/**
* @param $in
* @return array
*
* @code
* $ php index.php "route=user.Controller.register&username=abc&password=1234&email=abc@def.com"
* @endcode
*
*/
public function register($in)
{
if (!isset($in['username'])) {
sys()->log("Username is empty.");
return ERROR(-111, "Username is empty.");
}
if (!isset($in['password'])) {
return ERROR(-1121, "Password is empty.");
}
if (!isset($in['email'])) {
return ERROR(-113, "Email is empty.");
}
if (user_exists($in['username'])) {
return ERROR(-121, "User: {$in['username']} exists.");
}
if (user_email_exists($in['email'])) {
return ERROR(-121, "User email: {$in['email']} exists.");
}
$sets = array();
$sets['username'] = $in['username'];
$sets['password'] = password_encrypt($in['password']);
$sets['email'] = $in['email'];
$sets['first_name'] = hi('first_name', '');
$sets['middle_name'] = hi('middle_name', '');
$sets['last_name'] = hi('last_name');
$sets['mobile'] = hi('mobile', '');
$sets['landline'] = hi('landline', '');
$sets['address'] = hi('address');
$re = user()->create()->sets($sets)->save();
if ($re) {
return SUCCESS();
} else {
return ERROR(-4, 'Failed on saving user information.');
}
}
function user_create($Username, $Password, $Email)
{
lib('Passwords');
global $pdo;
if (user_exists($Username)) {
return false;
}
if (user_email_exists($Email)) {
return false;
}
$stmt = $pdo->prepare('
INSERT INTO `users`
(
`uuid`
, `username`
, `password`
) VALUES (
uuid()
, :username
, :password
)');
$stmt->bindValue(':username', $Username);
$stmt->bindValue(':password', password_hash($Password));
$stmt->execute();
$stmt->closeCursor();
return true;
}
function facebook_callback()
{
$facebook = new Facebook(array('appId' => FACEBOOK_API_KEY, 'secret' => FACEBOOK_API_SECRET));
try {
$fbuser = $facebook->api('/me');
if ($id = user_email_exists($fbuser['email'])) {
$user = new User($id);
$user->facebook = $fbuser['id'];
$user->save();
$user->fb_login();
redirect('/user');
} else {
$user = new User();
$user->set_default();
$user->email = $fbuser['email'];
$user->password = md5(time());
$user->status = 1;
if (isset($fbuser['username'])) {
$user->username = $fbuser['username'];
} else {
$user->username = $fbuser['name'];
}
$user->firstname = $fbuser['first_name'];
$user->lastname = $fbuser['last_name'];
$user->facebook = $fbuser['id'];
$user->gender = $fbuser['gender'];
$user->picture = new File();
$user->picture->load_from_url('https://graph.facebook.com/' . $fbuser['id'] . '/picture?type=large');
$created = $user->create();
if ($created) {
$user->fb_login();
redirect('/user');
} else {
redirect('/register');
}
}
} catch (Exception $e) {
redirect('/');
}
}
function change_user_details($user_name, $user_email, $user_password)
{
$user_id = $_SESSION['user_id'];
if (validate_user_name($user_name) != true) {
return '<span class="error_span">Name must be <u>letters only</u> and be <u>2 to 12 letters long</u>. If your name is longer, use a short version of your name</span>';
}
if (validate_user_email($user_email) != true) {
return '<span class="error_span">Email must be a valid email address and be no more than 50 characters long</span>';
} elseif (validate_user_password($user_password) != true && !empty($user_password)) {
return '<span class="error_span">Password must be at least 4 characters</span>';
} elseif (user_name_exists($user_name, $conn) == true && $user_name != $_SESSION['user_name']) {
return '<span class="error_span">Name is already in use. If you have the same name as someone else, use another spelling that identifies you</span>';
} elseif (user_email_exists($user_email) == true && $user_email != $_SESSION['user_email']) {
return '<span class="error_span">Email is already registered</span>';
} else {
if (empty($user_password)) {
mysqli_query($conn, "UPDATE " . global_mysql_users_table . " SET user_name='{$user_name}', user_email='{$user_email}' WHERE user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysqli_error($conn)) . '</span>');
