protected function setLoginErrorAndQuit($message) { if (isset($message)) { FlashMessage::flash('LoginError', $message); header('Location: /account.php'); exit; } }
private function setLoginErrorAndQuit($message) { if (isset($message)) { FlashMessage::flash('LoginError', $message); header('Location: /admin.php'); exit; } }
public static function displayFlash($messageName, $type = '') { if (isset($messageName)) { if ($type == 'message') { echo '<div class="col-md-12">'; echo '<div class="alert alert-success flash-alert">'; echo '<a href="#" class="close" data-dismiss="alert">×</a>' . FlashMessage::flash($messageName); echo '</div><br />'; echo '</div>'; return true; } else { echo '<div class="col-md-12">'; echo '<div class="alert alert-danger flash-alert">'; echo '<a href="#" class="close" data-dismiss="alert">×</a>' . FlashMessage::flash($messageName); echo '</div><br />'; echo '</div>'; return true; } } return false; }
public function registerNewUser($user_group = 1) { if (empty($_POST['user_name'])) { $this->setErrorAndQuit('Username cannot be empty.'); } elseif (empty($_POST['user_password_new']) || empty($_POST['user_password_repeat'])) { $this->setErrorAndQuit('Password cannot be empty.'); } elseif ($_POST['user_password_new'] !== $_POST['user_password_repeat']) { $this->setErrorAndQuit('RegisterError', 'Passwords do not match.'); } elseif (!passwordPolicyMatch($_POST['user_password_new'])) { $this->setErrorAndQuit('Password does not match'); } elseif (strlen($_POST['user_name']) > 64 || strlen($_POST['user_name']) < 2) { $this->setErrorAndQuit('Password does not conform to the password policy.<br />' . passwordPolicyWritten()); } elseif (!preg_match('/^[a-zA-Z0-9]*[_.-]?[a-zA-Z0-9]*$/', $_POST['user_name'])) { $this->setErrorAndQuit('Username does not match the naming scheme. Only letters, numbers, underscores, and periods are allowed'); } elseif (empty($_POST['user_email'])) { $this->setErrorAndQuit('Email cannot be empty.'); } elseif (strlen($_POST['user_email']) > 64) { $this->setErrorAndQuit('Email cannot be longer than 64 characters.'); } elseif (!filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL)) { $this->setErrorAndQuit('Your email address is not in a valid email format.'); } elseif (!empty($_POST['user_name']) && strlen($_POST['user_name']) <= 64 && strlen($_POST['user_name']) >= 2 && preg_match('/^[a-zA-Z0-9]*[_.-]?[a-zA-Z0-9]*$/', $_POST['user_name']) && !empty($_POST['user_email']) && strlen($_POST['user_email']) <= 64 && filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL) && !empty($_POST['user_password_new']) && !empty($_POST['user_password_repeat']) && $_POST['user_password_new'] === $_POST['user_password_repeat']) { if ($this->db_connection = startPDOConnection()) { //Trim the whitespace $user_name = trim($_POST['user_name']); $user_fullname = trim($_POST['user_fullname']); $user_email = trim($_POST['user_email']); $user_password = $_POST['user_password_new']; $user_created = date('Y-m-d H:i:s'); $user_password_hash = password_hash($user_password, PASSWORD_DEFAULT); if (isset($_POST['account_type']) && $_POST['account_type'] == 'admin') { $account_type = 'admin'; } else { $account_type = 'clients'; } // Check if the user/email address is already taken or not if ($stmt = $this->db_connection->prepare('SELECT * FROM ' . $account_type . ' WHERE username=? OR email=?')) { if ($stmt->execute(array($user_name, $user_email))) { if ($stmt->rowCount() == 1) { $this->setErrorAndQuit('Sorry, that username or email address is already taken.'); } else { $stmt = null; // Prepare and bind the database to insert the administrator account if ($stmt = $this->db_connection->prepare('INSERT INTO ' . $account_type . ' (username, password, email, name, created) VALUES (?, ?, ?, ?, ?)')) { if ($stmt->execute(array($user_name, $user_password_hash, $user_email, $user_fullname, $user_created))) { FlashMessage::flash('RegisterSuccess', $user_name . ' has been created successfully.'); header('Location: /admin/newaccount.php'); exit; } else { $this->setErrorAndQuit('Sorry, your registration failed.<br />Please go back and try again.'); } } else { $this->setErrorAndQuit('Sorry, your registration failed.<br />Please go back and try again.'); } } } else { $this->setErrorAndQuit('There was a problem connecting to the database.<br />Please try again.'); } } else { $this->setErrorAndQuit('There was a problem connecting to the database.<br />Please try again.'); } } else { $this->setErrorAndQuit('There was a problem connecting to the database.<br />Please try again.'); } } else { $this->setErrorAndQuit('Sorry, your registration failed.<br />Please go back and try again.'); } }
public function setAdminPWFromPost() { if (isset($_POST['user_currentpassword'], $_POST['user_newpassword'], $_POST['user_repeatpassword'], $_SESSION['user_name'])) { if ($this->verifyAdminPW($_SESSION['user_name'], $_POST['user_currentpassword'])) { if ($_POST['user_newpassword'] == $_POST['user_repeatpassword']) { if (strlen($_POST['user_newpassword']) >= Config::get('security/passwordLength')) { if ($this->setAdminPW($_SESSION['user_name'], $_POST['user_newpassword'])) { FlashMessage::flash('ChangePWSuccess', 'Your password was changed successfully'); header('Location: /changepw.php'); exit; } else { $this->setErrorAndQuit('Your password could not be changed due to a database error. Please try again.'); } } else { $this->setErrorAndQuit('The new password must be ' . Config::get('security/passwordLength') . '+ characters long. Please try again.'); } } else { $this->setErrorAndQuit('The passwords you entered did not match. Please try again.'); } } else { $this->setErrorAndQuit('The password you entered was incorrect. Please try again.'); } } else { $this->setErrorAndQuit('The required fields were not filled in.'); } $this->setErrorAndQuit('Your password could not be changed.'); }
<?php require_once '../resources/core/init.php'; if (isset($_POST['InputSubmit'])) { require_once RESOURCE_DIR . 'functions/sendEmail.php'; // Send email if (isset($_POST['InputName'], $_POST['InputEmail'], $_POST['InputMessage'])) { $body = 'From: ' . sanitize($_POST['InputName']) . '<br />' . 'From Email: ' . sanitize($_POST['InputEmail']) . '<br />' . 'Message: ' . sanitize($_POST['InputMessage']); if (sendEmail($body)) { FlashMessage::flash('ContactSuccess', 'The email message was sent. You should hear a response within 24 hours.'); } else { FlashMessage::flash('ContactError', 'The email could not be sent. Please contact ' . sanitize(Config::get('email/to')) . ' directly.'); } header('Location: /contact.php'); exit; } } require_once RESOURCE_DIR . 'views/contact.php';
public function deleteHubFromPost() { if (isset($_POST['delete_hub'], $_POST['hub_name'])) { if ($this->deleteHub($_POST['hub_name'], $_SESSION['user_name'])) { FlashMessage::flash('ManageHubMessage', sanitize('The hub ' . $_POST['hub_name'] . ' was deleted')); header('Location: /client/manage.php'); exit; } } else { $this->setErrorAndQuit('The required fields were not provided'); } $this->setErrorAndQuit('The hub ' . $_POST['hub_name'] . ' could not be deleted'); }