コード例 #1
0
function forgot_password_form()
{
    global $_GET, $LANG;
    $form = '<div class="forgot_password other_form">';
    if (isset($_GET['uid']) && isset($_GET['session']) && \user\mail_sessions::check('password_recovery', array('user' => $_GET['uid'], 'session' => $_GET['session']))) {
        /* RESET PASSWORD FORM */
        if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password']) && \site\utils::check_csrf($_POST['forgot_password']['csrf'], 'forgot_password_csrf')) {
            $pd = \site\utils::validate_user_data($_POST['forgot_password']);
            try {
                \user\main::reset_password($_GET['uid'], $pd);
                $form .= '<div class="success">' . $LANG['reset_pwd_success'] . '</div>';
                \user\mail_sessions::clear('password_recovery', array('user' => $_GET['uid']));
            } catch (Exception $e) {
                $form .= '<div class="error">' . $e->getMessage() . '</div>';
            }
        }
        $csrf = $_SESSION['forgot_password_csrf'] = \site\utils::str_random(12);
        $form .= '<form method="POST" action="#">
  <div class="form_field"><label for="forgot_password[email]">' . $LANG['change_pwd_form_new'] . ':</label> <div><input type="password" name="forgot_password[password1]" id="forgot_password[password1]" value="" required /></div></div>
  <div class="form_field"><label for="forgot_password[email]">' . $LANG['change_pwd_form_new2'] . ':</label> <div><input type="password" name="forgot_password[password2]" id="forgot_password[password2]" value="" required /></div></div>
  <input type="hidden" name="forgot_password[csrf]" value="' . $csrf . '" />
  <button>' . $LANG['reset_pwd_button'] . '</button>
  </form>';
    } else {
        /* SEND A SESSION TO HIS EMAIL ADDRESS FORM */
        if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password']) && \site\utils::check_csrf($_POST['forgot_password']['csrf'], 'forgot_password_csrf')) {
            $pd = \site\utils::validate_user_data($_POST['forgot_password']);
            try {
                \user\main::recovery_password($_POST['forgot_password']);
                $form .= '<div class="success">' . $LANG['fp_success'] . '</div>';
            } catch (Exception $e) {
                $form .= '<div class="error">' . $e->getMessage() . '</div>';
            }
        }
        $csrf = $_SESSION['forgot_password_csrf'] = \site\utils::str_random(12);
        $form .= '<form method="POST" action="#">
  <div class="form_field"><label for="forgot_password[email]">' . $LANG['form_email'] . ':</label> <div><input type="email" name="forgot_password[email]" id="forgot_password[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" required /></div></div>
  <input type="hidden" name="forgot_password[csrf]" value="' . $csrf . '" />
  <button>' . $LANG['recovery'] . '</button>
  </form>';
    }
    $form .= '</div>';
    return $form;
}
コード例 #2
0
ファイル: verify.php プロジェクト: hzhou9/coupon_deal
      <section class="msg">
      <h2>' . $LANG['usubscr_title'] . '</h2>
      ' . sprintf($LANG['usubscr_body'], '<span id="seconds">5</span>') . ' <br /><br />
      <a href="index.php">' . $LANG['verify_clickhere'] . '</a>
      </section>
  </body>
  </html>';
            die;
        } else {
            if (isset($_GET['user']) && isset($_GET['token']) && \user\mail_sessions::check('confirmation', array('user' => (int) $_GET['user'], 'session' => $_GET['token']))) {
                $stmt = $db->stmt_init();
                $stmt->prepare("UPDATE " . DB_TABLE_PREFIX . "users SET valid = 1 WHERE id = ?");
                $stmt->bind_param("i", $_GET['user']);
                $stmt->execute();
                @$stmt->close();
                \user\mail_sessions::clear('confirmation', array('user' => (int) $_GET['user']));
                // check if user has been refered
                $uinfo = \query\main::user_infos($_GET['user']);
                if (!empty($uinfo->refid)) {
                    \user\update::add_points($uinfo->refid, \query\main::get_option('u_points_refer'));
                }
                echo '<!DOCTYPE html>

  <html>
      <head>

        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
        <meta name="robots" content="noindex, nofollow">
        <meta http-equiv="Refresh" content="5; url=index.php" />
コード例 #3
0
ファイル: admin.php プロジェクト: hzhou9/coupon_deal
 public static function add_user($opt = array())
 {
     global $db, $LANG;
     if (!ab_to(array('users' => 'add'))) {
         return false;
     }
     $opt = \site\utils::array_map_recursive('trim', $opt);
     if (empty($opt['name']) || empty($opt['email']) || empty($opt['password'])) {
         return false;
     }
     $stmt = $db->stmt_init();
     $stmt->prepare("INSERT INTO " . DB_TABLE_PREFIX . "users (name, email, password, avatar, points, credits, privileges, erole, subscriber, valid, date) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())");
     $avatar = \site\images::upload(@$_FILES['logo'], 'avatar_', array('path' => DIR . '/', 'max_size' => 1024, 'max_width' => 500, 'max_height' => 600, 'current' => ''));
     $password = md5($opt['password']);
     $stmt->bind_param("ssssiiisii", $opt['name'], $opt['email'], $password, $avatar, $opt['points'], $opt['credits'], $opt['privileges'], @serialize($opt['erole']), $opt['subscriber'], $opt['confirm']);
     if ($stmt->execute()) {
         if (!$opt['confirm']) {
             $stmt->prepare("SELECT id FROM " . DB_TABLE_PREFIX . "users WHERE email = ?");
             $stmt->bind_param("s", $opt['email']);
             $stmt->execute();
             $stmt->bind_result($id);
             $stmt->fetch();
             $stmt->close();
             $cofirm_session = md5(\site\utils::str_random(15));
             if (\user\mail_sessions::insert('confirmation', array('user' => $id, 'session' => $cofirm_session))) {
                 \site\mail::send($opt['email'], $LANG['email_acc_title'] . ' - ' . \query\main::get_option('sitename'), array('template' => 'account_confirmation', 'path' => '../'), array('hello_name' => sprintf($LANG['email_text_hello'], $opt['name']), 'confirmation_main_text' => $LANG['email_acc_maintext'], 'confirmation_button' => $LANG['email_acc_button'], 'link' => \site\utils::update_uri($GLOBALS['siteURL'] . 'verify.php', array('user' => $id, 'token' => $cofirm_session))));
             }
         }
         return true;
     }
     $stmt->close();
     return false;
 }
コード例 #4
0
<div class="password_recovery">

