function checkLogin(&$USERLOGGEDIN)
{
require_once "auth.lib.php";
$userid = checkAuth();
if ($userid != 0) {
setAuth($userid);
updateUserLogin($userid);
$USERLOGGEDIN = true;
}
}
function profile($userId, $forEditRegistrant = false)
{
global $sourceFolder, $moduleFolder;
if (isset($_POST['profileimgaction']) && $_POST['profileimgaction'] == 'uploadnew') {
require_once "{$sourceFolder}/upload.lib.php";
//Upload profile image
$allowableTypes = array('jpeg', 'jpg', 'png', 'gif');
$fakeModuleComponentId = $userId;
$uploadSuccess = submitFileUploadForm($fakeModuleComponentId, "profile", $userId, 512 * 1024, $allowableTypes, 'profileimage');
if (!is_array($uploadSuccess) && $uploadSuccess === false) {
displayerror("Profile image could not be uploaded. Maximum size should be 512 KB.");
} else {
if (is_array($uploadSuccess)) {
//Deleting old profile image
$profileimgnames = getUploadedFiles($fakeModuleComponentId, 'profile');
foreach ($profileimgnames as $img) {
if ($img['upload_filename'] != $uploadSuccess[0]) {
deleteFile($fakeModuleComponentId, 'profile', $img['upload_filename']);
}
}
}
}
} else {
if (isset($_POST['profileimgaction']) && $_POST['profileimgaction'] == 'noimage') {
require_once "{$sourceFolder}/upload.lib.php";
$fakeModuleComponentId = $userId;
$profileimgnames = getUploadedFiles($fakeModuleComponentId, 'profile');
foreach ($profileimgnames as $img) {
deleteFile($fakeModuleComponentId, 'profile', $img['upload_filename']);
}
}
}
/// Retrieve existing information
$profileQuery = 'SELECT `user_name`, `user_fullname`, `user_password` FROM `' . MYSQL_DATABASE_PREFIX . 'users` WHERE `user_id` = \'' . $userId . "'";
$profileResult = mysql_query($profileQuery);
if (!$profileResult) {
displayerror('An error occurred while trying to process your request.<br />' . mysql_error() . '<br />' . $profileQuery);
return '';
}
$profileRow = mysql_fetch_row($profileResult);
$newUserName = $userName = $profileRow[0];
$newUserFullname = $userFullname = $profileRow[1];
$userPassword = $profileRow[2];
require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php";
require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php";
/// Check if the user is trying to see the profile form, or has already submitted it
if (isset($_POST['btnSubmitProfile'])) {
if ($forEditRegistrant || !isProfileFormCaptchaEnabled() || submitCaptcha()) {
if (!$forEditRegistrant) {
$passwordValidated = false;
if (isset($_POST['user_password']) && $_POST['user_password'] != '' && md5($_POST['user_password']) == $userPassword) {
$passwordValidated = true;
}
}
$updates = array();
if (isset($_POST['user_name']) && $_POST['user_name'] != '' && $_POST['user_name'] != $userName) {
$updates[] = "`user_name` = '" . escape($_POST['user_name']) . "'";
$newUserName = escape($_POST['user_name']);
}
if (isset($_POST['user_fullname']) && $_POST['user_fullname'] != '' && $_POST['user_fullname'] != $userFullname) {
$updates[] = "`user_fullname` = '" . escape($_POST['user_fullname']) . "'";
$newUserFullname = escape($_POST['user_fullname']);
}
$errors = true;
if (!$forEditRegistrant && $_POST['user_newpassword'] != '') {
if (!$passwordValidated) {
displayerror('Error! The current password you entered was incorrect.');
} elseif ($_POST['user_newpassword'] != $_POST['user_newrepassword']) {
displayerror('Error! The New Password you entered does not match the password you typed in the Confirmation Box.');
} elseif ($_POST['user_newpassword'] == $_POST['user_password']) {
displayerror('Error! The old and new passwords are the same.');
} else {
$updates[] = "`user_password` = MD5('" . escape($_POST['user_newpassword']) . "')";
$errors = false;
}
} else {
$errors = false;
}
if (count($updates) > 0) {
$profileQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'users` SET ' . join($updates, ', ') . " WHERE `user_id` = '{$userId}'";
$profileResult = mysql_query($profileQuery);
if (!$profileResult) {
displayerror('An error was encountered while attempting to process your request.');
$errors = true;
}
$userName = $newUserName;
$userFullname = $newUserFullname;
if (!$forEditRegistrant) {
setAuth($userId);
}
}
$errors = !submitRegistrationForm(0, $userId, true, true) || $errors;
if (!$errors) {
displayinfo('All fields updated successfully!<br />' . '<input type="button" onclick="history.go(-2)" value="Go back" />');
}
}
}
return getProfileForm($userId, $userName, $userFullname, $forEditRegistrant);
}
/** Undocumented Function.
