function login_authenticate()
{
$username = $this->input->post('username');
$password = $this->input->post('password');
$uri_segment = $this->input->post('uri_segment');
log_message('error', __METHOD__);
$result = $this->login_model->login_authenticate($username, encrypt_password($password), $uri_segment);
if (count($result) > 0 && $result['id'] != '') {
$this->session->set_userdata('user_id', $result['id']);
$this->session->set_userdata('user_email', $result['email']);
$this->session->set_userdata('username', $result['username']);
$this->session->set_userdata('role_id', $result['role_id']);
$this->session->set_userdata('link', base_url() . $uri_segment . '/');
$status = 'y';
$login_session = array('session_id' => $this->session->userdata('session_id'), 'login_ip' => $this->input->ip_address(), 'login_time' => current_timestamp_database(), 'login_client' => $this->input->user_agent(), 'user_id' => $result['id']);
$this->login_model->session_details($login_session);
$remember_me = $this->input->post('remember_me') ? TRUE : FALSE;
if ($remember_me) {
// set sess_expire_on_close to 0 or FALSE when remember me is checked.
log_message('error', __METHOD__ . 'remember me called status' . $remember_me);
$this->session->sess_expire_on_close = 'false';
}
} else {
$status = 'n';
}
echo json_encode(array('status' => $status, 'uri_segment' => $uri_segment));
}
function login($username, $password)
{
global $pdo;
if (isset($_SESSION['userid']) && $username == $_SESSION['userid']) {
return TRUE;
}
if ($pdo == null) {
open_database();
}
$stmt = $pdo->prepare("SELECT * FROM users WHERE login=?");
if (!$stmt->execute(array($username))) {
die('Invalid query : [' . error_database() . ']' . $pdo->errorInfo());
}
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if (!isset($row['salt'])) {
return FALSE;
}
$digest = encrypt_password($password, $row['salt']);
if ($digest == $row['crypted_password']) {
$_SESSION['userid'] = $row['id'];
$_SESSION['username'] = $row['name'];
$_SESSION['useraccess'] = $row['access_level'];
$_SESSION['userpageaccess'] = $row['page_access_level'];
return TRUE;
} else {
return FALSE;
}
}
/**
* Save the new password
*
* @access public
*/
public function save()
{
//load model
$this->load->model('account_model');
//get the post data
$current_password = trim($this->input->post('password_current'));
$new_password = trim($this->input->post('password_new'));
$confirmation_password = trim($this->input->post('password_confirmation'));
//validate the current password and the new password
if (empty($current_password) || strlen($current_password) < config('ACCOUNT_PASSWORD')) {
$this->message_stack->add('account_password', sprintf(lang('field_customer_password_current_error'), config('ACCOUNT_PASSWORD')));
} elseif (empty($new_password) || strlen($new_password) < config('ACCOUNT_PASSWORD')) {
$this->message_stack->add('account_password', sprintf(lang('field_customer_password_new_error'), config('ACCOUNT_PASSWORD')));
} elseif (empty($confirmation_password) || $new_password != $confirmation_password) {
$this->message_stack->add('account_password', lang('field_customer_password_new_mismatch_with_confirmation_error'));
}
//if the validation is successful, update the password
if ($this->message_stack->size('account_password') === 0) {
if ($this->account_model->check_account($this->customer->get_email_address(), $current_password)) {
$data['customers_password'] = encrypt_password($new_password);
if ($this->account_model->save($data, $this->customer->get_id())) {
$this->message_stack->add_session('account', lang('success_password_updated'), 'success');
redirect(site_url('account'));
} else {
$this->message_stack->add('account_password', lang('error_database'));
}
}
}
//Setup view
$this->template->build('account/account_password');
}
function new_user($firstName, $lastName, $email, $password, $userType)
{
$salt = generate_salt();
$encPassword = encrypt_password($password, $salt);
$user = create_user_object($firstName, $lastName, $email, $encPassword, $salt, $userType);
save_user_object($user);
return $user;
}
function create_user_account($username, $password)
{
$conn = get_conn();
$username = mysql_fix_string($conn, $username);
$password = mysql_fix_string($conn, $password);
$password = encrypt_password($password);
$query = "insert into ajx_org_users values('{$username}', '{$password}', null)";
get_result($conn, $query);
$conn->close();
}
public function save($id = false)
{
if ($this->perm->can_create == 'y') {
if ($_POST) {
$data = new User($id);
// ตรวจสอบชื่อ username ซ้ำ
if (@$_POST["username"]) {
$chk = new User();
if ($id) {
$chk->where("id !=", $id);
}
$chk->where("username", strip_tags(trim($_POST["username"])))->get();
if ($chk->id) {
redirect("admin/settings/users");
}
}
// ตรวจสอบชื่อ email ซ้ำ
if (@$_POST["email"]) {
$chk = new User();
if ($id) {
$chk->where("id !=", $id);
}
$chk->where("email", strip_tags(trim($_POST["email"])))->get();
if ($chk->id) {
// redirect("admin/settings/users");
}
}
// Username
// $data->username = strip_tags(trim($_POST["username"]));
if (!empty($_POST["password"])) {
$data->password = encrypt_password(strip_tags(trim($_POST["password"])));
}
$data->titulation = strip_tags($_POST["titulation"]);
$data->firstname = strip_tags($_POST["firstname"]);
$data->lastname = strip_tags($_POST["lastname"]);
$data->email = strip_tags($_POST["email"]);
$data->tel = strip_tags($_POST["tel"]);
$data->org_id = $_POST['org_id'];
$data->position = strip_tags($_POST['position']);
$data->user_type_id = $_POST['user_type_id'];
$data->username = strip_tags($_POST['username']);
$data->status = !empty($_POST['status']) ? '1' : '0';
if ($_POST['id'] == '') {
$data->created_by = $this->current_user->id;
} else {
$data->updated_by = $this->current_user->id;
}
$data->save();
$action = $_POST['id'] > 0 ? 'UPDATE' : 'CREATE';
save_logs($this->menu_id, $action, @$data->id, $action . ' ' . $data->firstname . ' ' . $data->lastname . ' User Detail');
}
}
redirect("admin/settings/users");
}
function verify_account($dirty_username, $dirty_password, $dirty_activation_code)
{
$username = escape($dirty_username);
$password = escape($dirty_password);
$code = escape($dirty_activation_code);
$validateUsrMsg = validate_username($username);
