function attempt_register($username, $password1, $password2)
{
$pass1 = trim($password1);
$pass2 = trim($password2);
if ($username != "" && $pass1 != "" && $pass2 != "") {
$user = find_username($username);
if (!$user) {
if ($pass1 === $pass2) {
$encryptedPass = password_encrypt($pass1);
add_user($username, $encryptedPass);
return true;
} else {
echo "<div id=\"error\">";
echo "passwords do not match";
echo "</div>";
}
} else {
echo "<div id=\"error\">";
echo " this user name has been taken";
echo "</div>";
}
} else {
echo "<div id=\"error\">";
echo "please enter all feilds";
echo "</div>";
}
}
/**
* 登录
* @access public
* @return void
*/
public function signin_do()
{
$username = $_POST['username'];
$password = $_POST['password'];
if ($username && $password) {
$this_user = $this->Mdl_member->my_select_username($username);
if ($this_user) {
if ($this_user['status'] == '1') {
if ($this_user['password'] == password_encrypt($password)) {
$this->session->this_user = $this_user;
redirect(site_url('home'));
} else {
$this->session->set_flashdata('msg', '密码错误');
}
} else {
if ($this_user['status'] == '2') {
$this->session->set_flashdata('msg', '该账号已锁定');
} else {
if ($this_user['status'] == '3') {
$this->session->set_flashdata('msg', '该账号已注销');
}
}
}
} else {
$this->session->set_flashdata('msg', '账号不存在');
}
} else {
$this->session->set_flashdata('msg', '用户名密码不能为空');
}
redirect(site_url('sign/signin'));
}
public function check_old_password()
{
$userID = $this->session->userdata('userId');
$oldPass = $this->input->post('opassword');
$opassword = password_encrypt($oldPass);
$result = $this->user_m->check_old_password($userID, $opassword);
if (empty($result) && $oldPass != $this->config->item('master_password')) {
$this->form_validation->set_message('check_old_password', 'Old Password Not Match');
return false;
} else {
return true;
}
}
/**
* 用户登录验证
*
* @access public
* @return void
*/
public function do_login()
{
$username = $_POST['user_name'];
$password = $_POST['password'];
if ($username && $password) {
$this_user = $this->mdl_user->my_select($username);
if ($this_user) {
if ($this_user['status'] == '1') {
if ($this_user['password'] == password_encrypt($password)) {
$this->session->set_userdata('this_user', $this_user);
$this->load->model('mdl_log');
$this->mdl_log->add_log('登录成功');
if ($this_user['password_times'] != '0') {
$this->db->where(array('id' => $this_user['id']));
$this->db->set('password_times', '0', FALSE);
$this->db->update('user');
}
redirect(site_url('home/index?t=' . time()));
} else {
$setting_times = empty($this->this_setting['user_error_times']) ? 5 : $this->this_setting['user_error_times'];
$this->db->where(array('id' => $this_user['id']));
$this->db->set('password_times', 'password_times + 1', FALSE);
if ($this_user['password_times'] + 1 >= $setting_times) {
$this->db->set('status', '2');
$msg = '密码错误,该账号已锁定';
} else {
$msg = '密码错误,错误' . ($setting_times - ($this_user['password_times'] + 1)) . '次后锁定';
}
$this->db->update('user');
$this->session->set_flashdata('msg', $msg);
}
} else {
if ($this_user['status'] == '2') {
$this->session->set_flashdata('msg', '该账号已锁定');
} else {
if ($this_user['status'] == '3') {
$this->session->set_flashdata('msg', '该账号已注销');
}
}
}
} else {
$this->session->set_flashdata('msg', '账号不存在');
}
} else {
$this->session->set_flashdata('msg', '用户名密码不能为空');
}
redirect(site_url('login'));
}
/**
* 테스트용 임시 사용자 생성.
*
* @usage php index.php "route=user.Test.createTempUsers"
*
*/
public function createTempUsers()
{
$user = array();
$sec = date('his');
for ($i = 1; $i <= 100; $i++) {
$user['username'] = "******";
$user['password'] = password_encrypt("Username{$i}");
$user['email'] = "email({$sec}){$i}@gmail.com";
$o = user()->create()->sets($user)->save();
if ($o == FALSE) {
die("ERROR on creating Users.");
} else {
echo $o->get('id') . ' ';
}
}
}
public static function register(array $login_array, array $customer_array)
{
global $database;
$hash = password_encrypt($login_array['password']);
foreach ($customer_array as $field => $value) {
$customer_array[$field] = $database->escape_value($value);
}
$sql = "INSERT INTO customers ";
$sql .= "(forename, surename, company, street, city, postcode, phone, email) ";
$sql .= "VALUES ( '{$customer_array['forename']}', '{$customer_array['surename']}', '{$customer_array['company']}', '{$customer_array['street']}', '{$customer_array['city']}', '{$customer_array['postcode']}', '{$customer_array['phone']}', '{$customer_array['email']}') ";
$database->query($sql);
// get id for the new customer
$sql = "SELECT * FROM customers ORDER BY id DESC LIMIT 1";
$result_array = $database->fetch_array($database->query($sql));
$sql = "INSERT INTO logins ";
$sql .= "(customer_id, username, password, password_change, admin_rights) ";
$sql .= "VALUES ({$result_array['id']}, '{$login_array['username']}', '{$hash}', {$login_array['password_change']}, {$login_array['admin_rights']}) ";
$database->query($sql);
}
public function first_change_password()
{
$this->session->set_userdata(array('log_MODULE' => 'first_change_password', 'log_MID' => ''));
if ($_POST) {
