if ($password != $passwordc) {
                        $errors[] = lang("ACCOUNT_PASS_MISMATCH");
                    }
                }
            }
        }
        // Hash the user's password and update
        $password_hash = passwordHashUF($password);
        if ($password_hash === null) {
            $errors[] = lang("PASSWORD_HASH_FAILED");
        }
        // Nab up the user_id from the users information to update the password
        $user_id = $userdetails["id"];
        if (count($errors) == 0) {
            // Update password based on the user's id and the new password
            if (updateUserField($user_id, 'password', $password_hash)) {
                // Password was updated
                $successes[] = lang("ACCOUNT_PASSWORD_UPDATED");
                // Reset the password flag
                if (!flagLostPasswordRequest($userdetails["user_name"], 0)) {
                    $errors[] = lang("SQL_ERROR");
                }
            } else {
                // Error happened couldn't update password
                $errors[] = lang("FORGOTPASS_COULD_NOT_UPDATE");
            }
        }
    }
}
// Regenerate the token we send to the user everytime this is called
// Forms posted
function dbAddUserToDefaultGroups($user_id)
{
    try {
        global $db_table_prefix;
        $db = pdoConnect();
        $query = "SELECT \n            id, is_default \n            FROM " . $db_table_prefix . "groups where is_default >= 1";
        $stmt = $db->prepare($query);
        if (!$stmt->execute()) {
            // Error
            return false;
        }
        // Query to insert group membership
        $query_user = "******" . $db_table_prefix . "user_group_matches (\n\t\tgroup_id,\n\t\tuser_id\n\t\t)\n\t\tVALUES (\n\t\t:group_id,\n\t\t:user_id\n\t\t)";
        $stmt_user = $db->prepare($query_user);
        $primary_group_id = null;
        // Insert match for each default group
        while ($r = $stmt->fetch(PDO::FETCH_ASSOC)) {
            $group_id = $r['id'];
            if ($r['is_default'] == '2') {
                $primary_group_id = $group_id;
            }
            $sqlVars = array(':group_id' => $group_id, ':user_id' => $user_id);
            $stmt_user->execute($sqlVars);
        }
        // Set primary group for user
        if ($primary_group_id) {
            if (!updateUserField($user_id, 'primary_group_id', $primary_group_id)) {
                return false;
            }
        } else {
            addAlert("danger", "Oops, looks like our server might have goofed.  If you're an admin, please check the PHP error logs.");
            return false;
        }
        $stmt = null;
        return true;
    } catch (PDOException $e) {
        addAlert("danger", "Oops, looks like our database encountered an error.");
        error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
        return false;
    } catch (ErrorException $e) {
        addAlert("danger", "Oops, looks like our server might have goofed.  If you're an admin, please check the PHP error logs.");
        return false;
    }
}
                    $loggedInUser->hash_pw = $userdetails["password"];
                    $loggedInUser->title = $userdetails["title"];
                    $loggedInUser->displayname = $userdetails["display_name"];
                    $loggedInUser->username = $userdetails["user_name"];
                    $loggedInUser->alerts = array();
                    //Update last sign in
                    $loggedInUser->updateLastSignIn();
                    // Update password if we had encountered an outdated hash
                    if (getPasswordHashTypeUF($userdetails["password"]) != "modern") {
                        // Hash the user's password and update
                        $password_hash = passwordHashUF($password);
                        if ($password_hash === null) {
                            error_log("Notice: outdated password hash could not be updated because new hashing algorithm is not supported.  Are you running PHP >= 5.3.7?");
                        } else {
                            $loggedInUser->hash_pw = $password_hash;
                            updateUserField($loggedInUser->user_id, 'password', $password_hash);
                            error_log("Notice: outdated password hash has been automatically updated to modern hashing.");
                        }
                    }
                    // Create the user's CSRF token
                    $loggedInUser->csrf_token(true);
                    $_SESSION["userCakeUser"] = $loggedInUser;
                    $successes = array();
                    $successes[] = "Welcome back, " . $loggedInUser->displayname;
                }
            }
        }
    }
}
restore_error_handler();
foreach ($errors as $error) {
Esempio n. 4
0
    // Try to create the new user
    if (!($new_user_id = createUser($user_name, $display_name, $email, $title, $password, $passwordc, $require_activation, $admin))) {
        echo json_encode(array("errors" => 1, "successes" => 0));
        exit;
    }
    // If creation succeeds, add default groups for new users
    /*if (dbAddUserToDefaultGroups($new_user_id)){
    	  // Uncomment this if you want self-registered users to know about permission groups
    	  //$successes[] = lang("ACCOUNT_PERMISSION_ADDED", array ($addition_count));
    	} else {
    	  if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true" ){
    		echo json_encode(array("errors" => 1, "successes" => 0));
    	  } else {
    		header('Location: register_root.php');
    	  }
    	  exit();
    	}*/
    // Set the primary group as the "Admin" group
    updateUserField('1', 'primary_group_id', '2');
    // Account creation was successful!
    // On success, create the success message and delete the activation token
    deleteConfigParameter('root_account_config_token');
    addAlert("success", "You have successfully created the root account.  Please delete this installation folder and log in via login.php.");
    addAlert("success", "<a href='../login.php'>Click Here</a> to login");
} else {
    echo json_encode(array("errors" => $error_count, "successes" => 0));
    exit;
}
// Send successfully registered users to the completion page, while errors should return them to the registration page.
echo json_encode(array("errors" => 0, "successes" => 1));
exit;
Esempio n. 5
0
/**
 * Set user's primary group (by group_id)
 * @param int $user_id the id of the user to update.
 * @param int $group_id the id of the group to set as the primary group.
 * @return boolean true on success false on failure
 */
function updateUserPrimaryGroup($user_id, $group_id)
{
    // This block automatically checks this action against the permissions database before running.
    if (!checkActionPermissionSelf(__FUNCTION__, func_get_args())) {
        addAlert("danger", "Sorry, you do not have permission to access this resource.");
        return false;
    }
    // Check that the group exists, and that the user is a member of it
    if (!groupIdExists($group_id)) {
        addAlert("danger", "I'm sorry, the group id you specified is invalid!");
        return false;
    } else {
        if (!userInGroup($user_id, $group_id)) {
            addAlert("danger", "I'm sorry, the specified user is not a member of the specified group.");
            return false;
        } else {
            if (updateUserField($user_id, 'primary_group_id', $group_id)) {
                addAlert("success", "Primary group for user updated.");
                return true;
            } else {
                return false;
            }
        }
    }
}
Esempio n. 6
0
                }
                break;
            case 'lName':
                $success = updateUserField($email, $_GET['value'], "updateLastName", $errMsg);
                if ($success) {
                    $_SESSION['user']['lastName'] = $value;
                }
                break;
            case 'dob':
                $success = updateUserField($email, $_GET['value'], "updateDOB", $errMsg);
                if ($success) {
                    $_SESSION['user']['dob'] = $value;
                }
                break;
            case 'nation':
                $success = updateUserField($email, $_GET['value'], "updateNationName", $errMsg);
                if ($success) {
                    $_SESSION['user']['nationality'] = $value;
                }
                break;
        }
        $retJson = jsonResult($success, $errMsg);
        echo $retJson;
    }
}
function updateUserField($email, $value, $procName, &$errMsg = "")
{
    $returnVal = true;
    $conn = connectDatabase();
    $stmt = $conn->prepare("Call {$procName}(?,?)");
    $stmt->bind_param("ss", $email, $value);