function onSubmit($vals)
{
$vals['public'] = $vals['public'] ? 'yes' : 'no';
if ($vals['website'] == 'http://') {
$vals['website'] = '';
}
$session_id = session_make_pending_key();
$vals['verify'] = str_replace('PENDING:', '', $session_id);
// 1. insert into sitellite_user
$res = db_execute('
insert into sitellite_user
(username, password, firstname, lastname, company, website, country, province, email, session_id, role, team)
values
(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)', $vals['user_id'], better_crypt($vals['password']), $vals['firstname'], $vals['lastname'], $vals['company'], $vals['website'], $vals['country'], $vals['province'], $vals['email'], $session_id, 'member', 'core');
if (!$res) {
page_title('Unknown Error');
echo '<p>An error occurred while creating your account. Please try again later.</p>';
echo '<p>Error Message: ' . db_error() . '</p>';
return;
}
// 2. insert into org_profile
/*db_execute (
'insert into org_profile
(user_id, public, about, sig)
values
(?, ?, ?, ?)',
$vals['user_id'],
$vals['public'],
$vals['about'],
$vals['sig']
);*/
// 3. email confirmation
@mail($vals['email'], 'Membership Confirmation', template_simple('member_confirmation.spt', $vals), 'From: ' . appconf('email'));
// 4. log them in
//global $cgi, $session;
//$cgi->username = $cgi->user_id;
//$session->username = $cgi->user_id;
//$session->password = $cgi->password;
//$session->start ();
// 5. respond
page_title(intl_get('Welcome') . ' ' . $vals['firstname'] . ' ' . $vals['lastname']);
echo '<p>Your account has been created. An email has also been sent to your address containing information necessary to activate your account.</p>';
}
function onSubmit($vals)
{
$vals['public'] = $vals['public'] ? 'yes' : 'no';
if ($vals['website'] == 'http://') {
$vals['website'] = '';
}
$session_id = session_make_pending_key();
$vals['verify'] = str_replace('PENDING:', '', $session_id);
// 1. insert into sitellite_user
$res = session_user_add(array('username' => $vals['user_id'], 'password' => better_crypt($vals['password']), 'firstname' => $vals['firstname'], 'lastname' => $vals['lastname'], 'company' => $vals['company'], 'website' => $vals['website'], 'country' => $vals['country'], 'province' => $vals['province'], 'email' => $vals['email'], 'session_id' => $session_id, 'role' => 'member', 'team' => 'none', 'public' => $vals['public'], 'profile' => $vals['about'], 'sig' => $vals['sig'], 'registered' => date('Y-m-d H:i:s'), 'modified' => date('Y-m-d H:i:s')));
if (!$res) {
page_title('Unknown Error');
echo '<p>An error occurred while creating your account. Please try again later.</p>';
return;
}
// 2. email confirmation
@mail($vals['email'], 'Membership Confirmation', template_simple('register_confirmation.spt', $vals), 'From: ' . appconf('email'));
// 3. respond
page_title(intl_get('Welcome') . ' ' . $vals['firstname'] . ' ' . $vals['lastname']);
echo '<p>Your account has been created. An email has also been sent to your address containing information necessary to activate your account.</p>';
}
/**
* Calls the better_crypt() function instead of crypt() when comparing
* a new password to the original to see if it matches up.
*
* @access public
* @param string
* @param string
* @return boolean
*/
function better_crypt_compare($pass, $original)
{
if (better_crypt($pass, $original) == $original) {
return true;
}
return false;
}
$vals['teams'][$k] = str_replace(',', '', $v);
if (empty($vals['teams'][$k])) {
unset($vals['teams'][$k]);
}
}
unset($vals['_list']);
unset($vals['tab1']);
unset($vals['tab2']);
unset($vals['tab3']);
unset($vals['tab-end']);
unset($vals['password_verify']);
unset($vals['submit_button']);
unset($vals['registered']);
$vals['modified'] = date('Y-m-d H:i:s');
if (!empty($vals['passwd'])) {
$vals['password'] = better_crypt($vals['passwd']);
unset($vals['passwd']);
} else {
unset($vals['passwd']);
}
$user = $vals['_key'];
unset($vals['_key']);
$vals['lang'] = 'en';
// changeable via preferences later by user
if ($vals['website'] == 'http://') {
unset($vals['website']);
}
if ($user == session_username()) {
global $session;
$vals['expires'] = date('YmdHis', time() + $session->timeout);
}
// verify key
$cgi->user = $session->getUserByEmail($cgi->email);
if (!$cgi->user) {
if ($box['context'] == 'action') {
page_title(intl_get('Recover Your Password'));
}
echo template_simple('passrecover/emailnotfound.spt', $cgi);
return;
}
if (!$session->isValidKey($cgi->user, 'RECOVER:' . $cgi->key)) {
header('Location: ' . site_prefix() . '/index/sitemember-passrecover-action');
