function __construct($user, $display, $pass, $email, $country, $state, $city, $address, $zip, $phone) { //Used for display only $this->displayname = $display; //Sanitize $this->clean_email = sanitize($email); $this->clean_password = trim($pass); $this->username = sanitize($user); $this->user_country = sanitize($country); $this->user_state = sanitize($state); $this->user_city = sanitize($city); $this->user_address = sanitize($address); $this->user_zip = sanitize($zip); $this->user_phone = sanitize($phone); if (usernameExists($this->username)) { $this->username_taken = true; } else { if (displayNameExists($this->displayname)) { $this->displayname_taken = true; } else { if (emailExists($this->clean_email)) { $this->email_taken = true; } else { //No problems have been found. $this->status = true; } } } }
function __construct($user, $display, $pass, $email, $pin, $location, $about) { //Used for display only $this->displayname = $display; //Sanitize $this->clean_email = sanitize($email); $this->clean_password = trim($pass); $this->username = sanitize($user); $this->clean_pin = trim($pin); $this->location = trim($location); $this->about = trim($about); if (usernameExists($this->username)) { $this->username_taken = true; } else { if (displayNameExists($this->displayname)) { $this->displayname_taken = true; } else { if (emailExists($this->clean_email)) { $this->email_taken = true; } else { //No problems have been found. $this->status = true; } } } }
function __construct($user, $display, $pass, $email, $colist, $contact) { //Used for display only $this->displayname = $display; //Sanitize $this->clean_email = sanitize($email); $this->clean_password = trim($pass); $this->username = sanitize($user); $this->colist_agent = $colist; $this->contact_person = $contact; if (usernameExists($this->username)) { $this->username_taken = true; } else { if (displayNameExists($this->displayname)) { $this->displayname_taken = true; } else { if (emailExists($this->clean_email)) { $this->email_taken = true; } else { //No problems have been found. $this->status = true; } } } }
function __construct($user, $pass, $email, $group_id = 2) { //Used for display only $this->unclean_username = $user; //Sanitize $this->clean_email = sanitize($email); $this->clean_password = trim($pass); $this->group_id = trim($group_id); $this->clean_username = sanitize($user); if (usernameExists($this->clean_username)) { $this->username_taken = true; } elseif (emailExists($this->clean_email)) { $this->email_taken = true; } else { //No problems have been found. $this->status = true; } }
function sendNewPassw($email_address) { //if email exists find user and make new pass. send new pass through email $userid = emailExists($email_address); if ($userid == 0) { return false; } else { $newpass = resetPassword($userid); $subject = MSG00165 . ' ' . szName(); $message = MSG00167 . ' ' . szName() . "\r\n" . MSG00168 . ' ' . szUrl() . "\r\n" . MSG00166 . ': ' . $newpass; $headers = 'From: ' . szEmail() . "\r\n" . 'Bcc: ' . szCronEmail() . "\r\n"; if (sendEmail($email_address, $subject, $message, $headers)) { return true; } else { return false; } } }
<body> <a href="admin.php" class="uppercase admin-button">Admin</a> <?php if (count($_POST) > 0) { // 1.Honeypot if ($_POST['name'] != '') { die('Spammeur !'); } // 2.Nettoyage $email = trim(strip_tags($_POST['email'])); // 3.Validation $errors = array(); if (!is_valid_email($email)) { $errors['email'] = 'Vous devez entrer une adresse email valide.'; } else { if (emailExists($connexion, $email)) { $errors['email'] = 'Cette adresse email est déjà dans notre base de données.'; } } if (count($errors) < 1) { $uniqid = uniqid(); include 'mail.inc.php'; $sql = 'INSERT INTO users(user_id, email, date, state) VALUES(:user_id, :email, now(), :state)'; $preparedStatement = $connexion->prepare($sql); $preparedStatement->bindValue('user_id', $uniqid); $preparedStatement->bindValue('email', $email); $preparedStatement->bindValue('state', 'off'); $preparedStatement->execute(); } } ?>
public function validate_email($value) { if (filter_var($value, FILTER_VALIDATE_REGEXP, array('options' => array('regexp' => '/^[a-z0-9._%+-]+@(?:[a-z0-9-]+\\.)+([a-z]{2}|com|net|org|edu|gov|mil|tel|biz|info|name|mobi|asia)$/'))) === false) { $this->set_specific_error('password', lang("ACCOUNT_INVALID_EMAIL")); } else { if (emailExists($value)) { $this->set_specific_error('email', lang("ACCOUNT_EMAIL_IN_USE", array($value))); } } }
$errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_REQUEST_CANNED"); } } } //Forms posted if (!empty($_POST)) { $email = $_POST["email"]; $username = sanitize($_POST["username"]); //Perform some validation //Feel free to edit / change as required if (trim($email) == "") { $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); } else { if (!isValidEmail($email) || !emailExists($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } } if (trim($username) == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } else { if (!usernameExists($username)) { $errors[] = lang("ACCOUNT_INVALID_USERNAME"); } } if (count($errors) == 0) { //Check that the username / email are associated to the same account if (!emailUsernameLinked($email, $username)) { $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID"); } else {
