public function newUser() { $sess = new ppg_session(); $this->dbAccess = $sess->start("new_account.php"); $sess_data = $sess->get_data(); $log = new logger($sess_data->ppg_sessionId, "new_account.php"); $log->write("Starting up"); $postdata = file_get_contents("php://input"); $request = json_decode($postdata); $log->write("got the following"); if (!isset($request->email)) { $log->write("Email isn't set on calling object", 9); echo "Invalid Request sent"; return; } $log->write("Email gives -> {$request->email}"); $log->write("Password gives -> " . $request->pass); $log->write("Handle gives -> " . $request->handle); $result = $this->dbAccess->db_prepare("SELECT email,password,handle FROM `users` WHERE email = ?"); $result->bind_param('s', $request->email); $this->dbAccess->db_execute(1, $result); $result->bind_result($emName, $cPass, $shortName); $rwCnt = 0; if (!$this->validateEmail($request->email)) { $log->write("Invalid e-mail entered - {$request->email}", 9); $eMsg = "Invalid e-mail address"; echo $eMsg; return; } while ($result->fetch()) { $rwCnt++; } $log->write("Got {$rwCnt} from query"); $eMsg = "This address is already registered"; if ($rwCnt == 1) { //email not found $log->write("Email address found - {$request->email}"); echo $eMsg; return; } if ($rwCnt == 0) { //password validation - just in case some mong is trying it on. if (strlen($request->pass <= '8')) { echo "Your Password Must Contain At Least 8 Characters!"; return; } elseif (!preg_match("#[0-9]+#", $request->pass)) { echo "Your Password Must Contain At Least 1 Number!"; return; } elseif (!preg_match("#[A-Z]+#", $request->pass)) { echo "Your Password Must Contain At Least 1 Capital Letter!"; return; } elseif (!preg_match("#[a-z]+#", $request->pass)) { echo "Your Password Must Contain At Least 1 Lowercase Letter!"; return; } $log->write("Valid email address"); $log->write("Valid password"); $passHash = crypt($request->pass, "\$5\$poopingisalways1"); $result = $this->dbAccess->db_prepare("INSERT INTO `users` (\n \t\t\t\t\t`organisations_id`,\n \t\t\t\t\t`user_profiles_id`,\n \t\t\t\t\t`roles_id`,\n \t\t\t\t\t`calendars_id`,\n \t\t\t\t\t`resources_id`,\n \t\t\t\t\t`email`,\n \t\t\t\t\t`password`,\n \t\t\t\t\t`handle`,\n \t\t\t\t\t`verifylink`)\t\n \t\t\t\t\tVALUES(?,?,?,?,?,?,?,?,?)"); $orgId = 1; $userProf = 2; $roleId = 1; $calId = 1; $resourceId = 1; $result->bind_param("iiiiissss", $orgId, $userProf, $roleId, $calId, $resourceId, $request->email, $passHash, $request->handle, $this->usrToken); $this->dbAccess->db_execute(4, $result); $subject = 'Welcome to PlanPrintGo'; $message = "Hello,\n\nPlease click or copy the link into your browser to activate your newly created Plan Print Go account.\n\n" . "http://192.168.56.10/php/verify.php?id={$this->usrToken}\n\n" . "If you didn't create this account please let us know at admin@planprintgo.com\n\nThanks from the team at PPG\n"; $headers = 'From: admin@planprintgo.com' . "\r\n" . 'Reply-To: admin@planprintgo.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); mail($request->email, $subject, $message, $headers); $log->write("Login URL = http://192.168.56.10/php/verify.php?id={$this->usrToken}"); echo "cool"; return; } }
<?php $path = $_SERVER['DOCUMENT_ROOT']; $path .= "/php/ppg_session.php"; include_once $path; $sess = new ppg_session(); $dbAccess = $sess->start("status.php"); $sess_data = $sess->get_data(); echo json_encode($sess_data); return;