} else {
$user_password = encrypt_password($user_password);
mysqli_query($conn, "UPDATE " . global_mysql_users_table . " SET user_name='{$user_name}', user_email='{$user_email}', user_password='******' WHERE user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysqli_error($conn)) . '</span>');
}
mysqli_query($conn, "UPDATE " . global_mysql_reservations_table . " SET reservation_user_name='{$user_name}', reservation_user_email='{$user_email}' WHERE reservation_user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysqli_error($conn)) . '</span>');
$_SESSION['user_name'] = $user_name;
$_SESSION['user_email'] = $user_email;
$user_password = strip_salt($user_password);
setcookie(global_cookie_prefix . '_user_email', $user_email, time() + 3600 * 24 * intval(global_remember_login_days));
setcookie(global_cookie_prefix . '_user_password', $user_password, time() + 3600 * 24 * intval(global_remember_login_days));
return 1;
}
}
$error=false;
$error_extra="";
$user_email=getval("email","");
hook("preuserrequest");
if (getval("save","")!="")
{
# Check the anti-spam code is correct
if (getval("antispamcode","")!=md5(getval("antispam","")))
{
$error=$lang["requiredfields"];
}
# Check that the e-mail address doesn't already exist in the system
elseif (user_email_exists(getval("email","")))
{
# E-mail already exists
$error=$lang["accountemailalreadyexists"];$error_extra="<br/><a href=\"".$baseurl_short."pages/user_password.php?email=" . urlencode(getval("email","")) . "\">" . $lang["forgottenpassword"] . "</a>";
}
else
{
# E-mail is unique
if ($user_account_auto_creation)
{
# Automatically create a new user account
$try=auto_create_user_account();
}
else
{
if ($custom_field_sub_value_list != "") {
$customContents .= i18n_get_translated($custom[$n]) . ": " . i18n_get_translated($custom_field_sub_value_list) . "\n\n";
# append with list of all sub values found
} elseif ($custom_field_value != "") {
$customContents .= i18n_get_translated($custom[$n]) . ": " . i18n_get_translated($custom_field_value) . "\n\n";
# there is a value so append it
} elseif (isset($required) && in_array($custom[$n], $required)) {
$missingFields[] = $custom[$n];
}
}
}
if (!empty($missingFields)) {
$error = $lang["requiredfields"] . ' ' . i18n_get_translated(implode(', ', $missingFields), true);
} elseif (getval("antispamcode", "") != md5(getval("antispam", ""))) {
$error = $lang["requiredantispam"];
} elseif (user_email_exists($user_email)) {
# E-mail already exists
$error = $lang["accountemailalreadyexists"];
$error_extra = "<br/><a href=\"" . $baseurl_short . "pages/user_password.php?email=" . urlencode($user_email) . "\">" . $lang["forgottenpassword"] . "</a>";
} else {
# E-mail is unique
if ($user_account_auto_creation) {
# Automatically create a new user account
$try = auto_create_user_account();
} else {
$try = email_user_request();
}
if ($try === true) {
redirect($baseurl_short . "pages/done.php?text=user_request");
} else {
$error = $try;
if (empty($_POST['password'])) {
$errors[] = 'Please enter a password';
}
if (empty($_POST['email'])) {
$errors[] = 'Please enter an email';
}
if (!$errors) {
// More validation, but no point if anything is empty
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$errors[] = 'Please enter a valid email';
}
lib('User');
if (user_exists($_POST['username'])) {
$errors[] = 'That username is already taken. Please try again';
}
if (user_email_exists($_POST['email'])) {
$errors[] = 'That email is already taken. Please try again';
}
if (strlen($_POST['password']) < 4) {
$errors[] = 'Please enter a longer password';
}
}
if (!$errors) {
if (user_create($_POST['username'], $_POST['password'], $_POST['email'])) {
user_force_authenticate($_POST['username']);
$smarty->display('registration_complete.tpl');
die;
// All complete!
