/**
* Renders html for editing all tblSettings field for current user
*
* @return nothing
*/
function editUserdataSettings($_userid = '')
{
global $h;
if (empty($_userid)) {
$_userid = $h->session->id;
}
$list = readAllUserdata($_userid);
if (!$list) {
return;
}
echo '<div class="settings">';
echo xhtmlForm('edit_settings_frm', '', 'post', 'multipart/form-data');
echo xhtmlHidden('edit_settings_check', 1);
echo '<table>';
foreach ($list as $row) {
if (!empty($_POST['edit_settings_check'])) {
switch ($row['fieldType']) {
case USERDATA_TYPE_IMAGE:
if (!empty($_POST['userdata_' . $row['fieldId'] . '_remove'])) {
$h->files->deleteFile($row['settingValue']);
$row['settingValue'] = 0;
} else {
if (isset($_FILES['userdata_' . $row['fieldId']])) {
// FIXME: Gör så att handleUpload klarar av att ta userId som parameter
$row['settingValue'] = $h->files->handleUpload($_FILES['userdata_' . $row['fieldId']], FILETYPE_USERDATA, $row['fieldId']);
}
}
break;
case USERDATA_TYPE_EMAIL:
if (empty($_POST['userdata_' . $row['fieldId']])) {
break;
}
if (!is_email($_POST['userdata_' . $row['fieldId']])) {
echo '<div class="critical">' . t('The email entered is not valid!') . '</div>';
} else {
$chk = findUserByEmail($_POST['userdata_' . $row['fieldId']]);
if ($chk && $chk != $_userid) {
echo '<div class="critical">' . t('The email entered already taken!') . '</div>';
} else {
$row['settingValue'] = $_POST['userdata_' . $row['fieldId']];
}
}
break;
case USERDATA_TYPE_BIRTHDATE:
if (empty($_POST['userdata_' . $row['fieldId'] . '_year'])) {
break;
}
$born = mktime(0, 0, 0, $_POST['userdata_' . $row['fieldId'] . '_month'], $_POST['userdata_' . $row['fieldId'] . '_day'], $_POST['userdata_' . $row['fieldId'] . '_year']);
$row['settingValue'] = sql_datetime($born);
break;
case USERDATA_TYPE_BIRTHDATE_SWE:
if (empty($_POST['userdata_' . $row['fieldId'] . '_year'])) {
break;
}
$born = mktime(0, 0, 0, $_POST['userdata_' . $row['fieldId'] . '_month'], $_POST['userdata_' . $row['fieldId'] . '_day'], $_POST['userdata_' . $row['fieldId'] . '_year']);
if ($check = SsnValidateSwedishNum($_POST['userdata_' . $row['fieldId'] . '_year'], $_POST['userdata_' . $row['fieldId'] . '_month'], $_POST['userdata_' . $row['fieldId'] . '_day'], $_POST['userdata_' . $row['fieldId'] . '_chk']) === true) {
$row['settingValue'] = sql_datetime($born);
} else {
echo '<div class="critical">' . t('The Swedish SSN you entered is not valid!') . '</div>';
}
break;
case USERDATA_TYPE_LOCATION_SWE:
if (empty($_POST['userdata_' . $row['fieldId']])) {
break;
}
if (!ZipLocation::isValid($_POST['userdata_' . $row['fieldId']])) {
echo '<div class="critical">' . t('The Swedish zipcode you entered is not valid!') . '</div>';
$h->session->log('User entered invalid swedish zipcode: ' . $_POST['userdata_' . $row['fieldId']], LOGLEVEL_WARNING);
} else {
saveSetting(SETTING_USERDATA, 0, $_userid, 'city', ZipLocation::cityId($_POST['userdata_' . $row['fieldId']]));
saveSetting(SETTING_USERDATA, 0, $_userid, 'region', ZipLocation::regionId($_POST['userdata_' . $row['fieldId']]));
$row['settingValue'] = $_POST['userdata_' . $row['fieldId']];
}
break;
default:
if (!empty($_POST['userdata_' . $row['fieldId']])) {
$row['settingValue'] = $_POST['userdata_' . $row['fieldId']];
} else {
$row['settingValue'] = '';
}
break;
}
//Stores the setting
saveSetting(SETTING_USERDATA, 0, $_userid, $row['fieldId'], $row['settingValue']);
}
echo '<tr>' . getUserdataInput($row) . '</tr>';
}
echo '</table>';
echo xhtmlSubmit('Save');
echo xhtmlFormClose();
echo '</div>';
}
$sql = 'SELECT id, name, email, hashed_password FROM users WHERE email = ? LIMIT 1';
$statement = mysqli_prepare($connection, $sql);
mysqli_stmt_bind_param($statement, 's', $email);
mysqli_stmt_execute($statement);
mysqli_stmt_bind_result($statement, $id, $name, $email, $hp);
mysqli_stmt_fetch($statement);
mysqli_stmt_close($statement);
if (isset($id, $name, $email, $hp)) {
return ['id' => $id, 'name' => $name, 'email' => $email, 'hashed_password' => $hp];
}
return null;
}
return function (array $request) {
if (currentUser()) {
return createRedirectResponse('/index.php/');
}
$form = createCreateForm();
formHandleRequest($form, $request);
if (formIsValid($form)) {
$auth = extractValues($form);
$user = findUserByEmail(mappedConnection('users'), $auth['email']);
if ($user && password_verify($auth['password'], $user['hashed_password'])) {
authorize($user);
return createRedirectResponse('/');
} else {
$form['valid'] = false;
$form['fields']['password']['errors'][] = 'Неверный Пароль';
}
}
return createResponse(render('session/new.html.php', ['form' => $form]));
};
<?php
session_start();
require_once 'piute_includes.php';
// Create short variable names
$email = $_POST['email'];
if ($email) {
try {
$emailUser = findUserByEmail($email);
$newPassword = generateRandomPassword();
saveUsersEmail($emailUser, $newPassword);
sendNewPasswordEmail($emailUser, $newPassword);
sendForgotPasswordNotification($emailUser);
logInfoEvent(generateForgotPasswordEventMessage($emailUser));
header("Location: /forgot_email_sent.php");
} catch (Exception $e) {
// Unsuccessful login
if ($e->getMessage() == 'no user found') {
$_SESSION['error'] = 'no user found';
header('Location: /index.php');
} else {
if ($e->getMessage() == 'no results') {
$_SESSION['error'] = 'no user found';
header('Location: /index.php');
}
}
}
}
function generateForgotPasswordEventMessage($user)
{
return $user->getFirstName() . " " . $user->getLastName() . " reset their password.";
function getBagCheckPerson()
{
$bagCheckUser = findUserByEmail('*****@*****.**');
return $bagCheckUser;
}