public function checkUser() { $sess = new ppg_session(); $this->dbAccess = $sess->start("login.php"); $sess_data = $sess->get_data(); $log = new logger($sess_data->ppg_sessionId, "login.php"); $log->write("Starting up"); $postdata = file_get_contents("php://input"); $request = json_decode($postdata); $log->write("got the following"); $log->write("Email gives -> " . $request->email); $log->write("Password gives -> " . $request->pass); $result = $this->dbAccess->db_prepare("SELECT `organisations_id`,`id`,`user_profiles_id`,`roles_id`,`calendars_id`,`resources_id`,`email`,`password`,`handle` FROM `users` WHERE `email` = ?"); $result->bind_param('s', $request->email); $this->dbAccess->db_execute(1, $result); $result->bind_result($orgId, $userId, $userProfileId, $roleId, $calendarId, $resourceId, $emName, $cPass, $shortName); //print_r($result); //echo "<br>"; $rwCnt = 0; while ($result->fetch()) { $rwCnt++; } $log->write("Got {$rwCnt} from query"); $eMsg = "Login Failed"; if ($rwCnt == 0) { //email not found $log->write("Email address not found - {$request->email}"); echo $eMsg; return; } if ($rwCnt == 1) { $log->write("Valid email address"); $log->write("Password crypt = " . $cPass); if (strcmp(crypt($request->pass, "\$5\$poopingisalways1"), $cPass) == 0) { // want to switch to https - SSL here //load data into session here $sess_data->usersOrgId = $orgId; $sess_data->usersId = $userId; $sess_data->usersUserProfileId = $userProfileId; $sess_data->loginName = $shortName; $sess_data->loggedIn = true; $sess->update_session(); $_SESSION['ppg_id'] = $sess_data->loginName; $rtnObj->loginName = $shortName; // Check if user is has been validated if ($sess_data->usersUserProfileId > 2) { $rtnObj->loggedIn = true; echo json_encode($rtnObj); return; } else { $rtnObj->loggedIn = false; $log->write("User login attempted for {$userId} - not email validated", 9); echo json_encode($rtnObj); return; } } else { $cString = crypt($request->pass, "\$5\$poopingisalways1"); $log->write("Password validation failed -> crypt gives {$cString} vs. {$cPass}"); $rtnObj->loginName = ""; $rtnObj->loggedIn = false; echo json_encode($rtnObj); return; } } $rtnObj->loginName = ""; $rtnObj->loggedIn = false; echo json_encode($rtnObj); return; }
public function verifyUserAccount() { $sess = new ppg_session(); $this->dbAccess = $sess->start("verify.php"); $sess_data = $sess->get_data(); $log = new logger($sess_data->ppg_sessionId, "verify.php"); $log->write("Starting up"); $id = $_GET['id']; if (strlen($id) == 40) { if (preg_match("/^[[:alnum:]]+\$/", $id) == 0) { $log->write("Input string is incorrect = {$id}", 9); return; } $result = $this->dbAccess->db_prepare("SELECT id,user_profiles_id,handle FROM users USE INDEX (verify_long) WHERE verifylink = ?"); if (!$result) { $log->write("Prepare failed", 1); return; } $result->bind_param('s', $id); $result->execute(); $result->bind_result($uId, $profId, $handle); $rwCnt = 0; while ($result->fetch()) { $rwCnt++; } if ($rwCnt > 1) { $log->write("Found more than one verify user", 9); return; } else { if ($rwCnt == 1) { if ($profId != 2) { $log->write("User account for id = {$uId} currently set to {$profId}", 9); header('Location: /index.html'); die; } $log->write("Creating new organisations record with name = {$handle} and users.id = {$uId}"); $result = $this->dbAccess->db_prepare("INSERT INTO `organisations` (\t\n \t\t\t\t\t`name`,\n \t\t\t\t\t`user_created_id`\n \t\t\t\t\t)\n \t\t\t\t\t\tVALUES(?,?)"); $result->bind_param('si', $handle, $uId); $this->dbAccess->db_execute(2, $result); $result = $this->dbAccess->db_prepare("SELECT `id` FROM `organisations` WHERE `user_created_id` = {$uId}"); $this->dbAccess->db_execute(3, $result); $result->bind_result($orgId); $rwCnt = 0; while ($result->fetch()) { $rwCnt++; } if ($rwCnt > 1) { $log->write("Found more than one organisations record for this user", 3); return; } else { if ($rwCnt == 1) { $log->write("OrgId = {$orgId} / UserId = {$uId}"); $result = $this->dbAccess->db_prepare("UPDATE `users` SET `user_profiles_id` = 3,`organisations_id` = {$orgId} WHERE `id` = {$uId}"); $this->dbAccess->db_execute(4, $result); $log->write("Activated account id = {$uId}"); header('Location: /index.html'); die; } } } else { $log->write("verify not found", 9); return; } } } else { return; } }