private function process() { if (!empty($this->error)) { return false; } // Ticked the 'delete user' box? if (!empty($this->options['delete'])) { $params = array(':id' => $this->id); $sql = array(); $sql[] = "DELETE FROM login_users WHERE user_id = :id;"; $sql[] = "DELETE FROM login_integration WHERE user_id = :id;"; $sql[] = "DELETE FROM login_profiles WHERE user_id = :id;"; $sql[] = "DELETE FROM login_timestamps WHERE user_id = :id;"; foreach ($sql as $do) { parent::query($do, $params); } $result = sprintf("<div class='alert alert-success'>" . _('User removed from the database:') . " <b>%s</b> (%s).</div>", $this->options['name'], $this->options['username']); parent::displayMessage($result); } if (!empty($this->options['password'])) { $params = array(':restrict' => $this->options['restricted'], ':name' => $this->options['name'], ':email' => $this->options['email'], ':level' => $this->options['user_level'], ':password' => parent::hashPassword($this->options['password']), ':id' => $this->id); $sql = "UPDATE `login_users` SET `restricted` = :restrict, `name` = :name, `email` = :email, `user_level` = :level, `password` = :password WHERE `user_id` = :id;"; parent::query($sql, $params); $result = sprintf("<div class='alert alert-success'>" . _('User information (and password) updated for') . " <b>%s</b> (%s).</div>", $this->options['name'], $this->options['username']); } else { $params = array(':restrict' => $this->options['restricted'], ':name' => $this->options['name'], ':email' => $this->options['email'], ':level' => $this->options['user_level'], ':id' => $this->id); $format = array('%d', '%s', '%s', '%s', '%d'); $sql = "UPDATE `login_users` SET `restricted` = :restrict, `name` = :name, `email` = :email, `user_level` = :level WHERE `user_id` = :id;"; parent::query($sql, $params, $format); $result = sprintf("<div class='alert alert-success'>" . _('User information updated for') . " <b>%s</b> (%s).</div>", $this->options['name'], $this->options['username']); } // Checkbox handling $sql = "SELECT * FROM `login_profile_fields`;"; $stmt = parent::query($sql); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $name = 'p-' . $row['id']; if ($row['type'] == 'checkbox') { $this->options[$name] = !empty($this->options[$name]) ? 1 : 0; } } // Update profile fields foreach ($this->options as $field => $value) { if (strstr($field, 'p-')) { $field = str_replace('p-', '', $field); parent::updateOption($field, $value, true, $this->options['user_id']); } } /* Time to send our welcome email! */ if (!empty($this->sendWelcome)) { $msg = parent::getOption('email-welcome-msg'); $subj = parent::getOption('email-welcome-subj'); $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->options['name'], 'username' => $this->options['username'], 'email' => $this->options['email']); if (!parent::sendEmail($shortcodes['email'], $subj, $msg, $shortcodes)) { $this->error = _('ERROR. Mail not sent'); } } return $result; }
private function register() { if (empty($this->error)) { /* See if the admin requires new users to activate */ $requireActivate = parent::getOption('user-activation-enable'); /* Log user in when they register */ $_SESSION['jigowatt']['username'] = $this->settings[$this->username_type]; /* Apply default user_level */ $_SESSION['jigowatt']['user_level'] = unserialize(parent::getOption('default-level')); if ($requireActivate) { $_SESSION['jigowatt']['activate'] = 1; } $_SESSION['jigowatt']['gravatar'] = parent::get_gravatar($this->settings['email'], true, 26); /* Create their account */ $sql = "INSERT INTO accounts (user_level, name, email, username, password)\n\t\t\t\t\t\tVALUES (:user_level, :name, :email, :{$this->username_type}, :password);"; $params = array(':user_level' => parent::getOption('default-level'), ':name' => $this->settings['name'], ':email' => $this->settings['email'], ':username' => $this->settings['username'], ':password' => parent::hashPassword($this->settings['password'])); if ($this->use_emails) { unset($params[':username']); } parent::query($sql, $params); $user_id = parent::$dbh->lastInsertId(); $_SESSION['jigowatt']['user_id'] = $user_id; /* Social integration. */ if (!empty($_SESSION['jigowatt']['facebookMisc'])) { $link = 'facebook'; $id = $_SESSION['jigowatt']['facebookMisc']['id']; } if (!empty($_SESSION['jigowatt']['openIDMisc'])) { $link = $_SESSION['jigowatt']['openIDMisc']['type']; $id = $_SESSION['jigowatt']['openIDMisc'][$link]; } if (!empty($_SESSION['jigowatt']['twitterMisc'])) { $link = 'twitter'; $id = $_SESSION['jigowatt']['twitterMisc']['id']; } if (!empty($link)) { $params = array(':user_id' => $user_id, ':id' => $id); parent::query("INSERT INTO `login_integration` (`user_id`, `{$link}`) VALUES (:user_id, :id);", $params); } // Update profile fields foreach ($this->settings as $field => $value) { if (strstr($field, 'p-')) { $field = str_replace('p-', '', $field); parent::updateOption($field, $value, true, $user_id); } } /* Create the activation key */ if ($requireActivate) { $key = md5(uniqid(mt_rand(), true)); $sql = sprintf("INSERT INTO `login_confirm` (`username`, `key`, `email`, `type`)\n\t\t\t\t\t\t\t\tVALUES ('%s', '%s', '%s', '%s');", $this->settings[$this->username_type], $key, $this->settings['email'], 'new_user'); parent::query($sql); } $disable_welcome_email = parent::getOption('email-welcome-disable'); if (!$disable_welcome_email) { /* Send welcome email to new user. */ $msg = parent::getOption('email-welcome-msg'); $subj = parent::getOption('email-welcome-subj'); $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->settings['name'], 'username' => $this->settings[$this->username_type], 'email' => $this->settings['email'], 'activate' => $requireActivate ? SITE_PATH . "activate.php?key={$key}" : ''); if (!parent::sendEmail($this->settings['email'], $subj, $msg, $shortcodes)) { $this->error = _('ERROR. Mail not sent'); } } /* Admin notification of new user. */ $notifyNewUsers = parent::getOption('notify-new-user-enable'); if (!empty($notifyNewUsers)) { $msg = parent::getOption('email-new-user-msg'); $subj = parent::getOption('email-new-user-subj'); unset($shortcodes['activate']); $userGroup = parent::getOption('notify-new-users'); if (!empty($userGroup)) { $userGroup = unserialize($userGroup); /* Variable to store all the email addresses of each chosen group. */ $emails = array(); foreach ($userGroup as $level_id) { /* Grab all users within the user group. */ $params = array(':level_id' => '%:"' . $level_id . '";%'); $sql = "SELECT * FROM `accounts` WHERE `user_level` LIKE :level_id"; $stmt = parent::query($sql, $params); /* Send email to each user in group. */ while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $emails[] = $row['email']; } } /* Remove duplicates for users with multiple user groups. */ $emails = array_unique($emails); if (!parent::sendEmail($emails, $subj, $msg, $shortcodes, true)) { $this->error = _('ERROR. Mail not sent'); } } } unset($_SESSION['jigowatt']['referer'], $_SESSION['jigowatt']['token'], $_SESSION['jigowatt']['facebookMisc'], $_SESSION['jigowatt']['twitterMisc'], $_SESSION['jigowatt']['openIDMisc']); /* After registering, redirect to the page the admin has set in Settings > General > Redirect Options. */ header('Location: ' . parent::getOption('new-user-redirect')); exit; } }