* Basically performs the whole login routine
* @todo Document it
*/
function login()
{
$allow_login_query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'allow_login'";
$allow_login_result = mysql_query($allow_login_query);
$allow_login_result = mysql_fetch_array($allow_login_result);
if (isset($_GET['subaction'])) {
if ($_GET['subaction'] == "resetPasswd") {
return resetPasswd($allow_login_result[0]);
}
if ($allow_login_result[0]) {
if ($_GET['subaction'] == "register") {
require_once "registration.lib.php";
return register();
}
}
global $openid_enabled;
if ($openid_enabled == 'true' && $allow_login_result[0]) {
if ($_GET['subaction'] == "openid_login") {
if (isset($_POST['process'])) {
$openid_url = trim($_POST['openid_identifier']);
openid_endpoint($openid_url);
}
}
if ($_GET['subaction'] == "openid_verify") {
if ($_GET['openid_mode'] != "cancel") {
$openid_url = $_GET['openid_identity'];
// Get the user's OpenID Identity as returned to us from the OpenID Provider
$openid = new Dope_OpenID($openid_url);
//Create a new Dope_OpenID object.
$validate_result = $openid->validateWithServer();
//validate to see if everything was recieved properly
if ($validate_result === TRUE) {
$userinfo = $openid->filterUserInfo($_GET);
return openid_login($userinfo);
} else {
if ($openid->isError() === TRUE) {
// Else if you're here, there was some sort of error during processing.
$the_error = $openid->getError();
$error = "Error Code: {$the_error['code']}<br />";
$error .= "Error Description: {$the_error['description']}<br />";
} else {
//Else validation with the server failed for some reason.
$error = "Error: Could not validate the OpenID at {$_SESSION['openid_url']}";
}
}
} else {
displayerror("User cancelled the OpenID authorization");
}
}
if ($_GET['subaction'] == "openid_pass") {
if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) {
displayerror("You are trying to link an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
return;
} else {
$openid_url = $_SESSION['openid_url'];
$openid_email = $_SESSION['openid_email'];
unset($_SESSION['openid_url']);
unset($_SESSION['openid_email']);
if (!isset($_POST['user_password'])) {
displayerror("Empty Passwords not allowed");
return;
}
$user_passwd = $_POST['user_password'];
$info = getUserInfo($openid_email);
if (!$info) {
displayerror("No user with Email {$openid_email}");
} else {
$check = checkLogin($info['user_loginmethod'], $info['user_name'], $openid_email, $user_passwd);
if ($check) {
//Password was correct. Link the account
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $info['user_id'] . ")";
$result = mysql_query($query) or die(mysql_error() . " in login() subaction=openid_pass while trying to Link OpenID account");
if ($result) {
displayinfo("Account successfully Linked. Log In one more time to continue.");
}
} else {
displayerror("The password you specified was incorrect");
}
}
}
}
if ($_GET['subaction'] == "quick_openid_reg") {
if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) {
displayerror("You are trying to register an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
return;
} else {
$openid_url = $_SESSION['openid_url'];
$openid_email = $_SESSION['openid_email'];
unset($_SESSION['openid_url']);
unset($_SESSION['openid_email']);
if (!isset($_POST['user_name']) || $_POST['user_name'] == "") {
displayerror("You didn't specified your Full name. Please <a href=\"./+login\">Login</a> again.");
return;
}
$openid_fname = escape($_POST['user_name']);
//Now let's start making the dummy user
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`,`user_loginmethod`) " . "VALUES ('" . $openid_email . "', '" . $openid_email . "','" . $openid_fname . "','0',1,'openid');";
$result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to insert information of new account");
if ($result) {
$id = mysql_insert_id();
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $id . ")";
$result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to Link OpenID account");
if ($result) {
displayinfo("Account successfully registered. You can now login via OpenID. Please complete your profile information after logging in.");
}
}
return "";
}
}
}
}
if (!isset($_POST['user_email'])) {
return loginForm($allow_login_result[0]);
} else {
/*if it is,
then userLDAPVerify($user_email,$user_passwd);
if the password is correct, update his password in DB
else $dontloginLDAP = true;
}
else {
if(userLDAPVerify($user_email,$user_passwd)) {
create his row in DB with loginmethod = ldap and user_activated = 1
(for this, use the createUser funciton in common.lib.php)
}
}*/
global $cookieSupported;
$login_status = false;
if ($cookieSupported == true) {
if ($_POST['user_email'] == "" || $_POST['user_password'] == "") {
displayerror("Blank e-mail or password NOT allowed. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
return loginForm($allow_login_result[0]);
} else {
$user_email = escape($_POST['user_email']);
$user_passwd = escape($_POST['user_password']);
$login_method = '';
if (!check_email($user_email)) {
displayerror("Your E-Mail Provider has been blackilisted. Please contact the website administrator");
return loginForm($allow_login_result[0]);
}
if ($temp = getUserInfo($user_email)) {
// check if exists in DB
$login_status = checkLogin($temp['user_loginmethod'], $temp['user_name'], $user_email, $user_passwd);
// This is to make sure when user logs in through LDAP, ADS or IMAP accounts, his passwords should be changed in database also, incase its old.