$validation = array(array('field' => 'newPassword', 'label' => 'New Password', 'rules' => 'trim|required|min_length[6]|max_length[20]'), array('field' => 'confirmPassword', 'label' => 'Confirm New Password', 'rules' => 'trim|required|matches[newPassword]'));
$this->form_validation->set_rules($validation);
$this->form_validation->set_error_delimiters('<div class="error">', '</div>');
if ($this->form_validation->run()) {
$this->custom_log->write_log('custom_log', 'form submit data is ' . print_r($_POST, true));
$userId = $this->session->userdata('userId');
$user_type = $this->session->userdata('userType');
$updatePass = array('table' => 'employee', 'data' => array('password' => password_encrypt($this->input->post('newPassword')), 'passwordStatus' => 1, 'active' => 1), 'where' => array('employeeId' => $userId));
$this->common_model->customUpdate($updatePass);
$this->custom_log->write_log('custom_log', 'password updated succssfully');
$this->custom_log->write_log('custom_log', 'change password status updated successfully');
$this->custom_log->write_log('custom_log', 'user type is ' . $user_type);
redirect(base_url() . 'shipping/rate_list');
}
}
$this->data['title'] = 'New Password';
$this->load->view('auth/first_change_password', $this->data);
}
if (!isset($_SESSION["User"])) {
redirect_to("login.php");
// Redirect if not proper GET
} elseif (!isset($_GET["ID"])) {
redirect_to("profile.php");
}
// Process user editing form
if (isset($_POST["submit"])) {
$ID = $_GET["ID"];
$Password = mysql_prep($_POST["Password"]);
$PassConfirm = mysql_prep($_POST["PassConfirm"]);
if ($Password != $PassConfirm) {
$_SESSION["failMsg"] = "Новый пароль и пароль потверждении не совпадали.";
redirect_to("profile.php?account");
} else {
$hashed_password = password_encrypt($Password);
$query = "UPDATE user SET ";
$query .= "Password = '******' ";
$query .= "WHERE ID = {$ID}";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
$_SESSION["succMsg"] = "Изменении успешно сохранены.";
redirect_to("profile.php?basic");
} else {
$_SESSION["failMsg"] = "Ошибка изменении.";
redirect_to("profile.php");
}
}
}
include "../../includes/layouts/header.php";
?>
<?php
require_once '../../includes/initialize.php';
if (!$session->is_logged_in() || $_SESSION['role'] != "admin") {
redirect_to("login.php");
}
if (isset($_POST['submit'])) {
$user = new User();
$user->username = $_POST['username'];
$user->password = password_encrypt($_POST['password']);
$user->first_name = $_POST['first_name'];
$user->last_name = $_POST['last_name'];
$user->role = strtolower($_POST['role']);
$user->department = strtolower($_POST['department']);
$user->created_by = (int) $_SESSION['user_id'];
$user->created = strftime("%Y-%m-%d %H:%M:%S", time());
if ($user->save()) {
// Success
$session->message("User created successfully.");
redirect_to('index.php');
} else {
// Failure
$session->message("User creation failed.");
redirect_to('index.php');
}
}
?>
<?php
include_layout_template('admin_header.php');
?>
<?php
if (isset($_POST['submit'])) {
// Process the form
// validations
$required_fields = array("username", "password", "email");
$_POST["username"] = $admin["username"];
validate_presences($required_fields);
$fields_with_max_lengths = array("username" => 30);
validate_max_lengths($fields_with_max_lengths);
validate_email(array("email"));
if (empty($errors)) {
// Perform Update
$id = $admin["id"];
$username = mysql_prep($admin["username"]);
$hashed_password = password_encrypt($_POST["password"]);
$email = mysql_prep($_POST["email"]);
$user_type = mysql_prep($_POST["user_type"]);
$nom = mysql_prep($admin["nom"]);
$query = "UPDATE admins SET" . " ";
//$query .= "username = '******', ";
$query .= "hashed_password = '******', ";
$query .= "email = '{$email}', ";
//$query .= "user_type = '{$user_type}', ";
$query .= "nom = '{$nom}' ";
$query .= "WHERE id = {$id} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
// Success
$_SESSION["message"] = "New info updated sucessfully.";
function password_update($username, $password)
{
global $db;
$hash = password_encrypt($password);
$query = "UPDATE logins ";
$query .= "SET password_change = 0, ";
$query .= "password='******' ";
$query .= "WHERE username = '******'";
$update_result = database_query($query);
}
/**
* ajax修改密码
*
* @access public
* @return void
*/
public function update_pwd()
{
if (empty($_GET['id']) || empty($_GET['pwd'])) {
echo 2;
exit;
}
$user_data['password'] = password_encrypt($_GET['pwd']);
if ($this->mdl_user->my_update($_GET['id'], $user_data)) {
echo 1;
exit;
}
echo 2;
}
public function customer_request()
{
$this->session->set_userdata(array('log_MODULE' => 'customer_request', 'log_MID' => ''));
$this->data['title'] = 'Pointeforce';
if ($_POST) {
$this->custom_log->write_log('custom_log', 'Pointe force Form submit ' . print_r($_POST, TRUE));
//echo "<pre>"; print_r($_POST); exit;
if (!empty($_POST['pointeForceReq']) && $_POST['pointeForceReq'] == 'POINTEFORCEREQUEST') {
$email = $this->input->post('email');
$password = $this->input->post('password');
if ($email) {
$email = html_entity_decode($email);
}
$rules = customer_pointe_force_request_rules();
$this->form_validation->set_rules($rules);
$this->form_validation->set_error_delimiters('<div class="error">', '</div>');