if ($validateUsrMsg != "valid-username") {
return;
}
$validatePwdMsg = validate_password($password);
if ($validatePwdMsg != "valid-password") {
return;
}
$account_id = account_id_from_code($code);
$sql1 = "SELECT * FROM account_signup WHERE code='{$code}'";
$result = query($sql1);
if (mysqli_num_rows($result) == 1) {
$row = mysqli_fetch_assoc($result);
$date_requested = $row["date_requested"];
$expires = $date_requested + 86400;
if (time() > $expires) {
echo "validation-expired";
return;
}
$encrypted_password = encrypt_password($password);
$sql2 = "UPDATE account_head SET status='logged-out' WHERE account={$account_id};";
query($sql2);
if (user_has_status($account_id, 'logged-out') == false) {
echo 'verify-error';
return;
}
$sql3 = "INSERT INTO account_credentials (account, username, password)";
$sql3 .= " VALUES ({$account_id}, '{$username}', '{$encrypted_password}');";
query($sql3);
if (user_has_credentials($account_id, $username, $encrypted_password) == false) {
echo 'verify-error';
return;
}
$sql4 = "DELETE FROM account_signup WHERE account={$account_id};";
query($sql4);
if (user_has_signup_pending($account_id)) {
echo 'verify-error';
return;
}
echo "verify-success";
return;
}
echo 'verify-error';
}
function login($username, $password)
{
$CI =& get_instance();
$foo = new User();
//echo $password;
//echo encrypt_password($password);
$foo->where("username", $username)->where("password", encrypt_password($password))->where("status", 1)->get(1);
if ($foo->id) {
$CI->session->set_userdata("id", $foo->id);
$CI->session->set_userdata("user_type_id", $foo->user_type_id);
return TRUE;
} else {
return FALSE;
}
}
function auto_create_user($login)
{
if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) {
$user_id = $this->find_user_by_login($login);
if (!$user_id) {
$login = db_escape_string($login);
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($password, $salt, true);
$query = "INSERT INTO ttrss_users\n\t\t\t\t\t\t(login,access_level,last_login,created,pwd_hash,salt)\n\t\t\t\t\t\tVALUES ('{$login}', 0, null, NOW(), '{$pwd_hash}','{$salt}')";
db_query($this->link, $query);
return $this->find_user_by_login($login);
} else {
return $user_id;
}
}
return $this->find_user_by_login($login);
}
function changepassword()
{
$old_pw = $_POST["old_password"];
$new_pw = $_POST["new_password"];
$con_pw = $_POST["confirm_password"];
if ($old_pw == "") {
print "ERROR: " . __("Old password cannot be blank.");
return;
}
if ($new_pw == "") {
print "ERROR: " . __("New password cannot be blank.");
return;
}
if ($new_pw != $con_pw) {
print "ERROR: " . __("Entered passwords do not match.");
return;
}
$result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE\n\t\t\tid = " . $_SESSION['uid']);
$salt = db_fetch_result($result, 0, "salt");
if (!$salt) {
$old_pw_hash1 = encrypt_password($old_pw);
$old_pw_hash2 = encrypt_password($old_pw, $_SESSION["name"]);
$query = "SELECT id FROM ttrss_users WHERE\n\t\t\t\tid = " . $_SESSION['uid'] . " AND (pwd_hash = '{$old_pw_hash1}' OR\n\t\t\t\tpwd_hash = '{$old_pw_hash2}')";
} else {
$old_pw_hash = encrypt_password($old_pw, $salt, true);
$query = "SELECT id FROM ttrss_users WHERE\n\t\t\t\tid = " . $_SESSION['uid'] . " AND pwd_hash = '{$old_pw_hash}'";
}
$result = db_query($this->link, $query);
if (db_num_rows($result) == 1) {
$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$new_pw_hash = encrypt_password($new_pw, $new_salt, true);
db_query($this->link, "UPDATE ttrss_users SET\n\t\t\t\tpwd_hash = '{$new_pw_hash}', salt = '{$new_salt}'\n\t\t\t\t\tWHERE id = " . $_SESSION['uid']);
$_SESSION["pwd_hash"] = $new_pw_hash;
print __("Password has been changed.");
} else {
print "ERROR: " . __('Old password is incorrect.');
}
}
function __construct()
{
//encryption
require_once "encryption.php";
if (isset($_GET['logout']) && $_GET['logout']) {
$_SESSION['logged'] = FALSE;
session_destroy();
}
$data['invalidEmailPass'] = "******";
//Authentication logic
if (isset($_POST['login'])) {
//store form email and pass
$email = $_POST['email'];
$enc_password = encrypt_password($_POST['password']);
$usersObj = new Users_model();
if ($usersObj->login($email, $enc_password)) {
$_SESSION['logged'] = TRUE;
$_SESSION['email'] = $email;
// $_SESSION['name'] = 'Alin';
header('Location: http://188.166.119.187/workspace/ilear/MVC/part4/index.php?page=admin');
} else {
$data['invalidEmailPass'] = "******";
}
}
// $data['condition'] = (isset($_SESSION['logged']) && $_SESSION['logged'] === TRUE);
// $data['logged'] = "You are logged in!";
// // $data['unlogged'] = "";
$data['logged'] = isset($_SESSION['logged']) && $_SESSION['logged'] === TRUE ? "You are logged in!" : "";
// $data['logged'] = "You are logged in!";
$data['title'] = "LoginPage";
// $data['mailSent'] = "Note that only phone number is optional!";
$this->render('views/top.php', $data);
$this->render('views/menu.php', $data);
$this->render('views/login.php', $data);
$this->render('views/bottom.php', $data);
}
Phone No,
Comments
*/
$cur = config::get_config_item("currency");
$row = 1;
if (($handle = fopen("../../David_People.csv", "r")) !== FALSE) {
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
foreach ($data as $key => $val) {
# $data[$key] = utf8_encode($data[$key]);
}
$person = new person();
$person->currency = $cur;
$person->set_value("username", $data[0]);
$person->set_value("firstName", $data[1]);
$person->set_value("surname", $data[2]);
$person->set_value("password", encrypt_password($data[3]));
$person->set_value("emailAddress", $data[4]);
$person->set_value("phoneNo1", $data[5]);
$person->set_value("comments", $data[6]);
$person->set_value("perms", "employee");
$person->set_value("personActive", 1);
$person->set_value("personModifiedUser", $current_user->get_id());
$person->save();
$x++;
echo "<br>here: " . $person->get_id() . $data[0];
if ($x > 4) {
//die();
}
}
fclose($handle);
}
static function resetUserPassword($uid, $show_password)
{
$result = db_query("SELECT login,email\n\t\t\t\tFROM ttrss_users WHERE id = '{$uid}'");
$login = db_fetch_result($result, 0, "login");
$email = db_fetch_result($result, 0, "email");
$salt = db_fetch_result($result, 0, "salt");
$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$tmp_user_pwd = make_password(8);
$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
