Esempio n. 1
0
/**
 * @package pragyan
 * @copyright (c) 2010 Pragyan Team
 * @license http://www.gnu.org/licenses/ GNU Public License
 * For more details, see README
 */
function resetPasswd($allow_login)
{
    if (!isset($_POST['user_email']) && !isset($_GET['key'])) {
        $resetPasswd = <<<RESET
\t\t\t\t\t<form class="registrationform" method="POST" name="user_passreset" onsubmit="return checkForm(this)" action="./+login&subaction=resetPasswd">
\t\t\t\t\t\t<fieldset>
\t\t\t\t\t\t<legend>Reset Password</legend>
\t\t\t\t\t\t\t<table>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td><label for="user_email"  class="labelrequired">Email</label></td>
\t\t\t\t\t\t\t\t\t<td><input type="text" name="user_email" id="user_email" class="required" onchange="if(this.length!=0) return checkEmail(this);"/><br /></td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td colspan="2">&nbsp;</td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td><input type="submit" id="submitbutton" value="Submit"></td>
\t\t\t\t\t\t\t\t\t<td>
RESET;
        if ($allow_login) {
            $resetPasswd .= "<a href='./+login&subaction=register'>Sign Up</a> ";
        }
        $resetPasswd .= "<a href='./+login'>Login</a></td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t</fieldset>\n\t\t\t\t\t</form>";
        return $resetPasswd;
    } elseif (!isset($_GET['key'])) {
        $user_email = escape($_GET['user_email']);
        if (!eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$", escape($_POST['user_email']))) {
            displayerror("Invalid Email Id. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
        } else {
            $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='" . escape($_POST[user_email]) . "' ";
            $result = mysql_query($query);
            $temp = mysql_fetch_assoc($result);
            if (mysql_num_rows($result) == 0) {
                displayerror("E-mail not in registered accounts list. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
            } elseif ($temp['user_loginmethod'] === 'openid') {
                displayerror("This email is registered as an OpenID user. You do not have a permanent account on our server. Hence, we do not keep or maintain your password. Please ask the parent OpenID provider to reset the password for you");
            } elseif ($temp['user_activated'] == 0) {
                displayerror("Account not yet activated.<b>Please check your email</b> and click on the activation link. <a href=\"./+login&subaction=register&reSendKey=1\">Resend activation mail?</a><br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
            } else {
                $key = md5($temp['user_password'] . 'xXc' . substr($temp['user_email'], 1, 2));
                // send mail code starts here - see common.lib.php for more
                //								$from = "*****@*****.**";
                $to = "{$temp['user_email']}";
                $mailtype = "password_forgot_reset";
                $language = "en";
                $messenger = new messenger(false);
                global $onlineSiteUrl;
                $messenger->assign_vars(array('RESETPASS_URL' => "{$onlineSiteUrl}/+login&subaction=resetPasswd&resetPasswd={$temp['user_email']}&key={$key}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
                if ($messenger->mailer($to, $mailtype, $key)) {
                    displayinfo("Password reset link sent. Kindly check your e-mail. <br /><input type=\"button\" onclick=\"history.go(-2)\" value=\"Go back\" />");
                } else {
                    displayerror("Password reset failed. Kindly contact webadmin@pragyan.org");
                }
                // send mail code ends here
            }
        }
    } else {
        $key = escape($_GET['key']);
        $user_email = escape($_GET['resetPasswd']);
        $password = rand();
        $dbpassword = md5($password);
        $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='" . $user_email . "'";
        $result = mysql_query($query);
        $temp = mysql_fetch_assoc($result);
        if ($key == md5($temp['user_password'] . 'xXc' . substr($temp['user_email'], 1, 2))) {
            $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users`  SET `user_password`='{$dbpassword}' WHERE `user_email`='{$user_email}'";
            $result = mysql_query($query);
            if (mysql_affected_rows() > 0) {
                // send mail code starts here
                //							$from = "*****@*****.**";
                $to = "{$temp['user_email']}";
                $mailtype = "password_reset";
                $language = "en";
                $messenger = new messenger(false);
                global $onlineSiteUrl;
