/new.html.php', ['form' => $form])); };
<?php session_start(); require_once 'piute_includes.php'; // Create short variable names $email = $_POST['email']; if ($email) { try { $emailUser = findUserByEmail($email); $newPassword = generateRandomPassword(); saveUsersEmail($emailUser, $newPassword); sendNewPasswordEmail($emailUser, $newPassword); sendForgotPasswordNotification($emailUser); logInfoEvent(generateForgotPasswordEventMessage($emailUser)); header("Location: /forgot_email_sent.php"); } catch (Exception $e) { // Unsuccessful login if ($e->getMessage() == 'no user found') { $_SESSION['error'] = 'no user found'; header('Location: /index.php'); } else { if ($e->getMessage() == 'no results') { $_SESSION['error'] = 'no user found'; header('Location: /index.php'); } } } } function generateForgotPasswordEventMessage($user) { return $user->getFirstName() . " " . $user->getLastName() . " reset their password.";
function getBagCheckPerson() { $bagCheckUser = findUserByEmail('*****@*****.**'); return $bagCheckUser; }