function profile($userId, $forEditRegistrant = false)
{
global $sourceFolder, $moduleFolder;
if (isset($_POST['profileimgaction']) && $_POST['profileimgaction'] == 'uploadnew') {
require_once "{$sourceFolder}/upload.lib.php";
//Upload profile image
$allowableTypes = array('jpeg', 'jpg', 'png', 'gif');
$fakeModuleComponentId = $userId;
$uploadSuccess = submitFileUploadForm($fakeModuleComponentId, "profile", $userId, 512 * 1024, $allowableTypes, 'profileimage');
if (!is_array($uploadSuccess) && $uploadSuccess === false) {
displayerror("Profile image could not be uploaded. Maximum size should be 512 KB.");
} else {
if (is_array($uploadSuccess)) {
//Deleting old profile image
$profileimgnames = getUploadedFiles($fakeModuleComponentId, 'profile');
foreach ($profileimgnames as $img) {
if ($img['upload_filename'] != $uploadSuccess[0]) {
deleteFile($fakeModuleComponentId, 'profile', $img['upload_filename']);
}
}
}
}
} else {
if (isset($_POST['profileimgaction']) && $_POST['profileimgaction'] == 'noimage') {
require_once "{$sourceFolder}/upload.lib.php";
$fakeModuleComponentId = $userId;
$profileimgnames = getUploadedFiles($fakeModuleComponentId, 'profile');
foreach ($profileimgnames as $img) {
deleteFile($fakeModuleComponentId, 'profile', $img['upload_filename']);
}
}
}
/// Retrieve existing information
$profileQuery = 'SELECT `user_name`, `user_fullname`, `user_password` FROM `' . MYSQL_DATABASE_PREFIX . 'users` WHERE `user_id` = \'' . $userId . "'";
$profileResult = mysql_query($profileQuery);
if (!$profileResult) {
displayerror('An error occurred while trying to process your request.<br />' . mysql_error() . '<br />' . $profileQuery);
return '';
}
$profileRow = mysql_fetch_row($profileResult);
$newUserName = $userName = $profileRow[0];
$newUserFullname = $userFullname = $profileRow[1];
$userPassword = $profileRow[2];
require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php";
require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php";
/// Check if the user is trying to see the profile form, or has already submitted it
if (isset($_POST['btnSubmitProfile'])) {
if ($forEditRegistrant || !isProfileFormCaptchaEnabled() || submitCaptcha()) {
if (!$forEditRegistrant) {
$passwordValidated = false;
if (isset($_POST['user_password']) && $_POST['user_password'] != '' && md5($_POST['user_password']) == $userPassword) {
$passwordValidated = true;
}
}
$updates = array();
if (isset($_POST['user_name']) && $_POST['user_name'] != '' && $_POST['user_name'] != $userName) {
$updates[] = "`user_name` = '" . escape($_POST['user_name']) . "'";
$newUserName = escape($_POST['user_name']);
}
if (isset($_POST['user_fullname']) && $_POST['user_fullname'] != '' && $_POST['user_fullname'] != $userFullname) {
$updates[] = "`user_fullname` = '" . escape($_POST['user_fullname']) . "'";
$newUserFullname = escape($_POST['user_fullname']);
}
$errors = true;
if (!$forEditRegistrant && $_POST['user_newpassword'] != '') {
if (!$passwordValidated) {
displayerror('Error! The current password you entered was incorrect.');
} elseif ($_POST['user_newpassword'] != $_POST['user_newrepassword']) {
displayerror('Error! The New Password you entered does not match the password you typed in the Confirmation Box.');
} elseif ($_POST['user_newpassword'] == $_POST['user_password']) {
displayerror('Error! The old and new passwords are the same.');
} else {
$updates[] = "`user_password` = MD5('" . escape($_POST['user_newpassword']) . "')";
$errors = false;
}
} else {
$errors = false;
}
if (count($updates) > 0) {
$profileQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'users` SET ' . join($updates, ', ') . " WHERE `user_id` = '{$userId}'";
$profileResult = mysql_query($profileQuery);
if (!$profileResult) {
displayerror('An error was encountered while attempting to process your request.');
$errors = true;
}
$userName = $newUserName;
$userFullname = $newUserFullname;
if (!$forEditRegistrant) {
setAuth($userId);
}
}
$errors = !submitRegistrationForm(0, $userId, true, true) || $errors;
if (!$errors) {
displayinfo('All fields updated successfully!<br />' . '<input type="button" onclick="history.go(-2)" value="Go back" />');