db_query("UPDATE ttrss_users SET pwd_hash = '{$pwd_hash}', salt = '{$new_salt}', otp_enabled = false\n\t\t\t\tWHERE id = '{$uid}'");
if ($show_password) {
print T_sprintf("Changed password of user <b>%s</b> to <b>%s</b>", $login, $tmp_user_pwd);
} else {
print_notice(T_sprintf("Sending new password of user <b>%s</b> to <b>%s</b>", $login, $email));
}
require_once 'classes/ttrssmailer.php';
if ($email) {
require_once "lib/MiniTemplator.class.php";
$tpl = new MiniTemplator();
$tpl->readTemplateFromFile("templates/resetpass_template.txt");
$tpl->setVariable('LOGIN', $login);
$tpl->setVariable('NEWPASS', $tmp_user_pwd);
$tpl->addBlock('message');
$message = "";
$tpl->generateOutputToString($message);
$mail = new ttrssMailer();
$rc = $mail->quickMail($email, $login, __("[tt-rss] Password change notification"), $message, false);
if (!$rc) {
print_error($mail->ErrorInfo);
}
}
}
$test = trim(db_escape_string($_REQUEST["turing_test"]));
if (!$login || !$email || !$test) {
print_error(__("Your registration information is incomplete."));
print "<p><form method=\"GET\" action=\"index.php\">\n\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t</form>";
return;
}
if ($test == "four" || $test == "4") {
$result = db_query("SELECT id FROM ttrss_users WHERE\n\t\t\t\tlogin = '******'");
$is_registered = db_num_rows($result) > 0;
if ($is_registered) {
print_error(__('Sorry, this username is already taken.'));
print "<p><form method=\"GET\" action=\"index.php\">\n\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t</form>";
} else {
$password = make_password();
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($password, $salt, true);
db_query("INSERT INTO ttrss_users\n\t\t\t\t\t(login,pwd_hash,access_level,last_login, email, created, salt)\n\t\t\t\t\tVALUES ('{$login}', '{$pwd_hash}', 0, null, '{$email}', NOW(), '{$salt}')");
$result = db_query("SELECT id FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'");
if (db_num_rows($result) != 1) {
print_error(__('Registration failed.'));
print "<p><form method=\"GET\" action=\"index.php\">\n\t\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t\t</form>";
} else {
$new_uid = db_fetch_result($result, 0, "id");
initialize_user($new_uid);
$reg_text = "Hi!\n" . "\n" . "You are receiving this message, because you (or somebody else) have opened\n" . "an account at Tiny Tiny RSS.\n" . "\n" . "Your login information is as follows:\n" . "\n" . "Login: {$login}\n" . "Password: {$password}\n" . "\n" . "Don't forget to login at least once to your new account, otherwise\n" . "it will be deleted in 24 hours.\n" . "\n" . "If that wasn't you, just ignore this message. Thanks.";
$mail = new ttrssMailer();
$mail->IsHTML(false);
$rc = $mail->quickMail($email, "", "Registration information for Tiny Tiny RSS", $reg_text, false);
if (!$rc) {
print_error($mail->ErrorInfo);
}
$password2 = db_prepare_input($_POST['Password2']);
$resetcode_sent = true;
if (empty($session_email) || empty($session_account_number)) {
tep_redirect(get_href_link(PAGE_RESET_PASSWORD, '', 'SSL'));
}
$sql = "SELECT user_id, firstname, lastname,security_question,account_number FROM " . _TABLE_USERS . " WHERE (email='" . $session_email . "') and (account_number='" . $session_account_number . "')";
$account = db_fetch_array(db_query($sql));
$user_id = $account['user_id'];
$ok = false;
if ($validator->validateEqual('Password', $password, $password2, _ERROR_PASSWORD)) {
}
if ($validator->validateMinLength('Password Length', $password, 6, _ERROR_PASSWORD_MIN_LENGTH)) {
}
if (count($validator->errors) == 0) {
$ok = true;
$q = db_query("UPDATE users SET password = '******' WHERE user_id = {$user_id}");
$_html_main_content = $smarty->fetch('home/reset_password_success.html');
} else {
// postAssign($smarty);
$smarty->assign('validerrors', $validator->errors);
//--------Add by donghp 27/03/2012- ----------------------------------
$sql = "SELECT user_id, firstname, lastname,security_question,account_number FROM " . _TABLE_USERS . " WHERE (email='" . $email . "')";
$account = db_fetch_array(db_query($sql));
$smarty->assign('email', $email);
$smarty->assign('account_number', $account['account_number']);
// $smarty->assign('message_err',$message_err);
$_html_main_content = $smarty->fetch('home/reset_password03.html');
}
$resetcode_sent = true;
}
}
<?php
$NameFirst = my_fix($_POST['inputNameFirst']);
$NameLast = my_fix($_POST['inputNameLast']);
$Email = my_fix($_POST['inputEmail2']);
$Blowfish = encrypt_password(random_str(16));
$Connection = get_connection();
try {
$Connection->beginTransaction();
$q0 = gq_insert('framy_Personal', 'NameFirst,NameLast,Email', ':a,:b,:c');
$s0 = $Connection->prepare($q0);
$s0->bindValue(':a', $NameFirst, PDO::PARAM_STR);
$s0->bindValue(':b', $NameLast, PDO::PARAM_STR);
$s0->bindValue(':c', $Email, PDO::PARAM_STR);
$s0->execute();
$s0->closeCursor();
$PersonalId = $Connection->lastInsertId('framy_Personal_PersonalId_seq');
$q1 = gq_insert('framy_Blowfish', 'PersonalId,Blowfish', ':a,:b');
$s1 = $Connection->prepare($q1);
$s1->bindValue(':a', $PersonalId, PDO::PARAM_INT);
$s1->bindValue(':b', $Blowfish, PDO::PARAM_STR);
$s1->execute();
$s1->closeCursor();
$Connection->commit();
} catch (Exception $e) {
$Connection->rollBack();
superendsession();
exception_error($e);
die;
}
$_SESSION['PersonalId'] = $PersonalId;
$page_load_time = (int) base64_decode($_GET['hash']);
if (time() - $page_load_time > 120) {
$request_expired = true;
$action = 'loginform';
return;
}
// if((time()-$page_load_time)<6)
// {
// $request_toofast=true;
// $action='loginform';
// return;
// }
}
if (isset($_POST['lkey']) && isset($_POST['lurl'])) {
$registration_no = strtoupper($_POST['handle']);
$password = encrypt_password($_POST['password']);
//check for existence of user account
$query = "SELECT * FROM " . $_pre . "users WHERE registration_no='{$registration_no}' AND password='******'";
$db->setQuery($query);
if ($db->foundRows == 0) {
//Trigger reg no & pass did not match error message
$reg_pass_no = true;
$action = 'loginform';
//load login form again
return;
}
//Get data from user row
$user_row_data = $db->fetch_assoc();
//verify if user account disabled
if ($user_row_data['activated'] == -1) {
//Trigger account not activated error
/**