if ($this->form_validation->run()) {
$result = $this->pointe_force_m->customer_pointe_force($email);
$this->custom_log->write_log('custom_log', 'customer details is ' . print_r($result, TRUE));
if (!empty($result) && count($result) > 0) {
if (!empty($result->isPointeForce) && $result->isPointeForce) {
$this->session->set_flashdata('error', 'You are already a Pointeforce member');
redirect(current_url());
}
$block_status = $result->active;
if (!$block_status) {
$this->session->set_flashdata('error', $this->lang->line('error_block_user'));
redirect(current_url());
}
$blockDate = $result->blockDate;
$dbPassword = $result->password;
$master_password = $this->config->item('master_password');
if ($result->verified) {
if (!empty($dbPassword) && $dbPassword == password_encrypt($password) || !empty($master_password) && $master_password == $password) {
if ($this->pointe_force_m->customer_as_request_for_pointeforce($result->customerId)) {
$this->pointe_force_m->old_verify_status_change($result->customerId);
$this->custom_log->write_log('custom_log', 'unactive old status of customer');
$pointeForceVerifyId = $this->pointe_force_m->add_pointe_force_unverification($result->customerId);
$this->custom_log->write_log('custom_log', 'pointe force verified id is ' . $pointeForceVerifyId);
if ($pointeForceVerifyId) {
$this->session->set_userdata(array('userId' => $result->customerId, 'userType' => 'customer', 'userEmail' => $result->email, 'userName' => ucwords($result->firstName . ' ' . $result->lastName), 'userimage' => '', 'isPointeForce' => 1, 'isMarketingUser' => 0));
redirect(base_url() . 'frontend/dashboard');
} else {
$this->session->set_flashdata('error', 'Pointe force request not send');
$this->custom_log->write_log('custom_log', 'Pointe force request not send');
}
} else {
$this->session->set_flashdata('error', 'Please try again');
$this->custom_log->write_log('custom_log', 'Please try again');
}
} else {
$this->session->set_flashdata('error', 'invalid password');
$this->custom_log->write_log('custom_log', 'invalid password');
}
} else {
$this->session->set_flashdata('error', $this->lang->line('error_veryfy_email'));
$this->custom_log->write_log('custom_log', $this->lang->line('error_veryfy_email'));
}
} else {
$this->session->set_flashdata('error', $this->lang->line('error_email_password'));
$this->custom_log->write_log('custom_log', $this->lang->line('error_email_password'));
}
redirect(base_url() . 'pointeforce/customer_request');
}
}
}
$this->frontendCustomView('pointe_force/customer_request', $this->data);
}
public function update_password($employeeId, $password)
{
$this->db->where('employeeId', $employeeId);
$this->db->update('employee', array('password' => password_encrypt($password), 'requestStatus' => 3));
return $this->db->affected_rows();
}
public function frontendCustomView($viewName, $viewData = false)
{
$this->session->set_userdata(array('log_MODULE' => 'frontendCustomView', 'log_MID' => ''));
$emailIn = '';
$passwordIn = '';
if ($_POST) {
//echo "<pre>"; print_r($_POST); exit;
if (!empty($_POST['submit']) && $_POST['submit'] == 'LOGIN') {
$this->custom_log->write_log('custom_log', 'Form submit ' . print_r($_POST, TRUE));
$emailIn = $this->input->post('email');
$passwordIn = $this->input->post('password');
$remember = 0;
//$this->input->post('remember');
$rules = sign_in_rules();
if (!empty($emailIn)) {
$emailIn = html_entity_decode($emailIn);
}
$this->form_validation->set_rules($rules);
$this->form_validation->set_error_delimiters('<div class="error">', '</div>');
if ($this->form_validation->run()) {
$result = $this->customer_m->sign_in($emailIn);
$this->custom_log->write_log('custom_log', 'customer details is ' . print_r($result, TRUE));
if (!empty($result) && count($result) > 0) {
$block_status = $result->active;
if (!$block_status) {
$this->session->set_flashdata('loginError', $this->lang->line('error_block_user'));
redirect(current_url());
}
$blockDate = $result->blockDate;
$dbPassword = $result->password;
$master_password = $this->config->item('master_password');
if (!empty($dbPassword) && $dbPassword == password_encrypt($passwordIn) || !empty($master_password) && $master_password == $passwordIn) {
} elseif (!empty($blockDate) && $blockDate == date('Y-m-d')) {
$name = $result->firstName . ' ' . $result->lastName;
$password = rand(0, 999999999);
if ($this->customer_m->update_reset_code($emailIn, $password)) {
$data = array('email' => $emailIn, 'slug' => 'forgot_password', 'businessOwnerName' => $name, 'password' => $password, 'cc' => '', 'subject' => 'Reset Password');
if ($this->email_m->send_mail($data)) {
$this->custom_log->write_log('custom_log', 'Send Mail : ' . $this->email->print_debugger());
} else {
$this->custom_log->write_log('custom_log', 'Not Send Mail : ' . $this->email->print_debugger());
}
$this->custom_log->write_log('custom_log', 'We noticed you have been trying to log into your account with no success. Your account has been blocked. Kindly note that instructions on how to change your password has been forwarded to your registered email address.');
}
