static function send_reset_password($email = null)
{
if (Adapter::row_count(Adapter::secure_query('SELECT mail FROM users WHERE mail = :mail', [':mail' => $email])) == 1) {
$mail = new PHPMailer();
$mail->IsSMTP();
$system_settings = unserialize(SYSTEM_SETTINGS);
$mail->Host = $system_settings['smtp_server'];
$mail->From = '*****@*****.**';
$mail->FromName = $system_settings['hotel_name'];
$mail->AddAddress($email);
$mail->IsHTML(true);
$mail->Subject = 'Reset-Password Confirmation';
$mail->Body = Page::include_content('reset_password', 'others/mail');
$get_details = Adapter::fetch_object(Adapter::secure_query('SELECT id,username,mail FROM users WHERE mail = :mail', [':mail' => $email]));
$mail->Body = str_replace('{{mail_username}}', $get_details->username, $mail->Body);
$mail->Body = str_replace('{{mail_email}}', $get_details->mail, $mail->Body);
$hash = md5($get_details->mail . '_' . $get_details->username . '_' . rand(0, 9));
Adapter::secure_query('INSERT INTO cms_restore_password (user_id,user_hash) VALUES (:userid,:userhash)', [':userid' => $get_details->id, ':userhash' => $hash]);
$mail->Body = str_replace('{{confirm_url}}', $system_settings['global_url'] . '/reset-password/' . $hash, $mail->Body);
$mail->Body = str_replace('{{hotel_name}}', $system_settings['hotel_name'], $mail->Body);
$mail->Send();
$mail->ClearAllRecipients();
$mail->ClearAttachments();
}
}
/**
* function show
* render and return content
* @return string
*/
function show()
{
$count = 0;
$inventory_subscribe = [];
$region_id = Misc::escape_text($_GET['inventory']);
foreach (Adapter::secure_query("SELECT * FROM cms_shop_subscriptions WHERE region = :id", [':id' => $region_id]) as $row_a) {
$row_b = Adapter::fetch_object(Adapter::secure_query("SELECT * FROM cms_shop_payments_types WHERE id = :id LIMIT 1", [':id' => $row_a['payment_type']]));
$payment_json[$count] = new JsonPayment($row_b->id, $row_b->name, $row_b->button, $row_b->image, 'subscription');
$inventory_subscribe[$count] = new JsonSubscription($row_a['id'], $row_a['name'], $row_a['description'], $row_a['credits_amount'], $row_a['price'], $row_a['type'], $row_a['icon'], $payment_json);
$count++;
}
$count = 0;
$countries = [];
foreach (Adapter::query("SELECT * FROM cms_shop_countries") as $row_a) {
$countries[$count++] = new JsonCountry($row_a['country_id'], $row_a['country_name'], $row_a['country_locale'], $row_a['country_code']);
}
$row_c = Adapter::fetch_array(Adapter::secure_query("SELECT * FROM cms_shop_countries WHERE country_code = :id LIMIT 1", [':id' => $region_id]));
$country_json = new JsonCountry($row_c['country_id'], $row_c['country_name'], $row_c['country_locale'], $row_c['country_code']);
$subscriptions_object = new stdClass();
$subscriptions_object->selectedCountry = $country_json;
$subscriptions_object->countries = $countries;
$subscriptions_object->items = $inventory_subscribe;
header('Content-type: application/json');
return json_encode($subscriptions_object);
}
/**
* function show
* render and return content
*/
function show()
{
$data = json_decode(file_get_contents("php://input"), true);
if (Adapter::row_count(Adapter::secure_query('SELECT * FROM cms_restore_password WHERE user_hash = :userhash LIMIT 1', [':userhash' => $data['token']])) == 1) {
$get = Adapter::fetch_object(Adapter::secure_query('SELECT * FROM cms_restore_password WHERE user_hash = :userhash LIMIT 1', [':userhash' => $data['token']]));
$row = Adapter::fetch_object(Adapter::secure_query('SELECT * FROM users WHERE id = :userid LIMIT 1', [':userid' => $get->user_id]));
$check_object = new stdClass();
$check_object->email = $row->mail;
$check_object->name = $row->username;
return json_encode($check_object);
}
header('HTTP/1.1 404 Not Found');
return null;
}
/**
* function show
* render and return content
*/
function show()
{
$data = json_decode(file_get_contents("php://input"), true);