function method_sign_in() { global $db_prefix, $context, $user_profile, $modSettings, $register, $sourcedir, $user_info, $boardurl, $txt; require_once $sourcedir . '/Register.php'; require_once $sourcedir . '/Subs-Members.php'; require_once $sourcedir . '/Subs-Auth.php'; $token = $context['mob_request']['params'][0][0]; $code = $context['mob_request']['params'][1][0]; $email = isset($context['mob_request']['params'][2][0]) ? base64_decode($context['mob_request']['params'][2][0]) : ''; $username = isset($context['mob_request']['params'][3][0]) ? base64_decode($context['mob_request']['params'][3][0]) : ''; $password = isset($context['mob_request']['params'][4][0]) ? base64_decode($context['mob_request']['params'][4][0]) : ''; // verify tapatalk token and code first $ttid = TapatalkSsoVerification($token, $code); if (empty($ttid)) { get_error('Tapatalk authorization verify failed, please login with your username and password.'); } $tapatalk_id_email = $ttid->email; $result_status = true; $register = false; $result_text = ''; if (!$ttid->result || empty($tapatalk_id_email)) { get_error($ttid->result_text ? $ttid->result_text : 'Tapatalk authorization verify failed, please login with your username and password'); } // sign in with email or register an account $login_id = emailExists($tapatalk_id_email); if (empty($login_id)) { if (empty($username)) { get_error('Invalid Parameters', 2); } else { if (isReservedName($username, 0, true, false)) { get_error($txt[473], 1); } else { if (empty($password)) { $password = tt_generatePassword(); } $_POST['user'] = $username; $_POST['email'] = $tapatalk_id_email; $_POST['passwrd1'] = $password; $_POST['passwrd2'] = $password; $_POST['regagree'] = 'on'; $_POST['regSubmit'] = 'Register'; $_POST['skip_coppa'] = 1; $_SESSION['old_url'] = $boardurl; $modSettings['disable_visual_verification'] = 1; $modSettings['recaptcha_enabled'] = 0; $modSettings['recaptcha_enable'] = 0; $modSettings['captchaenable'] = 0; // compatibility with old CAPTCHA Mod $modSettings['anti_spam_ver_enable'] = false; if ($modSettings['registration_method'] == 1) { $modSettings['registration_method'] = 0; } $login_id = Register2(); $register = true; $result_status = $modSettings['registration_method'] == 2 ? false : true; $result_text = $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : ''; if (empty($login_id)) { get_error('Register failed'); } } } } // do login if ($login_id) { $request = db_query("\n SELECT passwd, ID_MEMBER AS id_member, is_activated, ID_GROUP AS id_group, emailAddress AS email_address, additionalGroups AS additional_groups, memberName AS member_name,\n passwordSalt AS password_salt, ID_POST_GROUP\n FROM {$db_prefix}members\n WHERE ID_MEMBER = '{$login_id}'\n ", __FILE__, __LINE__); $user = mysql_fetch_assoc($request); if ($user['is_activated'] == 3 && !$register) { fatal_lang_error('still_awaiting_approval'); } // Set the login cookie setLoginCookie(60 * $modSettings['cookieTime'], $login_id, sha1($user['passwd'] . $user['password_salt'])); loadMemberData($user['id_member'], false, 'profile'); $user_info = $user_profile[$user['id_member']]; $user_info['is_guest'] = false; $user_info['is_admin'] = $user['id_group'] == 1 || in_array(1, explode(',', $user['additional_groups'])); $user_info['id'] = $user['id_member']; if (empty($user_info['additionalGroups'])) { $user_info['groups'] = array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']); } else { $user_info['groups'] = array_merge(array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']), explode(',', $user_info['additionalGroups'])); } $user_info['groups'] = array_unique(array_map('intval', $user_info['groups'])); // Banned? is_not_banned(true); // Don't stick the language or theme after this point. unset($_SESSION['language']); unset($_SESSION['ID_THEME']); // You've logged in, haven't you? updateMemberData($user_info['id'], array('lastLogin' => time(), 'memberIP' => '\'' . $user_info['ip'] . '\'', 'memberIP2' => '\'' . $_SERVER['BAN_CHECK_IP'] . '\'')); // Get rid of the online entry for that old guest.... db_query("\n DELETE FROM {$db_prefix}log_online\n WHERE session = 'ip{$user_info['ip']}'\n LIMIT 1", __FILE__, __LINE__); $_SESSION['log_time'] = 0; loadPermissions(); update_push(); // We got this far? return a positive response.... outputRPCLogin($result_status, $result_text); } else { get_error('Sign In Failed'); } }
// CSRF対策 setToken(); } else { $_POST = arrayString($_POST); checkToken(); $emailre = '/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD'; $passre = '/^[0-9a-zA-Z]{6,20}$/'; $birthre = '/\\d{4}\\-\\d{2}\\-\\d{2}/'; $error = []; if (1 > strlen($_POST['name']) || strlen($_POST['name']) > 20) { $error[] = '名前は1文字以上20文字以内'; } if (!preg_match($emailre, $_POST['email'])) { $error[] = '不正なメールアドレス'; } else { if (emailExists($_POST['email']) != 0) { $error[] = 'このメールアドレスは既に登録されています'; } } if (!preg_match($passre, $_POST['password'])) { $error[] = 'パスワードは英数字6文字以上20文字以内'; } else { if ($_POST['password'] != $_POST['repassword']) { $error[] = '二つのパスワードが異なっています'; } else { if (!preg_match($birthre, $_POST['birthyear'] . '-' . $_POST['birthmonth'] . '-' . $_POST['birthday'])) { $error[] = '誕生日の入力が不正です'; } else { if ($_POST['gender'] != '0' && $_POST['gender'] != '1') { $error[] = '性別の入力が不正です'; }
} //Activate account if (isset($_POST['activate']) && $_POST['activate'] == "activate") { if (setUserActive($userdetails['activation_token'])) { $successes[] = lang("ACCOUNT_MANUALLY_ACTIVATED", array($displayname)); } else { $errors[] = lang("SQL_ERROR"); } } //Update email if ($userdetails['email'] != $_POST['email']) { $email = trim($_POST["email"]); //Validate email if (!isValidEmail($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } elseif (emailExists($email)) { $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email)); } else { if (updateEmail($userId, $email)) { $successes[] = lang("ACCOUNT_EMAIL_UPDATED"); } else { $errors[] = lang("SQL_ERROR"); } } } //Update title if ($userdetails['title'] != $_POST['title']) { $title = trim($_POST['title']); //Validate title if (minMaxRange(1, 50, $title)) { $errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 50));
