public function Login()
{
try {
if (!empty($_POST['user']) and !empty($_POST['pass']) and !empty($_POST['session'])) {
$db = new Conexion();
$this->user = $db->real_escape_string($_POST['user']);
$this->pass = $db->real_escape_string($_POST['pass']);
//encriptar el login
$sql = $db->query("SELECT * FROM usuarios WHERE user = '******' AND pass = '******' ");
if ($db->rows($sql) > 0) {
$datos = $db->recorrer($sql);
$_SESSION['user'] = $datos['user'];
$_SESSION['email'] = $datos['email'];
$_SESSION['id'] = $datos['id'];
if ($_POST['session'] == true) {
ini_set('session.cookie.lifetime', time() + 60 * 60 * 24 * 2);
}
echo 1;
} else {
throw new Exception(2);
}
$db->liberar($sql);
$db->close();
} else {
throw new Exception('Error: Datos vacios.');
}
} catch (Exception $login) {
echo $login->getMessage();
}
}
public function Login()
{
try {
if (!empty($_POST['usuario']) and !empty($_POST['password']) and !empty($_POST['session'])) {
$db = new Conexion();
$this->usuario = $db->real_escape_string($_POST['usuario']);
$this->password = $db->real_escape_string($_POST['password']);
//$this->password = $this->Encript($_POST['password']);
$sql = $db->query("SELECT * FROM claves WHERE Nombre='{$this->usuario}' AND Clave='{$this->password}';");
if ($db->rows($sql) > 0) {
$datos = $db->recorrer($sql);
$id = $datos['Id'];
$_SESSION['id'] = $id;
$_SESSION['usuario'] = $datos['Nombre'];
$_SESSION['nivel'] = $datos['Nivel'];
$_SESSION['controlfases'] = $datos['ControlFases'];
$_SESSION['cuentaverexpedientes'] = $datos['CuentaVerExpedientes'];
$_SESSION['indemnizacion'] = $datos['Indemnizacion'];
$_SESSION['modificaraseguradora'] = $datos['Modaseguradora'];
$_SESSION['verfacturas'] = $datos['VerFacturas'];
$_SESSION['beneficio'] = $datos['beneficio'];
$_SESSION['facturas'] = $datos['facturas'];
$_SESSION['modificarsiniestro'] = $datos['modsiniestro'];
$_SESSION['tramitadores'] = $datos['tramitadores'];
$log = new Log("log", "./logs/");
$log->insert('Acceso al programa por el usuario ' . $_SESSION['usuario'], false, false, false);
if ($_POST['session'] == true) {
ini_set('session.cookie_lifetime', time() + 60 * 60 * 24 * 2);
}
echo 1;
} else {
$log = new Log("log", "./logs/");
$log->insert('Acceso no autorizado', false, false, false);
throw new Exception(2);
}
$db->liberar($sql);
$db->close();
} else {
throw new exception('Error: Datos vacios');
}
} catch (exception $login) {
echo $login->getMessage();
}
}
public function Registrar()
{
try {
if (!empty($_POST['user']) and !empty($_POST['pass']) and !empty('email')) {
$bd = new Conexion();
$this->user = $bd->real_escape_string($_POST['user']);
$this->email = $bd->real_escape_string($_POST['email']);
$this->pass = $this->Encrypt($_POST['pass']);
$sql = $bd->query("SELECT * FROM USUARIOS WHERE user='******' OR email = '{$this->email}';");
if ($bd->rows($sql) == 0) {
$online = time() + 60 * 5;
$sql2 = $bd->query("INSERT INTO usuarios(user, pass, email, online)\n VALUES ('{$this->user}','{$this->pass}','{$this->email}', '{$online}');");
$sql3 = $bd->query("SELECT MAX(id) AS id FROM USUARIOS;");
$id = $bd->recorrer($sql3);
$_SESSION['id'] = $id[0];
$_SESSION['user'] = $this->user;
$_SESSION['email'] = $this->email;
$_SESSION['fecha'] = '';
$_SESSION['nombre'] = '';
$_SESSION['apellido'] = '';
$_SESSION['cambio'] = 0;
$_SESSION['ext'] = 'jpg';
$_SESSION['online'] = $online;
echo 1;
$bd->liberar($sql2, $sql3);
} else {
$datos = $bd->recorrer($sql);
if (strtolower($this->user) == strtolower($datos['user'])) {
throw new Exception(2);
} else {
throw new Exception(3);
}
}
$bd->liberar($sql);
$bd->close();
} else {
throw new Exception('Error: Datos Vacios.');
}