                $messenger->assign_vars(array('PASSWORD' => "{$password}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
                if ($messenger->mailer($to, $mailtype, $key)) {
                    displayinfo("Password reset. Kindly check your e-mail.");
                } else {
                    displayerror("Password reset failed. Kindly contact administrator");
                }
                // send mail code ends here
            }
        } else {
            displayinfo(safe_html("Authentication failure for password reset for {$user_email}"));
        }
    }
    return "";
}
function submitRegistrationForm($moduleCompId, $userId, $silent = false, $disableCaptcha = false)
{
    ///-------------------------Get anonymous unique negative user id---------------
    if ($userId == 0) {
        $useridQuery = "SELECT MIN(`user_id`) - 1 AS MIN FROM `form_regdata` WHERE 1";
        $useridResult = mysql_query($useridQuery);
        if (mysql_num_rows($useridResult) > 0) {
            $useridRow = mysql_fetch_assoc($useridResult);
            $userId = $useridRow['MIN'];
        } else {
            $userId = -1;
        }
    }
    ///-----------------------------Anonymous user id ends-------------------------------
    ///---------------------------- CAPTCHA Validation ----------------------------------
    if (!$disableCaptcha) {
        $captchaQuery = 'SELECT `form_usecaptcha` FROM `form_desc` WHERE `page_modulecomponentid` = \'' . $moduleCompId . "'";
        $captchaResult = mysql_query($captchaQuery);
        $captchaRow = mysql_fetch_row($captchaResult);
        if ($captchaRow[0] == 1) {
            if (!submitCaptcha()) {
                return false;
            }
        }
    }
    ///------------------------ CAPTCHA Validation Ends Here ----------------------------
    $query = "SELECT `form_elementid`,`form_elementtype` FROM `form_elementdesc` WHERE `page_modulecomponentid`='{$moduleCompId}'";
    $result = mysql_query($query);
    $allFieldsUpdated = true;
    while ($elementRow = mysql_fetch_assoc($result)) {
        $type = $elementRow['form_elementtype'];
        $elementId = $elementRow['form_elementid'];
        $postVarName = "form_" . $moduleCompId . "_element_" . $elementRow['form_elementid'];
        $functionName = "submitRegistrationForm" . ucfirst(strtolower($type));
        $elementDescQuery = "SELECT `form_elementname`,`form_elementsize`,`form_elementtypeoptions`,`form_elementmorethan`," . "`form_elementlessthan`,`form_elementcheckint`,`form_elementisrequired` FROM `form_elementdesc` " . "WHERE `page_modulecomponentid`='{$moduleCompId}' AND `form_elementid` ='{$elementId}'";
        $elementDescResult = mysql_query($elementDescQuery);
        if (!$elementDescResult) {
            displayerror('E69 : Invalid query: ' . mysql_error());
            return false;
        }
        $elementDescRow = mysql_fetch_assoc($elementDescResult);
        $elementName = $elementDescRow['form_elementname'];
        $elementSize = $elementDescRow['form_elementsize'];
        $elementTypeOptions = $elementDescRow['form_elementtypeoptions'];
        $elementMoreThan = $elementDescRow['form_elementmorethan'];
        $elementLessThan = $elementDescRow['form_elementlessthan'];
        $elementCheckInt = $elementDescRow['form_elementcheckint'] == 1 ? true : false;
        $elementIsRequired = $elementDescRow['form_elementisrequired'] == 1 ? true : false;
        if ($functionName($moduleCompId, $elementId, $userId, $postVarName, $elementName, $elementSize, $elementTypeOptions, $elementMoreThan, $elementLessThan, $elementCheckInt, $elementIsRequired) == false) {
            //	displayerror("Error in inputting data in function $functionName.");
            $allFieldsUpdated = false;
            break;
        }
    }
    if (!$allFieldsUpdated) {
        if ($userId < 0) {
            unregisterUser($moduleCompId, $userId);
        } else {
            if (!verifyUserRegistered($moduleCompId, $userId)) {
                $deleteelementdata_query = "DELETE FROM `form_elementdata` WHERE `user_id` = '{$userId}' AND `page_modulecomponentid` ='{$moduleCompId}' ";
                $deleteelementdata_result = mysql_query($deleteelementdata_query);
            }
            return false;
        }
    } else {
        if (!verifyUserRegistered($moduleCompId, $userId)) {
            registerUser($moduleCompId, $userId);
        } else {
            updateUser($moduleCompId, $userId);
        }
        if (!$silent) {
            $footerQuery = "SELECT `form_footertext`, `form_sendconfirmation` FROM `form_desc` WHERE `page_modulecomponentid` = '{$moduleCompId}'";
            $footerResult = mysql_query($footerQuery);
            $footerRow = mysql_fetch_row($footerResult);
            $footerText = $footerRow[0];