} else {
$errors[] = 'Unknown error. Please try again';
}
unset($_SESSION['register_errors']);
}
if (isset($_SESSION['name']) && isset($_SESSION['email']) && isset($_SESSION['bio'])) {
unset($_SESSION['name']);
unset($_SESSION['email']);
unset($_SESSION['bio']);
}
$name = mysqli_real_escape_string($dbc, $_POST['name']);
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
$bio = mysqli_real_escape_string($dbc, $_POST['bio']);
$password = sha1(SHA1_SALT . $_POST['password']);
$confirm = sha1(SHA1_SALT . $_POST['confirm']);
if ($email == false) {
$_SESSION['register_errors'][] = "Email is not valid";
} else {
if (user_email_exists($email)) {
$_SESSION['register_errors'][] = "Email already exists";
}
}
if ($password != '' && $confirm != '') {
if ($password != $confirm) {
$_SESSION['register_errors'][] = "Passwords don't match";
}
} else {
$_SESSION['register_errors'][] = "Please complete password fields";
}
if (!isset($_SESSION['register_errors'])) {
$update = user_insert($name, $email, $bio, $password);
if ($update) {
header('Location: index.php?controller=login');
break;
public function create()
{
if (empty($this->email)) {
return false;
}
if (empty($this->username) && !empty($this->email)) {
$this->username = array_shift(explode('@', $this->email));
}
$this->email = strtolower($this->email);
$this->created = time();
$this->updated = time();
$this->deleted = 0;
$this->password = md5($this->email . $this->password);
if (!user_email_exists($this->email) && !user_name_exists($this->username)) {
$this->save();
return true;
} else {
return false;
}
}
function user_set_email($user_id, $new_email)
{
//If the new username is different from current
if (strcmp($new_email, user_get_email($user_id))) {
//check that no other user has it
if (!user_email_exists($new_email)) {
//set it
$sql = "UPDATE " . PREFIX . "user SET email='" . sql_safe($new_email) . "' WHERE id=" . sql_safe($user_id) . ";";
if (mysql_query($sql)) {
add_message("New email set");
} else {
add_error("Email could not be set: " . mysql_error());
}
} else {
add_error("Email '{$new_email}' is already in use.");
}
}
}
function user_email_exists_json()
{
if ($param = get('email')) {
$response = array('status' => 200, 'response' => user_email_exists($param));
} else {
$response = array('status' => 500, 'response' => 'missing arguments');
}
return json_encode($response);
}
function change_user_details($user_name, $user_email, $user_password)
{
$user_id = $_SESSION['user_id'];
if (validate_user_name($user_name) != true) {
// return('<span class="error_span">Name must be <u>letters only</u> and be <u>2 to 12 letters long</u>. If your name is longer, use a short version of your name</span>');
return '<span class="error_span">El "Número de Alumno"solo admite <u>números</u>. Entre 3 y 6 dígitos</span>';
}
if (validate_user_email($user_email) != true) {
return '<span class="error_span">El Email debe ser válido y no tener más de 50 caracteres.</span>';
} elseif (validate_user_password($user_password) != true && !empty($user_password)) {
return '<span class="error_span">El Password debe tener un mínimo de 4 caracteres</span>';
} elseif (user_name_exists($user_name) == true && $user_name != $_SESSION['user_name']) {
return '<span class="error_span">Ese número de alumno ya fue utilizado</span>';
} elseif (user_email_exists($user_email) == true && $user_email != $_SESSION['user_email']) {
return '<span class="error_span">Email ya registrado</span>';
} else {
if (empty($user_password)) {
mysql_query("UPDATE " . global_mysql_users_table . " SET user_name='{$user_name}', user_email='{$user_email}' WHERE user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
} else {
$user_password = encrypt_password($user_password);
mysql_query("UPDATE " . global_mysql_users_table . " SET user_name='{$user_name}', user_email='{$user_email}', user_password='******' WHERE user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
}
mysql_query("UPDATE " . global_mysql_reservations_table . " SET reservation_user_name='{$user_name}', reservation_user_email='{$user_email}' WHERE reservation_user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
$_SESSION['user_name'] = $user_name;
$_SESSION['user_email'] = $user_email;
$user_password = strip_salt($user_password);
setcookie(global_cookie_prefix . '_user_email', $user_email, time() + 3600 * 24 * intval(global_remember_login_days));
setcookie(global_cookie_prefix . '_user_password', $user_password, time() + 3600 * 24 * intval(global_remember_login_days));
return 1;
}
}