}
}
}
return getProfileForm($userId, $userName, $userFullname, $forEditRegistrant);
}
function submitRegistrationForm($moduleCompId, $userId, $silent = false, $disableCaptcha = false)
{
///-------------------------Get anonymous unique negative user id---------------
if ($userId == 0) {
$useridQuery = "SELECT MIN(`user_id`) - 1 AS MIN FROM `form_regdata` WHERE 1";
$useridResult = mysql_query($useridQuery);
if (mysql_num_rows($useridResult) > 0) {
$useridRow = mysql_fetch_assoc($useridResult);
$userId = $useridRow['MIN'];
} else {
$userId = -1;
}
}
///-----------------------------Anonymous user id ends-------------------------------
///---------------------------- CAPTCHA Validation ----------------------------------
if (!$disableCaptcha) {
$captchaQuery = 'SELECT `form_usecaptcha` FROM `form_desc` WHERE `page_modulecomponentid` = ' . $moduleCompId;
$captchaResult = mysql_query($captchaQuery);
$captchaRow = mysql_fetch_row($captchaResult);
if ($captchaRow[0] == 1) {
if (!submitCaptcha()) {
return false;
}
}
}
///------------------------ CAPTCHA Validation Ends Here ----------------------------
$query = "SELECT `form_elementid`,`form_elementtype` FROM `form_elementdesc` WHERE `page_modulecomponentid`={$moduleCompId}";
$result = mysql_query($query);
$allFieldsUpdated = true;
while ($elementRow = mysql_fetch_assoc($result)) {
$type = $elementRow['form_elementtype'];
$elementId = $elementRow['form_elementid'];
$postVarName = "form_" . $moduleCompId . "_element_" . $elementRow['form_elementid'];
$functionName = "submitRegistrationForm" . ucfirst(strtolower($type));
$elementDescQuery = "SELECT `form_elementname`,`form_elementsize`,`form_elementtypeoptions`,`form_elementmorethan`," . "`form_elementlessthan`,`form_elementcheckint`,`form_elementisrequired` FROM `form_elementdesc` " . "WHERE `page_modulecomponentid`={$moduleCompId} AND `form_elementid` ={$elementId}";
$elementDescResult = mysql_query($elementDescQuery);
if (!$elementDescResult) {
displayerror('E69 : Invalid query: ' . mysql_error());
return false;
}
$elementDescRow = mysql_fetch_assoc($elementDescResult);
$elementName = $elementDescRow['form_elementname'];
$elementSize = $elementDescRow['form_elementsize'];
$elementTypeOptions = $elementDescRow['form_elementtypeoptions'];
$elementMoreThan = $elementDescRow['form_elementmorethan'];
$elementLessThan = $elementDescRow['form_elementlessthan'];
$elementCheckInt = $elementDescRow['form_elementcheckint'] == 1 ? true : false;
$elementIsRequired = $elementDescRow['form_elementisrequired'] == 1 ? true : false;
if ($functionName($moduleCompId, $elementId, $userId, $postVarName, $elementName, $elementSize, $elementTypeOptions, $elementMoreThan, $elementLessThan, $elementCheckInt, $elementIsRequired) == false) {
// displayerror("Error in inputting data in function $functionName.");
$allFieldsUpdated = false;
break;
}
}
if (!$allFieldsUpdated) {
if ($userId < 0) {
unregisterUser($moduleCompId, $userId);
} else {
if (!verifyUserRegistered($moduleCompId, $userId)) {
$deleteelementdata_query = "DELETE FROM `form_elementdata` WHERE `user_id` = {$userId} AND `page_modulecomponentid` = {$moduleCompId} ";
$deleteelementdata_result = mysql_query($deleteelementdata_query);
}
return false;
}
} else {
if (!verifyUserRegistered($moduleCompId, $userId)) {
registerUser($moduleCompId, $userId);
} else {
updateUser($moduleCompId, $userId);
}
if (!$silent) {
displayinfo("User successfully registered!");
// send mail code starts here - see common.lib.php for more
/*
$from = CMS_EMAIL;
$to = getUserEmail($userId);
$pageId = getPageIdFromModuleComponentId('form',$moduleCompId);
$parentPage = getParentPage($pageId);
$event = getPageTitle($parentPage);
$keyid = $finalName = str_pad($userId, 5,'0', STR_PAD_LEFT);
$key = '';
if($event=='Hospitality'){
$mailtype = "hospitality_mail";
$key = 'P09'.$keyid;
}elseif($event=='Crossfire'){
$mailtype = "crossfire_mail";
}
elseif($event=='Home'){
$mailtype = "suggestions_mail";
}
else {
$mailtype = "registration_mail";
}
$messenger = new messenger(false);
if($event=='Akriti') {
$key=<<<MSG
Your Akriti registration no. is P09AR$keyid.
