function chk_user(&$eps_user)
{
global $epsclass, $eps_config, $eps_cookie, $eps_session;
eps_session_start();
// Set Guest
$cookie = array('user_id' => 0, 'password_hash' => 0);
// Get User_id And Password_hash
if (!empty($_SESSION[$eps_session['name']])) {
list($cookie['user_id'], $cookie['password_hash']) = @unserialize($_SESSION[$eps_session['name']]);
} else {
if (!empty($_COOKIE[$eps_cookie['name']])) {
list($cookie['user_id'], $cookie['password_hash']) = @unserialize($_COOKIE[$eps_cookie['name']]);
}
}
if ($cookie['user_id'] > 0) {
// Check User
$result = $epsclass->db->query("SELECT g.g_title,u.* FROM " . TBL_USER . " u LEFT JOIN " . TBL_GROUP . " g ON u.group_id=g.g_id WHERE u.id=" . intval($cookie['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $epsclass->db->error());
$eps_user = $epsclass->db->fetch_assoc($result);
$epsclass->db->free_result($result);
// Authorisation Failed
if (!isset($eps_user['id']) || md5($eps_cookie['seed'] . $eps_user['password']) != $cookie['password_hash']) {
set_user(0, 0);
return;
}
// ADMIN
if ($eps_user['group_id'] == EPS_ADMIN) {
define('IS_ADMIN', true);
} else {
define('IS_ADMIN', false);
}
// MODADMIN
if ($eps_user['group_id'] == EPS_ADMIN || $eps_user['group_id'] == EPS_MOD) {
define('IS_MODADMIN', true);
} else {
define('IS_MODADMIN', false);
}
unset($eps_user['password']);
// Language No Exists
if (!@file_exists(EPS_ROOT . 'lang/' . $eps_user['language'])) {
$eps_user['language'] = $eps_config['default_lang'];
}
// Style No Exists
if (!@file_exists(EPS_ROOT . 'style/' . $eps_user['style'] . '.css')) {
$eps_user['style'] = $eps_config['default_style'];
}
$eps_user['ip_address'] = get_ip();
$eps_user['is_guest'] = false;
} else {
set_guest();
}
}
function register($username, $password, $confirm)
{
if (empty($username)) {
return error_message(E_REGISTER, E_NO_USERNAME);
}
if (empty($password)) {
return error_message(E_REGISTER, E_NO_PASSWORD);
}
if (empty($confirm)) {
return error_message(E_REGISTER, E_NO_CONFIRM);
}
if ($password !== $confirm) {
return error_message(E_REGISTER, 'Mismatch');
}
$user = look_up_key_value($username, USER_ACCOUNT_FILE);
if (!empty($user)) {
return error_message(E_REGISTER, E_ACCOUNT_EXISTS);
}
add_key_value($username, [$username, password_hash($password, PASSWORD_DEFAULT)], USER_ACCOUNT_FILE);
set_user($username);
return '';
}
<?php
include_once 'loader.php';
$action = $_POST['action'];
$data = $_POST['data'];
$uid = $_POST['uid'];
switch ($action) {
case 'set_user':
$user_object = $_POST['user'];
$fbuid = $_POST['fbuid'];
set_user($user_object, $fbuid);
break;
case 'process':
$additional = $_POST['additional'];
$like_object = $_POST['like'];
$fbuid = $_POST['fbuid'];
process($like_object, $additional, $fbuid);
break;
case 'save_forum_relation':
$like_id = $_POST['like_id'];
$forum_id = $_POST['forum_id'];
$category_id = $_POST['category_id'];
save_forum_relation($like_id, $forum_id);
break;
case 'getlike':
$like_id = $_POST['likeid'];
$like_object = $_POST['like'];
$fbuid = $_POST['fbuid'];
get_like($like_id, $fbuid, $like_object);
break;
case 'save_existing_like':
/**
* \brief maakt de verbinding met de database
*
* @author P.Welling
*
* @since 1.0
*/
function connect_db()
{
$this->db = set_db();
$this->pw = set_pw();
$this->user = set_user();
$this->conn = mysql_pconnect('localhost', $this->user, $this->pw) or trigger_error(mysql_error(), E_USER_ERROR);
}
*/
$app->get('/about', function () use($app, $client, $service) {
checkUserAuthentication($app);
try {
$about = $service->about->get();
renderJson($app, $about);
} catch (Exception $ex) {
renderEx($app, $ex);
}
});
/**
* The start page, also handles the OAuth2 callback.
