protected function setLoginErrorAndQuit($message)
{
if (isset($message)) {
FlashMessage::flash('LoginError', $message);
header('Location: /account.php');
exit;
}
}
private function setLoginErrorAndQuit($message)
{
if (isset($message)) {
FlashMessage::flash('LoginError', $message);
header('Location: /admin.php');
exit;
}
}
public static function displayFlash($messageName, $type = '')
{
if (isset($messageName)) {
if ($type == 'message') {
echo '<div class="col-md-12">';
echo '<div class="alert alert-success flash-alert">';
echo '<a href="#" class="close" data-dismiss="alert">×</a>' . FlashMessage::flash($messageName);
echo '</div><br />';
echo '</div>';
return true;
} else {
echo '<div class="col-md-12">';
echo '<div class="alert alert-danger flash-alert">';
echo '<a href="#" class="close" data-dismiss="alert">×</a>' . FlashMessage::flash($messageName);
echo '</div><br />';
echo '</div>';
return true;
}
}
return false;
}
public function registerNewUser($user_group = 1)
{
if (empty($_POST['user_name'])) {
$this->setErrorAndQuit('Username cannot be empty.');
} elseif (empty($_POST['user_password_new']) || empty($_POST['user_password_repeat'])) {
$this->setErrorAndQuit('Password cannot be empty.');
} elseif ($_POST['user_password_new'] !== $_POST['user_password_repeat']) {
$this->setErrorAndQuit('RegisterError', 'Passwords do not match.');
} elseif (!passwordPolicyMatch($_POST['user_password_new'])) {
$this->setErrorAndQuit('Password does not match');
} elseif (strlen($_POST['user_name']) > 64 || strlen($_POST['user_name']) < 2) {
$this->setErrorAndQuit('Password does not conform to the password policy.<br />' . passwordPolicyWritten());
} elseif (!preg_match('/^[a-zA-Z0-9]*[_.-]?[a-zA-Z0-9]*$/', $_POST['user_name'])) {
$this->setErrorAndQuit('Username does not match the naming scheme. Only letters, numbers, underscores, and periods are allowed');
} elseif (empty($_POST['user_email'])) {
$this->setErrorAndQuit('Email cannot be empty.');
} elseif (strlen($_POST['user_email']) > 64) {
$this->setErrorAndQuit('Email cannot be longer than 64 characters.');
} elseif (!filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL)) {
$this->setErrorAndQuit('Your email address is not in a valid email format.');
} elseif (!empty($_POST['user_name']) && strlen($_POST['user_name']) <= 64 && strlen($_POST['user_name']) >= 2 && preg_match('/^[a-zA-Z0-9]*[_.-]?[a-zA-Z0-9]*$/', $_POST['user_name']) && !empty($_POST['user_email']) && strlen($_POST['user_email']) <= 64 && filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL) && !empty($_POST['user_password_new']) && !empty($_POST['user_password_repeat']) && $_POST['user_password_new'] === $_POST['user_password_repeat']) {
if ($this->db_connection = startPDOConnection()) {
//Trim the whitespace
$user_name = trim($_POST['user_name']);
$user_fullname = trim($_POST['user_fullname']);
$user_email = trim($_POST['user_email']);
$user_password = $_POST['user_password_new'];
$user_created = date('Y-m-d H:i:s');
$user_password_hash = password_hash($user_password, PASSWORD_DEFAULT);
if (isset($_POST['account_type']) && $_POST['account_type'] == 'admin') {
$account_type = 'admin';
} else {
$account_type = 'clients';
}
// Check if the user/email address is already taken or not
if ($stmt = $this->db_connection->prepare('SELECT * FROM ' . $account_type . ' WHERE username=? OR email=?')) {
if ($stmt->execute(array($user_name, $user_email))) {
if ($stmt->rowCount() == 1) {
$this->setErrorAndQuit('Sorry, that username or email address is already taken.');
} else {
$stmt = null;