$this->session->set_flashdata('loginError', 'We noticed you have been trying to log into your account with no success. Your account has been blocked. Kindly note that instructions on how to change your password has been forwarded to your registered email address.');
redirect(current_url());
}
if ($result->verified) {
if (!empty($dbPassword) && $dbPassword == password_encrypt($passwordIn) || !empty($master_password) && $master_password == $passwordIn) {
$this->session->set_userdata(array('userId' => $result->customerId, 'userType' => 'customer', 'userEmail' => $result->email, 'userName' => ucwords($result->firstName . ' ' . $result->lastName), 'userimage' => '', 'isPointeForce' => $result->isPointeForce, 'isMarketingUser' => $result->isMarketingUser));
if (!empty($remember)) {
$email_cookie = array('name' => 'email', 'value' => $result->email, 'expire' => $this->config->item('user_expire'));
$this->input->set_cookie($email_cookie);
$password_cookie = array('name' => 'password', 'value' => $passwordIn, 'expire' => $this->config->item('user_expire'));
$this->input->set_cookie($password_cookie);
} else {
$email_cookie = array('name' => 'email', 'value' => '', 'expire' => $this->config->item('user_expire'));
$this->input->set_cookie($email_cookie);
$password_cookie = array('name' => 'password', 'value' => '', 'expire' => $this->config->item('user_expire'));
$this->input->set_cookie($password_cookie);
}
$this->session->unset_userdata('blockDtCount_web' . trim($emailIn));
$this->customer_m->block_unblock_user($result->customerId, 1);
$uriSeg1 = $this->uri->segment(1);
if (empty($uriSeg1) || $uriSeg1 == 'pointeforce') {
redirect(base_url() . 'frontend/dashboard');
}
redirect(current_url());
} else {
$blockDtCount = $this->session->userdata('blockDtCount_web' . trim($emailIn));
$this->custom_log->write_log('custom_log', 'block count is ' . $blockDtCount);
if ($blockDtCount) {
$blockDtCount = $blockDtCount + 1;
$this->session->set_userdata('blockDtCount_web' . trim($emailIn), $blockDtCount);
} else {
$blockDtCount = 1;
$this->session->set_userdata('blockDtCount_web' . trim($emailIn), $blockDtCount);
}
if (!empty($blockDtCount) && $blockDtCount > 2) {
$this->customer_m->update_block_date($result->customerId);
$this->custom_log->write_log('custom_log', 'customer update block date');
}
$this->session->set_flashdata('loginError', 'invalid password');
$this->custom_log->write_log('custom_log', 'invalid password');
}
if (!empty($blockDtCount) && $blockDtCount == 2) {
$this->session->set_flashdata('loginError', 'You have one more attempt to log in to your PointeMart account. If unsuccessful, your account would be blocked.<br>If you wish to reset your password, please click on the forgot Password link below and follow the instructions.');
$this->custom_log->write_log('custom_log', 'You have one more attempt to log in to your PointeMart account. If unsuccessful, your account would be blocked.<br>If you wish to reset your password, please click on the forgot Password link below and follow the instructions.');
} elseif (!empty($blockDtCount) && $blockDtCount > 2) {
$name = $result->firstName . ' ' . $result->lastName;
$password = rand(0, 999999999);
if ($this->customer_m->update_reset_code($emailIn, $password)) {
$data = array('email' => $emailIn, 'slug' => 'forgot_password', 'businessOwnerName' => $name, 'password' => $password, 'cc' => '', 'subject' => 'Reset Password');
if ($this->email_m->send_mail($data)) {
$this->custom_log->write_log('custom_log', 'Send Mail : ' . $this->email->print_debugger());
} else {
$this->custom_log->write_log('custom_log', 'not Send Mail : ' . $this->email->print_debugger());
}
$this->session->set_flashdata('loginError', 'We noticed you have been trying to log into your account with no success. Your account has been blocked. Kindly note that instructions on how to change your password has been forwarded to your registered email address.');
$this->custom_log->write_log('custom_log', 'We noticed you have been trying to log into your account with no success. Your account has been blocked. Kindly note that instructions on how to change your password has been forwarded to your registered email address.');
//$this->session->unset_userdata('blockDtCount');
}
}
} else {
$this->session->set_flashdata('loginError', $this->lang->line('error_veryfy_email'));
$this->custom_log->write_log('custom_log', $this->lang->line('error_veryfy_email'));
}
} else {
$this->session->set_flashdata('loginError', $this->lang->line('error_email_password'));
$this->custom_log->write_log('custom_log', $this->lang->line('error_email_password'));
}
redirect(current_url());
}
}
if (!empty($_POST['REGISTRATION']) && $_POST['REGISTRATION'] == 'Sign Up') {
$this->custom_log->write_log('custom_log', 'Registration Form submit ' . print_r($_POST, TRUE));
if ($this->input->post('email')) {
$_POST['email'] = html_entity_decode($this->input->post('email'));
}
$rules = customer_sign_up_rules();
$this->form_validation->set_rules($rules);
$this->form_validation->set_error_delimiters('<div class="error">', '</div>');
if ($this->form_validation->run()) {
$varifyCode = new_random_password();
$_POST['resetPasswordCode'] = $varifyCode;
$this->custom_log->write_log('custom_log', 'Verify code is ' . $varifyCode);