if (Adapter::row_count(Adapter::secure_query('SELECT * FROM cms_restore_password WHERE user_hash = :userhash LIMIT 1', [':userhash' => $data['token']])) == 1) {
$get = Adapter::fetch_object(Adapter::secure_query('SELECT * FROM cms_restore_password WHERE user_hash = :userhash LIMIT 1', [':userhash' => $data['token']]));
$row = Adapter::fetch_object(Adapter::secure_query('SELECT * FROM users WHERE id = :userid LIMIT 1', [':userid' => $get->user_id]));
$data['currentPassword'] = '';
User::change_password($data, $row->id, false);
Adapter::secure_query('DELETE FROM cms_restore_password WHERE user_hash = :userhash', [':userhash' => $data['token']]);
return null;
}
header('HTTP/1.1 404 Not Found');
return null;
}
/**
* function show
* render and return content
*/
function show()
{
$data = json_decode(file_get_contents("php://input"), true);
$query = Adapter::secure_query('SELECT * FROM cms_users_verification WHERE user_hash = :userhash', [':userhash' => $data['token']]);
if (Adapter::row_count($query) == 1) {
$fetch = Adapter::fetch_object($query);
Adapter::secure_query('UPDATE cms_users_verification SET verified = :verified WHERE user_hash = :userhash', [':verified' => 'true', ':userhash' => $data['token']]);
Data::user_create_instance($fetch->user_id);
$row = Adapter::fetch_object(Adapter::secure_query('SELECT mail FROM users WHERE id = :userid', [':userid' => $fetch->user_id]));
$activate_object = new stdClass();
$activate_object->email = $row->mail;
$activate_object->emailVerified = true;
$activate_object->identityVerified = true;
return json_encode($activate_object);
}
header('HTTP/1.1 404 Not Found');
$error_object = new stdClass();
$error_object->error = 'activation.invalid_token';
return json_encode($error_object);
}
/**
* function show
* render and return content
*/
function show()
{
$data = json_decode(file_get_contents("php://input"), true);
$data['currentPassword'] = $data['password'];
header('Content-type: application/json');
if (User::change_password($data, Data::$user_instance->user_id, true, false) == true) {
$query = Adapter::fetch_object(Adapter::secure_query('SELECT trade_lock FROM users WHERE id = :userid', [':userid' => Data::$user_instance->user_id]));
if ($query->trade_lock == 0) {
Adapter::secure_query('UPDATE users SET trade_lock = :statusl WHERE id = :userid', [':statusl' => '1', ':userid' => Data::$user_instance->user_id]);
}
if (Adapter::row_count(Adapter::secure_query('SELECT * FROM cms_security_questions WHERE user_id = :userid', [':userid' => Data::$user_instance->user_id])) == 0) {
Adapter::secure_query('INSERT INTO cms_security_questions (user_id,question_one,question_two) VALUES (:userid,:questionone,:questiontwo)', [':questionone' => $data['answer1'], ':questiontwo' => $data['answer2'], ':userid' => Data::$user_instance->user_id]);
}
Adapter::secure_query('UPDATE cms_security_questions SET question_one = :questionone, question_two = :questiontwo WHERE user_id = :userid', [':questionone' => $data['answer1'], ':questiontwo' => $data['answer2'], ':userid' => Data::$user_instance->user_id]);
return null;
}
header('HTTP/1.1 400 Bad Request');
$error_object = new stdClass();
$error_object->error = 'invalid_password';
return json_encode($error_object);
}
/**
* function show
* render and return content
*/
function show()
{
$count = 0;
$inventory_purse = [];
$region_id = $_GET['inventory'];
foreach (Adapter::secure_query("SELECT * FROM cms_shop_inventory WHERE region = :id", [':id' => $region_id]) as $row_a) {
$row_b = Adapter::fetch_object(Adapter::secure_query("SELECT * FROM cms_shop_payments_types WHERE id = :id LIMIT 1", [':id' => $row_a['payment_type']]));
$payment_json[$count] = new JsonPayment($row_b->id, $row_b->name, $row_b->button, $row_b->image, 'online');
$inventory_purse[$count] = new JsonPurse($row_a['id'], $row_a['name'], $row_a['description'], $row_a['credits_amount'], $row_a['price'], [0 => $row_a['categories']], $row_a['icon'], $row_a['region'], $payment_json);