// Prepare and bind the database to insert the administrator account
if ($stmt = $this->db_connection->prepare('INSERT INTO ' . $account_type . ' (username, password, email, name, created) VALUES (?, ?, ?, ?, ?)')) {
if ($stmt->execute(array($user_name, $user_password_hash, $user_email, $user_fullname, $user_created))) {
FlashMessage::flash('RegisterSuccess', $user_name . ' has been created successfully.');
header('Location: /admin/newaccount.php');
exit;
} else {
$this->setErrorAndQuit('Sorry, your registration failed.<br />Please go back and try again.');
}
} else {
$this->setErrorAndQuit('Sorry, your registration failed.<br />Please go back and try again.');
}
}
} else {
$this->setErrorAndQuit('There was a problem connecting to the database.<br />Please try again.');
}
} else {
$this->setErrorAndQuit('There was a problem connecting to the database.<br />Please try again.');
}
} else {
$this->setErrorAndQuit('There was a problem connecting to the database.<br />Please try again.');
}
} else {
$this->setErrorAndQuit('Sorry, your registration failed.<br />Please go back and try again.');
}
}
public function setAdminPWFromPost()
{
if (isset($_POST['user_currentpassword'], $_POST['user_newpassword'], $_POST['user_repeatpassword'], $_SESSION['user_name'])) {
if ($this->verifyAdminPW($_SESSION['user_name'], $_POST['user_currentpassword'])) {
if ($_POST['user_newpassword'] == $_POST['user_repeatpassword']) {
if (strlen($_POST['user_newpassword']) >= Config::get('security/passwordLength')) {
if ($this->setAdminPW($_SESSION['user_name'], $_POST['user_newpassword'])) {
FlashMessage::flash('ChangePWSuccess', 'Your password was changed successfully');
header('Location: /changepw.php');
exit;
} else {
$this->setErrorAndQuit('Your password could not be changed due to a database error. Please try again.');
}
} else {
$this->setErrorAndQuit('The new password must be ' . Config::get('security/passwordLength') . '+ characters long. Please try again.');
}
} else {
$this->setErrorAndQuit('The passwords you entered did not match. Please try again.');
}
} else {
$this->setErrorAndQuit('The password you entered was incorrect. Please try again.');
}
} else {
$this->setErrorAndQuit('The required fields were not filled in.');
}
$this->setErrorAndQuit('Your password could not be changed.');
}
<?php
require_once '../resources/core/init.php';
if (isset($_POST['InputSubmit'])) {
require_once RESOURCE_DIR . 'functions/sendEmail.php';
// Send email
if (isset($_POST['InputName'], $_POST['InputEmail'], $_POST['InputMessage'])) {
$body = 'From: ' . sanitize($_POST['InputName']) . '<br />' . 'From Email: ' . sanitize($_POST['InputEmail']) . '<br />' . 'Message: ' . sanitize($_POST['InputMessage']);
if (sendEmail($body)) {
FlashMessage::flash('ContactSuccess', 'The email message was sent. You should hear a response within 24 hours.');
} else {
FlashMessage::flash('ContactError', 'The email could not be sent. Please contact ' . sanitize(Config::get('email/to')) . ' directly.');
}
header('Location: /contact.php');
exit;
}
}
require_once RESOURCE_DIR . 'views/contact.php';
public function deleteHubFromPost()
{
if (isset($_POST['delete_hub'], $_POST['hub_name'])) {
if ($this->deleteHub($_POST['hub_name'], $_SESSION['user_name'])) {
FlashMessage::flash('ManageHubMessage', sanitize('The hub ' . $_POST['hub_name'] . ' was deleted'));
header('Location: /client/manage.php');
exit;
}
} else {
$this->setErrorAndQuit('The required fields were not provided');
}
$this->setErrorAndQuit('The hub ' . $_POST['hub_name'] . ' could not be deleted');
}