$errors[] = "Unable to update " . $row['Username'] . "'s username because selected name is not between 5 and 25 characters."; } elseif (usernameExists($newusername)) { $errors[] = "Unable to change " . $row['Username'] . "'s name because selected username is already in use."; } else { $sql = "UPDATE " . $db_table_prefix . "Users SET Username = '******', Username_clean = '" . sanitize($newusername) . "' WHERE User_ID='" . $row['User_ID'] . "'"; $db->sql_query($sql); } } if ($row['Email'] != $newemail) { if (trim($newemail) == "") { $errors[] = "Unable to update " . $row['Username'] . "'s email because no address was entered."; } else { if (!isValidEmail($newemail)) { $errors[] = "Unable to update " . $row['Username'] . "'s email because address is invalid."; } else { if (emailExists($newemail)) { $errors[] = "Unable to update " . $row['Username'] . "'s email because address is already in use."; } else { $sql = "UPDATE " . $db_table_prefix . "Users SET Email = '" . $newemail . "' WHERE User_ID='" . $row['User_ID'] . "'"; $db->sql_query($sql); } } } } if ($newgroup != $row['Group_ID']) { $sql = "UPDATE " . $db_table_prefix . "Users SET Group_ID = '" . $newgroup . "' WHERE User_ID='" . $row['User_ID'] . "'"; $db->sql_query($sql); } } } }
function updateLastActivationRequest($new_activation_token, $user_name, $email) { // Check that email, user_name exist and are linked if (!(emailExists($email) && usernameExists($user_name) && emailUsernameLinked($email, $user_name))) { addAlert("danger", "Invalid email/username specified."); return false; } try { global $db_table_prefix; $db = pdoConnect(); $sqlVars = array(); $query = "UPDATE " . $db_table_prefix . "users\n SET activation_token = :token,\n last_activation_request = :time,\n lost_password_timestamp = :time_password\n WHERE email = :email\n AND\n user_name = :user_name"; $stmt = $db->prepare($query); $sqlVars['token'] = $new_activation_token; $sqlVars['time'] = time(); $sqlVars['time_password'] = time(); $sqlVars['email'] = $email; $sqlVars['user_name'] = $user_name; if (!$stmt->execute($sqlVars)) { // Error: column does not exist return false; } return true; } catch (PDOException $e) { addAlert("danger", "Oops, looks like our database encountered an error."); error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage()); return false; } catch (ErrorException $e) { addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs."); return false; } catch (RuntimeException $e) { addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs."); error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage()); return false; } }
$user_name = $_POST['user_name']; $email = $_POST['email']; $password = $_POST['password']; $db = connectDb(); //ユーザの文字数チェック if (mb_strlen($user_name) < 3 || mb_strlen($user_name) > 15) { $error['user_name'] = '3文字以上15文字以下にしてください'; } //メールアドレスが入力されているかのチェック if ($email === '') { $error['email'] = 'メールアドレスを入力してください'; //メールアドレスの形式が正しいかどうかチェック } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $error['email'] = 'メールアドレスの形式が正しくないです'; //メールアドレスが既に登録されているかどうかチェック } elseif (emailExists($email, $db)) { $error['email'] = 'このメールアドレスは既に登録されています'; } //パスワードが英数字であることかつ文字数チェック if (!preg_match('/^[a-zA-Z0-9]{4,8}$/', $password)) { $error['password'] = '******'; } if (empty($error)) { # code... $hash = password_hash($password, PASSWORD_DEFAULT); $sql = 'INSERT INTO users (user_name, email, password) VALUES (:user_name, :email, :password)'; $statement = $db->prepare($sql); $statement->bindValue(':user_name', $user_name, PDO::PARAM_STR); $statement->bindValue(':email', $email, PDO::PARAM_STR); $statement->bindValue(':password', $hash, PDO::PARAM_STR); if ($statement->execute()) {
function mob_update_password($rpcmsg) { global $txt, $modSettings; global $cookiename, $context; global $sourcedir, $scripturl, $db_prefix; global $ID_MEMBER, $user_info; global $newpassemail, $user_profile, $validationCode; loadLanguage('Profile'); // Start with no updates and no errors. $profile_vars = array(); $post_errors = array(); $good_password = false; // reset directly with tapatalk id credential if ($rpcmsg->getParam(2)) { $_POST['passwrd1'] = $rpcmsg->getParam(0) ? $rpcmsg->getScalarValParam(0) : ''; $_POST['passwrd1'] = utf8ToAscii($_POST['passwrd1']); $token = $rpcmsg->getParam(1) ? $rpcmsg->getScalarValParam(1) : ''; $code = $rpcmsg->getParam(2) ? $rpcmsg->getScalarValParam(2) : ''; // verify Tapatalk Authorization if ($token && $code) { $ttid = TapatalkSsoVerification($token, $code); if ($ttid && $ttid->result) { $tapatalk_id_email = $ttid->email; if (empty($ID_MEMBER) && ($ID_MEMBER = emailExists($tapatalk_id_email))) { loadMemberData($ID_MEMBER, false, 'profile'); $user_info = $user_profile[$ID_MEMBER]; $user_info['is_guest'] = false; $user_info['is_admin'] = $user_info['id_group'] == 1 || in_array(1, explode(',', $user_info['additionalGroups'])); $user_info['id'] = $ID_MEMBER; if (empty($user_info['additionalGroups'])) { $user_info['groups'] = array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']); } else { $user_info['groups'] = array_merge(array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']), explode(',', $user_info['additionalGroups'])); } $user_info['groups'] = array_unique(array_map('intval', $user_info['groups'])); loadPermissions(); } if (strtolower($user_info['emailAddress']) == strtolower($tapatalk_id_email) && $user_info['ID_GROUP'] != 1) { $good_password = true; } } } if (!