/** * function to create a 3mik user. we populate following tables * sc_login * sc_user * sc_denorm_user (via a trigger) * */ static function create($provider, $userName, $firstName, $lastName, $email, $password, $remoteIp) { $dbh = NULL; try { //canonical form of email $email = strtolower(trim($email)); $password = trim($password); $sql1 = "insert into sc_login (provider,name,ip_address,created_on) "; $sql1 .= " values(:provider,:name, :ip_address,now()) "; $dbh = PDOWrapper::getHandle(); //Tx start $dbh->beginTransaction(); $stmt = $dbh->prepare($sql1); $stmt->bindParam(":name", $userName); $stmt->bindParam(":provider", $provider); $stmt->bindParam(":ip_address", $remoteIp); $stmt->execute(); $stmt = NULL; $loginId = $dbh->lastInsertId(); settype($loginId, "integer"); //@throws DBException \com\indigloo\auth\User::create('sc_user', $firstName, $lastName, $userName, $email, $password, $loginId, $remoteIp); //Tx end $dbh->commit(); $dbh = null; } catch (\PDOException $e) { $dbh->rollBack(); $dbh = null; throw new DBException($e->getMessage(), $e->getCode()); } catch (\Exception $ex) { $dbh->rollBack(); $dbh = null; $message = $ex->getMessage(); throw new DBException($message); } }
$fhandler->addError($message); $error = "Possible spam bot submission from IP :: " . $_SERVER["REMOTE_ADDR"]; Logger::getInstance()->info($error); } if ($fhandler->hasErrors()) { throw new UIException($fhandler->getErrors()); } //create a new login + user $loginDao = new \com\indigloo\sc\dao\Login(); $loginDao->create($fvalues['first_name'], $fvalues['last_name'], $fvalues['email'], $fvalues['password']); //canonical email - all lower case $email = strtolower(trim($fvalues['email'])); $password = trim($fvalues['password']); $loginId = NULL; try { $loginId = \com\indigloo\auth\User::login('sc_user', $email, $password); } catch (\Exception $ex) { $code = $ex->getCode(); switch ($code) { case 401: $message = "Wrong login or password. Please try again!"; throw new UIException(array($message)); break; default: $message = "Error during login. Please try after some time!"; throw new UIException(array($message)); } } //success - update login record // start 3mik session $remoteIp = \com\indigloo\Url::getRemoteIp();
<?php include 'sc-app.inc'; include APP_CLASS_LOADER; use com\indigloo\sc\util\PseudoId; if ($argc < 3) { printf("Usage : {$php} change.php <pseudo_id> <password> \n"); exit; } $pseudoId = $argv[1]; $pseudoId = trim($pseudoId); $password = $argv[2]; $loginId = PseudoId::decode($pseudoId); //get email lookup on loginId $userDao = new \com\indigloo\sc\dao\User(); $row = $userDao->getOnLoginId($loginId); $email = $row["email"]; printf("change for login_id = %s, email = %s \n ", $loginId, $email); $data = \com\indigloo\auth\User::changePassword("sc_user", $loginId, $email, $password);
$qUrl = base64_decode($fvalues['qUrl']); if ($fhandler->hasErrors()) { throw new UIException($fhandler->getErrors()); } //form token $session_token = $gWeb->find("change.password.token", true); if ($fvalues['ftoken'] != $session_token) { $message = "form token does not match the value stored in session"; throw new UIException(array($message)); } //decrypt email $email = $gWeb->find("change.password.email", true); $email = Util::decrypt($email); $userDao = new \com\indigloo\sc\dao\User(); //@test with email that can cause issues with encoding! $userDBRow = $userDao->getOnEmail($email); //send raw password $email = strtolower(trim($email)); $password = trim($_POST['password']); WebglooUser::changePassword('sc_user', $userDBRow['login_id'], $email, $password); //success $gWeb->store(Constants::FORM_MESSAGES, array("password changed successfully!")); header("Location: " . $qUrl); exit(1); } catch (UIException $ex) { $gWeb->store(Constants::STICKY_MAP, $fvalues); $gWeb->store(Constants::FORM_ERRORS, $ex->getMessages()); header("Location: " . $fUrl); exit(1); } }