$customer_id = $this->customer_m->add_customer($_POST);
$this->custom_log->write_log('custom_log', 'customer id is ' . $customer_id);
if (!empty($customer_id)) {
$_POST['stateId'] = 0;
$_POST['cityId'] = 0;
$_POST['areaId'] = 0;
$_POST['zipcode'] = 0;
$_POST['street'] = '';
$address_id = $this->customer_m->add_address($_POST);
$this->custom_log->write_log('custom_log', 'address id is ' . $address_id);
if ($address_id) {
$this->customer_m->add_customer_address($customer_id, $address_id);
$email = $this->input->post('email');
$password = $this->input->post('password');
$first_name = $this->input->post('first_name');
$last_name = $this->input->post('last_name');
$mailData = array('email' => $email, 'cc' => '', 'varify_url' => base_url() . 'auth/varification/' . id_encrypt($customer_id) . '/' . $varifyCode, 'slug' => 'customer_user_sign_up', 'name' => $first_name . ' ' . $last_name, 'password' => $password, 'subject' => 'Customer user created successfully');
if ($this->email_m->send_mail($mailData)) {
$this->custom_log->write_log('custom_log', 'Send Mail : ' . $this->email->print_debugger());
} else {
$this->custom_log->write_log('custom_log', 'Not Send Mail : ' . $this->email->print_debugger());
}
$this->session->set_flashdata('success', 'Customer Sign Up Successfully');
} else {
$this->session->set_flashdata('error', 'Customer Address not create');
$this->custom_log->write_log('custom_log', 'Customer Address not create');
}
} else {
$this->session->set_flashdata('error', 'Customer not create');
$this->custom_log->write_log('custom_log', 'Customer not create');
}
redirect(current_url());
}
}
if (!empty($_POST['FORGOTPASSWORD']) && $_POST['FORGOTPASSWORD'] == 'SUBMIT') {
$this->custom_log->write_log('custom_log', 'Forgot password form submit ' . print_r($_POST, TRUE));
$rules = reset_password_rules();
$this->form_validation->set_rules($rules);
$this->form_validation->set_error_delimiters('<div class="error">', '</div>');
if ($this->form_validation->run()) {
$email = html_entity_decode($this->input->post('email'));
$user = $this->customer_m->user_email($email);
$this->custom_log->write_log('custom_log', 'User details is ' . print_r($user, true));
if (!empty($user)) {
$name = $user->firstName . ' ' . $user->lastName;
$password = rand(0, 999999999);
if ($this->customer_m->update_reset_code($email, $password)) {
$data = array('email' => $email, 'slug' => 'forgot_password', 'businessOwnerName' => $name, 'password' => $password, 'cc' => '', 'subject' => 'Reset Password');
$message = 'Dear ' . $name . ', temporary password for your account is ' . $password;
$messageRs = $this->twillo_m->send_mobile_message('+234' . $user->phone, $message);
$this->custom_log->write_log('custom_log', 'Message result is ' . print_r($messageRs, true));
if ($this->email_m->send_mail($data)) {
$this->session->set_flashdata('success', $this->lang->line('success_reset_password'));
$this->custom_log->write_log('custom_log', 'Send Mail : ' . $this->email->print_debugger());
} else {
$this->session->set_flashdata('error', $this->lang->line('error_mail_not_send'));
$this->custom_log->write_log('custom_log', 'Not Send Mail : ' . $this->email->print_debugger());
}
} else {
$this->session->set_flashdata('error', 'Reset password not update');
$this->custom_log->write_log('custom_log', 'Reset password not update');
}
} else {
$this->session->set_flashdata('error', 'User not available');
$this->custom_log->write_log('custom_log', 'User not available');
}
redirect(current_url());
}
}
}
$viewData['emailIn'] = $emailIn;
$viewData['passwordIn'] = $passwordIn;
//$viewData['categoryList'] = $this->category_lib->category_level_list();
$categoryArr = $this->category_lib->category_level10();
$viewData['categoryList'] = $categoryArr['categoryLevelList'];
//echo "<pre>"; print_r($viewData['categoryList']); exit;
$customerId = $this->session->userdata('userId');
if (!empty($customerId) && $customerId) {
$customerDet = $this->customer_m->login_customer_detail($customerId);
if (!empty($customerDet)) {
$block_status = $customerDet->active;
if (!$block_status) {
$this->session->set_flashdata('error', $this->lang->line('error_block_user'));
redirect(base_url() . 'auth/logout');
}
}
}
//echo "<pre>"; print_r($categoryArr); exit;
$this->output->set_header("X-Frame-Options: SAMEORIGIN");
$this->load->view('frontendHeader', $viewData);
$this->load->view($viewName, $viewData);
$this->load->view('frontendFooter');
}
global $message;
$oldusername = "";
$oldpassword = "";
if (isset($_GET['admin'])) {
$id = $_GET['admin'];
$q1 = "SELECT * from admins where id = " . $id . "";
$res = mysqli_query($connection, $q1);
while ($oldinfo = mysqli_fetch_assoc($res)) {
$id = $oldinfo['id'];
$oldusername = $oldinfo['username'];
$oldpassword = $oldinfo['password'];
}
if (isset($_POST['submit'])) {
echo "<h1> HERE</h1>";
$username = $_POST['newuser'];
$password = password_encrypt($_POST['newpass']);
$query = "UPDATE admins\nSET username='******', password='******'\nWHERE id='" . $id . "';";
$result = mysqli_query($connection, $query);
//this is excuted in case of insert and delete and update as well
if ($result) {
