forked from triola/DogePos
-
Notifications
You must be signed in to change notification settings - Fork 0
/
user_settings.php
executable file
·259 lines (225 loc) · 6.64 KB
/
user_settings.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
<?php
/*
UserCake Version: 2.0.2
http://usercake.com
*/
require_once("models/config.php");
if (!securePage($_SERVER['PHP_SELF'])){die();}
//Prevent the user visiting the logged in page if he is not logged in
if(!isUserLoggedIn()) { header("Location: login.php"); die(); }
if(!empty($_POST))
{
$errors = array();
$successes = array();
$pin = sanitize($_POST["pin"]);
$password = $_POST["password"];
$password_new = $_POST["passwordc"];
$password_confirm = $_POST["passwordcheck"];
$dogeaddress = $_POST["dogeaddress"];
$autodoge = $_POST["autodoge"];
$btcaddress = $_POST["btcaddress"];
$autobtc = $_POST["autobtc"];
$currency = $_POST["currency"];
if ($autodoge == "on"){
$autodoge = 1;
}
if ($autobtc == "on"){
$autobtc = 1;
}
$errors = array();
$email = sanitize($_POST["email"]);
//Perform some validation
//Feel free to edit / change as required
//Confirm the hashes match before updating a users password
$entered_pass = generateHash($password,$loggedInUser->hash_pw);
if (trim($password) == ""){
$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
}
else if($entered_pass != $loggedInUser->hash_pw)
{
//No match
$errors[] = lang("ACCOUNT_PASSWORD_INVALID");
}
if($email != $loggedInUser->email)
{
if(trim($email) == "")
{
$errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
}
else if(!isValidEmail($email))
{
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
}
else if(emailExists($email))
{
$errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email));
}
//End data validation
if(count($errors) == 0)
{
$loggedInUser->updateEmail($email);
$successes[] = lang("ACCOUNT_EMAIL_UPDATED");
}
}
//Update Currency
if ($currency != $loggedInUser->currency && count($errors) == 0){
$loggedInUser->updateCurrency($currency);
$successes[] = "currency updated";
}
//update withraw addresses
if($autodoge != $loggedInUser->autodoge || $autobtc != $loggedInUser->autobtc || $dogeaddress != $loggedInUser->dogeaddress || $btcaddress != $loggedInUser->btcaddress){
$check = "TRIGGERED";
//check pin
$userdetails = fetchUserDetails(NULL,NULL,$loggedInUser->user_id);
$entered_pin = generateHash($pin,$userdetails["pin"]);
if($entered_pin != $userdetails["pin"]) {
$errors[] = "wrong pin!";
}
//update doge address
if($dogeaddress != $loggedInUser->dogeaddress)
{
if(trim($dogeaddress) == "")
{
$errors[] = "error";
}
//End data validation
if(count($errors) == 0)
{
$loggedInUser->updateDogeaddress($dogeaddress);
$successes[] = "address updated";
}
}
//update btc address
if($btcaddress != $loggedInUser->btcaddress)
{
if(trim($btcaddress) == "")
{
$errors[] = "error";
}
//End data validation
if(count($errors) == 0)
{
$loggedInUser->updateBtcaddress($btcaddress);
$successes[] = "address updated";
}
}
//update auto doge
if($autodoge != $loggedInUser->autodoge)
{
if(count($errors) == 0)
{
$loggedInUser->updateAutoDoge($autodoge);
$successes[] = "autodoge updated";
}
}
//update auto btc
if($autobtc != $loggedInUser->autobtc)
{
if(count($errors) == 0)
{
$loggedInUser->updateAutoBtc($autobtc);
$successes[] = "autobtc updated";
}
}
}
if ($password_new != "" OR $password_confirm != "")
{
if(trim($password_new) == "")
{
$errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD");
}
else if(trim($password_confirm) == "")
{
$errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD");
}
else if(minMaxRange(8,50,$password_new))
{
$errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH",array(8,50));
}
else if($password_new != $password_confirm)
{
$errors[] = lang("ACCOUNT_PASS_MISMATCH");
}
//End data validation
if(count($errors) == 0)
{
//Also prevent updating if someone attempts to update with the same password
$entered_pass_new = generateHash($password_new,$loggedInUser->hash_pw);
if($entered_pass_new == $loggedInUser->hash_pw)
{
//Don't update, this fool is trying to update with the same password ¬¬
$errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE");
}
else
{
//This function will create the new hash and update the hash_pw property.
$loggedInUser->updatePassword($password_new);
$successes[] = lang("ACCOUNT_PASSWORD_UPDATED");
}
}
}
if(count($errors) == 0 AND count($successes) == 0){
$errors[] = lang("NOTHING_TO_UPDATE");
}
}
require_once("models/header.php");
?>
<div class='container container_12'>
<div class="grid_10 push_1 box regbox settings">
<?php echo resultBlock($errors,$successes);?>
<div>
<form name='updateAccount' action=' <?php echo $_SERVER['PHP_SELF']; ?>' method='post'>
<h1>User Info</h1>
<p>
<label>Password:</label>
<input type='password' name='password' />
</p>
<p>
<label>Fiat Currency:</label>
<select name="currency">
<option selected="selected" value="<?php echo $loggedInUser->currency;?>">*<?php echo $loggedInUser->currency;?>*</option>
<option value="AUD">AUD</option>
<option value="CAD">CAD</option>
<option value="EUR">EUR</option>
<option value="GBP">GBP</option>
<option value="USD">USD</option>
<option value="YEN">YEN</option>
</select>
</p>
<p>
<label>Email:</label>
<input type='text' name='email' value='<?php echo $loggedInUser->email;?>' />
</p>
<p>
<label>New Pass:</label>
<input type='password' name='passwordc' />
</p>
<p>
<label>Confirm Pass:</label>
<input type='password' name='passwordcheck' />
</p>
<hr>
<h1>Withdraw</h1>
<p> These require PIN entry:<bR><br>
<label>PIN:</label>
<input type='password' name='pin' value='' />
</p>
<p>
<label>Doge Withdraw Address:</label>
<input type='text' name='dogeaddress' value='<?php echo $loggedInUser->dogeaddress;?>' />
<label>Auto Withdraw Doge?</label><input type="checkbox" <?php if ($loggedInUser->autodoge){ echo "checked='checked'";}?> name="autodoge">
</p>
<p>
<label>BTC Withdraw Address:</label>
<input type='text' name='btcaddress' value='<?php echo $loggedInUser->btcaddress;?>'/>
<label>Auto Withdraw BTC?</label><input type="checkbox" <?php if ($loggedInUser->autobtc){ echo "checked='checked'";}?> name="autobtc">
</p>
<p>
<label> </label>
<input type='submit' value='Update' class='submit' />
</p>
</form>
</div>
</div>
</div>
<?php include("footer.php");?>