public static function importUser($affiliate_id, $install_db)
{
// Grab user from directtrack db.
//$s_addcode = db::escape($pub);
$user = db::getRow("select * from prosper_master.affiliates WHERE affiliate_id='{$affiliate_id}'");
//md5 the user pass with salt
$user_pass = salt_user_pass($_SESSION['login_pass']);
$mysql['user_pass'] = db::escape($user_pass);
//insert this user
$user_sql = " \tINSERT INTO {$install_db}.`202_users`\n\t\t\t\t\t \tSET\tuser_email='" . $user['email'] . "',\n\t\t\t\t\t \t\tuser_name='" . $user['addCode'] . "',\n\t\t\t\t\t \t\tuser_pass='******'user_pass'] . "',\n\t\t\t\t\t \t\taddCode='" . $user['addCode'] . "',\n\t\t\t\t\t \t\tuser_timezone='-5',\n\t\t\t\t\t \t\tuser_time_register=NOW()";
//die($user_sql);
$user_result = db::execute($user_sql);
$user_id = mysql_insert_id(db::$db_write);
$mysql['user_id'] = db::escape($user_id);
$mysql['affiliate_id'] = $user['affiliate_id'];
$md5token = md5(serialize($user) . uniqid());
$_SESSION['authtoken'] = $md5token;
db::execute("insert into prosper_master.login_tokens(affiliate_id, user_id, user_name, token)\n\t\t values ('" . $mysql['affiliate_id'] . "', '" . $mysql['user_id'] . "', '" . $user['addCode'] . "', '" . $md5token . "');");
//update user preference table
$user_sql = "INSERT INTO {$install_db}.`202_users_pref` SET user_id='" . $mysql['user_id'] . "'";
$user_result = db::execute($user_sql);
}
public static function login($user, $pass)
{
$subdomain = self::getClientSite();
global $mode;
if ($mode != 'single' && (!client_installed($subdomain) || $subdomain == 'auth')) {
// Do a quick lookup to see if this login was correct.
if (self::isValidDTLogin($user, $pass, true)) {
// Pass some kind of authentication details. Also verify that
// they haven't already claimed a subdomain.
$_SESSION['login_user'] = $user;
$_SESSION['login_pass'] = $pass;
forward("/new-subdomain.php");
exit;
} else {
die("No such luck.");
}
}
$mysql = array();
$mysql['user_name'] = db::escape($user);
$mysql['user_pass'] = db::escape(salt_user_pass($pass));
$mysql['subdomain'] = db::escape($subdomain);
//check to see if this user exists
$user_sql = "SELECT *\r\n FROM \t202_users\r\n WHERE user_name='" . $mysql['user_name'] . "'\r\n AND user_pass='******'user_pass'] . "'";
$user_row = db::getRow($user_sql);
if (!$user_row) {
throw new Exception('Your username or password is incorrect.');
}
//set session variables
$_SESSION['session_fingerprint'] = md5('session_fingerprint' . $_SERVER['HTTP_USER_AGENT'] . session_id());
$_SESSION['session_time'] = time();
$_SESSION['user_name'] = $user_row['user_name'];
$_SESSION['user_id'] = $user_row['user_id'];
$_SESSION['addCode'] = $user_row['addCode'];
$_SESSION['user_api_key'] = $user_row['user_api_key'];
$_SESSION['user_stats202_app_key'] = $user_row['user_stats202_app_key'];
$_SESSION['user_timezone'] = $user_row['user_timezone'];
return true;
}
//check tokens
//if ($_POST['token'] != $_SESSION['token']) { $error['token'] = '<div class="error">You must use our forms to submit data.</div'; }
if ($_POST['user_pass'] == '') {
$error['user_pass'] = '******';
}
if ($_POST['user_pass'] == '') {
$error['user_pass'] .= '<div class="error">You must type verify your password</div>';
}
if (strlen($_POST['user_pass']) < 6 or strlen($_POST['user_pass']) > 15) {
$error['user_pass'] .= '<div class="error">Passwords must be 6 to 15 characters long</div>';
}
if ($_POST['user_pass'] != $_POST['verify_user_pass']) {
$error['user_pass'] .= '<div class="error">Your passwords did not match, please try again</div>';
}
if (!$error) {
$user_pass = salt_user_pass($_POST['user_pass']);
$mysql['user_pass'] = mysql_real_escape_string($user_pass);
$mysql['user_id'] = mysql_real_escape_string($user_row['user_id']);
$user_sql = "UPDATE \t202_users\n\t\t\t\t\t\t SET\t\tuser_pass='******'user_pass'] . "',\n\t\t\t\t\t\t\t\t\tuser_pass_time='0'\n\t\t\t\t\t\t WHERE\tuser_id='" . $mysql['user_id'] . "'";
$user_result = _mysql_query($user_sql);
$success = true;
}
}
$html['user_name'] = htmlentities($user_row['user_name'], ENT_QUOTES, 'UTF-8');
//if password was changed succesfully
if ($success == true) {
_die("<div style='text-align: center'><br/>Congratulations, your password has been reset.<br/>\n\t\t You can now <a href=\"/xtracks-login.php\">login</a> with your new password</div>");
}
if ($error['user_pass_key']) {
_die("<div style='text-align: center'><br/>" . $error['user_pass_key'] . "<p>Please use the <a href=\"/202-lost-pass\">password retrieval tool</a> to get a new password reset key.</p></div>");
}