} catch (Exception $reg) {
echo $reg->getMessage();
}
}
public function Registrar()
{
try {
if (!empty($_POST['user']) and !empty($_POST['pass']) and !empty($_POST['email'])) {
$db = new Conexion();
$this->user = $db->real_escape_string($_POST['user']);
$this->email = $db->real_escape_string($_POST['email']);
$this->pass = $this->Encrypt($_POST['pass']);
$sql = $db->query("SELECT * FROM users\n WHERE user='******' OR email='{$this->email}';");
if ($db->rows($sql) == 0) {
$sqlTwo = $db->query("INSERT INTO users (user, pass, email)\n VALUES ('{$this->user}', '{$this->pass}', '{$this->email}');");
$id = $db->insert_id;
$_SESSION['id'] = $id;
$_SESSION['user'] = $this->user;
$_SESSION['email'] = $this->email;
$_SESSION['first_name'] = '';
$_SESSION['last_name'] = '';
$_SESSION['date'] = '';
$_SESSION['changes'] = 0;
echo 1;
$db->liberar($sqlTwo);
} else {
$datos = $db->recorrer($sql);
if (strtolower($this->user) == strtolower($datos['user'])) {
throw new Exception(2);
} else {
throw new Exception(3);
}
}
$db->liberar($sql);
$db->close();
} else {
throw new Exception('ERROR: Datos vacios.');
}
} catch (Exception $e) {
echo $e->getMessage();
}
}
public function Login()
{
try {
if (!empty($_POST['user']) and !empty($_POST['pass']) and !empty($_POST['session'])) {
$db = new Conexion();
$this->user = $db->real_escape_string($_POST['user']);
$this->pass = MD5($_POST['pass']);
$sql = $db->query("SELECT * FROM user WHERE user='******' AND pass='******'");
if ($db->rows($sql) > 0) {
echo 1;
$nombre_sesion = "PHPSESSID";
$duracion_sesion = 2 * 7 * 24 * 60 * 60;
session_name($nombre_sesion);
$datos = $db->recorrer($sql);
$_SESSION['id'] = $datos['id'];
$_SESSION['user'] = ucwords($datos['user']);
$_SESSION['email'] = $datos['email'];
$_SESSION['datein'] = $datos['datein'];
$_SESSION['rol'] = $datos['rol'];
$_SESSION['session'] = $_POST['session'];
$_SESSION['estado'] = $datos['status'];
$_SESSION['status'] = $datos['status'];
$_SESSION['file'] = $datos['file'];
if ($_POST['session'] == true) {
ini_set("session.use_cookies", 1);
ini_set("session.use_only_cookies", 1);
ini_set("session.cookie_lifetime", $duracion_sesion);
ini_set('session.gc_maxlifetime', $duracion_sesion);
session_cache_expire($duracion_sesion);
session_set_cookie_params($duracion_sesion);
}
} else {
throw new Exception(2);
}
$db->liberar($sql);
$db->close();
} else {
throw new Exception("Error Procesando lo requerido");
}
} catch (Exception $e) {
echo $e->getMessage();
}
}
public function Nuevo()
{
try {
/*
* Errores cuando no pasa
* 2 - precio
* 3 - nif
* 4 - fechanacimiento
* 5 - fechaalta
* 6 - email
* 7 - iban
*
*
*/
if (!empty($_POST['nombre']) and !empty($_POST['apellido1']) and !empty($_POST['apellido2']) and !empty($_POST['agente']) and !empty($_POST['nif']) and !empty($_POST['direccion']) and !empty($_POST['codigopostal']) and !empty($_POST['localidad']) and !empty($_POST['provincia']) and !empty($_POST['fechanacimiento']) and !empty($_POST['fechaalta']) and !empty($_POST['telefono1'])) {
$db = new Conexion();
$this->nombre = $db->real_escape_string($_POST['nombre']);
$this->apellido1 = $db->real_escape_string($_POST['apellido1']);
$this->apellido2 = $db->real_escape_string($_POST['apellido2']);
$this->agente = $db->real_escape_string($_POST['agente']);
$this->colectivo = $db->real_escape_string($_POST['colectivo']);
$this->precio = $db->real_escape_string($_POST['precio']);
$this->descuento = $db->real_escape_string($_POST['descuento']);
$this->nif = $db->real_escape_string($_POST['nif']);
$this->direccion = $db->real_escape_string($_POST['direccion']);
$this->codigopostal = $db->real_escape_string($_POST['codigopostal']);