<div class="wrapper">

<?php 
$form = '';
if (isset($_GET['uid']) && isset($_GET['session']) && \user\mail_sessions::check('password_recovery', array('user' => $_GET['uid'], 'session' => $_GET['session']))) {
    if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password_form']) && isset($_POST['forgot_password_form']['csrf']) && isset($_SESSION['csrf']['forgot_password']) && $_POST['forgot_password_form']['csrf'] == $_SESSION['csrf']['forgot_password']) {
        $pd = \site\utils::validate_user_data($_POST['forgot_password_form']);
        try {
            \user\main::reset_password($_GET['uid'], $pd);
            $form .= '<div class="success">' . $LANG['reset_pwd_success'] . '</div>';
            \user\mail_sessions::clear('password_recovery', array('user' => $_GET['uid']));
        } catch (Exception $e) {
            $form .= '<div class="error">' . $e->getMessage() . '</div>';
        }
    }
    $csrf = $_SESSION['csrf']['forgot_password'] = \site\utils::str_random(12);
    $form .= '<form action="#" method="POST">
<input type="password" name="forgot_password_form[password1]" value="' . (isset($pd['password1']) ? $pd['password1'] : '') . '" placeholder="' . $LANG['change_pwd_form_new'] . '" required />
<input type="password" name="forgot_password_form[password2]" value="' . (isset($pd['password2']) ? $pd['password2'] : '') . '" placeholder="' . $LANG['change_pwd_form_new2'] . '" required />
<button>' . $LANG['reset_pwd_button'] . '</button>
<input type="hidden" name="forgot_password_form[csrf]" value="' . $csrf . '" />
</form>';
} else {
    if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password_form']) && isset($_POST['forgot_password_form']['csrf']) && isset($_SESSION['csrf']['forgot_password']) && $_POST['forgot_password_form']['csrf'] == $_SESSION['csrf']['forgot_password']) {
        $pd = \site\utils::validate_user_data($_POST['forgot_password_form']);
        try {
            \user\main::recovery_password($_POST['forgot_password_form'], '../', 1);
            $form .= '<div class="success">' . $LANG['fp_success'] . '</div>';
        } catch (Exception $e) {
コード例 #5
0
ファイル: main.php プロジェクト: hzhou9/coupon_deal
 public static function unsubscribe($post)
 {
     global $db, $LANG;
     $post = array_map('trim', $post);
     if (!isset($post['email']) || !filter_var($post['email'], FILTER_VALIDATE_EMAIL)) {
         throw new \Exception($LANG['newsletter_usevalide']);
     } else {
         $stmt = $db->stmt_init();
         $stmt->prepare("SELECT COUNT(*) FROM " . DB_TABLE_PREFIX . "newsletter WHERE email = ?");
         $stmt->bind_param("s", $post['email']);
         $stmt->bind_result($count);
         $stmt->execute();
         $stmt->fetch();
         $stmt->close();
         if ($count == 0) {
             throw new \Exception($LANG['uunsubscr_notsubscr']);
         }
         if (\query\main::get_option('unsubscr_confirm_req')) {
             $session = md5(\site\utils::str_random(15));
             if (\user\mail_sessions::insert('unsubscription', array('email' => $post['email'], 'session' => $session)) && \site\mail::send($post['email'], $LANG['email_unsub_title'] . ' - ' . \query\main::get_option('sitename'), array('template' => 'confirm_unsubscription'), array('confirmation_main_text' => $LANG['email_unsub_maintext'], 'confirmation_button' => $LANG['email_unsub_button'], 'link' => \site\utils::update_uri($GLOBALS['siteURL'] . 'verify.php', array('action' => 'unsubscribe2', 'email' => $post['email'], 'token' => $session))))) {
                 return 1;
             } else {
                 throw new \Exception($LANG['msg_error']);
             }
         } else {
             // auto-unsubscribe
             $stmt = $db->stmt_init();
             $stmt->prepare("DELETE FROM " . DB_TABLE_PREFIX . "newsletter WHERE email = ?");
             $stmt->bind_param("s", $post['email']);
             $execute = $stmt->execute();
             $stmt->close();
             if ($execute) {
                 return 2;
             } else {
                 throw new \Exception($LANG['msg_error']);
             }
         }
     }
 }