if ($password != $passwordc) {
$errors[] = lang("ACCOUNT_PASS_MISMATCH");
}
}
}
}
// Hash the user's password and update
$password_hash = passwordHashUF($password);
if ($password_hash === null) {
$errors[] = lang("PASSWORD_HASH_FAILED");
}
// Nab up the user_id from the users information to update the password
$user_id = $userdetails["id"];
if (count($errors) == 0) {
// Update password based on the user's id and the new password
if (updateUserField($user_id, 'password', $password_hash)) {
// Password was updated
$successes[] = lang("ACCOUNT_PASSWORD_UPDATED");
// Reset the password flag
if (!flagLostPasswordRequest($userdetails["user_name"], 0)) {
$errors[] = lang("SQL_ERROR");
}
} else {
// Error happened couldn't update password
$errors[] = lang("FORGOTPASS_COULD_NOT_UPDATE");
}
}
}
}
// Regenerate the token we send to the user everytime this is called
// Forms posted
function dbAddUserToDefaultGroups($user_id)
{
try {
global $db_table_prefix;
$db = pdoConnect();
$query = "SELECT \n id, is_default \n FROM " . $db_table_prefix . "groups where is_default >= 1";
$stmt = $db->prepare($query);
if (!$stmt->execute()) {
// Error
return false;
}
// Query to insert group membership
$query_user = "******" . $db_table_prefix . "user_group_matches (\n\t\tgroup_id,\n\t\tuser_id\n\t\t)\n\t\tVALUES (\n\t\t:group_id,\n\t\t:user_id\n\t\t)";
$stmt_user = $db->prepare($query_user);
$primary_group_id = null;
// Insert match for each default group
while ($r = $stmt->fetch(PDO::FETCH_ASSOC)) {
$group_id = $r['id'];
if ($r['is_default'] == '2') {
$primary_group_id = $group_id;
}
$sqlVars = array(':group_id' => $group_id, ':user_id' => $user_id);
$stmt_user->execute($sqlVars);
}
// Set primary group for user
if ($primary_group_id) {
if (!updateUserField($user_id, 'primary_group_id', $primary_group_id)) {
return false;
}
} else {
addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs.");
return false;
}
$stmt = null;
return true;
} catch (PDOException $e) {
addAlert("danger", "Oops, looks like our database encountered an error.");
error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
return false;
} catch (ErrorException $e) {
addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs.");
return false;
}
}
$loggedInUser->hash_pw = $userdetails["password"];
$loggedInUser->title = $userdetails["title"];
$loggedInUser->displayname = $userdetails["display_name"];
$loggedInUser->username = $userdetails["user_name"];
$loggedInUser->alerts = array();
//Update last sign in
$loggedInUser->updateLastSignIn();
// Update password if we had encountered an outdated hash
if (getPasswordHashTypeUF($userdetails["password"]) != "modern") {
// Hash the user's password and update
$password_hash = passwordHashUF($password);
if ($password_hash === null) {
error_log("Notice: outdated password hash could not be updated because new hashing algorithm is not supported. Are you running PHP >= 5.3.7?");
} else {
$loggedInUser->hash_pw = $password_hash;
updateUserField($loggedInUser->user_id, 'password', $password_hash);
error_log("Notice: outdated password hash has been automatically updated to modern hashing.");
}
}
// Create the user's CSRF token
$loggedInUser->csrf_token(true);
$_SESSION["userCakeUser"] = $loggedInUser;
$successes = array();
$successes[] = "Welcome back, " . $loggedInUser->displayname;
}
}
}
}
}
restore_error_handler();
foreach ($errors as $error) {
// Try to create the new user
if (!($new_user_id = createUser($user_name, $display_name, $email, $title, $password, $passwordc, $require_activation, $admin))) {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
// If creation succeeds, add default groups for new users
/*if (dbAddUserToDefaultGroups($new_user_id)){
// Uncomment this if you want self-registered users to know about permission groups
//$successes[] = lang("ACCOUNT_PERMISSION_ADDED", array ($addition_count));
} else {
if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true" ){
echo json_encode(array("errors" => 1, "successes" => 0));
} else {
header('Location: register_root.php');
}
exit();
}*/
// Set the primary group as the "Admin" group
updateUserField('1', 'primary_group_id', '2');
// Account creation was successful!
// On success, create the success message and delete the activation token
deleteConfigParameter('root_account_config_token');
addAlert("success", "You have successfully created the root account. Please delete this installation folder and log in via login.php.");
addAlert("success", "<a href='../login.php'>Click Here</a> to login");
} else {
echo json_encode(array("errors" => $error_count, "successes" => 0));
exit;
}
// Send successfully registered users to the completion page, while errors should return them to the registration page.
echo json_encode(array("errors" => 0, "successes" => 1));
exit;
/**
* Set user's primary group (by group_id)
* @param int $user_id the id of the user to update.
* @param int $group_id the id of the group to set as the primary group.
* @return boolean true on success false on failure
*/
function updateUserPrimaryGroup($user_id, $group_id)
{
// This block automatically checks this action against the permissions database before running.
if (!checkActionPermissionSelf(__FUNCTION__, func_get_args())) {
addAlert("danger", "Sorry, you do not have permission to access this resource.");
return false;
}
// Check that the group exists, and that the user is a member of it
if (!groupIdExists($group_id)) {
addAlert("danger", "I'm sorry, the group id you specified is invalid!");
return false;
} else {
if (!userInGroup($user_id, $group_id)) {
addAlert("danger", "I'm sorry, the specified user is not a member of the specified group.");
return false;
} else {
if (updateUserField($user_id, 'primary_group_id', $group_id)) {
addAlert("success", "Primary group for user updated.");
return true;
} else {
return false;
}
}
}
}
}
break;
case 'lName':
$success = updateUserField($email, $_GET['value'], "updateLastName", $errMsg);
if ($success) {
$_SESSION['user']['lastName'] = $value;
}
break;
case 'dob':
$success = updateUserField($email, $_GET['value'], "updateDOB", $errMsg);
if ($success) {
$_SESSION['user']['dob'] = $value;
}
break;
case 'nation':
$success = updateUserField($email, $_GET['value'], "updateNationName", $errMsg);
if ($success) {
$_SESSION['user']['nationality'] = $value;
}
break;
}
$retJson = jsonResult($success, $errMsg);
echo $retJson;
}
}
function updateUserField($email, $value, $procName, &$errMsg = "")
{
$returnVal = true;
$conn = connectDatabase();
$stmt = $conn->prepare("Call {$procName}(?,?)");
$stmt->bind_param("ss", $email, $value);