$good_password) { get_error('Failed to update password'); } } else { $_POST['oldpasswrd'] = $rpcmsg->getParam(0) ? $rpcmsg->getScalarValParam(0) : ''; $_POST['passwrd1'] = $rpcmsg->getParam(1) ? $rpcmsg->getScalarValParam(1) : ''; $_POST['passwrd1'] = utf8ToAscii($_POST['passwrd1']); } // Clean up the POST variables. $_POST = htmltrim__recursive($_POST); $_POST = stripslashes__recursive($_POST); $_POST = htmlspecialchars__recursive($_POST); $_POST = addslashes__recursive($_POST); $memberResult = loadMemberData($ID_MEMBER, false, 'profile'); if (!is_array($memberResult)) { fatal_lang_error(453, false); } $memID = $ID_MEMBER; $context['user']['is_owner'] = true; isAllowedTo(array('manage_membergroups', 'profile_identity_any', 'profile_identity_own')); // You didn't even enter a password! if (trim($_POST['oldpasswrd']) == '' && !$good_password) { fatal_error($txt['profile_error_no_password']); } // Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password $_POST['oldpasswrd'] = addslashes(un_htmlspecialchars(stripslashes($_POST['oldpasswrd']))); // Does the integration want to check passwords? if (isset($modSettings['integrate_verify_password']) && function_exists($modSettings['integrate_verify_password'])) { if (call_user_func($modSettings['integrate_verify_password'], $user_profile[$memID]['memberName'], $_POST['oldpasswrd'], false) === true) { $good_password = true; } } // Bad password!!! if (!$good_password && $user_info['passwd'] != sha1(strtolower($user_profile[$memID]['memberName']) . $_POST['oldpasswrd'])) { fatal_error($txt['profile_error_bad_password']); } // Let's get the validation function into play... require_once $sourcedir . '/Subs-Auth.php'; $passwordErrors = validatePassword($_POST['passwrd1'], $user_info['username'], array($user_info['name'], $user_info['email'])); // Were there errors? if ($passwordErrors != null) { fatal_error($txt['profile_error_password_' . $passwordErrors]); } // Set up the new password variable... ready for storage. $profile_vars['passwd'] = '\'' . sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . '\''; // If we've changed the password, notify any integration that may be listening in. if (isset($modSettings['integrate_reset_pass']) && function_exists($modSettings['integrate_reset_pass'])) { call_user_func($modSettings['integrate_reset_pass'], $user_profile[$memID]['memberName'], $user_profile[$memID]['memberName'], $_POST['passwrd1']); } updateMemberData($memID, $profile_vars); require_once $sourcedir . '/Subs-Auth.php'; setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . $user_profile[$memID]['passwordSalt'])); $response = array('result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64')); return new xmlrpcresp(new xmlrpcval($response, 'struct')); }
<?php require_once __DIR__ . '/db.php'; //response for json $response = array(); if (isset($_POST['FirstName']) && isset($_POST['LastName']) && isset($_POST['Username']) && isset($_POST['Password']) && isset($_POST['Email'])) { $fname = $_POST['FirstName']; $lname = $_POST['LastName']; $username = $_POST['Username']; $password = $_POST['Password']; $email = $_POST['Email']; require_once __DIR__ . '/ifExists.php'; if (!usernameExists($username)) { if (!emailExists($email)) { $db = new DB(); $db->bind('FirstName', $fname); $db->bind('LastName', $lname); $db->bind('Username', $username); $db->bind('Password', $password); $db->bind('Email', $email); $result = $db->query("INSERT INTO `users`(FirstName, LastName, Username, Password, Email) " . "VALUES (:FirstName, :LastName, :Username, :Password, :Email)"); if ($result) { //successful $response["success"] = 1; $response["message"] = "User successfully registered."; echo json_encode($response); } else { $response["success"] = 0; $response["message"] = 'An error occurred.'; echo json_encode($response); }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; $baseURL = getcwd(); require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //User has confirmed they want their password changed if (!empty($_GET["confirm"])) { $token = trim($_GET["confirm"]); if ($token == "" || !validateActivationToken($token, TRUE)) { $errors[] = lang("FORGOTPASS_INVALID_TOKEN"); } else { $rand_pass = getUniqueCode(15); //Get unique code $secure_pass = generateHash($rand_pass); //Generate random hash $userdetails = fetchUserDetails(NULL, $token); //Fetchs user details $mail = new userCakeMail(); //Setup our custom hooks $hooks = array("searchStrs" => array("#GENERATED-PASS#", "#USERNAME#"), "subjectStrs" => array($rand_pass, $userdetails["display_name"])); if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/your-lost-password.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Your new password")) { $errors[] = lang("MAIL_ERROR"); } else { if (!updatePasswordFromToken($secure_pass, $token)) { $errors[] = lang("SQL_ERROR"); } else { if (!flagLostPasswordRequest($userdetails["user_name"], 0)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_NEW_PASS_EMAIL"); } } } } } } //User has denied this request if (!empty($_GET["deny"])) { $token = trim($_GET["deny"]); if ($token == "" || !validateActivationToken($token, TRUE)) { $errors[] = lang("FORGOTPASS_INVALID_TOKEN"); } else { $userdetails = fetchUserDetails(NULL, $token); if (!flagLostPasswordRequest($userdetails["user_name"], 0)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_REQUEST_CANNED"); } } } //Forms posted if (!empty($_POST)) { $email = $_POST["email"]; $username = sanitize($_POST["username"]); //Perform some validation //Feel free to edit / change as required if (trim($email) == "") { $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); } else { if (!isValidEmail($email) || !emailExists($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } } if (trim($username) == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } else { if (!usernameExists($username)) { $errors[] = lang("ACCOUNT_INVALID_USERNAME"); } } if (count($errors) == 0) { //Check that the username / email are associated to the same account if (!emailUsernameLinked($email, $username)) { $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID"); } else { //Check if the user has any outstanding lost password requests $userdetails = fetchUserDetails($username); if ($userdetails["lost_password_request"] == 1) { $errors[] = lang("FORGOTPASS_REQUEST_EXISTS"); } else { //Email the user asking to confirm this change password request //We can use the template builder here //We use the activation token again for the url key it gets regenerated everytime it's used. $mail = new userCakeMail(); $confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot-password.php?confirm=" . $userdetails["activation_token"]; $deny_url = lang("DENY") . "\n" . $websiteUrl . "forgot-password.php?deny=" . $userdetails["activation_token"]; //Setup our custom hooks $hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["user_name"])); if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/lost-password-request.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Lost password request")) { $errors[] = lang("MAIL_ERROR"); } else { //Update the DB to show this account has an outstanding request if (!flagLostPasswordRequest($userdetails["user_name"], 1)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_REQUEST_SUCCESS"); } } } } } } } $this->load->view('forgot_password'); }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } $userId = $_GET['id']; //Check if selected user exists if (!userIdExists($userId)) { header("Location: " . str_replace('index.php/', '', site_url('admin_users'))); die; } $userdetails = fetchUserDetails(NULL, NULL, $userId); //Fetch user details //Forms posted if (!empty($_POST)) { //Delete selected account if (!empty($_POST['delete'])) { $deletions = $_POST['delete']; if ($deletion_count = deleteUsers($deletions)) { $successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } else { //Update display name if ($userdetails['display_name'] != $_POST['display']) { $displayname = trim($_POST['display']); //Validate display name if (displayNameExists($displayname)) { $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE", array($displayname)); } elseif (minMaxRange(5, 25, $displayname)) { $errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(5, 25)); } elseif (!ctype_alnum($displayname)) { $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS"); } else { if (updateDisplayName($userId, $displayname)) { $successes[] = lang("ACCOUNT_DISPLAYNAME_UPDATED", array($displayname)); } else { $errors[] = lang("SQL_ERROR"); } } } else { $displayname = $userdetails['display_name']; } //Activate account if (isset($_POST['activate']) && $_POST['activate'] == "activate") { if (setUserActive($userdetails['activation_token'])) { $successes[] = lang("ACCOUNT_MANUALLY_ACTIVATED", array($displayname)); } else { $errors[] = lang("SQL_ERROR"); } } //Update email if ($userdetails['email'] != $_POST['email']) { $email = trim($_POST["email"]); //Validate email if (!isValidEmail($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } elseif (emailExists($email)) { $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email)); } else { if (updateEmail($userId, $email)) { $successes[] = lang("ACCOUNT_EMAIL_UPDATED"); } else { $errors[] = lang("SQL_ERROR"); } } } //Update title if ($userdetails['title'] != $_POST['title']) { $title = trim($_POST['title']); //Validate title if (minMaxRange(1, 50, $title)) { $errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 50)); } else { if (updateTitle($userId, $title)) { $successes[] = lang("ACCOUNT_TITLE_UPDATED", array($displayname, $title)); } else { $errors[] = lang("SQL_ERROR"); } } } //Remove permission level if (!empty($_POST['removePermission'])) { $remove = $_POST['removePermission']; if ($deletion_count = removePermission($remove, $userId)) { $successes[] = lang("ACCOUNT_PERMISSION_REMOVED", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } if (!empty($_POST['addPermission'])) { $add = $_POST['addPermission']; if ($addition_count = addPermission($add, $userId)) { $successes[] = lang("ACCOUNT_PERMISSION_ADDED", array($addition_count)); } else { $errors[] = lang("SQL_ERROR"); } } $userdetails = fetchUserDetails(NULL, NULL, $userId); } } $userPermission = fetchUserPermissions($userId); $permissionData = fetchAllPermissions(); require_once "{$baseURL}/application/third_party/user_cake/models/header.php"; echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin User</h2>\r\n<div id='left-nav'>"; include "{$baseURL}/application/third_party/user_cake/left-nav.php"; echo "\r\n</div>\r\n<div id='main'>"; echo resultBlock($errors, $successes); echo "\r\n<form name='adminUser' action='" . $_SERVER['PHP_SELF'] . "?id=" . $userId . "' method='post'>\r\n<table class='admin'><tr><td>\r\n<h3>User Information</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>ID:</label>\r\n" . $userdetails['id'] . "\r\n</p>\r\n<p>\r\n<label>Username:</label>\r\n" . $userdetails['user_name'] . "\r\n</p>\r\n<p>\r\n<label>Display Name:</label>\r\n<input type='text' name='display' value='" . $userdetails['display_name'] . "' />\r\n</p>\r\n<p>\r\n<label>Email:</label>\r\n<input type='text' name='email' value='" . $userdetails['email'] . "' />\r\n</p>\r\n<p>\r\n<label>Active:</label>"; //Display activation link, if account inactive if ($userdetails['active'] == '1') { echo "Yes"; } else { echo "No\r\n\t</p>\r\n\t<p>\r\n\t<label>Activate:</label>\r\n\t<input type='checkbox' name='activate' id='activate' value='activate'>\r\n\t"; } echo "\r\n</p>\r\n<p>\r\n<label>Title:</label>\r\n<input type='text' name='title' value='" . $userdetails['title'] . "' />\r\n</p>\r\n<p>\r\n<label>Sign Up:</label>\r\n" . date("j