* Save password
*
* @param $customers_id
* @param $password
*/
public function save_password($customers_id, $password)
{
return $this->db->update('customers', array('customers_password' => encrypt_password($password), 'date_account_last_modified' => 'now()'), array('customers_id' => (int) $customers_id));
}
/**
* Create order
*
* @access public
* @return boolean
*/
public function create_order($order_status = NULL)
{
$pre_order_id = $this->ci->session->userdata('pre_order_id');
if ($pre_order_id !== NULL) {
$prep = explode('-', $pre_order_id);
if ($prep[0] == $this->ci->shopping_cart->get_cart_id()) {
return $prep[1];
// order_id
} else {
if ($this->ci->order_model->get_order_status_id($prep[1]) === ORDERS_STATUS_PREPARING) {
$this->ci->order_model->remove($prep[1]);
}
}
}
//create account
if (!$this->ci->customer->is_logged_on()) {
//get billing address
$billing_address = $this->ci->shopping_cart->get_billing_address();
$data['customers_gender'] = $billing_address['gender'];
$data['customers_firstname'] = $billing_address['firstname'];
$data['customers_lastname'] = $billing_address['lastname'];
$data['customers_newsletter'] = 0;
$data['customers_dob'] = NULL;
$data['customers_email_address'] = $billing_address['email_address'];
$data['customers_password'] = encrypt_password($billing_address['password']);
$data['customers_status'] = 1;
//load model
$this->ci->load->model('account_model');
$this->ci->load->model('address_book_model');
if ($this->ci->account_model->insert($data)) {
//set data to session
$this->ci->customer->set_data($data['customers_email_address']);
$this->ci->address_book_model->save($billing_address, $this->ci->customer->get_id(), NULL, TRUE);
//insert shipping address
if (isset($address['ship_to_this_address']) && $address['ship_to_this_address'] == 'on') {
$shipping_address = $this->ci->shopping_cart->get_shipping_address();
$this->ci->address_book_model->save($shipping_address, $this->ci->customer->get_id());
}
}
} else {
//get billing address
$billing_address = $this->ci->shopping_cart->get_billing_address();
//if create billing address
if (isset($billing_address['create_billing_address']) && $billing_address['create_billing_address'] == 'on') {
$data['entry_gender'] = $billing_address['gender'];
$data['entry_firstname'] = $billing_address['firstname'];
$data['entry_lastname'] = $billing_address['lastname'];
$data['entry_company'] = $billing_address['company'];
$data['entry_street_address'] = $billing_address['street_address'];
$data['entry_suburb'] = $billing_address['suburb'];
$data['entry_postcode'] = $billing_address['postcode'];
$data['entry_city'] = $billing_address['city'];
$data['entry_country_id'] = $billing_address['country_id'];
$data['entry_zone_id'] = $billing_address['zone_id'];
$data['entry_telephone'] = $billing_address['telephone_number'];
$data['entry_fax'] = $billing_address['fax'];
$primary = $this->ci->customer->has_default_address() ? FALSE : TRUE;
//load model
$this->ci->load->model('address_book_model');
//save billing address
$this->ci->address_book_model->save($data, $this->ci->customer->get_id(), NULL, $primary);
}
$shipping_address = $this->ci->shopping_cart->get_shipping_address();
//create shipping address
if (isset($shipping_address['create_shipping_address']) && $shipping_address['create_shipping_address'] == '1') {
$data['entry_gender'] = $shipping_address['gender'];
$data['entry_firstname'] = $shipping_address['firstname'];
$data['entry_lastname'] = $shipping_address['lastname'];
$data['entry_company'] = $shipping_address['company'];
$data['entry_street_address'] = $shipping_address['street_address'];
$data['entry_suburb'] = $shipping_address['suburb'];
$data['entry_postcode'] = $shipping_address['postcode'];
$data['entry_city'] = $shipping_address['city'];
$data['entry_country_id'] = $shipping_address['country_id'];
$data['entry_zone_id'] = $shipping_address['zone_id'];
$data['entry_telephone'] = $shipping_address['telephone_number'];
$data['entry_fax'] = $shipping_address['fax'];
//load model
$this->ci->load->model('address_book_model');
//save billing address
$this->ci->address_book_model->save($data, $this->ci->customer->get_id());
}
}
$this->ci->load->model('order_model');
$orders_id = $this->ci->order_model->insert_order($order_status);
$pre_order_id = $this->ci->shopping_cart->get_cart_id() . '-' . $orders_id;
$this->ci->session->set_userdata('pre_order_id', $pre_order_id);
return $orders_id;
}
if (DB::isError($q)) {
die("db error: " . $q->getMessage());
}
while ($row = $q->fetchRow()) {
if ($row["use_salt"] == "") {
$salt = random_string(30);
$sql_inner = "UPDATE user SET use_salt = '{$salt}' WHERE use_id = " . $row["use_id"] . " LIMIT 1";
$q_inner = $db->query($sql_inner);
if (DB::isError($q)) {
die("db error: " . $q->getMessage());
}
} else {
$salt = $row["use_salt"];
}
}
$db_data["use_password"] = encrypt_password($password, $salt);
// make sure this password has not been used before by this user
$sql = "SELECT * FROM changelog WHERE\n\tcha_table = 'user' AND\n\tcha_row = {$use_id} AND\n\tcha_field = 'use_password' AND\n\t(cha_old = '" . $db_data["use_password"] . "' OR cha_new = '" . $db_data["use_password"] . "')\n\t";
$q = $db->query($sql);
if (DB::isError($q)) {
die("db error: " . $q->getMessage());
}
$numRows = $q->numRows();
if ($numRows != 0) {
$errors[] = "This password has been used before, it is not possible to use the same password twice for this user";
echo error_message($errors);
exit;
}
$cli_id = db_query($db_data, "UPDATE", "user", "use_id", $use_id);
header("Location:" . $_SERVER['PHP_SELF']);
}
function authenticate_user($link, $login, $password, $force_auth = false)
{
if (!SINGLE_USER_MODE) {
$pwd_hash1 = encrypt_password($password);
$pwd_hash2 = encrypt_password($password, $login);
$login = db_escape_string($login);
if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH && $_SERVER["REMOTE_USER"] && $login != "admin") {
$login = db_escape_string($_SERVER["REMOTE_USER"]);
$query = "SELECT id,login,access_level,pwd_hash\n\t FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******'";
} else {
$query = "SELECT id,login,access_level,pwd_hash\n\t FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\t\tpwd_hash = '{$pwd_hash2}')";
}
$result = db_query($link, $query);