Please ensure that your drawing sheets and/or reports only bear the registration number.
Name of the institute, participants name are strictly prohibited from appearing in any form.
MSG;
}
$messenger->assign_vars(array('EVENT'=>"$event",'KEY'=>"$key",
'NAME'=>getUserFullName($userId)));
if($event == 'onlinefinals')
;
else
if ($messenger->mailer($to,$mailtype,$key,$from))
displayinfo("You have been succesfully registered to $event and a registration confirmation mail has been sent. Kindly check your e-mail.");
else
displayerror("Registration confirmation mail sending failure. Kindly contact webadmin@pragyan.org");
*/
// send mail code ends here
}
}
return true;
}
function submitRegistrationForm($moduleCompId, $userId, $silent = false, $disableCaptcha = false)
{
///-------------------------Get anonymous unique negative user id---------------
if ($userId == 0) {
$useridQuery = "SELECT MIN(`user_id`) - 1 AS MIN FROM `form_regdata` WHERE 1";
$useridResult = mysql_query($useridQuery);
if (mysql_num_rows($useridResult) > 0) {
$useridRow = mysql_fetch_assoc($useridResult);
$userId = $useridRow['MIN'];
} else {
$userId = -1;
}
}
///-----------------------------Anonymous user id ends-------------------------------
///---------------------------- CAPTCHA Validation ----------------------------------
if (!$disableCaptcha) {
$captchaQuery = 'SELECT `form_usecaptcha` FROM `form_desc` WHERE `page_modulecomponentid` = \'' . $moduleCompId . "'";
$captchaResult = mysql_query($captchaQuery);
$captchaRow = mysql_fetch_row($captchaResult);
if ($captchaRow[0] == 1) {
if (!submitCaptcha()) {
return false;
}
}
}
///------------------------ CAPTCHA Validation Ends Here ----------------------------
$query = "SELECT `form_elementid`,`form_elementtype` FROM `form_elementdesc` WHERE `page_modulecomponentid`='{$moduleCompId}'";
$result = mysql_query($query);
$allFieldsUpdated = true;
while ($elementRow = mysql_fetch_assoc($result)) {
$type = $elementRow['form_elementtype'];
$elementId = $elementRow['form_elementid'];
$postVarName = "form_" . $moduleCompId . "_element_" . $elementRow['form_elementid'];
$functionName = "submitRegistrationForm" . ucfirst(strtolower($type));
$elementDescQuery = "SELECT `form_elementname`,`form_elementsize`,`form_elementtypeoptions`,`form_elementmorethan`," . "`form_elementlessthan`,`form_elementcheckint`,`form_elementisrequired` FROM `form_elementdesc` " . "WHERE `page_modulecomponentid`='{$moduleCompId}' AND `form_elementid` ='{$elementId}'";
$elementDescResult = mysql_query($elementDescQuery);
if (!$elementDescResult) {
displayerror('E69 : Invalid query: ' . mysql_error());
return false;
}
$elementDescRow = mysql_fetch_assoc($elementDescResult);
$elementName = $elementDescRow['form_elementname'];
$elementSize = $elementDescRow['form_elementsize'];
$elementTypeOptions = $elementDescRow['form_elementtypeoptions'];
$elementMoreThan = $elementDescRow['form_elementmorethan'];
$elementLessThan = $elementDescRow['form_elementlessthan'];
$elementCheckInt = $elementDescRow['form_elementcheckint'] == 1 ? true : false;
$elementIsRequired = $elementDescRow['form_elementisrequired'] == 1 ? true : false;
if ($functionName($moduleCompId, $elementId, $userId, $postVarName, $elementName, $elementSize, $elementTypeOptions, $elementMoreThan, $elementLessThan, $elementCheckInt, $elementIsRequired) == false) {
// displayerror("Error in inputting data in function $functionName.");
$allFieldsUpdated = false;
break;
}
}
if (!$allFieldsUpdated) {
if ($userId < 0) {
unregisterUser($moduleCompId, $userId);
} else {
if (!verifyUserRegistered($moduleCompId, $userId)) {
$deleteelementdata_query = "DELETE FROM `form_elementdata` WHERE `user_id` = '{$userId}' AND `page_modulecomponentid` ='{$moduleCompId}' ";
$deleteelementdata_result = mysql_query($deleteelementdata_query);
}
return false;
}
} else {
if (!verifyUserRegistered($moduleCompId, $userId)) {
registerUser($moduleCompId, $userId);
} else {
updateUser($moduleCompId, $userId);
}
if (!$silent) {
$footerQuery = "SELECT `form_footertext`, `form_sendconfirmation` FROM `form_desc` WHERE `page_modulecomponentid` = '{$moduleCompId}'";
$footerResult = mysql_query($footerQuery);
$footerRow = mysql_fetch_row($footerResult);
$footerText = $footerRow[0];