M, Y", $userdetails['sign_up_stamp']) . "\r\n</p>\r\n<p>\r\n<label>Last Sign In:</label>"; //Last sign in, interpretation if ($userdetails['last_sign_in_stamp'] == '0') { echo "Never"; } else { echo date("j M, Y", $userdetails['last_sign_in_stamp']); } echo "\r\n</p>\r\n<p>\r\n<label>Delete:</label>\r\n<input type='checkbox' name='delete[" . $userdetails['id'] . "]' id='delete[" . $userdetails['id'] . "]' value='" . $userdetails['id'] . "'>\r\n</p>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Update' class='submit' />\r\n</p>\r\n</div>\r\n</td>\r\n<td>\r\n<h3>Permission Membership</h3>\r\n<div id='regbox'>\r\n<p>Remove Permission:"; //List of permission levels user is apart of foreach ($permissionData as $v1) { if (isset($userPermission[$v1['id']])) { echo "<br><input type='checkbox' name='removePermission[" . $v1['id'] . "]' id='removePermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name']; } } //List of permission levels user is not apart of echo "</p><p>Add Permission:"; foreach ($permissionData as $v1) { if (!isset($userPermission[$v1['id']])) { echo "<br><input type='checkbox' name='addPermission[" . $v1['id'] . "]' id='addPermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name']; } } echo "\r\n</p>\r\n</div>\r\n</td>\r\n</tr>\r\n</table>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>"; }
<?php /* * Dit scriptje is het server deel van het stukje AJAX. Het enige dat dit moet doen * is de tekst 'true' of 'false' in de body van het http response te stoppen (in plaats * van HTML code in een 'normaal' php script). * * Omdat ik ook hier gebruik maak van mijn 'library' voor het lezen en schrijven van * gebruikers (userstorage.php) van en naar een json bestandje, is dit met weinig code * te realiseren. Sterker nog, als ik deze zin heb uitgetypt is het aantal regels * commentaar groter dan de feitelijke code. * */ include_once 'userstorage.php'; $username = $_GET['email']; if (emailExists($username)) { echo "true"; } else { echo "false"; }
require "includes/initialisation.php"; $subscribe = $_POST['subscribe']; $email = trim(strip_tags($_POST['email'])); $errors = array(); if (isset($subscribe) && isset($email)) { // Check email if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors["email"] = 'Il semblerait que ton adresse mail soit incorrecte.'; } if ($email == "") { $errors["email"] = 'Il semblerait que tu as oublié d\'entrer ton adresse mail.'; } if (empty($errors)) { // Check that email is not already save in database if (emailExists($db, $email)) { $errors["message"] = "Il semblerait que vous soyez déjà inscrit à la newsletter."; } else { $emailsaved = saveEmail($db, $email); if ($emailsaved) { sendEmailConfirmation($db, $email); $_SESSION['email'] = $email; header('Location: thanks.php'); } else { $errors["message"] = "Il semblerait qu'il y ai eut un problème, veuillez nous en excuser et réessayer dans quelque instant."; } } } } $page_title = "Inscription - Mailinglist"; include "includes/head.view.php";
if ($email == 1) { if ($email_address == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } } else { if ($username == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } } if ($password == "") { $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD"); } if (count($errors) == 0) { //A security note here, never tell the user which credential was incorrect if ($email == 1) { $existsVar = !emailExists($email_address); } else { $existsVar = !usernameExists($username); } if ($existsVar) { $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { if ($email == 1) { $userdetails = fetchUserAuthByEmail($email_address); } elseif ($email == 0) { $userdetails = fetchUserAuthByUserName($username); } //See if the user's account is activated if ($userdetails["active"] == 0) { $errors[] = lang("ACCOUNT_INACTIVE"); } else {
defined('_VALID') or die('Restricted Access!'); Auth::checkAdmin(); $emails_path = $config['BASE_DIR'] . '/templates/emails'; if (!file_exists($emails_path) or !is_dir($emails_path) or !is_writable($emails_path)) { $err = 'Emails directory ' . $emails_path . ' is not writable!'; } $email = array('email_id' => '', 'email_file' => '', 'subject' => '', 'content' => '', 'comment' => ''); if (isset($_POST['add_email'])) { $email_id = trim($_POST['email_id']); $email_file = trim($_POST['email_file']); $subject = trim($_POST['subject']); $content = trim($_POST['content']); $comment = trim($_POST['comment']); if ($email_id == '') { $err = 'Email Id field cannot be blank!'; } elseif (emailExists($email_id)) { $err = 'A email with this email id already exists!'; } else { $email['email_id'] = $email_id; } if ($email_file == '') { $err = 'Email file field cannot be blank!'; } elseif (strtolower(substr($email_file, strrpos($email_file, '.') + 1)) != 'tpl') { $err = 'Email file must have .tpl as extension!'; } elseif (file_exists($emails_path . '/' . $email_file)) { $err = 'A email with the same file already exists!'; } else { $email['email_file'] = $email_file; } if ($subject == '') { $err = 'Email subject cannot be blank!';
// CSRF対策 setToken(); } else { // 投稿後 checkToken(); $name = $_POST['name']; $email = $_POST['email']; $password = $_POST['password']; $dbh = connectDb(); $error = array(); // エラー処理 // 名前が空かどうかチェック if ($name == '') { $error['name'] = '名前を入力してください'; } if (emailExists($email, $dbh)) { $error['email'] = 'このメールアドレスは既に登録されています。'; } //メールアドレスが正しい記述かどうか if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $error['email'] = "メールアドレスの形式が正しくありません"; } // メールアドレスが空かどうか if ($email == '') { $error['email'] = 'メールアドレスを入力してください'; } // パスワードが空かどうか if ($password == '') { $error['password'] = '******'; } // 登録処理