exit;
}
if (!empty($cgi->password) && $cgi->verify == $cgi->password) {
// update password
$session->update(array('password' => better_crypt($cgi->password)), $cgi->user);
$session->username = $cgi->user;
$session->password = $cgi->password;
$session->start();
if ($box['context'] == 'action') {
page_title(intl_get('Your Password Has Been Changed'));
}
} else {
if ($cgi->verify != $cgi->password) {
$cgi->error = true;
}
// prompt for new password
if ($box['context'] == 'action') {
page_title(intl_get('Choose a New Password'));
}
echo template_simple('passrecover/newpass.spt', $cgi);
if ($new_password != $new_password2) {
$errors[] = $lang['passwords_not_identical'];
}
$error = Account::validatePassword($new_password);
if ($error != AccountError::NO_ERROR) {
$errors[] = AccountError::str($error, $lang);
}
if (count($errors) == 0) {
// check if username and token are valid
$query = "SELECT id from " . DB_PREFIX . "user WHERE name = '" . escape($db, $username) . "' and resetToken = '" . escape($db, $token) . "' and resetToken <> '' LIMIT 1";
$result = $db->query($query);
if ($result->num_rows == 0) {
$errors[] = $lang["token_incorrect"];
} else {
$user = $result->fetch_object();
$crypted_pw = better_crypt($new_password);
$db->query("UPDATE " . DB_PREFIX . "user SET password = '******', resetToken = '' WHERE id = {$user->id} LIMIT 1");
header("Location:index.php?changedpw");
}
}
}
?>
<h2>Passwort zurücksetzen</h2>
<?php
foreach ($errors as $error) {
echo '<div class="enboxed" style="color:red;">' . $error . '</div>';
}
?>
<form method="post" action="<?php
echo $_SERVER['PHP_SELF'];
?>
}
// Check that the password contains enough
$ret = preg_match("/^(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])(?!.*\\s).{8,20}\$/", $_POST['password']);
if ($ret != true) {
$_SESSION['error_message'] = "The password must contain:<br>one lower case letter, one upper case letter,<br>one digit, one special character,<br>be 8-20 in length, and have no spaces.";
session_write_close();
header("Location: register.php");
return;
}
$username = test_input($_POST["email"]);
$api_key = test_input($_POST["api_key"]);
$answer = test_input($_POST["answer"]);
$label_format = $_POST['label_format'];
$question = $_POST['question'];
$password = $_POST['password'];
$password_hash = better_crypt($password);
// Check if the API Key is valid
$restApi = new RestApi(array('url' => $base_url . 'machines', 'token' => $api_key, 'methodType' => 'GET', 'params' => array()));
$info_arr = $restApi->getInfo();
//echo $info_arr["http_code"];
if ($info_arr["http_code"] != 200) {
$_SESSION['error_message'] = 'Your API Key does not seem to be valid<br>Error Code: ' . $info_arr["http_code"];
header("Location: register.php");
return;
}
// check if the username or API already exists in the DB
if (checkRedundantVal($username) || checkRedundantVal($api_key)) {
header("Location: check_user_false.php");
} else {
// Connect to the DB
$con = tep_db_connect();
echo "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n" . "<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n" . "The requested URL " . $PHP_SELF . " was not found on this server.<p>\n<hr>\n" . $_SERVER['SERVER_SIGNATURE'] . "</body></html>";
exit;
}
// END KEEPOUT CHECKING
$on = appconf('changepass');
if (!$on) {
header('Location: ' . site_prefix() . '/index/sitemember-app');
exit;
} elseif ($on != 'box:sitemember/changepass') {
list($type, $call) = split(':', $on);
$func = 'loader_' . $type;
echo $func(trim($call), array(), $context);
return;
}
if (!session_valid()) {
header('Location: ' . site_prefix() . '/index/sitemember-app');
exit;
}
global $cgi, $session;
if (better_crypt_compare($cgi->current, session_password()) && !empty($cgi->newpass) && $cgi->verify == $cgi->newpass) {
$session->update(array('password' => better_crypt($cgi->newpass), 'expires' => date('Y-m-d H:i:s', time() + 3600)), $session->username);
page_title(intl_get('Password Changed'));
echo template_simple('pass_changed.spt');
} else {
$data = array();
if (!empty($cgi->newpass)) {
$data['error'] = true;
}
page_title(intl_get('Change Password'));
echo template_simple('changepass.spt', $data);
}
public static function register($db, $lang, $username, $password, $email)
{
Account::cleanup($db);
$result = $db->query("SELECT COUNT(*) FROM " . DB_PREFIX . "user WHERE name = '" . escape($db, $username) . "' LIMIT 1");
$result = $result->fetch_row();
if ($result[0] != 0) {
return AccountError::USERNAME_OCCUPIED;
}