if (db_num_rows($result) == 1) {
$_SESSION["uid"] = db_fetch_result($result, 0, "id");
$_SESSION["name"] = db_fetch_result($result, 0, "login");
$_SESSION["access_level"] = db_fetch_result($result, 0, "access_level");
db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]);
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
$_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash");
initialize_user_prefs($link, $_SESSION["uid"]);
return true;
}
return false;
} else {
$_SESSION["uid"] = 1;
$_SESSION["name"] = "admin";
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
initialize_user_prefs($link, $_SESSION["uid"]);
return true;
}
}
}
$data['PASSWORDC'] = $_REQUEST['PASSWORDC'];
if (SmartyValidate::is_valid($data, 'conf_users_edit')) {
unset($data['PASSWORDC']);
if (empty($id)) {
$id = $db->GenID($tables['user']['name'] . '_SEQ');
}
$data['ID'] = $id;
if ($action == 'E') {
if (empty($data['PASSWORD'])) {
$data['PASSWORD'] = $db->GetOne("SELECT `PASSWORD` FROM `{$tables['user']['name']}` WHERE `ID` = " . $db->qstr($id));
} else {
$data['PASSWORD'] = encrypt_password($data['PASSWORD']);
}
} else {
$data['PASSWORD'] = encrypt_password($data['PASSWORD']);
}
if ($db->Replace($tables['user']['name'], $data, 'ID', true) > 0) {
$tpl->assign('posted', true);
if ($data['ADMIN'] != 1) {
@header('Location: conf_user_permissions.php?action=N:0&u=' . $id);
@exit;
} else {
if ($action == 'N') {
$data = array();
} else {
if (isset($_SESSION['return'])) {
@header('Location: ' . $_SESSION['return']);
@exit;
}
}
function module_pref_prefs($link)
{
global $access_level_names;
$subop = $_REQUEST["subop"];
$prefs_blacklist = array("HIDE_FEEDLIST", "SYNC_COUNTERS", "ENABLE_LABELS", "ENABLE_SEARCH_TOOLBAR", "HIDE_READ_FEEDS");
$profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS", "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP", "BLACKLISTED_TAGS", "ENABLE_FEED_ICONS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE", "DEFAULT_UPDATE_INTERVAL", "MARK_UNREAD_ON_UPDATE");
if (FORCE_ARTICLE_PURGE != 0) {
array_push($prefs_blacklist, "PURGE_OLD_DAYS");
array_push($prefs_blacklist, "PURGE_UNREAD_ARTICLES");
}
if ($subop == "change-password") {
$old_pw = $_POST["OLD_PASSWORD"];
$new_pw = $_POST["NEW_PASSWORD"];
$con_pw = $_POST["CONFIRM_PASSWORD"];
if ($old_pw == "") {
print "ERROR: " . __("Old password cannot be blank.");
return;
}
if ($new_pw == "") {
print "ERROR: " . __("New password cannot be blank.");
return;
}
if ($new_pw != $con_pw) {
print "ERROR: " . __("Entered passwords do not match.");
return;
}
$old_pw_hash1 = encrypt_password($_POST["OLD_PASSWORD"]);
$old_pw_hash2 = encrypt_password($_POST["OLD_PASSWORD"], $_SESSION["name"]);
$new_pw_hash = encrypt_password($_POST["NEW_PASSWORD"], $_SESSION["name"]);
$active_uid = $_SESSION["uid"];
if ($old_pw && $new_pw) {
$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
$result = db_query($link, "SELECT id FROM ttrss_users WHERE \n\t\t\t\t\tid = '{$active_uid}' AND (pwd_hash = '{$old_pw_hash1}' OR \n\t\t\t\t\t\tpwd_hash = '{$old_pw_hash2}')");
if (db_num_rows($result) == 1) {
db_query($link, "UPDATE ttrss_users SET pwd_hash = '{$new_pw_hash}' \n\t\t\t\t\t\tWHERE id = '{$active_uid}'");
$_SESSION["pwd_hash"] = $new_pw_hash;
print __("Password has been changed.");
} else {
print "ERROR: " . __('Old password is incorrect.');
}
}
return;
} else {
if ($subop == "save-config") {
# $_SESSION["prefs_op_result"] = "save-config";
$_SESSION["prefs_cache"] = false;
// print_r($_POST);
$orig_theme = get_pref($link, "_THEME_ID");
foreach (array_keys($_POST) as $pref_name) {
$pref_name = db_escape_string($pref_name);
$value = db_escape_string($_POST[$pref_name]);
set_pref($link, $pref_name, $value);
}
if ($orig_theme != get_pref($link, "_THEME_ID")) {
print "PREFS_THEME_CHANGED";
} else {
print __("The configuration was saved.");
}
return;
} else {
if ($subop == "getHelp") {
$pref_name = db_escape_string($_REQUEST["pn"]);
$result = db_query($link, "SELECT help_text FROM ttrss_prefs\n\t\t\t\tWHERE pref_name = '{$pref_name}'");
if (db_num_rows($result) > 0) {
$help_text = db_fetch_result($result, 0, "help_text");
print $help_text;
} else {
printf(__("Unknown option: %s"), $pref_name);
}
} else {
if ($subop == "change-email") {
$email = db_escape_string($_POST["email"]);
$active_uid = $_SESSION["uid"];
db_query($link, "UPDATE ttrss_users SET email = '{$email}' \n\t\t\t\tWHERE id = '{$active_uid}'");
print __("E-mail has been changed.");
return;
} else {
if ($subop == "reset-config") {
$_SESSION["prefs_op_result"] = "reset-to-defaults";
if ($_SESSION["profile"]) {
$profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
} else {
$profile_qpart = "profile IS NULL";
}
db_query($link, "DELETE FROM ttrss_user_prefs \n\t\t\t\tWHERE {$profile_qpart} AND owner_uid = " . $_SESSION["uid"]);
initialize_user_prefs($link, $_SESSION["uid"], $_SESSION["profile"]);
print "PREFS_THEME_CHANGED";
// print __("The configuration was reset to defaults.");
return;
} else {
set_pref($link, "_PREFS_ACTIVE_TAB", "genConfig");
if ($_SESSION["profile"]) {
print_notice("Some preferences are only available in default profile.");
}
if (!SINGLE_USER_MODE) {
$result = db_query($link, "SELECT id FROM ttrss_users\n\t\t\t\t\tWHERE id = " . $_SESSION["uid"] . " AND pwd_hash \n\t\t\t\t\t= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
if (db_num_rows($result) != 0) {
print format_warning(__("Your password is at default value, \n\t\t\t\t\t\tplease change it."), "default_pass_warning");
}
/* if ($_SESSION["pwd_change_result"] == "failed") {
print format_warning("Could not change the password.");
}
if ($_SESSION["pwd_change_result"] == "ok") {
print format_notice("Password was changed.");
}
$_SESSION["pwd_change_result"] = ""; */
/* if ($_SESSION["prefs_op_result"] == "reset-to-defaults") {
print format_notice(__("The configuration was reset to defaults."));
} */
# if ($_SESSION["prefs_op_result"] == "save-config") {
# print format_notice(__("The configuration was saved."));
# }
$_SESSION["prefs_op_result"] = "";
print "<form onsubmit='return false' id='change_email_form'>";
print "<table width=\"100%\" class=\"prefPrefsList\">";
print "<tr><td colspan='3'><h3>" . __("Personal data") . "</h3></tr></td>";