*/
$app->get('/', function () use($app, $client, $user) {
// handle OAuth2 callback if code is set.
if ($code = $app->request()->get('code')) {
// handle code, retrieve credentials.
$client->authenticate();
$tokens = $client->getAccessToken();
set_user($tokens);
$app->redirect('/');
}
if ($user) {
// if there is a user in the session
$app->render('index.html');
} else {
// redirect to the auth page
$app->redirect($client->createAuthUrl());
}
});
$app->run();
$epsclass->validate->chk_username($username);
if ($epsclass->validate->chk_length($password1, 6, 20, $eps_lang['Password'])) {
$epsclass->validate->chk_match($password1, $password2, $eps_lang['Password']);
}
if ($epsclass->validate->chk_email($email1)) {
$epsclass->validate->chk_match($email1, $email2, $eps_lang['Email']);
}
$epsclass->validate->chk_s_id($s_id);
if ($epsclass->validate->chk_empty($confirm_code, $eps_lang['Confirm_code'])) {
$epsclass->validate->chk_match($confirm_code, eps_encrypt($code, 6), $eps_lang['Confirm_code']);
}
if (empty($epsclass->validate->errors)) {
$password = eps_hash($password1);
$inserts = array('username' => $username, 'password' => $password, 'email' => $email1, 's_id' => $s_id, 'group_id' => EPS_MEMBER, 'reg_time' => time(), 'language' => $eps_config['default_lang'], 'style' => $eps_config['default_style'], 'timezone' => $eps_config['default_timezone'], 'ajax' => $eps_config['default_ajax'], 'ip_address' => get_ip());
$epsclass->db->vinsert(TBL_USER, $inserts);
set_user($epsclass->db->insert_id(), $password, false);
$_SESSION['visual'] = '';
// Emailer
$epsclass->load_class('class_emailer');
$mail_tpl = trim(file_get_contents(EPS_ROOT . 'lang/' . $eps_user['language'] . '/welcome.tpl'));
if (preg_match('#\\<subject\\>(.*?)\\</subject\\>#is', $mail_tpl, $subject_tpl)) {
$subject = $subject_tpl[1];
} else {
$subject = $eps_config['title'];
}
$message = trim(preg_replace('#\\<subject\\>.*?\\</subject\\>#is', '', $mail_tpl));
$message = str_replace('<site_title>', $eps_config['title'], $message);
$message = str_replace('<base_url>', $eps_config['base_url'], $message);
$message = str_replace('<username>', $username, $message);
$message = str_replace('<password>', $password1, $message);
$message = str_replace('<login_url>', $eps_config['base_url'] . 'index.php?eps=login', $message);
if (empty($epsclass->validate->errors)) {
$username_tmp = eps_strtolower($username);
//$result = $epsclass->db->query("SELECT id,password,group_id,active FROM ".TBL_USER." WHERE LOWER(username)='".$epsclass->db->escape($username_tmp)."'") or error('Unable to fetch user info', __FILE__, __LINE__, $epsclass->db->error());
$result = $epsclass->db->vselect(TBL_USER, array('id', 'password', 'group_id', 'active'), "WHERE LOWER(username)='" . $epsclass->db->escape($username_tmp) . "'", true);
if ($epsclass->db->num_rows($result) == 1) {
list($user_id, $db_password, $group_id, $active) = $epsclass->db->fetch_row($result);
$epsclass->db->free_result($result);
// Check
if (!$active && !IS_ADMIN) {
$errors[] = $eps_lang['User_inactive'];
} else {
if ($db_password != eps_hash($password)) {