$result = $db->query("SELECT COUNT(*) FROM " . DB_PREFIX . "user WHERE email = '" . escape($db, $email) . "' LIMIT 1");
$result = $result->fetch_row();
if ($result[0] != 0) {
return AccountError::EMAIL_OCCUPIED;
}
if (strlen($username) < self::USERNAME_MIN_LENGTH || strlen($username) > self::USERNAME_MAX_LENGTH) {
return AccountError::USERNAME_INVALID_LENGTH;
}
//if (! preg_match("/^[-0-9A-Z_@+.\s]+$/i", $username) || strpos($username, " ") !== false) {
if (preg_match("/\\s/i", $username)) {
return AccountError::USERNAME_INVALID_CHARS;
}
$pwerror = Account::validatePassword($password);
if ($pwerror != AccountError::NO_ERROR) {
return $pwerror;
}
if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
return AccountError::INVALID_EMAIL;
}
$crypted_pw = better_crypt($password);
$token = "";
if (EMAIL_VERIFICATION) {
$token = Account::sendRegisterMail($lang, $email, $username);
if ($token === false) {
return AccountError::EMAIL_SEND_ERROR;
}
}
$query = "INSERT INTO " . DB_PREFIX . "user (name, password, power, status, nameColor, registerToken, email, registerDate) VALUES ('" . escape($db, $username) . "', '" . $crypted_pw . "', 10, '" . self::DEFAULT_STATUS . "', '" . randomColor() . "', '" . $token . "', '" . escape($db, $email) . "', " . time() * 1000 . ")";
$result = $db->query($query);
if ($result === false) {
echo '<pre>' . $query . "\n" . $db->error;
return AccountError::DATABASE_ERROR;
}
return AccountError::NO_ERROR;
}
/**
* Encrypts the value given with the optional salt. If the
* value is also missing, uses the $data_value property. Returns the
* encrypted string.
*
* @access public
* @param string $value
* @param string $salt
* @return string
*
*/
function encrypt($value = '', $salt = '')
{
return better_crypt($value, $salt);
}
$data['onclick'] = 'return validate (this.form)';
$data['body'] = template_simple('password.spt', $data);
}
break;
case 6:
$conn = @mysql_connect($cgi->dbhost . ':' . $cgi->dbport, $cgi->dbuser, $cgi->dbpass);
if (!$conn) {
header(sprintf('Location: ?step=3&dbhost=%s&dbport=%s&database=%s&dbuser=%s&dbpass=%s&drop=%s&error=%s', $cgi->dbhost, $cgi->dbport, $cgi->database, $cgi->dbuser, $cgi->dbpass, $cgi->drop, 'Failed to connect to MySQL: ' . mysql_error()));
exit;
}
if (!@mysql_select_db($cgi->database, $conn)) {
header(sprintf('Location: ?step=3&dbhost=%s&dbport=%s&database=%s&dbuser=%s&dbpass=%s&drop=%s&error=%s', $cgi->dbhost, $cgi->dbport, $cgi->database, $cgi->dbuser, $cgi->dbpass, $cgi->drop, 'Can\'t use database "' . $cgi->database . '": ' . mysql_error()));
exit;
}
// set password
if (!@mysql_query('update sitellite_user set password = "******" where username = "******"', $conn)) {
$data['error'] = true;
$data['body'] = '<p class="notice">Error setting password: '******'</p>';
}
$data['step'] = 6;
$data['next_step'] = 7;
$data['title'] = 'Finish Up';
$data['next'] = 'Finish';
if (empty($data['body'])) {
$data['body'] = template_simple('finish.spt', $data);
}
break;
default:
// mark the installation completed
@umask(00);
@touch('installed');
if ($parameters['command'] == 'save') {
if (!session_valid()) {
echo loader_box('sitellite/user/password', null);
// The error message will handle itself
return;
}
if (empty($parameters['password_new_1']) || empty($parameters['password_new_2'])) {
// They gotta fill out all 3 fields
echo loader_box('sitellite/user/password', array('errormsg' => 'You have to fill in both password fields with your new password'));
return;
}
if ($parameters['password_new_1'] != $parameters['password_new_2']) {
echo loader_box('sitellite/user/password', array('errormsg' => 'Your passwords do not match'));
return;
}
$crypted = better_crypt($parameters['password_new_1']);
$res = db_execute("update sitellite_user set password = ?, expires = now() + 3600 where username = ?", $crypted, $session->username);
if (!$res) {
echo loader_box('sitellite/user/password', array('errormsg' => 'Database error: ' . db_error()));
return;
}
if (!isset($parameters['goto'])) {
$parameters['goto'] = '';
} else {
$parameters['goto'] = '/' . $parameters['goto'];
}
page_title(intl_get('Password Changed'));
echo template_simple('user/password_saved.spt', $parameters);
return;
}
case 'inline':
function updateUserPassword($userID, $password, $key)
{
if (checkEmailKey($key, $userID) === false) {
return false;
}
//$password = md5(trim($password) . PW_SALT);
$password = better_crypt($password);
if ($SQL = tep_db_query("UPDATE `users` SET `password` = '" . $password . "' WHERE `id` = {$userID}")) {
$SQL = tep_db_query("DELETE FROM `recoveryemails_enc` WHERE `Key` = '{$key}'");
}
}