$this->localidad = $db->real_escape_string($_POST['localidad']);
$this->provincia = $db->real_escape_string($_POST['provincia']);
$this->fechanacimiento = $db->real_escape_string($_POST['fechanacimiento']);
$this->fechaalta = $db->real_escape_string($_POST['fechaalta']);
$this->telefono1 = $db->real_escape_string($_POST['telefono1']);
$this->telefono2 = $db->real_escape_string($_POST['telefono2']);
$this->telefono3 = $db->real_escape_string($_POST['telefono3']);
$this->email = $db->real_escape_string($_POST['email']);
$this->iban = $db->real_escape_string($_POST['iban']);
$this->notas = $db->real_escape_string($_POST['notas']);
//Control de error:Comprueba que precio sea numerico
if (is_numeric($this->precio) == False) {
echo 2;
}
//Control de error:Comprueba que el nif sea válido
if ($this->check_nif_cif_nie($this->nif) < 0) {
echo 3;
echo $this->check_nif_cif_nie($this->nif);
}
//control de error:Comprueba que la fecha de nacimiento sea valida
if (!empty($this->fechanacimiento)) {
$explode = explode('-', $this->fecha);
if (!($explode[0] >= 1 and $explode[0] <= 31 or $explode[1] >= 1 and $explode[1] <= 12 or $explode[2] >= 1900 and $explode[2] <= 3000)) {
//año
echo 4;
exit;
}
}
unset($explode);
//control de error:Comprueba que la fecha de alta sea valida
if (!empty($this->fechaalta)) {
$explode = explode('-', $this->fecha);
if (!($explode[0] >= 1 and $explode[0] <= 31 or $explode[1] >= 1 and $explode[1] <= 12 or $explode[2] >= 1900 and $explode[2] <= 3000)) {
//año
echo 5;
exit;
}
}
unset($explode);
//Control de error:Comprueba que el email sea valida
if (!empty($this->email)) {
if (filter_var($this->email, FILTER_VALIDATE_EMAIL)) {
echo 6;
exit;
}
}
//Control de error:Comprueba que el iban sea valido
if (!empty($iban)) {
if ($this->comprobar_iban($iban) == false) {
echo 7;
}
}
$sql = $db->query("SELECT * FROM users WHERE user='******' OR email='{$this->email}';");
if ($db->rows($sql) == 0) {
echo 1;
} else {
throw new Exception(2);
}
$db->liberar($sql);
$db->close();
} else {
throw new exception('Error: Datos vacios.');
}
} catch (exception $login) {
echo $login->getMessage();
}
}
<?php
if (isset($_GET['key'], $_SESSION['app_id'])) {
$db = new Conexion();
$id = $_SESSION['app_id'];
$key = $db->real_escape_string($_GET['key']);
$sql = $db->query("SELECT id FROM users WHERE id='{$id}' AND keyreg='{$key}' LIMIT 1;");
if ($db->rows($sql) > 0) {
$db->query("UPDATE users SET activo='1', keyreg='' WHERE id='{$id}';");
header('location: ?view=index&success=true');
} else {
header('location: ?view=index&error=true');
}
$db->liberar($sql);
$db->close();
} else {
include 'html/public/logearte.php';
}
<?php
$db = new Conexion();
$pass = Encrypt($_POST['pass']);
$user = $db->real_escape_string($_POST['user']);
$email = $db->real_escape_string($_POST['email']);
$sql = $db->query("SELECT user FROM users WHERE user='******' OR email='{$email}' LIMIT 1;");
if ($db->rows($sql) == 0) {
$keyreg = md5(time());
$link = APP_URL . '?view=activar&key=' . $keyreg;
$mail = new PHPMailer();
$mail->CharSet = "UTF-8";
$mail->Encoding = "quoted-printable";
$mail->isSMTP();
// Set mailer to use SMTP
$mail->Host = PHPMAILER_HOST;
// Specify main and backup SMTP servers
$mail->SMTPAuth = true;
// Enable SMTP authentication
$mail->Username = PHPMAILER_USER;
// SMTP username
$mail->Password = PHPMAILER_PASS;
// SMTP password
$mail->SMTPSecure = 'ssl';
// Enable TLS encryption, `ssl` also accepted
$mail->SMTPOptions = array('ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true));
$mail->Port = PHPMAILER_PORT;
// TCP port to connect to
$mail->setFrom(PHPMAILER_USER, APP_TITLE);
//Quien manda el correo?