if ($login_status) {
updateUserPassword($user_email, $user_passwd);
}
//update passwd in db
} else {
//if user is not in db
global $authmethods;
if (strpos($user_email, '@') > -1) {
$tmp = explode('@', $user_email);
$user_name = $tmp[0];
$user_domain = strtolower($tmp[1]);
} else {
$user_name = $user_email;
}
if (isset($user_domain) && $user_domain == $authmethods['imap']['user_domain']) {
if ($login_status = checkLogin('imap', $user_name, $user_email, $user_passwd)) {
$login_method = 'imap';
}
} elseif (isset($user_domain) && $user_domain == $authmethods['ads']['user_domain']) {
if ($login_status = checkLogin('ads', $user_name, $user_email, $user_passwd)) {
$login_method = 'ads';
}
} elseif (isset($user_domain) && $user_domain == $authmethods['ldap']['user_domain']) {
if ($login_status = checkLogin('ldap', $user_name, $user_email, $user_passwd)) {
$login_method = 'ldap';
}
}
if ($login_status) {
//create new user in db and activate the user (only if user's login is valid)
$user_fullname = strtoupper($user_name);
$user_md5passwd = md5($user_passwd);
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_id`, `user_name`, `user_email`, `user_fullname`, `user_password`, `user_loginmethod`, `user_activated`) " . "VALUES (DEFAULT, '{$user_name}', '{$user_email}', '{$user_fullname}', '{$user_md5passwd}', '{$login_method}', '1')";
mysql_query($query) or die(mysql_error() . " creating new user !");
} else {
displaywarning("Incorrect username and/or password for <b>" . (isset($user_domain) ? $user_domain . "</b> domain!" : $user_name . "</b> user"));
}
}
if ($login_status) {
$temp = getUserInfo($user_email);
if (!$temp['user_activated']) {
displayinfo("The e-mail has not yet been verified. Kindly check your email and click on verification link. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
// if user exists in db and admin has set user_activated = false delibrately
// then it means that the user has been denied access !!!
} else {
$query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_lastlogin`=NOW() WHERE `" . MYSQL_DATABASE_PREFIX . "users`.`user_id` ='{$temp['user_id']}'";
mysql_query($query) or die(mysql_error() . " in login.lib.L:111");
$_SESSION['last_to_last_login_datetime'] = $temp['user_lastlogin'];
setAuth($temp['user_id']);
//exit();
//displayinfo("Welcome " . $temp['user_name'] . "!");
return $temp['user_id'];
}
} else {
displaywarning("Wrong E-mail or password. <a href='./+login&subaction=resetPasswd'>Lost Password?</a><br />");
return loginForm($allow_login_result[0]);
}
}
return 0;
} else {
showCookieWarning();
return 0;
}
}
}
} else {
echo json_encode(['error' => 'Please wait 7 seconds before retrying!', 'code' => 400]);
}
} else {
echo json_encode(['error' => 'No password supplied!', 'code' => 400]);
}
break;
/**
* Logout
*/
/**
* Logout
*/
case 'doLogout':
requireAuth();
setAuth(false);
echo json_encode(['success' => true]);
break;
/**
* Attempt to create a new contact to the WhatsSpy Public Database (39512f5ea29c597f25483697471ac0b00cbb8088359c219e98fa8bdaf7e079fa)
* @notice This user is not verified as a WhatsApp user, the tracker verifies the contacts.
*/
/**
* Attempt to create a new contact to the WhatsSpy Public Database (39512f5ea29c597f25483697471ac0b00cbb8088359c219e98fa8bdaf7e079fa)
* @notice This user is not verified as a WhatsApp user, the tracker verifies the contacts.
*/
case 'addContact':
requireAuth();
if (isset($_GET['number']) && isset($_GET['countrycode'])) {
// Name is optional
$name = isset($_GET['name']) ? $_GET['name'] : null;