$footerTextLength = strlen($footerText);
if ($footerTextLength > 7) {
if (substr($footerText, 0, 4) == '<!--' && substr($footerText, $footerTextLength - 3) == '-->') {
$footerText = substr($footerText, 4, $footerTextLength - 7);
} else {
$footerText = '';
}
} else {
$footerText = '';
}
displayinfo($footerText == '' ? "User successfully registered!" : $footerText);
// send mail code starts here - see common.lib.php for more
if ($footerRow[1]) {
$from = '';
// Default CMS email will be added automatically if this is left blank
$to = getUserEmail($userId);
$pageId = getPageIdFromModuleComponentId('form', $moduleCompId);
$parentPage = getParentPage($pageId);
$formname = getPageTitle($parentPage);
$keyid = $finalName = str_pad($userId, 5, '0', STR_PAD_LEFT);
$key = '';
$mailtype = "form_registration_mail";
$messenger = new messenger(false);
global $onlineSiteUrl;
$messenger->assign_vars(array('FORMNAME' => "{$formname}", 'KEY' => "{$key}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl, 'NAME' => getUserFullName($userId)));
if ($messenger->mailer($to, $mailtype, $key, $from)) {
displayinfo("You have been succesfully registered to {$formname} and a registration confirmation mail has been sent. Kindly check your e-mail.");
} else {
displayerror("Registration confirmation mail sending failure. Kindly contact webadmin@pragyan.org");
}
}
// send mail code ends here
}
}
return true;
}
function register()
{
///registration formmessenger
global $uploadFolder, $sourceFolder, $moduleFolder, $urlRequestRoot;
require "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php";
require "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php";
if (!isset($_GET['key']) && !isset($_GET['reSendKey']) && !isset($_POST['user_email'])) {
return getRegistrationForm();
} elseif (isset($_GET['reSendKey']) && !isset($_POST['resend_key_email']) && SEND_MAIL_ON_REGISTRATION) {
$reSendForm = <<<FORM
<form class="cms-registrationform" method="POST" name="user_resend_key" onsubmit="return checkForm(this)" action="./+login&subaction=register&reSendKey">
<fieldset>
<legend>Resend Activation Link</legend>
<table>
\t\t<tr>
\t\t\t<td><label for="resend_key_email" class="labelrequired">Email</label></td>
\t\t\t<td><input type="text" name="resend_key_email" id="resend_key_email" class="required" onchange="if(this.length!=0) return checkEmail(this);"/><br /></td>
\t\t</tr>
\t\t<tr>
\t\t\t<td colspan="2"> </td>
\t\t</tr>
\t\t<tr>
\t\t\t<td><input type="submit" id="submitbutton" value="Submit"></td>
\t\t\t<td><a href="./+login&subaction=register">Sign Up</a> <a href="./+login">Login?</a></td>
\t\t</tr>
\t</table>
\t</fieldset>
</form>
FORM;
return $reSendForm;
} elseif (isset($_POST['resend_key_email'])) {
$email = escape($_POST['resend_key_email']);
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='{$email}' ";
$result = mysql_query($query) or displayerror(mysql_error() . "registration L:131");
if (!mysql_num_rows($result)) {
displayinfo("This email-id has not yet been registered. Kindly <a href=\"./+login&subaction=register\">register</a>.");
} else {
$temp = mysql_fetch_assoc($result);
if ($temp['user_activated'] == 1) {
displayinfo("E-mail {$email} has already been verified.<a href=\"./+login\"> Login</a> <a href=\"./+login&subaction=resetPasswd\">Forgot Password?</a>");
} else {
$key = getVerificationKey($email, $temp['user_password'], $temp['user_regdate']);
// send mail code starts here - see common.lib.php for more
$from = "from: " . CMS_TITLE . " <" . CMS_EMAIL . ">";
$to = "{$email}";
$mailtype = "activation_mail";
$messenger = new messenger(false);
global $onlineSiteUrl;
$messenger->assign_vars(array('ACTIVATE_URL' => "{$onlineSiteUrl}/+login&subaction=register&verify={$to}&key={$key}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
if ($messenger->mailer($to, $mailtype, $key, $from)) {
displayinfo("Activation link resent. Kindly check your e-mail for activation link.");
} else {
displayerror("Activation link resending failure. Kindly contact administrator");
}
// send mail code ends here
}
}
} elseif (isset($_GET['key'])) {
$emailId = escape($_GET['verify']);
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='{$emailId}'";
$result = mysql_query($query) or displayerror(mysql_error() . "registration L:76");