$count++;
}
$row_c = Adapter::fetch_array(Adapter::secure_query("SELECT * FROM cms_shop_countries WHERE country_code = :id LIMIT 1", [':id' => $region_id]));
$country_json = new JsonCountry($row_c['country_id'], $row_c['country_name'], $row_c['country_locale'], $row_c['country_code']);
$inventory_object = new stdClass();
$inventory_object->country = $country_json;
$inventory_object->paymentCategories = ['online'];
$inventory_object->pricePoints = $inventory_purse;
$inventory_object->doubleCredits = true;
header('Content-type: application/json');
return json_encode($inventory_object);
}
/**
* function show
* render and return content
*/
function show()
{
$query = Adapter::fetch_object(Adapter::secure_query('SELECT trade_lock FROM users WHERE id = :userid', [':userid' => Data::$user_instance->user_id]));
header('Content-type: application/json');
return $query->trade_lock == 0 ? false : true;
}
/**
* function change password
* change user password
* @param array $data
* @param int $user_id
* @param bool $need_verify
* @param bool $update_in_db
* @return null
*/
static function change_password($data = [], $user_id = 0, $need_verify = true, $update_in_db = true)
{
$query = Adapter::secure_query("SELECT * FROM users WHERE id = :userid LIMIT 1", [':userid' => $user_id]);
if (Adapter::row_count($query) == 1) {
$l = Adapter::fetch_object($query);
if (password_verify($data['currentPassword'], $l->password) || !$need_verify) {
if ($update_in_db) {
if ($need_verify) {
Adapter::secure_query("UPDATE users SET password = :newpass WHERE id = :userid AND password = :password", [':newpass' => password_hash(Misc::escape_text($data['password']), PASSWORD_BCRYPT), ':userid' => Data::$user_instance->user_id, ':password' => password_hash(Misc::escape_text($data['currentPassword']), PASSWORD_BCRYPT)]);
} else {
Adapter::secure_query("UPDATE users SET password = :newpass WHERE id = :userid", [':newpass' => password_hash(Misc::escape_text($data['password']), PASSWORD_BCRYPT), ':userid' => Data::$user_instance->user_id]);
}
}
header('HTTP/1.1 204 No Content');
return true;
}
}
header('HTTP/1.1 409 Conflict');
return false;
}
/**
* function compose_news
* get articles ;)
* @param bool $return
* @param bool $article_id
* @return null|string
*/
static function compose_news($return = false, $article_id = false)
{
if (!$article_id) {
$count = 0;
$code = [];
foreach (Adapter::query('SELECT * FROM cms_articles WHERE type = "article" ORDER BY id ASC') as $row) {
$code[$count] = new stdClass();
$code[$count]->title = $row['title'];
$code[$count]->body = html_entity_decode(strip_tags(substr(str_replace(['\\r', '\\n', '\\'], '', $row['text']), 0, 200)));
$code[$count]->articleIndex = 0;
$code[$count]->linkUrl = $row['external_link'] != 'default' ? $row['external_link'] : "/news/{$row['internal_link']}";
$code[$count]->linkLabel = $row['link_text'];
$code[$count]->imageUrl = $row['image'];
$code[$count]->start = null;
$count++;
}
return $return ? json_encode($code) : null;
} else {
$article_id = str_replace('_', '-', $article_id);
if (Adapter::row_count(Adapter::secure_query("SELECT * FROM cms_articles WHERE internal_link = :article_url", [':article_url' => $article_id])) == 1) {
$row = Adapter::fetch_object(Adapter::secure_query("SELECT * FROM cms_articles WHERE internal_link = :article_url", [':article_url' => $article_id]));
} else {
$row = Adapter::fetch_object(Adapter::query("SELECT * FROM cms_articles WHERE `type` = 'article' ORDER BY id ASC LIMIT 1"));
}
if ($row->type == 'article') {
$text = str_replace(['\\r', '\\n', '\\'], '', $row->text);
$code = "<h1>{$row->title}</h1>";
$code = $code . "<p>{$text}</p>";
$code = $code . '<blockquote><p>See more news on the <a href="/">Home page</a>!</p></blockquote>';
} else {
$code = $row->text;
}
return $return ? $code : null;
}
}