$mail->addAddress($email, $user);
<?php
if (!empty($_POST['user']) and !empty($_POST['pass'])) {
$db = new Conexion();
$data = $db->real_escape_string($_POST['user']);
$pass = Encrypt($_POST['pass']);
$sql = $db->query("SELECT id FROM users WHERE (user='******' OR email='{$data}') AND pass='******' LIMIT 1;");
if ($db->rows($sql) > 0) {
if ($_POST['sesion']) {
ini_set('session.cookie_lifetime', time() + 60 * 60 * 24);
}
$_SESSION['app_id'] = $db->recorrer($sql)[0];
$_SESSION['time_online'] = time() - 60 * 6;
echo 1;
} else {
echo '<div class="alert alert-dismissible alert-danger">
<button type="button" class="close" data-dismiss="alert">x</button>
<strong>ERROR:</strong> Las credenciales son incorrectas.
</div>';
}
$db->liberar($sql);
$db->close();
} else {
echo '<div class="alert alert-dismissible alert-danger">
<button type="button" class="close" data-dismiss="alert">x</button>
<strong>ERROR:</strong> Todos los datos deben estar llenos.
</div>';
}
public function EditUser()
{
if (!empty($_POST['user']) and !empty($_POST['email'])) {
$bd = new Conexion();
$this->user = $bd->real_escape_string($_POST['user']);
$this->email = $bd->real_escape_string($_POST['email']);
$this->id = $_SESSION['id'];
// Control de error para el usuario
if (strtolower($this->user) != strtolower($_SESSION['user'])) {
$time = time();
$sql = $bd->query("SELECT id FROM Usuarios WHERE cambio > {$time} AND id='{$this->id}';");
$sql2 = $bd->query("SELECT user, email FROM Usuarios WHERE user='******' AND id <> '{$this->id}';");
// error para cambio de usuraio
if ($bd->rows($sql) > 0) {
$bd->liberar($sql, $sql2);
$bd->close();
header('location:?view=cuenta&error=5');
exit;
}
if ($bd->rows($sql2) > 0) {
$bd->liberar($sql, $sql2);
$bd->close();
header('location:?view=cuenta&error=2');
exit;
}
$c_cambio = 1;
}
//Control de erroro para el email
if (strtolower($email) != strtolower($_SESSION['email'])) {
$sql = $bd->query("SELECT email FROM Usuarios WHERE email='{$email}' AND id <> {$this->id};");
// Error para cambio de email
if ($bd->rows($sql) > 0) {
$bd->liberar($sql);
$bd->close();
header('location:?view=cuenta&error=3');
exit;
}
}
// Control pra al this->fecha
$this->fecha = $bd->real_escape_string($_POST['fecha']);
if (!empty($this->fecha)) {
$this->fecha = $bd->real_escape_string($_POST['fecha']);
$explode = explode('-', $this->fecha);
if (!($explode[0] >= 1 and $explode[0] <= 31) or !($explode[1] >= 1 and $explode[1] <= 12) or !($explode[2] >= 1900 and $explode[2] <= 3000)) {
header('location:?view=cuenta&error=4');
exit;
}
}
// Control de imagenes {Avatar}
if ($_FILES['foto']['name'] != "") {
$ext = end(explode('.', $_FILES['foto']['name']));
$extenciones = array('jpg', 'png', 'gif', 'jpeg', 'JPG', 'PNG', 'GIF', 'JPEG');
// Control de error de vatar
if (!in_array($ext, $extenciones)) {
header('location:?view=cuenta&error=6');
exit;
}
$ruta = 'uploads/avatar/' . $this->id . '.' . $_SESSION['ext'];
if (file_exists($ruta)) {
unlink($ruta);
}
$ruta = 'uploads/avatar/' . $this->id . '.' . $ext;
move_uploaded_file($_FILES['foto']['tmp_name'], $ruta);
$_SESSION['ext'] = $ext;
}
if (isset($c_cambio)) {
$tiempo_cambio = time() + 60 * 60 * 24 * 31;
} else {
$tiempo_cambio = $_SESSION['cambio'];
}
$this->nombres = $bd->real_escape_string($_POST['names']);
$this->apellidos = $bd->real_escape_string($_POST['lastnames']);
$_SESSION['user'] = $this->user;
$_SESSION['email'] = $this->email;