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ $baseURL = getcwd(); require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Prevent the user visiting the logged in page if he is not logged in if (!isUserLoggedIn()) { header("Location: " . str_replace('index.php/', '', site_url('login'))); die; } if (!empty($_POST)) { $errors = array(); $successes = array(); $password = $_POST["password"]; $password_new = $_POST["passwordc"]; $password_confirm = $_POST["passwordcheck"]; $errors = array(); $email = $_POST["email"]; //Perform some validation //Feel free to edit / change as required //Confirm the hashes match before updating a users password $entered_pass = generateHash($password, $loggedInUser->hash_pw); if (trim($password) == "") { $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD"); } else { if ($entered_pass != $loggedInUser->hash_pw) { //No match $errors[] = lang("ACCOUNT_PASSWORD_INVALID"); } } if ($email != $loggedInUser->email) { if (trim($email) == "") { $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); } else { if (!isValidEmail($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } else { if (emailExists($email)) { $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email)); } } } //End data validation if (count($errors) == 0) { $loggedInUser->updateEmail($email); $successes[] = lang("ACCOUNT_EMAIL_UPDATED"); } } if ($password_new != "" or $password_confirm != "") { if (trim($password_new) == "") { $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD"); } else { if (trim($password_confirm) == "") { $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD"); } else { if (minMaxRange(8, 50, $password_new)) { $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH", array(8, 50)); } else { if ($password_new != $password_confirm) { $errors[] = lang("ACCOUNT_PASS_MISMATCH"); } } } } //End data validation if (count($errors) == 0) { //Also prevent updating if someone attempts to update with the same password $entered_pass_new = generateHash($password_new, $loggedInUser->hash_pw); if ($entered_pass_new == $loggedInUser->hash_pw) { //Don't update, this fool is trying to update with the same password ¬¬ $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE"); } else { //This function will create the new hash and update the hash_pw property. $loggedInUser->updatePassword($password_new); $successes[] = lang("ACCOUNT_PASSWORD_UPDATED"); } } } if (count($errors) == 0 and count($successes) == 0) { $errors[] = lang("NOTHING_TO_UPDATE"); } } $this->load->view('user_settings'); }
if (trim($password) == "") { $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD"); } else { if ($entered_pass != $loggedInUser->hash_pw) { //No match $errors[] = lang("ACCOUNT_PASSWORD_INVALID"); } } if ($email != $loggedInUser->email) { if (trim($email) == "") { $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); } else { if (!isValidEmail($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } else { if (emailExists($email)) { $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email)); } } } //End data validation if (count($errors) == 0) { $loggedInUser->updateEmail($email); $successes[] = lang("ACCOUNT_EMAIL_UPDATED"); } } if ($password_new != "" or $password_confirm != "") { if (trim($password_new) == "") { $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD"); } else { if (trim($password_confirm) == "") {
$username = $first_name . "_" . $last_name; $username = strtolower(str_replace(" ", "_", trim($username))); $password = md5('AzertyuioP'); // Default password $usertype = 'Registered'; $gid = "18"; //Firstname, Lastname and Email address are required if ($first_name != "" && $last_name != "" && $user_email != "" && $street != "" && $zip != "" && $city != "" && $country != "") { if (!emailExists($user_email)) { // create the users in default Jomla!1.5 users // XXX test if username doesn't exists before adding $personCreateQuery1 = sprintf("INSERT INTO " . constant('_JOOMLA_TABLE_PREFIX_') . "users\n (name, username, email, password, usertype, gid) \n Values (%s, %s, %s, %s, %s, %s)", GetSQLValueString($name, "text"), GetSQLValueString($username, "text"), GetSQLValueString($user_email, "text"), GetSQLValueString($password, "text"), GetSQLValueString($usertype, "text"), GetSQLValueString($gid, "int")); //echo $personCreateQuery1; $msg_1 = executeSQL($personCreateQuery1); // get the id of the inserted user $user_id = emailExists($user_email); // If we want the user to log in the virtuemart site $section_value = "users"; $personCreateQuery1bis = sprintf("INSERT INTO " . constant('_JOOMLA_TABLE_PREFIX_') . "core_acl_aro \n ( section_value, value, name) \n Values ( %s, %s, %s)", GetSQLValueString($section_value, "text"), GetSQLValueString($user_id, "text"), GetSQLValueString($name, "text")); $msg_1bis = executeSQL($personCreateQuery1bis); // Create Virtuemart user $personCreateQuery2 = sprintf("INSERT INTO " . constant('_VM_TABLE_PREFIX_') . "_user_info \n (first_name, last_name, user_email, address_1, zip, city, country,\n address_type, address_type_name, cdate, mdate, user_id, user_info_id) \n Values ( %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", GetSQLValueString($first_name, "text"), GetSQLValueString($last_name, "text"), GetSQLValueString($user_email, "text"), GetSQLValueString($street, "text"), GetSQLValueString($zip, "text"), GetSQLValueString($city, "text"), GetSQLValueString($country, "text"), GetSQLValueString($address_type, "text"), GetSQLValueString($address_type_name, "text"), GetSQLValueString($cdate, "text"), GetSQLValueString($mdate, "text"), GetSQLValueString($user_id, "int"), GetSQLValueString($user_info_id, "text")); //echo $personCreateQuery2; $msg_2 = executeSQL($personCreateQuery2); echo $msg_2; } else { echo '\\nVirtueMart Error: A user with the email \'' . $user_email . '\' already exists!'; } } else { echo '\\nInvalid query: firstname, lastname, email are required!'; }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; $baseURL = getcwd(); require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Forms posted if (!empty($_POST) && $emailActivation) { $email = $_POST["email"]; $username = $_POST["username"]; //Perform some validation //Feel free to edit / change as required if (trim($email) == "") { $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); } else { if (!isValidEmail($email) || !emailExists($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } } if (trim($username) == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } else { if (!usernameExists($username)) { $errors[] = lang("ACCOUNT_INVALID_USERNAME"); } } if (count($errors) == 0) { //Check that the username / email are associated to the same account if (!emailUsernameLinked($email, $username)) { $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID"); } else { $userdetails = fetchUserDetails($username); //See if the user's account is activation if ($userdetails["active"] == 1) { $errors[] = lang("ACCOUNT_ALREADY_ACTIVE"); } else { if ($resend_activation_threshold == 0) { $hours_diff = 0; } else { $last_request = $userdetails["last_activation_request"]; $hours_diff = round((time() - $last_request) / (3600 * $resend_activation_threshold), 0); } if ($resend_activation_threshold != 0 && $hours_diff <= $resend_activation_threshold) { $errors[] = lang("ACCOUNT_LINK_ALREADY_SENT", array($resend_activation_threshold)); } else { //For security create a new activation url; $new_activation_token = generateActivationToken(); if (!updateLastActivationRequest($new_activation_token, $username, $email)) { $errors[] = lang("SQL_ERROR"); } else { $mail = new userCakeMail(); $activation_url = $websiteUrl . "activate-account.php?token=" . $new_activation_token; //Setup our custom hooks $hooks = array("searchStrs" => array("#ACTIVATION-URL", "#USERNAME#"), "subjectStrs" => array($activation_url, $userdetails["display_name"])); if (!$mail->newTemplateMsg("resend-activation.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Activate your " . $websiteName . " Account")) { $errors[] = lang("MAIL_ERROR"); } else { //Success, user details have been updated in the db now mail this information out. $successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT"); } } } } } } } } //Prevent the user visiting the logged in page if he/she is already logged in if (isUserLoggedIn()) { header("Location: " . str_replace('index.php/', '', site_url('account'))); die; } $this->load->view('resend_activation'); }
blankRegForm(translate('Fill in the details below to register.', sz_config('language'))); } } else { show_page('closed'); } break; case 'login': if (!$session->is_logged_in()) { show_form('login'); } break; case 'resetpw': if (!isset($_SESSION['userid'])) { if ($index_page[1] != '0' && $index_page[1] == 'send') { if (isValid($_POST['email'], 'email')) { if (emailExists($_POST['email'])) { if (sendNewPassw($_POST['email'])) { show_msg(translate('An email has been sent to your email address. Please follow the instructions in the email.', sz_config('language'))); } else { show_msg(translate('An error has occurred while trying to reset your password.', sz_config('language'))); if (reportError('Unable to reset password for' . $_POST['email'])) { show_msg(translate('The website developers have been notified and you will be contacted shortly.', sz_config('language'))); } else { reportErrorManually('33215'); } } } else { show_form('passreset', translate('Please enter your own email address.', sz_config('language'))); } } else { show_form('passreset', translate('You have entered an invalid email address. Please try again.', sz_config('language')));
/** * Update user's email address based on $user_id and new $email. * @param int $user_id the id of the user to update. * @param string $email the validated $_POST['email'] * @return boolean true on success false on failure */ function updateUserEmail($user_id, $email) { // This block automatically checks this action against the permissions database before running. if (!checkActionPermissionSelf(__FUNCTION__, func_get_args())) { addAlert("danger", "Sorry, you do not have permission to access this resource."); return false; } //Validate email if (!isValidEmail($email)) { addAlert("danger", lang("ACCOUNT_INVALID_EMAIL")); return false; } elseif (emailExists($email)) { addAlert("danger", lang("ACCOUNT_EMAIL_IN_USE", array($email))); return false; } if (updateUserField($user_id, 'email', $email)) { addAlert("success", lang("ACCOUNT_EMAIL_UPDATED")); return true; } else { return false; } }
// OPENING DATABASE CONNECTION. $dbConn = dbConnect(); // Password fields. $isValid = passwordExists($dbConn, $loginUsername, $loginPassword); FB::log('Password valid? ' . ($isValid ? 'True' : 'False')); if (!$isValid) { $errorMsg .= "<br><b>You must enter your current password in order to change it.</b>"; } if ($eupNewPassword != $eupPasswordConfirm) { $errorMsg .= "<br><b>The new password fields do not match.</b>"; } if (strlen($eupNewPassword) < 8) { $errorMsg .= "<br><b>Your new password must have a minimum length of 8 characters.</b>"; } // Email field $isValid = emailExists($dbConn, strtolower($acEmail)); FB::log('Email found? ' . ($isValid ? 'True' : 'False')); if ($isValid) { $errorMsg .= "<br><b>The chosen email address is already in use by another user.</b>"; } FB::log('emailExists() finished'); // CLOSING DATABASE CONNECTION. mysqli_close($dbConn); } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Edit User Profile - Open Data Visualizer</title> </head>