            $footerTextLength = strlen($footerText);
            if ($footerTextLength > 7) {
                if (substr($footerText, 0, 4) == '<!--' && substr($footerText, $footerTextLength - 3) == '-->') {
                    $footerText = substr($footerText, 4, $footerTextLength - 7);
                } else {
                    $footerText = '';
                }
            } else {
                $footerText = '';
            }
            displayinfo($footerText == '' ? "User successfully registered!" : $footerText);
            // send mail code starts here - see common.lib.php for more
            if ($footerRow[1]) {
                $from = '';
                // Default CMS email will be added automatically if this is left blank
                $to = getUserEmail($userId);
                $pageId = getPageIdFromModuleComponentId('form', $moduleCompId);
                $parentPage = getParentPage($pageId);
                $formname = getPageTitle($parentPage);
                $keyid = $finalName = str_pad($userId, 5, '0', STR_PAD_LEFT);
                $key = '';
                $mailtype = "form_registration_mail";
                $messenger = new messenger(false);
                global $onlineSiteUrl;
                $messenger->assign_vars(array('FORMNAME' => "{$formname}", 'KEY' => "{$key}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl, 'NAME' => getUserFullName($userId)));
                if ($messenger->mailer($to, $mailtype, $key, $from)) {
                    displayinfo("You have been succesfully registered to {$formname} and a registration confirmation mail has been sent. Kindly check your e-mail.");
                } else {
                    displayerror("Registration confirmation mail sending failure. Kindly contact webadmin@pragyan.org");
                }
            }
            // send mail code ends here
        }
    }
    return true;
}
Esempio n. 3
0
function register()
{
    ///registration formmessenger
    global $uploadFolder, $sourceFolder, $moduleFolder, $urlRequestRoot;
    require "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php";
    require "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php";
    if (!isset($_GET['key']) && !isset($_GET['reSendKey']) && !isset($_POST['user_email'])) {
        return getRegistrationForm();
    } elseif (isset($_GET['reSendKey']) && !isset($_POST['resend_key_email']) && SEND_MAIL_ON_REGISTRATION) {
        $reSendForm = <<<FORM
<form  class="cms-registrationform" method="POST" name="user_resend_key" onsubmit="return checkForm(this)" action="./+login&subaction=register&reSendKey">
   <fieldset>
   <legend>Resend Activation Link</legend>
   <table>
\t\t<tr>
\t\t\t<td><label for="resend_key_email"  class="labelrequired">Email</label></td>
\t\t\t<td><input type="text" name="resend_key_email" id="resend_key_email" class="required" onchange="if(this.length!=0) return checkEmail(this);"/><br /></td>
\t\t</tr>
\t\t<tr>
\t\t\t<td colspan="2">&nbsp;</td>
\t\t</tr>
\t\t<tr>
\t\t\t<td><input type="submit" id="submitbutton" value="Submit"></td>
\t\t\t<td><a href="./+login&subaction=register">Sign Up</a> <a href="./+login">Login?</a></td>
\t\t</tr>
\t</table>
\t</fieldset>
</form>
FORM;
        return $reSendForm;
    } elseif (isset($_POST['resend_key_email'])) {
        $email = escape($_POST['resend_key_email']);
        $query = "SELECT * FROM  `" . MYSQL_DATABASE_PREFIX . "users`  WHERE `user_email`='{$email}' ";
        $result = mysql_query($query) or displayerror(mysql_error() . "registration L:131");
        if (!mysql_num_rows($result)) {
            displayinfo("This email-id has not yet been registered. Kindly <a href=\"./+login&subaction=register\">register</a>.");
        } else {
            $temp = mysql_fetch_assoc($result);
            if ($temp['user_activated'] == 1) {
                displayinfo("E-mail {$email} has already been verified.<a href=\"./+login\"> Login</a> <a href=\"./+login&subaction=resetPasswd\">Forgot Password?</a>");
            } else {
                $key = getVerificationKey($email, $temp['user_password'], $temp['user_regdate']);
                // send mail code starts here - see common.lib.php for more
                $from = "from: " . CMS_TITLE . " <" . CMS_EMAIL . ">";
                $to = "{$email}";
                $mailtype = "activation_mail";
                $messenger = new messenger(false);
                global $onlineSiteUrl;
                $messenger->assign_vars(array('ACTIVATE_URL' => "{$onlineSiteUrl}/+login&subaction=register&verify={$to}&key={$key}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
                if ($messenger->mailer($to, $mailtype, $key, $from)) {
                    displayinfo("Activation link resent. Kindly check your e-mail for activation link.");