$result = db_query($link, "SELECT email,access_level FROM ttrss_users\n\t\t\t\t\tWHERE id = " . $_SESSION["uid"]);
$email = db_fetch_result($result, 0, "email");
print "<tr><td width=\"40%\">" . __('E-mail') . "</td>";
print "<td class=\"prefValue\"><input class=\"editbox\" name=\"email\" \n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserEmail)\"\n\t\t\t\t\tvalue=\"{$email}\"></td></tr>";
if (!SINGLE_USER_MODE) {
$access_level = db_fetch_result($result, 0, "access_level");
print "<tr><td width=\"40%\">" . __('Access level') . "</td>";
print "<td>" . $access_level_names[$access_level] . "</td></tr>";
}
print "</table>";
print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
print "<input type=\"hidden\" name=\"subop\" value=\"change-email\">";
print "</form>";
print "<p><button onclick=\"return changeUserEmail()\">" . __("Change e-mail") . "</button>";
print "<form onsubmit=\"return false\" \n\t\t\t\t\tname=\"change_pass_form\" id=\"change_pass_form\">";
print "<table width=\"100%\" class=\"prefPrefsList\">";
print "<tr><td colspan='3'><h3>" . __("Authentication") . "</h3></tr></td>";
print "<tr><td width=\"40%\">" . __("Old password") . "</td>";
print "<td class=\"prefValue\"><input class=\"editbox\" type=\"password\"\n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserPassword)\"\n\t\t\t\t\tname=\"OLD_PASSWORD\"></td></tr>";
print "<tr><td width=\"40%\">" . __("New password") . "</td>";
print "<td class=\"prefValue\"><input class=\"editbox\" type=\"password\"\n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserPassword)\"\n\t\t\t\t\tname=\"NEW_PASSWORD\"></td></tr>";
print "<tr><td width=\"40%\">" . __("Confirm password") . "</td>";
print "<td class=\"prefValue\"><input class=\"editbox\" type=\"password\"\n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserPassword)\"\n\t\t\t\t\tname=\"CONFIRM_PASSWORD\"></td></tr>";
print "</table>";
print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
print "<input type=\"hidden\" name=\"subop\" value=\"change-password\">";
print "</form>";
print "<p><button\tonclick=\"return changeUserPassword()\">" . __("Change password") . "</button>";
}
if ($_SESSION["profile"]) {
initialize_user_prefs($link, $_SESSION["uid"], $_SESSION["profile"]);
$profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
} else {
initialize_user_prefs($link, $_SESSION["uid"]);
$profile_qpart = "profile IS NULL";
}
$result = db_query($link, "SELECT \n\t\t\t\tttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,\n\t\t\t\tsection_name,def_value,section_id\n\t\t\t\tFROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs\n\t\t\t\tWHERE type_id = ttrss_prefs_types.id AND \n\t\t\t\t\t{$profile_qpart} AND\n\t\t\t\t\tsection_id = ttrss_prefs_sections.id AND\n\t\t\t\t\tttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND\n\t\t\t\t\tshort_desc != '' AND\n\t\t\t\t\towner_uid = " . $_SESSION["uid"] . "\n\t\t\t\tORDER BY section_id,short_desc");
print "<form onsubmit='return false' action=\"backend.php\" \n\t\t\t\tmethod=\"POST\" id=\"pref_prefs_form\">";
$lnum = 0;
$active_section = "";
while ($line = db_fetch_assoc($result)) {
if (in_array($line["pref_name"], $prefs_blacklist)) {
continue;
}
if ($_SESSION["profile"] && in_array($line["pref_name"], $profile_blacklist)) {
continue;
}
if ($active_section != $line["section_name"]) {
if ($active_section != "") {
print "</table>";
}
print "<p><table width=\"100%\" class=\"prefPrefsList\">";
$active_section = $line["section_name"];
print "<tr><td colspan=\"3\"><h3>" . __($active_section) . "</h3></td></tr>";
if ($line["section_id"] == 2) {
print "<tr><td width=\"40%\">" . __("Select theme") . "</td>";
$user_theme = get_pref($link, "_THEME_ID");
$themes = get_all_themes();
print "<td><select name=\"_THEME_ID\">";
print "<option value=''>" . __('Default') . "</option>";
print "<option disabled>--------</option>";
foreach ($themes as $t) {
$base = $t['base'];
$name = $t['name'];
if ($base == $user_theme) {
$selected = "selected=\"1\"";
} else {
$selected = "";
}
print "<option {$selected} value='{$base}'>{$name}</option>";
}
print "</select></td></tr>";
}
// print "<tr class=\"title\">
// <td width=\"25%\">Option</td><td>Value</td></tr>";
$lnum = 0;
}
// $class = ($lnum % 2) ? "even" : "odd";
print "<tr>";
$type_name = $line["type_name"];
$pref_name = $line["pref_name"];
$value = $line["value"];
$def_value = $line["def_value"];
$help_text = $line["help_text"];
print "<td width=\"40%\" class=\"prefName\" id=\"{$pref_name}\">" . __($line["short_desc"]);
if ($help_text) {
print "<div class=\"prefHelp\">" . __($help_text) . "</div>";
}
print "</td>";
print "<td class=\"prefValue\">";
if ($pref_name == "DEFAULT_UPDATE_INTERVAL") {
global $update_intervals_nodefault;
print_select_hash($pref_name, $value, $update_intervals_nodefault);
} else {
if ($type_name == "bool") {
// print_select($pref_name, $value, array("true", "false"));
if ($value == "true") {
$value = __("Yes");
} else {
$value = __("No");
}
print_radio($pref_name, $value, __("Yes"), array(__("Yes"), __("No")));
} else {
print "<input class=\"editbox\"\n\t\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\t\tonblur=\"javascript:enableHotkeys();\" \n\t\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">";
}
}
print "</td>";
print "</tr>";
$lnum++;
}
print "</table>";
print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">";
print "<p><button onclick=\"return validatePrefsSave()\">" . __('Save configuration') . "</button> ";
print "<button onclick=\"return editProfiles()\">" . __('Manage profiles') . "</button> ";
print "<button onclick=\"return validatePrefsReset()\">" . __('Reset to defaults') . "</button></p>";
print "</form>";
}
}
}
}
}
}
function add_attribute($id, $id_attr, $attr_value)
{
# temporary map vars:
$attr = array();
$attr["key"] = $id_attr;
$attr["value"] = $attr_value;
# get class_id of item --> for function
$class_id = db_templates("get_classid_of_item", $id);
# only handle integer (attribute ids) on "key" element
if (is_int($attr["key"])) {
# different logic for text / linked items
if (!is_array($attr["value"])) {
# Add text or select attribute
# Lookup datatype
# Password field is a encrypted, do not save
$datatype = db_templates("attr_datatype", $attr["key"]);
if ($datatype == "password") {