private function process() { $params = array(':name' => $this->settings['name'], ':username' => $this->username); parent::query("UPDATE `accounts` SET `name` = :name WHERE {$this->username_type} = :username", $params); $this->error = "<div class='alert alert-success'>" . _('User information updated for') . " <b>" . $this->settings['name'] . "</b> ({$this->username}).</div>"; $params = array(':username' => $this->username); $stmt = parent::query("SELECT `email` FROM `accounts` WHERE {$this->username_type} = :username;", $params); $email = $stmt->fetch(); $email = $email[0]; if (!empty($this->settings['password']) || $this->settings['email'] != $email) { $key = md5(uniqid(mt_rand(), true)); $params = array(':username' => $this->username, ':key' => $key, ':email' => $this->settings['email'], ':type' => 'update_emailPw', ':data' => empty($this->settings['password']) ? '' : parent::hashPassword($this->settings['password'])); $sql = "INSERT INTO `login_confirm` (`username`, `key`, `email`, `type`, `data`)\n\t\t\t\t\tVALUES (:username, :key, :email, :type, :data);"; parent::query($sql, $params); $shortcodes = array('site_address' => SITE_PATH, 'full_name' => $this->settings['name'], 'username' => $this->username, 'confirm' => SITE_PATH . "profile.php?key={$key}"); $subj = parent::getOption('email-acct-update-subj'); $msg = parent::getOption('email-acct-update-msg'); // Send an email with key if (!parent::sendEmail($email, $subj, $msg, $shortcodes)) { $this->error = '<div class="alert alert-error">' . _('ERROR. Mail not sent') . '</div>'; } else { $this->error = "<div class='alert alert-warning'>" . _('Check your email to confirm this change.') . '</div>'; } } // Update profile fields foreach ($this->settings as $field => $value) { if (strstr($field, 'p-')) { $field = str_replace('p-', '', $field); parent::updateOption($field, $value, true, $this->settings['user_id']); } } }
/** Insert setting values into the database */ private function process() { if (!empty($this->error)) { return false; } /** Saves the profile fields, first checks if it exists */ if (!empty($this->options['profile-field_section'])) { foreach ($this->options['profile-field_section'] as $key => $value) { if (empty($value)) { continue; } /** Deletes a profile field if Delete is checked */ if (isset($this->options['profile-field_delete'][$key])) { $params = array(':section' => $value, ':type' => $this->options['profile-field_type'][$key], ':label' => $this->options['profile-field_name'][$key]); $sql = "DELETE FROM `login_profile_fields` WHERE `section` = :section AND `type` = :type AND `label` = :label;"; parent::query($sql, $params); continue; } /** Adds profile fields */ $params = array(':id' => $key); $stmt = parent::query("SELECT `id` FROM `login_profile_fields` WHERE `id` = :id;", $params); $params = array(':section' => $value, ':type' => $this->options['profile-field_type'][$key], ':label' => $this->options['profile-field_name'][$key], ':public' => !empty($this->options['profile-field_public'][$key]) ? 1 : 0, ':signup' => $this->options['profile-field_signup'][$key], ':id' => $key); if ($stmt->rowCount() < 1) { parent::query("INSERT INTO `login_profile_fields` (`id`, `section`, `type`, `label`, `public`, `signup`) VALUES (:id, :section, :type, :label, :public, :signup);", $params); } else { parent::query("UPDATE `login_profile_fields` SET `section` = :section, `type` = :type, `label` = :label, `public` = :public, `signup` = :signup WHERE `id` = :id", $params); } } } /** Save every other field */ foreach ($this->options as $option => $newvalue) { if (!is_array($option)) { parent::updateOption($option, $newvalue); } } return "<div class='alert alert-success fade in'><a class='close' data-dismiss='alert' href='#'>×</a>" . _('Settings updated.') . "</div>"; }
private function upgrade_321() { // Change username column to 255 length to allow for emails $sql = "ALTER TABLE `login_users` CHANGE `username` `username` VARCHAR( 255 ) NOT NULL"; parent::query($sql); parent::updateOption('phplogin_db_version', 1212300); }