$errors[] = $eps_lang['Password_wrong'];
} else {
// Set User With Password In Database
set_user($user_id, $db_password, $auto);
$epsclass->antiflood->update('login', 2);
redirect('index.php' . (isset($_GET['eps']) && $_GET['eps'] != 'login' ? '?eps=' . $_GET['eps'] : ''), $eps_lang['Redirect_login']);
//redirect((isset($_SESSION['in_page']) && in_array($_GET['eps'], array('login', 'calendar', 'visual'))) ? 'index.php' : gen_current_url(), $eps_lang['Redirect_login']);
return;
}
}
} else {
$errors[] = $eps_lang['Username_wrong'];
}
} else {
$errors = $epsclass->validate->errors;
$epsclass->validate->data_reset();
}
}
$_SESSION['visual'] = eps_random(9);
$action = eps_get_var('action', '');
// Class Validate
$epsclass->load_class('class_validate');
// Class Anti-flood
$epsclass->load_class('class_antiflood');
$tabindex = 1;
$errors = array();
$need_old_pass = true;
$epsclass->validate->data_reset();
$smarty->assign('uid', $uid);
// L o g o u t
if ($action == 'logout') {
if ($uid != $eps_user['id']) {
return;
} else {
set_user(0, 0);
redirect('index.php', $eps_lang['Redirect_' . $action]);
return;
}
} else {
if ($action == 'changepass') {
$secr_key = eps_get_var('key', '');
// Permission
if (!empty($secr_key) || IS_ADMIN) {
if (!IS_ADMIN) {
if ($epsclass->validate->secr_verify($secr_key)) {
//$result = $epsclass->db->query("SELECT 1 FROM ".TBL_USER." WHERE id='".$epsclass->db->escape($uid)."' AND security='".$epsclass->db->escape($secr_key)."'") or error('Unable to fetch code', __FILE__, __LINE__, $epsclass->db->error());
$result = $epsclass->db->vselect(TBL_USER, "1", "WHERE `id`='" . $epsclass->db->escape($uid) . "' AND `security`='" . $epsclass->db->escape($secr_key) . "'", true);
if ($epsclass->db->num_rows($result) == 1) {
$need_old_pass = false;
} else {
$error = 'Username exists.';
break;
}
// Verify that the email address has not been used in a previous registration.
$mailsearch = "SELECT email from users WHERE email=?";
$res_mailsearch = $context->db->query($mailsearch, $_POST['email']);
$email_match = $res_mailsearch->fetchRow(DB_FETCHMODE_ASSOC);
if ($email_match) {
$error = 'Someone has already registered with that email address.';
break;
}
$new_user = add_user($context->db);
$new_user['name'] = $_POST['username'];
$new_user['email'] = $_POST['email'];
$new_user['password'] = $_POST['password1'];
$registered_user = set_user($context->db, $new_user);
if ($registered_user === false) {
$error = 'User name exists.';
break;
}
$hash = md5(rand(0, 1000));
$q = 'UPDATE users SET hash=? WHERE name=?';
$res = $context->db->query($q, $hash, $_POST['username']);
login_user_by_id($context->db, $registered_user['id']);
$to = $_POST['email'];
$subject = 'Field Papers Verification';
$url = sprintf('http://%s%s/verify.php?email=%s&hash=%s', get_domain_name(), get_base_dir(), urlencode($_POST['email']), urlencode($hash));
$message = "Thanks for signing up for Field Papers!\n \n Please verify your account: {$url}\n \n ";
$headers = 'From:noreply@fieldpapers.org' . "\r\n";
mail($to, $subject, $message, $headers);
// redirect