$insert_attr_value = encrypt_password($attr["value"]);
} else {
# normal text/select
$insert_attr_value = escape_string($attr["value"]);
}
# insert query
$query = 'INSERT INTO ConfigValues
(fk_id_item, attr_value, fk_id_attr)
VALUES
("' . $id . '", "' . $insert_attr_value . '", "' . $attr["key"] . '")
';
if (DB_NO_WRITES != 1) {
$result_insert = db_handler($query, "insert", "Insert");
if ($result_insert) {
NConf_DEBUG::set("Added attr " . $insert_attr_value, 'DEBUG', "Add attribute");
# add value ADDED to history
history_add("added", $attr["key"], $insert_attr_value, $id, "get_attr_name");
} else {
message('ERROR', 'Error when adding ' . $attr["value"], "failed");
}
}
} elseif (is_array($attr["value"])) {
# add assign attrbibutes
# counter for assign_cust_order
$cust_order = 0;
$attr_datatype = db_templates("attr_datatype", $attr["key"]);
# save assign_one/assign_many/assign_cust_order in ItemLinks
while ($many_attr = each($attr["value"])) {
# if value is empty go to next one
if (!$many_attr["value"]) {
continue;
} else {
# create insert query
$check = check_link_as_child_or_bidirectional($attr["key"], $class_id);
if ($check === TRUE) {
$query = 'INSERT INTO ItemLinks
(fk_id_item, fk_item_linked2, fk_id_attr, cust_order)
VALUES
(' . $many_attr["value"] . ', ' . $id . ', ' . $attr["key"] . ', ' . $cust_order . ')
';
} else {
$query = 'INSERT INTO ItemLinks
(fk_id_item, fk_item_linked2, fk_id_attr, cust_order)
VALUES
(' . $id . ', ' . $many_attr["value"] . ', ' . $attr["key"] . ', ' . $cust_order . ')
';
}
if (DB_NO_WRITES != 1) {
$result_insert = db_handler($query, "insert", "Insert");
if ($result_insert) {
history_add("assigned", $attr["key"], $many_attr["value"], $id, "resolve_assignment");
message('DEBUG', '', "ok");
//message ('DEBUG', 'Successfully linked "'.$many_attr["value"].'" with '.$attr["key"]);
} else {
message('ERROR', 'Error when linking ' . $many_attr["value"] . ' with ' . $attr["key"] . ':' . $query);
}
}
# increase assign_cust_order if needed
if ($attr_datatype == "assign_cust_order") {
$cust_order++;
}
}
}
}
}
}
/**
* Send lost password activation email request. If the email address does not exist, do nothing
*/
function rpass_activate()
{
global $db, $_pre, $_mail;
$email = $_POST['rpass_email'];
if (!checkEmail($email)) {
system_messages(0, 'Email address invalid!');
return;
}
$query = "SELECT * FROM {$_pre}users WHERE email='{$email}' LIMIT 1";
$db->setQuery($query);
if ($db->foundRows > 0) {
$row = $db->fetch_assoc();
//Is the owner of this email address banned...?
if ($row['activated'] == -1) {
system_messages(2, 'Your account has been blocked by the administrators, you cannot activate it!', 'true');
return;
}
//Send activation email now first we need to generate another key before sending and another password
$key = md5(time());
$pass = random_string();
$enc_pass = encrypt_password($pass);
$query = "UPDATE {$_pre}users SET activation_key='{$key}' WHERE email='{$email}'";
$db->setQuery($query);
require_once 'lib' . DS . 'mail' . DS . 'mail.php';
$subject = 'CodeZone account new password request';
$message = "{$row['nick_name']},\nYou or someone claiming to be you has requested a new password for the CodeZone account using this email address ({$email}). To reset your password, please click on the link below or cut and paste in your browser's location bar.\n Link: http://{$_SERVER['HTTP_HOST']}{$_SERVER['SCRIPT_NAME']}?a=register&do=rpass_make_active&r=" . base64_encode($row['registration_no']) . "&k={$key}&p=" . base64_encode($enc_pass) . "\nOnce you click on the link, you will login with the following details:\nLogin Name (Registration No): {$row['registration_no']}\nPassword: {$pass}\nPlease change your password once you log in for security purposes. If you are having any problems then do not hesitate to contact the admin at {$_mail}.\n\nWishing you all the best at CodeZone\n\nAdmin";
mailSend(array($email), $subject, $message);
system_messages(1, 'An activation link has been sent to your email addresss', 'true');
} else {
//Even if the email address does not exist, we notify the user that it has been sent. Maybe it's somebody just trying the system
system_messages(1, 'Activation email has been sent');
}
}
function add_user($user)
{
# Adds a new user account
$saved_db = DbUtil::switchToGlobal();
$password = encrypt_password($user->password);
$query_string = "INSERT INTO user(username, password, actualname, level, created_by, lab_config_id, email, phone, lang_id) " . "VALUES ('{$user->username}', '{$password}', '{$user->actualName}', {$user->level}, {$user->createdBy}, '{$user->labConfigId}', '{$user->email}', '{$user->phone}', '{$user->langId}')";
query_insert_one($query_string);
DbUtil::switchRestore($saved_db);
}
public function get_password()
{
$this->load->helper('email');
$this->load->model('administrators_model');
$error = FALSE;
$email = $this->input->post('email_address');
if (!valid_email($email)) {
$error = TRUE;
$feedback = lang('ms_error_wrong_email_address');
} else {
if (!$this->administrators_model->check_email($email)) {
$error = TRUE;
$feedback = lang('ms_error_email_not_exist');
}
}
if ($error === FALSE) {
$password = encrypt_password('admin');
if ($this->administrators_model->update_password($email, $password)) {
$error = FALSE;
}
}
if ($error === FALSE) {
$response = array('success' => TRUE, 'feedback' => lang('ms_success_action_performed'));
} else {
$response = array('success' => FALSE, 'feedback' => $feedback);
}
$this->set_output($response);
}
/**
* Save personal details
*/
function save_personal_details($post)
{
global $db, $_pre;
if (base64_decode($post['f']) != 'save personal') {
echo "{'error':'Request source unknown'}";
return;
}
$registration_no = $this->ud['registration_no'];
list($full_name, $nick_name, $cur_passwd, $new_passwd1, $new_passwd2, $email, $unused) = assoc_to_indexed($post);
$full_name = strtolower($full_name);
if (strlen($full_name) < 6) {
echo "{'error':'Full names invalid'}";
return;
}
if (strlen($nick_name) < 2) {
echo "{'error':'Nick name too short'}";
return;
}
if (!checkAlphanumPlus($nick_name)) {
echo "{'error':'nick name should contain only alphanumeric characters, a full stop or an underscore'}";
return;
}
//Has user shown intention to change password...?