                } else {
                    displayerror("Activation link resending failure. Kindly contact administrator");
                }
                // send mail code ends here
            }
        }
    } elseif (isset($_GET['key'])) {
        $emailId = escape($_GET['verify']);
        $query = "SELECT * FROM  `" . MYSQL_DATABASE_PREFIX . "users`  WHERE `user_email`='{$emailId}'";
        $result = mysql_query($query) or displayerror(mysql_error() . "registration L:76");
        $temp = mysql_fetch_assoc($result);
        if ($temp['user_activated'] == 1) {
            displayinfo("E-mail " . escape($_GET[verify]) . " has already been verified");
        } else {
            if ($_GET['key'] == getVerificationKey($_GET['verify'], $temp['user_password'], $temp['user_regdate'])) {
                $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_activated`=1  WHERE `user_email`='{$emailId}'";
                mysql_query($query) or die(mysql_error());
                if (mysql_affected_rows() > 0) {
                    displayinfo("Your e-mail " . escape($_GET[verify]) . " has been verified. Now you can fill your profile information by clicking <a href=\"./+profile\">here</a> or by clicking on the preferences link in the action bar any time you are logged in.");
                } else {
                    displayerror("Verification error for " . escape($_GET[verify]) . ". Please contact administrator");
                }
            } else {
                displayerror("Verification error for " . escape($_GET[verify]) . ". Please contact administrator");
            }
        }
    } else {
        if ($_POST['user_email'] == "" || $_POST['user_password'] == "") {
            displayerror("Blank e-mail/password NOT allowed");
            return getRegistrationForm();
        }
        if ($_POST['user_name'] == "" || $_POST['user_fullname'] == "") {
            displayerror("Please fill in your user name and Full name");
            return getRegistrationForm();
        }
        if (!preg_match("/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/i", $_POST['user_email'])) {
            displayerror("Invalid Email Id");
            return getRegistrationForm();
        }
        if ($_POST['user_password'] != $_POST['user_repassword']) {
            displayerror("Passwords are not same");
            return getRegistrationForm();
        }
        if (submitCaptcha() == false) {
            return getRegistrationForm();
        }
        /*For new registrations*/
        $umail = escape($_POST['user_email']);
        $umail = trim($umail);
        $isValid = check_email($umail);
        if (!$isValid) {
            displayerror("Your E-Mail Provoider has been blackilisted. Please Use another email id or contact the website administrator");
            return getRegistrationForm();
        }
        $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='" . $umail . "'";
        $result = mysql_query($query) or displayerror(mysql_error() . "in registration L:115");
        if (mysql_num_rows($result)) {
            displaywarning("Email already exists in database. Please use a different e-mail.");
            return getRegistrationForm();
        } else {
            $passwd = md5($_POST['user_password']);
            $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`) " . "VALUES ('" . escape($_POST['user_name']) . "', '" . escape($_POST['user_email']) . "', '" . escape($_POST['user_fullname']) . "', '{$passwd}', " . ACTIVATE_USER_ON_REG . ")";
            $result = mysql_query($query);
            $query1 = "SELECT `user_id` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email` ='" . escape($_POST['user_email']) . "' LIMIT 1";
            $result1 = mysql_query($query1);
            $result1 = mysql_fetch_array($result1);
            $form_result = submitRegistrationForm(0, $result1[0], true, true);
            if (!$form_result) {
                $query1 = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '" . $result1[0] . "'";
                $result = mysql_query($query1);
                return getRegistrationForm();
            }
            if ($result) {
                if (ACTIVATE_USER_ON_REG) {
                    displayinfo("You have been successfully registered. You can now <a href=\"./+login\">log in</a>.");
                } else {
                    displayinfo("Your registration was successful but your account is not activated yet. Kindly check your email, or wait for the website administrator to activate you.");
                }
            }
            if (SEND_MAIL_ON_REGISTRATION) {
                $email = $umail;
                $query = "SELECT * FROM  `" . MYSQL_DATABASE_PREFIX . "users`  WHERE `user_email`='{$email}' ";
