public function register_user()
{
$username = $this->username;
$name = $this->name == null ? $this->username : $this->name;
$password = $this->password;
$mail = $this->mail;
$errors = array();
$hasher = new \CODOF\Pass(8, false);
$hash = $hasher->HashPassword($password);
if (strlen($hash) >= 20) {
$fields = array("username" => $username, "name" => $name, "pass" => $hash, "mail" => $mail, "created" => time(), "last_access" => time(), "user_status" => $this->user_status, "avatar" => $this->avatar, "no_posts" => $this->no_posts, "oauth_id" => $this->oauth_id);
$qry = 'INSERT INTO codo_users (username, name, pass, mail, created, last_access, user_status, avatar, no_posts, oauth_id) ' . 'VALUES(:username, :name, :pass, :mail, :created, :last_access, :user_status, :avatar, :no_posts, :oauth_id)';
$obj = $this->db->prepare($qry);
if (!$obj->execute($fields)) {
\CODOF\Log::error("Could not register user! \nError:\n " . print_r($obj->errorInfo(), true) . " \nData:\n" . print_r($fields, true));
$errors[] = "Could not register user";
} else {
$this->userid = $this->db->lastInsertId('id');
\DB::table(PREFIX . 'codo_user_roles')->insert(array('uid' => $this->userid, 'rid' => $this->rid, 'is_primary' => 1));
if ($this->user_status == 0) {
$this->add_signup_attempt($fields);
$this->send_mail($fields, $errors);
}
//TODO: CurrentUser -> store user
//dont know the security implications when $fields is passed with hook
\CODOF\Hook::call('on_user_registered');
}
}
return $errors;
}
/**
*
* Checks if username and password is not empty
* Checks if user exists and password matches
* Logs the user in
* remember_me() is called
*
* @return type
*/
public function process_login()
{
//don't neeed much validation since we use prepared queries
$username = strip_tags(trim($this->username));
$hasher = new \CODOF\Pass(8, false);
$password = $this->password;
$errors = array();
if (strlen($username) == 0) {
$errors[]["msg"] = _t("username field cannot be left empty");
}
if (strlen($password) == 0) {
$errors[]["msg"] = _t("password field cannot be left empty");
}
if (strlen($password) < 72 && empty($errors)) {
$user = User::getByUsername($username);
$ip = $_SERVER['REMOTE_ADDR'];
//cannot be trusted at all ;)
$ban = new Ban($this->db);
if ($user && $ban->is_banned(array($ip, $username, $user->mail))) {
$ban_len = '';
if ($ban->expires > 0) {
$ban_len = _t("until ") . date('d-m-Y h:m:s', $ban->expires);
}
return json_encode(array("msg" => _t("You have been banned ") . $ban_len));
}
if ($user && $hasher->CheckPassword($password, $user->pass)) {
User::login($user->id);
$user = User::get();
$user->rememberMe();
return json_encode(array("msg" => "success", "uid" => $user->id, "rid" => $user->rid, "role" => User::getRoleName($user->rid)));
} else {
\CODOF\Log::info('failed login attempt by ' . $username . 'wrong username/password');
return json_encode(array("msg" => _t("Wrong username or password")));
}
} else {
return json_encode($errors);
}
}
/**
*
* Updates the password of the current user
* @param string $new_pass
* @return boolean true if password was updated
*/
public function updatePassword($new_pass)
{
$hasher = new \CODOF\Pass(8, false);
$hash = $hasher->HashPassword($new_pass);
//update the new hashed password
return $this->set(array("pass" => $hash));
}
$arr['name'] = $_POST['display_name'];
// $arr['rid'] = $_POST['role'];
$arr['signature'] = $_POST['signature'];
unset($arr['id']);
$err = 0;
$msg = "";
if ($stmt->fetch()) {
$err = 1;
$msg = "username or email has already been taken!<br>";
} else {
if ($_POST['p1'] != "") {
if ($_POST['p1'] != $_POST['p2']) {
$err = 1;
$msg = "The passwords do not match!";
} else {
$hasher = new \CODOF\Pass(8, false);
$hash = $hasher->HashPassword($_POST['p1']);
$arr['pass'] = $hash;
}
}
if (isset($_FILES['user_img']) && !empty($_FILES['user_img']['name'])) {
$image = $_FILES['user_img'];
\CODOF\File\Upload::$width = 128;
\CODOF\File\Upload::$height = 128;
\CODOF\File\Upload::$resizeImage = true;
\CODOF\File\Upload::$resizeIconPath = DATA_PATH . PROFILE_ICON_PATH;
$file_info = \CODOF\File\Upload::do_upload($image, PROFILE_IMG_PATH);
if (\CODOF\File\Upload::$error) {
$err = 1;
$msg = "Error While uploading the image, try with a different image.";
} else {