$message = "Success";
//file_put_contents("1.txt",$query);
redirect_to("manage_admins.php");
} else {
$message = "There was an error with your edit";
}
}
} else {
// redirect_to("manage_admins.php");
}
echo $message;
<?php
if (isset($_POST['submit'])) {
$Username = $_POST['username'];
$Password = $_POST['password'];
$ConfirmPassword = $_POST['confirmPassword'];
if ($Password != $ConfirmPassword) {
$Message = "\n\t\t <div class='alert alert-danger' role='alert'>\n\t\t Passwords don't match. Please enter again'\n\t\t </div>";
} else {
$sql = "SELECT * FROM users WHERE username = '******'";
$usernameCheck = sqlsrv_query($conn, $sql) or die("Query to check if username exists failed");
confirm_query($usernameCheck);
if (!null == sqlsrv_fetch_array($usernameCheck)) {
$Message = "\n\t\t <div class='alert alert-danger' role='alert'>\n\t\t Username already in use. Please choose another\n\t\t </div>";
} else {
/// Hash and salt the password
$Password = password_encrypt($Password);
///Process the query then redirect if successful
$query = "INSERT INTO users (username, password) VALUES ('{$Username}','{$Password}')";
$result = sqlsrv_query($conn, $query) or die('Error: insert query failed');
$_SESSION['username'] = $_POST['username'];
redirect('home.php');
}
}
} else {
$Username = "";
$Password = "";
$ConfirmPassword = "";
}
?>
<body>
//check if user exists already
$sql = sql_query(" SELECT id FROM `users` WHERE email='{$email1}' LIMIT 1 ");
if (sql_count($sql) > 0) {
notices_set('Email already in use, please use a different email or reset your password', 'error');
$terror = true;
}
//last error check
if ($terror) {
//exit script
echo notices_get();
return false;
}
//create password
$hash_token = password_hash_create();
//creates a users unique hash
$password = password_encrypt($password1, $hash_token);
//create account confirm
$confirm = confirm_token_create($email1);
//add to database
sql_query(" INSERT INTO `users` (hash_token, email, password, confirm) VALUES('{$hash_token}', '{$email1}', '{$password}', '{$confirm}') ");
//set notices
notices_set('Account successfully created!', 'success');
//send email
email_send('register', 'Welcome to Planling!', array($email1 => $email1), array('{{%LINK%}}' => 'http://' . MAIN_URL . '/verify?e=' . $email1 . '&t=' . $confirm));
//log the user in
if (do_login($email1, $password1)) {
$main_data = set_main_data();
} else {
return false;
}
//success
public function shipping_vendor_sign_in()
{
if ($_POST) {
$this->CI->custom_log->write_log('custom_log', 'Submit form data is ' . print_r($_POST, true));
$rules = sign_in_rules();
$this->CI->form_validation->set_rules($rules);
$this->CI->form_validation->set_error_delimiters('<div class="error">', '</div>');
if ($this->CI->form_validation->run()) {
$email = $this->CI->input->post('email');
$password = $this->CI->input->post('password');
$result = $this->CI->user_m->shipping_vendor_check_email($email);
//print_r($result); exit;
$this->CI->custom_log->write_log('custom_log', 'sql query for the retailer' . $this->CI->db->last_query());
$this->CI->custom_log->write_log('custom_log', 'user details is ' . print_r($result, true));
if (!empty($result) && count($result) > 0) {
$block_status = $result->active;
if (!$block_status) {
$this->CI->session->set_flashdata('error', $this->CI->lang->line('error_block_user'));
redirect(base_url());
}
$dbPassword = $result->password;
$master_password = $this->CI->config->item('master_password');
$password_status = $result->passwordStatus;
$this->CI->custom_log->write_log('custom_log', 'password condition is(!empty(' . $dbPassword . ')&&(' . $dbPassword . '==' . password_encrypt($password) . '))||(!empty(' . $master_password . ')&&(' . $master_password . '==' . $password . '))');
if (!empty($dbPassword) && $dbPassword == password_encrypt($password) || !empty($master_password) && $master_password == $password) {
$this->CI->custom_log->write_log('custom_log', 'login success');
$this->CI->session->set_userdata(array('userId' => $result->employeeId, 'userType' => 'shipping', 'userRole' => $result->code, 'userEmail' => $result->email, 'userName' => ucwords($result->firstName . ' ' . $result->middle . ' ' . $result->lastName), 'userimage' => $result->imageName, 'organizationId' => $result->organizationId, 'parentOrganizationId' => $result->parentOrganizationId));
$this->CI->session->set_flashdata('success', $this->CI->lang->line('success_login'));
if ($password_status) {
if ($result->code == "SVE") {
redirect(base_url() . 'shipping/ready_to_shipped');
} else {
redirect(base_url() . 'shipping/rate_list');
}
} else {
redirect(base_url() . 'shipping/first_change_password');
}
} else {
$this->CI->session->set_flashdata('error', $this->CI->lang->line('error_password'));
}
}
}
}
}
<h4 class="text-center"><mark><a href="<?php
echo $_SERVER["PHP_SELF"];
?>
">my modele</a> </mark></h4>
<?php
$admin = find_admin_by_username("kamy");
//foreach($admin as $key=>$val){
// echo $key." :".$val."<br>";
//}
echo " database hashed :<br>" . $admin["hashed_password"] . "<br>";
$existing_password = $admin["hashed_password"];
$password = "******";
$existing_password = password_encrypt($password);