                $result = mysql_query($query) or displayerror(mysql_error() . "registration L:211");
                $temp = mysql_fetch_assoc($result);
                $key = getVerificationKey($email, $temp['user_password'], $temp['user_regdate']);
                // send mail code starts here - see common.lib.php for more
                $from = "from: " . CMS_TITLE . " <" . CMS_EMAIL . ">";
                $to = "{$email}";
                $mailtype = "activation_mail";
                $messenger = new messenger(false);
                global $onlineSiteUrl;
                $messenger->assign_vars(array('ACTIVATE_URL' => "{$onlineSiteUrl}/+login&subaction=register&verify={$to}&key={$key}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
                if ($messenger->mailer($to, $mailtype, $key, $from)) {
                    displayinfo("Kindly check your e-mail for activation link.");
                } else {
                    displayerror("Activation link sending failure. Kindly contact administrator");
                }
                // send mail code ends here
            }
        }
    }
}
Esempio n. 4
0
            Regards,<br/>
            
            Susan Fletcher<br/>
            Network Administrator<br/>
            Hackland Central Bank
            </span>
            DISPLAYMSG;
            		$DISPLAYMSG.=$EMAIL;*/
            //mail send code, make sure whatver mailtype is there, its there in emails/ folder in ui/
            require_once "../mailer.lib.php";
            $to = $_POST["useremail"];
            $mailtype = "hca_pass_reset";
            $from = "*****@*****.**";
            $messenger = new messenger(false);
            $messenger->assign_vars(array('USERFULLNAME' => "{$userfullname}", 'AUTHID' => "{$authid}"));
            if ($messenger->mailer($to, $mailtype, $from)) {
                $DISPLAYMSG .= "Email successfully sent to " . $_POST['useremail'] . ". Kindly check your e-mail.";
            } else {
                $DISPLAYMSG .= "Password reset failed!";
            }
            /*		$message=wordwrap($EMAIL,70);
            		$to=$_POST['useremail'];
            		$subject="Hackland Central Bank Password Recovery";
            		$headers = 'From: susanfletcher@hacklandmail.hl' . "\r\n";
            		$headers .= 'MIME-Version: 1.0' . "\r\n";
            		$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
            		
            		mail($to,$subject,$message,$headers); */
        }
    }
}
Esempio n. 5
0
function handleFoodCouponDistribution($mcId, $userId, $toDistribute = 0, $registeredBy)
{
    global $urlRequestRoot, $sourceFolder, $templateFolder, $cmsFolder, $moduleFolder;
    $checkPNG = "{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}/oc/images/check.png";
    $wrongPNG = "{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}/oc/images/dialog-error.png";
    $checkIMG = "<img src=\"{$checkPNG}\" />";
    $wrongIMG = "<img src=\"{$wrongPNG}\" />";
    $processPNG = "{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}/oc/images/dialog-information.png";
    $processIMG = "<img src=\"{$processPNG}\" />";
    if (!(isset($_SESSION['availability_food_coupon']) && $_SESSION['availability_food_coupon'] == 1)) {
        echo "You are not eligible to distribute Food Coupon.{$wrongIMG}<br/>";
        return;
    }
    if (!isAvailable($mcId, 'food_coupon')) {
        echo "Food Coupon Not Available. {$wrongIMG}<br/><hr/>";
        return;
    }
    if ($toDistribute == 0) {
        echo "Distribute Food Coupon to " . $userId . ". {$processIMG}<br/><hr/>";
        return "true";
    }
    $updateQuery = "UPDATE `oc_form_reg` SET `oc_food_coupon_distributed`='Yes' , `updated_time`=NOW()\n                           WHERE `oc_roll_no`={$userId} AND `page_moduleComponentId`={$mcId}";
    if (mysql_query($updateQuery)) {
        echo "Confirmed: Food Coupon to " . $userId . ". {$processIMG}<br/><hr/>";
        $mailtype = "food_registration";
        $messenger = new messenger(false);
        global $onlineSiteUrl;
        date_default_timezone_set('Asia/Kolkata');
        $from = "from: Pragyan Team <*****@*****.**>";
        $to = "*****@*****.**";
        $messenger->assign_vars(array('TSHIRT' => $tShirtSize, 'ROLLNO' => "{$userId}", 'REGISTEREDBY' => getUserEmail($registeredBy), 'TIME' => date('Y-m-d H:i:s')));
        $messenger->mailer($to, $mailtype, "", $from);
        $to = $userId . "@nitt.edu";
        $messenger->mailer($to, $mailtype, "", $from);
    } else {
        displayerror(mysql_error());
        echo "There is a error in Food Coupon Distribution.Contact System Administrator.Do not Distribute Food Coupon. {$wrongIMG}<br/><hr/>";
    }
    return;
}