$_SESSION['fecha'] = $this->fecha;
$_SESSION['nombre'] = $this->nombres;
$_SESSION['apellidos'] = $this->apellidos;
$_SESSION['cambio'] = $tiempo_cambio;
$ext = $_SESSION['ext'];
$update = $bd->query("UPDATE Usuarios SET user='******', email='{$this->email}', nombre='{$this->nombres}', apellido='{$this->apellidos}', fecha='{$this->fecha}', \n \tcambio='{$tiempo_cambio}', ext='{$ext}' WHERE id='{$this->id}';");
$bd->liberar($update);
$bd->close();
header('location: ?view=cuenta&success=1');
} else {
header('location:?view=cuenta&error=1');
}
}
<?php
$db = new Conexion();
$email = $db->real_escape_string($_POST['email']);
$sql = $db->query("SELECT id,user FROM users WHERE email='{$email}' LIMIT 1;");
if ($db->rows($sql) > 0) {
$data = $db->recorrer($sql);
$id = $data[0];
$user = $data[1];
$keypass = md5(time());
$new_pass = strtoupper(substr(sha1(time()), 0, 8));
$link = APP_URL . '?view=lostpass&key=' . $keypass;
$mail = new PHPMailer();
$mail->CharSet = "UTF-8";
$mail->Encoding = "quoted-printable";
$mail->isSMTP();
// Set mailer to use SMTP
$mail->Host = PHPMAILER_HOST;
// Specify main and backup SMTP servers
$mail->SMTPAuth = true;
// Enable SMTP authentication
$mail->Username = PHPMAILER_USER;
// SMTP username
$mail->Password = PHPMAILER_PASS;
// SMTP password
$mail->SMTPSecure = 'ssl';
// Enable TLS encryption, `ssl` also accepted
$mail->Port = PHPMAILER_PORT;
// TCP port to connect to
$mail->setFrom(PHPMAILER_USER, APP_TITLE);
//Quien manda el correo?
<?php
if (!empty($_POST['user']) and !empty($_POST['email'])) {
$db = new Conexion();
$this->user = $db->real_escape_string($_POST['user']);
$this->email = $db->real_escape_string($_POST['email']);
$this->id = $_SESSION['id'];
if (strtolower($this->user) != strtolower($_SESSION['user'])) {
$time = time();
$sql = $db->query("SELECT cambio FROM users WHERE cambio <= '{$time}' AND cambio <> '0' AND id='{$this->id}';");
$sql2 = $db->query("SELECT user FROM users WHERE user='******' AND id<>'{$this->id}';");
if ($db->rows($sql) > 0) {
if ($_SESSION['cambio'] <= time()) {
$db->liberar($sql, $sql2);
$db->close();
header('location: ?view=cuenta&error=5');
exit;
}
}
if ($db->rows($sql2) > 0) {
$db->liberar($sql, $sql2);
$db->close();
header('location: ?view=cuenta&error=2');
exit;
}
$c_cambio = 1;
}
if (strtolower($this->email) != strtolower($_SESSION['email'])) {
$sql = $db->query("SELECT email FROM users WHERE email='{$this->email}' AND id<>'{$this->id}';");
if ($db->rows($sql) > 0) {
$db->liberar($sql);
<?php
$db = new Conexion();
$firstname = $db->real_escape_string($_POST['first_name']);
$lastname = $db->real_escape_string($_POST['last_name']);
$email = $db->real_escape_string($_POST['email']);
$pass = Encrypt($_POST['password']);
$genero = $db->real_escape_string($_POST['genero']);
$sql = $db->query("SELECT id_user FROM user WHERE email = '{$email}' LIMIT 1;");
if ($db->rows($sql) == 0) {
$fecha_reg = date('d/m/Y (H:i:s)', time());
$db->query("INSERT INTO user (names, last_names, email, password, gender, permisos, fecha_reg) VALUES ('{$firstname}', '{$lastname}', '{$email}', '{$pass}', '{$genero}', 2, '{$fecha_reg}');");
$sql_2 = $db->query("SELECT MAX(id_user) AS id_user FROM user;");
$_SESSION['app_id'] = $db->recorrer($sql_2)[0];
$db->liberar($sql_2);
echo 1;
} else {
echo '<div class="alert alert-danger">
<strong> ERROR:</strong> El email ya existe en la base de datos!
</div>';
}
$db->liberar($sql);
$db->close();