$temp = mysql_fetch_assoc($result);
if ($temp['user_activated'] == 1) {
displayinfo("E-mail " . escape($_GET[verify]) . " has already been verified");
} else {
if ($_GET['key'] == getVerificationKey($_GET['verify'], $temp['user_password'], $temp['user_regdate'])) {
$query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_activated`=1 WHERE `user_email`='{$emailId}'";
mysql_query($query) or die(mysql_error());
if (mysql_affected_rows() > 0) {
displayinfo("Your e-mail " . escape($_GET[verify]) . " has been verified. Now you can fill your profile information by clicking <a href=\"./+profile\">here</a> or by clicking on the preferences link in the action bar any time you are logged in.");
} else {
displayerror("Verification error for " . escape($_GET[verify]) . ". Please contact administrator");
}
} else {
displayerror("Verification error for " . escape($_GET[verify]) . ". Please contact administrator");
}
}
} else {
if ($_POST['user_email'] == "" || $_POST['user_password'] == "") {
displayerror("Blank e-mail/password NOT allowed");
return getRegistrationForm();
}
if ($_POST['user_name'] == "" || $_POST['user_fullname'] == "") {
displayerror("Please fill in your user name and Full name");
return getRegistrationForm();
}
if (!preg_match("/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/i", $_POST['user_email'])) {
displayerror("Invalid Email Id");
return getRegistrationForm();
}
if ($_POST['user_password'] != $_POST['user_repassword']) {
displayerror("Passwords are not same");
return getRegistrationForm();
}
if (submitCaptcha() == false) {
return getRegistrationForm();
}
/*For new registrations*/
$umail = escape($_POST['user_email']);
$umail = trim($umail);
$isValid = check_email($umail);
if (!$isValid) {
displayerror("Your E-Mail Provoider has been blackilisted. Please Use another email id or contact the website administrator");
return getRegistrationForm();
}
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='" . $umail . "'";
$result = mysql_query($query) or displayerror(mysql_error() . "in registration L:115");
if (mysql_num_rows($result)) {
displaywarning("Email already exists in database. Please use a different e-mail.");
return getRegistrationForm();
} else {
$passwd = md5($_POST['user_password']);
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`) " . "VALUES ('" . escape($_POST['user_name']) . "', '" . escape($_POST['user_email']) . "', '" . escape($_POST['user_fullname']) . "', '{$passwd}', " . ACTIVATE_USER_ON_REG . ")";
$result = mysql_query($query);
$query1 = "SELECT `user_id` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email` ='" . escape($_POST['user_email']) . "' LIMIT 1";
$result1 = mysql_query($query1);
$result1 = mysql_fetch_array($result1);
$form_result = submitRegistrationForm(0, $result1[0], true, true);
if (!$form_result) {
$query1 = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '" . $result1[0] . "'";
$result = mysql_query($query1);
return getRegistrationForm();
}
if ($result) {
if (ACTIVATE_USER_ON_REG) {
displayinfo("You have been successfully registered. You can now <a href=\"./+login\">log in</a>.");
} else {
displayinfo("Your registration was successful but your account is not activated yet. Kindly check your email, or wait for the website administrator to activate you.");
}
}
if (SEND_MAIL_ON_REGISTRATION) {
$email = $umail;
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='{$email}' ";
$result = mysql_query($query) or displayerror(mysql_error() . "registration L:211");
$temp = mysql_fetch_assoc($result);
$key = getVerificationKey($email, $temp['user_password'], $temp['user_regdate']);
// send mail code starts here - see common.lib.php for more
$from = "from: " . CMS_TITLE . " <" . CMS_EMAIL . ">";
$to = "{$email}";
$mailtype = "activation_mail";
$messenger = new messenger(false);
global $onlineSiteUrl;
$messenger->assign_vars(array('ACTIVATE_URL' => "{$onlineSiteUrl}/+login&subaction=register&verify={$to}&key={$key}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
if ($messenger->mailer($to, $mailtype, $key, $from)) {
displayinfo("Kindly check your e-mail for activation link.");
} else {
displayerror("Activation link sending failure. Kindly contact administrator");
}
// send mail code ends here
}
}
}
}