$p_query = '';
if (strlen($cur_passwd) > 0) {
if ($new_passwd1 != $new_passwd2) {
echo "{'error':'New password did not match'}";
return;
}
if (strlen($new_passwd1) < 5) {
echo "{'error':'New password too short'}";
return;
}
if (encrypt_password($cur_passwd) != $this->ud['password']) {
echo "{'error':'Current password invalid" . encrypt_password($cur_passwd) . "--" . $this->ud['password'] . "'}";
return;
}
$new_passwd = encrypt_password($new_passwd1);
$p_query = "password='******',";
}
if (!checkEmail($email)) {
echo "{'error':'Email address invalid'}";
return;
}
//Check if the nick name provided is in use with another account
$query = "SELECT * FROM {$_pre}users WHERE nick_name='{$nick_name}' AND registration_no!='{$registration_no}'";
$db->setQuery($query);
if ($db->foundRows > 0) {
echo "{'error':'This nick name is already in use'}";
return;
}
//Check if the email address provided is in use with another account
$query = "SELECT * FROM " . $_pre . "users WHERE email='{$email}' AND registration_no!='{$registration_no}'";
$db->setQuery($query);
if ($db->foundRows > 0) {
echo "{'error':'This email account is already in use'}";
return;
}
$query = "UPDATE {$_pre}users SET full_names='{$full_name}',nick_name='{$nick_name}',{$p_query}email='{$email}' WHERE registration_no='{$registration_no}'";
$db->setQuery($query);
//Update user session data to effect immediate changes
$_SESSION['user_row_data']['full_names'] = $full_name;
$_SESSION['user_row_data']['nick_name'] = $nick_name;
$_SESSION['user_row_data']['email'] = $email;
$_SESSION['user_row_data']['password'] = encrypt_password($new_passwd1);
echo "{'success':'Personal details saved'}";
}
if ($_GET['action'] == 'process') {
$admin_username = db_prepare_input(trim($_POST['admin_username']));
$admin_contactname = db_prepare_input(trim($_POST['admin_contactname']));
$admin_email = db_prepare_input($_POST['admin_email']);
$admin_password = db_prepare_input(trim($_POST['admin_password']));
$confirm_password = db_prepare_input(trim($_POST['confirm_password']));
if ($validator->validateGeneral(ERROR_FIELD_ADMIN_USERNAME, $admin_username, _ERROR_FIELD_EMPTY)) {
// check if the email avaible
$sql_username = "******" . _TABLE_ADMINS . " WHERE admin_username='******'";
if (db_num_rows(db_query($sql_username)) > 0) {
// email existed
$validator->addError(ERROR_FIELD_ADMIN_USERNAME, ERROR_ADMIN_USERNAME_NOT_AVAIABLE);
}
}
$validator->validateGeneral(ERROR_FIELD_ADMIN_CONTACTNAME, $admin_contactname, _ERROR_FIELD_EMPTY);
$validator->validateEmail(ERROR_FIELD_ADMIN_EMAIL, $admin_email, _ERROR_EMAIL_ADDRESS);
if ($validator->validateMinLength(ERROR_FIELD_ADMIN_PASSWORD, $admin_password, 5, sprintf(_ERROR_MIN_LENGTH, 5, strlen($admin_password)))) {
$validator->validateEqual(ERROR_FIELD_ADMIN_CONFIRM_PASSWORD, $admin_password, $confirm_password, ERROR_CONFIRM_PASSWORD);
}
if (count($validator->errors) == 0) {
// create new member
// create new admin info
$admin_data_array = array('admin_username' => $admin_username, 'admin_contactname' => $admin_contactname, 'admin_email' => $admin_email, 'admin_password' => encrypt_password($admin_password));
db_perform(_TABLE_ADMINS, $admin_data_array);
tep_redirect(get_admin_link(PAGE_ADMIN_ACCOUNTS, 'pg=' . $pg));
} else {
postAssign($smarty);
$smarty->assign('validerrors', $validator->errors);
}
}
$_html_main_content = $smarty->fetch('admins/new.html');
<?php
require_once 'config.inc.php';
require_once 'include/utils/utils.php';
require_once 'include/database/PearDatabase.php';
global $adb;
function encrypt_password($user_password)
{
$salt = '$1$rasm$';
$encrypted_password = crypt($user_password, $salt);
return $encrypted_password;
}
$password = "******";
$salt = substr(md5(time()), 0, 4);
echo $salt . "<br>";
echo time() . "<br>";
$password = md5(md5(trim($password)) . $salt);
echo $password;
die;
$encrypted_new_password = encrypt_password("admin");
$user_hash = strtolower(md5("admin"));
//set new password
$query = "UPDATE ec_users SET user_password='******', user_hash='{$user_hash}',status='Active' where id='1'";
echo $query;
$adb->query($query);
echo "ok";
exit;