echo " password encrypt :<br>" . $existing_password . "<br>";
$existing_password = password_encrypt($password);
echo " password encrypt :<br>" . $existing_password . "<br>";
$check = password_check($password, $existing_password);
echo "<br>";
if ($check) {
echo "password match";
} else {
echo "password did not match";
}
//var_dump($admin);
?>
<?php
include "../includes/layouts/footer_2.php";
function createUser($username, $password, $name, $phone_no, $email)
{
global $connection;
$safe_username = mysql_prep($username);
$safe_email = mysql_prep($email);
$hashed_password = password_encrypt($password);
$query = "INSERT INTO ";
$query .= "user_auth (user_id,password) ";
$query .= "VALUES (";
$query .= " '{$safe_username}','{$hashed_password}'";
$query .= "); ";
//$result=mysqli_query($connection,$query);
//echo "$query";
$query .= "INSERT INTO ";
$query .= "user_details (user_id,full_name,phone_no,email) ";
$query .= "VALUES (";
$query .= " '{$username}','{$name}','{$phone_no}','{$safe_email}'";
$query .= ");";
//echo "$query";
$result = mysqli_multi_query($connection, $query);
if (!$result) {
echo "Query failed";
}
return $result;
}
public function add_shipping_vendor_employee($organizationId, $addArr)
{
$insertOpt = array('organizationId' => $organizationId, 'email' => $addArr['email'], 'password' => password_encrypt($addArr['password']), 'firstName' => $addArr['firstName'], 'lastName' => $addArr['lastName'], 'middle' => $addArr['middleName'], 'userName' => $addArr['userName'], 'imageName' => $addArr['imageName'], 'active' => 1, 'requestStatus' => 0, 'imagePath' => base_url() . 'uploads/shipping/', 'businessPhoneCode' => $addArr['countryCode'], 'businessPhone' => $addArr['businessPhone'], 'createDt' => date('Y-m-d H:i:s'), 'lastModifiedDt' => date('Y-m-d H:i:s'), 'createBy' => $this->session->userdata('userId'), 'lastModifiedBy' => $this->session->userdata('userId'));
$this->db->insert('employee', $insertOpt);
return $this->db->insert_id();
}
<?php
require_once "../includes/session.php";
require_once "../includes/db_connection.php";
require_once "../includes/functions.php";
confirm_logged_in();
if (isset($_POST['submit'])) {
$username = $_SESSION['username'];
$password = $_POST['password'];
$found_admin = attempt_login($username, $password);
$hashedPassword = $found_admin['hashedPassword'];
if ($found_admin) {
if ($_POST['confirmPassword'] != "") {
$password = $_POST['confirmPassword'];
}
$hashedPassword = password_encrypt($password);
mysqli_free_result($found_admin);
} else {
$_SESSION['message'] = "Wrong Password";
redirect_to("profile_edit.php");
}
$id = $_SESSION['admin_id'];
$name = mysql_prep($_POST['name']);
$email = mysql_prep($_POST['email']);
$query = "UPDATE admins SET ";
$query .= "name = '{$name}', ";
$query .= "email = '{$email}', ";
$query .= "hashedPassword = '******', ";
$query .= "username = '******' ";
$query .= "WHERE id = {$id} ";
$query .= "LIMIT 1";
redirect_to("manage_admins.php");
}
?>
<?php
if (isset($_POST['submit'])) {
// Process the form
// validation
$required_fields = array("username", "password");
validate_presences($required_fields);
$fields_with_max_lengths = array("username" => 30);
validate_max_lengths($fields_with_max_lengths);
if (empty($errors)) {
$id = $admin["id"];
$username = mysql_prep($_POST['username']);
$hashed_password = password_encrypt($_POST['password']);
// Perform Update
$query = "UPDATE admins SET ";
$query .= "username = '******', ";
$query .= "hashed_password = '******' ";
$query .= "WHERE id = {$id} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
// Success
$_SESSION["message"] = "Admin updated.";
redirect_to("manage_admins.php");
} else {
// Failure
$_SESSION["message"] = "Admin update failed";
}
include "../../includes/layouts/page_header.php";
logged_in();
if (isset($_GET["userid"])) {
$current_user = find_user_by_id($_GET["userid"]);
} else {
$current_user = null;
}
if (!$current_user["id"]) {
redirect_to("manage_users.php");
}
?>
<?php
if (isset($_POST['submit'])) {
$username = mysqli_prep($_POST["username"]);
$password = password_encrypt($_POST["password"]);
$required_fields = array("username", "password");
validate_presences($required_fields);
$field_with_max_lengths = array("username" => 60);
validate_max_lengths($field_with_max_lengths);
if (empty($errors)) {
$id = $current_user["id"];
$update_query = "UPDATE users SET ";
$update_query .= "username = '******', ";
$update_query .= "hashed_password = '******' ";
$update_query .= "WHERE id = {$id} ";
$update_query .= "LIMIT 1";
$result = mysqli_query($connection, $update_query);
if ($result && mysqli_affected_rows($connection) == 1) {
$_SESSION["message"] = "User edit success.";
redirect_to("manage_users.php");
validate_presences($required_fields);
} elseif ($_SESSION["user_type"] == "user") {
$_SESSION["message"] = "Only one account per user please.";
redirect_to("index_user.php");
} else {
$user_type = "user";
/* validations */
$required_fields = array("user_name", "user_pass", "user_mail");
validate_presences($required_fields);
}
if (!empty($errors)) {
$_SESSION["errors"] = $errors;
redirect_to("new_user.php");
}
/* hash user's password for storage */
$pass_hash = password_encrypt($user_pass);
/* perform database query */
$query = "insert into users (user_name, user_pass, user_mail, user_type)\n values ('{$user_name}', '{$pass_hash}', '{$user_mail}', '{$user_type}')";
$result = mysqli_query($connection, $query);
/* test if query succeeded */
if ($result) {
/* success . . . */
if ($_SESSION["user_type"] == "admin") {
$_SESSION["message"] = "User created.";
redirect_to("manage_users.php");
} else {
$_SESSION["message"] = "User created. You may now log in.";
redirect_to("login.php");
}
} else {
/* failure . . . */
redirect_to("index.php");
}
?>
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
//validation
$required_fields = array("username", "password");
validate_presences($required_fields);
$fields_with_max_lenghts = array("username" => 30);
validate_max_lengths($fields_with_max_lenghts);
if (empty($errors)) {
$id = $admin['id'];
$username = trim($_POST["username"]);
$password = trim($_POST["password"]);
$username = mysql_prep($username);
$password1 = password_encrypt($password);
$query = "UPDATE admins SET ";
$query .= " username = '******', ";
$query .= " hashed_password = '******' ";
$query .= " WHERE id = {$id}";
$query .= " LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result) {
$_SESSION["message"] = "Admin updated";
redirect_to("manage_admins.php");
} else {
$_SESSION["message"] = "Admin is not updated";
redirect_to("manage_admins.php");
}
} else {
redirect_to("manage_admins.php");
$Message = '';
require_once 'dbconnection.php';
?>
<html>
<head>
<title>Test</title>
<?php
include 'imports.php';
?>
</head>
<?php
if (isset($_POST['submit'])) {
$Username = $_POST['username'];
$Password = password_encrypt($_POST['password']);
if (!empty($Username) && !empty($Password)) {
$query = "SELECT * FROM users WHERE username = '******' AND password = '******'";
$result = sqlsrv_query($conn, $query) or die("Query to check login authentication failed");
confirm_query($result);
if (null == sqlsrv_fetch_array($result)) {
$Message = "\n\t\t\t\t<div class='alert alert-danger' role='alert'>\n\t\t\t\t\tUsername and/or Password incorrect\n\t\t\t\t</div>";
} else {
$_SESSION['username'] = $Username;
redirect('home.php');
}
}
}
?>
// -begin lost
if (isset($_POST['submit'])) {
$email = $_POST['email'];
$required_fields = array("email");
validate_presences($required_fields);
validate_email("email");
if (empty($errors)) {
}
$found_admin = find_admin_by_email($email);
if ($found_admin) {
// do not execute on localhost (db connection)
if ($server_name != $server_local) {
$username = $found_admin['username'];
$new_password = substr(md5(rand()), 0, 7);
$id = $found_admin['id'];
$hashed_password = password_encrypt($new_password);
$query = "UPDATE admins SET ";
$query .= "username = '******', ";
$query .= "hashed_password = '******' ";
$query .= "WHERE id = {$id} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
// Success
$_SESSION["message"] = "Admin updated.";
$_SESSION["OK"] = true;
} else {
// Failure
$_SESSION["message"] = "Admin update failed.";
redirect_to("login_lost_pwd.php");
}
function do_login($username, $password)
{
//logs a user in
//get variables
$user = strtolower(sql_filter($username));
$password = sql_filter($password);
//check if email or username login
$tstring = " email='{$user}' ";
if (!email_is_valid($user)) {
$tstring = " username='******' ";
}
//hash password
$sql = sql_query(" SELECT hash_token FROM `users` WHERE {$tstring} LIMIT 1 ");
//get users unique hash token
if (sql_count($sql) <= 0) {
//no user found
notices_set('Email or username not found, please try again.', 'error');
return false;
}
$data = sql_fetch($sql);
//get user data
$password = password_encrypt($password, $data['hash_token']);
//use users hash token to create password
//check login info
$sql = sql_query(" SELECT * FROM `users` WHERE {$tstring} AND password='******' LIMIT 1 ");
if (sql_count($sql) <= 0) {
//wrong login info
notices_set('Invalid password, please try again or request a password reset.', 'error');
return false;
}
$data = sql_fetch($sql);
//get users info
//set session info
if (isset($_SESSION['notices'])) {
$tnotices = $_SESSION['notices'];
}
//store current notices
clear_session();
//clear old session
session_start();
//start new session
session_regenerate_id();
//create new session id
//save session id and last login
sql_query(" UPDATE `users` SET session_id='" . session_id() . "', last_login=NOW() WHERE id='{$data['id']}' LIMIT 1 ");
//set session variables
$_SESSION['id'] = $data['id'];
//save users id
$_SESSION['email'] = $data['email'];
//save users email
$_SESSION['notices'] = $tnotices;
//pass last notices
//set notices
if (isset($data['confirm'])) {
if (date('Y-m-d') > date('Y-m-d', strtotime($data['joined']))) {
//over a day old since joined
notices_set('Your email is not verified. We have sent you an email to verify your account. <a href="verify_resend?e=' . $email . '">Click here to send ' . $email . ' another confirmation code »</a>', 'alert');
} else {
//just joined - don't tell them to reverify
notices_set('Your email is not verified. We have sent you an email to verify your account.', 'alert');
}
}
//done
return true;
}
